MailScanner
--------
Using MailScanner with Postfix
Postfix can be handled slightly differently from the other supported mail systems, as one copy of Postfix can handle both the incoming mail via SMTP, and the outgoing mail by doing all the delivery.
How to Set Up Postfix for MailScanner Use
– Install Postfix and get the basics working
– Make sure you have the chroot jail set up in /var/spool/postfix. You should be able to see “etc”, “usr” and “lib” directories inside /var/spool/postfix. If you haven’t got the chroot jail setup already, then look in the “examples” directory of the Postfix documentation and you will find a script in there to set up it up for your operating system.
– In the Postfix configuration file /etc/postfix/main.cf add this line:
header_checks = regexp:/etc/postfix/header_checks
– In the file /etc/postfix/header_checks add this line:
/^Received:/ HOLD
The effect of this is to tell Postfix to move all messages to the HOLD queue.
How to Set up MailScanner for Use with Postfix
In your MailScanner.conf file (probably in /etc/MailScanner or /opt/MailScanner/etc), there are 5 settings you need to change. They are all really near the top of the file. The settings are:
Run As User = postfix
Run As Group = postfix
Incoming Queue Dir = /var/spool/postfix/hold
Outgoing Queue Dir = /var/spool/postfix/incoming
MTA = postfix
You will need to ensure that the user “postfix” can write to /var/spool/MailScanner/incoming and /var/spool/MailScanner/quarantine:
chown postfix.postfix /var/spool/MailScanner/incoming
chown postfix.postfix /var/spool/MailScanner/quarantine
Starting It All Running
Most systems MailScanner can be restarted with one of the following commands:
Most RPM based systems:
/etc/init.d/MailScanner restart
Most Debian based systems:
/etc/init.d/mailscanner restart
If you have configured everything correctly, MailScanner should restart Postfix for you.
Mail Scaner Configuration with postfix
------------------
yum install perl-Archive-Zip perl-DBI perl-DBD-SQLite perl-Filesys-Df perl-Net-CIDR perl-OLE-Storage_Lite perl-Sys-Hostname-Long perl-Sys-SigAction perl-MIME-tools
OR
# yum install -y yum-utils gcc cpp perl bzip2 zip unrar make patch automake rpm-build perl-Archive-Zip perl-Filesys-Df perl-OLE-Storage_Lite perl-Sys-Hostname-Long perl-Sys-SigAction perl-Net-CIDR perl-DBI perl-MIME-tools perl-DBD-SQLite binutils glibc-devel perl-Filesys-Df zlib zlib-devel wget mlocate
You’ll need to install wget for the next procedure to work:
yum install wget
We need to install a few other packages before running the MailScanner install procedure:
yum install patch rpm-build
yum install binutils glibc-devel gcc make
Now go to your tmp folder:
cd /tmp
Download the MailScanner compressed file like so:
wget http://www.mailscanner.info/files/4/rpm/MailScanner-4.84.6-1.rpm.tar.gz
Now we need to extract the file:
tar xvf MailScanner-4.84.6-1.rpm.tar.gz
A new folder will have been created called MailScanner-4.84.6-1. We need to go to that folder to run the setup script like so:
cd MailScanner-4.84.6-1
sh install.sh
# tar zxvf MailScanner-4.84.6-1.rpm.tar.gz
# cd MailScanner-4.84.6-1
# ./install
After installation, the directories necessary for SpamAssassin are created and permissions are modified.
chown postfix.postfix /var/spool/MailScanner/incoming
chown postfix.postfix /var/spool/MailScanner/quarantine
# mkdir /var/spool/MailScanner/spamassassin
# chown postfix /var/spool/MailScanner/spamassassin
# chown postfix /var/spool/MailScanner/incoming/*
The install process will take a while so be patient. Once the install is complete we need to edit the /etc/MailScanner/MailScanner.conf file.
Find:
%org-name% = yourSite
Change yoursite to the name of your organisation. The value can NOT have any spaces:
%org-name% = world communication
Find:
%org-long-name% =
Change to what ever you organisations name is. This option CAN have spaces:
%org-long-name% = world communication
Find:
%web-site% =
Change to your website:
%web-site% = www.worldcm.com
Find:
Run As User =
Change to:
Run As User = postfix
Find:
Run As Group =
Change to:
Run As Group = postfix
Find:
Quarantine Silent Viruses = no
Change to:
Quarantine Silent Viruses = yes
Find:
Quarantine Modified Body = no
Change to:
Quarantine Modified Body = yes
Find:
Always Include SpamAssassin Report = no
Change to:
Always Include SpamAssassin Report = yes
Find:
Notify Senders Of Viruses = no
Change to:
Notify Senders Of Viruses = yes
Find:
Notify Senders Of Blocked Size Attachments = no
Change to:
Notify Senders Of Blocked Size Attachments = yes
Find:
Spam List = # spamhaus-ZEN # You can un-comment this to enable them
Change to:
Spam List = spamhaus-ZEN # You can un-comment this to enable them
Find:
Incoming Queue Dir =
Change to:
Incoming Queue Dir = /var/spool/postfix/hold
Find:
Outgoing Queue Dir =
Change to:
Outgoing Queue Dir = /var/spool/postfix/incoming
Find:
MTA =
Change to:
MTA = postfix
Find:
Incoming Work Group =
Change to:
Incoming Work Group = clamav
Find:
Incoming Work Permissions =
Change to:
Incoming Work Permissions = 0750
Find:
Virus Scanners =
Change to:
Virus Scanners = clamav
Find:
Clamd Socket =
Change to:
Clamd Socket = /var/run/clamav/clamd.sock
Find:
SpamAssassin User State Dir =
Change to:
SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin
Find:
Quarantine User =
Change to:
Quarantine User = root
Find:
Quarantine Group =
Change to:
Quarantine Group = apache
Find:
Quarantine Permissions =
Change to:
Quarantine Permissions = 0660
Find:
Quarantine Whole Message = no
Change to:
Quarantine Whole Message = yes
Find:
Quarantine Whole Messages As Queue Files =
Change to:
Quarantine Whole Messages As Queue Files = no
Find:
Detailed Spam Report =
Change to:
Detailed Spam Report = yes
Find:
Include Scores In SpamAssassin Report =
Change to:
Include Scores In SpamAssassin Report = yes
Find:
Spam Actions = deliver header “X-Spam-Status: Yes”
Change to:
Spam Actions = store notify
Find:
High Scoring Spam Actions =
Change to:
High Scoring Spam Actions = store-spam
This change it up to you. You can either deliver or store. I’d recommend you deliver until you’re comfortable with the system:
High Scoring Spam Actions = deliver
Change the above back to store after a few months running the system.
