| 订阅 | 在线投稿
分享
 
 
 

基于Sendmail和Perl的邮件附件过滤系统

2008-05-18 22:12:25 编辑來源:互联网 国际版 评论
 
 
本文为【基于Sendmail和Perl的邮件附件过滤系统】的汉字拼音对照版显示拼音
  yi qianyan

  suizheemailzaiqiyeli广guangfan使shiyongtayijingchengweichuanbobingdudezuizhuyaodeshouduanbaohuqiye

  yonghumianshoukenengdaibingdudeyoujianfujiandeganranyouqishikezhixingwenjiandeyoujianfujianwomen

  xuyaoguolvnaxiekenengdaiyoubingdudefujiandeyoujiandangqianzhuyaodezuofashizaiSendmailba

  youjiansongdaoyonghuxinxiangqianyouProcmailjinxingguolvdanshigenghaodefangfashizaiSMTPchuansongqijian

  youSendmailbenshenjinxingguolvbenwenjiushichongdianzaiyujiangshuruhe使shiyongSendmailzaiSMTP

  chuanshuqijianjinxingguolv

  er jiyuSendmaildeguolvqideyoudian

  jiaozhiyuchuantongdeProcmaildeyoujianguolvqijiyuSendmaildeyouruxiayoudian

  1) duimeifengyoujianguolvyicierbushiduimeigejieshouzheguolvyici(chuantongdejiyuProcmaildezuofa)

  2) ruguoanzhuangzaiqiyedezhuyoujianfuwuqishangkeyizaidiyidaorukoujujuejinlaidedaiyoukezhixingfujiandeyoujian

  3) keyiliyonginternetshangyoujingyandechengxuyuanxiedeguolvchengxuerbushizijixiedeProcmailguolvchengxu

  4) keyifangzhiqiyeneibuyonghufachukezhixingdefujiandeyoujiangeiwaibuyonghuchengweihaodeinternetgongmin

  san suoxuruanjian

  womenxuanyongkaifangyuandejiyuSendmailhePerlyuyandeMIMEDefang guolvxitongtaliyong

  zuixinbanbenSendmailtigongdemail filter APIqie使shiyongPerlyuyanxiedechengxuheguolvguize

  qizhuyezai

  http://www.roaringpenguin.com/mimedefang/

  si buzhou

  a. xiazaisuoxudexiangguanruanjian

  yitaizhengzaigongzuodeLinuxfuwuqi (zheliwoyongdeshiRedhat 7.2)

  Perl 5.001huozhegenggao (Redhat 7.2yijingdaiyou)

  sigesuoxudePerlfujiamokuai

  MIME-tools-5.410.tar.gz

  IO-stringy-1.212.tar.gz

  MIME-Base64-2.11.tar.gz

  MailTools-1.1401.tar.gz

  Sendmail 8.12.1

  MIMEDefang 2.1

  b. bianyibinganzhuangsigePerlmokuai

  zhijiejinrumeigemuluyunxing perl Makefile.PL;make;make test;make install jike

  cd /root

  for i in ./*;do tar xvfz $i;done

  cd meigexiangyingdemokuaimulu

  perl Makefile.PL

  make

  make test (quebaoniceshichenggong)

  make install

  c. bianyiSendmailjiaruMILTERzhichi

  fangxiamiandexingzai devtools/Site/site.config.m4 (yongVIchuangjiangaiwenjian)

  APPENDDEF(`conf_sendmail_ENVDEF',`-DMILTER')

  quebaobianyiguochengzhongkandaoSendmaildaishenshu -DMILTER jinxingbianyi

  xindeSendmailbanbenjiaqiangleanquanxingbuzaiyunxingyisuid,xuyaoshezhiyonghuminghezumingsmmsp,

  zai/etc/passwdzhongjiaruxiamiandexing

  smmsp:x:25:25:Sendmail:/:

  zai/etc/groupzhongjiaruxiamiandexing

  smmsp:x:25:

  cd /root/sendmail-8.12.1

  cd sendmail

  sh Build

  cd ../cf/cf

  cp generic-linux.mc sendmail.mc

  vi sendmail.mc (qiefangxiamiandexingdaogaiwenjianzhong)

  define(`confPRIVACY_FLAGS', `authwarnings,needmailhelo,novrfy,noexpn,restrictqrun')dnl

