Qmail-Scanner With ClamAV And SpamAssassin On Ubuntu
In continuation of my document https://www.howtoforge.com/qmail-openldap-on-ubuntu about setting up qmail-ldap on Ubuntu this document will help you to set up Qmail-Scanner with ClamAV antivirus and SpamAssassin spamfilter with your qmail server.
Introduction
Qmail-Scanner is an add-on that enables a Qmail email server to scan email for certain characteristics. It is typically used for its anti-virus and anti-spam protection functions, in which case it is used in conjunction with external scanners. It also enables a site (at a server/site level) to create "Policy blocks": i.e. react to email that contains specific strings in particular headers, or particular attachment filenames or types (e.g. *.EXE attachments even in a zip file).
Its archival features helps ISPs and corporations around the world with new or pending legislation, and regulatory requirements. It can archive all processed email into an archive maildir. This is ideal for backup purposes for audit policy reasons. Unlike certain Windows-based server solutions, the mail envelope headers (the "rcpt to:" and "mail from:" headers) are kept intact - appended to the bottom of each message - confirming true sender and destination addresses. Archiving also supports filtering to a subset of addresses (e.g. only archive "[email protected]" emails instead of all).
We will bind spamassasin and clamav with qmailsacnner. Spamassassin is a open Source mail filter, written in Perl, to identify spam using a wide range of heuristic tests on mail headers and body text. It can also use some use full plugins like Pyzor, Razor, and DCC. Clamav will scan mail message for virus infected mails.
Installation
We will install and configure Qmail-Scanner, ClamAV and SpamAssassin with the plugins Pyzor, Razor, and DCC.
Clam Antivirus
ClamAV is an open source antivirus engine designed for detecting Trojans, viruses, malware and other malicious threats. It is the de facto standard for mail gateway scanning. It provides a high performance mutli-threaded scanning daemon, command line utilities for on demand file scanning, and an intelligent tool for automatic signature updates.
Download
Download latest version from http://downloads.sourceforge.net/project/clamav:
wget http://nchc.dl.sourceforge.net/project/clamav/clamav/0.97/clamav-0.97.tar.gz
Install and Configure ClamAV
cd /download
tar zxvf clamav-0.97.tar.gz
useradd -c "Qmail-Scanner Account" -s /bin/false qscand
cd clamav-0.97
./configure --with-user=qscand --with-group=qscand
make && make install
ldconfig -v
Now, we configure its configuration files, these are as follows:
vi /usr/local/etc/clamd.conf
#Example LogFile /var/log/clamav/clamd.log LogFileMaxSize 20M LogTime yes LogClean yes LogSyslog yes PidFile /var/run/clamav/clamd.pid TemporaryDirectory /var/tmp DatabaseDirectory /usr/local/share/clamav LocalSocket /var/run/clamav/clamd.cl MaxConnectionQueueLength 30 User qscand MaxThreads 20 Scanmail yes
Now, create some directories with the ownership of qscand:
mkdir /var/run/clamav
chown -R qscand.qscand /var/run/clamav
mkdir /var/log/clamav
chown -R qscand.qscand /var/log/clamav
chmod -R 755 /var/log/clamav
By this, clamav is successfully installed.
/usr/local/sbin/clamd &
vi /usr/local/etc/freshclam.conf
#Example DatabaseDirectory /usr/local/share/clamav UpdateLogFile /var/log/clamav/freshclam.log LogSyslog yes DatabaseOwner qscand DNSDatabaseInfo current.cvd.clamav.net DatabaseMirror database.clamav.net DatabaseMirror db.in.clamav.net NotifyClamd /usr/local/etc/clamd.conf
Save and exit.
freshclam -v
crontab -e
25 1 * * * /usr/local/bin/freshclam -l /var/log/clamav/freshclam.log
SpamAssassin
SpamAssassin is a mail filter to identify spam. It is an intelligent email filter which uses a diverse range of tests to identify unsolicited bulk email, more commonly known as Spam. These tests are applied to email headers and content to classify email using advanced statistical methods.
