Mailscanner/Exim Gateway With Communigate PRO Guide

Want to support HowtoForge? Become a subscriber!
 
Submitted by topdog (Contact Author) (Forums) on Fri, 2008-01-25 15:25. :: Anti-Spam/Virus | CentOS

Mailscanner/Exim Gateway With Communigate PRO Guide

In this tutorial we will be installing and setting up Mailscanner as a mail firewall in front of a Communigate pro cluster. This tutorial has been written for the CENTOS 5.x Linux distro but am sure it can be used for any other Linux based system with little modifications. The system will run with SELinux in enforcing mode. The components that we will use include:

  • Mailscanner
  • Clamav
  • exim
  • apache
  • mailwatch
  • razor
  • spamassassin
  • mysql
  • fuzzy ocr
  • sanesecurity signatures
  • mailfeeder

 

Install Packages

I assume that you have installed a bare bores CENTOS 5 system with the "Development Tools" group to work with so I will not go much into issues such as package selection and partition layout. As we will need to install certain software that is not part of the default CENTOS bases, we need to configure the system to use Dag Wieers rpm repo as he does package lots of software that we need.

rpm -Uhv http://apt.sw.be/redhat/el5/en/i386/rpmforge/RPMS/rpmforge-release-0.3.6-1.el5.rf.i386.rpm

With that done we have configured the system to use the rpmforge repo.

For this tutorial the working directory will be /usr/local/src - all downloads should be downloaded to and extracted in there.

 

Exim

yum install exim -y
/usr/sbin/alternatives --set mta /usr/sbin/sendmail.exim
service sendmail stop
/sbin/chkconfig --level 345 sendmail off
/sbin/chkconfig --level 345 exim off

 

MailScanner

wget http://www.mailscanner.info/files/4/rpm/MailScanner-4.66.5-3.rpm.tar.gz
tar xzvf MailScanner-4.66.5-3.rpm.tar.gz
cd MailScanner-4.66.5-3
./install.sh

 

Clamav

yum install clamav clamav-db clamd -y
freshclam

 

Sanesecurity Signatures

wget http://www.sanesecurity.co.uk/clamav/update_sanesecurity.txt -O /usr/local/bin/update_sanesecurity.sh
chmod +x /usr/local/bin/update_sanesecurity.sh
ln -s /usr/local/bin/update_sanesecurity.sh /etc/cron.hourly/
/usr/local/bin/update_sanesecurity.sh

 

Apache

yum install httpd php php-mysql php-gd php-eaccelerator -y /sbin/chkconfig --level 345 httpd on

 

Spamassassin

yum install spamassassin -y

 

Fuzzy OCR

yum install netpbm-progs ocrad gocr gifsicle giflib-utils giflib -y
svn co svn://svn.own-hero.net/fuzzyocr/trunk/devel
cd devel/
perl -MCPAN -e 'install String::Approx'
perl -MCPAN -e 'install Time::HiRes'
perl -MCPAN -e 'install Log::Agent'
cp -rv {FuzzyOcr.cf,FuzzyOcr.scansets,FuzzyOcr.preps,FuzzyOcr.pm,FuzzyOcr.words,FuzzyOcr/} /etc/mail/spamassassin
chcon -R system_u:object_r:etc_mail_t /etc/mail/spamassassin/{FuzzyOcr.cf,FuzzyOcr.scansets,FuzzyOcr.preps,FuzzyOcr.pm,FuzzyOcr.words,FuzzyOcr/}
wget http://www.gbnetwork.co.uk/mailscanner/FuzzyOcr.words -O /etc/mail/spamassassin/FuzzyOcr.words

 

Razor

yum install razor-agents

 

MySQL

yum install mysql mysql-server -y

 

