MailScanner Conf

Mail Scanner

http://prolinuxhub.com/deploy-mailscanner-centos-7-and-postfix/

http://prolinuxhub.com/install-mailscanner-5-0-3-centos-7-with-postfix-in-chroot/

http://prolinuxhub.com/deploing-centos-7-with-postfix-mailscanner-spamassassin-clamav-as-smtp-gateway/

http://forums.sentora.org/showthread.php?tid=3375

https://www.mailscanner.info/downloads/

https://www.mailscanner.info/postfix/

-------------------------------

#  yum install -y yum-utils gcc cpp perl bzip2 zip unrar make patch automake rpm-build perl-Archive-Zip perl-Filesys-Df perl-OLE-Storage_Lite perl-Sys-Hostname-Long perl-Sys-SigAction perl-Net-CIDR perl-DBI perl-MIME-tools perl-DBD-SQLite binutils glibc-devel perl-Filesys-Df zlib zlib-devel wget mlocate

# wget https://s3.amazonaws.com/msv5/release/MailScanner-5.0.3-7.rhel.tar.gz

tar zxvf MailScanner-5.0.3-7.rhel.tar.gz

cd MailScanner-5.0.3-7/ 

sh install.sh

– In the Postfix configuration file /etc/postfix/main.cf add this line:

header_checks = regexp:/etc/postfix/header_checks

– In the file /etc/postfix/header_checks add this line:

/^Received:/ HOLD

The effect of this is to tell Postfix to move all messages to the HOLD queue.

How to Set up MailScanner for Use with Postfix

In your MailScanner.conf file (probably in /etc/MailScanner or /opt/MailScanner/etc), there are 5 settings you need to change. They are all really near the top of the file. The settings are:

Run As User = postfix

Run As Group = postfix

Incoming Queue Dir = /var/spool/postfix/hold

Outgoing Queue Dir = /var/spool/postfix/incoming

MTA = postfix

---------------------------------------

#cd /var/spool

#chown -R postfix.postfix MailScanner

You will need to ensure that the user “postfix” can write to /var/spool/MailScanner/incoming and /var/spool/MailScanner/quarantine:

chown postfix.postfix /var/spool/MailScanner/incoming

chown postfix.postfix /var/spool/MailScanner/quarantine

chmod -R 770 /var/spool/MailScanner/incoming/

******

# mkdir /var/spool/MailScanner/spamassassin

# chown postfix.postfix /var/spool/MailScanner/spamassassin

# chown postfix /var/spool/MailScanner/incoming/*

Starting It All Running

Most systems MailScanner can be restarted with one of the following commands:

                                       ---------------------------------------------------

  http://forums.sentora.org/showthread.php?tid=3375

yum install epel-release

****installing all ClamAV components:

yum install clamav-server clamav-data clamav-update clamav-filesystem clamav clamav-scanner-systemd clamav-devel clamav-lib clamav-server-systemd

****Enable antivirus_can_scan_system:

setsebool -P antivirus_can_scan_system 1

***Configuration of Clam daemon:

cp /usr/share/clamav/template/clamd.conf /etc/clamd.d/clamd.conf

sed -i "/^Example/d" /etc/clamd.d/clamd.conf

**** Change /etc/clamd.d/clamd.conf file and define if you want to run the scanner as root, or a specific user. 

      Check your /etc/passwd file for the related Clam user. Change the following two options:

User clamscan

LocalSocket /var/run/clamd.<SERVICE>/clamd.sock

*****Enable Freshclam

cp /etc/freshclam.conf /etc/freshclam.conf.bak

sed -i "/^Example/d" /etc/freshclam.conf

****Create a new file /usr/lib/systemd/system/clam-freshclam.service

# Run the freshclam as daemon

[Unit]

Description = freshclam scanner

After = network.target

[Service]

Type = forking

ExecStart = /usr/bin/freshclam -d -c 4

Restart = on-failure

PrivateTmp = true

[Install]

WantedBy=multi-user.target

           -------------------------------------

systemctl enable clam-freshclam.service

systemctl start clam-freshclam.service

Check the status.

