The Perfect SpamSnake - Ubuntu Jeos 10.10 Maverick Meerkat - Page 2

Want to support HowtoForge? Become a subscriber!
 
Submitted by Rocky (Contact Author) (Forums) on Fri, 2010-11-19 16:22. ::

6. Install Postfix:

apt-get install postfix postfix-mysql postfix-doc procmail

You will be asked two questions. Answer as follows:

General type of mail configuration: --> Internet Site
System mail name: --> server1.example.com

Stop Postfix:

postfix stop

We’ll want to edit Postfix with the below:

vi master.cf

We need to add two items below the pickup service type. The pickup service "picks up" local mail (local meaning "on this machine") and delivers it. This is a way to bypass content filtering for mail generated by this machine.

It should look like this when you are done:

pickup    fifo  n       -       -       60      1       pickup
         -o content_filter=
         -o receive_override_options=no_header_body_checks

Edit main.cf:

vi /usr/src/postfix.sh

#!/bin/sh
postconf -e "alias_maps = hash:/etc/aliases"
newaliases
postconf -e "myorigin = domain.tld"
postconf -e "myhostname = server1.domain.tld"
postconf -e "mynetworks = 127.0.0.0/8, 192.168.0.0/24"
postconf -e "message_size_limit = 10485760"
postconf -e "local_transport = error:No local mail delivery"
postconf -e "mydestination = "
postconf -e "local_recipient_maps = "
postconf -e "relay_domains = mysql:/etc/postfix/mysql-relay_domains.cf"
postconf -e "relay_recipient_maps = mysql:/etc/postfix/mysql-relay_recipients.cf"
postconf -e "transport_maps = mysql:/etc/postfix/mysql-transports.cf"
postconf -e "virtual_alias_maps = hash:/etc/postfix/virtual"
postconf -e "disable_vrfy_command = yes"
postconf -e "strict_rfc821_envelopes = no"
postconf -e "smtpd_banner = $myhostname ESMTP SpamSnake"
postconf -e "smtpd_delay_reject = yes"
postconf -e "smtpd_recipient_limit = 100"
postconf -e "smtpd_helo_required = yes"
postconf -e "smtpd_client_restrictions = permit_sasl_authenticated, permit_mynetworks, permit"
postconf -e "smtpd_helo_restrictions = permit_sasl_authenticated, permit_mynetworks, permit"
postconf -e "smtpd_sender_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_sender, reject_unknown_sender_domain, permit"
postconf -e "smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unknown_recipient_domain, reject_unauth_destination, whitelist_policy, grey_policy, rbl_policy, spf_policy, permit"
postconf -e "smtpd_data_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_pipelining"
postconf -e "smtpd_restriction_classes = spf_policy, rbl_policy, grey_policy, whitelist_policy"
postconf -e "spf_policy = check_policy_service unix:private/policy"
postconf -e "rbl_policy = reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net"
postconf -e "grey_policy = check_policy_service unix:private/greyfix"
postconf -e "whitelist_policy = check_client_access mysql:/etc/postfix/mysql-global_whitelist.cf, check_sender_access mysql:/etc/postfix/mysql-global_whitelist.cf"
postconf -e "header_checks = regexp:/etc/postfix/header_checks"
touch /etc/postfix/virtual
echo "root administrator@example.com" >> /etc/postfix/virtual && echo "abuse administrator@example.com" >> /etc/postfix/virtual && echo "postmaster administrator@example.com" >> /etc/postfix/virtual
postmap /etc/postfix/virtual
touch /etc/postfix/header_checks
echo "/^Received:/ HOLD" >> /etc/postfix/header_checks
postmap /etc/postfix/header_checks
cat > /etc/postfix/mysql-global_whitelist.cf <<EOF
#mysql-global_whitelist
user = baruwa
password =
password
dbname = baruwa
query = select concat('PERMIT') 'action' from lists where from_address='%s' AND list_type='1';
hosts = 127.0.0.1
EOF
cat > /etc/postfix/mysql-relay_domains.cf <<EOF
#mysql-relay_domains
user = baruwa
password =
password
dbname = baruwa
query = select concat(address, ' ', 'OK') 'domain' from user_addresses where user_addresses.address='%s' and user_addresses.enabled='1';
hosts = 127.0.0.1
EOF

cat > /etc/postfix/mysql-relay_recipients.cf <<EOF
#mysql-relay_recipients
user = baruwa
password = password
dbname = baruwa
query = select concat('@', address, 'OK') 'email' from user_addresses where user_addresses.address='%d';
hosts = 127.0.0.1
EOF
cat > /etc/postfix/mysql-transports.cf <<EOF
#mysql-transports
user = baruwa
password = password
dbname = baruwa
query = select concat('smtp:[', mail_hosts.address, ']', ':', port) 'transport' from mail_hosts, user_addresses where user_addresses.address = '%s' AND user_addresses.id = mail_hosts.useraddress_id;
hosts = 127.0.0.1
EOF

Note: For this step, make sure to replace anything@example.com, example.com and @example.com with real values that matches your setup.

chmod +x /usr/src/postfix.sh

and run using

./usr/src/postfix.sh

*Note: The user/password for the cf files needs to be the same as the user/password you'll use with your Baruwa DB setup later on.  Make sure to change everything in red before running the script.

