Ключевые слова:exim, spam, mail, clamav, spamassassin, perl, (найти похожие документы)
From: Alexey Zbinyakov <asbinyakov@swsoft.com.>
Newsgroups: email
Date: Mon, 27 Dec 2006 14:31:37 +0000 (UTC)
Subject: Альтернативный метод использования exim в связке со spamassassin и clamav
ТЗ
--
Задача в следующем - отказаться от использования spamd и clamd с
наименьшими потерями в производительности.
суть в использовании exim embedded perl.
1. Список использованого софта:
a) exim-4.63
b) clamav-0.88.7
c) perl module Mail::SpamAssassin
d) perl module Mail::ClamAV
2. file /etc/exim4/exim_sa_perl.pl:
use Mail::SpamAssassin;
our $spamtest = new Mail::SpamAssassin({userstate_dir=>"/var/spool/exim/spamassassin/",userprefs_filename=>"/var/spool/exim/spamassassin/user_prefs"});
our $spam_report;
our $spam_score;
sub sa_int(){
return int($spam_score*10);
}
sub sa_report(){
return $spam_report;
}
sub sa_report_warn(){
warn $spam_report;
return "";
}
sub aster_spam(){
my $spam_level=sa_int();
if ($spam_level>500) {$spam_level=500};
my $spam_bar="";
my $n;
for ($n=10;$n<=$spam_level;$n=$n+10){$spam_bar.="*"}
return $spam_bar;
}
sub sa_check ($$$){
my ($spool,$msgid)=@_;
my $mailfile="$spool/scan/$msgid/$msgid.eml";
open (my $MESSAGE,"<$mailfile");
my $mail = $spamtest->parse($MESSAGE);
my $status = $spamtest->check($mail);
$spam_score = $status->get_score ();
$spam_report = $status->get_report ();
$spam_report=~s/.*Content analysis details:/Content analysis details:/ms;
$status->finish();
$mail->finish();
close(MESSAGE);
return ($spam_score);
}
2. file /etc/exim4/exim_clam_perl.pl
our $clam_main=new Mail::ClamAV("/var/clamav/")
or die "Failed to load db: $Mail::ClamAV::Error (", 0+$Mail::;
$clam_main->buildtrie;
sub clam_scan($$){
warn "begin scanning clam_scan";
my ($spool,$msgid)=@_;
my $mailfile="$spool/scan/$msgid/$msgid.eml";
open (my $MESSAGE,"<$mailfile");
my $status = $clam_main->scan($MESSAGE, CL_SCAN_ARCHIVE|CL_SCAN_MAIL);
if (! $status) {warn "Failed to scan: $status";return};
if ($status->virus) {
return "$status";
}
return;
}
3. file /etc/exim4/exim_sa_perl.conf
warn set acl_m19=${perl{sa_check}{$spool_directory}{$message_exim_id}}
set acl_m18=${perl{sa_int}}
# now the variables is set as following:
# acl_m19 - spam scores acl_m18 - int (spam_scores*10);
# we can use the result of spamassassin like in following sequence:
warn message = X-Spam-Flag: YES
log_message = message detected as spam:rcpts="$acl_m19" subject="$h_Subject:" from="$h_From:" ${perl{sa_report_warn}}
condition = ${if >{$acl_m18}{50}{1}{0}}
4. file /etc/exim4/exim_clam_perl.conf
warn
set acl_m17=${perl{clam_scan}{$spool_directory}{$message_exim_id}}
# acl_m17 contains virus name or ""
deny
message = This message contains malware ($acl_m17)
condition = ${if eq{$acl_m17}{}{0}{1}}
5. add to file /etc/exim4/exim4.pl
do "/etc/exim4/exim_sa_perl.pl"
do "/etc/exim4/exim_sa_clam.pl"
6. In the main config section should be at least following lines:
perl_startup = do '/etc/exim4/exim4.pl'
perl_at_start=yes
7. in the data acl add after 1st demime rule:
.include /etc/exim4/exim_clam_perl.conf
.include /etc/exim4/exim_sa_perl.conf
8. Test the server using
exim -bhc 127.0.0.1
and Tube or eicar signatures.
в стандартной конфигурации (через сокеты) - письма сначала проверяются а потом уже попадают в exim. А это не не хорошо особенно когда идет много спама на не существующие ящики, т.е. 80-90% писем что проверяются - всеравно ни кому не нужны...
