Yadda ake Ƙara Antivirus da Kariyar Spam zuwa Postfix Mail Server tare da ClamAV da SpamAssassin - Part 3

A cikin labaran biyu da suka gabata na wannan jerin Postfix kun koyi yadda ake saitawa da sarrafa bayanan sabar imel ta hanyar phpMyAdmin, da yadda ake saita Postfix da Dovecot don sarrafa wasiku masu shigowa da masu fita. Bugu da kari, mun bayyana yadda ake kafa abokin ciniki na wasiku, kamar Thunderbird, don asusu masu kama-da-wane da muka ƙirƙira a baya.

  1. Saita Sabar Sabis na Postfix da Dovecot tare da MariaDB - Part 1
  2. Yadda ake Sanya Postfix da Dovecot tare da Masu amfani da Domain Tsara - Kashi na 2
  3. Shigar kuma Sanya Abokin Gidan Gidan Yanar Gizo na RoundCube tare da Masu Amfani Mai Kyau a cikin Postfix - Sashe na 4
  4. Yi amfani da Sagator, Kofar Antivirus/Antispam don Kare Sabar Saƙon ku – Sashe na 5

Tun da babu saitin sabar imel da zai iya cika ba tare da yin taka tsantsan daga ƙwayoyin cuta da spam ba, za mu rufe wannan batu a cikin labarin na yanzu.

Da fatan za a tuna cewa ko da * tsarin aiki masu kama da nix yawanci ana ɗaukar su ba su da ƙwayoyin cuta, damar abokan ciniki masu amfani da wasu tsarin aiki suma za su haɗa zuwa sabar imel ɗin ku.

Don haka, kuna buƙatar ba su tabbacin cewa kun ɗauki matakan da suka dace don kare su gwargwadon yiwuwar hakan daga irin wannan barazanar.

Ana saita SpamAssassin don Postfix

A cikin aiwatar da karɓar imel, spamassassin zai tsaya tsakanin duniyar waje da ayyukan imel da ke gudana akan sabar ku da kanta. Idan ta gano, bisa ga ƙa'idodin ma'anarta da tsarinta, cewa saƙo mai shigowa spam ne, zai sake rubuta layin don gane shi a sarari. Bari mu ga yadda.

Babban fayil ɗin daidaitawa shine /etc/mail/spamassassin/local.cf, kuma ya kamata mu tabbatar da akwai zaɓuɓɓuka masu zuwa (ƙara su idan ba su nan ko rashin amsawa idan ya cancanta):

report_safe 0
required_score 8.0
rewrite_header Subject [SPAM]

  1. Lokacin da aka saita report_safe zuwa 0 (ƙimar da aka ba da shawarar), spam mai shigowa ana canza shi ne kawai ta hanyar gyara masu rubutun imel kamar yadda aka sake rubutawa_header. Idan an saita shi zuwa 1, za a share saƙon.
  2. Don saita tsangwama na tace spam, buƙatar_score dole ne a bi ta lamba ko lamba goma. Karancin lambar, gwargwadon yadda tace zata kasance. Ana ba da shawarar saitin buƙata_score zuwa ƙimar wani wuri tsakanin 8.0 da 10.0 don babban tsarin da ke ba da asusun imel da yawa (~ 100s).

Da zarar kun adana waɗannan canje-canje, kunna kuma fara sabis ɗin tace spam, sannan sabunta ƙa'idodin spam:

# systemctl enable spamassassin
# systemctl start spamassassin
# sa-update

Don ƙarin zaɓuɓɓukan daidaitawa, ƙila za ku so ku koma ga takaddun ta hanyar gudu perldoc Mail:: SpamAssassin:: Conf a cikin layin umarni.

Haɗa Postfix da SpamAssassin

Don haɗawa da kyau Postfix da spamassassin, za mu buƙaci ƙirƙirar mai amfani da ƙungiyar sadaukarwa don gudanar da daemon tace spam:

# useradd spamd -s /bin/false -d /var/log/spamassassin

Na gaba, ƙara layi mai zuwa a ƙasan /etc/postfix/master.cf:

spamassassin unix - n n - - pipe flags=R user=spamd argv=/usr/bin/spamc -e /usr/sbin/sendmail -oi -f ${sender} ${recipient}

Kuma nuna (a saman) cewa spamassassin zai zama abun ciki_filter:

-o content_filter=spamassassin

A ƙarshe, sake kunna Postfix don aiwatar da canje-canje:

# systemctl restart postfix

Don tabbatar da cewa SpamAssassin yana aiki yadda ya kamata da gano spam mai shigowa, an samar da gwajin da aka fi sani da GTUBE (Gwajin Gabaɗaya don Babban Imel ɗin da ba a nema ba).

Don yin wannan gwajin, aika imel daga wani yanki da ke wajen hanyar sadarwar ku (kamar Yahoo!, Hotmail, ko Gmail) zuwa asusun da ke zaune a cikin sabar imel ɗin ku. Saita layin taken zuwa duk abin da kuke so kuma haɗa da rubutu mai zuwa a cikin jikin saƙo:

XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X

Misali, aika wannan rubutu na sama a jikin saƙo daga asusun Gmail na yana haifar da sakamako mai zuwa:

Kuma yana nuna madaidaicin sanarwa a cikin rajistan ayyukan:

# journalctl | grep spam

Kamar yadda kuke gani a hoton da ke sama, wannan saƙon imel ɗin ya sami maki na spam na 1002.3. Bugu da ƙari, zaku iya gwada spamassassin daidai daga layin umarni:

# spamassassin -D < /usr/share/doc/spamassassin-3.4.0/sample-spam.txt

Umurnin da ke sama zai samar da wasu kayan aiki na zahiri waɗanda yakamata su haɗa da masu zuwa:

Idan waɗannan gwaje-gwajen ba su yi nasara ba, ƙila za ku so ku koma ga jagorar haɗin kai na spamassassin.

