Clam-Spam-Mail
Last updated on March 10, 2014 Authored by Sarmed Rahman 5 Comments
This tutorial will focus on setting up MailScanner along with Clam Antivirus and SpamAssassin in a CentOS system. The procedure should work on RHEL as well. If you are interested in setting up this system on Ubuntu, refer to this tutorial instead.
Preparing the System
Before we start doing anything, it should be mentioned that SELinux is disabled on CentOS. Configuring SELinux for MailScanner is beyond the scope of this tutorial. It is also necessary to add Repoforge repository on CentOS.
Installing Dependencies
yum is used to install packages that are required for MailScanner. The list is long, but fortunately yum can resolve all the dependencies.
# yum install -y yum-utils gcc cpp perl bzip2 zip unrar make patch automake rpm-build perl-Archive-Zip perl-Filesys-Df perl-OLE-Storage_Lite perl-Sys-Hostname-Long perl-Sys-SigAction perl-Net-CIDR perl-DBI perl-MIME-tools perl-DBD-SQLite binutils glibc-devel perl-Filesys-Df zlib zlib-devel wget mlocate
Installing ClamAV and SpamAssassin
yum can be used to install ClamAV and SpamAssassin as well. The following few steps cover how to install and prepare them.
# yum install clamav spamassassin
Update ClamAV.
# freshclam -v
Update and start SpamAssassin.
# sa-update
# service spamassassin start
# chkconfig spamassassin on
Fix a path to MailScanner by creating a symbolic link.
# ln -s /usr/bin/freshclam /usr/local/bin/freshclam
Configuring Postfix
Postfix is stopped and disabled on start-up. Postfix should not auto-start because the MailScanner service will be responsible for invoking Postfix whenever necessary.
# service postfix stop
# chkconfig postfix off
Postfix header_checks is used to hold any incoming email that Postfix receives. MailScanner performs checks on the emails held in a queue.
# vim /etc/postfix/main.cf
## This line is added ## header_checks = regexp:/etc/postfix/header_checks
# vim /etc/postfix/header_checks
## This line is added ## /^Received:/ HOLD
Preparing MailScanner
https://www.mailscanner.info/downloads/
https://www.mailscanner.info/postfix/
MailScanner is not yet available in CentOS or Repoforge repositories. We will download packages from the official MailScanner site and install it.
# wget https://s3.amazonaws.com/mailscanner/release/v4/rpm/MailScanner-4.85.2-3.rpm.tar.gz
Now we will extract and install the packages. The installation will take some time, so you can take a break if you want.
----------------------------------------------------
# tar zxvf MailScanner-4.85.2-3.rpm.tar.gz
# cd MailScanner-4.85.2-3
# ./install
OR
rpm-ivh mailscanner-4.85.2-3.noarch.rpm
After installation, the directories necessary for SpamAssassin are created and permissions are modified.
# mkdir /var/spool/MailScanner/spamassassin
# chown postfix /var/spool/MailScanner/spamassassin
# chown postfix /var/spool/MailScanner/incoming/*
Next, the configuration file for MailScanner is backed up and then modified.
# vim /etc/MailScanner/MailScanner.conf
%org-name% = test CentOS Mail Server %org-long-name% = ORGFULLNAME %web-site% = ORG WEBSITE Run As User = postfix Run As Group = postfix MTA = postfix Incoming Queue Dir = /var/spool/postfix/hold Outgoing Queue Dir = /var/spool/postfix/incoming Virus Scanners = clamav ## please check /etc/MailScanner/spam.lists.conf for more details ## Spam List = SBL+XBL ## the directory created earlier ## SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin
At this point, MailScanner is ready. We can initialize the service.
Debug MailScanner stats before firing up.
#/etc/init.d/MailScanner restart
# MailScanner -lint
# service MailScanner start
# chkconfig MailScanner on
Verifying MailScanner Operation
After MailScanner has been deployed, the events that take place behind the scenes can be viewed in /var/log/maillog. The following log snippet shows the sample activities while a mail is processed by Postfix.
