自己写的，不是很详细，目前使用中......

OpenBSD + SpamAssassin + Amavisd-new + clamav 建立安全反病毒反垃圾邮件系统

参照 http://lawmonkey.org/anti-spam.html 架设的，目前该地址不可用

哈哈，安装系统哦：）建议分区 OpenBSD3.3
wd0a - / (root) 500M - This partition is where the / /etc /root /dev directories will be kept.
wd0b - (swap) - give it at least as much space as you have in RAM, so if your computer has 256 MB RAM, make the swap at least 256M.
wd0d - /tmp 300M
wd0e - /var 8G - Again disk space is cheap, so give the var directory lots of space. All of the mail queues, local mailboxes, logs and nearly everything else get stored here.
wd0f - /usr 2G - You absolutely must have at least 2 gigs in the /usr volume. If you ever need to patch your operating system (and you will) you'll need this space to store all the source code and compiled files.
wd0g - /home 1G - We won't do much with the home directories on this computer since there really won't be any local users other than the administrator. One gig of space will be plenty.

修改sshd的配置，disable root远程登录，disable passwd验证。
安装ports包：）
检查perl的版本
# perl -v

This is perl, v5.8.2 built for i386-openbsd

Copyright 1987-2003, Larry Wall

Perl may be copied only under the terms of either the Artistic License or the
GNU General Public License, which may be found in the Perl 5 source kit.

Complete documentation for Perl, including FAQ lists, should be found on
this system using `man perl' or `perldoc perl'. If you have access to the
Internet, point your browser at http://www.perl.com/, the Perl Home Page.

#
呵呵，比较幸运，5.8.2符合要求，如果低于5.8.1需另外安装perl，具体方法见perl的安装手册。

为安装postfix做准备，首先要把系统正在运行的sendmail停止调哦
删除sendmail程序
# rm /usr/sbin/sendmail

Remove sendmail queue runner command in crontab
# crontab -e
Look for the lines that look like this and remove them or comment them out with a #
# sendmail clientmqueue runner
*/30 * * * * /usr/sbin/sendmail -L sm-msp-queue -Ac -q

Edit the /etc/rc.conf.local file to prevent sendmail from starting when the computer boots. Change:
sendmail_flags = NO

Kill off any existing sendmail process.
# ps -ax |grep sendmail
# kill `head -1 /var/run/sendmail.pid`

增加postfix和amavisd-new需要的用户吧
使用vipw命令，增加
postfix:*:2000:2000::0:0:Postfix Mail Daemon:/var/empty:/sbin/nologin
amavisd:*:3000:3000::0:0:Amavis Mail Scanner Daemon:/var/amavisd:/sbin/nologin

增加用户组 vi /etc/group
postfix:*:2000:
postdrop:*:2001:
amavisd:*:3000:

为了让postfix支持sasl验证，必须安装sasl2（这个才支持ldap哦，不过要先安装ldap）
# cd /usr/ports/databases/openldap
# make
# make install
呵呵，这样可以安装cyrus-sasl2了呀
# cd /usr/ports/security/cyrus-sasl2
由于默认是不支持ldap的哦，所以要改配置文件，使能ldap功能
看看diff的结果，改一下Makefile文件就可以了
# diff -u Makefile.old Makefile
--- Makefile.old Tue Jun 1 00:32:47 2004
+++ Makefile Tue Jun 1 00:33:58 2004
@@ -25,10 +25,11 @@

CONFIGURE_ARGS+= --with-saslauthd="/var/sasl2" \
--with-staticsasl \
+ --with-ldap \
--enable-login \
--enable-gssapi="/usr" \
--disable-sample
-CFLAGS+= -I/usr/include/kerberosV
+CFLAGS+= -I/usr/include/kerberosV -I/usr/local/include

FLAVORS= db4
FLAVOR?=
# make
# make install

ok这个sasl2就算安装完事了，测试一下吧，创建
# vi /etc/saslauthd.conf
ldap_servers: ldap://LDAP_IP_ADDRESS/
ldap_search_base: o=elm.com
ldap_timeout: 10
ldap_filter: uid=%u
启动sasld哦
# saslauthd -a ldap
# testsaslauthd -u wzk -p xxxxx
0: OK "Success."
哈哈，成功了哦

