MailWatch
Installation instructions
MailWatch for MailScanner is developed on Debian 7 & Ubuntu 12.04, so these docs will reflect this and I will make note on anything that will be required to run on other distro’s or operating systems.
Before you start
You must have a working MailScanner set-up and have running copies of MySQL, Apache, PHP (with MySQL and GD support) and for MailScanner to be able to use a database you need Perl DBI and DBD::mysql; you also need Perl Encoding::FixLatin to deal with email subjects that contain characters in more than one encoding.
Some PHP extensions and executable software are required to make MailWatch fully works:
MySQL extension (required to connect to database)
GD extension (required to generate graphs on reports)
MBstring extension (required to display non-ascii characters)
exec function not disabled in php.ini
Curl extension or fsockopen function enabled (needed to download GeoIP files)
Zlib extension or gunzip executable (needed to extract GeoIP files)
Ldap extension (needed if you are authenticating users on LDAP server)
Support
Please use the mailing-list mailwatch-users on Sourceforge. Note that you will get faster support if you use the mailing-list.
Notes for PHP configuration
PHP should have the following set in php.ini (possibly others too….)
safe_mode = Offregister_globals = Offmagic_quotes_gpc = Offmagic_quotes_runtime = Offsession.auto_start = 0
Installation
All commands below should be run as the ‘root’.
Create the database
mysql < create.sql
NOTE: you will need to modify the above as necessary for your system if you have a root password for your MySQL database (recommended!).
Create a MySQL user and password & Set-up MailScanner for SQL logging
$ mysql
mysql> GRANT ALL ON mailscanner.* TO mailwatch@localhost IDENTIFIED BY '<password>';mysql> GRANT FILE ON *.* TO mailwatch@localhost IDENTIFIED BY '<password>';mysql> FLUSH PRIVILEGES;
Edit MailWatch.pm and change the $db_user and $db_pass values accordingly and move MailWatch.pm to/usr/lib/MailScanner/MailScanner/CustomFunctions (this could be/opt/MailScanner/lib/MailScanner/MailScanner/CustomFunctions on non-RPM systems).
Create a MailWatch web user
mysql mailscanner -u mailwatch -p
Enter password: ******mysql> INSERT INTO users SET username = '<username>', password = MD5('<password>'), fullname = '<name>', type = 'A'
Install & Configure MailWatch
Move the mailscanner directory to the web server’s root.
bash mv mailscanner /var/www/html/
Check the permissions of /var/www/html/mailscanner/images and /var/www/html/images/cache - they should be ug+rwx and owned by root and in the same group as the web server user (www-data on Debian/Ubuntu or apache on RedHat).
bash chown root:apache images chmod ug+rwx images chown root:apache images/cache chmod ug+rwx images/cache
Create conf.php by copying conf.php.example and edit the values to suit, you will need to set DB_USER and DB_PASS to the MySQL user and password that you created earlier.
Note that MailWatch 1.0 and later can use the quarantine more effectively when used with MailScanner version 4.43 or later as Julian added some code for me to keep track of messages quarantined by using a flag in the maillog table.
This means that MailWatch 1.0 is much faster when you have a large quarantine directory. The new quarantine report requires the use of the new functionality - so you must upgrade if you want to run this. The new quarantine flag is used by default and you must disable the clean.quarantine script supplied by MailScanner and use the new quarantine_maint.php script in the tools directory instead.
To clean the quarantine - set QUARANTINE_DAYS_TO_KEEP in conf.php and run ‘./quarantine_maint –clean’. This should then be run daily from cron. If you are still using MailScanner 4.42 or older, updating your installation is highly recommanded; if you can’t update you need to set the QUARANTINE_USE_FLAG to false in conf.php and use the clean.quarantine script supplied by MailScanner.
bash cp conf.php.example conf.php
Set-up MailScanner
Stop MailScanner
service MailScanner stop
Next edit /etc/MailScanner/MailScanner.conf - you need to make sure that the following options are set:
Always Looked Up Last = &MailWatchLogging Detailed Spam Report = yes Quarantine Whole Message = yes Quarantine Whole Messages As Queue Files = no Include Scores In SpamAssassin Report = yes Quarantine User = root Quarantine Group = apache (this should be the same group as your web server) Quarantine Permissions = 0660
Spam Actions and High Scoring Spam Actions should also have ‘store’ as one of the keywords if you want to quarantine items for learning/viewing in MailWatch.
