Qmail-Scanner With ClamAV And SpamAssassin On Ubuntu

In continuation of my document https://www.howtoforge.com/qmail-openldap-on-ubuntu about setting up qmail-ldap on Ubuntu this document will help you to set up Qmail-Scanner with ClamAV antivirus and SpamAssassin spamfilter with your qmail server.


Qmail-Scanner is an add-on that enables a Qmail email server to scan email for certain characteristics. It is typically used for its anti-virus and anti-spam protection functions, in which case it is used in conjunction with external scanners. It also enables a site (at a server/site level) to create "Policy blocks": i.e. react to email that contains specific strings in particular headers, or particular attachment filenames or types (e.g. *.EXE attachments even in a zip file).

Its archival features helps ISPs and corporations around the world with new or pending legislation, and regulatory requirements. It can archive all processed email into an archive maildir. This is ideal for backup purposes for audit policy reasons. Unlike certain Windows-based server solutions, the mail envelope headers (the "rcpt to:" and "mail from:" headers) are kept intact - appended to the bottom of each message - confirming true sender and destination addresses. Archiving also supports filtering to a subset of addresses (e.g. only archive "[email protected]" emails instead of all).

We will bind spamassasin and clamav with qmailsacnner. Spamassassin is a open Source mail filter, written in Perl, to identify spam using a wide range of heuristic tests on mail headers and body text. It can also use some use full plugins like Pyzor, Razor, and DCC. Clamav will scan mail message for virus infected mails.



We will install and configure Qmail-Scanner, ClamAV and SpamAssassin with the plugins Pyzor, Razor, and DCC.


Clam Antivirus

ClamAV is an open source antivirus engine designed for detecting Trojans, viruses, malware and other malicious threats. It is the de facto standard for mail gateway scanning. It provides a high performance mutli-threaded scanning daemon, command line utilities for on demand file scanning, and an intelligent tool for automatic signature updates.



Download latest version from http://downloads.sourceforge.net/project/clamav:

wget http://nchc.dl.sourceforge.net/project/clamav/clamav/0.97/clamav-0.97.tar.gz


Install and Configure ClamAV

cd /download
tar zxvf clamav-0.97.tar.gz
useradd -c "Qmail-Scanner Account" -s /bin/false qscand
cd clamav-0.97
./configure --with-user=qscand --with-group=qscand
make && make install
ldconfig -v

Now, we configure its configuration files, these are as follows:

vi /usr/local/etc/clamd.conf
LogFile /var/log/clamav/clamd.log
LogFileMaxSize 20M
LogTime yes
LogClean yes
LogSyslog yes
PidFile /var/run/clamav/clamd.pid
TemporaryDirectory /var/tmp
DatabaseDirectory /usr/local/share/clamav
LocalSocket /var/run/clamav/clamd.cl
MaxConnectionQueueLength 30
User qscand
MaxThreads 20
Scanmail yes

Now, create some directories with the ownership of qscand:

mkdir /var/run/clamav
chown -R qscand.qscand /var/run/clamav
mkdir /var/log/clamav
chown -R qscand.qscand /var/log/clamav
chmod -R 755 /var/log/clamav

By this, clamav is successfully installed.

/usr/local/sbin/clamd &
vi /usr/local/etc/freshclam.conf
DatabaseDirectory /usr/local/share/clamav
UpdateLogFile /var/log/clamav/freshclam.log
LogSyslog yes
DatabaseOwner qscand
DNSDatabaseInfo current.cvd.clamav.net
DatabaseMirror database.clamav.net
DatabaseMirror db.in.clamav.net
NotifyClamd /usr/local/etc/clamd.conf

Save and exit.

freshclam -v
crontab -e
25 1 * * * /usr/local/bin/freshclam -l /var/log/clamav/freshclam.log



SpamAssassin is a mail filter to identify spam. It is an intelligent email filter which uses a diverse range of tests to identify unsolicited bulk email, more commonly known as Spam. These tests are applied to email headers and content to classify email using advanced statistical methods.


