The Perfect SpamSnake - Ubuntu Jaunty Jackalope
Submitted by Rocky (Contact Author) (Forums) on Wed, 2009-06-10 18:29. :: Anti-Spam/Virus | Ubuntu | Postfix
The Perfect SpamSnake - Ubuntu Jaunty Jackalope
Author: Mohammed Alli
Postfix w/Bayesian Filtering and Anti-Backscatter (Relay Recipients), Apache, Mysql, Dnsmasq, MailScanner (Spamassassin, ClamAV, Pyzor, Razor, DCC-Client), MailWatch, SPF Checks, FuzzyOcr, PDF/XLS/Phishing Sanesecurity Signatures, Postfix-GLD (Greylisting Optional), Logwatch Statistical Reporting (Optional), Outgoing Disclaimer with alterMIME (Optional), FireHOL (Iptables Firewall)
This tutorial shows how to set up an Ubuntu Jaunty Jackalope based server as a spamfilter in Gateway mode. In the end, you will have a SpamSnake Gateway which will relay clean emails to your MTA. You will also be able to view your incoming queue, train your SpamSnake and carry out a few more advanced operations via MailWatch.
I cannot offer any guarantees that this will work for you, the same way it's working for me.
I will use the following software:
Credit goes to the guys at HowtoForge and the developers of MailScanner, MailWatch, ClamAV, Apache, Mysql and Postfix.
Install the base system using the minimal option.
1. Get root Privileges
Enable the root login by running the following and giving root a password. You can then directly log in as root:
sudo passwd root
2. Install vim-nox (Optional)
I'll use vi as my text editor in this tutorial. The default vi program has some strange behaviour on Ubuntu and Debian; to fix this, we install vim-nox:
aptitude install vim-nox
(You don't have to do this if you use a different text editor such as joe or nano.)
3. Configure The Network
Because the Ubuntu installer has configured our system to get its network settings via DHCP, we have to change that now because a server should have a static IP address. Edit /etc/network/interfaces and adjust it to your needs (in this example setup I will use the IP address 192.168.0.100):
# This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5). # The loopback network interface auto lo iface lo inet loopback # The primary network interface auto eth0 iface eth0 inet static address 192.168.0.100 netmask 255.255.255.0 network 192.168.0.0 broadcast 192.168.0.255 gateway 192.168.0.1
Then restart your network:
Then edit /etc/hosts. Make it look like this:
127.0.0.1 localhost.localdomain localhost 192.168.0.100 server1.example.com server1 # The following lines are desirable for IPv6 capable hosts ::1 localhost ip6-localhost ip6-loopback fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters ff02::3 ip6-allhosts
echo server1.example.com > /etc/hostname
Both should show server1.example.com now.
4. Update your Linux Installation
Edit /etc/apt/sources.list. Comment out or remove the installation CD from the file and make sure that the universe and multiverse repositories are enabled. It should look like this:
# # deb cdrom:[Ubuntu-Server 9.04 _Jaunty Jackalope_ - Release amd64 (20090421.1)]/ jaunty main restricted #deb cdrom:[Ubuntu-Server 9.04 _Jaunty Jackalope_ - Release amd64 (20090421.1)]/ jaunty main restricted # See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to # newer versions of the distribution. deb http://de.archive.ubuntu.com/ubuntu/ jaunty main restricted deb-src http://de.archive.ubuntu.com/ubuntu/ jaunty main restricted ## Major bug fix updates produced after the final release of the ## distribution. deb http://de.archive.ubuntu.com/ubuntu/ jaunty-updates main restricted deb-src http://de.archive.ubuntu.com/ubuntu/ jaunty-updates main restricted ## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu ## team. Also, please note that software in universe WILL NOT receive any ## review or updates from the Ubuntu security team. deb http://de.archive.ubuntu.com/ubuntu/ jaunty universe deb-src http://de.archive.ubuntu.com/ubuntu/ jaunty universe deb http://de.archive.ubuntu.com/ubuntu/ jaunty-updates universe deb-src http://de.archive.ubuntu.com/ubuntu/ jaunty-updates universe ## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu ## team, and may not be under a free licence. Please satisfy yourself as to ## your rights to use the software. Also, please note that software in ## multiverse WILL NOT receive any review or updates from the Ubuntu ## security team. deb http://de.archive.ubuntu.com/ubuntu/ jaunty multiverse deb-src http://de.archive.ubuntu.com/ubuntu/ jaunty multiverse deb http://de.archive.ubuntu.com/ubuntu/ jaunty-updates multiverse deb-src http://de.archive.ubuntu.com/ubuntu/ jaunty-updates multiverse ## Uncomment the following two lines to add software from the 'backports' ## repository. ## N.B. software from this repository may not have been tested as ## extensively as that contained in the main release, although it includes ## newer versions of some applications which may provide useful features. ## Also, please note that software in backports WILL NOT receive any review ## or updates from the Ubuntu security team. # deb http://de.archive.ubuntu.com/ubuntu/ jaunty-backports main restricted universe multiverse # deb-src http://de.archive.ubuntu.com/ubuntu/ jaunty-backports main restricted universe multiverse ## Uncomment the following two lines to add software from Canonical's ## 'partner' repository. ## This software is not part of Ubuntu, but is offered by Canonical and the ## respective vendors as a service to Ubuntu users. # deb http://archive.canonical.com/ubuntu jaunty partner # deb-src http://archive.canonical.com/ubuntu jaunty partner deb http://security.ubuntu.com/ubuntu jaunty-security main restricted deb-src http://security.ubuntu.com/ubuntu jaunty-security main restricted deb http://security.ubuntu.com/ubuntu jaunty-security universe deb-src http://security.ubuntu.com/ubuntu jaunty-security universe deb http://security.ubuntu.com/ubuntu jaunty-security multiverse deb-src http://security.ubuntu.com/ubuntu jaunty-security multiverse
Then run the following to update the apt package database:
Run the following to install the latest updates:
If you see that a new kernel gets installed as part of the updates, you should reboot the system afterwards:
5. Change The Default Shell
/bin/sh is a symlink to /bin/dash, however we need /bin/bash, not /bin/dash. Therefore we do this:
Install dash as /bin/sh? <-- No
6. Disable AppArmor
AppArmor is a security extension (similar to SELinux) that should provide extended security. In my opinion you don't need it to configure a secure system, and it usually causes more problems than advantages (think of it after you have done a week of trouble-shooting because some service wasn't working as expected, and then you find out that everything was ok, only AppArmor was causing the problem). Therefore I disable it (this is a must if you want to install ISPConfig later on).
We can disable it like this:
7. Install Some Software
Now we install a few packages that are needed later on:
aptitude install binutils cpp fetchmail flex gcc libarchive-zip-perl libc6-dev libcompress-zlib-perl libdb4.6-dev libpcre3 libpopt-dev lynx m4 make ncftp nmap openssl perl perl-modules unzip zip zlib1g-dev autoconf automake1.9 libtool bison autotools-dev g++ build-essential unrar
8. Synchronize the System Clock
It is a good idea to synchronize the system clock with an NTP (network time protocol) server over the internet. Simply run :
apt-get install ntp ntpdate
9. Caching Dnsmasq
apt-get install dnsmasq
Edit /etc/dnsmasq.conf and make Dnsmasq listen on localhost:
Edit /etc/resolv.conf and add the following to the top of the list: