配置与 sendmail 协同工作
现在 SpamAssassin 已经启动并正常运行,现在需要设置它与邮件传输代理(Mail Delivery Agent)一起工作。本节介绍它与 Sendmail 协同工作的设置,因为 Sendmail 是在 Linux 环境中应用最广泛的邮件传输代理。
用户需要编辑 /etc/mail/spamassassin/spamc.cf 文件,并增加如下内容:
:0fw
/usr/bin/spamc
现在 Sendmail 被设置为使用 SpamAssassin 来评价和过滤进入的垃圾邮件。
运行 SpamAssasin
随着 spamd 的运行,向 spamc 发送一个字符串可以查看其工作原理:
$ echo "hi there" | spamc
X-Spam-Checker-Version: SpamAssassin 3.3.2-r929478 (2010-03-31) on sobell.com
X-Spam-Flag: YES
X-Spam-Level: ******
X-Spam-Status: Yes, score=6.9 required=5.0 tests=EMPTY_MESSAGE,MISSING_DATE,
MISSING_HEADERS,MISSING_MID,MISSING_SUBJECT,NO_HEADERS_MESSAGE,NO_RECEIVED,
NO_RELAYS autolearn=no version=3.3.2-r929478
X-Spam-Report:
* -0.0 NO_RELAYS Informational: message was not relayed via SMTP
* 1.2 MISSING_HEADERS Missing To: header
* 0.1 MISSING_MID Missing Message-Id: header
* 1.8 MISSING_SUBJECT Missing Subject: header
* 2.3 EMPTY_MESSAGE Message appears to have no textual parts and no
* Subject: text
* -0.0 NO_RECEIVED Informational: message has no Received headers
* 1.4 MISSING_DATE Missing Date: header
* 0.0 NO_HEADERS_MESSAGE Message appears to be missing most RFC-822
* headers
hi there
Subject: [SPAM]
X-Spam-Prev-Subject: (nonexistent)
它首先会显示 Yes,即认定该邮件是垃圾邮件。SpamAssassin 使用评级系统,给一封电子邮件分配一个匹配命中数。如果该电子邮件收到的命中数超过所需的数量(默认为 5.0),SpamAssassin 则把它标记为垃圾邮件。字符串失败的原因是多方面的,都会在此状态行上列举。
以下列表是由 SpamAssassin 处理的一封真实垃圾邮件。它收到了 24.5 个命中,这几乎肯定是垃圾邮件。
X-Spam-Status: Yes, hits=24.5 required=5.0
tests=DATE_IN_FUTURE_06_12,INVALID_DATE_TZ_ABSURD,
MSGID_OE_SPAM_4ZERO,MSGID_OUTLOOK_TIME,
MSGID_SPAMSIGN_ZEROES,RCVD_IN_DSBL,RCVD_IN_NJABL,
RCVD_IN_UNCONFIRMED_DSBL,REMOVE_PAGE,VACATION_SCAM,
X_NJABL_OPEN_PROXY
version=2.55
X-Spam-Level: ************************
X-Spam-Checker-Version: SpamAssassin 2.55 (1.174.2.19-2003-05-19-exp)
X-Spam-Report: This mail is probably spam. The original message has been attached
along with this report, so you can recognize or block similar unwanted
mail in future. See for more details.
Content preview: Paradise SEX Island Awaits! Tropical 1 week vacations
where anything goes! We have lots of WOMEN, SEX, ALCOHOL, ETC! Every
man's dream awaits on this island of pleasure. [...]
Content analysis details: (24.50 points, 5 required)
MSGID_SPAMSIGN_ZEROES (4.3 points) Message-Id generated by spam tool (zeroes variant)
INVALID_DATE_TZ_ABSURD (4.3 points) Invalid Date: header (timezone does not exist)
MSGID_OE_SPAM_4ZERO (3.5 points) Message-Id generated by spam tool (4-zeroes variant)
VACATION_SCAM (1.9 points) BODY: Vacation Offers
REMOVE_PAGE (0.3 points) URI: URL of page called "remove"
MSGID_OUTLOOK_TIME (4.4 points) Message-Id is fake (in Outlook Express format)
DATE_IN_FUTURE_06_12 (1.3 points) Date: is 6 to 12 hours after Received: date
RCVD_IN_NJABL (0.9 points) RBL: Received via a relay in dnsbl.njabl.org
[RBL check: found 94.99.190.200.dnsbl.njabl.org.]
RCVD_IN_UNCONFIRMED_DSBL (0.5 points) RBL: Received via a relay in unconfirmed.dsbl.org
[RBL check: found 94.99.190.200.unconfirmed.dsbl.org.]
X_NJABL_OPEN_PROXY (0.5 points) RBL: NJABL: sender is proxy/relay/formmail/spam-source
RCVD_IN_DSBL (2.6 points) RBL: Received via a relay in list.dsbl.org
[RBL check: found 211.157.63.200.list.dsbl.org.]
X-Spam-Flag: YES
Subject: [SPAM] re: statement
垃圾邮件黑名单
通常情况下,垃圾邮件发送者都会借助某些域和用户会发送垃圾信息。幸运的是,SpamAssassin 有一个对付已知垃圾邮件制造者的手段。设置黑名单是很简单的事情。用户可以向配置文件 etc/mail/spamassain/local.cf 添加黑名单。黑名单的书写方式如下所示:
blacklist_from sample_email@sampledomain.com
blacklist_from *@sampledomain.com
blacklist_from *@sampledomain.com
blacklist_from *@sampledomain.com
上面的内容相当明显地向读者展示了如何配置黑名单。用户既可以配置具体的电子邮件地址(如 sample_email@sampledomain.com),也可以配置整个域(如 *@sampledomain.com)。另外,为了使用最新的网络上共享的垃圾邮件过滤信息,还可以从 下载最新的黑名单。不过,这个列表相当庞大,且有可能不会非常适合用户的需要,因此在下载此列表并添加到用户的黑名单时还需要进行细致的过滤和筛选。
总结
本文详细介绍了 Postfix 的安全防护实战,以及如何进行企业垃圾邮件防范。至此为止,本系列的 2 篇文章从介绍企业电子邮件面临的安全威胁、原理出发,通过大量的配置和实战示例,详细讲述了企业如何对 3 种主流的开源电子邮件系统进行安全加固和配置,以及如何应用 SpamAssassin 进行垃圾邮件防范和治理,希望广大读者能从中受益,并应用到日常的信息安全工作和系统管理工作中。