Optimasi Anti Spam Zimbra 8.7 / 8.8
Optimasi Anti Spam Zimbra 8.7 / 8.8 dengan menambahkan Rbl, Razor Pyzor dan Dcc
SpamAssassin rule updates via sa-update
cek status
$ zmlocalconfig antispam_enable_rule_updates
antispam_enable_rule_updates = false
$ zmlocalconfig antispam_enable_restarts
antispam_enable_restarts = false
$ zmlocalconfig antispam_enable_rule_compilation
antispam_enable_rule_compilation = false
aktifkan
$ zmlocalconfig -e antispam_enable_rule_updates=true
$ zmlocalconfig -e antispam_enable_restarts=true
$ zmlocalconfig -e antispam_enable_rule_compilation=true
dan tambahkan
$ zmprov mcf zimbraMtaSmtpdRejectUnlistedRecipient yes
restart
$ zmamavisdctl restart
$ zmmtactl restart
Postfix Tweaks
RBLs
zen.spamhaus.org psbl.surriel.com b.barracudacentral.org
Tambhan RBLs
bl.spamcop.net
RHSBLs
dbl.spamhaus.org multi.uribl.com multi.surbl.org
Tambahan RHSBLs
rhsbl.sorbs.net
Sender RHSBLs
multi.uribl.com multi.surbl.org rhsbl.sorbs.net dbl.spamhaus.org
Reverse Client RHSBLs
dbl.spamhaus.org
jika perlu tambahkan
$ zmprov ms <server> +zimbraMtaRestriction reject_unknown_reverse_client_hostname
Menambah detil Log level Amavis
[zimbra@mail ~]$ zmprov mcf zimbraAmavisLogLevel 2
log nya bisa seperti ini
Sep 27 11:43:05 mail amavis[27749]: (27749-01) TIMING-SA [total 1285 ms, cpu 262 ms] - parse: 1.65 (0.1%), extract_message_metadata: 17 (1.3%), get_uri_detail_list: 0.50 (0.0%), tests_pri_-1000: 8 (0.6%), tests_pri_-950: 2.2 (0.2%), tests_pri_-900: 1.55 (0.1%), tests_pri_-400: 1.40 (0.1%), tests_pri_0: 1231 (95.8%), check_spf: 0.56 (0.0%), check_dkim_adsp: 5 (0.4%), check_dcc: 305 (23.7%), check_razor2: 574 (44.6%), check_pyzor: 255 (19.8%), tests_pri_500: 9 (0.7%), get_report: 0.54 (0.0%)
Memindahkan Temp Directory Amavis di RAM
Amavis memproses email dengan attachments besar melalui SpamAssassin dapat memakan waktu selama 10-20 detik untuk mempercepat proses directori tmp amavis di pndahkan ke RAM
Ram disk di sesuaikan kebutuhan di bawah 512M bisa juga di bikin 1024M
Stop zmamavisdctl
[zimbra@mail ~]$ zmamavisdctl stop
Mount tmpfs
[root@mail]# mount -t tmpfs -o size=512M tmpfs /opt/zimbra/data/amavisd/tmp
buat tmpfs di /etc/fstab
[root@mail]# nano /etc/fstab
tmpfs /opt/zimbra/data/amavisd/tmp tmpfs defaults,noexec,nodev,nosuid,size=512m,mode=750,uid=XXX,gid=XXX 0 0
Start zmamavisdctl
[zimbra@mail ~]$ zmamavisdctl start
note uid=XXX,gid=XXX check user id zimbra dan grup id zimbra
Tambahkan rule dari Kevin McGrail