准备动作都做好了，我们开始安装postfix吧，都等不急了，这么麻烦:(..... Unix嘛这个可以理解的哦，就是一个字“烦”
# cd /home/wzk
# ftp ftp://ftp.easynet.be/postfix/official/postfix-2.1.1.tar.gz
# tar zxvf postfix-2.1.1.tar.gz
make now？no 不要急嘛，默认postfix是不支持sasl2验证的，需要特殊配置的
# make tidy # if you have left-over files from a previous build
# make makefiles CCARGS="-DUSE_SASL_AUTH -I/usr/local/include/sasl" \
AUXLIBS="-L/usr/local/lib -lsasl2"
# make
# make install
为了安全我们所有程序都在CHROOT环境下运行的，所以我们要为这个做准备
# mkdir /var/spool/postfix/etc
# cd /etc
# cp localtime services hosts resolv.conf /var/spool/postfix/etc
本地用户的邮件别名也记得要重新改一下哦
# cp /etc/postfix/aliases /etc/
# newaliases
呵呵，终于到正题了，我们配置postfix吧，首先配置/etc/postfix/main.cf，内容如下
================================CUT HERE==============================================
#
# >>>>>>>>>> You must reload postfix after editing this file
# >> NOTE >> to do this use the command:
# >>>>>>>>>> # postfix reload
#

queue_directory = /var/spool/postfix
daemon_directory = /usr/libexec/postfix

mail_owner = postfix

myhostname = mailgw.elm.com
mydomain = elm.com
myorigin = $myhostname
mydestination = $myhostname, localhost.$mydomain
mynetworks = 192.168.0.0/24, 127.0.0.0/8

local_recipient_maps =
biff = no
empty_address_recipient = MAILER-DAEMON
queue_minfree = 120000000
message_size_limit = 20000000
mailbox_size_limit = 1000000000

smtpd_banner = $myhostname ESMTP

transport_maps = hash:/etc/postfix/transport
local_transport = local

smtpd_sasl_auth_enable = yes

smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_non_fqdn_recipient
#some people also add reject_non_fqdn_sender (but I have clients that break this rule that I need to receive from)

notify_classes = protocol,resource,software

# Install Time Configuration
sendmail_path = /usr/sbin/sendmail
newaliases_path = /usr/bin/newaliases
mailq_path = /usr/bin/mailq
setgid_group = postdrop
manpage_directory = /usr/local/man
sample_directory = /etc/postfix
readme_directory = no
html_directory = no
==================================CUT HERE================================================
还有另外好几个配置文件哦，下面这个是/etc/postfix/master.cf
=================================/etc/postfix/master.cf CUT HERE================================
#==============================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
#==============================================================================
#This is the before-filter smtpd...it passes content to amavisd on port 10024

smtp inet n - y - 8 smtpd
-o smtpd_proxy_filter=127.0.0.1:10024
-o smtpd_client_connection_count_limit=4
pickup fifo n - y 60 1 pickup
cleanup unix n - y - 0 cleanup
qmgr fifo n - y 300 1 qmgr
rewrite unix - - y 300 - trivial-rewrite
bounce unix - - y - 0 bounce
defer unix - - y - 0 bounce
flush unix n - y 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - y - - smtp
relay unix - - y - - smtp
showq unix n - y - - showq
error unix - - y - - error
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - y - - lmtp
trace unix - - y - 0 bounce
verify unix - - y - 1 verify

# This is the after-filter smtpd, it listens on port 10025 to receive mail from amavisd
127.0.0.1:10025 inet n - y - - smtpd
-o smtpd_authorized_xforward_hosts=127.0.0.0/8
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o smtpd_data_restrictions=
-o mynetworks=127.0.0.0/8
-o receive_override_options=no_unknown_recipient_checks
====================================CUT HERE=========================================================
如果是发邮件服务器，可能要修改main.cf master.cf这个两个文件，因为让发邮件用户很快发送出邮件，上面的配置只接受8并发个用户
# vi /etc/postfix/transport
elm.com smtp:[REAL_MAIL_SERVER_ADDR]
# postmap /etc/postfix/transport #不认文本文件的哦
为了让postfix知道通过什么方式认证，增加/usr/local/lib/sasl2/smtpd.conf
============================CUT HERE==================================
pwcheck_method: saslauthd
mech_list: plain login
============================CUT HERE==================================
测试postfix服务
# postfix start
postfix/postfix-script: starting the Postfix mail system
# telnet localhost smtp
Trying ::1...
telnet: connect to address ::1: Connection refused
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 mailgw.elm.com ESMTP
quit
221 Bye
Connection closed by foreign host.
# telnet localhost 10025
Trying ::1...
telnet: connect to address ::1: Connection refused
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 mailgw.elm.com ESMTP
quit
221 Bye
Connection closed by foreign host.
#