Postfix Recipient Callout(Optional)

This feature queries the recipient server to see if the recipient exists. If not, it replies with a 550 error to the sending server and drops the connection. If the user does exist, the SpamSnake will continue processing the email. This is just another method to prevent backscatter, but comes at a price. Read up on it at http://www.postfix.org/ADDRESS_VERIFICATION_README.html. You can skip this method and use the script method (later on in this guide) if you decide it will bog down your server.

vi /etc/postfix/main.cf

and add the following:

verify_recipient = reject_unknown_recipient_domain, reject_unverified_recipient
look_ahead = check_recipient_access hash:/etc/postfix/access
unverified_recipient_reject_code = 550
address_verify_map = btree:/var/lib/postfix/verify

Add this to your smtpd_restriction_classes:

verify_recipient, look_ahead

Add this to smptd_recipient_restrictions:

smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, look_ahead, whitelist_policy, grey_policy, rbl_policy, spf_policy, permit

touch /etc/postfix/access

and add your domains:

domainA.com verify_recipient
domainB.com verify_recipient

*Note: Make sure to add valid domains you're filtering for.

Postmap it:

postmap /etc/postfix/access

Final look at the Postfix install:

less /etc/postfix/main.cf

Check the contents of the file for errors and repair if needed. Fire up Postfix:

postfix start

Check that Postfix responds:

telnet 127.0.0.1 25

You should see:

220 [yourFQDNhere] ESMTP Postfix (Ubuntu)

 

7. Install MailScanner (Apparmor, Clamav, DCC, Pyzor, Razor and Spamassassin)

cd /usr/src
wget http://http.us.debian.org/debian/pool/main/libt/libtool/libltdl3_1.5.26-4+lenny1_$(uname -m | sed -e 's/x86_64/amd64/' -e 's/i686/i386/').deb
dpkg -i libltdl*
apt-get install razor pyzor clamav-daemon libclamav6 apparmor

 

Apparmor configuration for Clamav

Add clamav to the www-data group so that it can access the directory:

usermod -a -G www-data clamav

Now edit the profile for clamd:

vi /etc/apparmor.d/usr.sbin.clamd

and add the Incoming folder to the list of folders

/usr/sbin/clamd {
   #clamav
   /var/spool/MailScanner/** rw,
   /var/spool/MailScanner/incoming/** rw,
   }

Reload apparmor:

/etc/init.d/apparmor reload

 

DCC 32bit/64bit Configuration

Install DCC from .deb source:

cd /tmp
wget http://ppa.launchpad.net/jonasped/ppa/ubuntu/pool/main/d/dcc/dcc-common_1.3.130-0ubuntu1~ppa1~karmic1_$(uname -m | sed -e 's/x86_64/amd64/' -e 's/i686/i386/').deb && dpkg -i dcc-common_1.3.130-0ubuntu1~ppa1~karmic1_$(uname -m | sed -e 's/x86_64/amd64/' -e 's/i686/i386/').deb
wget http://ppa.launchpad.net/jonasped/ppa/ubuntu/pool/main/d/dcc/dcc-client_1.3.130-0ubuntu1~ppa1~karmic1_$(uname -m | sed -e 's/x86_64/amd64/' -e 's/i686/i386/').deb && dpkg -i dcc-client_1.3.130-0ubuntu1~ppa1~karmic1_$(uname -m | sed -e 's/x86_64/amd64/' -e 's/i686/i386/').deb

Test our installation with:

cdcc info

You should get 'requests ok' from the servers.

 

Pyzor Configuration

Because pyzor doesn’t work with python2.6 very well, the workaround is to append the following to the first line of /usr/bin/pyzor to make it look like:

#!/usr/bin/python -Wignore::DeprecationWarning

Here we supply the IP address of the Pyzor server to Pyzor. This will create the server's IP address in a servers file therein. Then it will test the connection. If you are behind a firewall, open port 24441/udp in and out to your server. While you're at it also open up 6277/udp for DCC, 2703/tcp for Razor and 783/tcp for SpamAssassin:

mkdir /var/lib/MailScanner
pyzor --homedir=/var/lib/MailScanner discover
pyzor ping

 

Razor Configuration

Create the .razor configuration:

cd && rm /etc/razor/razor-agent.conf
mkdir /var/lib/MailScanner/.razor
razor-admin -home=/var/lib/MailScanner/.razor -create
razor-admin -home=/var/lib/MailScanner/.razor -discover
razor-admin -home=/var/lib/MailScanner/.razor -register

vi /var/lib/MailScanner/.razor/razor-agent.conf

debuglevel      = 0
razorhome 	     = /var/lib/MailScanner/.razor/

 

Install dependencies:

apt-get install libconvert-tnef-perl libdbd-sqlite3-perl libfilesys-df-perl libmailtools-perl libmime-tools-perl libmime-perl libnet-cidr-perl libsys-syslog-perl libio-stringy-perl libfile-temp-perl libole-storage-lite-perl libarchive-zip-perl libsys-hostname-long-perl libnet-cidr-lite-perl libhtml-parser-perl libdb-file-lock-perl libnet-dns-perl libncurses5-dev libdigest-hmac-perl libdigest-sha1-perl libnet-ip-perl liburi-perl libfile-spec-perl spamassassin libnet-ident-perl libmail-spf-query-perl libmail-dkim-perl dnsutils libio-socket-ssl-perl gdebi-core