  INPUT_MAIL_FILTER(`mimedefang', `S=unix:/var/run/mimedefang.sock, F=T, T=S:60s;R:60s;E:5m')

  FEATURE(`smrsh',`/usr/sbin/smrsh')dnl

  FEATURE(`mailertable',`hash -o /etc/mail/mailertable.db')dnl

  FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable.db')dnl

  FEATURE(`access_db')dnl

  FEATURE(redirect)dnl

  FEATURE(always_add_domain)dnl

  FEATURE(use_cw_file)dnl

  FEATURE(use_ct_file)dnl

  FEATURE(local_procmail,`',`procmail -t -Y -a $h -d $u')dnl

  MAILER(smtp)dnl

  MAILER(procmail)dnl

  Cwlocalhost.localdomain

  qizhong INPUT_MAIL_FILTERxingshiMIMEDefangsuobixude

  sh Build sendmail.cf

  sh Build install-cf

  cd ../..

  cd sendmail

  sh Build install

  cd ../libmilter

  sh Build install (chuangjianlibmilterkuwenjiangongMIMEDefang使shiyong)

  duiqitadegezhongyingyongchengxumulutongyangyongsh Build installanzhuang

  d. bianyiMIMEDefang

  cd sendmail-8.12.1

  mkdir -p /usr/local/include/sendmail

  cp -R include/* /usr/local/include/sendmail

  cp -R sendmail/*.h /usr/local/include/sendmail

  mkdir -p /usr/local/lib

  cp obj.Linux.2.4.9-7smp.i686/*/*.a /usr/local/lib

  zhuyongnideobj.Linux.xxxxxpingtaidewenjiandaitishangmiandeobj.Linux.2.4.9-7smp.i686

  cd mimedefang-2.1

  ./configure

  make

  make install

  e. shezhiguolvqiguize

  zaimimedefang-2.1/examplexiamianyougezhongyudingyideguizenixuyaokaobeiyigedao

  /etc/mimedefang-filter

  xiamianshiwoyongdeguize

  wokaobeilesuggested-minimum-filter-for-windows-clientsdao/etc/mailxiaqiegaichengxiamiande

  $Administrator = 'itsecurity@yourdomain.com';

  $DaemonAddress = 'itsecurity@yourdomain.com';

  $Stupidity{"flatten"} = 0;

  $Stupidity{"NoMultipleInlines"} = 0;

  sub filter_begin {

  }

  sub filter {

  my($entity, $fname, $ext, $type) = @_;

  if (re_match_ext($entity, '^\.(exe|com|bat|vbs|scr|shs|dll|vxd|pif|reg|ocx)$')) {

  action_discard();

  action_notify_sender("Your message with attachment '$fname' had been deleted by our mail server because of security issue\n");

  return action_quarantine($entity, "The message with attchment '$fname' was deleted by mail server.");

  }

  return action_accept();

  }

  1;

  shangmiandeguolvguizebiaoshishanchudaishangmiansuoliechudekuozhanmingdeyoujianqietongzhifasongzheyoujianbeishanchu

  jieshouqitasuoyoudeyoujianwoyegenggai/usr/local/bin/mimedefang.plwenjianyizhibuyao

  baoliuyoujianfujianzai/var/spool/MIMEDefangmuluzhonggaiwenjianyouxiangxideziwojieshi

  qingbianjigaiwenjianqudiaobaoliuyifenbeishanchuyoujianfujianzaiyingpanshangdebufen

  f. qidongxitongbingceshi

  jiandandikaobeiexamplemuluxiadeweiredhaterxiederedhat-sendmail-init-scriptdao

  /etc/rc.d/init.d/sendmailbingqiegenggaiSendmailqidongbufenwei

  /usr/sbin/sendmail -L sm-mta -bd -q30m

  /usr/sbin/sendmail -L sm-msp-queue -Ac -q30m

  ruguonideyoujianfuwuqimeitianxuyaochulichengqianshangwandeyoujianzekaolvkaobeilingyigejiaoben

  redhat-sendmail-init-script-with-multiplexordao/etc/rc.d/init.d/sendmail

  jiakuaichulisudu

  zuihouyong/etc/rc.d/init.d/sendmail startqidongsendmailfasongdai.exedefujianjinxingceshi原文
 