# cd /var/spool/postfix/
# mkdir -p usr/local/sbin
# cp /usr/local/sbin/saslauthd usr/local/sbin
# ldd /usr/local/sbin/saslauthd
/usr/local/sbin/saslauthd:
Start End Type Ref Name
00000000 00000000 exe 1 /usr/local/sbin/saslauthd
057cf000 257d4000 rlib 1 /usr/lib/libgssapi.so.2.1
0a1a5000 2a1b4000 rlib 1 /usr/lib/libkrb5.so.13.0
07294000 272a3000 rlib 1 /usr/lib/libasn1.so.13.0
050af000 250e0000 rlib 2 /usr/lib/libcrypto.so.10.3
0b410000 2b41f000 rlib 1 /usr/lib/libcom_err.so.13.0
097e6000 297ef000 rlib 1 /usr/local/lib/libldap.so.2.127
0ace8000 2acec000 rlib 2 /usr/local/lib/liblber.so.2.127
0016f000 201a8000 rlib 1 /usr/lib/libc.so.30.3
0d04e000 2d05a000 rlib 1 /usr/lib/libssl.so.8.0
0dcb5000 0dcb5000 rtld 1 /usr/libexec/ld.so
把这些文件复制到/var/spool/postfix为根的目录下
创建null设备
cp /etc/saslauthd.conf /var/spool/postfix/etc/

安装Perl 的 Modules吧
MD5
LWP
Mail::Internet
Archive::Tar
Archive::Zip
IO::Wrap
IO::Stringy
Unix::Syslog
MIME::Words
MIME::Head
MIME::Body
MIME::Entity
MIME::Parser
Net::SMTP
Net::DNS (when prompted to enable tests, choose no)
Net::Ping
Net::Server
Net::Server::PreForkSimple
Convert::TNEF
Convert::UUlib
MIME::Decoder::Base64
MIME::Decoder::Binary
MIME::Decoder::Gzip64
MIME::Decoder::NBit
MIME::Decoder::QuotedPrint
MIME::Decoder::UU
Time::HiRes
Digest::SHA1
Digest::Nilsimsa
Getopt::Long
File::Copy
Bit::Vector
Date::Calc
# perl -MCPAN -e shell #呵呵，还是这样安装省事
cpan>install MD5 LWP Mail::Internet Archive::Tar Archive::Zip IO::Wrap IO::Stringy Unix::Syslog MIME::Words MIME::Head MIME::Body MIME::Entity MIME::Parser Net::SMTP Net::DNS Net::Ping Net::Server Net::Server::PreForkSimple Convert::TNEF Convert::UUlib MIME::Decoder::Base64 MIME::Decoder::Binary MIME::Decoder::Gzip64 MIME::Decoder::NBit MIME::Decoder::QuotedPrint MIME::Decoder::UU Time::HiRes Digest::SHA1 Digest::Nilsimsa Getopt::Long File::Copy Bit::Vector Date::Calc
哎，终于可以休息休息了，让系统慢慢安装吧：）
安装反垃圾邮件模块
cpan> install Mail::SpamAssassin
配置SpamAssassin程序/etc/mail/spamassassin/local.cf
========================CUT HERE====================================
rewrite_subject 1

report_safe 0
use_terse_report 0

use_bayes 1
bayes_path /var/amavisd/.spamassassin/bayes
auto_learn 1

skip_rbl_checks 0
use_razor2 1
use_dcc 1
use_pyzor 0
dcc_add_header 1

dns_available yes

header LOCAL_RCVD Received =~ /.*\(\S+\.domain\.com\s+\[.*\]\)/
describe LOCAL_RCVD Received from local machine
score LOCAL_RCVD -50

## Optional Score Increases
score DCC_CHECK 4.000
score RAZOR2_CHECK 2.500
score BAYES_99 4.300
score BAYES_90 3.500
score BAYES_80 3.000
========================CUT HERE====================================
spamassassin也是在CHROOT环境下运行的哦
# mkdir -p /var/amavisd
# chown amavisd.amavisd /var/amavisd
# chmod 750 /var/amavisd
# cd /var/amavisd
# mkdir .spamassassin
# touch .spamassassin/user_prefs
# chown -R amavisd.amavisd .spamassassin

安装Razor2程序
# cd /root
# ftp http://unc.dl.sourceforge.net/sourceforge/razor/razor-agents-2.40.tar.gz
# tar -zxvf razor-agents-2.40.tar.gz
# cd razor-agents-2.40
# perl Makefile.PL
# make
# make test
# make install
创建默认配置文件
# razor-client
# razor-admin -create
Copy the razor config files to the chroot directory
# cp -r /root/.razor /var/amavisd
# chown -R amavisd.amavisd /var/amavisd/.razor
确认/var/amavisd/.razor/razor-agent.conf 中的 debuglevel = 0
安装DCC程序
# cd /root
# ftp http://www.dcc-servers.net/dcc/source/dcc-dccd.tar.Z
# tar -zxvf dcc-dccd.tar.Z
# cd dcc-dccd-1.2.49
# ./configure
# make
# make install

Make sure udp port 6277 is allowed out from this computer on your firewall.