Fara ClamAV da Sabunta Ma'anar Virus

Don farawa, muna buƙatar gyara /etc/clamd.d/scan.conf. Rashin amsa layi mai zuwa:

LocalSocket /var/run/clamd.scan/clamd.sock

sannan kayi sharhi ko share layin:

Example

Sannan kunna kuma fara clamav scanner daemon:

# systemctl enable [email 
# systemctl start [email 

kuma kar a manta da saita riga-kafi_can_scan_system SELinux boolean zuwa 1:

# setsebool -P antivirus_can_scan_system 1

A wannan lokacin yana da kyau kuma da kyau a duba matsayin sabis ɗin:

Kamar yadda kuke gani a hoton da ke sama, sa hannu kan ƙwayoyin cuta sun girmi kwanaki 7. Don sabunta su za mu yi amfani da kayan aiki da ake kira freshclam wanda aka sanya a matsayin wani ɓangare na kunshin clamav-update.

Hanya mafi sauƙi don sabunta ma'anar ƙwayoyin cuta shine ta hanyar aikin cron wanda ke aiwatar da sau da yawa kamar yadda ake so (sau ɗaya a rana misali, a lokacin sabar 1 na safe kamar yadda aka nuna a cikin misali mai zuwa ana ɗaukar isa):

00 01 * * * root /usr/share/clamav/freshclam-sleep

Hakanan kuna iya sabunta ma'anar ƙwayoyin cuta da hannu, amma kafin ku kuma dole ku cire ko yin sharhi akan layi mai zuwa a cikin /etc/freshclam.conf.

Example

Yanzu ya kamata ku iya gudu:

# freshclam

wanda zai sabunta ma'anar ƙwayoyin cuta kamar yadda ake so:

Gwajin ClamAV don Virus a cikin Imel

Don tabbatar da ClamAV yana aiki da kyau, bari mu zazzage ƙwayar gwaji (wanda za mu iya samu daga http://www.eicar.org/download/eicar.com) zuwa Maildir na [email kare] (wanda ke cikin /home/) vmail/linuxnewz.com/tecmint/Maildir) don kwatanta fayil ɗin da ya kamu da cutar da aka karɓa azaman abin da aka makala wasiƙa:

# cd /home/vmail/linuxnewz.com/tecmint/Maildir
# wget http://www.eicar.org/download/eicar.com

Sannan bincika directory ɗin /home/vmail/linuxnewz.com akai-akai:

# clamscan --infected --remove --recursive /home/vmail/linuxnewz.com

Yanzu, jin kyauta don saita wannan sikanin don yin aiki ta hanyar cronjob. Ƙirƙiri fayil mai suna /etc/cron.daily/dailyclamscan, saka layin masu zuwa:

#!/bin/bash
SCAN_DIR="/home/vmail/linuxnewz.com"
LOG_FILE="/var/log/clamav/dailyclamscan.log"
touch $LOG_FILE
/usr/bin/clamscan --infected --remove --recursive $SCAN_DIR >> $LOG_FILE

kuma ba da izinin aiwatar da izini:

# chmod +x /etc/cron.daily/dailyclamscan

Cronjob ɗin da ke sama zai duba kundin adireshin sabar saƙon akai-akai kuma ya bar log ɗin aikinsa a cikin /var/log/clamav/dailyclamscan.log (tabbatar da /var/log/clamav directory ya wanzu).

Bari mu ga abin da zai faru idan muka aika fayil ɗin eicar.com daga [email kare]:

Takaitawa

Idan kun bi matakan da aka zayyana a cikin wannan koyawa kuma a cikin labaran biyu da suka gabata na wannan silsilar, yanzu kuna da sabar imel ɗin Postfix mai aiki tare da kariyar spam da riga-kafi.

RA'AYI: Lura cewa tsaro na uwar garken babban batu ne kuma ba za a iya rufe shi sosai a cikin gajeren jerin abubuwa kamar wannan ba.

Don haka, ina ƙarfafa ku sosai don ku san kayan aikin da ake amfani da su a cikin wannan jerin da shafukansu na maza. Kodayake na yi iya ƙoƙarina don rufe mahimman ra'ayoyin da ke da alaƙa da wannan batu, kada ku ɗauka cewa bayan kun shiga cikin wannan jerin kuna da cikakkiyar cancanta don saitawa da kula da sabar imel a cikin yanayin samarwa.

An yi niyya wannan silsilar azaman mafari ne ba a matsayin cikakken jagora ga gudanar da sabar sabar a cikin Linux ba.

Wataƙila za ku yi tunanin wasu ra'ayoyin da za su iya wadatar da wannan jerin. Idan haka ne, jin kyauta don sauke mana bayanin kula ta amfani da fom ɗin sharhi da ke ƙasa. Tambayoyi da sauran shawarwari kuma ana yaba - muna sa ran ji daga gare ku!