selamat pagi sobat sekolahlinux, akhirnya article yang sudah sejak lama saya ingin publish bisa mulai saya kerjakan hari ini dan sudah saya test di server milik saya ๐ langsung aja ya, tanpa basa-basi ini dia tutorialnya.
untuk bagaimana cara pembuatan mx backupnya kalian bisa baca tutorial saya yang sebelumnya dibawah ini.
https://sekolahlinux.com/membuat-mx-backup-dengan-postfix-di-centos-6-6/
pastika epel repo sudah terintall
yum install epel-release yum update -y
nah jika sudah kita ke tahapan berikutnya yaitu install amavis clamav dan spamassassin nya
yum install amavisd-new clamav clamav-devel clamd spamassassin
coba jalankan perintah dibawah untuk memastikan bahwa user amavis dan clamav sudah terbuat secara otomatis atau belum
[root@mx ~]# cat /etc/passwd | grep "amavis|clamav" clam:x:498:498:Clam Anti Virus Checker:/var/lib/clamav:/sbin/nologin amavis:x:497:497:User for amavisd-new:/var/spool/amavisd:/sbin/nologin
jika sudah selanjutnya coba cek user clam masuk groupsย amavis atau tidak
groups clam [root@mx ~]# groups clam clam : clam
hasil diatas menunjukkan bahwa user clam belum masuk ke group amavis, nah tambahkan user clam kedalam group amavis, caranya seperti dibawah ini
[root@mx ~]# gpasswd -a clam amavis Adding user clam to group amavis
dan coba sekarang coba cek lagi apakah user clam sudah masuk ke groups amavis
[root@mx ~]# groups clam clam : clam amavis
oke sudah :D,ย saatnya mengecek chkconfig
[root@mx ~]# chkconfig --list | grep "amavisd|clamd|spamassassin" amavisd 0:off 1:off 2:off 3:off 4:off 5:off 6:off clamd 0:off 1:off 2:off 3:off 4:off 5:off 6:off clamd.amavisd 0:off 1:off 2:off 3:off 4:off 5:off 6:off spamassassin 0:off 1:off 2:off 3:off 4:off 5:off 6:off
diatas masih offย hehe lanjutkan saja ya.. nanti akan kita set pada akhirnya supaya aktif, ouu iya untuk spamassasin tidak perlu diaktifkan karena nantinya amavis yang akan mewakilinya dan meminjar rule spamassassin untuk rule spamnya ๐
selanjutkan kita cek rule clamav, beri comment / tanda pagar pada TCPSocket 3310ย untuk mendisablenya, karena secara default rule tersebut aktif, nantinya kita akan menggunakan clamd.sockย contoh seperti dibawah ini
[root@mx ~]# vim /etc/clamd.conf # Path to a local socket file the daemon will listen on. # Default: disabled (must be specified by a user) LocalSocket /var/run/clamav/clamd.sock # TCP port address. # Default: no #TCPSocket 3310
nah untuk selanjutkan kita akan konfigurasikan rule amavis.conf nya, kira-kira seperti dibawah ini, untuk rule tolong disesuaikan seperti dibawah, seperti nama domain nama hostname dan letak clamd.sock, dll seperti script dibawah, sisanya kalian bisa biarkan seperti defaultnya.