# /usr/local/bin/cdcc 'info'

If everything is working, you should see a bunch of lines like:

dcc.rhyolite.com, - RTT+0 ms anon
# 153.19.44.233,- coral.ely.pg.gda.pl WEiAPG server-ID 1072
# 100% of 3 requests ok 1687.64+0 ms RTT 113 ms queue wait
# 192.188.61.3,- calcite.rhyolite.com Rhyolite server-ID 101
# 100% of 2 requests ok 755.52+0 ms RTT 50 ms queue wait

DCC也是在CHROOT下运行的，所以要配置哦
# mkdir -p /var/amavisd/var /var/amavisd/usr/bin /var/amavisd/usr/libexec /var/amavisd/var/dcc
# mkdir -p /var/amavisd/usr/lib /var/amavisd/bin
# cp -r /var/dcc /var/amavisd/var/
# cp /usr/local/bin/dccproc /var/amavisd/usr/bin
# cp /usr/libexec/ld.so /var/amavisd/usr/libexec
# chown -R amavisd:amavisd /var/amavisd/var/dcc
# cp /bin/sh /var/amavisd/bin/
确认dccproc使用的lib文件
# ldd /usr/local/bin/dccproc
/usr/local/bin/dccproc:
Start End Type Ref Name
00000000 00000000 exe 1 /usr/local/bin/dccproc
0bbe2000 2bbe9000 rlib 1 /usr/lib/libm.so.1.0
0dc97000 2dcd0000 rlib 1 /usr/lib/libc.so.30.3
0c52f000 0c52f000 rtld 1 /usr/libexec/ld.so
将以上文件复制到chroot下：）
# cd /var/amavisd/usr/lib
# cp /usr/lib/libm.so.1.0 .
# cp /usr/lib/libc.so.30.3 .
安装和配置amavisd-new
# cd /root
# ftp http://www.ijs.si/software/amavisd/amavisd-new-20030616-p9.tar.gz
# tar -zxvf amavisd-new-20030616-p9.tar.gz
# cd amavisd-new-20030616
# cp amavisd /usr/local/sbin/
# chown root.wheel /usr/local/sbin/amavisd
# chmod 550 /usr/local/sbin/amavisd
# cp amavisd.conf /etc/
# chown root.wheel /etc/amavisd.conf
# chmod 644 /etc/amavisd.conf
# touch /var/amavisd/amavis.log
# chown amavisd.amavisd /var/amavisd/amavis.log

修改/etc/amavisd.conf文件的内容
==============================CUT HERE=========================
use strict;

$MYHOME = '/var/amavisd';
$mydomain = 'elm.com';
$daemon_user = 'amavisd';
$daemon_group = 'amavisd';
$daemon_chroot_dir = $MYHOME;

$QUARANTINEDIR = "$MYHOME/quarantine";
$TEMPBASE = "$MYHOME/tmp";
$ENV = $TEMPBASE;
$helpers_home = $MYHOME;

$max_servers=8;
$child_timeout=20*60; # we need to adjust the timeout since it is not a localhost transfer

$forward_method = 'smtp:127.0.0.1:10025';
$notify_method = $forward_method;
$inet_socket_port = 10024;
$inet_socket_bind = '127.0.0.1';
@inet_acl = qw( 127.0.0.1 );

@bypass_virus_checks_acl = qw( . );
@local_domains_acl = ( ".$mydomain" );

$DO_SYSLOG = 1; # (1 = syslog, 0 = logfile)
$LOGFILE = "$MYHOME/amavis.log";
$log_level = 5; # (0-5)

$final_spam_destiny = D_REJECT; # Set to D_REJECT, D_PASS to pass through

read_hash(\%whitelist_sender, '/var/amavisd/whitelist');
read_hash(\%blacklist_sender, '/var/amavisd/blacklist');
read_hash(\%spam_lovers, '/var/amavisd/spam_lovers');

#defending against mail bombs
$MAXLEVELS = 14; # Maximum recursion level for extraction/decoding
$MAXFILES = 1500; # Maximum number of extracted files
$MIN_EXPANSION_QUOTA = 100*1024; # bytes (default undef, not enforced)
$MAX_EXPANSION_QUOTA = 300*1024*1024; # bytes (default undef, not enforced)
$MIN_EXPANSION_FACTOR = 5; # times original mail size (must be specified)
$MAX_EXPANSION_FACTOR = 500; # times original mail size (must be specified)

$path = '/usr/local/sbin:/usr/local/bin:/usr/sbin:/sbin:/usr/bin:/bin';

# SpamAssassin settings
$sa_local_tests_only = 0;
$sa_auto_whitelist = 1; # comment this line out to turn off auto whitelist
$sa_mail_body_size_limit = 64*1024; # 64KB

