Membuat mx backup dengan postfix, amavis clamav dan spamassassin di centos 6.6

By
admin
-
0
1804

selamat pagi sobat sekolahlinux, akhirnya article yang sudah sejak lama saya ingin publish bisa mulai saya kerjakan hari ini dan sudah saya test di server milik saya ๐Ÿ˜€ langsung aja ya, tanpa basa-basi ini dia tutorialnya.

untuk bagaimana cara pembuatan mx backupnya kalian bisa baca tutorial saya yang sebelumnya dibawah ini.

https://sekolahlinux.com/membuat-mx-backup-dengan-postfix-di-centos-6-6/

pastika epel repo sudah terintall

yum install epel-release
yum update -y

nah jika sudah kita ke tahapan berikutnya yaitu install amavis clamav dan spamassassin nya

yum install amavisd-new clamav clamav-devel clamd spamassassin

coba jalankan perintah dibawah untuk memastikan bahwa user amavis dan clamav sudah terbuat secara otomatis atau belum

[root@mx ~]# cat /etc/passwd | grep "amavis|clamav"
clam:x:498:498:Clam Anti Virus Checker:/var/lib/clamav:/sbin/nologin
amavis:x:497:497:User for amavisd-new:/var/spool/amavisd:/sbin/nologin

jika sudah selanjutnya coba cek user clam masuk groupsย amavis atau tidak

groups clam
[root@mx ~]# groups clam
clam : clam

hasil diatas menunjukkan bahwa user clam belum masuk ke group amavis, nah tambahkan user clam kedalam group amavis, caranya seperti dibawah ini

[root@mx ~]# gpasswd -a clam amavis
Adding user clam to group amavis

dan coba sekarang coba cek lagi apakah user clam sudah masuk ke groups amavis

[root@mx ~]# groups clam
clam : clam amavis

oke sudah :D,ย saatnya mengecek chkconfig

[root@mx ~]# chkconfig --list | grep "amavisd|clamd|spamassassin"
amavisd        	0:off	1:off	2:off	3:off	4:off	5:off	6:off
clamd          	0:off	1:off	2:off	3:off	4:off	5:off	6:off
clamd.amavisd  	0:off	1:off	2:off	3:off	4:off	5:off	6:off
spamassassin   	0:off	1:off	2:off	3:off	4:off	5:off	6:off

diatas masih offย hehe lanjutkan saja ya.. nanti akan kita set pada akhirnya supaya aktif, ouu iya untuk spamassasin tidak perlu diaktifkan karena nantinya amavis yang akan mewakilinya dan meminjar rule spamassassin untuk rule spamnya ๐Ÿ˜€

selanjutkan kita cek rule clamav, beri comment / tanda pagar pada TCPSocket 3310ย untuk mendisablenya, karena secara default rule tersebut aktif, nantinya kita akan menggunakan clamd.sockย contoh seperti dibawah ini

[root@mx ~]# vim /etc/clamd.conf

# Path to a local socket file the daemon will listen on.
# Default: disabled (must be specified by a user)
LocalSocket /var/run/clamav/clamd.sock

# TCP port address.
# Default: no
#TCPSocket 3310

nah untuk selanjutkan kita akan konfigurasikan rule amavis.conf nya, kira-kira seperti dibawah ini, untuk rule tolong disesuaikan seperti dibawah, seperti nama domain nama hostname dan letak clamd.sock, dll seperti script dibawah, sisanya kalian bisa biarkan seperti defaultnya.

[root@mx ~]# vim /etc/amavisd/amavisd.conf

# $bypass_decode_parts = 1;         # controls running of decoders&dearchivers

$max_servers = 2;            # num of pre-forked children (2..30 is common), -m
$daemon_user  = 'amavis';    # (no default;  customary: vscan or amavis), -u
$daemon_group = 'amavis';    # (no default;  customary: vscan or amavis), -g

$mydomain = 'sekolahlinux.com';   # a convenient default for other settings

$MYHOME = '/var/spool/amavisd';   # a convenient default for other settings, -H
$TEMPBASE = "$MYHOME/tmp";   # working directory, needs to exist, -T
$ENV{TMPDIR} = $TEMPBASE;    # environment variable TMPDIR, used by SA, etc.
$QUARANTINEDIR = undef;      # -Q


$inet_socket_port = 10024;   # listen on this local TCP port(s)
# $inet_socket_port = [10024,10026];  # listen on multiple TCP ports