[root@mx ~]# vim /etc/amavisd/amavisd.conf # $bypass_decode_parts = 1; # controls running of decoders&dearchivers $max_servers = 2; # num of pre-forked children (2..30 is common), -m $daemon_user = 'amavis'; # (no default; customary: vscan or amavis), -u $daemon_group = 'amavis'; # (no default; customary: vscan or amavis), -g $mydomain = 'sekolahlinux.com'; # a convenient default for other settings $MYHOME = '/var/spool/amavisd'; # a convenient default for other settings, -H $TEMPBASE = "$MYHOME/tmp"; # working directory, needs to exist, -T $ENV{TMPDIR} = $TEMPBASE; # environment variable TMPDIR, used by SA, etc. $QUARANTINEDIR = undef; # -Q $inet_socket_port = 10024; # listen on this local TCP port(s) # $inet_socket_port = [10024,10026]; # listen on multiple TCP ports $policy_bank{'MYNETS'} = { # mail originating from @mynetworks originating => 1, # is true in MYNETS by default, but let's make it explicit os_fingerprint_method => undef, # don't query p0f for internal clients }; # it is up to MTA to re-route mail from authenticated roaming users or # from internal hosts to a dedicated TCP port (such as 10026) for filtering $interface_policy{'10026'} = 'ORIGINATING'; # notify administrator of locally originating malware virus_admin_maps => ["virusalert@$mydomain"], spam_admin_maps => ["virusalert@$mydomain"], warnbadhsender => 1, $sa_tag_level_deflt = 2.0; # add spam info headers if at, or above that level $sa_tag2_level_deflt = 6.2; # add 'spam detected' headers at that level $sa_kill_level_deflt = 6.9; # triggers spam evasive actions (e.g. blocks mail) $sa_dsn_cutoff_level = 10; # spam level beyond which a DSN is not sent $sa_crediblefrom_dsn_cutoff_level = 18; # likewise, but for a likely valid From # $sa_quarantine_cutoff_level = 25; # spam level beyond which quarantine is off $penpals_bonus_score = 8; # (no effect without a @storage_sql_dsn database) $penpals_threshold_high = $sa_kill_level_deflt; # don't waste time on hi spam $bounce_killer_score = 100; # spam score points to add for joe-jobbed bounces $sa_mail_body_size_limit = 400*1024; # don't waste time on SA if mail is larger $sa_local_tests_only = 0; # only tests which do not require internet access? $virus_admin = "virusalert@$mydomain"; # notifications recip. $mailfrom_notify_admin = "virusalert@$mydomain"; # notifications sender $mailfrom_notify_recip = "virusalert@$mydomain"; # notifications sender $mailfrom_notify_spamadmin = "spam.police@$mydomain"; # notifications sender $mailfrom_to_quarantine = ''; # null return path; uses original sender if undef # OTHER MORE COMMON SETTINGS (defaults may suffice): $myhostname = 'mx.sekolahlinux.com'; # must be a fully-qualified domain name! $final_virus_destiny = D_REJECT; #D_DISCARD; $final_banned_destiny = D_REJECT; #D_BOUNCE; $final_spam_destiny = D_REJECT; #D_DISCARD; #!!! D_DISCARD / D_REJECT $final_bad_header_destiny = D_REJECT; #D_BOUNCE; # $bad_header_quarantine_method = undef; ### http://www.clamav.net/ ['ClamAV-clamd', #&ask_daemon, ["CONTSCAN {}n", "/var/spool/amavisd/clamd.sock"], &ask_daemon, ["CONTSCAN {}n", "/var/run/clamav/clamd.sock"], qr/bOK$/m, qr/bFOUND$/m, qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ], # NOTE: run clamd under the same user as amavisd - or run it under its own # uid such as clamav, add user clamav to the amavis group, and then add # AllowSupplementaryGroups to clamd.conf; # NOTE: match socket name (LocalSocket) in clamav.conf to the socket name in # this entry; when running chrooted one may prefer a socket under $MYHOME.
selanjutnya kita configure postfixnya, rubah dan tambahkan rule di master.cf menjadi seperti dibawah
[root@mx ~]# vim /etc/postfix/master.cf # # Postfix master process configuration file. For details on the format # of the file, see the master(5) manual page (command: "man 5 master"). # # Do not forget to execute "postfix reload" after editing this file. # # ========================================================================== # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (yes) (never) (100) # ========================================================================== smtp inet n - n - 20 smtpd -o smtpd_proxy_filter=127.0.0.1:10024 -o smtpd_client_connection_count_limit=20 # 127.0.0.1:10025 inet n - n - - smtpd -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks=127.0.0.0/8 #smtp inet n - n - - smtpd
rule diatas menjelaskan email yang masuk melalui port 25 akan dialihkan ke port proxy amavis 10024 lalu jika emailnya cocok denganย rule block amavis clamav ataupun spamassasin maka email akan ditolak tanpa sempat membuat queue di postfixnya, namun jika emailnya lolos dari rule amavis dkk, maka email akan diteruskan ke port 10025 postfix dan akan dilanjutkan ke penerima.
jika sudah maka lakukan perintah ini untuk menghidupkan service amavis dan clamav serta untuk restart rule postfixnya
[root@mx ~]# chkconfig amavisd on [root@mx ~]# chkconfig clamd on [root@mx ~]# chkconfig clamd.amavisd on [root@mx ~]# service clamd.amavisd start Starting clamd.amavisd: [ OK ] [root@mx ~]# service clamd start Starting Clam AntiVirus Daemon: [ OK ] [root@mx ~]# service amavisd start Starting amavisd: [ OK ] [root@mx ~]# postfix reload postfix/postfix-script: refreshing the Postfix mail system [root@mx ~]# service postfix restart Shutting down postfix: [ OK ] Starting postfix: [ OK ]
oke sudah ๐ sampai sini sudah selesai ๐
untuk mencoba apakah port proxy amavis 10024 dan postfix 10025 berjalan silahkan test dengan cara seperti dibawah.