$sa_tag_level_deflt = 3.0; # controls adding the X-Spam-Status and X-Spam-Level headers,
$sa_tag2_level_deflt = 6.3; # controls adding 'X-Spam-Flag: YES', and editing Subject,
$sa_kill_level_deflt = $sa_tag2_level_deflt; # triggers spam evasive actions:

$sa_spam_subject_tag = '***SPAM*** ';
$sa_debug = 1; # comment this line out to turn off debugging

1; # insure a defined return
==================CUT HERE========================================

创建amavisd需要的文件夹
# mkdir /var/amavisd/tmp
# chown amavisd:amavisd /var/amavisd/tmp
# chmod 750 /var/amavisd/tmp
# mkdir /var/amavisd/quarantine
# chown amavisd:amavisd /var/amavisd/quarantine
# chmod 750 /var/amavisd/quarantine

# cd /var/amavisd

Make the default root folders:
# mkdir -p etc dev tmp var/run
# mkdir -p usr/bin usr/share/zoneinfo usr/lib usr/libexec

# mknod dev/null c 2 2

# vi /etc/fstab

-/dev/wd0g /var ffs rw,nodev,nosuid 1 2
+/dev/wd0g /var ffs rw,nosuid 1 2

Setup a symbolic link so the chrooted process can refer to /var/amavisd and still get the files in /var/amavisd (which would then be /)
# ln -s / var/amavisd

Copy the configuration files for our system to our chroot etc directory. Please note that if you ever make any changes in the originals you will need to copy them again to this directory.
# cp /etc/protocols etc
# cp /etc/services etc
# cp /etc/hosts etc
# cp /etc/magic etc
# cp /etc/resolv.conf etc
# cp /etc/group etc
# cp /etc/passwd etc

Create a dummy pwd.db file:
# echo amavisd:*:3000:3000::0:0:Amavis Mail Scanner Daemon:/var/amavisd:/sbin/nologin>/var/amavisd/etc/master.passwd
# pwd_mkdb -d /var/amavisd/etc/ -p /var/amavisd/etc/master.passwd

Copy the SpamAssassin files we need to our chroot directory
# mkdir -p etc/mail/spamassassin
# cp /etc/mail/spamassassin/local.cf etc/mail/spamassassin/
# cp -r /usr/local/share/spamassassin usr/local/share

Set strict permissions. Note that amavisd must own its home directory (/var/amavisd) otherwise it will generate permissions errors.
# chown -R root.wheel etc dev tmp usr var
# chown -R amavisd:amavisd .spamassassin .razor quarantine var/dcc
# chmod 1777 tmp
# chmod 666 dev/null

# touch /var/amavisd/blacklist
# touch /var/amavisd/whitelist
# touch /var/amavisd/spam_lovers

呵呵，反垃圾基本就设置完成
别忘记添加自动启动脚本哦
/etc/rc.local
++++++++++++++
/usr/sbin/postfix start
/usr/local/sbin/amavisd

下面我们开始安装查毒程序了，安装clamav程序
# ftp http://www.fatbsd.com/openbsd/clamav/dl/clamav-0.71_3.5.tar.gz
# tar zxvf clamav-0.71_3.5.tar.gz
# cd clamav-0.71
# make
# make install

----------------
clamav is almost installed
----------------

clamav.conf and freshclam.conf have been placed in /usr/local/share/examples/clamav
it should be configured and placed into /etc
In clamav.conf, delete the "Example" line before running clamd

Warning: Never set the SUID/SGID bit on Clam Antivirus programs

To keep up to date run freshclam on a regular basis(cron):
0 8 * * * /usr/local/bin/freshclam --quiet -l /var/clamav/freshclam.log --daemon-notify

User/Group _clamav has been created. Use them.
Database is by default in /var/clamav
Log files are by default in /var/clamav
Sock files are by default in /var/clamav
Pid files are by default in /var/clamav

In order to run clamd/clamav-milter/freshclam at boot time
Add the following to /etc/rc.conf:
+-------------
clamd=NO # for normal use: ""
clamav_milter=NO # for normal use: "--max-children=2 -loNH -U /var/clamav/quarantine --pidfile=/var/clamav/clamav-milter.pid local:/var/clamav/clamav-milter.sock"
freshclam=NO # for normal use: "-d -c 2 -l /var/clamav/freshclam.log --daemon-notify -p /var/clamav/freshclam.pid"
+------------