 

Download and install the latest MailScanner:

cd /usr/src && wget http://www.mailscanner.info/files/4/tar/MailScanner-install-4.81.4-1.tar.gz
tar xvfz MailScanner-install-4.81.4-1.tar.gz && cd MailScanner-install-4.81.4
./install.sh

Run crontab -e and add the following entries:

37      5 * * *  /opt/MailScanner/bin/update_phishing_sites &> /dev/null 
07      * * * *  /opt/MailScanner/bin/update_bad_phishing_sites &> /dev/null 
58     23 * * * /opt/MailScanner/bin/clean.quarantine &> /dev/null 
42      * * * *  /opt/MailScanner/bin/update_virus_scanners &> /dev/null 
3,23,43 * * * *  /opt/MailScanner/bin/check_mailscanner &> /dev/null 

 

SpamAssassin

First we need to disable the default SpamAssassin configuration file:

mv /etc/spamassassin/local.cf /etc/spamassassin/local.cf.disabled

Now let's backup the SpamAssassin configuration file in MailScanner then edit:

cp /opt/MailScanner/etc/spam.assassin.prefs.conf /opt/MailScanner/etc/spam.assassin.prefs.conf.back

 

SpamAssassin SQL Bayes

Pre-requisities: You'll need the perl-DBI and perl-DBD-MySQL modules installed.

Assumptions and Variables:

SpamAssassin Bayes Database Name: sa_bayes
SpamAssassin Bayes Database UserName: sa_user
SpamAssassin Bayes Database Password: sa_password

Create the MySQL database on the server where you intend on storing the bayesian information.

mysql -u root -p
mysql> create database sa_bayes;
mysql> GRANT ALL ON sa_bayes.* TO sa_user@localhost IDENTIFIED BY 'sa_password';
mysql> flush privileges;

Import database structure:

mysql -u sa_user -p sa_bayes < /usr/share/doc/spamassassin/sql/bayes_mysql.sql

vi /etc/spamassassin/v310.pre to enable DCC:

loadplugin  Mail::SpamAssassin::Plugin::DCC

Create the following to prevent an error in a lint test:

mkdir /var/www/.spamassassin

vi /opt/MailScanner/etc/spam.assassin.prefs.conf

and add the following to the top:

#pyzor
use_pyzor 1
pyzor_options --homedir /var/lib/MailScanner/
   
#razor
use_razor2 1
razor_config /var/lib/MailScanner/.razor/razor-agent.conf

Fix DCC path:

dcc_path /usr/bin/dccproc

Update header string:

bayes_ignore_header X-YOURDOMAIN-COM-MailScanner
bayes_ignore_header X-YOURDOMAIN-COM-MailScanner-SpamCheck
bayes_ignore_header X-YOURDOMAIN-COM-MailScanner-SpamScore
bayes_ignore_header X-YOURDOMAIN-COM-MailScanner-Information
#use_auto_whitelist 0

"YOURDOMAIN-COM" should be replaced with whatever you used for "%org-name%" in the MailScanner.conf file. Leave the "X-" in place. This is the same orgname used in the MailScanner.conf above.

Add sql connection string to bottom:

bayes_store_module Mail::SpamAssassin::BayesStore::SQL
bayes_sql_dsn DBI:mysql:sa_bayes:localhost
bayes_sql_username sa_user
bayes_sql_password sa_password
bayes_sql_override_username root

vi v310.pre

and comment out domainkeys since DKIM has superseeded it:

#loadplugin  Mail::SpamAssassin::Plugin::DomainKeys

Add it to cron:

30 01 * * * /usr/bin/sa-learn --force-expire --sync -p /opt/MailScanner/etc/spam.assassin.prefs.conf 

Install missing perl packages:

perl -MCPAN -e shell
install IP::Country::Fast
install Encode::Detect
install Crypt::OpenSSL::RSA

Set permissions to bring it all together:

chown -R postfix:www-data /var/spool/postfix/hold
chmod -R ug+rwx /var/spool/postfix/hold

Test out the setup:

spamassassin -x -D -p /opt/MailScanner/etc/spam.assassin.prefs.conf --lint

Check for lines like:

debug: bayes: Database connection established
debug: bayes: found bayes db version 3
debug: bayes: Using userid: 2

You should see lines come up with DCC, Pyzor and Razor that say loading plugin and hopefully no errors.

 

MailScanner Configuration

We need to make a directory for SpamAssassin in the spool and give postfix permissions to it, if you run sa-learn --force as root, bayes databese that is stored in these directories will change to root:root and spamassassin will error looking at the db. Just keep an eye on the mail.log and you'll remember to change the permissions back. Also disable the MailScanner default configs:

mkdir /var/spool/MailScanner/spamassassin

Backup your MailScanner.conf file:

cp /opt/MailScanner/etc/MailScanner.conf /opt/MailScanner/etc/MailScanner.conf.dist
vi /opt/MailScanner/etc/MailScanner.conf

