The Perfect SpamSnake - Ubuntu 8.04 LTS - Page 5

9 MailWatch Installation Instructions

This setup assumes you are using Apache v2.x and not Apache v1.x.

 

9.1 Before Starting

Make sure that MailScanner is working before you continue with the MailWatch install!

Notes for Ubuntu:

You must have a working MailScanner set-up and running copies of MySQL, Apache, and PHP. You must also have the Perl DBD-MySQL package installed for the Perl portions of MailScanner to utilize the MySQL database.
The default php.ini set should have the following set correctly, you may want to check this:

  • short_open_tag = On
  • safe_mode = Off
  • register_globals = Off
  • magic_quotes_gpc = On
  • magic_quotes_runtime = Off
  • session.auto_start = 0

These will be commented out you must remove the "#" to activate them:

  • extension=mysql.so
  • extension=gd.so

 

9.2 Installation

All commands below should be run as root.

 

9.3 Download the latest MailWatch release

wget http://downloads.sourceforge.net/mailwatch/mailwatch-1.0.4.tar.gz?modtime=1178902008&big_mirror=0
tar xzvf mailwatch-1.0.4.tar.gz
cd mailwatch-1.0.4

 

9.4 Create the database

mysql -p < create.sql

NOTE: you will need to modify the above as necessary for your system if you have a root password for your MySQL database (recommended!) - Debian will ask for one.

 

9.5 Create a MySQL user and password & Set-up MailScanner for SQL logging

mysql -p
mysql> GRANT ALL ON mailscanner.* TO mailwatch@localhost IDENTIFIED BY 'password';

Remember the password! You need the single quotes ' to surround your password.

 

9.6 Edit and copy MailWatch.pm

Edit MailWatch.pm and change the $db_user and $db_pass values accordingly and move MailWatch.pm.

mv MailWatch.pm /etc/MailScanner/CustomFunctions/

 

9.7 Create a MailWatch Web User

mysql mailscanner -u mailwatch -p

Enter password: ******

mysql> INSERT INTO users VALUES ('username',md5('password'),'mailscanner','A','0','0','0','0','0');

 

9.8 Install & Configure MailWatch

From within the unpacked mailwatch directory move the directory called 'mailscanner' to the web server's root.

mv mailscanner/ /var/www/
cd /var/www/mailscanner

Make a temp directory:

mkdir temp
chgrp www-data temp
chmod g+w temp

Check the permissions of /var/www/mailscanner/images and /var/www/images/cache - they should be ug+rwx and owned by root and in the same group as the web server user.

chown root:www-data images
chmod ug+rwx images
chown root:www-data images/cache
chmod ug+rwx images/cache

Create conf.php by copying conf.php.example and edit the values to suit, you will need to set DB_USER and DB_PASS to the MySQL user and password that you created earlier.

Change these values as shown below:

define(DB_USER, 'mailwatch');
define(DB_PASS, 'password');
define(MAILWATCH_HOME, '/var/www/mailscanner');
define(MS_LIB_DIR, '/usr/share/MailScanner/');
define(QUARANTINE_USE_FLAG, true);

 

9.9 Set-up MailScanner

Next edit /etc/MailScanner/MailScanner.conf.

vi /etc/MailScanner/MailScanner.conf

You need to make sure that the following options are set:

  • Quarantine User = root
  • Quarantine Group = www-data
  • Quarantine Permissions = 0660
  • Quarantine Whole Message = yes
  • Always Looked Up Last = &MailWatchLogging

And check these as well:

  • Quarantine Whole Message As Queue Files = no
  • Detailed Spam Report = yes
  • Include Scores In SpamAssassin Report = yes

Spam Actions, High Scoring Spam Actions and No Spam Actions should also have 'store' as one of the keywords if you want to quarantine those items for bayes learning or viewing from within MailWatch.

 

9.10 Integrate SQL Blacklist/Whitelist (optional)

If you would like to manage the MailScanner whitelist and blacklist from within the MailWatch web interface perform the following steps.