[root@centos7 system]# systemctl status clam-freshclam.service

clam-freshclam.service - freshclam scanner

Loaded: loaded (/usr/lib/systemd/system/clam-freshclam.service; enabled)

Active: active (running) since Thu 2015-06-11 11:09:24 CEST; 1s ago

Process: 3158 ExecStart=/usr/bin/freshclam -d -c 4 (code=exited, status=0/SUCCESS)

Main PID: 3159 (freshclam)

CGroup: /system.slice/clam-freshclam.service

└─3159 /usr/bin/freshclam -d -c 4

Change service files

By default, the service files seem to be messy and not working.

These are the files bundled:

[root@centos7 system]# ls -l /usr/lib/systemd/system/clam*

-rw-r--r--. 1 root root 136 Apr 29 20:38 /usr/lib/systemd/system/clamd@scan.service

-rw-r--r--. 1 root root 231 Apr 29 20:38 /usr/lib/systemd/system/clamd@.service

[root@centos7 system]# systemctl enable /usr/lib/systemd/system/clamd@.service

Failed to issue method call: Unit /usr/lib/systemd/system/clamd@.service does not exist.

So let’s fix it. First rename the /usr/lib/systemd/system/clamd@.service file.

Rename the clamd@ file.

# mv /usr/lib/systemd/system/clamd@.service /usr/lib/systemd/system/clamd.service

*****Now we have to change the clamd@scan service as well, as it refers to a non-existing file now. 

Change this line in /usr/lib/systemd/system/clamd@scan.service and remove the @ sign.

# .include /lib/systemd/system/clamd@.service

Next step is changing the clamd service file /usr/lib/systemd/system/clamd.service

[Unit]

Description = clamd scanner daemon

After = syslog.target nss-lookup.target network.target

[Service]

Type = simple

ExecStart = /usr/sbin/clamd -c /etc/clamd.d/clamd.conf

Restart = on-failure

PrivateTmp = true

[Install]

WantedBy=multi-user.target

Move into the directory.

# cd /usr/lib/systemd/system

[root@centos7 system]# systemctl enable clamd.service

[root@centos7 system]# systemctl enable clamd@scan.service

[root@centos7 system]# systemctl start clamd.service

[root@centos7 system]# systemctl start clamd@scan.service

---------------------------------------

MailScanner Configuration

Edit /etc/MailScanner/MailScanner.conf

%org-name% = mydomain

%org-long-name% = mydomain Ltd.

%web-site% = www.mydomain.com

Incoming Work Group = clamscan

Incoming Work Permissions = 0640

Virus Scanners = clamd

Clamd Socket = /var/run/clamd.scan/clamd.sock

Clamd Use Threads = yes

MTA = postfix

Run As User = postfix

Run As Group = postfix

Incoming Queue Dir = /var/spool/postfix/hold

Outgoing Queue Dir = /var/spool/postfix/incoming

Use SpamAssassin = yes

SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin

SpamScore Number Instead Of Stars = yes

Always Include SpamAssassin Report = yes

Log Spam = yes

------------------------------------------------------

# vim /etc/MailScanner/MailScanner.conf

%org-name% = test CentOS Mail Server

%org-long-name% = ORGFULLNAME

%web-site% = ORG WEBSITE

Run As User = postfix

Run As Group = postfix

MTA = postfix

Incoming Queue Dir = /var/spool/postfix/hold

Outgoing Queue Dir = /var/spool/postfix/incoming

Virus Scanners = clamav

## please check /etc/MailScanner/spam.lists.conf for more details ##

Spam List = SBL+XBL

## the directory created earlier ##

SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin

--------------------------------------------------

# MailScanner -lint

-----------------------------