How to set up MailScanner, Clam Antivirus and SpamAssassin in CentOS mail server

Last updated on March 10, 2014 Authored by Sarmed Rahman 5 Comments

This tutorial will focus on setting up MailScanner along with Clam Antivirus and SpamAssassin in a CentOS system. The procedure should work on RHEL as well. If you are interested in setting up this system on Ubuntu, refer to this tutorial instead.

Preparing the System

Before we start doing anything, it should be mentioned that SELinux is disabled on CentOS. Configuring SELinux for MailScanner is beyond the scope of this tutorial. It is also necessary to add Repoforge repository on CentOS.

Installing Dependencies

yum is used to install packages that are required for MailScanner. The list is long, but fortunately yum can resolve all the dependencies.

# yum install -y yum-utils gcc cpp perl bzip2 zip unrar make patch automake rpm-build perl-Archive-Zip perl-Filesys-Df perl-OLE-Storage_Lite perl-Sys-Hostname-Long perl-Sys-SigAction perl-Net-CIDR perl-DBI perl-MIME-tools perl-DBD-SQLite binutils glibc-devel perl-Filesys-Df zlib zlib-devel wget mlocate

Installing ClamAV and SpamAssassin

yum can be used to install ClamAV and SpamAssassin as well. The following few steps cover how to install and prepare them.

# yum install clamav spamassassin

Update ClamAV.

# freshclam -v

Update and start SpamAssassin.

# sa-update

# service spamassassin start

# chkconfig spamassassin on

Fix a path to MailScanner by creating a symbolic link.

# ln -s /usr/bin/freshclam /usr/local/bin/freshclam

Configuring Postfix

Postfix is stopped and disabled on start-up. Postfix should not auto-start because the MailScanner service will be responsible for invoking Postfix whenever necessary.

# service postfix stop

# chkconfig postfix off

Postfix header_checks is used to hold any incoming email that Postfix receives. MailScanner performs checks on the emails held in a queue.

# vim /etc/postfix/main.cf

## This line is added ## header_checks = regexp:/etc/postfix/header_checks

# vim /etc/postfix/header_checks

## This line is added ## /^Received:/ HOLD

Preparing MailScanner

https://www.mailscanner.info/downloads/

https://www.mailscanner.info/postfix/

MailScanner is not yet available in CentOS or Repoforge repositories. We will download packages from the official MailScanner site and install it.

# wget https://s3.amazonaws.com/mailscanner/release/v4/rpm/MailScanner-4.85.2-3.rpm.tar.gz

Now we will extract and install the packages. The installation will take some time, so you can take a break if you want.

----------------------------------------------------

# tar zxvf MailScanner-4.85.2-3.rpm.tar.gz

# cd MailScanner-4.85.2-3

# ./install

OR

rpm-ivh mailscanner-4.85.2-3.noarch.rpm

After installation, the directories necessary for SpamAssassin are created and permissions are modified.

# mkdir /var/spool/MailScanner/spamassassin

# chown postfix /var/spool/MailScanner/spamassassin

# chown postfix /var/spool/MailScanner/incoming/*

Next, the configuration file for MailScanner is backed up and then modified.

# vim /etc/MailScanner/MailScanner.conf

%org-name% = test CentOS Mail Server %org-long-name% = ORGFULLNAME %web-site% = ORG WEBSITE  Run As User = postfix Run As Group = postfix MTA = postfix  Incoming Queue Dir = /var/spool/postfix/hold Outgoing Queue Dir = /var/spool/postfix/incoming  Virus Scanners = clamav  ## please check /etc/MailScanner/spam.lists.conf for more details ## Spam List = SBL+XBL  ## the directory created earlier ## SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin

At this point, MailScanner is ready. We can initialize the service.

Debug MailScanner stats before firing up.

#/etc/init.d/MailScanner restart

# MailScanner -lint

# service MailScanner start

# chkconfig MailScanner on

Verifying MailScanner Operation

After MailScanner has been deployed, the events that take place behind the scenes can be viewed in /var/log/maillog. The following log snippet shows the sample activities while a mail is processed by Postfix.

# tailf /var/log/maillog

Mar  8 03:12:15 centos postfix/pickup[15865]: 79F6D1391: uid=0 from= Mar  8 03:12:15 centos postfix/cleanup[15871]: 79F6D1391: hold: header Received: by mail.example.tst (Postfix, from userid 0)??id 79F6D1391; Sat,  8 Mar 2014 03:12:15 +0600 (BDT) from local; from= to= Mar  8 03:12:15 centos postfix/cleanup[15871]: 79F6D1391: message-id=<20140307211215.79F6D1391@mail.example.tst> Mar  8 03:12:16 centos MailScanner[15832]: New Batch: Scanning 1 messages, 668 bytes Mar  8 03:12:16 centos MailScanner[15832]: Virus and Content Scanning: Starting Mar  8 03:12:22 centos MailScanner[15832]: Requeue: 79F6D1391.AA526 to 0FA2E139C Mar  8 03:12:22 centos MailScanner[15832]: Uninfected: Delivered 1 messages Mar  8 03:12:22 centos postfix/qmgr[15866]: 0FA2E139C: from=, size=442, nrcpt=1 (queue active) Mar  8 03:12:22 centos MailScanner[15832]: Deleted 1 messages from processing-database Mar  8 03:12:22 centos postfix/local[15897]: 0FA2E139C: to=, relay=local, delay=6.8, delays=6.7/0.01/0/0.07, dsn=2.0.0, status=sent (delivered to mailbox) Mar  8 03:12:22 centos postfix/qmgr[15866]: 0FA2E139C: removed