$ cd /opt/zimbra/data/spamassassin/localrules
$ wget -N https://www.pccc.com/downloads/SpamAssassin/contrib/KAM.cf -O sakam.cf
$ zmamavisdctl restart
Menambahkan Razor dan Pyzor
install Razor dan Pyzor
Ubuntu
[root@mail] apt-get install razor pyzor
Centos
[root@mail] yum install pyzor perl-Razor-Agent
masuk zimbra user untuk konfig razor dan pyzor
[root@mail]su - zimbra
[zimbra@mail ~]$ pyzor --homedir /opt/zimbra/data/amavisd/.pyzor discover
[zimbra@mail ~]$razor-admin -home=/opt/zimbra/data/amavisd/.razor -create
[zimbra@mail ~]$razor-admin -home=/opt/zimbra/data/amavisd/.razor -discover
[zimbra@mail ~]$razor-admin -home=/opt/zimbra/data/amavisd/.razor -register -user [email protected]
bikin file razor.cf di /opt/zimbra/data/spamassassin/localrules/razor.cf sebenernya bisa di gabungkan ke file local.cf biar lebih aman saya peke file terpisah dari local.cf dengan razor.cf
[zimbra@mail ~]$ nano /opt/zimbra/data/spamassassin/localrules/razor.cf
#tambahkan konfig di bawah dalam razor.cf
# pyzor
use_pyzor 1
pyzor_path /usr/bin/pyzor
pyzor_timeout 20
# razor
use_razor2 1
# score tweaks
score PYZOR_CHECK 3.250
score RAZOR2_CHECK 3.250
score URIBL_BLACK 3.250
score BAYES_99 4.000
score BAYES_60 2.250
score BAYES_50 1.500
score BAYES_00 -0.500
restart
[zimbra@mail ~]$ zmantispamctl restart ; zmmtactl restart
[zimbra@mail ~]$ zmamavisdctl restart
Test ping pyzor
[zimbra@mail ~]$ pyzor --homedir /opt/zimbra/data/amavisd/.pyzor ping
public.pyzor.org:24441 (200, 'OK')
Test razor dan pyzor dengan sample-spam.txt
file sample-spam.txt bisa di download dan di simpan di /home
masuk root
[root@mail] cd /home
[root@mail home]# wget http://spamassassin.apache.org/full/3.0.x/dist/sample-spam.txt
masuk zimbra user
[zimbra@mail ~]$/opt/zimbra/common/bin/spamassassin -D razor2,pyzor < /home/sample-spam.txt
klo terjadi eror
bla..bla.. os.mkdir(homedir)\nOSError: [Errno 13] Permission denied: '/opt/zimbra/.pyzor'
bikin directory /opt/zimbra/.pyzor
# mkdir -p /opt/zimbra/.pyzor
# chown zimbra:zimbra /opt/zimbra/.pyzor
coba lagi
[zimbra@mail ~]$/opt/zimbra/common/bin/spamassassin -D razor2,pyzor < /home/sample-spam.txt
klo sukses ada check_razor2: 3802 (51.6%), check_pyzor: 721 (9.8%)
Menambahkan DCC
source untuk DCC dapat di download https://www.dcc-servers.net/dcc/. Harap baca batasan dan batasannya dengan saksama karena. Bahwa DCC hanya menandai apakah sesuatu adalah email massal atau tidak, dan akan memberi tag email massal yang sah sepenuhnya.
