Postfix content filtering antispam and antivirus

√ www.kdev.it
Postfix content filtering antispam and antivirus
Postfix content filtering antispam and antivirus
how to install content-filtering for viruses and spam
This is the list of required software for script successfully execution:
a> vscanx: ftp://ftp.nai.com/virusdefs/mac/virex7/
b> uudeview: http://www.fpx.de/fp/Software/UUDeview/ or http://www.kdev.it/config/uudeview
c> mimeheaders: http://www.kdev.it/config/mimeheaders
d> spamassassin: http://au.spamassassin.org see installation at this url http://www.stupidfool.org/docs/sa.html
e> the script: http://www.kdev.it/config/antivirus
The script
Install vscanx from the package and verify the path into the script variable SCAN
Copy this script into your /usr/sbin directory and name it antivirus
Give execution privileges to the script with chmod 0333 antivirus
Place uudeview and mimeheaders in the same location or adapt paths in the script to your location
Give execution privileges to uudeview and mimeheaders
#!/bin/sh
PATH="/bin:/usr/bin:/sbin:/usr/sbin"
UNPK=/usr/bin/uudeview
HEAD=/usr/bin/mimeheaders
SCAN=/usr/share/vscanx/vscanx
VERS=`$SCAN --version | grep "Virus data file"`
MAIL="[email protected]"
SEND=/usr/sbin/sendmail
BASE=/var/spool/avirus
DIR=$BASE/$$.attachments
MSG=$BASE/$$.message
LOG=$BASE/$$.log
SED=`echo $BASE/$$. | sed 's/\//\\\\\//g'`
trap "rm -rf $MSG $LOG.pkg $LOG.scn $LOG.rcp $DIR" 0 1 2 3 15
FROM="$1"
shift
RCPT="$@"
if [ -z "$RCPT" ] ; then
echo "Filtering for unknown recipient"
exit 69
fi
_virus () {
echo "From: \"Antivirus Agent\" <$MAIL>"
echo "To: $FROM $RCPT"
echo "Cc: \"Antivirus Agent\" <$MAIL>"
echo "Subject: Antivirus action notification"
echo "X-Antivirus-Data: $VERS"
echo ""
echo "THIS IS THE ANTIVIRUS AGENT FOR KDEV (Kanta Development)."
echo "Attenzione, un messaggio a voi destinato o da voi inviato e' risultato positivo "
echo "al controllo antivirus del nostro mail server. Il messaggio contenente "
echo "il virus E' STATO BLOCCATO. Contattate il MITTENTE indicato qui sotto."
echo ""
echo "This is the antivirus agent for KDEV (Kanta Development)."
echo "We are sorry, but apparently a message was positively recognized"
echo "as containing a virus and therefore has been deleted from the"
echo "transmit queue. Please contact the E-Mail sender reported below!"
echo "The antivirus scanner reported:"
http://www.kdev.it/joomla
Powered by Joomla!
Generated: 16 March, 2017, 19:00
√ www.kdev.it
echo ""
echo "MITTENTE - MESSAGE FROM:"
echo "> $FROM"
echo ""
echo "DESTINATARIO - MESSAGE RECIPIENT(s):"
for NAME in $RCPT ; do echo "> $NAME" ; done
echo ""
echo ""
echo ""
echo ""
echo "Antivirus log:"
echo "> $VERS"
cat $LOG.scn | sed 's/^/> /g' | sed "s/$SED//g"
echo "> Error condition $1"
echo ""
echo "Message headers:"
cat $MSG | $HEAD "> "
echo ""
echo "Unpacking log:"
cat $LOG.pkg | grep -v "^$" | sed 's/^/> /g' | sed "s/$SED//g"
echo "."
}
_warning() {
echo "attenzione"
}
_spam () {
echo "From: \"Anti-Spam Agent\" <$MAIL>"
echo "To: $FROM"
echo "Subject: Antispam action notification"
echo ""
echo "CONTROLLO ANTISPAM performed by KDEV"
echo "Attenzione, un messaggio da voi inviato e' risultato positivo "
echo "al controllo antispam del nostro mail server. Il messaggio ritenuto UCE Spam "
echo "E' STATO BLOCCATO."
echo ""
echo "MITTENTE - MESSAGE FROM:"
echo "> $FROM"
echo ""
echo ""
echo "DESTINATARIO - MESSAGE RECIPIENT(s):"
echo "> $RCPT"
echo "."
}
cd $BASE || { echo "Cannot enter filtering area" ; exit 75 ; }
mkdir $DIR || { echo "Cannot allocate filtering space" ; exit 75 ; }
cat > $MSG || { echo "Cannot store message for filtering" ; exit 75 ; }
#Antispam engine watch for user preferences
ORI=$LOG.rcp
FUO=`echo $RCPT > $ORI 2>&1`
# cross your fingers
USERNAME=`awk -F @ '{print $1}' $ORI`
FLD="/users/$USERNAME/.spamprefs"
if [ -f $FLD ] ; then
echo ""
else
FLD="/private/etc/mail/spamassassin/local.cf"
fi
# filter with spamassassin
SPAMASS=`/usr/bin/spamassassin --prefs-file=$FLD < $MSG > $LOG.spm 2>&1`
STOP=`grep "X-Spam-Flag: YES" $LOG.spm`
if [ -z "$STOP" ] ; then
http://www.kdev.it/joomla
Powered by Joomla!
