Aqui falaremos sobre os procedimentos que utilizamos para instalar o SpamAssassin sobre o CentOS (sugerimos que leiam nosso artigo sobre nossa Instalação Padrão do CentOS 7, disponível também nas referências abaixo). . Antes de iniciar esse procedimento, recomendamos uma lida em nosso artigo (neste link, ou nas referências abaixo) comparando algumas soluções antispam, para lhe ajudar a decidir se esta solução é a melhor para seu caso.

Lembre-se de alterar as partes em cinza para o padrão de sua empresa.

Após o SO instalado, para poder conectar via ssh e executar os commandos mínimos execute como root:

yum install gcc vim open-vm-tools unzip ntp net-tools wget telnet rsync -y
  • Criar o Servidor. Estes procedimentos foram baseados na versão ASSP 2.6.1, caso queira usar outra versão, acesse https://sourceforge.net/projects/assp/ e use a versão desejada. Lembre-se de verificar o nome DNS que será usado e adaptar a este manual (que aqui será usado como: antispam.suaempresa.com.br), caso o endereço seja diferente altere em todos os locais com o mesmo realce de cor cinza.
  • Configurando o Postfix. A aplicação SPAMASSASSIN filtra as mensagens, mas o envio de e-mails é feito pelo Postfix. Para realizar a configuração básica do postfix siga as etapas abaixo:
echo "# CONFIGURACAO PADRAO" >> /etc/postfix/main.cf
echo "" >> /etc/postfix/main.cf
echo "biff = no" >> /etc/postfix/main.cf
echo "append_dot_mydomain = no" >> /etc/postfix/main.cf
echo "readme_directory = no" >> /etc/postfix/main.cf
echo "myhostname = antispam.suaempresa.com.br" >> /etc/postfix/main.cf
echo "mydomain = suaempresa.com.br" >> /etc/postfix/main.cf
echo "myorigin = $mydomain" >> /etc/postfix/main.cf
echo "inet_interfaces = all" >> /etc/postfix/main.cf
echo "relay_domains = suaempresa.com.br" >> /etc/postfix/main.cf
echo "mynetworks = 127.0.0.0/8 sua_rede/sua_mascara" >> /etc/postfix/main.cf
echo "mailbox_command = procmail -a \"$EXTENSION\"" >> /etc/postfix/main.cf
echo "recipient_delimiter = +" >> /etc/postfix/main.cf
echo "" >> /etc/postfix/main.cf
echo "# REGRA DE TRANSPORTE (PARA O EXCHANGE)" >> /etc/postfix/main.cf
echo "transport_maps = texthash:/etc/postfix/transport" >> /etc/postfix/main.cf
echo "suaempresa.com.br smtp:[seu_IP]:25" >> /etc/postfix/transport
echo "# HARDENING" >> /etc/postfix/main.cf
echo "smtpd_banner = antispam.suaempresa.com.br ESMTP" >> /etc/postfix/main.cf
echo "disable_vrfy_command = yes" >> /etc/postfix/main.cf
echo "smtpd_helo_required = yes" >> /etc/postfix/main.cf
echo "smtpd_helo_restrictions = permit_mynetworks, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname" >> /etc/postfix/main.cf
echo "mynetworks_style = host" >> /etc/postfix/main.cf
echo "smtpd_delay_reject = yes" >> /etc/postfix/main.cf
echo "smtpd_error_sleep_time = 1s" >> /etc/postfix/main.cf
echo "smtpd_soft_error_limit = 10" >> /etc/postfix/main.cf
echo "smtpd_hard_error_limit = 20" >> /etc/postfix/main.cf
echo "smtpd_client_connection_count_limit = 10" >> /etc/postfix/main.cf
echo "smtpd_client_connection_rate_limit = 60" >> /etc/postfix/main.cf

systemctl restart postfix
  • Adicionando Consulta DNS e RBLs. Para adicionar uma segurança ao Postfix, execute:
echo "" >> /etc/postfix/main.cf
echo "# DNS e RBLs" >> /etc/postfix/main.cf
echo "smtpd_recipient_restrictions =" >> /etc/postfix/main.cf
echo "        permit_mynetworks," >> /etc/postfix/main.cf
echo "        reject_unauth_destination," >> /etc/postfix/main.cf
echo "        reject_unauth_pipelining," >> /etc/postfix/main.cf
echo "        check_client_access texthash:/etc/postfix/rbl_whitelist," >> /etc/postfix/main.cf
echo "        reject_unknown_reverse_client_hostname," >> /etc/postfix/main.cf
echo "        reject_invalid_helo_hostname," >> /etc/postfix/main.cf
echo "        reject_non_fqdn_helo_hostname," >> /etc/postfix/main.cf
echo "        reject_non_fqdn_sender," >> /etc/postfix/main.cf
echo "        reject_non_fqdn_recipient," >> /etc/postfix/main.cf
echo "        reject_unknown_sender_domain," >> /etc/postfix/main.cf
echo "        reject_unknown_recipient_domain," >> /etc/postfix/main.cf
echo "        reject_invalid_hostname," >> /etc/postfix/main.cf
echo "        check_client_access texthash:/etc/postfix/client_checks," >> /etc/postfix/main.cf
echo "        reject_rbl_client zen.spamhaus.org," >> /etc/postfix/main.cf
echo "        reject_rbl_client bl.spamcop.net," >> /etc/postfix/main.cf
echo "        reject_rbl_client b.barracudacentral.org" >> /etc/postfix/main.cf
echo "        permit" >> /etc/postfix/main.cf

touch /etc/postfix/rbl_whitelist
touch /etc/postfix/client_checks

systemctl restart postfix
  • Instalando o SpamAssassin. Para instalar e configurar o spamassassin, execute:
yum install spamassassin -y

sed -i "s/rewrite_header/\#rewrite_header/g" /etc/spamassassin/local.cf

echo "report_safe 0" >> /etc/mail/spamassassin/local.cf
echo "required_score 5.0" >> /etc/mail/spamassassin/local.cf
echo "use_bayes 1" >> /etc/mail/spamassassin/local.cf
echo "bayes_auto_learn 1" >> /etc/mail/spamassassin/local.cf
echo "bayes_min_spam_num 30" >> /etc/mail/spamassassin/local.cf
echo "" >> /etc/mail/spamassassin/local.cf
echo "score ALL_TRUSTED -4.000" >> /etc/mail/spamassassin/local.cf
echo "score DATE_IN_PAST_12_24 2.000" >> /etc/mail/spamassassin/local.cf
echo "score DCC_CHECK 2.500" >> /etc/mail/spamassassin/local.cf
echo "score DNS_FROM_AHBL_RHSBL 0" >> /etc/mail/spamassassin/local.cf
echo "score FORGED_OUTLOOK_HTML 1.500" >> /etc/mail/spamassassin/local.cf
echo "score HEADER_FROM_DIFFERENT_DOMAINS 2.000" >> /etc/mail/spamassassin/local.cf
echo "score HTML_FONT_LOW_CONTRAST 2.00" >> /etc/mail/spamassassin/local.cf
echo "score HTML_IMAGE_RATIO_02 2.000" >> /etc/mail/spamassassin/local.cf
echo "score RCVD_IN_BRBL_LASTEXT 3.500" >> /etc/mail/spamassassin/local.cf
echo "score RCVD_IN_PBL 0.905" >> /etc/mail/spamassassin/local.cf
echo "score RCVD_IN_RP_CERTIFIED -2.500" >> /etc/mail/spamassassin/local.cf
echo "score T_HTML_ATTACH 2.000" >> /etc/mail/spamassassin/local.cf
echo "score T_LONG_HEADER_LINE_80 0.500" >> /etc/mail/spamassassin/local.cf
echo "score T_NOT_A_PERSON 0.500" >> /etc/mail/spamassassin/local.cf
echo "score T_OBFU_HTML_ATTACH 1.000" >> /etc/mail/spamassassin/local.cf
echo "score T_REMOTE_IMAGE 2.500" >> /etc/mail/spamassassin/local.cf
echo "score UPPERCASE_50_75 0.700" >> /etc/mail/spamassassin/local.cf
echo "score URIBL_BLACK 4.250" >> /etc/mail/spamassassin/local.cf
echo "score URIBL_DBL_REDIR 1.500" >> /etc/mail/spamassassin/local.cf
echo "score URIBL_DBL_SPAM 5.000" >> /etc/mail/spamassassin/local.cf
echo "score URIBL_JP_SURB 5.000" >> /etc/mail/spamassassin/local.cf
echo "score URIBL_JP_SURBL 5.000" >> /etc/mail/spamassassin/local.cf
echo "score URIBL_WS_SURBL 5.000" >> /etc/mail/spamassassin/local.cf
echo "score SUBJ_ALL_CAPS 1.000" >> /etc/mail/spamassassin/local.cf
echo "score LOTS_OF_MONEY 0.700" >> /etc/mail/spamassassin/local.cf
echo "score T_HK_MUCHMONEY 0.700" >> /etc/mail/spamassassin/local.cf
echo "score T_KHOP_FOREIGN_CLICK 0.700" >> /etc/mail/spamassassin/local.cf
echo "score T_SHORTENED_URL_HREF 0.400" >> /etc/mail/spamassassin/local.cf
echo "score T_URL_SHORTENER 0.400" >> /etc/mail/spamassassin/local.cf
echo "score BAD_ENC_HEADER 0.400" >> /etc/mail/spamassassin/local.cf
echo "score T_UNKNOWN_ORIGIN 0.700" >> /etc/mail/spamassassin/local.cf
echo "score RP_MATCHES_RCVD -0.000" >> /etc/mail/spamassassin/local.cf
echo "score BAYES_90 4.300" >> /etc/mail/spamassassin/local.cf
echo "score BAYES_80 3.500" >> /etc/mail/spamassassin/local.cf
echo "score BAYES_60 3.000" >> /etc/mail/spamassassin/local.cf
echo "score BAYES_50 2.500" >> /etc/mail/spamassassin/local.cf
echo "score BAYES_00 -0.500" >> /etc/mail/spamassassin/local.cf 