1. Edit the MySQL connection values within the CreateList subroutine of SQLBlackWhiteList.pm to match the values you entered previous into MailWatch.pm. Both files should contain the same values. (Look for the following lines in SQLBlackWhiteList.pm and enter your own data.)

my($db_user) = 'mailwatch';
my($db_pass) = 'password';

2. Copy SQLBlackWhiteList.pm to /etc/MailScanner/CustomFunctions/.

3. Edit MailScanner.conf and set:

  • Is Definitely Not Spam = &SQLWhitelist
  • Is Definitely Spam = &SQLBlacklist

 

9.11 Fix to allow MailWatch to work with Postfix Inbound/Outbound Queue

Download the patch from http://www.gbnetwork.co.uk/mailscanner/postfixmail.tar.gz

cd /usr/src
wget http://www.gbnetwork.co.uk/mailscanner/files/postfixmail.tar.gz
tar xvfz postfixmail.tar.gz
cd postfixmail
cp postfix* /var/www/mailscanner
patch /var/www/mailscanner/functions.php functions.php.diff

 

9.12 SpamAssassin

First we need to disable the default SpamAssassin configuration file:

mv /etc/spamassassin/local.cf /etc/spamassassin/local.cf.disabled

Now let's backup the SpamAssassin configuration file in MailScanner then edit:

cp /etc/MailScanner/spam.assassin.prefs.conf /etc/MailScanner/spam.assassin.prefs.conf.back

Add pyzor and razor paths:

vi /etc/MailScanner/spam.assassin.prefs.conf

Add these lines to the top of spam.assassin.prefs.conf:

pyzor_options --homedir /var/lib/MailScanner/
razor_config /var/lib/MailScanner/.razor/razor-agent.conf

Comment out the following:
#bayes_auto_expire 0

 

9.13 Move the Bayesian Databases and set-up permissions (skip this if you don't use bayes)

Edit /etc/MailScanner/spam.assassin.prefs.conf and set:

vi /etc/MailScanner/spam.assassin.prefs.conf

bayes_path /etc/MailScanner/bayes/bayes
bayes_file_mode 0660

Look for these lines and change them accordingly:

bayes_ignore_header X-YOURDOMAIN-COM-MailScanner
bayes_ignore_header X-YOURDOMAIN-COM-MailScanner-SpamCheck
bayes_ignore_header X-YOURDOMAIN-COM-MailScanner-SpamScore
bayes_ignore_header X-YOURDOMAIN-COM-MailScanner-Information

"YOURDOMAIN-COM" should be replaced with whatever you used for "%org-name%" in the MailScanner.conf file. Leave the "X-" in place.
This is the same orgname used in the MailScanner.conf above.

Create the 'new' bayes directory, make the directory owned by the same group as the web server user and make the directory setgid:

mkdir /etc/MailScanner/bayes
chown -R root:www-data /etc/MailScanner/bayes
chmod -R ug+rw /etc/MailScanner/bayes
chmod g+s /etc/MailScanner/bayes

Copy the existing bayes databases and set the permissions (Note: This part can be skipped if bayes was not previously enabled because the bayes directory would not have been created):

cp /var/lib/MailScanner/bayes_* /etc/MailScanner/bayes
chown root:www-data /etc/MailScanner/bayes/bayes_*
chmod g+rw /etc/MailScanner/bayes/bayes_*

Make sure that "bayes_auto_expire 0" is not commented out in spam.assassin.prefs.conf:

bayes_auto_expire 0

Edit the SpamAssassin v310.pre to enable Razor and DCC:

vi /etc/spamassassin/v310.pre

Uncomment the following lines:

loadplugin Mail::SpamAssassin::Plugin::DCC
loadplugin Mail::SpamAssassin::Plugin::Razor2

If you want then you can test SpamAssassin to make sure that it is using the new databases correctly:

spamassassin -D -p /etc/MailScanner/spam.assassin.prefs.conf --lint

and you should see something like:

debug: using "/etc/MailScanner/spam.assassin.prefs.conf" for user prefs file
debug: bayes: 28821 tie-ing to DB file R/O /etc/MailScanner/bayes/bayes_toks
debug: bayes: 28821 tie-ing to DB file R/O /etc/MailScanner/bayes/bayes_seen
debug: bayes: found bayes db version 2
debug: Score set 3 chosen.

 

9.13.1 SpamAssassin Bayes Database to SQL Conversion

Pre-requisities

a. You'll need the perl-DBI and perl-DBD-MySQL modules installed.

Assumptions and Variables:

SpamAssassin Bayes Database Name: sa_bayes
SpamAssassin Bayes Database UserName: sa_user
SpamAssassin Bayes Database Password: sa_password

Create the MySQL database:

First of all, create a database on the server where you intend on storing the bayesian information.

mysql -u root -p

mysql> create database sa_bayes;
mysql> GRANT ALL ON sa_bayes.* TO sa_user@localhost IDENTIFIED BY 'sa_password';
mysql> flush privileges;

Locate the bayes_mysql.sql file:

find / -name bayes_mysql.sql
mysql -u sa_user -p sa_bayes < /path/to/bayes_mysql.sql

Backup your current bayes database:

sa-learn -p /etc/MailScanner/spam.assassin.prefs.conf --backup > sa_bayes_backup.txt

Warning: The next command can completely wipe out your bayes database!

sa-learn -p /path/to/spam.assassin.prefs.conf --clear #(entirely optional, incase you want to rollback)

Make some changes to your spam.assassin.prefs.conf:

bayes_store_module Mail::SpamAssassin::BayesStore::SQL
bayes_sql_dsn DBI:mysql:sa_bayes:localhost
bayes_sql_username sa_user
bayes_sql_password sa_password
bayes_sql_override_username root

and comment out the following lines:

#bayes_path /etc/MailScanner/bayes/bayes
#bayes_file_mode 0660

Populate the Bayes SQL database.

Now for recovering the bayes_dbm to bayes_sql.

sa-learn -p /etc/MailScanner/spam.assassin.prefs.conf --restore sa_bayes_backup.txt

This process may take some time depending on the size of your bayes database.

Also add this to your crontab:

crontab -e

30 01 * * * /path/to/sa-learn --force-expire --sync -p /etc/MailScanner/spam.assassin.prefs.conf

 

9.14 Bring it all Together

Now that we have everything in there, set the correct permissions:

chown -R postfix:www-data /var/spool/MailScanner
chown -R postfix:www-data /var/lib/MailScanner
chown -R postfix:www-data /var/run/MailScanner
chown -R postfix:www-data /var/lock/subsys/MailScanner
chown -R postfix:www-data /var/spool/postfix/hold
chmod -R ug+rwx /var/spool/postfix/hold

chmod -R u+rwx,g+rx /var/spool/MailScanner/quarantine

Finally make sure you restart MailScanner.

/etc/init.d/mailscanner restart

Test out the setup:

spamassassin -x -D -p /etc/MailScanner/spam.assassin.prefs.conf --lint

Check for lines like:

debug: bayes: Database connection established
debug: bayes: found bayes db version 3
debug: bayes: Using userid: 2

and some more like

debug: bayes: tok_get_all: Token Count: 20
debug: bayes token 'somewhat' ? 0.978
debug: bayes: score = 0.845189622547555

You should see lines come up with DCC, Pyzor and Razor that say loading plugin and hopefully no errors.

Finishing up this part we need to add cron jobs that will clean/update, you probably saw the message about this after the MailScanner install script finished.

First edit conf.php and set 'QUARANTINE_DAYS_TO_KEEP' in conf.php and change the following line in db_clean.

#!/usr/bin/php -qn

to

#!/usr/bin/php -q

Install quarantine clean up script:

cp /usr/src/mailwatch-1.0.4/tools/quarantine_maint.php /usr/bin/quarantine_maint.php
cp /usr/src/mailwatch-1.0.4/tools/db_clean.php /usr/bin/db_clean.php
chmod +x /usr/bin/quarantine_maint.php
chmod +x /usr/bin/db_clean.php

Run

crontab -e

and add the following:

15 10 * * 2 /usr/bin/quarantine_maint.php --clean &> /dev/null
58 23 * * * /usr/bin/db_clean.php &> /dev/null

Disable the mailscanner installed cron script /etc/cron.daily/clean.quarantine (Note: Do this only if the clean.quarantine script exists).

$disabled = 1;

 

9.15 Reboot

reboot

Check your mail.log again:

tail -f /var/log/mail.log

At this point you should have a functional spamfilter and should see something like:

Jun 13 12:18:23 hoshi MailScanner[26388]: MailScanner E-Mail Virus Scanner version 4.20-3 starting...
Jun 13 12:18:24 hoshi MailScanner[26388]: Config: calling custom init function MailWatchLogging
Jun 13 12:18:24 hoshi MailScanner[26388]: Initialising database connection
Jun 13 12:18:24 hoshi MailScanner[26388]: Finished initialising database connection

Congratulations - you now have MailScanner logging to MySQL.

 

9.16 Test the MailWatch interface

Point your browser to http://<hostname>/mailscanner/ - you should be prompted for a username and password - enter the details of the MailWatch web user that you created earlier, and you should see a list of the last 50 messages processed by MailScanner.

If you're not able to see the mails, then you may have to set the following persmissions:

chgrp -R www-data /var/spool/MailScanner

 

You may have to create the following to prevent an error in a lint test:

mkdir /var/www/.spamassassin

 

9.17 Fix for Ubuntu 8.04 (kept removing directories upon reboot)

Edit /etc/rc.local and add the following before the exit line:

mkdir /var/run/MailScanner
mkdir /var/lock/subsys
mkdir /var/lock/subsys/MailScanner
chown -R postfix:www-data /var/run/MailScanner
chown -R postfix:www-data /var/lock/subsys/MailScanner
/etc/init.d/postfix restart
/etc/init.d/mailscanner restart

 

9.18 Update the SpamAssassin Rules table

MailWatch keeps a list of all the SpamAssassin rules and descriptions which are displayed on the 'Message Detail' page - to show the descriptions, you need to run the updater every time you add new rules or upgrade SpamAssassin. Click on the 'Tools/Links' menu and select 'Update SpamAssassin Rule Descriptions' and click 'Run Now'.

 

9.19 Update the GeoIP database

Change /var/www/mailscanner/geoip_update.php:

vi /var/www/mailscanner/geoip_update.php

dbquery("LOAD DATA INFILE

to

dbquery("LOAD DATA LOCAL INFILE

Make sure you have allow_url_fopen = On in your php.ini set.

Click on the 'Tools/Links' menu and select 'Update GeoIP database' and click 'Run Now'.

 

9.20 Setup the Mail Queue watcher (optional)

You can get MailWatch to watch and display your sendmail or exim queue directories - all you need to do is copy mailq.php (from the root of the mailwatch tarball - not from the mailscanner directory - they are different!) to /usr/local/bin and set-up a cron-job to run it.

Edit mailq.php first to change the require line to point to the location of functions.php, then:

cp mailq.php /usr/local/bin
crontab -e

0-59 * * * * /usr/local/bin/mailq.php

Note: mailq.php re-creates all entries on each run, so for busy sites you will probably want to change this to run every 5 minutes or greater.

 

9.21 Setup the Sendmail Relay Log watcher (optional)

You can get MailWatch to watch your sendmail logs and store all message relay information which is then displayed on the 'Message Detail' page which helps debugging and makes it easy for a Helpdesk to actually see where a message was delivered to by the MTA and what the response back was (e.g. the remote queue id etc.).

cp tools/sendmail_relay.php /usr/local/bin
nohup /usr/local/bin/sendmail_relay.php 2>&1 > /dev/null &

 

9.22 Fix to allow wildcards in Whitelist/Blacklist

Add the following to the bottom of the return 1 section in your SQLBlackWhiteList.pm:

return 1 if $BlackWhite->{$to}{'*@'.$fromdomain};
return 1 if $BlackWhite->{$to}{'*@*.'.$fromdomain};
return 1 if $BlackWhite->{$todomain}{'*@'.$fromdomain};
return 1 if $BlackWhite->{$todomain}{'*@*.'.$fromdomain};
return 1 if $BlackWhite->{'default'}{'*@'.$fromdomain};
return 1 if $BlackWhite->{'default'}{'*@*.'.$fromdomain};

 

9.23 Fix for the Reporting Function in Message Operations

Change the following in /var/www/mailscanner/do_message_ops.php file:

vi /var/www/mailscanner/do_message_ops.php

$id = $Regs[1];

to

$id = str_replace("_", ".",$Regs[1]);

 

9.24 Fix to Allow Quarantine Release of Messages

Change the following in /var/www/mailscanner/conf.php:

define(QUARANTINE_FROM_ADDR, 'postmaster@domain.tld');

*You need to put the full email address or this will not work.

Also make sure the following string is set to true: 
define(QUARANTINE_USE_FLAG, true);

If you'd like the message to be released in it's original form and not as an attachment, set the following line to true:

define(QUARANTINE_USE_SENDMAIL, true);

 

9.24.1 Dangerous Content:
Open /etc/MailScanner/MailScanner.conf and change the following:

Dangerous Content Scanning = yes

To

Dangerous Content Scanning = %rules-dir%/content.scanning.rules

Create /etc/MailScanner/rules/content.scanning.rules and add the following:
From:           127.0.0.1      no
FromOrTo:       default        yes

 

9.24.2 Filename and Filetype Release:
Modify /etc/MailScanner/MailScanner.conf and set the following:

Filename Rules = %etc-dir%/filename.rules
Filetype Rules = %etc-dir%/filetype.rules

Then create the following files as shown in /etc/MailScanner:

/etc/MailScanner/filename.rules:

From:          127.0.0.1       /etc/MailScanner/filename.rules.allowall.conf
FromOrTo:      default         /etc/MailScanner/filename.rules.conf

/etc/MailScanner/filetype.rules:

From:          127.0.0.1       /etc/MailScanner/filetype.rules.allowall.conf
FromOrTo:      default         /etc/MailScanner/filetype.rules.conf

/etc/MailScanner/filename.rules.allowall.conf:
allow   .*      -       -

/etc/MailScanner/filetype.rules.allowall.conf:
allow   .*      -       -


9.24.3 Releasing Spam Messages

To allow MailWatch to release Spam messages without them being processed again, add 127.0.0.1 as a whitelist item in MailWatch/List interface.  Make sure to restart MailScanner after configuring these options.  Below is what my entry looks like.