If Error

Oct 1 23:12:43 mail postfix/cleanup[5182]: 7F672438C3: message-id=<20151001171243.7F672438C3@mail.worldcm.com> Oct 1 23:12:43 mail postfix/qmgr[4591]: 7F672438C3: from=<>, size=3339, nrcpt=1 (queue active) Oct 1 23:12:43 mail postfix/local[5480]: warning: maildir access problem for UID/GID=89/89: create maildir file /var/spool/postfix/Maildir/tmp/1443719563.P5480.mail.worldcm.com: Permission denied

Oct  1 23:12:43 mail postfix/local[5480]: 7F672438C3: to=<postfix@worldcm.com>, orig_to=<root@mail.worldcm.com>, relay=local, delay=0.01, delays=0/0/0/0, dsn=5.2.0, status=bounced (maildir delivery failed: create maildir file /var/spool/postfix/Maildir/tmp/1443719563.P5480.mail.worldcm.com: Permission denied)

[root@mail]# cd /var/spool/postfix

[root@mail]# mkdir Maildir

[root@mail]# cd Maildir/

[root@mail]# mkdir tmp

[root@mail]# cd ..

[root@mail]# chown -R postfix:postfix Maildir

[root@mail]# chmod 777 Maildir

The above process can be summarized as:

1. As instructed, Postfix holds the mail upon receipt.

2. MailScanner swoops in and scans the email in queue.

3. MailScanner re queues the email and hands it over back to Postfix.

4. Postfix processes the email as necessary and delivers the mail to recipient.

On a finishing note, MailScanner is a very powerful tool for providing necessary security to a mail server. It can protect the mail server from malware for both incoming and outgoing mails. It is a must for any email server deployed in production environment.

This tutorial covered setting up MailScanner with basic configuration. The parameters of MailScanner as well as SpamAssassin and ClamAV can be customized to meet the requirements of the production environment.

Hope this helps.

##############################################################################################################

Configuring MailScanner

1. Edit the file /etc/MailScanner/virus.scanners.conf and change the path of clamav to /usr.

2. Edit the file /etc/MailScanner/MailScanner.conf and update the lines below.

%org-name% = your organization name %org-long-name% = your full organization name %web-site% = your mail support website or company website Run As User = postfix Run As Group = postfix Incoming Queue Dir = /var/spool/postfix/hold Outgoing Queue Dir = /var/spool/postfix/incoming MTA = postfix Incoming Work Group = clam Incoming Work Permissions = 0640 Virus Scanners = clamd Clamd Socket = /var/run/clamav/clamd.sock Use SpamAssassin = yes SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin

3. Setup the necessary directories using the commands below.

cd /var/spool/MailScanner/ mkdir spamassassin chown -R postfix.clam * chmod -R 750 * restorecon -R ../MailScanner/

4.Mailscanner - Change the added footer

# vi /etc/MailScanner/reports/en/inline.sig.txt

This message has been scanned for viruses and

dangerous content by AccessTEL MailScanner, and is

believed to be clean. www.accesstel.net

Do somebody know how to remove this message at the bottom of the email that we received after that Mailscanner scan ?

look in mailscanner.conf

mine is around line 1205

Code:

# If this is "no", then (as far as possible) messages which have already # been processed by another MailScanner server will not have the clean # signature added to the message. This prevents messages getting many # copies of the signature as they flow through your site. # This can also be the filename of a ruleset.   Sign Messages Already Processed = no  # Add the "Inline HTML Signature" or "Inline Text Signature" to the end # of uninfected messages? # This can also be the filename of a ruleset.   Sign Clean Messages = no

-----------------------------------------------

Re: How do I stop Warning email sent back about viruses

In /etc/MailScanner/MailScanner.conf change this line as follows to disable these notifications....

Notify Senders = no

chkconfig postfix off chkconfig clamd on chkconfig MailScanner on service postfix stop service clamd start service MailScanner start

-----------------------------------------------------------------------------------------------------

Problem

ERROR: Can't open /var/log/clamav/freshclam.log in append mode (check permissions!).

ERROR: Problem with internal logger (UpdateLogFile = /var/log/clamav/freshclam.log).

chown -R clamav:clamav /var/log/clamav/clamd.log touch clamav:clamav /var/log/clamav/clamd.log chown -R clamav:clamav /var/log/clamav/freshclam.log touch clamav:clamav /var/log/clamav/freshclam.log

AND

touch clamav:clamav /var/log/clamav/clamd.log chown -R clamav:clamav /var/log/clamav/clamd.log touch clamav:clamav /var/log/clamav/freshclam.log chown -R clamav:clamav /var/log/clamav/freshclam.log

_-----------------------------------------------____________-------------------------

How to set up MailScanner, Clam Antivirus and SpamAssassin in CentOS 6.5