 
  一 前言:   随着email在企业里广泛使用,它已经成为传播病毒的最主要的手段,保护企业   用户免受可能带病毒的邮件附件的感染,尤其是可执行文件的邮件附件,我们   需要过滤那些可能带有病毒的附件的邮件,当前主要的做法是在Sendmail把   邮件送到用户信箱前由Procmail进行过滤,但是更好的方法是在SMTP传送期间   由Sendmail本身进行过滤,本文就是重点在于讲述如何使用Sendmail在SMTP   传输期间进行过滤。   二 基于Sendmail的过滤器的优点   较之于传统的Procmail的邮件过滤器,基于Sendmail的有如下优点:   1) 对每封邮件过滤一次,而不是对每个接收者过滤一次(传统的基于Procmail的做法)。   2) 如果安装在企业的主邮件服务器上,可以在第一道入口拒绝进来的带有可执行附件的邮件。   3) 可以利用internet上有经验的程序员写的过滤程序,而不是自己写的Procmail过滤程序。   4) 可以防止企业内部用户发出可执行的附件的邮件给外部用户,成为好的internet公民。   三 所需软件   我们选用开放源的基于Sendmail和Perl语言的MIMEDefang 过滤系统,它利用   最新版本Sendmail提供的mail filter API且使用Perl语言写的程序和过滤规则。   其主页在:   http://www.roaringpenguin.com/mimedefang/   四 步骤   a. 下载所需的相关软件   一台正在工作的Linux服务器 (这里我用的是Redhat 7.2)   Perl 5.001或者更高 (Redhat 7.2已经带有)   四个所需的Perl附加模块   MIME-tools-5.410.tar.gz   IO-stringy-1.212.tar.gz   MIME-Base64-2.11.tar.gz   MailTools-1.1401.tar.gz   Sendmail 8.12.1   MIMEDefang 2.1   b. 编译并安装四个Perl模块   直接进入每个目录运行 perl Makefile.PL;make;make test;make install 即可。   cd /root   for i in ./*;do tar xvfz $i;done   cd 每个相应的模块目录   perl Makefile.PL   make   make test (确保你测试成功)   make install   c. 编译Sendmail加入MILTER支持   放下面的行在 devtools/Site/site.config.m4 (用VI创建该文件)   APPENDDEF(`conf_sendmail_ENVDEF',`-DMILTER')   确保编译过程中看到Sendmail带参数 -DMILTER 进行编译。   新的Sendmail版本加强了安全性,不再运行以suid,需要设置用户名和组名smmsp,   在/etc/passwd中加入下面的行:   smmsp:x:25:25:Sendmail:/:   在/etc/group中加入下面的行:   smmsp:x:25:   cd /root/sendmail-8.12.1   cd sendmail   sh Build   cd ../cf/cf   cp generic-linux.mc sendmail.mc   vi sendmail.mc (且放下面的行到该文件中)   define(`confPRIVACY_FLAGS', `authwarnings,needmailhelo,novrfy,noexpn,restrictqrun')dnl   INPUT_MAIL_FILTER(`mimedefang', `S=unix:/var/run/mimedefang.sock, F=T, T=S:60s;R:60s;E:5m')   FEATURE(`smrsh',`/usr/sbin/smrsh')dnl   FEATURE(`mailertable',`hash -o /etc/mail/mailertable.db')dnl   FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable.db')dnl   FEATURE(`access_db')dnl   FEATURE(redirect)dnl   FEATURE(always_add_domain)dnl   FEATURE(use_cw_file)dnl   FEATURE(use_ct_file)dnl   FEATURE(local_procmail,`',`procmail -t -Y -a $h -d $u')dnl   MAILER(smtp)dnl   MAILER(procmail)dnl   Cwlocalhost.localdomain   其中 INPUT_MAIL_FILTER行是MIMEDefang所必需的。   sh Build sendmail.cf   sh Build install-cf   cd ../..   cd sendmail   sh Build install   cd ../libmilter   sh Build install (创建libmilter库文件供MIMEDefang使用)   对其它的各种应用程序目录,同样用sh Build install安装。   d. 编译MIMEDefang   cd sendmail-8.12.1   mkdir -p /usr/local/include/sendmail   cp -R include/* /usr/local/include/sendmail   cp -R sendmail/*.h /usr/local/include/sendmail   mkdir -p /usr/local/lib   cp obj.Linux.2.4.9-7smp.i686/*/*.a /usr/local/lib   注:用你的obj.Linux.xxxxx平台的文件代替上面的obj.Linux.2.4.9-7smp.i686   cd mimedefang-2.1   ./configure   make   make install   e. 设置过滤器规则   在mimedefang-2.1/example下面有各种预定义的规则,你需要拷贝一个到   /etc/mimedefang-filter   下面是我用的规则。   我拷贝了suggested-minimum-filter-for-windows-clients到/etc/mail下且改成下面的   $Administrator = 'itsecurity@yourdomain.com';   $DaemonAddress = 'itsecurity@yourdomain.com';   $Stupidity{"flatten"} = 0;   $Stupidity{"NoMultipleInlines"} = 0;   sub filter_begin {   }   sub filter {   my($entity, $fname, $ext, $type) = @_;   if (re_match_ext($entity, '^\.(exe|com|bat|vbs|scr|shs|dll|vxd|pif|reg|ocx)$')) {   action_discard();   action_notify_sender("Your message with attachment '$fname' had been deleted by our mail server because of security issue\n");   return action_quarantine($entity, "The message with attchment '$fname' was deleted by mail server.");   }   return action_accept();   }   1;   上面的过滤规则表示删除带上面所列出的扩展名的邮件且通知发送者邮件被删除,   接收其它所有的邮件。我也更改/usr/local/bin/mimedefang.pl文件以致不要   保留邮件附件在/var/spool/MIMEDefang目录中,该文件有详细的自我解释,   请编辑该文件去掉保留一份被删除邮件附件在硬盘上的部分。   f. 启动系统并测试   简单地拷贝example目录下的为redhat而写的redhat-sendmail-init-script到   /etc/rc.d/init.d/sendmail并且更改Sendmail启动部分为   /usr/sbin/sendmail -L sm-mta -bd -q30m   /usr/sbin/sendmail -L sm-msp-queue -Ac -q30m   如果你的邮件服务器每天需要处理成千上万的邮件,则考虑拷贝另一个脚本   redhat-sendmail-init-script-with-multiplexor到/etc/rc.d/init.d/sendmail,   加快处理速度。   最后用/etc/rc.d/init.d/sendmail start启动sendmail,发送带.exe的附件进行测试。
󰈣󰈤
日版宠物情人插曲《Winding Road》歌词