groupadd spamd

useradd -g spamd -s /bin/false -d /var/log/spamassassin spamd

chown spamd:spamd /var/log/spamassassin

sed -i "s/smtp      inet  n       -       n       -       -       smtpd/smtp      inet  n       -       n       -       -       smtpd -o content_filter=spamassassin/g" /etc/postfix/master.cf

echo "spamassassin unix - n n - - pipe flags=R user=spamd argv=/usr/bin/spamc -e /usr/sbin/sendmail -oi -f ${sender} ${recipient}" >> /etc/postfix/master.cf

systemctl enable spamassassin

sa-update && systemctl restart spamassassin

systemctl restart postfix

echo "00 01 * * * root /bin/sa-update && systemctl restart spamassassin" >> /var/spool/cron/root

ln -s /etc/mail/spamassassin /etc/spamassassin
  • Habilitando o Pyzor
yum install pyzor --enablerepo=fedora-source -y

echo "use_pyzor 1" >> /etc/mail/spamassassin/local.cf
echo "pyzor_path /usr/bin/pyzor" >> /etc/mail/spamassassin/local.cf
echo "pyzor_timeout 20" >> /etc/mail/spamassassin/local.cf
  • Instalando o antivírus ClamAV. Para instalar, configurar e colocar sua inicialização automática, execute:
yum install amavisd-new clamav clamav-devel clamav-scanner-systemd clamav-server clamav-server-systemd clamav-update --enablerepo=fedora-source -y

sed -i '/^Example/d' /etc/freshclam.conf
sed -i 's/#LogFileMaxSize 2M/LogFileMaxSize 2M/g' /etc/freshclam.conf
sed -i 's/#LogRotate yes/LogRotate yes/g' /etc/freshclam.conf

echo "d /var/run/clamd.amavisd 0755 amavis amavis -" >> /etc/tmpfiles.d/clamd.amavisd.conf

