在 CentOS 6 上使用 postfix 和 spamassassin 包拒絕垃圾郵件 - 無需自定義使用者和腳本
這是我在 CentOS 6.5 Linux 伺服器上嘗試的內容:
- 安裝了 postfix 和 spamassassin 軟體包
- 已配置的 Postfix - 它執行良好(我在此省略詳細資訊)
- 添加
-x
到**/etc/sysconfig/spamassassin中的 SPAMDOPTIONS**- 將以下 2 行添加到**/etc/postfix/master.cf**
這裡:
smtp inet n - n - - smtpd -o content_filter=spamassassin spamassassin unix - n n - - pipe user=nobody argv=/usr/bin/spamc -f -e /usr/sbin/sendmail -oi -f ${sender} ${recipient}
不幸的是,當我發送帶有主題的測試垃圾郵件時
XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X
它仍然通過!(並且主題沒有被重寫 - 儘管
rewrite_header Subject [SPAM]
在未修改的**/etc/mail/spamassassin/local.cf**文件中)。我想知道,我錯過了什麼?我的**/var/log/maillog**如下:
postfix/postfix-script[2546]: starting the Postfix mail system postfix/master[2547]: daemon started -- version 2.6.6, configuration /etc/postfix postfix/qmgr[2550]: D5B19807033: from=<bsdglVlCWcQAM@yandex.ru>, size=1843, nrcpt=1 (queue active) postfix/qmgr[2550]: 831CA809733: from=<equipmentsup@saic.com>, size=41369, nrcpt=1 (queue active) postfix/qmgr[2550]: 42B7A80A312: from=<minzhigroup55@minzhigroup.vicp.cc>, size=4399, nrcpt=1 (queue active) postfix/qmgr[2550]: AED94809D29: from=<marketing@groupmenumagazine.co.uk>, size=28035, nrcpt=1 (queue active) postfix/qmgr[2550]: E69AA809D3C: from=<>, size=3487, nrcpt=1 (queue active) postfix/qmgr[2550]: 2BDE980A61B: from=<haky151@yahoo.co.jp>, size=4073, nrcpt=1 (queue active) postfix/qmgr[2550]: 0D37280A51F: from=<info@c21.com>, size=7888, nrcpt=1 (queue active) postfix/smtp[2552]: D5B19807033: host gmail-smtp-in.l.google.com[74.125.136.27] said: 421-4.7.0 [144.76.184.154 15] Our system has detected an unusual rate of 421-4.7.0 unsolicited mail originating from your IP address. To protect our 421-4.7.0 users from spam, mail sent from your IP address has been temporarily 421-4.7.0 rate limited. Please visit 421-4.7.0 http://www.google.com/mail/help/bulk_mail.html to review our Bulk 421 4.7.0 Email Senders Guidelines. l16si23407549wjr.0 - gsmtp (in reply to end of DATA command) postfix/smtp[2552]: D5B19807033: to=<Abram.XXX@gmail.com>, orig_to=<XXX@simplex.ru>, relay=alt1.gmail-smtp-in.l.google.com[74.125.25.27]:25, delay=6325, delays=6323/0/1.2/0.61, dsn=4.7.0, status=deferred (host alt1.gmail-smtp-in.l.google.com[74.125.25.27] said: 421-4.7.0 [144.76.184.154 15] Our system has detected an unusual rate of 421-4.7.0 unsolicited mail originating from your IP address. To protect our 421-4.7.0 users from spam, mail sent from your IP address has been temporarily 421-4.7.0 rate limited. Please visit 421-4.7.0 http://www.google.com/mail/help/bulk_mail.html to review our Bulk 421 4.7.0 Email Senders Guidelines. f7si4794087pdm.22 - gsmtp (in reply to end of DATA command)) postfix/smtpd[2557]: connect from mail-ie0-f180.google.com[209.85.223.180] postfix/smtpd[2557]: B3FFF809367: client=mail-ie0-f180.google.com[209.85.223.180] postfix/cleanup[2561]: B3FFF809367: message-id=<CAADeyWgi9VjXoXoUXtTf0n4jp_WJzMd2q7C7zqkRpK7=eKhNGQ@mail.gmail.com> postfix/qmgr[2550]: B3FFF809367: from=<alexander.XXX@gmail.com>, size=1767, nrcpt=1 (queue active) spamd[2034]: spamd: connection from localhost [127.0.0.1] at port 42928 spamd[2034]: spamd: setuid to nobody succeeded spamd[2034]: spamd: processing message <CAADeyWgi9VjXoXoUXtTf0n4jp_WJzMd2q7C7zqkRpK7=eKhNGQ@mail.gmail.com> for nobody:99 postfix/smtpd[2557]: disconnect from mail-ie0-f180.google.com[209.85.223.180] spamd[2034]: spamd: identified spam (999.9/5.0) for nobody:99 in 0.2 seconds, 1730 bytes. spamd[2034]: spamd: result: Y 999 - DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,GTUBE,HTML_MESSAGE,T_TO_NO_BRKTS_FREEMAIL