日版宠物情人2017的插曲,很带节奏感,日语的,女生唱的。 最后听见是在第8集的时候女主手割伤了,然后男主用嘴帮她吸了一下,插曲就出来了。 歌手:Def...

兄弟共妻,我成了他们夜里的美食

老钟家的两个儿子很特别,就是跟其他的人不太一样,魔一般的执着。兄弟俩都到了要结婚的年龄了,不管自家老爹怎么磨破嘴皮子,兄弟俩说不娶就不娶,老父母为兄弟两操碎了心...

网络安全治理:国家安全保障的主要方向是打击犯罪,而不是处置和惩罚受害者

来源:中国青年报 新的攻击方法不断涌现,黑客几乎永远占据网络攻击的上风,我们不可能通过技术手段杜绝网络攻击。国家安全保障的主要方向是打击犯罪,而不是处置和惩罚...

 
 
 
>>返回首页<<
 为你推荐
 
 
 
 转载本文
 UBB代码 HTML代码
复制到剪贴板...
 
 
 热帖排行
 
清纯得让人窒息(7)
清纯得让人窒息(6)
天泽海韵宣传片
赣州文庙
 
 
王朝网络微信公众号
微信扫码关注本站公众号wangchaonetcn
 
  免责声明:本文仅代表作者个人观点,与王朝网络无关。王朝网络登载此文出于传递更多信息之目的,并不意味着赞同其观点或证实其描述,其原创性以及文中陈述文字和内容未经本站证实,对本文以及其中全部或者部分内容、文字的真实性、完整性、及时性本站不作任何保证或承诺,请读者仅作参考,并请自行核实相关内容。
 
 
©2005- 王朝网络 版权所有