If you want to use the integrate Blacklist/Whitelist (optional):
then edit the file and change the connection string in the CreateList subroutine to match MailWatch.pm.
Copy SQLBlackWhiteList.pm to /usr/lib/MailScanner/MailScanner/CustomFunctions and in MailScanner.conf set:
Is Definitely Not Spam = &SQLWhitelist Is Definitely Spam = &SQLBlacklist
Then edit SQLBlackWhitelist.pm and change the connection string in the CreateList subroutine to match MailWatch.pm.
Move the Bayesian Databases and set-up permissions (skip this if you don’t use bayes).
Edit /etc/MailScanner/spam.assassin.prefs.conf and set:
bayes_path /etc/MailScanner/bayes/bayes bayes_file_mode 0660
Create the ‘new’ bayes directory, make the directory owned by the same group as the web server user and make the directory setgid:
mkdir /etc/MailScanner/bayes chown root:apache /etc/MailScanner/bayes chmod g+rws /etc/MailScanner/bayes
Copy the existing bayes databases and set the permissions:
cp /root/.spamassassin/bayes_* /etc/MailScanner/bayes chown root:apache /etc/MailScanner/bayes/bayes_* chmod g+rw /etc/MailScanner/bayes/bayes_*
Test SpamAssassin to make sure that it is using the new databases correctly:
spamassassin -D -p /etc/MailScanner/spam.assassin.prefs.conf --lint
and you should see something like:
debug: using "/etc/MailScanner/spam.assassin.prefs.conf" for user prefs file debug: bayes: 28821 tie-ing to DB file R/O /etc/MailScanner/bayes/bayes_toks debug: bayes: 28821 tie-ing to DB file R/O /etc/MailScanner/bayes/bayes_seen debug: bayes: found bayes db version 2 debug: Score set 3 chosen.
Start MailScanner up again.
service MailScanner start && tail -f /var/log/maillog
You should see something like:
Jun 13 12:18:23 hoshi MailScanner[26388]: MailScanner E-Mail Virus Scanner version 4.20-3 starting... Jun 13 12:18:24 hoshi MailScanner[26388]: Config: calling custom init function MailWatchLogging Jun 13 12:18:24 hoshi MailScanner[26388]: Initialising database connection Jun 13 12:18:24 hoshi MailScanner[26388]: Finished initialising database connection
Congratulations - you now have MailScanner logging to MySQL.
If you want to see the output of MailScanner --lint in Tools/MailScanner Lint (Test) edit conf.php and set MS_EXECUTABLE_PATH, the follow instruction in tools/sudo/INSTALL
Database cleanup of maillog records
add db_clean.php to /etc/cron.daily/
You will then to edit conf.php the RECORD_DAYS_TO_KEEP definition.
You will need to edit the db_clean.php to reflect the location of the functions.php file
Quarantine Maintenance
Remove the clean.quarantine cronjob configured with MailScanner.
Edit and copy quarantine_maint.sh to /etc/cron.daily/
You will then to edit conf.php the QUARANTINE_DAYS_TO_KEEP definition.
You will need to edit the quarantine_maint.php to reflect the location of the functions.php file
Quarantine Reporting
Add quarantine_report.php to /etc/cron.daily
You will need to edit the quarantine_report.php to reflect the location of the functions.php file
Test the MailWatch interface
Point your browser to http:///mailscanner/ - you should be prompted for a username and password - enter the details of the MailWatch web user that you created earlier, and you should see a list of the last 50 messages processed by MailScanner.
Update the SpamAssassin Rules table MailWatch keeps a list of all the SpamAssassin rules and descriptions which are displayed on the ‘Message Detail’ page - to show the descriptions, you need to run the updater every time you add new rules or upgrade SpamAssassin. Click on the ‘Other’ menu and select ‘Update SpamAssassin Rule Descriptions’ and click ‘Run Now’.
Update the GeoIP database Click on the ‘Other’ menu and select ‘Update GeoIP database’ and click ‘Run Now’.
Setup the Mail Queue watcher (optional) You can get MailWatch to watch and display your sendmail queue directories - all you need to do is copy mailq.php (from the root of the MailWatch archive - not from the mailscanner directory - they are different!) to /usr/local/bin and set-up a cron-job to run it.
Optional for items Sendmail
Edit mailq.php first to change the require line to point to the location of functions.php, then:
cp tools/Sendmail_queue/mailq.php /usr/local/bin crontab -e 0-59 * * * * /usr/local/bin/mailq.php
Note: mailq.php re-creates all entries on each run, so for busy sites you will probably want to change this to run every 5 minutes or greater.
Setup the Sendmail Relay Log watcher (optional)
You can get MailWatch to watch your sendmail logs and store all message relay information which is then displayed on the ‘Message Detail’ page which helps debugging and makes it easy for a Helpdesk to actually see where a message was delivered to by the MTA and what the response back was (e.g. the remote queue id etc.).
cp tools/Sendmail_relay/sendmail_relay.php /usr/local/bin cp tools/Sendmail_relay/sendmail_relay.init /etc/rc.d/init.d/ chmod 777 /etc/rc.d/init.d/sendmail_relay.init /etc/rc.d/init.d/sendmail_relay.init start ln -s /etc/rc.d/ini.d/sendmail_relay.init /etc/rc.2/S30sendmail_relay.init
Optional for item Postfix
Adding Postfix relay information
Add the table to the database
bash mysql -p mailscanner < tools/Postfix_relay/create_relay_postfix.sql
Edit the parser and add it as an hourly cron job
Edit the parser for location of MailWatch webpages
Edit mailscanner_relay.php in the mailscanner folder
Optional for MailScanner Rule Editor
Make sure MailWatch’s conf.php has the following lines at the end (amend as appropriate)
<?php// Enable MailScanner Rule Editor define('MSRE', true);define('MSRE_RELOAD_INTERVAL', 5);define('MSRE_RULESET_DIR', "/etc/MailScanner/rules");
Change file permissions so that we can update the rules change group and rules directory locations as appropriate
chgrp -R apache /etc/MailScanner/rules chmod g+rwxs /etc/MailScanner/rules chmod g+rw /etc/MailScanner/rules/*.rules
See also the INSTALL docs in tools/MailScanner_rule_editor and tools/Cron_jobs
FINISHED!! (Phew!)
###############################################################################################################
Now we’ll install MailWatch with the web GUI for MailScanner. Let’s begin. Open Putty and enter:
yum install php-gd php-mysql -y
Edit the /etc/php.ini file and ensure each variable below is set with these values:
short_open_tag = On
safe_mode = Off
register_globals = Off
magic_quotes_gpc = On
magic_quotes_runtime = Off
session.auto_start = 0
Save and close the php.ini file.
Change to the temp directory:
cd /tmp
wget http://sourceforge.net/projects/mailwatch/files/mailwatch/1.1.5.1/mailwatch-1.1.5.1.tar.gz
Download the latest stable version of MailWatch:
Extracted the package we just downloaded:
tar xzvf mailwatch-1.1.5.1.tar.gz
cd mailwatch-1.1.5.1
mysql -u root -p < create.sql
mysql -u root -p
Login to mysql as a root:
Now we’ll create the database:
Change directory to access the newly extracted files:
We’ll now create a MySQL user and then set password and configure MailScanner for SQL logging. In this example we’re creating a user called mailwatch with a password of letmein. (Change the username and password to suit your needs):
GRANT ALL ON mailscanner.* TO mailwatch@localhost IDENTIFIED BY 'letmein'; GRANT FILE ON *.* TO mailwatch@localhost IDENTIFIED BY 'letmein'; FLUSH PRIVILEGES; show databases;
Now we’ll edit the MailWatch.pm file and change the database values to suit the values we just created above. The file is located here /tmp/mailwatch-1.1.5.1/MailScanner_perl_scripts/MailWatch.pm. The variables we need to change are:
my($db_name) = ‘mailscanner’;
my($db_host) = ‘localhost’;
my($db_user) = ‘mailwatch’;
my($db_pass) = ‘letmein’;
Now we need to move MailWatch.pm to /usr/lib/MailScanner/MailScanner/CustomFunctions like so:
cd MailScanner_perl_scripts cp MailWatch.pm /usr/lib/MailScanner/MailScanner/CustomFunctions
mysql mailscanner -u mailwatch -p
INSERT INTO users SET username = 'admin', password = md5('letmein'), fullname = 'MAilwatch Administrator', type ='A';
Once logged on run the query below:
Now we’ll create the MailWatch web user. This is the user you will log onto the web GUI with:
Using the query above, you would have created a user called admin and the password is letmein. Change these values to suit your needs.
We’re now ready to install MailWatch. Change back to the MailWatch Folder:
cd ..
mv mailscanner /var/www/html/
cd /var/www/html/mailscanner
chown root:apache images chmod ug+rwx images chown root:apache images/cache chmod ug+rwx images/cache
Set the folder permissions as outlined below:
Change directory to the mailscanner folder in web root directory:
Move mailscanner folder for web root folder:
We’ll now create a conf.php file by copying conf.php.example file:
cp conf.php.example conf.php
Now edit the following database values to suit the values you created earlier. In my case the user was mailwatch and password was letmein.
define(‘DB_TYPE’, ‘mysql’);
define(‘DB_USER’, ‘mailwatch’);
define(‘DB_PASS’, ‘letmein’);
define(‘DB_HOST’, ‘localhost’);
define(‘DB_NAME’, ‘mailscanner’);
Now we need to stop the MailScanner service:
service MailScanner stop
Now we’ll edit the /etc/MailScanner/MailScanner.conf file:
Ensure that the variables below are set as shown:
Always Looked Up Last = &MailWatchLogging
Detailed Spam Report = yes
Quarantine Whole Message = yes
Quarantine Whole Messages As Queue Files = no
Include Scores In SpamAssassin Report = yes
Quarantine User = root
Quarantine Group = apache (this should be the same group as your web server)
Quarantine Permissions = 0660
Save and close the /etc/MailScanner/MailScanner.conf file.
Edit the file /etc/httpd/conf/httpd.conf. Go to the end of the file and add:
#Start of add
<VirtualHost *:80>
# Admin email, Server Name (domain name) and any aliases
ServerAdmin support@Matrix7.com.au
ServerName 192.168.0.150
ServerAlias 192.168.0.150
# Index file and Document Root (where the public files are located)
DirectoryIndex index.php index.html
DocumentRoot //var/www/html/mailscanner
</VirtualHost>
#End of Add
Make sure you change the ServerAdmin email address to your email address and also the IP addresses above (192.168.0.150) to your servers IP Address. Save and close the file.
Now we’ll restart the MailScanner service:
service MailScanner start
We’ll also restart the web server Apache:
service httpd restart
Now open up your browser and type in the IP address of your server like:
http://192.168.0.150
You should now see the MailWatch log on screen:
Type in your username and password that you set earlier in this tutorial. Mine in this example was admin and password was letmein.
One final thing, I highly advise you to install and configure BIND DNS on your system for optimal results and spam protection. You can see a quick tutorial on this subject by clicking here…
All done! Consider yourself a superstar!!!
-###################################################################################################################