sed -i "1 i\ " /usr/lib/systemd/system/clamd@.service
sed -i "1 i\WantedBy=multi-user.target" /usr/lib/systemd/system/clamd@.service
sed -i "1 i\[Install]" /usr/lib/systemd/system/clamd@.service
sed -i "s/host.example.com/antispam.suaempresa.com.br/g" /etc/amavisd/amavisd.conf
sed -i "s/example.com/suaempresa.com.br/g" /etc/amavisd/amavisd.conf
sed -i "s/\# $myhostname/\$myhostname/g" /etc/amavisd/amavisd.conf
sed -i "s/\# $notify_method/\$notify_method/g" /etc/amavisd/amavisd.conf
sed -i "s/\# $forward_method/\$forward_method/g" /etc/amavisd/amavisd.conf
sed -i "s/final_spam_destiny       = D_DISCARD/final_spam_destiny       = D_PASS/g" /etc/amavisd/amavisd.conf
sed -i "s/final_bad_header_destiny = D_BOUNCE/final_bad_header_destiny = D_PASS/g" /etc/amavisd/amavisd.conf
sed -i "s/= D_DISCARD/= D_REJECT/g" /etc/amavisd/amavisd.conf
sed -i "s/= D_BOUNCE/= D_REJECT/g" /etc/amavisd/amavisd.conf
sed -i "s/$sa_tag_level_deflt  = 2.0/$sa_tag_level_deflt  = -9999/g" /etc/amavisd/amavisd.conf
sed -i "s/\*\*\*Spam\*\*\* //g" /etc/amavisd/amavisd.conf

sed -i "$((`grep -n final_virus_destiny /etc/amavisd/amavisd.conf | cut -d: -f1`+1)) i$virus_quarantine_to      = undef;" /etc/amavisd/amavisd.conf
sed -i "$((`grep -n final_banned_destiny /etc/amavisd/amavisd.conf | cut -d: -f1`+1)) i$banned_quarantine_to     = undef;" /etc/amavisd/amavisd.conf
sed -i "$((`grep -n final_bad_header_destiny /etc/amavisd/amavisd.conf | cut -d: -f1`+1)) i$bad_header_quarantine_to      = undef;" /etc/amavisd/amavisd.conf

echo "30  3  *  *  *  /usr/local/bin/freshclam --quiet" >> /var/spool/cron/root

systemctl enable clamd@amavisd
systemctl start clamd@amavisd

systemctl enable amavisd
systemctl start amavisd

Para bloquear mais algumas extensões de arquivos anexos, execute:

sed -i "s/cpl)/cpl|vbe|com|reg|msi|ps1)/g" /etc/amavisd/amavisd.conf

Para adicionar o antivirus ao SMTP, execute:

echo "" >> /etc/postfix/main.cf
echo "# AMAVIS" >> /etc/postfix/main.cf
echo "content_filter=smtp-amavis:[127.0.0.1]:10024" >> /etc/postfix/main.cf
echo "smtp-amavis unix -    -    n    -    2 smtp" >> /etc/postfix/master.cf
echo "    -o smtp_data_done_timeout=1200" >> /etc/postfix/master.cf
echo "    -o smtp_send_xforward_command=yes" >> /etc/postfix/master.cf
echo "    -o disable_dns_lookups=yes" >> /etc/postfix/master.cf
echo "127.0.0.1:10025 inet n    -    n    -    - smtpd" >> /etc/postfix/master.cf
echo "    -o content_filter=" >> /etc/postfix/master.cf
echo "    -o local_recipient_maps=" >> /etc/postfix/master.cf
echo "    -o relay_recipient_maps=" >> /etc/postfix/master.cf
echo "    -o smtpd_restriction_classes=" >> /etc/postfix/master.cf
echo "    -o smtpd_client_restrictions=" >> /etc/postfix/master.cf
echo "    -o smtpd_helo_restrictions=" >> /etc/postfix/master.cf
echo "    -o smtpd_sender_restrictions=" >> /etc/postfix/master.cf
echo "    -o smtpd_recipient_restrictions=permit_mynetworks,reject" >> /etc/postfix/master.cf
echo "    -o mynetworks=127.0.0.0/8" >> /etc/postfix/master.cf
echo "    -o strict_rfc821_envelopes=yes" >> /etc/postfix/master.cf
echo "    -o smtpd_error_sleep_time=0" >> /etc/postfix/master.cf
echo "    -o smtpd_soft_error_limit=1001" >> /etc/postfix/master.cf
echo "    -o smtpd_hard_error_limit=1000" >> /etc/postfix/master.cf
echo "" > /var/log/maillog

init 6

Fontes/Referências

NVLAN – Comparativo Soluções Mail Gateway/Antispam OpenSource (gratuitas)
NVLAN – Instalação padrão do CentOS7

Mais Informações

Esperamos ter ajudado da melhor forma possível e estaremos sempre a disposição para mais informações.

Entre em contato conosco pelo e-mail equipe@nvlan.com.br.

NVLAN - Consultoria