Mailscanner/Exim Gateway With Communigate PRO Guide

In this tutorial we will be installing and setting up Mailscanner as a mail firewall in front of a Communigate pro cluster. This tutorial has been written for the CENTOS 5.x Linux distro but am sure it can be used for any other Linux based system with little modifications. The system will run with SELinux in enforcing mode. The components that we will use include:

  • Mailscanner
  • Clamav
  • exim
  • apache
  • mailwatch
  • razor
  • spamassassin
  • mysql
  • fuzzy ocr
  • sanesecurity signatures
  • mailfeeder


Install Packages

I assume that you have installed a bare bores CENTOS 5 system with the "Development Tools" group to work with so I will not go much into issues such as package selection and partition layout. As we will need to install certain software that is not part of the default CENTOS bases, we need to configure the system to use Dag Wieers rpm repo as he does package lots of software that we need.

rpm -Uhv

With that done we have configured the system to use the rpmforge repo.

For this tutorial the working directory will be /usr/local/src - all downloads should be downloaded to and extracted in there.



yum install exim -y
/usr/sbin/alternatives --set mta /usr/sbin/sendmail.exim
service sendmail stop
/sbin/chkconfig --level 345 sendmail off
/sbin/chkconfig --level 345 exim off



tar xzvf MailScanner-4.66.5-3.rpm.tar.gz
cd MailScanner-4.66.5-3



yum install clamav clamav-db clamd -y


Sanesecurity Signatures

wget -O /usr/local/bin/
chmod +x /usr/local/bin/
ln -s /usr/local/bin/ /etc/cron.hourly/



yum install httpd php php-mysql php-gd php-eaccelerator -y /sbin/chkconfig --level 345 httpd on



yum install spamassassin -y


Fuzzy OCR

yum install netpbm-progs ocrad gocr gifsicle giflib-utils giflib -y
svn co svn://
cd devel/
perl -MCPAN -e 'install String::Approx'
perl -MCPAN -e 'install Time::HiRes'
perl -MCPAN -e 'install Log::Agent'
cp -rv {,FuzzyOcr.scansets,FuzzyOcr.preps,,FuzzyOcr.words,FuzzyOcr/} /etc/mail/spamassassin
chcon -R system_u:object_r:etc_mail_t /etc/mail/spamassassin/{,FuzzyOcr.scansets,FuzzyOcr.preps,,FuzzyOcr.words,FuzzyOcr/}
wget -O /etc/mail/spamassassin/FuzzyOcr.words



yum install razor-agents



yum install mysql mysql-server -y



tar xzvf mailwatch-1.0.4.tar.gz
cd mailwatch-1.0.4
cp -av mailscanner/* /var/www/html/
cp /var/www/html/conf.php.example /var/www/html/conf.php
mkdir /var/www/html/temp
chmod u+rwx /var/www/html/temp
rm -f /var/www/html/{index.php,xml,jpgraph,fpdf}
cp /var/www/html/status.php /var/www/html/index.php
mv /var/www/html/jpgraph-1.12.1 /var/www/html/jpgraph
mv /var/www/html/fpdf152 /var/www/html/fpdf
mv /var/www/html/xmlrpc_1.2 /var/www/html/xmlrpc
chown apache.apache -R /var/www/html/
chmod ug+rwx /var/www/html/images
chmod ug+rwx /var/www/html/images/cache
chcon -R system_u:object_r:httpd_sys_content_t /var/www/html/
cp /usr/lib/MailScanner/MailScanner/CustomFunctions/
cp /usr/lib/MailScanner/MailScanner/CustomFunctions/
cp tools/db_clean.php /usr/local/bin/
cp tools/quarantine_maint.php /usr/local/bin/



tar xzvf mailfeeder-0.2.3.tar.gz
cd mailfeeder-0.2.3
cp mailfeeder /usr/local/bin/


Configure Packages

Configure Exim


To run exim with mailscanner you need 2 configuration files one for the daemon that will listen on port 25 and accept incoming mail and another for the exim process that will deliver the clean mail that has been scanned by mailscanner. You also require 2 queues one for incoming and the other for clean mail that has been scanned.

I will not dwell on all the configuration options that exim provides i expect that you will be able to get detailed info else where on how to configure an normal running exim system so i will only focus on those areas that are specific to this setup.

  • So to begin backup your exim configuration then create the second configuration file out the outbound process.

cp /etc/exim/exim.conf /etc/exim/exim.conf.orig
cp /etc/exim/exim.conf /etc/exim/exim_out.conf


Inbound Exim

This is the configuration for the exim daemon that listens on port 25 and accepts the messages and queues them for mailscanner to process. The configuration file is /etc/exim/exim.conf.


Anti-virus / Sanesecurity Checks

Configure the incoming exim daemon (/etc/exim/exim.conf) to use clamav to scan incoming mail and reject virus infected email and image and pdf spam at smtp time.

av_scanner = clamd:/var/run/clamav/clamd.sock


Mail Routing

Configure the domains you accept mail for, we will add these to a file /etc/exim/relay_domains.

# example /etc/exim/relay_domains

Specify this in the exim configuration:

domainlist relay_to_domains = lsearch;/etc/exim/relay_domains

Configure the routing of the domains you are filtering mail for in the file /etc/exim/mail-routes.

#example /etc/exim/mail-routes #this domain is on a CGP cluster of 2 front end nodes # this delivers to one CGP machine

Configure a router to accept mail for the relay domains. You need to add this under the check_backend: router (see address verification below).

  driver = manualroute
  domains = +relay_to_domains
  transport = remote_smtp
  route_data = ${lookup{$domain}lsearch{/etc/exim/mail-routes}}


Mailscanner Intergration

Configure the inbound exim just to queue the messages and not deliver to enable mailscanner to process them.

spool_directory = /var/spool/
process_log_path = /var/spool/exim/
queue_only = true
queue_only_override = false



Configure the RBL's under acl_check_rcpt:

drop    message       = REJECTED because $sender_host_address is in a black list
           dnslists      =
drop    message       = REJECTED because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text
           dnslists      =
drop    message       = REJECTED because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text
           dnslists      =
Share this page:

0 Comment(s)

Add comment