Find:
Non Spam Actions = deliver header “X-Spam-Status: No”
Change to:
Non Spam Actions = store deliver header “X-Spam-Status: No”
Find:
Log Spam = no
Change to:
Log Spam = yes
Save and Close the file.
Now we’ll edit the Edit /etc/MailScanner/virus.scanners.conf file:
Find:
clamd /bin/false /usr/local
Change to:
clamd /bin/false /usr/sbin
Find:
clamav /usr/lib/MailScanner/clamav-wrapper /usr/local
Change to:
clamav /usr/lib/MailScanner/clamav-wrapper /usr
Now we’ll edit /etc/MailScanner/spam.assassin.prefs.conf and add the same name you used in the %org-name% variable previously to edit these lines:
Find:
bayes_ignore_header X-YOURDOMAIN-COM-MailScanner
bayes_ignore_header X-YOURDOMAIN-COM-MailScanner-SpamCheck
bayes_ignore_header X-YOURDOMAIN-COM-MailScanner-SpamScore
bayes_ignore_header X-YOURDOMAIN-COM-MailScanner-Information
envelope_sender_header X-MailScanner-From
Change to:
bayes_ignore_header X-WorldCm-MailScanner
bayes_ignore_header X-WorldCm-MailScanner-SpamCheck
bayes_ignore_header X-WorldCm-MailScanner-SpamScore
bayes_ignore_header X-WorldCm-MailScanner-Information
envelope_sender_header X-WorldCm-MailScanner-From
You need change WorldCm in each line above to your organisation’s name that you used in %org-name% variable.
Find:
use_auto_whitelist 0
Change to:
#use_auto_whitelist 0
Now we need to set the appropriate permissions:
#cd /var/spool/MailScanner
mkdir spamassassin
chown -R postfix:clam *
chmod -R 750 *
chown postfix.postfix /var/spool/MailScanner/spamassassin
chown postfix.postfix /var/spool/MailScanner/incoming
chown postfix.postfix /var/spool/MailScanner/quarantine
-------------------------------------------------------------------------------------------------
cd /var/spool/MailScanner/ mkdir spamassassin chown -R postfix.clam * chmod -R 750 * restorecon -R ../MailScanner/
------------------------------------------
# mkdir /var/spool/MailScanner/spamassassin
# chown postfix /var/spool/MailScanner/spamassassin
# chown postfix /var/spool/MailScanner/incoming/*
-----------------------------------------------------------
chown postfix.postfix /var/spool/MailScanner/spamassassin/*
chown postfix.postfix /var/spool/MailScanner/incoming/*
chown postfix.postfix /var/spool/MailScanner/quarantine/*
Now we need to edit the /etc/postfix/main.cf file again to include the MailScanner settings:
Find:
#header_checks = regexp:/etc/postfix/header_checks
Change to:
header_checks = regexp:/etc/postfix/header_checks
Save and close the file.
Edit the /etc/postfix/header_checks file:
Go to the end iof the file and add:
/^Received:/ HOLD
Save and close the file.
Edit the /usr/sbin/MailScanner file:
Find:
#!/usr/bin/perl -I/usr/lib/MailScanner
Change to:
#!/usr/bin/perl -I/usr/lib/MailScanner -U
Now we’re going to turn off Postfix becuase it does not need to run as a service. MailScanner manages Postfix via a daemon.
service postfix stop
chkconfig postfix off
service MailScanner start
chkconfig --level 235 MailScanner on
Now you’ve completed the MailScanner configuration…
-----------------------------------------------------------------------------------------------------------------
Reading configuration file /etc/MailScanner/MailScanner.conf
Apr 9 03:15:08 mail MailScanner[6617]: Reading configuration file /etc/MailScanner/conf.d/README
Apr 9 03:15:08 mail MailScanner[6617]: Read 868 hostnames from the phishing whitelist
Apr 9 03:15:08 mail MailScanner[6617]: Read 12977 hostnames from the phishing blacklists
MailScanner configuration…file Attached below (Configuration Index - MailScanner v4.85.2)// Attatch----virus.scanners.conf file: