Postfix content filtering antivirus e antispam
Script per il content filtering del vostro mail server! Trasformate il vostro server in un mail-gateway sicuro con protezione antivirus e antispam grazie a uno script in bash! Installare un content-filter completo antivirus e antispam

Questo script vi permetterà di ottenere una protezione completa dai virus e dallo spam.
Per il suo funzionamento sono richiesti alcuni pacchetti:
Lo script:

#!/bin/sh
PATH="/bin:/usr/bin:/sbin:/usr/sbin"

UNPK=/usr/bin/uudeview
HEAD=/usr/bin/mimeheaders
SCAN=/usr/share/vscanx/vscanx
VERS=`$SCAN --version | grep "Virus data file"`
MAIL=" This e-mail address is being protected from spam bots, you need JavaScript enabled to view it "
SEND=/usr/sbin/sendmail

BASE=/var/spool/avirus
DIR=$BASE/$$.attachments
MSG=$BASE/$$.message
LOG=$BASE/$$.log
SED=`echo $BASE/$$. | sed 's/\//\\\\\//g'`

trap "rm -rf $MSG $LOG.pkg $LOG.scn $LOG.rcp $DIR" 0 1 2 3 15

FROM="$1"
shift
RCPT="$@"
if [ -z "$RCPT" ] ; then
echo "Filtering for unknown recipient"
exit 69
fi

_virus () {
echo "From: \"Antivirus Agent\" <$MAIL>"
echo "To: $FROM $RCPT"
echo "Cc: \"Antivirus Agent\" <$MAIL>"
echo "Subject: Antivirus action notification"
echo "X-Antivirus-Data: $VERS"
echo ""
echo "CONTROLLO ANTIVIRUS di KDEV (Kanta Development)."
echo "Attenzione, un messaggio a voi destinato o da voi inviato e' risultato positivo "
echo "al controllo antivirus del nostro mail server. Il messaggio contenente "
echo "il virus E' STATO BLOCCATO. Contattate il MITTENTE indicato qui sotto."
echo ""
echo "This is the antivirus agent for KDEV (Kanta Development)."
echo "We are sorry, but apparently a message was positively recognized"
echo "as containing a virus and therefore has been deleted from the"
echo "transmit queue. Please contact the E-Mail sender reported below!"
echo "The antivirus scanner reported:"
echo ""
echo "MITTENTE - MESSAGE FROM:"
echo "> $FROM"
echo ""
echo "DESTINATARIO - MESSAGE RECIPIENT(s):"
for NAME in $RCPT ; do echo "> $NAME" ; done
echo ""
echo ""
echo ""
echo ""
echo "Antivirus log:"
echo "> $VERS"
cat $LOG.scn | sed 's/^/> /g' | sed "s/$SED//g"
echo "> Error condition $1"
echo ""
echo "Message headers:"
cat $MSG | $HEAD "> "
echo ""
echo "Unpacking log:"
cat $LOG.pkg | grep -v "^$" | sed 's/^/> /g' | sed "s/$SED//g"
echo "."
}

_warning() {
echo "attenzione"
}

_spam () {
echo "From: \"Anti-Spam Agent\" <$MAIL>"
echo "To: $FROM"
echo "Subject: Antispam action notification"
echo ""
echo "CONTROLLO ANTISPAM performed by KDEV"
echo "Attenzione, un messaggio da voi inviato e' risultato positivo "
echo "al controllo antispam del nostro mail server. Il messaggio ritenuto UCE Spam "
echo "E' STATO BLOCCATO."
echo ""
echo "MITTENTE - MESSAGE FROM:"
echo "> $FROM"
echo ""
echo ""
echo "DESTINATARIO - MESSAGE RECIPIENT(s):"
echo "> $RCPT"
echo "."
}

cd $BASE || { echo "Cannot enter filtering area" ; exit 75 ; }
mkdir $DIR || { echo "Cannot allocate filtering space" ; exit 75 ; }
cat > $MSG || { echo "Cannot store message for filtering" ; exit 75 ; }

#Antispam engine watch for user preferences
ORI=$LOG.rcp
FUO=`echo $RCPT > $ORI 2>&1`
# cross your fingers
USERNAME=`awk -F @ '{print $1}' $ORI`
FLD="/users/$USERNAME/.spamprefs"
if [ -f $FLD ] ; then
echo ""
else
FLD="/private/etc/mail/spamassassin/local.cf"
fi
# filter with spamassassin
SPAMASS=`/usr/bin/spamassassin --prefs-file=$FLD < $MSG > $LOG.spm 2>&1`
STOP=`grep "X-Spam-Flag: YES" $LOG.spm`
if [ -z "$STOP" ] ; then
echo no spam
else
_spam | $SEND -f "" $FROM
exit 0
fi

$UNPK -i -a +o -q -t -d -p $DIR $MSG > $LOG.pkg 2>&1
RET="$?"
if test "$RET" -ne "0"; then
echo "Unable to unpack message for virus scanning. (RET $RET)"
#exit 75;
#_warning $? | $SEND -f "" $FROM $MAIL
fi

$SCAN --macro-heuristics --recursive $MSG $DIR > $LOG.scn 2>&1 \
|| { _virus $? | $SEND -f "" $FROM $RCPT $MAIL ; exit 0 ; }

# Send message...
{ echo "X-Antivirus-Data: $VERS" ; cat $MSG ; } | $SEND -f $FROM $RCPT
exit 0


Master.cf

Modifica i parametri nel file master.cf. Questo file controlla tutti i diversi "programmi" che compongono Postfix e li istanzia.
Dovete configurare il vostro master per eseguire lo script

#
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
smtp inet n - n - - smtpd
-o content_filter=antivirus:
#smtps inet n - n - - smtpd
# -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
#submission inet n - n - - smtpd
# -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes
#628 inet n - n - - qmqpd
pickup fifo n - n - 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n - 1 qmgr
#qmgr fifo n - n - 1 nqmgr
#tlsmgr fifo - - n - 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
flush unix n - n - 0 flush
proxymap unix - - n - - proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - n - - showq
error unix - - n - - error
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
#
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# maildrop. See the Postfix MAILDROP_README file for details.
#
maildrop unix - n n - - pipe
flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
#
# The Cyrus deliver program has changed incompatibly, multiple times.
#
old-cyrus unix - n n - - pipe
flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
# Cyrus 2.1.5 (Amos Gouaux)
cyrus unix - n n - 10 pipe
user=cyrus argv=/usr/bin/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
antivirus unix - n n - - pipe
flags=. user=avirus argv=/usr/sbin/antivirus ${sender} ${recipient}
proxymap unix - - n - - proxymap

Attenzione:

I percorsi nello script devono essere adattati alla posizione dei pacchetti riferiti al vostro OS
E' necessario aprire una mailbox del tipo This e-mail address is being protected from spam bots, you need JavaScript enabled to view it dove affluiranno in copia le notifiche dell'antivirus
Modifica e personalizza nello script i messaggi di notifica.
Utilizza una mailbox che andrai a scaricare per virus e spam poiché in caso di problemi sarai contattato per il supporto in reply.


La mia configurazione del main.cf con reject degli rbl e non fqdn domain

I percorsi nello script devono essere adattati alla posizione dei pacchetti riferiti al vostro OS
E' necessario aprire una mailbox del tipo This e-mail address is being protected from spam bots, you need JavaScript enabled to view it dove affluiranno in copia le notifiche dell'antivirus
Modifica e personalizza nello script i messaggi di notifica.
Utilizza una mailbox che andrai a scaricare per virus e spam poiché in caso di problemi sarai contattato per il supporto in reply.


readme_directory = no
sample_directory = /etc/postfix
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
manpage_directory = /usr/local/man
newaliases_path = /usr/bin/newaliases
mailq_path = /usr/bin/mailq
message_size_limit = 50240000
maps_rbl_reject_code = 571
#smtpd_helo_required = yes
smtpd_delay_reject = yes
smtpd_client_restrictions = permit_mynetworks, check_client_access hash:/etc/postfix/access-ips, reject_unauth_destination, reject_unauth_pipelining, reject_invalid_hostname, permit
#smtpd_client_restrictions = permit_mynetworks, reject_unauth_destination, reject_unauth_pipelining, reject_invalid_hostname
smtpd_sender_restrictions = permit_mynetworks, reject_unauth_pipelining
#smtpd_recipent_restrictions = permit_mynetworks, check_client_access hash:/etc/postfix/pop-before-smtp
mydestination = $myhostname, localhost.$mydomain, kdev.it
unknown_local_recipient_reject_code = 450
smtpd_recipient_restrictions = reject_invalid_hostname, reject_non_fqdn_recipient, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_pipelining, permit_mynetworks, reject_unauth_destination, reject_rbl_client relays.ordb.org, reject_rbl_client sbl.spamhaus.org, reject_rbl_client korea.services.net, reject_rbl_client dynablock.easynet.nl, reject_rbl_client blackholes.easynet.nl, reject_rbl_client opm.blitzed.org, reject_rbl_client dialups.visi.com, reject_rbl_client relays.visi.com, reject_rbl_client list.dsbl.org, reject_rbl_client cn-kr.blackholes.us, reject_rbl_client singapore.blackholes.us, reject_rbl_client thailand.blackholes.us, reject_rbl_client malaysia.blackholes.us, reject_rbl_client china.blackholes.us, reject_rbl_client korea.blackholes.us, reject_rbl_client argentina.blackholes.us, reject_rbl_client brazil.blackholes.us, reject_rbl_client taiwan.blackholes.us, reject_rbl_client nigeria.blackholes.us, reject_rbl_client proxies.relays.monkeys.com, reject_rbl_client cbl.abuseat.org, permit_mx_backup, permit_sasl_authenticated
allow_untrusted_routing = no
header_checks = regexp:/etc/postfix/spammerheaders
prepend_delivered_header =
mail_owner = postfix
#sasl config
pwcheck_method=sasldb
broken_sasl_auth_clients=yes
smtpd_sasl_auth_enable=yes
smtpd_sasl_local_domain=kdev.it
smtpd_sasl_security_options=noanonymous, noplaintext


Costruita secondo le direttive trovate su http://www.openskill.info e http://www.afp548.com
Lo script é stato testato su diversi mail server con multihoming e un regime di posta fino a 500 msg/min su di un G3 bianco/blu 400Mhz 256 Mb ram
Ottimo uudeview per unpaccare gli attachment.
Per informazioni scrivete a This e-mail address is being protected from spam bots, you need JavaScript enabled to view it