Install and configure SpamAssassin
apt-get install spamassassin libdigest-sha1-perl libnet-dns-perl libmail-spf-query-perl libgeo-ip-perl libnet-ident-perl libio-socket-ssl-perl libio-socket-inet6-perl perl-modules
groupadd spamd
useradd -g spamd -s /bin/false spamd
vi /etc/default/spamassassin
ENABLED=1 OPTIONS=" --user-config --username=spamd --max-children 5 --debug --helper-home-dir=/home/spamd"
vi /etc/mail/spamassassin/local.cf
required_score 5.0 dns_available yes use_pyzor 1 use_razor2 1 use_bayes 1 bayes_auto_learn 1 bayes_file_mode 0700 include /etc/mail/spamassassin/autowhitelist bayes_path /etc/mail/spamassassin/.spamassassin/bayes bayes_auto_learn_threshold_nonspam 0.1 bayes_auto_learn_threshold_spam 12.0 ok_languages en hi ok_locales en
Now start up SpamAssassin...
/etc/init.d/spamassassin start
Now add some plugins..
Razor
cd /downloads/
wget "http://citylan.dl.sourceforge.net/project/razor/razor-agents/2.85/razor-agents-2.85.tar.bz2"
wget 'http://citylan.dl.sourceforge.net/project/razor/razor-agents-sdk/2.07/razor-agents-sdk-2.07.tar.bz2'
tar xvf razor-agents-sdk-2.07.tar.bz2
cd razor-agents-sdk-2.07
perl Makefile.PL
make
make test
make install
cd /downloads/
tar xvfj razor-agents-2.85.tar.bz2
cd razor-agents-2.85
perl Makefile.PL
make
make test
make install
Make sure your firewall is allowing port tcp/2703.
razor-admin -home=/home/spamd/.razor -create
razor-admin -home=/home/spamd/.razor -register
razor-admin -home=/home/spamd/.razor -discover
DCC
cd /downloads/
wget http://www.rhyolite.com/anti-spam/dcc/source/dcc.tar.Z
tar xvfz dcc.tar.Z
cd dcc-1.3.120/
./configure
make && make install
Make sure your firewall is allowing port udp/6277.
Pyzor
cd /downloads/
wget http://space.dl.sourceforge.net/project/pyzor/pyzor/0.5.0/pyzor-0.5.0.tar.gz
tar xvf pyzor-0.5.0.tar.gz
cd pyzor-0.5.0
python setup.py build
python setup.py install
python -c 'import gdbm' && echo 'gdbm found'
Run the next command to complete pyzor installation.
pyzor --homedir /home/spamd discover
vi /etc/mail/spamassassin/v310.pre
enable the line loadplugin Mail::SpamAssassin::Plugin::DCC
spamassassin –lint
Qmail-Scanner
cd /downloads/
wget http://www.qmailrocks.org/downloads/qmail-scanner-1.25.tgz
wget http://www.qmailrocks.org/downloads/qms-analog-0.4.2.tar.gz
tar xvfz qmail-scanner-1.25.tgz
tar zxvf qms-analog-0.4.2.tar.gz
cd qms-analog-0.4.2
make all
cp qmail-scanner-1.25-st-qms-20050219.patch ../qmail-scanner-1.25/
cd ../qmail-scanner-1.25
patch -p1 < qmail-scanner-1.25-st-qms-20050219.patch
vi qms-config
./configure --domain yourdomain.com \ --admin postmaster \ --local-domains "yourdomain.com" \ --add-dscr-hdrs yes \ --dscr-hdrs-text "X-Antivirus-YOURDOMAIN" \ --ignore-eol-check yes \ --sa-quarantine 0 \ --sa-delete 0 \ --sa-reject no \ --sa-subject ":SPAM:" \ --sa-alt yes \ --sa-debug yes \ --sa-report yes \ --notify "psender,admin" \ --redundant yes \ --unzip yes \ --qms-monitor no \ "$INSTALL"
chmod 755 qms-config
./qms-config
If configuration is ok then...
./qms-config install
setuidgid qscand /var/qmail/bin/qmail-scanner-queue.pl -z
setuidgid qscand /var/qmail/bin/qmail-scanner-queue.pl -g
vi /var/qmail/bin/qmail-scanner-queue.pl
msg_size > 500000
chown -R qscand:qscand /var/spool/qmailscan
vi /service/qmail-smtpd/run
QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl" ; export QMAILQUEUE
Now restart your qmail server and see if everything works...