Change the following parameters in MailScanner.conf with the following script:

vi /usr/src/mailscanner.sh

chmod +x mailscanner.sh

and run using

./usr/src/mailscanner.sh

sed -i "/^%org-name% =/ c\%org-name% =orgname" /opt/MailScanner/etc/MailScanner.conf
sed -i "/^%org-long-name% =/ c\%org-long-name% = longorgname" /opt/MailScanner/etc/MailScanner.conf
sed -i "/^%web-site% =/ c\%web-site% = www.domain.tld" /opt/MailScanner/etc/MailScanner.conf
sed -i "/^Run As User =/ c\Run As User = postfix" /opt/MailScanner/etc/MailScanner.conf
sed -i "/^Run As Group =/ c\Run As Group =  www-data" /opt/MailScanner/etc/MailScanner.conf
sed -i "/^Incoming Work Group =/ c\Incoming Work Group = clamav" /opt/MailScanner/etc/MailScanner.conf
sed -i "/^Incoming Work Permissions =/ c\Incoming Work Permissions = 0640" /opt/MailScanner/etc/MailScanner.conf
sed -i "/^Incoming Queue Dir =/ c\Incoming Queue Dir = /var/spool/postfix/hold" /opt/MailScanner/etc/MailScanner.conf
sed -i "/^Outgoing Queue Dir =/ c\Outgoing Queue Dir = /var/spool/postfix/incoming" /opt/MailScanner/etc/MailScanner.conf
sed -i "/^MTA =/ c\MTA = postfix" /opt/MailScanner/etc/MailScanner.conf
sed -i "/^Quarantine User =/ c\Quarantine User = root" /opt/MailScanner/etc/MailScanner.conf
sed -i "/^Quarantine Group =/ c\Quarantine Group = www-data" /opt/MailScanner/etc/MailScanner.conf
sed -i "/^Quarantine Permissions =/ c\Quarantine Permissions = 0660" /opt/MailScanner/etc/MailScanner.conf
sed -i "/^Quarantine Whole Message =/ c\Quarantine Whole Message = yes" /opt/MailScanner/etc/MailScanner.conf
sed -i "/^Virus Scanners =/ c\Virus Scanners = clamd" /opt/MailScanner/etc/MailScanner.conf
sed -i "/^Monitors for ClamAV Updates =/ c\Monitors for ClamAV Updates = /var/lib/clamav/*.cld /var/lib/clamav/*.cvd" /opt/MailScanner/etc/MailScanner.conf
sed -i "/^Clamd Socket =/ c\Clamd Socket = /var/run/clamav/clamd.ctl" /opt/MailScanner/etc/MailScanner.conf
sed -i "/^Clamd Lock File =/ c\Clamd Lock File = /var/run/clamav/clamd.pid" /opt/MailScanner/etc/MailScanner.conf
sed -i "/^Spam Subject Text =/ c\Spam Subject Text = ***SPAM***" /opt/MailScanner/etc/MailScanner.conf
sed -i "/^Spam Actions =/ c\Spam Actions = deliver store" /opt/MailScanner/etc/MailScanner.conf
sed -i "/^High Scoring Spam Actions =/ c\High Scoring Spam Actions = store delete" /opt/MailScanner/etc/MailScanner.conf
sed -i "/^Non Spam Actions =/ c\Non Spam Actions = deliver store" /opt/MailScanner/etc/MailScanner.conf
sed -i "/^SpamAssassin User State Dir =/ c\SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin" /opt/MailScanner/etc/MailScanner.conf 

*Note: Make sure to change the items in red before running the script.

 

MailScanner Startup Script:

vi /etc/init.d/mailscanner

with the following and do a

chmod +x /etc/init.d/mailscanner

#! /bin/sh
   ### BEGIN INIT INFO
   # Provides:          MailScanner daemon
   # Required-Start:    $local_fs $remote_fs
   # Required-Stop:     $local_fs $remote_fs
   # Default-Start:     2 3 4 5
   # Default-Stop:      0 1 6
   # Short-Description: Controls mailscanner instances
   # Description:       MailScanner is a queue-based spam/virus filter
   ### END INIT INFO
   # Author: Simon Walter <simon.walter@hp-factory.de>
   # PATH should only include /usr/* if it runs after the mountnfs.sh script
   PATH=/usr/sbin:/usr/bin:/bin:/sbin:/opt/MailScanner/bin
   DESC="mail spam/virus scanner"
   NAME=MailScanner
   PNAME=mailscanner
   DAEMON=/opt/MailScanner/bin/$NAME
   STARTAS=MailScanner
   SCRIPTNAME=/etc/init.d/$PNAME
   CONFFILE=/opt/MailScanner/etc/MailScanner.conf
   # Exit if the package is not installed
   [ -x "$DAEMON" ] || exit 0
   run_nice=0
   stopped_lockfile=/var/lock/subsys/MailScanner.off
   # Read configuration variable file if it is present
   [ -r /etc/default/$PNAME ] && . /etc/default/$PNAME
   # Load the VERBOSE setting and other rcS variables
   . /lib/init/vars.sh
   # Define LSB log_* functions.
   # Depend on lsb-base (>= 3.0-6) to ensure that this file is present.
   . /lib/lsb/init-functions
   # sanity check for permissions
   fail()
   {
   echo >&2 "$0: $1"
   exit 1
   }
   check_dir()
   {
   if [ ! -d $1 ]; then
   mkdir -p "$1" || \
   fail "directory $1: does not exist and cannot be created"
   fi
   actual="$(stat -c %U $1)"
   if [ "$actual" != "$2" ]; then
   chown -R "$2" "$1" || \
   fail "directory $1: wrong owner (expected $2 but is $actual)"
   fi
   actual="$(stat -c %G $1)"
   if [ "$actual" != "$3" ]; then
   chgrp -R "$3" "$1" || \
   fail "directory $1: wrong group (expected $3 but is $actual)"
   fi
   }
   user=$(echo $(awk -F= '/^Run As User/ {print $2; exit}' $CONFFILE))
   group=$(echo $(awk -F= '/^Run As Group/ {print $2; exit}' $CONFFILE))
   check_dir /var/spool/MailScanner       ${user:-postfix} ${group:-www-data}
   check_dir /var/lib/MailScanner         ${user:-postfix} ${group:-www-data}
   check_dir /var/run/MailScanner         ${user:-postfix} ${group:-www-data}
   check_dir /var/lock/subsys	${user:-root}	${group:-root} #Required to Create Folder
   check_dir /var/lock/subsys/MailScanner ${user:-postfix} ${group:-www-data}
   #
   # Function that starts the daemon/service
   #
   do_start()
   {
   # Return
   #   0 if daemon has been started
   #   1 if daemon was already running
   #   2 if daemon could not be started
   start-stop-daemon --start --quiet --startas $STARTAS --name $NAME --test > /dev/null \
   || return 1
   start-stop-daemon --start --quiet --nicelevel $run_nice --chuid postfix:www-data --exec $DAEMON --name $NAME -- $DAEMON_ARGS \
   || return 2
   # Add code here, if necessary, that waits for the process to be ready
   # to handle requests from services started subsequently which depend
   # on this one.  As a last resort, sleep for some time.
   # Set lockfile to inform cronjobs about the running daemon
   RETVAL="$?"
   if [ $RETVAL -eq 0 ]; then
   touch /var/lock/subsys/mailscanner
   rm -f $stopped_lockfile
   fi
   if [ $RETVAL -eq 0 ]; then
   echo "MailScanner Started"
   fi
   }
   #
   # Function that stops the daemon/service
   #
   do_stop()
   {
   # Return
   #   0 if daemon has been stopped
   #   1 if daemon was already stopped
   #   2 if daemon could not be stopped
   #   other if a failure occurred
   start-stop-daemon --stop --retry=TERM/30 --name $NAME
   RETVAL="$?"
   [ "$RETVAL" = 2 ] && return 2
   # Remove lockfile for cronjobs
   if [ $RETVAL -eq 0 ]; then
   rm -f /var/lock/subsys/mailscanner
   touch $stopped_lockfile
   fi
   if [ $RETVAL -eq 0 ]; then
   echo "MailScanner Stopped"
   fi
   }
   #
   # Function that sends a SIGHUP to the daemon/service
   #
   do_reload() {
   start-stop-daemon --stop --signal 1 --quiet --name $NAME
   return 0
   }
   case "$1" in
   start)
   [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME"
   do_start
   case "$?" in
   0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
   2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
   esac
   ;;
   stop)
   [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME"
   do_stop
   case "$?" in
   0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
   2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
   esac
   ;;
   restart|force-reload)
   #
   # If the "reload" option is implemented then remove the
   # 'force-reload' alias
   #
   log_daemon_msg "Restarting $DESC" "$NAME"
   do_stop
   case "$?" in
   0|1)
   do_start
   case "$?" in
   0) log_end_msg 0 ;;
   1) log_end_msg 1 ;; # Old process is still running
   *) log_end_msg 1 ;; # Failed to start
   esac
   ;;
   *)
   # Failed to stop
   log_end_msg 1
   ;;
   esac
   ;;
   *)
   echo "Usage: $SCRIPTNAME {start|stop|restart|force-reload}" >&2
   exit 3
   ;;
   esac
 exit 0

Create Symlinks for mailscanner script to work:

chmod 755 /etc/init.d/mailscanner
update-rc.d mailscanner defaults
ln -s /opt/MailScanner/bin/Quick.Peek /usr/sbin/Quick.Peek

Start the system:

/etc/init.d/mailscanner start
/etc/init.d/postfix start

Check your logs for errors:

tail -f /var/log/mail.log

Check your mail.log (tail –f /var/log/mail.log) and you should see the following:

Jun 13 12:18:23 hoshi MailScanner[26388]: MailScanner E-Mail Virus Scanner version 4.81.4 starting...

Congratulations - you now have MailScanner logging to MySQL.


Please do not use the comment function to ask for help! If you need help, please use our forum.
Comments will be published after administrator approval.
Submitted by xalfeiran (registered user) on Tue, 2011-12-06 20:43.
How can i customize spamassassin rules? baruwa is reporting valid mail marked as spam:
3.09  DOS_OE_TO_MX                  Delivered direct to MX with OE headers
0.00  DYN_RDNS_SHORT_HELO_HTML      Sent by dynamic rDNS, short HELO, and HTML
0.00  FSL_HELO_NON_FQDN_1
0.00  HELO_NO_DOMAIN                Relay reports its domain incorrectly
0.00  HTML_MESSAGE                  HTML included in message
3.56  RCVD_IN_PBL                   Received via a relay in Spamhaus PBL
1.28  RCVD_IN_RP_RNBL               Relay in RNBL, https://senderscore.org/blacklistlookup/
0.36  RDNS_DYNAMIC                  Delivered to internal network by host with dynamic-looking rDNS
Thanks
Submitted by Tony Grenda (not registered) on Thu, 2011-05-12 20:44.
I had to open Port 873/TCP on my firewall for the rsync protocol to work for the SaneSecurity signatures to download.
Submitted by lugi (not registered) on Fri, 2011-04-15 17:05.