Finally, add the following to /etc/rc.local:
+--------------
if [ -f /etc/clamav.conf -a -f /etc/freshclam.conf ]; then
rm -f /var/clamav/*.pid /var/clamav/*.sock > /dev/null
if [ X"$" != X"NO" -a -x /usr/local/sbin/clamd ]; then
echo -n 'clamd '; /usr/local/sbin/clamd $
sleep 1
if [ X"$" != X"NO" -a -x /usr/local/sbin/clamav-milter ]; then
echo -n 'clamav-milter '; /usr/local/sbin/clamav-milter $
fi
fi
if [ X"$" != X"NO" -a -x /usr/local/bin/freshclam ]; then
echo -n 'freshclam '; /usr/local/bin/freshclam $
fi
fi
+--------------
Enjoy clamav!
安装下面的port包
/usr/ports/archivers/unzip
/usr/ports/archivers/unrar
/usr/ports/archivers/unace
/usr/ports/archivers/unarj
/usr/ports/archivers/arc
/usr/ports/archivers/bzip2
/usr/ports/archivers/lha
/usr/ports/archivers/zoo

Run under CHROOT

cd /var/amavisd
cp /usr/bin/file usr/bin
cp /usr/bin/gzip usr/bin
cp /usr/local/bin/arc usr/bin
cp /usr/local/bin/bzip2 usr/bin
cp /usr/local/bin/zoo usr/bin
cp /usr/local/bin/unrar usr/bin
cp /usr/local/bin/unarj usr/bin
cp /usr/local/bin/lha usr/bin

# file -v
看看file的版本
file-3.22
完了，升级吧
# cd root
# ftp ftp://ftp.astron.com/pub/file/file-4.09.tar.gz
# tar zxvf file-4.09.tar.gz
# cd file-4.09
# ./configure
# make
# make install
# cp /usr/local/bin/file /var/amavisd/usr/bin/
# mkdir -p /var/amavisd/usr/local/share/file
# cp /usr/local/share/file/magic* /var/amavisd/usr/local/share/file
# ldd /usr/local/bin/file
/usr/local/bin/file:
Start End Type Ref Name
00000000 00000000 exe 1 /usr/local/bin/file
0e1ac000 2e1b1000 rlib 1 /usr/local/lib/libmagic.so.1.0
0ab64000 2ab6c000 rlib 1 /usr/lib/libz.so.3.0
09dd8000 29e11000 rlib 1 /usr/lib/libc.so.30.3
0c60b000 0c60b000 rtld 1 /usr/libexec/ld.so
# cp /usr/local/lib/libmagic.so.1.0 /var/amavisd/usr/lib
# cp /usr/lib/libz.so.3.0 /var/amavisd/usr/lib/
# chroot -u amavisd /var/amavisd /usr/bin/file -v
file-4.09
magic file from /usr/local/share/file/magic
呵呵，看来file是好用了
# chroot -u amavisd /var/amavisd /usr/bin/arc ...gzip ....
检查所有的压缩文件是否好用，主要是lib文件的问题
# cp /usr/local/lib/libbz2.so.10.2 /var/amavisd/usr/lib/
# cp /usr/lib/libstdc++.so.31.0 /var/amavisd/usr/lib/

复制文件，是clamav可以在CHROOT下运行

cd /var/amavisd
mkdir usr/local/share/clamav
mkdir usr/sbin
mkdir var/log
chown -R amavisd.amavisd usr/local/share/clamav var/log
chmod -R 744 usr/local/share/clamav var/log
chmod 744 var/log
chmod 755 usr/local/share
cp /usr/lib/libpthread.so.1.0 usr/lib
cp /usr/lib/libz.so.2.0 usr/lib
cp /usr/local/lib/libclamav.* usr/lib/
cp -R /usr/local/share/clamav usr/local/share
cp /usr/local/bin/freshclam usr/bin
cp /usr/local/bin/clam* usr/bin
cp /usr/local/sbin/clamd usr/sbin
cp /usr/local/share/examples/clamav/*.conf etc
mknod dev/urandom c 45 2

Copy libraries used by ClamAV
cp /usr/local/lib/libclamav.so.1.3 /var/amavisd/usr/lib/
cp /usr/local/lib/libbz2.so.10.2 /var/amavisd/usr/lib/
cp /usr/local/lib/libgmp.so.6.2 /var/amavisd/usr/lib/
cp /usr/lib/libpthread.so.2.4 /var/amavisd/usr/lib/
修改配置文件/var/amavisd/etc/clamav.conf
LogFile /var/log/clamd.log

LogTime

LogVerbose

PidFile /var/amavisd/clamd.pid

LocalSocket /var/amavisd/clamd.sock

FixStaleSocket
编辑配置文件/var/amavisd/etc/freshclam.conf
UpdateLogFile /var/log/freshclam.log

LogVerbose

DatabaseOwner amavisd

NotifyClamd /etc/clamav.conf

# cp /usr/share/zoneinfo/Asia/Shanghai /var/amavisd/etc/locatime
# chroot -u amavisd /var/amavisd /usr/bin/freshclam --log-verbose
# chroot -u amavisd /var/amavisd /usr/sbin/clamd