$policy_bank{'MYNETS'} = {   # mail originating from @mynetworks
  originating => 1,  # is true in MYNETS by default, but let's make it explicit
  os_fingerprint_method => undef,  # don't query p0f for internal clients
};

# it is up to MTA to re-route mail from authenticated roaming users or
# from internal hosts to a dedicated TCP port (such as 10026) for filtering
$interface_policy{'10026'} = 'ORIGINATING';


# notify administrator of locally originating malware
  virus_admin_maps => ["virusalert@$mydomain"],
  spam_admin_maps  => ["virusalert@$mydomain"],
  warnbadhsender   => 1,


$sa_tag_level_deflt  = 2.0;  # add spam info headers if at, or above that level
$sa_tag2_level_deflt = 6.2;  # add 'spam detected' headers at that level
$sa_kill_level_deflt = 6.9;  # triggers spam evasive actions (e.g. blocks mail)
$sa_dsn_cutoff_level = 10;   # spam level beyond which a DSN is not sent
$sa_crediblefrom_dsn_cutoff_level = 18; # likewise, but for a likely valid From
# $sa_quarantine_cutoff_level = 25; # spam level beyond which quarantine is off
$penpals_bonus_score = 8;    # (no effect without a @storage_sql_dsn database)
$penpals_threshold_high = $sa_kill_level_deflt;  # don't waste time on hi spam
$bounce_killer_score = 100;  # spam score points to add for joe-jobbed bounces

$sa_mail_body_size_limit = 400*1024; # don't waste time on SA if mail is larger
$sa_local_tests_only = 0;    # only tests which do not require internet access?


$virus_admin               = "virusalert@$mydomain";                    # notifications recip.

$mailfrom_notify_admin     = "virusalert@$mydomain";                    # notifications sender
$mailfrom_notify_recip     = "virusalert@$mydomain";                    # notifications sender
$mailfrom_notify_spamadmin = "spam.police@$mydomain";                    # notifications sender
$mailfrom_to_quarantine = ''; # null return path; uses original sender if undef


# OTHER MORE COMMON SETTINGS (defaults may suffice):

$myhostname = 'mx.sekolahlinux.com'; # must be a fully-qualified domain name!

$final_virus_destiny      = D_REJECT; #D_DISCARD;
$final_banned_destiny     = D_REJECT; #D_BOUNCE;
$final_spam_destiny       = D_REJECT; #D_DISCARD;  #!!!  D_DISCARD / D_REJECT
$final_bad_header_destiny = D_REJECT; #D_BOUNCE;
# $bad_header_quarantine_method = undef;


### http://www.clamav.net/
  ['ClamAV-clamd',
    #&ask_daemon, ["CONTSCAN {}n", "/var/spool/amavisd/clamd.sock"],
    &ask_daemon, ["CONTSCAN {}n", "/var/run/clamav/clamd.sock"],
    qr/bOK$/m, qr/bFOUND$/m,
    qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ],
  # NOTE: run clamd under the same user as amavisd - or run it under its own
  #   uid such as clamav, add user clamav to the amavis group, and then add
  #   AllowSupplementaryGroups to clamd.conf;
  # NOTE: match socket name (LocalSocket) in clamav.conf to the socket name in
  #   this entry; when running chrooted one may prefer a socket under $MYHOME.

selanjutnya kita configure postfixnya, rubah dan tambahkan rule di master.cf menjadi seperti dibawah

[root@mx ~]# vim /etc/postfix/master.cf

#
# Postfix master process configuration file.  For details on the format
# of the file, see the master(5) manual page (command: "man 5 master").
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
# ==========================================================================

smtp      inet  n       -       n       -       20      smtpd
        -o smtpd_proxy_filter=127.0.0.1:10024
        -o smtpd_client_connection_count_limit=20
#
127.0.0.1:10025 inet n  -       n       -        -      smtpd
        -o smtpd_recipient_restrictions=permit_mynetworks,reject
        -o mynetworks=127.0.0.0/8
#smtp      inet  n       -       n       -       -       smtpd

rule diatas menjelaskan email yang masuk melalui port 25 akan dialihkan ke port proxy amavis 10024 lalu jika emailnya cocok denganย rule block amavis clamav ataupun spamassasin maka email akan ditolak tanpa sempat membuat queue di postfixnya, namun jika emailnya lolos dari rule amavis dkk, maka email akan diteruskan ke port 10025 postfix dan akan dilanjutkan ke penerima.

jika sudah maka lakukan perintah ini untuk menghidupkan service amavis dan clamav serta untuk restart rule postfixnya