When i trying to lauch => install Crypt::OpenSSL::RSA i have this problem . Can you help me please.

I trying => Crypt::OpenSSL::Random  but it doesn't work also 

 

Checking if your kit is complete...
Looks good
Writing Makefile for Crypt::OpenSSL::Random
cp Random.pm blib/lib/Crypt/OpenSSL/Random.pm
AutoSplitting blib/lib/Crypt/OpenSSL/Random.pm (blib/lib/auto/Crypt/OpenSSL/Random)
/usr/bin/perl /usr/share/perl/5.10/ExtUtils/xsubpp  -typemap /usr/share/perl/5.10/ExtUtils/typemap  Random.xs > Random.xsc && mv Random.xsc Random.c
Please specify prototyping behavior for Random.xs (see perlxs manual)
cc -c   -D_REENTRANT -D_GNU_SOURCE -DDEBIAN -fno-strict-aliasing -pipe -fstack-protector -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -O2 -g   -DVERSION=\"0.04\" -DXS_VERSION=\"0.04\" -fPIC "-I/usr/lib/perl/5.10/CORE"   Random.c
Random.xs:5: fatal error: openssl/rand.h: No such file or directory
compilation terminated.
make: *** [Random.o] Error 1
  IROBERTS/Crypt-OpenSSL-Random-0.04.tar.gz
  /usr/bin/make -- NOT OK
Running make test
  Can't test without successful make
Running make install
  Make had returned bad status, install seems impossible
Running make for I/IR/IROBERTS/Crypt-OpenSSL-RSA-0.26.tar.gz
  Has already been unwrapped into directory /root/.cpan/build/Crypt-OpenSSL-RSA-0.26-OaSkf7

  CPAN.pm: Going to build I/IR/IROBERTS/Crypt-OpenSSL-RSA-0.26.tar.gz

Warning: Prerequisite 'Crypt::OpenSSL::Random => 0' for 'IROBERTS/Crypt-OpenSSL-RSA-0.26.tar.gz' failed when processing 'IROBERTS/Crypt-OpenSSL-Random-0.04.tar.gz' with 'make => NO'. Continuing, but chances to succeed are limited.
CPAN: Time::HiRes loaded ok (v1.9719)
cp RSA.pm blib/lib/Crypt/OpenSSL/RSA.pm
AutoSplitting blib/lib/Crypt/OpenSSL/RSA.pm (blib/lib/auto/Crypt/OpenSSL/RSA)
/usr/bin/perl /usr/share/perl/5.10/ExtUtils/xsubpp  -typemap /usr/share/perl/5.10/ExtUtils/typemap -typemap typemap  RSA.xs > RSA.xsc && mv RSA.xsc RSA.c
cc -c   -D_REENTRANT -D_GNU_SOURCE -DDEBIAN -fno-strict-aliasing -pipe -fstack-protector -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -O2 -g   -DVERSION=\"0.26\" -DXS_VERSION=\"0.26\" -fPIC "-I/usr/lib/perl/5.10/CORE"  -DPERL5 -DOPENSSL_NO_KRB5 RSA.c
RSA.xs:5: fatal error: openssl/bio.h: No such file or directory
compilation terminated.
make: *** [RSA.o] Error 1
  IROBERTS/Crypt-OpenSSL-RSA-0.26.tar.gz
  /usr/bin/make -- NOT OK
Running make test
  Can't test without successful make
Running make install
  Make had returned bad status, install seems impossible

Submitted by Rocky (registered user) on Mon, 2011-04-18 18:53.

Try:

apt-get install libcrypt-openssl-random-perl libcrypt-openssl-rsa-perl

Submitted by Alexander Meesters (not registered) on Wed, 2011-04-06 13:33.

i think its better to use:

 sudo update-rc.d mailscanner defaults

 then creating it by hand...

Submitted by Anvar (not registered) on Thu, 2011-02-10 09:30.

Best to install the clamav data;

 apt-get install clamav-data and afterwards /etc/init.d/clamav-daemon start

Submitted by Anvar (not registered) on Thu, 2011-02-10 08:58.
Maybe handy to add the location of the master.cf file; /etc/postfix
Submitted by w0rldart (not registered) on Mon, 2011-01-17 14:03.

Hi, i am suposed to look for 

debug: bayes: Database connection established
debug: bayes: found bayes db version 3
debug: bayes: Using userid: 2

as response to  spamassassin -x -D -p /opt/MailScanner/etc/spam.assassin.prefs.conf --lint , but in stead i get

 Jan 17 13:56:55.129 [10360] dbg: timing: total 1152 ms - init: 770 (66.8%), parse: 0.81 (0.1%), extract_message_metadata: 1.36 (0.1%), get_uri_detail_list: 0.98 (0.1%), tests_pri_-1000: 7 (0.6%), compile_gen: 149 (12.9%), compile_eval: 16 (1.4%), tests_pri_-950: 5 (0.4%), tests_pri_-900: 5 (0.5%), tests_pri_-400: 5 (0.4%), tests_pri_0: 309 (26.8%), tests_pri_500: 45 (3.9%)

Jan 17 13:56:55.129 [10360] warn: lint: 2 issues detected, please rerun with debug enabled for more information

 

 Can any1 help me out?