scantime=0.2,size=1730,user=nobody,uid=99,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=42928,mid=<CAADeyWgi9VjXoXoUXtTf0n4jp_WJzMd2q7C7zqkRpK7=eKhNGQ@mail.gmail.com>,autolearn=no postfix/pickup[2549]: 3124F80A3DA: uid=99 from=<alexander.XXX@gmail.com> postfix/cleanup[2561]: 3124F80A3DA: message-id=<CAADeyWgi9VjXoXoUXtTf0n4jp_WJzMd2q7C7zqkRpK7=eKhNGQ@mail.gmail.com> postfix/pipe[2562]: B3FFF809367: to=<Alexander.XXX@gmail.com>, orig_to=<webmaster@XXX.de>, relay=spamassassin, delay=0.59, delays=0.37/0.01/0/0.22, dsn=2.0.0, status=sent (delivered via spamassassin service) postfix/qmgr[2550]: B3FFF809367: removed spamd[2032]: prefork: child states: II postfix/qmgr[2550]: 3124F80A3DA: from=<alexander.XXX@gmail.com>, size=2843, nrcpt=1 (queue active)
我的問題的重點(也許我說得不夠清楚)是:如何在 CentOS上以最小的努力結合 Postfix 和 Spamassassin 。
這是我的解決方案,只需 5 個步驟:
yum install spamassassin
chkconfig spamassassin on
useradd spam
(不能省略這一步!)- 添加
/^Subject: \[SPAM\]/ DISCARD
到**/etc/postfix/header_checks**(請查閱**/etc/mail/spamassassin/local.cf**以獲取要匹配的確切字元串)- 將以下 2 行添加到**/etc/postfix/master.cf**:
spam
(注意步驟 2中新使用者的用法):smtp inet n - n - - smtpd -o content_filter=spamassassin spamassassin unix - n n - - pipe user=spam argv=/usr/bin/spamc -f -e /usr/sbin/sendmail -oi -f ${sender} ${recipient}
最後重啟postfix和spamassassin服務。
使用 GTUBE 主題向自己發送測試垃圾郵件:
XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X
查看/var/log/maillog中丟棄的郵件:
postfix/smtpd[2048]: connect from mail-ig0-f176.google.com[209.85.213.176] postfix/smtpd[2048]: 333F28007C1: client=mail-ig0-f176.google.com[209.85.213.176] postfix/cleanup[2052]: 333F28007C1: message-id=<CAADeyWiTN=Nfmd6Z6P92arctGjZcRgrRtgt3r9TAU+a-=8CGug@mail.gmail.com> postfix/qmgr[2037]: 333F28007C1: from=<alexander.XXX@gmail.com>, size=1883, nrcpt=1 (queue active) spamd[1643]: spamd: connection from localhost [127.0.0.1] at port 53400 spamd[1643]: spamd: setuid to spam succeeded spamd[1643]: spamd: processing message <CAADeyWiTN=Nfmd6Z6P92arctGjZcRgrRtgt3r9TAU+a-=8CGug@mail.gmail.com> for spam:502 postfix/smtpd[2048]: disconnect from mail-ig0-f176.google.com[209.85.213.176] spamd[1643]: spamd: identified spam (999.9/5.0) for spam:502 in 0.1 seconds, 1846 bytes. spamd[1643]: spamd: result: Y 999 - DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,GTUBE,HTML_MESSAGE scantime=0.1,size=1846,user=spam,uid=502,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=53400,mid=<CAADeyWiTN=Nfmd6Z6P92arctGjZcRgrRtgt3r9TAU+a-=8CGug@mail.gmail.com>,autolearn=no postfix/pickup[2036]: 92AE8809366: uid=502 from=<alexander.XXX@gmail.com> postfix/cleanup[2052]: 92AE8809366: message-id=<CAADeyWiTN=Nfmd6Z6P92arctGjZcRgrRtgt3r9TAU+a-=8CGug@mail.gmail.com> postfix/cleanup[2052]: 92AE8809366: discard: header Subject: [SPAM] XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X from local; from=<alexander.XXX@gmail.com> to=<Alexander.XXX@gmail.com> postfix/pipe[2053]: 333F28007C1: to=<Alexander.XXX@gmail.com>, orig_to=<webmaster@XXX.de>, relay=spamassassin, delay=0.51, delays=0.35/0.01/0/0.15, dsn=2.0.0, status=sent (delivered via spamassassin service) postfix/qmgr[2037]: 333F28007C1: removed spamd[1642]: prefork: child states: II
好的,所以基本上,您將電子郵件通過管道發送到 spamc,然後讓 spamc 將輸出通過電子郵件發送給收件人(嗯,實際上是重新郵寄給發件人,但我認為目的是重新郵寄給收件人)..
沒有冒犯,但這很瘋狂。
如果您希望根據 SA 分數拒絕郵件,您將需要一個 milter 或策略守護程序來執行此操作。Spamassassin 不會拒絕郵件,它只會給它打分。Avamisd-new 或 spamass-milter 可以為您工作。
至於為什麼 spamassassin 不重寫,可能是,它只是沒有將修改後的電子郵件版本發送到您期望的位置。
原始 QueueID 是
3124F80A3DA
. Spamassassin 將其作為 QueueIDB3FFF809367
重新郵寄給發件人!查看日誌轉儲的其餘部分,您似乎正在處理所有傳入的垃圾郵件 - 由於它的數量,Gmail 甚至“推遲”了您的 IP。
不要重新發明輪子並在此過程中意外被列入黑名單。您想根據 SA 分數拒絕傳入的垃圾郵件,使用 milter 或策略守護程序。