修改/etc/amavisd.conf文件，使之使用clamav查杀病毒
===========================CUT HERE=========================
use strict;

$MYHOME = '/var/amavisd';
$mydomain = 'neu.edu.cn';
$daemon_user = 'amavisd';
$daemon_group = 'amavisd';
$daemon_chroot_dir = $MYHOME;

$QUARANTINEDIR = "$MYHOME/quarantine";
$TEMPBASE = "$MYHOME/tmp";
$ENV = $TEMPBASE;
$helpers_home = $MYHOME;

$max_servers=8;
$child_timeout=20*60; # we need to adjust the timeout since it is not a localhost transfer

$forward_method = 'smtp:127.0.0.1:10025';
$notify_method = $forward_method;
$inet_socket_port = 10024;
$inet_socket_bind = '127.0.0.1';
@inet_acl = qw( 127.0.0.1 );

# @bypass_virus_checks_acl = qw( . );
@bypass_spam_checks_acl = qw( . ); # uncomment to DISABLE anti-spam code
# @local_domains_acl = ( "$mydomain", "mail.$mydomain", "mail1.$mydomain", "mail2.$mydomain" );

$DO_SYSLOG = 1; # (1 = syslog, 0 = logfile)
$LOGFILE = "$MYHOME/amavis.log";
$log_level = 5; # (0-5)

$hdrfrom_notify_sender = 'SpamAssassin <spamadmin@elm.com>';
$notify_virus_sender_templ = read_text("$MYHOME/notify_virus_sender.txt");
$notify_spam_sender_templ = read_text("$MYHOME/notify_spam_sender.txt");
# $spam_admin = "wzk\@mail2.$mydomain";

$final_spam_destiny = D_REJECT; # Set to D_REJECT, D_PASS to pass through

read_hash(\%whitelist_sender, '/var/amavisd/whitelist');
read_hash(\%blacklist_sender, '/var/amavisd/blacklist');
read_hash(\%spam_lovers, '/var/amavisd/spam_lovers');

#defending against mail bombs
$MAXLEVELS = 14; # Maximum recursion level for extraction/decoding
$MAXFILES = 1500; # Maximum number of extracted files
$MIN_EXPANSION_QUOTA = 100*1024; # bytes (default undef, not enforced)
$MAX_EXPANSION_QUOTA = 300*1024*1024; # bytes (default undef, not enforced)
$MIN_EXPANSION_FACTOR = 5; # times original mail size (must be specified)
$MAX_EXPANSION_FACTOR = 500; # times original mail size (must be specified)

### Virus scanners

# Add X-Virus-Scanned line to mail? (default: undef)
$X_HEADER_TAG = 'X-Virus-Scanned';

$remove_existing_x_scanned_headers = 0; # leave existing X-Virus-Scanned alone

# Don't notify sender when these viruses are found because they spoof From:
$viruses_that_fake_sender_re = new_RE(
qr'nimda|hybris|klez|bugbear|yaha|braid|sobig|fizzer|palyh|peido|holar'i,
qr'tanatos|lentin|bridex|mimail|trojan\.dropper|dumaru|parite|spaces'i,
qr'dloader|galil|gibe|swen|netwatch|bics|sbrowse|sco|mydoom'i,
qr'somefool|lovgate|bagle'i,
[qr'^(EICAR\.COM|Joke\.|Junk\.)'i => 0],
[qr'^(WM97|OF97|W95/CIH-|JS/Fort)'i => 0],
);

@av_scanners = (
# http://www.clamav.net/
['Clam Antivirus-clamd',
\&ask_daemon, ["CONTSCAN {}\n", '/var/amavisd/clamd.sock'],
qr/\bOK$/, qr/\bFOUND$/,
qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
);

@av_scanners_backup = (
# http://www.clamav.net/
['Clam Antivirus - clamscan', 'clamscan',
'--stdout --no-summary -r {}', [0], [1],
qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
);

$path = '/usr/local/sbin:/usr/local/bin:/usr/sbin:/sbin:/usr/bin:/bin';

$file = 'file';
$arc = ['nomarch', 'arc'];
$lzop = 'lzop';
$unfreeze = 'unfreeze';
$cpio = 'cpio';
$gzip = 'gzip';
$bzip2 = 'bzip2';
$uncompress = ['uncompress', 'gzip -d', 'zcat'];
$lha = 'lha';
$unarj = 'unarj';
$unrar = 'unrar';
$zoo = 'zoo';

# SpamAssassin settings
$sa_local_tests_only = 0;
$sa_auto_whitelist = 1; # comment this line out to turn off auto whitelist
$sa_mail_body_size_limit = 512*1024; # 64KB

$sa_tag_level_deflt = 3.0; # controls adding the X-Spam-Status and X-Spam-Level headers,
$sa_tag2_level_deflt = 5.0; # controls adding 'X-Spam-Flag: YES', and editing Subject,
$sa_kill_level_deflt = $sa_tag2_level_deflt; # triggers spam evasive actions:
$sa_dsn_cutoff_level = 20; # effectively turning D_BOUNCE into D_DISCARD;

$sa_spam_subject_tag = '***SPAM*** ';
$sa_debug = 1; # comment this line out to turn off debugging

#$virus_quarantine_method = "local:virus-%i-%n"; # default
#$spam_quarantine_method = "local:spam-%b-%i-%n"; # default
#$spam_quarantine_to = 'wzk@elm.com';
#$spam_quarantine_to = 'wzk@elm.com';
#
#use the new 'bsmtp:' method as an alternative to the default 'local:'
#$virus_quarantine_method = "bsmtp:$QUARANTINEDIR/virus-%i-%n.bsmtp";
#$spam_quarantine_method = "bsmtp:$QUARANTINEDIR/spam-%b-%i-%n.bsmtp";

1; # insure a defined return
============================CUT HERE=====================================

21 1,5,9,13,17,21 * * * chroot -u amavisd /var/amavisd /usr/bin/freshclam --quiet --log-verbose --daemon-notify

/etc/pf.conf
ext_if="bge0"
external_addr="Server_IP"

table { 209.226.175.0/24 }
table { 192.168.0.0/24 }

pass in quick on lo0
pass out quick on lo0

block in quick on $ext_if from to $external_addr
pass in quick on $ext_if proto icmp from any to $external_addr
# Incoming from DCC to our MTA
pass in quick on $ext_if proto udp from any to $external_addr port 6277 keep state
pass in quick on $ext_if proto udp from to $external_addr port 161 keep state
pass in quick on $ext_if proto { tcp } from any to $external_addr port 25 keep state
pass in quick on $ext_if proto { tcp, udp } from to $external_addr port 22 keep state
pass in quick on $ext_if proto tcp from to $external_addr port 80 keep state
block in quick on $ext_if

pass out quick on $ext_if keep state

===========================================================================================
如果是发邮件服务器，最好使用这个配置
/etc/postfix/main.cf
=================================================================================
#
# >>>>>>>>>> You must reload postfix after editing this file
# >> NOTE >> to do this use the command:
# >>>>>>>>>> # postfix reload
#

queue_directory = /var/spool/postfix
daemon_directory = /usr/libexec/postfix

mail_owner = postfix

myhostname = smtp.elm.com
mydomain = elm.com
myorigin = $myhostname
mydestination = $myhostname, localhost.$mydomain
mynetworks = 192.168.0.0/24, 127.0.0.0/8

local_recipient_maps =
biff = no
empty_address_recipient = MAILER-DAEMON
queue_minfree = 120000000
message_size_limit = 20000000
mailbox_size_limit = 1000000000

smtpd_banner = $myhostname ESMTP

transport_maps = hash:/etc/postfix/transport
local_transport = local

smtpd_sasl_auth_enable = yes

smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_non_fqdn_recipient
#some people also add reject_non_fqdn_sender (but I have clients that break this rule that I need to receive from)

notify_classes = resource,software

content_filter = smtp-amavis:[127.0.0.1]:10024

# Install Time Configuration
sendmail_path = /usr/sbin/sendmail
newaliases_path = /usr/bin/newaliases
mailq_path = /usr/bin/mailq
setgid_group = postdrop
manpage_directory = /usr/local/man
sample_directory = /etc/postfix
readme_directory = no
html_directory = no
====================================================================================================================
/etc/postfix/master.cf
====================================================================================================================
#==============================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
#==============================================================================
#This is the before-filter smtpd...it passes content to amavisd on port 10024

smtp inet n - y - - smtpd
pickup fifo n - y 60 1 pickup
cleanup unix n - y - 0 cleanup
qmgr fifo n - y 300 1 qmgr
rewrite unix - - y 300 - trivial-rewrite
bounce unix - - y - 0 bounce
defer unix - - y - 0 bounce
flush unix n - y 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - y - - smtp
relay unix - - y - - smtp
showq unix n - y - - showq
error unix - - y - - error
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - y - - lmtp
# trace unix - - y - 0 bounce
# verify unix - - y - 1 verify

# This is the after-filter smtpd, it listens on port 10025 to receive mail from amavisd
smtp-amavis unix - - y - 8 smtp
-o smtp_data_done_timeout=1200
-o disable_dns_lookups=yes
127.0.0.1:10025 inet n - y - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o receive_override_options=no_unknown_recipient_checks
============================================================================================

还差日志统计分析等程序了：）