[root@mx ~]# chkconfig amavisd on
[root@mx ~]# chkconfig clamd on
[root@mx ~]# chkconfig clamd.amavisd on
[root@mx ~]# service clamd.amavisd start
Starting clamd.amavisd:                                    [  OK  ]
[root@mx ~]# service clamd start
Starting Clam AntiVirus Daemon:                            [  OK  ]
[root@mx ~]# service amavisd start
Starting amavisd:                                          [  OK  ]

[root@mx ~]# postfix reload
postfix/postfix-script: refreshing the Postfix mail system
[root@mx ~]# service postfix restart
Shutting down postfix:                                     [  OK  ]
Starting postfix:                                          [  OK  ]

oke sudah ๐Ÿ˜€ sampai sini sudah selesai ๐Ÿ˜€

untuk mencoba apakah port proxy amavis 10024 dan postfix 10025 berjalan silahkan test dengan cara seperti dibawah.

[root@mx ~]# telnet 127.0.0.1 10024
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
220 [127.0.0.1] ESMTP amavisd-new service ready
ehlo localhost
250-[127.0.0.1]
250-VRFY
250-PIPELINING
250-SIZE
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-DSN
250 XFORWARD NAME ADDR PORT PROTO HELO IDENT SOURCE
quit
221 2.0.0 [127.0.0.1] amavisd-new closing transmission channel
Connection closed by foreign host.
[root@mx ~]# telnet 127.0.0.1 10025
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
220 mx.sekolahlinux.com "Hayo Tebak saya pakai apa"
ehlo localhost
250-mx.sekolahlinux.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
quit
221 2.0.0 Bye
Connection closed by foreign host.

berikut ini contoh rule email masuk yang berhasil dan email yang ditolak oleh amavis karena kena rule spamassassin

CONTOH EMAIL BERHASIL

May 26 05:24:34 mx postfix/smtpd[1627]: connect from smtp4.akbaribnu.com[200.200.160.10]
May 26 05:24:34 mx postfix/smtpd[1627]: NOQUEUE: client=smtp4.akbaribnu.com[200.200.160.10]
May 26 05:24:38 mx postfix/smtpd[1633]: connect from localhost[127.0.0.1]
May 26 05:24:38 mx postfix/smtpd[1633]: 679F940099: client=localhost[127.0.0.1]
May 26 05:24:38 mx postfix/cleanup[1634]: 679F940099: message-id=<20150525222438.679F940099@mx.sekolahlinux.com>
May 26 05:24:38 mx postfix/qmgr[1617]: 679F940099: from=<noc@akbaribnu.com>, size=895, nrcpt=1 (queue active)
May 26 05:24:38 mx amavis[1619]: (01619-01) Passed CLEAN {RelayedInbound}, [200.200.160.10]:22705 [200.200.160.10] <noc@akbaribnu.com> -> <akbar@sekolahlinux.com>, mail_id: qtnMZbl3OspG, Hits: 0.403, size: 401, queued_as: 679F940099, 3939 ms
May 26 05:24:38 mx postfix/smtpd[1627]: disconnect from smtp4.akbaribnu.com[200.200.160.10]
May 26 05:24:38 mx postfix/smtp[1635]: 679F940099: to=<akbar@sekolahlinux.com>, relay=sekolahlinux.com[202.148.1.50]:25, delay=0.63, delays=0.11/0.23/0.17/0.12, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 55F3E260F94)
May 26 05:24:38 mx postfix/qmgr[1617]: 679F940099: removed


CONTOH LOG EMAIL GAGAL

May 26 05:24:55 mx postfix/smtpd[1627]: connect from smtp4.akbaribnu.com[200.200.160.10]
May 26 05:24:55 mx postfix/smtpd[1627]: NOQUEUE: client=smtp4.akbaribnu.com[200.200.160.10]
May 26 05:24:57 mx amavis[1618]: (01618-02) Blocked SPAM {RejectedInbound,Quarantined}, [200.200.160.10]:44378 [200.200.160.10] <akbar_ibnu@akbaribnu.com> -> <akbar@sekolahlinux.com>, mail_id: bOa2jhB-VOKF, Hits: 100.403, size: 408, 2900 ms
May 26 05:24:57 mx postfix/smtpd[1627]: disconnect from smtp4.akbaribnu.com[200.200.160.10]

oke sudah selesai sampai disini ๐Ÿ˜€

selamat mencoba ya dan semoga berhasil, silahkan comment jika ada yang ingin ditanyakan

 

 

LEAVE A REPLY

Please enter your comment!
Please enter your name here