Install and configure SpamAssassin

apt-get install spamassassin libdigest-sha1-perl libnet-dns-perl libmail-spf-query-perl libgeo-ip-perl libnet-ident-perl libio-socket-ssl-perl libio-socket-inet6-perl perl-modules
groupadd spamd
useradd -g spamd -s /bin/false spamd
vi /etc/default/spamassassin
OPTIONS=" --user-config --username=spamd --max-children 5 --debug --helper-home-dir=/home/spamd"
vi /etc/mail/spamassassin/local.cf
required_score 5.0
dns_available yes
use_pyzor 1
use_razor2 1
use_bayes 1
bayes_auto_learn 1
bayes_file_mode 0700
include /etc/mail/spamassassin/autowhitelist
bayes_path /etc/mail/spamassassin/.spamassassin/bayes
bayes_auto_learn_threshold_nonspam       0.1
bayes_auto_learn_threshold_spam         12.0
ok_languages en hi
ok_locales en

Now start up SpamAssassin...

/etc/init.d/spamassassin start

Now add some plugins..



cd /downloads/
wget "http://citylan.dl.sourceforge.net/project/razor/razor-agents/2.85/razor-agents-2.85.tar.bz2"
wget 'http://citylan.dl.sourceforge.net/project/razor/razor-agents-sdk/2.07/razor-agents-sdk-2.07.tar.bz2'
tar xvf razor-agents-sdk-2.07.tar.bz2
cd razor-agents-sdk-2.07
perl Makefile.PL
make test
make install
cd /downloads/
tar xvfj razor-agents-2.85.tar.bz2
cd razor-agents-2.85
perl Makefile.PL
make test
make install

Make sure your firewall is allowing port tcp/2703.

razor-admin -home=/home/spamd/.razor -create
razor-admin -home=/home/spamd/.razor -register
razor-admin -home=/home/spamd/.razor -discover



cd /downloads/
wget http://www.rhyolite.com/anti-spam/dcc/source/dcc.tar.Z
tar xvfz dcc.tar.Z
cd dcc-1.3.120/
make && make install

Make sure your firewall is allowing port udp/6277.



cd /downloads/
wget http://space.dl.sourceforge.net/project/pyzor/pyzor/0.5.0/pyzor-0.5.0.tar.gz
tar xvf pyzor-0.5.0.tar.gz
cd pyzor-0.5.0
python setup.py build
python setup.py install
python -c 'import gdbm' && echo 'gdbm found'

Run the next command to complete pyzor installation.

pyzor --homedir /home/spamd discover
vi /etc/mail/spamassassin/v310.pre
enable the line
loadplugin Mail::SpamAssassin::Plugin::DCC
spamassassin –lint



cd /downloads/
wget http://www.qmailrocks.org/downloads/qmail-scanner-1.25.tgz
wget http://www.qmailrocks.org/downloads/qms-analog-0.4.2.tar.gz
tar xvfz qmail-scanner-1.25.tgz
tar zxvf qms-analog-0.4.2.tar.gz
cd qms-analog-0.4.2
make all
cp qmail-scanner-1.25-st-qms-20050219.patch ../qmail-scanner-1.25/
cd ../qmail-scanner-1.25
patch -p1 < qmail-scanner-1.25-st-qms-20050219.patch
vi qms-config
./configure --domain yourdomain.com \
--admin postmaster \
--local-domains "yourdomain.com" \
--add-dscr-hdrs yes \
--dscr-hdrs-text "X-Antivirus-YOURDOMAIN" \
--ignore-eol-check yes \
--sa-quarantine 0 \
--sa-delete 0 \
--sa-reject no \
--sa-subject ":SPAM:" \
--sa-alt yes \
--sa-debug yes \
--sa-report yes \
--notify "psender,admin" \
--redundant yes \
--unzip yes \
--qms-monitor no \
chmod 755 qms-config

If configuration is ok then...

./qms-config install
setuidgid qscand /var/qmail/bin/qmail-scanner-queue.pl -z
setuidgid qscand /var/qmail/bin/qmail-scanner-queue.pl -g
vi /var/qmail/bin/qmail-scanner-queue.pl
msg_size > 500000
chown -R qscand:qscand /var/spool/qmailscan
vi /service/qmail-smtpd/run
QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl" ; export QMAILQUEUE

Now restart your qmail server and see if everything works...

Share this page:

0 Comment(s)