Setelah mengunduh dan mengekstrak sumber, sebagai user zimbra, membutuhkan tool (gcc, make, wget, dll) pastikan sudaha terinstall
Pengaturan awal dilakukan root user. Ini diasumsikan dengan versi dcc-1.3.163 dan bisa di sesuaikan
# mkdir -p /opt/zimbra/dcc-1.3.163
# chown zimbra:zimbra /opt/zimbra/dcc-1.3.163
# ln -s /opt/zimbra/dcc-1.3.163 /opt/zimbra/dcc
$ mkdir /tmp/dcc-1.3.163; cd /tmp/dcc-1.3.163/
$ wget https://www.dcc-servers.net/dcc/source/dcc.tar.Z
$ tar xzf dcc.tar.Z
$ cd dcc-1.3.163
./configure --homedir=/opt/zimbra/dcc-1.3.163 \
--disable-sys-inst --with-uid=zimbra --disable-server \
--disable-dccifd --disable-dccm \
--with-updatedcc_pfile=/opt/zimbra/data/dcc \
--with-rundir=/opt/zimbra/data/dcc/run \
--bindir=/opt/zimbra/dcc-1.3.163/bin
$ make
$ make install
$ mkdir -p /opt/zimbra/dcc/run
tambahkan di file razor.cf yang ada di /opt/zimbra/data/spamassassin/localrules/razor.cf
#DCC
use_dcc 1
dcc_path /opt/zimbra/dcc/bin/dccproc
dcc_timeout 20
restart
$ zmamavisdctl restart
Test koneksi dcc
$ /opt/zimbra/dcc/bin/cdcc info
klo sukses
dcc5.dcc-servers.net,- RTT+1000 ms anon
# 195.20.8.232,- EATSERVER ID 1166
# 57% of 7 requests ok 2569.28+1000 ms RTT 100 ms queue wait
# 204.90.71.235,- MGTINTERNET ID 1170
# 100% of 4 requests ok 380.88+1000 ms RTT 100 ms queue wait
################
# 09/27/18 13:13:30 WIB greylist /opt/zimbra/dcc-1.3.159/map
# Re-resolve names after 15:13:30
Test dcc dengan sample-spam.txt
$/opt/zimbra/common/bin/spamassassin -D < /home/sample-spam.txt
klo suksess check_dcc: 305 (23.7%) dan DCC_CHECK
klo dcc blm berjalan silahkan cek file
/opt/zimbra/data/spamassassin/localrules/salocal.cf
cari baris "use_dcc 0" apakah ada ? kalau ada kita tidak bisa langsung mengedit file salocal.cf tsb
yang kita edit file /opt/zimbra/conf/salocal.cf.in cari baris "use_dcc 0" hapus / edit comment menjadi "#use_dcc 0" tanpa quote
restart
$ zmamavisdctl restart
dan test lagi dcc dengan sample-spam.txt
$/opt/zimbra/common/bin/spamassassin -D < /home/sample-spam.txt
bisa juga install dcc dari rpm dan dependencies nya dcc sendmail-milter
1. sendmail-milter-8.14.7-5.el7.x86_64.rpm
# yum install sendmail-milter
2. dcc-1.3.158-5.el7.art.x86_64.rpm
bisa download langsung atau menambahkan repo nya
http://www6.atomicorp.com/channels/atomic/centos/7/x86_64/RPMS/
Install atomic-release rpm:
# rpm -Uvh atomic-release*rpm
Install dcc rpm package:
# yum install dcc
Edit file /etc/dcc/dcc_conf
DCC_LIBEXEC=/usr/libexec/dcc
DCC_RUNDIR=/var/run/dcc
DCCUID=zimbra
DCCD_ENABLE=off
DCCIFD_ENABLE=off
File razor.cf yang di sesuaikan ada di /opt/zimbra/data/spamassassin/localrules/razor.cf
#DCC
use_dcc 1
dcc_path /usr/bin/dccproc
dcc_timeout 20
restart
$ zmamavisdctl restart
dan test lagi dcc dengan sample-spam.txt
$/opt/zimbra/common/bin/spamassassin -D < /home/sample-spam.txt
silahkan kirim email dari luar ke salah satu user di mail server dan perhatikan zimbra log
Sep 27 11:43:05 mail amavis[27749]: (27749-01) TIMING-SA [total 1285 ms, cpu 262 ms] - parse: 1.65 (0.1%), extract_message_metadata: 17 (1.3%), get_uri_detail_list: 0.50 (0.0%), tests_pri_-1000: 8 (0.6%), tests_pri_-950: 2.2 (0.2%), tests_pri_-900: 1.55 (0.1%), tests_pri_-400: 1.40 (0.1%), tests_pri_0: 1231 (95.8%), check_spf: 0.56 (0.0%), check_dkim_adsp: 5 (0.4%), check_dcc: 305 (23.7%), check_razor2: 574 (44.6%), check_pyzor: 255 (19.8%), tests_pri_500: 9 (0.7%), get_report: 0.54 (0.0%)
pastikan firewall open untuk
out 6277 UDP - DCC service
out 2703 TCP - Razor2 service
out 24441 UDP - Pyzor service
sumber https://wiki.zimbra.com/wiki/Anti-spam_Strategies
Salam
SpamAssassin rule updates via sa-update
cek status
$ zmlocalconfig antispam_enable_rule_updates
antispam_enable_rule_updates = false
$ zmlocalconfig antispam_enable_restarts
antispam_enable_restarts = false
$ zmlocalconfig antispam_enable_rule_compilation
antispam_enable_rule_compilation = false
aktifkan
$ zmlocalconfig -e antispam_enable_rule_updates=true
$ zmlocalconfig -e antispam_enable_restarts=true
$ zmlocalconfig -e antispam_enable_rule_compilation=true
dan tambahkan
$ zmprov mcf zimbraMtaSmtpdRejectUnlistedRecipient yes
restart
$ zmamavisdctl restart
$ zmmtactl restart
Postfix Tweaks
RBLs
zen.spamhaus.org psbl.surriel.com b.barracudacentral.org
Tambhan RBLs
bl.spamcop.net
RHSBLs
dbl.spamhaus.org multi.uribl.com multi.surbl.org
Tambahan RHSBLs
rhsbl.sorbs.net
Sender RHSBLs
multi.uribl.com multi.surbl.org rhsbl.sorbs.net dbl.spamhaus.org
Reverse Client RHSBLs
dbl.spamhaus.org
jika perlu tambahkan
$ zmprov ms <server> +zimbraMtaRestriction reject_unknown_reverse_client_hostname
Menambah detil Log level Amavis
[zimbra@mail ~]$ zmprov mcf zimbraAmavisLogLevel 2
log nya bisa seperti ini
Sep 27 11:43:05 mail amavis[27749]: (27749-01) TIMING-SA [total 1285 ms, cpu 262 ms] - parse: 1.65 (0.1%), extract_message_metadata: 17 (1.3%), get_uri_detail_list: 0.50 (0.0%), tests_pri_-1000: 8 (0.6%), tests_pri_-950: 2.2 (0.2%), tests_pri_-900: 1.55 (0.1%), tests_pri_-400: 1.40 (0.1%), tests_pri_0: 1231 (95.8%), check_spf: 0.56 (0.0%), check_dkim_adsp: 5 (0.4%), check_dcc: 305 (23.7%), check_razor2: 574 (44.6%), check_pyzor: 255 (19.8%), tests_pri_500: 9 (0.7%), get_report: 0.54 (0.0%)
Memindahkan Temp Directory Amavis di RAM
Amavis memproses email dengan attachments besar melalui SpamAssassin dapat memakan waktu selama 10-20 detik untuk mempercepat proses directori tmp amavis di pndahkan ke RAM
Ram disk di sesuaikan kebutuhan di bawah 512M bisa juga di bikin 1024M
Stop zmamavisdctl
[zimbra@mail ~]$ zmamavisdctl stop
Mount tmpfs
[root@mail]# mount -t tmpfs -o size=512M tmpfs /opt/zimbra/data/amavisd/tmp
buat tmpfs di /etc/fstab
[root@mail]# nano /etc/fstab
tmpfs /opt/zimbra/data/amavisd/tmp tmpfs defaults,noexec,nodev,nosuid,size=512m,mode=750,uid=XXX,gid=XXX 0 0
Start zmamavisdctl
[zimbra@mail ~]$ zmamavisdctl start
note uid=XXX,gid=XXX check user id zimbra dan grup id zimbra
Tambahkan rule dari Kevin McGrail
$ cd /opt/zimbra/data/spamassassin/localrules
$ wget -N https://www.pccc.com/downloads/SpamAssassin/contrib/KAM.cf -O sakam.cf
$ zmamavisdctl restart
Menambahkan Razor dan Pyzor
install Razor dan Pyzor
Ubuntu
[root@mail] apt-get install razor pyzor
Centos
[root@mail] yum install pyzor perl-Razor-Agent
masuk zimbra user untuk konfig razor dan pyzor
[root@mail]su - zimbra
[zimbra@mail ~]$ pyzor --homedir /opt/zimbra/data/amavisd/.pyzor discover
[zimbra@mail ~]$razor-admin -home=/opt/zimbra/data/amavisd/.razor -create
[zimbra@mail ~]$razor-admin -home=/opt/zimbra/data/amavisd/.razor -discover
[zimbra@mail ~]$razor-admin -home=/opt/zimbra/data/amavisd/.razor -register -user [email protected]
bikin file razor.cf di /opt/zimbra/data/spamassassin/localrules/razor.cf sebenernya bisa di gabungkan ke file local.cf biar lebih aman saya peke file terpisah dari local.cf dengan razor.cf
[zimbra@mail ~]$ nano /opt/zimbra/data/spamassassin/localrules/razor.cf
#tambahkan konfig di bawah dalam razor.cf
# pyzor
use_pyzor 1
pyzor_path /usr/bin/pyzor
pyzor_timeout 20
# razor
use_razor2 1
# score tweaks
score PYZOR_CHECK 3.250
score RAZOR2_CHECK 3.250
score URIBL_BLACK 3.250
score BAYES_99 4.000
score BAYES_60 2.250
score BAYES_50 1.500
score BAYES_00 -0.500
restart
[zimbra@mail ~]$ zmantispamctl restart ; zmmtactl restart
[zimbra@mail ~]$ zmamavisdctl restart
Test ping pyzor
[zimbra@mail ~]$ pyzor --homedir /opt/zimbra/data/amavisd/.pyzor ping
public.pyzor.org:24441 (200, 'OK')
Test razor dan pyzor dengan sample-spam.txt
file sample-spam.txt bisa di download dan di simpan di /home
masuk root
[root@mail] cd /home
[root@mail home]# wget http://spamassassin.apache.org/full/3.0.x/dist/sample-spam.txt
masuk zimbra user
[zimbra@mail ~]$/opt/zimbra/common/bin/spamassassin -D razor2,pyzor < /home/sample-spam.txt
klo terjadi eror
bla..bla.. os.mkdir(homedir)\nOSError: [Errno 13] Permission denied: '/opt/zimbra/.pyzor'
bikin directory /opt/zimbra/.pyzor
# mkdir -p /opt/zimbra/.pyzor
# chown zimbra:zimbra /opt/zimbra/.pyzor
coba lagi
[zimbra@mail ~]$/opt/zimbra/common/bin/spamassassin -D razor2,pyzor < /home/sample-spam.txt
klo sukses ada check_razor2: 3802 (51.6%), check_pyzor: 721 (9.8%)
Menambahkan DCC
source untuk DCC dapat di download https://www.dcc-servers.net/dcc/. Harap baca batasan dan batasannya dengan saksama karena. Bahwa DCC hanya menandai apakah sesuatu adalah email massal atau tidak, dan akan memberi tag email massal yang sah sepenuhnya.
Setelah mengunduh dan mengekstrak sumber, sebagai user zimbra, membutuhkan tool (gcc, make, wget, dll) pastikan sudaha terinstall
Pengaturan awal dilakukan root user. Ini diasumsikan dengan versi dcc-1.3.163 dan bisa di sesuaikan
# mkdir -p /opt/zimbra/dcc-1.3.163
# chown zimbra:zimbra /opt/zimbra/dcc-1.3.163
# ln -s /opt/zimbra/dcc-1.3.163 /opt/zimbra/dcc
$ mkdir /tmp/dcc-1.3.163; cd /tmp/dcc-1.3.163/
$ wget https://www.dcc-servers.net/dcc/source/dcc.tar.Z
$ tar xzf dcc.tar.Z
$ cd dcc-1.3.163
./configure --homedir=/opt/zimbra/dcc-1.3.163 \
--disable-sys-inst --with-uid=zimbra --disable-server \