Submitted by Rocky (registered user) on Tue, 2011-01-18 14:40.

Hi,

Please post your issue in the support forum and we'll gladly help you out.

Thanks,

Rocky

Submitted by Moso (registered user) on Tue, 2010-12-21 18:38.

Hi!

As always, great guide! 

I am using Ubuntu Server 10.04 and in "Install missing perl packages" step I get the following error:

---

root@spamsnake:~# perl -MCPAN -e shell
Terminal does not support AddHistory.

cpan shell -- CPAN exploration and modules installation (v1.9402)
Enter 'h' for help.

cpan[1]> install Crypt::OpenSSL::RSA
CPAN: Storable loaded ok (v2.20)
Going to read '/root/.cpan/Metadata'
  Database was generated on Tue, 21 Dec 2010 16:35:00 GMT
Running install for module 'Crypt::OpenSSL::RSA'
CPAN: Data::Dumper loaded ok (v2.124)
'YAML' not installed, falling back to Data::Dumper and Storable to read prefs '/root/.cpan/prefs'
Running make for I/IR/IROBERTS/Crypt-OpenSSL-RSA-0.26.tar.gz
CPAN: Digest::SHA loaded ok (v5.47)
CPAN: Compress::Zlib loaded ok (v2.02)
Checksum for /root/.cpan/sources/authors/id/I/IR/IROBERTS/Crypt-OpenSSL-RSA-0.26.tar.gz ok
Scanning cache /root/.cpan/build for sizes
............................................................................DONE
CPAN: Archive::Tar loaded ok (v1.52)
Crypt-OpenSSL-RSA-0.26/
Crypt-OpenSSL-RSA-0.26/RSA.xs
Crypt-OpenSSL-RSA-0.26/RSA.pm
Crypt-OpenSSL-RSA-0.26/typemap
Crypt-OpenSSL-RSA-0.26/MANIFEST
Crypt-OpenSSL-RSA-0.26/Makefile.PL
Crypt-OpenSSL-RSA-0.26/LICENSE
Crypt-OpenSSL-RSA-0.26/Changes
Crypt-OpenSSL-RSA-0.26/t/
Crypt-OpenSSL-RSA-0.26/t/format.t
Crypt-OpenSSL-RSA-0.26/t/bignum.t
Crypt-OpenSSL-RSA-0.26/t/rsa.t
Crypt-OpenSSL-RSA-0.26/README
Crypt-OpenSSL-RSA-0.26/META.yml
CPAN: File::Temp loaded ok (v0.22)

  CPAN.pm: Going to build I/IR/IROBERTS/Crypt-OpenSSL-RSA-0.26.tar.gz

Checking if your kit is complete...
Looks good
Warning: prerequisite Crypt::OpenSSL::Random 0 not found.
Writing Makefile for Crypt::OpenSSL::RSA
Could not read '/root/.cpan/build/Crypt-OpenSSL-RSA-0.26-PTQVSZ/META.yml'. Falling back to other methods to determine prerequisites
---- Unsatisfied dependencies detected during ----
----  IROBERTS/Crypt-OpenSSL-RSA-0.26.tar.gz  ----
    Crypt::OpenSSL::Random [requires]
Shall I follow them and prepend them to the queue
of modules we are processing right now? [yes]
Running make test
  Delayed until after prerequisites
Running make install
  Delayed until after prerequisites
Running install for module 'Crypt::OpenSSL::Random'
'YAML' not installed, falling back to Data::Dumper and Storable to read prefs '/root/.cpan/prefs'
Running make for I/IR/IROBERTS/Crypt-OpenSSL-Random-0.04.tar.gz
Checksum for /root/.cpan/sources/authors/id/I/IR/IROBERTS/Crypt-OpenSSL-Random-0.04.tar.gz ok
Crypt-OpenSSL-Random-0.04/
Crypt-OpenSSL-Random-0.04/Random.pm
Crypt-OpenSSL-Random-0.04/Random.xs
Crypt-OpenSSL-Random-0.04/LICENSE
Crypt-OpenSSL-Random-0.04/Changes
Crypt-OpenSSL-Random-0.04/test.pl
Crypt-OpenSSL-Random-0.04/Makefile.PL
Crypt-OpenSSL-Random-0.04/META.yml
Crypt-OpenSSL-Random-0.04/MANIFEST

