Mandriva 2005 Postfix Anti-Spam, Anti-Virus Relay Server for Exchange Server 2000/2003 - Page 5

STEP 6: Install and configure Clam-AV At your putty window, type in the following to install Clam-AV:

urpmi clamav
urpmi clamd

Configure clamd to run as the amavis user. Edit /etc/clamd.conf:

vi /etc/clamd.conf

Hit "i" to start editing, find the lne that reads "User clamav" and change to user amavis like below:

# Run as a selected user (clamd must be started by root).
# Default: disabled
User amavis 

Change the owner under /var/lib/clamav to amavis as follows:

chown -R amavis:amavis /var/lib/clamav

Start the clamd daemon:

service clamd start

STEP 7: Configure your Exchange Server

First, a little explanation how this whole SPAM thing works with our current setup. Potential SPAM messages get received, they are processed, if found as spam, they are tagged as such in the headers and most notably for the user's sake, the subject of the email gets appended with ***SPAM*** (If you followed this guide exactly) and it still gets delivered to the user. It's important to understand that potential spam email does NOT get deleted but instead it's marked and passed to the user. Now, the user has two choices. If the email really is spam the user can just delete it. If the spam filter screwed up and the e-mail did get tagged as spam even though it shouldn't have, the user has to have a way of telling you that the e-mail should not get tagged as spam anymore. Vice versa, if the spam filter missed an email that should had been marked as spam but didn't, the user has to be able to tell you that this e-mail must be marked as spam next time. So we have to give the users a way of moving messages in two separate areas, one for SPAM and one for NON-SPAM or HAM if you will.

How do we do that in Exchange? Well, it's very simple. We need to create two folders under the public folder store, one called "SPAM" and the other called "HAM" or whatever you want. So, "SPAM" is BAD, and "HAM" is good. So, here's how to do it:

a. Create Public Folders for HAM and SPAM In your exchange box, fire up Exchange System Manager and navigate to Folders, Public Folders and then right-click on Public Folders and select "New" "Public" Folder. Under the "Name" enter "SPAM" without the quotes of course. Repeat this process and create a "HAM" folder. Now, let's verify permissions for those folders. Right-click the Public Folders again and click "Refresh". Your two new folders should appear on the pane on the right-hand side. Right-click one of the folders and click on "Properties". On the window that appears, click on "Permissions" then "Client Permissions". Ensure that under the Role author, the following items are checked/unchecked accordingly. "Create items" should be checked, "Read Items" should NOT be checked, "Create Subfolders" should NOT be checked, "Edit Items" should only have "Own" checked. "Folder Visible" should be checked, and under "Delete Items" "Own" should be checked. Repeat steps for other folder. In this configuration, users can move/copy items to those folders but they cannot read other people's emails and they can only delete their items and they cannot make any other modifications like create subfolders under these folders.

b. Enable IMAP on your Exchange Box Now, we must enable IMAP on your Exchange server. IMAP is disabled by default. Here's how to enable it: Go under "Services" which should be under "Administrative Tools" and scroll down the services list until you find "Microsoft Exchange IMAP4". You will see that the service is disabled. Let's enable it. Right click on the "Microsoft Exchange IMAP4" service and click on "Properties". Under the "General" tab in the "Startup Type" dropdown, change it to "Automatic". Under the "Log On" tab, make sure the "Log on as" field is set to "Local System Account". Next click "OK". Now, right click on the "Microsoft Exchange IMAP4" service and click on "Start". You should see the service start and show as "Started" in the service list. Also, ensure the "Startup Type" has been changed to "Automatic". Your Exchange Server should be accepting connections through IMAP. Test it: From a command prompt on your server type the following:

telnet localhost 143

You should see a reply similar to this:

* OK Microsoft Exchange Server 2003 IMAP4rev1 server version 

That means IMAP is working. If you don't see that, restart your server or restart all your "Microsoft Exchange" services.

c. Download and configure IMAP2mbox on your Exchange Box Next we have to download a nice freeware utility that will connect to your Exchange server's public SPAM and HAM folders, get all the e-mail and convert them to mbox format which what our Linux server understands in order to train our spam filter. Goto the following URL and download the IMAP2mbox utility to your Exchange Server: http://www.byteplant.com/support/nospamtoday/contrib.html Extract it to a permanent home on your exchange server hard drive. For example, I extracted it to c:\imap2mbox. Now, we have to create two configuration files for it, one for spam and another one for ham. Goto a command prompt and change directory to your imap2mbox folder: Start/Run/cmd

c: cd imap2mbox

Now, run the following command at the command prompt to create the spam configuration file (spam.cfg) substituting your own information where necessary:

imap2mbox.exe --config="c:\imap2mbox\spam.cfg" --path="Pubic Folders/" --folder="SPAM/" --server=YourExchangeServer --delete --username="YOURDOMAIN/username" --mbox="c:\imap2mbox\spam.mbox" --pass=yourpassword

Do the same to create the ham configuration file (ham.cfg) substituting your own information where necessary:

imap2mbox.exe --config="c:\imap2mbox\ham.cfg" --path="Pubic Folders/" --folder="HAM/" --server=YourExchangeServer --delete --username="YOURDOMAIN/username" --mbox="c:\imap2mbox\ham.mbox" --pass=yourpassword

You should see at least two more *.cfg files in your imap2mbox folder now. If you followed the instructions exactly, you should have a ham.cfg and a spam.cfg. Now, we have to schedule a task in our exchange box every night in order to get the ham and spam out of our public folders, put them in their perspective ham.mbox and spam.mbox files, copy them over to our linux box and in turn train the spam filter. So, we either have to create a samba share in our linux box, or connecto to a share on our exchange box from our linux box (this is by far the easiest choice). It's your choice how to do it. I will proceed with the latter choice, being creating a share in the exchange box and the mapping to that share from the linux box. Here's how to do it:

Create two batch files, one called run-spam.bat and one called run-ham.bat. In the run-spam.bat, put the following command in it:

imap2mbox.exe --config="c:\imap2mbox\spam.cfg" 

In the run-ham.bat file, put the following command in it:

imap2mbox.exe --config="c:\imap2mbox\ham.cfg" 

Now, under the scheduled tasks in your exchange box, schedule two jobs two run each batch file. So, go under Start, Programs, Accessories, System Tools, Scheduled Tasks. Click on the "Add Scheduled Task" icon, click "Next" then click on the "Browse" and browse to the c:\imap2mbox folder or whatever folder you extracted the imap2mbox archive. Select your run-spam.bat then click on "Weekly", then "Next". In the following window under the "Start time" field select the time you want this task to run, preferrably after hours and then select the days you want it to run and then click "Next" again. In the next window under the "Enter the user name:" and "Enter the password:" fields enter an administrative username/password for your server/domain and click on "Next" and then click on "Finish". Repeat these steps for the run-ham.bat file. I would schedule that approximately 15 minutes after the run-spam.bat file just to be safe. Pay attention to the time and the days you've scheduled the two tasks cause we are going to need them in order to adjust cron jobs accordingly on the linux box. Next, let's share the imap2mbox folder. So, in windows explorer browse to the folder, right-click on it, click on "Sharing and Security", then click Sharing and then on "Share this folder" and then click on "Permissions" and add whoever user on your domain that you want to have access to it. You could use "Administrator" only, but remember, you are going to be logging in from the linux box using that username/password so I would recommend creating a new account in the domain just for this purpose. Up to you. Just remember what user has access to that folder. I certainly wouldn't leave everyone to have access to it which is the default. This concludes the imap2mbox configuration.

d. Let's mount the imap2mbox share on our Linux box. Login to your linux box and type the following in your putty/console window: Create a mount point:

mkdir /mnt/imap2mbox

Now, mount the share to the mount point you've just created:

mount -t smbfs -o username=username,password=apassword //exchangeserver/imap2mbox /mnt/imap2mbox

There have been times where I've ran into issues trying to mount a samba share using the command above or even using the smbmount command. If you try to mount the share and you keep getting strange errors, try the command below to mount it as a CIFS share:

mount -t cifs //exchangeserver/imap2mbox /mnt/imap2mbox -o user=username,password=apassword

Create a spam folder as well as an archived spam folder.

mkdir /spamfilter mkdir /spamfilter/archived/ mkdir /spamfilter/archived/spam mkdir /spamfilter/archived/ham

Now, let's create a script and schedule a cron job to run that script nightly to copy the spam.mbox and the ham.mbox files that the two batch files are going to create into a folder in our linux box and then train our spam filter. Type the following in your console/putty window:

vi /root/trainfilter.sh

In the window that comes, up, type in "i" without the quotes to get into editing mode and put the following. One command in each line:

#ensure the mountpoint is created
mkdir /mnt/imap2mbox
#ensure share is mounted
mount -t smbfs -o username=username,password=apassword //exchangeserver/imap2mbox /mnt/imap2mbox 

OR

mount -t cifs //exchangeserver/imap2mbox /mnt/imap2mbox -o user=username,password=apassword 

ADDITIONALLY

#Move spam.mbox and ham.mbox from /mnt/imap2mbox
/bin/mv /mnt/imap2mbox/spam.mbox /spamfilter
/bin/mv /mnt/imap2mbox/ham.mbox /spamfilter
#train the spamfilter
/usr/bin/sa-learn --spam --mbox /spamfilter/spam.mbox
/usr/bin/sa-learn --ham --mbox /spamfilter/ham.mbox
#Archive and date stamp the spam-ham mbox files
/bin/mv /spamfilter/spam.mbox /spamfilter/archived/spam/`date +%d%m%Y`.spam.mbox
/bin/mv /spamfilter/ham.mbox /spamfilter/archived/ham/`date +%d%m%Y`.ham.mbox 

Press "ESC" then "SHIFT ZZ" to save the /root/trainfilter.sh file. Now make it executable:

chmod 755 /root/trainfilter.sh

Now, schedule a cron job to run the script nightly, preferrably 15 minutes after your exchange box has run the last of the two batch files. It goes without saying that the linux and exchange box clocks should be pretty darn close to each other. At the your console/putty window type the following:

crontab -e

In the window that comes up, hit "i" to enter edit mode, then add the following line after the last line that appears in your crontab file:

30 1 * * * /root/trainfilter.pl 

The "30" signifies the minutes and the "1" signfies the hour. So adjust accordingly but at least 15 minutes after the scheduled tasks have ran on your exchange box. Then, hit "ESC" and then "SHIFT ZZ" to save the new cron job. Now depdending on the amount of spam that you are dealing with, you may want to schedule the cron job to run every week or whatever suits you. Just keep in mind, that the spam.mbox and ham.mbox files that your exchange box creates are appended everytime the scheduled task is ran on your Exchange box. In other words, messages are added to those files, so that's why it's a good idea to move them out of there, train the spam filter, date and archive them so that they don't get too huge. Plus, archiving, dating and then in turn backing them up would give you the capability to train your spam filter back to the way it was if you ever had a catastrophic failure on your relay server. That's it, you are done!!

Questions, bitches, praises shoot me an e-mail at [email protected].

That's right, I posted my full e-mail address. I ain't skeered!

DISCLAIMER: Anything bad that happens to you or your stuff while following this guide is entirely your fault.

Share this page:

2 Comment(s)