Generated: 16 March, 2017, 19:00
√ www.kdev.it
echo no spam
else
_spam | $SEND -f "" $FROM
exit 0
fi
$UNPK -i -a +o -q -t -d -p $DIR $MSG > $LOG.pkg 2>&1
RET="$?"
if test "$RET" -ne "0"; then
echo "Unable to unpack message for virus scanning. (RET $RET)"
#exit 75;
#_warning $? | $SEND -f "" $FROM $MAIL
fi
$SCAN --macro-heuristics --recursive $MSG $DIR > $LOG.scn 2>&1 \
|| { _virus $? | $SEND -f "" $FROM $RCPT $MAIL ; exit 0 ; }
# Send message...
{ echo "X-Antivirus-Data: $VERS" ; cat $MSG ; } | $SEND -f $FROM $RCPT
exit 0
Master.cf
change parameters in master.cf. as you can see below
#
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
smtp inet n - n - - smtpd
-o content_filter=antivirus:
#smtps inet n - n - - smtpd
# -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
#submission inet n - n - - smtpd
# -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes
#628 inet n - n - - qmqpd
pickup fifo n - n - 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n - 1 qmgr
#qmgr fifo n - n - 1 nqmgr
#tlsmgr fifo - - n - 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
flush unix n - n - 0 flush
proxymap unix - - n - - proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - n - - showq
error unix - - n - - error
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
#
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# maildrop. See the Postfix MAILDROP_README file for details.
#
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
#
# The Cyrus deliver program has changed incompatibly, multiple times.
#
http://www.kdev.it/joomla
Powered by Joomla!
Generated: 16 March, 2017, 19:00
√ www.kdev.it
old-cyrus unix - n n - - pipe
flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
# Cyrus 2.1.5 (Amos Gouaux)
cyrus unix - n n - 10 pipe
user=cyrus argv=/usr/bin/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
antivirus unix - n n - - pipe
flags=. user=avirus argv=/usr/sbin/antivirus ${sender} ${recipient}
proxymap unix - - n - - proxymap
Warning:
Open a mailbox [email protected] where you will receive notification
Change notification messages with your text and domain.
My main.cf with reject rbl and reject not fqdn domain
readme_directory = no
sample_directory = /etc/postfix
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
manpage_directory = /usr/local/man
newaliases_path = /usr/bin/newaliases
mailq_path = /usr/bin/mailq
message_size_limit = 50240000
maps_rbl_reject_code = 571
#smtpd_helo_required = yes
smtpd_delay_reject = yes
smtpd_client_restrictions = permit_mynetworks, check_client_access hash:/etc/postfix/access-ips,
reject_unauth_destination, reject_unauth_pipelining, reject_invalid_hostname, permit
#smtpd_client_restrictions = permit_mynetworks, reject_unauth_destination, reject_unauth_pipelining,
reject_invalid_hostname
smtpd_sender_restrictions = permit_mynetworks, reject_unauth_pipelining
#smtpd_recipent_restrictions = permit_mynetworks, check_client_access hash:/etc/postfix/pop-before-smtp
mydestination = $myhostname, localhost.$mydomain, kdev.it
unknown_local_recipient_reject_code = 450
smtpd_recipient_restrictions
=reject_invalid_hostname,,reject_non_fqdn_recipient,reject_non_fqdn_sender,reject_unknown_sender_domain,reject_un
known_recipient_domain,reject_unauth_pipelining, permit_mynetworks,reject_unauth_destination,reject_rbl_client
relays.ordb.org,reject_rbl_client sbl.spamhaus.org,reject_rbl_client korea.services.net,reject_rbl_client
dynablock.easynet.nl,reject_rbl_client blackholes.easynet.nl,reject_rbl_client opm.blitzed.org,reject_rbl_client
dialups.visi.com,reject_rbl_client relays.visi.com,reject_rbl_client list.dsbl.org,reject_rbl_client cnkr.blackholes.us,reject_rbl_client singapore.blackholes.us,reject_rbl_client thailand.blackholes.us,reject_rbl_client
malaysia.blackholes.us,reject_rbl_client china.blackholes.us,reject_rbl_client korea.blackholes.us,reject_rbl_client
argentina.blackholes.us,reject_rbl_client brazil.blackholes.us,reject_rbl_client taiwan.blackholes.us,reject_rbl_client
nigeria.blackholes.us,reject_rbl_client proxies.relays.monkeys.com,reject_rbl_client cbl.abuseat.org, permit_mx_backup,
permit_sasl_authenticated
allow_untrusted_routing = no
header_checks = regexp:/etc/postfix/spammerheaders
prepend_delivered_header =
mail_owner = postfix
#sasl config
pwcheck_method=sasldb
broken_sasl_auth_clients=yes
smtpd_sasl_auth_enable=yes
smtpd_sasl_local_domain=kdev.it
smtpd_sasl_security_options=noanonymous, noplaintext
Config info by http://www.openskill.info and http://www.afp548.com
http://www.kdev.it/joomla
Powered by Joomla!
Generated: 16 March, 2017, 19:00
√ www.kdev.it
The Script was tested on all version of OSX with a load average of 500 msg/min
If you need a definition auto-updater with scheduled execution I can send it by e-mail.
For futher assistance mail to [email protected]
http://www.kdev.it/joomla
Powered by Joomla!
Generated: 16 March, 2017, 19:00