# tailf /var/log/maillog
Mar 8 03:12:15 centos postfix/pickup[15865]: 79F6D1391: uid=0 from= Mar 8 03:12:15 centos postfix/cleanup[15871]: 79F6D1391: hold: header Received: by mail.example.tst (Postfix, from userid 0)??id 79F6D1391; Sat, 8 Mar 2014 03:12:15 +0600 (BDT) from local; from= to= Mar 8 03:12:15 centos postfix/cleanup[15871]: 79F6D1391: message-id=<20140307211215.79F6D1391@mail.example.tst> Mar 8 03:12:16 centos MailScanner[15832]: New Batch: Scanning 1 messages, 668 bytes Mar 8 03:12:16 centos MailScanner[15832]: Virus and Content Scanning: Starting Mar 8 03:12:22 centos MailScanner[15832]: Requeue: 79F6D1391.AA526 to 0FA2E139C Mar 8 03:12:22 centos MailScanner[15832]: Uninfected: Delivered 1 messages Mar 8 03:12:22 centos postfix/qmgr[15866]: 0FA2E139C: from=, size=442, nrcpt=1 (queue active) Mar 8 03:12:22 centos MailScanner[15832]: Deleted 1 messages from processing-database Mar 8 03:12:22 centos postfix/local[15897]: 0FA2E139C: to=, relay=local, delay=6.8, delays=6.7/0.01/0/0.07, dsn=2.0.0, status=sent (delivered to mailbox) Mar 8 03:12:22 centos postfix/qmgr[15866]: 0FA2E139C: removed
If Error
Oct 1 23:12:43 mail postfix/cleanup[5182]: 7F672438C3: message-id=<20151001171243.7F672438C3@mail.worldcm.com> Oct 1 23:12:43 mail postfix/qmgr[4591]: 7F672438C3: from=<>, size=3339, nrcpt=1 (queue active) Oct 1 23:12:43 mail postfix/local[5480]: warning: maildir access problem for UID/GID=89/89: create maildir file /var/spool/postfix/Maildir/tmp/1443719563.P5480.mail.worldcm.com: Permission denied
Oct 1 23:12:43 mail postfix/local[5480]: 7F672438C3: to=<postfix@worldcm.com>, orig_to=<root@mail.worldcm.com>, relay=local, delay=0.01, delays=0/0/0/0, dsn=5.2.0, status=bounced (maildir delivery failed: create maildir file /var/spool/postfix/Maildir/tmp/1443719563.P5480.mail.worldcm.com: Permission denied)
[root@mail]# cd /var/spool/postfix
[root@mail]# mkdir Maildir
[root@mail]# cd Maildir/
[root@mail]# mkdir tmp
[root@mail]# cd ..
[root@mail]# chown -R postfix:postfix Maildir
[root@mail]# chmod 777 Maildir
The above process can be summarized as:
As instructed, Postfix holds the mail upon receipt.
MailScanner swoops in and scans the email in queue.
MailScanner re queues the email and hands it over back to Postfix.
Postfix processes the email as necessary and delivers the mail to recipient.
On a finishing note, MailScanner is a very powerful tool for providing necessary security to a mail server. It can protect the mail server from malware for both incoming and outgoing mails. It is a must for any email server deployed in production environment.
This tutorial covered setting up MailScanner with basic configuration. The parameters of MailScanner as well as SpamAssassin and ClamAV can be customized to meet the requirements of the production environment.
Hope this helps.
##############################################################################################################
Configuring MailScanner
1. Edit the file /etc/MailScanner/virus.scanners.conf and change the path of clamav to /usr.
2. Edit the file /etc/MailScanner/MailScanner.conf and update the lines below.
%org-name% = your organization name %org-long-name% = your full organization name %web-site% = your mail support website or company website Run As User = postfix Run As Group = postfix Incoming Queue Dir = /var/spool/postfix/hold Outgoing Queue Dir = /var/spool/postfix/incoming MTA = postfix Incoming Work Group = clam Incoming Work Permissions = 0640 Virus Scanners = clamd Clamd Socket = /var/run/clamav/clamd.sock Use SpamAssassin = yes SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin
3. Setup the necessary directories using the commands below.
cd /var/spool/MailScanner/ mkdir spamassassin chown -R postfix.clam * chmod -R 750 * restorecon -R ../MailScanner/
4.Mailscanner - Change the added footer
# vi /etc/MailScanner/reports/en/inline.sig.txt
This message has been scanned for viruses and
dangerous content by AccessTEL MailScanner, and is
believed to be clean. www.accesstel.net
Do somebody know how to remove this message at the bottom of the email that we received after that Mailscanner scan ?
look in mailscanner.conf
mine is around line 1205
Code:
# If this is "no", then (as far as possible) messages which have already # been processed by another MailScanner server will not have the clean # signature added to the message. This prevents messages getting many # copies of the signature as they flow through your site. # This can also be the filename of a ruleset. Sign Messages Already Processed = no # Add the "Inline HTML Signature" or "Inline Text Signature" to the end # of uninfected messages? # This can also be the filename of a ruleset. Sign Clean Messages = no
-----------------------------------------------
Re: How do I stop Warning email sent back about viruses
In /etc/MailScanner/MailScanner.conf change this line as follows to disable these notifications....
Notify Senders = no
chkconfig postfix off chkconfig clamd on chkconfig MailScanner on service postfix stop service clamd start service MailScanner start
-----------------------------------------------------------------------------------------------------
Problem
ERROR: Can't open /var/log/clamav/freshclam.log in append mode (check permissions!).