[root@mx ~]# telnet 127.0.0.1 10024 Trying 127.0.0.1... Connected to 127.0.0.1. Escape character is '^]'. 220 [127.0.0.1] ESMTP amavisd-new service ready ehlo localhost 250-[127.0.0.1] 250-VRFY 250-PIPELINING 250-SIZE 250-ENHANCEDSTATUSCODES 250-8BITMIME 250-DSN 250 XFORWARD NAME ADDR PORT PROTO HELO IDENT SOURCE quit 221 2.0.0 [127.0.0.1] amavisd-new closing transmission channel Connection closed by foreign host. [root@mx ~]# telnet 127.0.0.1 10025 Trying 127.0.0.1... Connected to 127.0.0.1. Escape character is '^]'. 220 mx.sekolahlinux.com "Hayo Tebak saya pakai apa" ehlo localhost 250-mx.sekolahlinux.com 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN quit 221 2.0.0 Bye Connection closed by foreign host.
berikut ini contoh rule email masuk yang berhasil dan email yang ditolak oleh amavis karena kena rule spamassassin
CONTOH EMAIL BERHASIL May 26 05:24:34 mx postfix/smtpd[1627]: connect from smtp4.akbaribnu.com[200.200.160.10] May 26 05:24:34 mx postfix/smtpd[1627]: NOQUEUE: client=smtp4.akbaribnu.com[200.200.160.10] May 26 05:24:38 mx postfix/smtpd[1633]: connect from localhost[127.0.0.1] May 26 05:24:38 mx postfix/smtpd[1633]: 679F940099: client=localhost[127.0.0.1] May 26 05:24:38 mx postfix/cleanup[1634]: 679F940099: message-id=<20150525222438.679F940099@mx.sekolahlinux.com> May 26 05:24:38 mx postfix/qmgr[1617]: 679F940099: from=<noc@akbaribnu.com>, size=895, nrcpt=1 (queue active) May 26 05:24:38 mx amavis[1619]: (01619-01) Passed CLEAN {RelayedInbound}, [200.200.160.10]:22705 [200.200.160.10] <noc@akbaribnu.com> -> <akbar@sekolahlinux.com>, mail_id: qtnMZbl3OspG, Hits: 0.403, size: 401, queued_as: 679F940099, 3939 ms May 26 05:24:38 mx postfix/smtpd[1627]: disconnect from smtp4.akbaribnu.com[200.200.160.10] May 26 05:24:38 mx postfix/smtp[1635]: 679F940099: to=<akbar@sekolahlinux.com>, relay=sekolahlinux.com[202.148.1.50]:25, delay=0.63, delays=0.11/0.23/0.17/0.12, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 55F3E260F94) May 26 05:24:38 mx postfix/qmgr[1617]: 679F940099: removed CONTOH LOG EMAIL GAGAL May 26 05:24:55 mx postfix/smtpd[1627]: connect from smtp4.akbaribnu.com[200.200.160.10] May 26 05:24:55 mx postfix/smtpd[1627]: NOQUEUE: client=smtp4.akbaribnu.com[200.200.160.10] May 26 05:24:57 mx amavis[1618]: (01618-02) Blocked SPAM {RejectedInbound,Quarantined}, [200.200.160.10]:44378 [200.200.160.10] <akbar_ibnu@akbaribnu.com> -> <akbar@sekolahlinux.com>, mail_id: bOa2jhB-VOKF, Hits: 100.403, size: 408, 2900 ms May 26 05:24:57 mx postfix/smtpd[1627]: disconnect from smtp4.akbaribnu.com[200.200.160.10]
oke sudah selesai sampai disini ๐
selamat mencoba ya dan semoga berhasil, silahkan comment jika ada yang ingin ditanyakan