Linux Systeembeheer/Elektronische post: verschil tussen versies
Verwijderde inhoud Toegevoegde inhoud
Regel 145:
Voor CentOS 5.5 dienen we eerst een nieuwe repository toe te voegen om clamav te kunnen installeren.<br />
Eerst downloaden we de laatste versie van de repo ( te vinden op http://packages.sw.be/rpmforge-release/ ).<br />
Installeren van DAG's GPG-key en package:
▲::'''#rpm -i rpmforge-release-0.5.2-2.el5.rf.*.rpm'''<br />
Installeren ClamAV (antivirus) en SpamAssassin (spamfilter):<br/>
Het config bestand clamd aanpassen:
amavisd.conf aanpassen:
$MYHOME = '/var/amavis';
$helpers_home = "$MYHOME/var";
$lock_file = "$MYHOME/var/amavisd.lock";
$pid_file = "$MYHOME/var/amavisd.pid";
$virus_admin = "postmaster\@$mydomain";
$mailfrom_notify_admin = "postmaster\@$mydomain";
$mailfrom_notify_recip = "postmaster\@$mydomain";
$mailfrom_notify_spamadmin = "postmaster\@$mydomain";
$myhostname = ‘fedora’;
### http://www.clamav.net/▼
['ClamAV-clamd',▼
\&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd.sock"],▼
qr/\bOK$/, qr/\bFOUND$/,▼
▲### http://www.clamav.net/
▲['ClamAV-clamd',
▲\&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd.sock"],
▲qr/\bOK$/, qr/\bFOUND$/,
▲qr/^.*?: (?!Infected archive)(.*) FOUND$/ ],</pre>
master.cf van postfix aanpassen:<br />
▲<pre>amavisfeed unix - - n - 2 lmtp
-o lmtp_data_done_timeout=1200
-o lmtp_send_xforward_command=yes
-o disable_dns_lookups=yes
-o max_use=20
127.0.0.1:10025 inet n - n - - smtpd
-o content_filter=
-o smtpd_delay_reject=no
Regel 205 ⟶ 206:
-o local_recipient_maps=
-o relay_recipient_maps=
Main van postfix aanpassen: <br/>
<pre>content_filter=amavisfeed:[127.0.0.1]:10024</pre>
Services herstarten:<br />
<br/>
'''Aanpassingen in SELINUX'''<br />
<br/>
require {
type traceroute_port_t;
type pgpkeyserver_port_t;
Regel 229 ⟶ 230:
class udp_socket name_bind;
class lnk_file { read create unlink getattr };
}
#============= amavis_t ==============
allow amavis_t clockspeed_port_t:udp_socket name_bind;
allow amavis_t pgpkeyserver_port_t:udp_socket name_bind;
allow amavis_t traceroute_port_t:udp_socket name_bind;
allow amavis_t amavis_var_lib_t:lnk_file { read create unlink getattr };
Nieuwe file clamlocal.de aanmaken:<br/>
$ vi clamlocal.de
require { type proc_t;
type var_t;
Regel 248 ⟶ 249:
class file { read getattr };
class dir { read search };
}
#============= clamd_t ==============
allow clamd_t proc_t:file { read getattr };
allow clamd_t sysctl_kernel_t:dir search;
allow clamd_t sysctl_kernel_t:file read;
allow clamd_t var_t:dir read;
allow clamd_t var_t:file { read getattr };
== Labo-opdracht ==
|