ERROR: Problem with internal logger (UpdateLogFile = /var/log/clamav/freshclam.log).
chown -R clamav:clamav /var/log/clamav/clamd.log touch clamav:clamav /var/log/clamav/clamd.log chown -R clamav:clamav /var/log/clamav/freshclam.log touch clamav:clamav /var/log/clamav/freshclam.log
AND
touch clamav:clamav /var/log/clamav/clamd.log chown -R clamav:clamav /var/log/clamav/clamd.log touch clamav:clamav /var/log/clamav/freshclam.log chown -R clamav:clamav /var/log/clamav/freshclam.log
_-----------------------------------------------____________-------------------------
How to set up MailScanner, Clam Antivirus and SpamAssassin in CentOS 6.5
Preparing the System
Before we start doing anything, it should be mentioned that SELinux is disabled on CentOS. It is also necessary to add Repoforge repository on CentOS
Install EPEL Repository:We will use Squirrelmail for webmail client. Squirrelmail will not be found on CentOS official repositories, so let us enable EPEL repository. Follow the below link to install and enable EPEL repository.
## RHEL/CentOS 6 32-Bit ##
# wget http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm
# rpm -ivh epel-release-6-8.noarch.rpm
## RHEL/CentOS 6 64-Bit ##
# wget http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
# rpm -ivh epel-release-6-8.noarch.rpm
Installing Dependencies
yum is used to install packages that are required for MailScanner. The list is long, but fortunately yum can resolve all the dependencies.
# yum install gcc cpp perl bzip2 zip unrar make patch automake rpm-build perl-DBI perl-IME-tools perl-DBD-SQLite binutils glibc-devel perl-Filesys-Df zlib zlib-devel -y
OR
# yum install -y yum-utils gcc cpp perl bzip2 zip unrar make patch automake rpm-build perl-Archive-Zip perl-Filesys-Df perl-OLE-Storage_Lite perl-Sys-Hostname-Long perl-Sys-SigAction perl-Net-CIDR perl-DBI perl-MIME-tools perl-DBD-SQLite binutils glibc-devel perl-Filesys-Df zlib zlib-devel wget mlocate
Installing ClamAV and SpamAssassin
yum can be used to install ClamAV and SpamAssassin as well. The following few steps cover how to install and prepare them.
# yum install clamav spamassassin
Update ClamAV.
# freshclam -v
Update and start SpamAssassin.
# sa-update
# service spamassassin start
# chkconfig spamassassin on
#/etc/init.d/spamassassin restart
# service clamd start
# chkconfig clamd on
Fix a path to MailScanner by creating a symbolic link.
# ln -s /usr/bin/freshclam /usr/local/bin/freshclam
Configuring Postfix
Postfix header_checks is used to hold any incoming email that Postfix receives. MailScanner performs checks on the emails held in a queue.
# vim /etc/postfix/main.cf
## This line is added ##
header_checks = regexp:/etc/postfix/header_checks
# vim /etc/postfix/header_checks
## This line is added ##
/^Received:/ HOLD
Preparing MailScanner
MailScanner is not yet available in CentOS or Repoforge repositories. We will download packages from the official MailScanner site and install it.
# wget https://s3.amazonaws.com/mailscanner/release/v4/rpm/MailScanner-4.85.2-1.rpm.tar.gz
Now we will extract and install the packages. The installation will take some time, so you can take a break if you want.
https://www.mailscanner.info/downloads/
https://www.mailscanner.info/postfix/
# tar zxvf MailScanner-4.85.2-1.rpm.tar.gz
# cd MailScanner-4.85.2-1
# ./install
After installation, the directories necessary for SpamAssassin are created and permissions are modified.
Next, the configuration file for MailScanner is backed up and then modified.
# vim /etc/MailScanner/MailScanner.conf
%org-name% = test
Run As User = postfix
Run As Group = postfix
Incoming Queue Dir = /var/spool/postfix/hold
Outgoing Queue Dir = /var/spool/postfix/incoming
MTA = postfix
Incoming Work Group = clam
Incoming Work Permissions = 0640
Virus Scanners = clamd
Clamd Socket = /var/run/clamav/clamd.sock
SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin
High Scoring Spam Actions = deliver
## please check /etc/MailScanner/spam.lists.conf for more details ##
Spam List = SBL+XBL
# vi /etc/MailScanner/virus.scanners.conf
clamd /bin/false /usr
# vi /etc/MailScanner/spam.assassin.prefs.conf
bayes_ignore_header X-worldcmbd-MailScanner
bayes_ignore_header X-worldcmbd-MailScanner-SpamCheck
bayes_ignore_header X-worldcmbd-MailScanner-SpamScore
bayes_ignore_header X-worldcmbd-MailScanner-Information
envelope_sender_header X-worldcmbd-MailScanner-From
#use_auto_whitelist 0
# cd /var/spool/MailScanner
# mkdir spamassassin
# chown -R postfix:clam *
# chmod -R 750 *
Debug MailScanner stats before firing up.
# MailScanner -lint
# service MailScanner start
# chkconfig MailScanner on
#/etc/init.d/MailScanner restart
Verifying MailScanner Operation
After MailScanner has been deployed, the events that take place behind the scenes can be viewed in /var/log/maillog. The following log snippet shows the sample activities while a mail is processed by Postfix.
# tailf /var/log/maillog
http://linuxhelpbd.blogspot.com/2015/04/how-to-configure-postfix-dovecot-and-squirrelmail-in-centos-6.5.html