MailScanner Conf
Mail Scanner
http://prolinuxhub.com/deploy-mailscanner-centos-7-and-postfix/
http://prolinuxhub.com/install-mailscanner-5-0-3-centos-7-with-postfix-in-chroot/
http://prolinuxhub.com/deploing-centos-7-with-postfix-mailscanner-spamassassin-clamav-as-smtp-gateway/
http://forums.sentora.org/showthread.php?tid=3375
https://www.mailscanner.info/downloads/
https://www.mailscanner.info/postfix/
-------------------------------
# yum install -y yum-utils gcc cpp perl bzip2 zip unrar make patch automake rpm-build perl-Archive-Zip perl-Filesys-Df perl-OLE-Storage_Lite perl-Sys-Hostname-Long perl-Sys-SigAction perl-Net-CIDR perl-DBI perl-MIME-tools perl-DBD-SQLite binutils glibc-devel perl-Filesys-Df zlib zlib-devel wget mlocate
# wget https://s3.amazonaws.com/msv5/release/MailScanner-5.0.3-7.rhel.tar.gz
tar zxvf MailScanner-5.0.3-7.rhel.tar.gz
cd MailScanner-5.0.3-7/
sh install.sh
– In the Postfix configuration file /etc/postfix/main.cf add this line:
header_checks = regexp:/etc/postfix/header_checks
– In the file /etc/postfix/header_checks add this line:
/^Received:/ HOLD
The effect of this is to tell Postfix to move all messages to the HOLD queue.
How to Set up MailScanner for Use with Postfix
In your MailScanner.conf file (probably in /etc/MailScanner or /opt/MailScanner/etc), there are 5 settings you need to change. They are all really near the top of the file. The settings are:
Run As User = postfix
Run As Group = postfix
Incoming Queue Dir = /var/spool/postfix/hold
Outgoing Queue Dir = /var/spool/postfix/incoming
MTA = postfix
---------------------------------------
#cd /var/spool
#chown -R postfix.postfix MailScanner
You will need to ensure that the user “postfix” can write to /var/spool/MailScanner/incoming and /var/spool/MailScanner/quarantine:
chown postfix.postfix /var/spool/MailScanner/incoming
chown postfix.postfix /var/spool/MailScanner/quarantine
chmod -R 770 /var/spool/MailScanner/incoming/
******
# mkdir /var/spool/MailScanner/spamassassin
# chown postfix.postfix /var/spool/MailScanner/spamassassin
# chown postfix /var/spool/MailScanner/incoming/*
Starting It All Running
Most systems MailScanner can be restarted with one of the following commands:
---------------------------------------------------
http://forums.sentora.org/showthread.php?tid=3375
yum install epel-release
****installing all ClamAV components:
yum install clamav-server clamav-data clamav-update clamav-filesystem clamav clamav-scanner-systemd clamav-devel clamav-lib clamav-server-systemd
****Enable antivirus_can_scan_system:
setsebool -P antivirus_can_scan_system 1
***Configuration of Clam daemon:
cp /usr/share/clamav/template/clamd.conf /etc/clamd.d/clamd.conf
sed -i "/^Example/d" /etc/clamd.d/clamd.conf
**** Change /etc/clamd.d/clamd.conf file and define if you want to run the scanner as root, or a specific user.
Check your /etc/passwd file for the related Clam user. Change the following two options:
User clamscan
LocalSocket /var/run/clamd.<SERVICE>/clamd.sock
*****Enable Freshclam
cp /etc/freshclam.conf /etc/freshclam.conf.bak
sed -i "/^Example/d" /etc/freshclam.conf
****Create a new file /usr/lib/systemd/system/clam-freshclam.service
# Run the freshclam as daemon
[Unit]
Description = freshclam scanner
After = network.target
[Service]
Type = forking
ExecStart = /usr/bin/freshclam -d -c 4
Restart = on-failure
PrivateTmp = true
[Install]
WantedBy=multi-user.target
-------------------------------------
systemctl enable clam-freshclam.service
systemctl start clam-freshclam.service
Check the status.
[root@centos7 system]# systemctl status clam-freshclam.service
clam-freshclam.service - freshclam scanner
Loaded: loaded (/usr/lib/systemd/system/clam-freshclam.service; enabled)
Active: active (running) since Thu 2015-06-11 11:09:24 CEST; 1s ago
Process: 3158 ExecStart=/usr/bin/freshclam -d -c 4 (code=exited, status=0/SUCCESS)
Main PID: 3159 (freshclam)
CGroup: /system.slice/clam-freshclam.service
└─3159 /usr/bin/freshclam -d -c 4
Change service files
By default, the service files seem to be messy and not working.
These are the files bundled:
[root@centos7 system]# ls -l /usr/lib/systemd/system/clam*
-rw-r--r--. 1 root root 136 Apr 29 20:38 /usr/lib/systemd/system/clamd@scan.service
-rw-r--r--. 1 root root 231 Apr 29 20:38 /usr/lib/systemd/system/clamd@.service
[root@centos7 system]# systemctl enable /usr/lib/systemd/system/clamd@.service
Failed to issue method call: Unit /usr/lib/systemd/system/clamd@.service does not exist.
So let’s fix it. First rename the /usr/lib/systemd/system/clamd@.service file.
Rename the clamd@ file.
# mv /usr/lib/systemd/system/clamd@.service /usr/lib/systemd/system/clamd.service
*****Now we have to change the clamd@scan service as well, as it refers to a non-existing file now.
Change this line in /usr/lib/systemd/system/clamd@scan.service and remove the @ sign.
# .include /lib/systemd/system/clamd@.service
Next step is changing the clamd service file /usr/lib/systemd/system/clamd.service
[Unit]
Description = clamd scanner daemon
After = syslog.target nss-lookup.target network.target
[Service]
Type = simple
ExecStart = /usr/sbin/clamd -c /etc/clamd.d/clamd.conf
Restart = on-failure
PrivateTmp = true
[Install]
WantedBy=multi-user.target
Move into the directory.
# cd /usr/lib/systemd/system
[root@centos7 system]# systemctl enable clamd.service
[root@centos7 system]# systemctl enable clamd@scan.service
[root@centos7 system]# systemctl start clamd.service
[root@centos7 system]# systemctl start clamd@scan.service
---------------------------------------
MailScanner Configuration
Edit /etc/MailScanner/MailScanner.conf
%org-name% = mydomain
%org-long-name% = mydomain Ltd.
%web-site% = www.mydomain.com
Incoming Work Group = clamscan
Incoming Work Permissions = 0640
Virus Scanners = clamd
Clamd Socket = /var/run/clamd.scan/clamd.sock
Clamd Use Threads = yes
MTA = postfix
Run As User = postfix
Run As Group = postfix
Incoming Queue Dir = /var/spool/postfix/hold
Outgoing Queue Dir = /var/spool/postfix/incoming
Use SpamAssassin = yes
SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin
SpamScore Number Instead Of Stars = yes
Always Include SpamAssassin Report = yes
Log Spam = yes
------------------------------------------------------
# vim /etc/MailScanner/MailScanner.conf
%org-name% = test CentOS Mail Server
%org-long-name% = ORGFULLNAME
%web-site% = ORG WEBSITE
Run As User = postfix
Run As Group = postfix
MTA = postfix
Incoming Queue Dir = /var/spool/postfix/hold
Outgoing Queue Dir = /var/spool/postfix/incoming
Virus Scanners = clamav
## please check /etc/MailScanner/spam.lists.conf for more details ##
Spam List = SBL+XBL
## the directory created earlier ##
SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin
--------------------------------------------------
# MailScanner -lint
-----------------------------