Mailwatch

wget http://dfn.dl.sourceforge.net/sourceforge/mailwatch/mailwatch-1.0.4.tar.gz
tar xzvf mailwatch-1.0.4.tar.gz
cd mailwatch-1.0.4
cp -av mailscanner/* /var/www/html/
cp /var/www/html/conf.php.example /var/www/html/conf.php
mkdir /var/www/html/temp
chmod u+rwx /var/www/html/temp
rm -f /var/www/html/{index.php,xml,jpgraph,fpdf}
cp /var/www/html/status.php /var/www/html/index.php
mv /var/www/html/jpgraph-1.12.1 /var/www/html/jpgraph
mv /var/www/html/fpdf152 /var/www/html/fpdf
mv /var/www/html/xmlrpc_1.2 /var/www/html/xmlrpc
chown apache.apache -R /var/www/html/
chmod ug+rwx /var/www/html/images
chmod ug+rwx /var/www/html/images/cache
chcon -R system_u:object_r:httpd_sys_content_t /var/www/html/
cp MailWatch.pm /usr/lib/MailScanner/MailScanner/CustomFunctions/
cp SQLBlackWhiteList.pm /usr/lib/MailScanner/MailScanner/CustomFunctions/
cp tools/db_clean.php /usr/local/bin/
cp tools/quarantine_maint.php /usr/local/bin/

 

Mailfeeder

wget http://www.pldaniels.com/mailfeeder/mailfeeder-0.2.3.tar.gz
tar xzvf mailfeeder-0.2.3.tar.gz
cd mailfeeder-0.2.3
make
cp mailfeeder /usr/local/bin/

 

Configure Packages

Configure Exim

Introduction

To run exim with mailscanner you need 2 configuration files one for the daemon that will listen on port 25 and accept incoming mail and another for the exim process that will deliver the clean mail that has been scanned by mailscanner. You also require 2 queues one for incoming and the other for clean mail that has been scanned.

I will not dwell on all the configuration options that exim provides i expect that you will be able to get detailed info else where on how to configure an normal running exim system so i will only focus on those areas that are specific to this setup.

  • So to begin backup your exim configuration then create the second configuration file out the outbound process.

cp /etc/exim/exim.conf /etc/exim/exim.conf.orig
cp /etc/exim/exim.conf /etc/exim/exim_out.conf

 

Inbound Exim

This is the configuration for the exim daemon that listens on port 25 and accepts the messages and queues them for mailscanner to process. The configuration file is /etc/exim/exim.conf.

 

Anti-virus / Sanesecurity Checks

Configure the incoming exim daemon (/etc/exim/exim.conf) to use clamav to scan incoming mail and reject virus infected email and image and pdf spam at smtp time.

av_scanner = clamd:/var/run/clamav/clamd.sock

 

Mail Routing

Configure the domains you accept mail for, we will add these to a file /etc/exim/relay_domains.

# example /etc/exim/relay_domains
example.com

Specify this in the exim configuration:

domainlist relay_to_domains = lsearch;/etc/exim/relay_domains

Configure the routing of the domains you are filtering mail for in the file /etc/exim/mail-routes.

#example /etc/exim/mail-routes
example.com: xxx.xxx.xxx.xxx:xxx.xxx.xxx.xxx #this domain is on a CGP cluster of 2 front end nodes
somedomain.com: xxx.xxx.xxx.xxx # this delivers to one CGP machine

Configure a router to accept mail for the relay domains. You need to add this under the check_backend: router (see address verification below).

deliver_clean:
  driver = manualroute
  domains = +relay_to_domains
  transport = remote_smtp
  route_data = ${lookup{$domain}lsearch{/etc/exim/mail-routes}}

 

Mailscanner Intergration

Configure the inbound exim just to queue the messages and not deliver to enable mailscanner to process them.

spool_directory = /var/spool/exim.in
process_log_path = /var/spool/exim/exim-process.info
queue_only = true
queue_only_override = false

 

RBL's

Configure the RBL's under acl_check_rcpt:

drop    message       = REJECTED because $sender_host_address is in a black list spamhaus.org
           dnslists      = xen.spamhaus.org
drop    message       = REJECTED because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text
           dnslists      = bl.spamcop.net
drop    message       = REJECTED because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text
           dnslists      = dnsbl.sorbs.net

Please do not use the comment function to ask for help! If you need help, please use our forum.
Comments will be published after administrator approval.