  CPAN.pm: Going to build I/IR/IROBERTS/Crypt-OpenSSL-Random-0.04.tar.gz

Checking if your kit is complete...
Looks good
Writing Makefile for Crypt::OpenSSL::Random
Could not read '/root/.cpan/build/Crypt-OpenSSL-Random-0.04-T4RbJx/META.yml'. Falling back to other methods to determine prerequisites
cp Random.pm blib/lib/Crypt/OpenSSL/Random.pm
AutoSplitting blib/lib/Crypt/OpenSSL/Random.pm (blib/lib/auto/Crypt/OpenSSL/Random)
/usr/bin/perl /usr/share/perl/5.10/ExtUtils/xsubpp  -typemap /usr/share/perl/5.10/ExtUtils/typemap  Random.xs > Random.xsc && mv Random.xsc Random.c
Please specify prototyping behavior for Random.xs (see perlxs manual)
cc -c   -D_REENTRANT -D_GNU_SOURCE -DDEBIAN -fno-strict-aliasing -pipe -fstack-protector -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -O2 -g   -DVERSION=\"0.04\" -DXS_VERSION=\"0.04\" -fPIC "-I/usr/lib/perl/5.10/CORE"   Random.c
Random.xs:5:26: error: openssl/rand.h: No such file or directory
make: *** [Random.o] Error 1
  IROBERTS/Crypt-OpenSSL-Random-0.04.tar.gz
  /usr/bin/make -- NOT OK
Warning (usually harmless): 'YAML' not installed, will not store persistent state
Running make test
  Can't test without successful make
Running make install
  Make had returned bad status, install seems impossible
Running make for I/IR/IROBERTS/Crypt-OpenSSL-RSA-0.26.tar.gz
  Has already been unwrapped into directory /root/.cpan/build/Crypt-OpenSSL-RSA-0.26-PTQVSZ

  CPAN.pm: Going to build I/IR/IROBERTS/Crypt-OpenSSL-RSA-0.26.tar.gz

Warning: Prerequisite 'Crypt::OpenSSL::Random => 0' for 'IROBERTS/Crypt-OpenSSL-RSA-0.26.tar.gz' failed when processing 'IROBERTS/Crypt-OpenSSL-Random-0.04.tar.gz' with 'make => NO'. Continuing, but chances to succeed are limited.
CPAN: Time::HiRes loaded ok (v1.9719)
cp RSA.pm blib/lib/Crypt/OpenSSL/RSA.pm
AutoSplitting blib/lib/Crypt/OpenSSL/RSA.pm (blib/lib/auto/Crypt/OpenSSL/RSA)
/usr/bin/perl /usr/share/perl/5.10/ExtUtils/xsubpp  -typemap /usr/share/perl/5.10/ExtUtils/typemap -typemap typemap  RSA.xs > RSA.xsc && mv RSA.xsc RSA.c
cc -c   -D_REENTRANT -D_GNU_SOURCE -DDEBIAN -fno-strict-aliasing -pipe -fstack-protector -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -O2 -g   -DVERSION=\"0.26\" -DXS_VERSION=\"0.26\" -fPIC "-I/usr/lib/perl/5.10/CORE"  -DPERL5 -DOPENSSL_NO_KRB5 RSA.c
RSA.xs:5:25: error: openssl/bio.h: No such file or directory
[several errors like above...]
make: *** [RSA.o] Error 1
  IROBERTS/Crypt-OpenSSL-RSA-0.26.tar.gz
  /usr/bin/make -- NOT OK
Warning (usually harmless): 'YAML' not installed, will not store persistent state
Running make test
  Can't test without successful make
Running make install
  Make had returned bad status, install seems impossible
Failed during this command:
 IROBERTS/Crypt-OpenSSL-Random-0.04.tar.gz    : make NO
 IROBERTS/Crypt-OpenSSL-RSA-0.26.tar.gz       : make NO

cpan[2]>

---

Any ideas of how to fix it?

Submitted by topdog (registered user) on Thu, 2010-12-23 07:51.

You do not have the openssl header files. Random.xs:5:26: error: openssl/rand.h: No such file or directory

 Install the openssl-dev package

Submitted by alexhora (registered user) on Mon, 2012-03-12 01:21.

on ubuntu its

apt-get install libssl-dev

regards

Submitted by Naz (not registered) on Wed, 2010-12-08 04:48.

Hi, thank you for the great how-to. pyzor_add_header 1 is no longer a valid config option with the newer versions of spamassassin and will generate warning. You can see it at the --lint output.

Submitted by Anonymous (not registered) on Tue, 2010-12-07 16:07.
 spamassing test error
 
Dec  7 15:20:15.262 [15606] warn: config: failed to parse line, skipping, in "/etc/spamassassin/mailscanner.cf": pyzor_add_header 1
Dec  7 15:20:15.264 [15606] warn: config: failed to parse line, skipping, in "/opt/MailScanner/etc/spam.assassin.prefs.conf": pyzor_add_header 1                                          
best regards
 
 
 
Submitted by Rocky (registered user) on Wed, 2010-12-08 16:22.

Updated thanks.

Submitted by Anonymous (not registered) on Sat, 2010-12-04 10:51.

there is no directory: cp /opt/MailScanner/etc/spam.assassin.prefs.conf

 

Submitted by Rocky (registered user) on Sat, 2010-12-04 18:11.
Guide updated, mailscanner should be installed first.
Submitted by Eddo (not registered) on Tue, 2010-11-30 15:58.

Great I was waiting for this one!

At step 7 I think you mean the libclamav-client-perl? and should we install spamassassin here or download it and install from source?

Regards,

Submitted by Rocky (registered user) on Wed, 2010-12-01 20:16.
It should be libclamav6. Also, I moved the dependencies up a bit, we want it before the spamassassin section.


Submitted by Eddo (not registered) on Tue, 2010-11-30 15:49.

Great I was waiting for this one!

At step 7 I think you mean the libclamav-client-perl?

Regards,