--disable-dccifd --disable-dccm \
--with-updatedcc_pfile=/opt/zimbra/data/dcc \
--with-rundir=/opt/zimbra/data/dcc/run \
--bindir=/opt/zimbra/dcc-1.3.163/bin
$ make
$ make install
$ mkdir -p /opt/zimbra/dcc/run
tambahkan di file razor.cf yang ada di /opt/zimbra/data/spamassassin/localrules/razor.cf
#DCC
use_dcc 1
dcc_path /opt/zimbra/dcc/bin/dccproc
dcc_timeout 20
restart
$ zmamavisdctl restart
Test koneksi dcc
$ /opt/zimbra/dcc/bin/cdcc info
klo sukses
dcc5.dcc-servers.net,- RTT+1000 ms anon
# 195.20.8.232,- EATSERVER ID 1166
# 57% of 7 requests ok 2569.28+1000 ms RTT 100 ms queue wait
# 204.90.71.235,- MGTINTERNET ID 1170
# 100% of 4 requests ok 380.88+1000 ms RTT 100 ms queue wait
################
# 09/27/18 13:13:30 WIB greylist /opt/zimbra/dcc-1.3.159/map
# Re-resolve names after 15:13:30
Test dcc dengan sample-spam.txt
$/opt/zimbra/common/bin/spamassassin -D < /home/sample-spam.txt
klo suksess check_dcc: 305 (23.7%) dan DCC_CHECK
klo dcc blm berjalan silahkan cek file
/opt/zimbra/data/spamassassin/localrules/salocal.cf
cari baris "use_dcc 0" apakah ada ? kalau ada kita tidak bisa langsung mengedit file salocal.cf tsb
yang kita edit file /opt/zimbra/conf/salocal.cf.in cari baris "use_dcc 0" hapus / edit comment menjadi "#use_dcc 0" tanpa quote
restart
$ zmamavisdctl restart
dan test lagi dcc dengan sample-spam.txt
$/opt/zimbra/common/bin/spamassassin -D < /home/sample-spam.txt
bisa juga install dcc dari rpm dan dependencies nya dcc sendmail-milter
1. sendmail-milter-8.14.7-5.el7.x86_64.rpm
# yum install sendmail-milter
2. dcc-1.3.158-5.el7.art.x86_64.rpm
bisa download langsung atau menambahkan repo nya
http://www6.atomicorp.com/channels/atomic/centos/7/x86_64/RPMS/
Install atomic-release rpm:
# rpm -Uvh atomic-release*rpm
Install dcc rpm package:
# yum install dcc
Edit file /etc/dcc/dcc_conf
DCC_LIBEXEC=/usr/libexec/dcc
DCC_RUNDIR=/var/run/dcc
DCCUID=zimbra
DCCD_ENABLE=off
DCCIFD_ENABLE=off
File razor.cf yang di sesuaikan ada di /opt/zimbra/data/spamassassin/localrules/razor.cf
#DCC
use_dcc 1
dcc_path /usr/bin/dccproc
dcc_timeout 20
restart
$ zmamavisdctl restart
dan test lagi dcc dengan sample-spam.txt
$/opt/zimbra/common/bin/spamassassin -D < /home/sample-spam.txt
silahkan kirim email dari luar ke salah satu user di mail server dan perhatikan zimbra log
Sep 27 11:43:05 mail amavis[27749]: (27749-01) TIMING-SA [total 1285 ms, cpu 262 ms] - parse: 1.65 (0.1%), extract_message_metadata: 17 (1.3%), get_uri_detail_list: 0.50 (0.0%), tests_pri_-1000: 8 (0.6%), tests_pri_-950: 2.2 (0.2%), tests_pri_-900: 1.55 (0.1%), tests_pri_-400: 1.40 (0.1%), tests_pri_0: 1231 (95.8%), check_spf: 0.56 (0.0%), check_dkim_adsp: 5 (0.4%), check_dcc: 305 (23.7%), check_razor2: 574 (44.6%), check_pyzor: 255 (19.8%), tests_pri_500: 9 (0.7%), get_report: 0.54 (0.0%)
pastikan firewall open untuk
out 6277 UDP - DCC service
out 2703 TCP - Razor2 service
out 24441 UDP - Pyzor service
sumber https://wiki.zimbra.com/wiki/Anti-spam_Strategies
Salam
Komentar
Posting Komentar