127.0.0.1 default Delete

9.25 Fix to Allow Multiple Release of Messages in Message Operations

Edit /var/www/mailscanner/do_message_ops.php and make the following changes:

   case 'F':

    $type='forget';

    break;

   case 'R':

    $type='release';

    break;

   default:

    continue;

    break;

Then, find the following section and change it to look like this:

$itemnum = array($num);

   if ($type == 'release'){

      if($quarantined = quarantine_list_items($id,RPC_ONLY)) {

         $to = $quarantined[0]['to'];

       }

       echo "<tr><td><a href=\"detail.php?id=$id\">$id</a></td><td>$type</td><td>" . quarantine_release($quarantined, $itemnum, $to, RPC_ONLY) . "</td></tr>\n";

    } else {

     echo "<tr><td><a href=\"detail.php?id=$id\">$id</a></td><td>$type</td><td>" . quarantine_learn($items, $itemnum, $type, RPC_ONLY) . "</td></tr>\n";

     }

   }

  echo "</TABLE>\n";

      }

    }

  }

}

echo "  </TD>\n";

Next we edit the /var/www/mailscanner/functions.php file and change:

$fieldname[$f] = "Ops<br>S&nbsp;&nbsp;H&nbsp;&nbsp;F";

To

$fieldname[$f] = "Ops<br>S&nbsp;&nbsp;H&nbsp;&nbsp;F&nbsp;&nbsp;R";

Next change:

array_unshift($row, "<INPUT NAME=\"OPT-REPLACEME\" TYPE=RADIO VALUE=\"S\">&nbsp;<INPUT NAME=\"OPT-REPLACEME\" TYPE=RADIO VALUE=\"H\">&nbsp;<INPUT NAME=\"OPT-REPLACEME\" TYPE=RADIO VALUE=\"F\">");

To:

array_unshift($row, "<INPUT NAME=\"OPT-REPLACEME\" TYPE=RADIO VALUE=\"S\">&nbsp;<INPUT NAME=\"OPT-REPLACEME\" TYPE=RADIO VALUE=\"H\">&nbsp;<INPUT NAME=\"OPT-REPLACEME\" TYPE=RADIO VALUE=\"F\">&nbsp;<INPUT NAME=\"OPT-REPLACEME\" TYPE=RADIO VALUE=\"R\"> ");

Next find the block with the javascript function to handle radio buttons. Add a third value like so:

echo "function SetRadios(p) {\n";

echo " var val;\n";

echo " if (p == 'S') {\n";

echo "  val = 0;\n";

echo " } else if (p == 'H') {\n";

echo "  val = 1;\n";

echo " } else if (p == 'F') {\n";

echo "  val = 2;\n";

echo " } else if (p == 'R') {\n";

echo "  val = 3;\n";

echo " } else if (p == 'C') {\n";

echo "  ClearRadios();\n";

Now, add the text for the radios:

echo "&nbsp; <a href=\"javascript:SetRadios('S')\">S</a>";

echo "&nbsp; <a href=\"javascript:SetRadios('H')\">H</a>";

echo "&nbsp; <a href=\"javascript:SetRadios('F')\">F</a>";

echo "&nbsp; <a href=\"javascript:SetRadios('R')\">R</a>";

Finally, change:

echo "<P><b>S</b> = Spam &nbsp; <b>H</b> = Ham &nbsp; <b>F</b> = Forget\n";

To:

echo "<P><b>S</b> = Spam &nbsp; <b>H</b> = Ham &nbsp; <b>F</b> = Forget &nbsp; <b>R</b> = Release\n";

 

9.26 Fix to Allow Correct ClamAV Status

Change the following in /var/www/mailscanner/clamav_status.php file:

 

<?passthru(get_virus_conf('clamav')." -V | awk -f ./clamav.awk");?>

 

to

 

<?passthru('/usr/sbin/clamd -V | awk -f ./clamav.awk');?>

Share this page:

42 Comment(s)

Add comment

Comments

From: at: 2008-09-17 15:07:59

Can I implement this solution on a machine running as a firewall with 2 network interfaces? One for the Internet and one for the internal network?

 Thanks.

From: Anonymous at: 2008-10-06 18:12:18

In theory I don't see why not, but it probably isn't a good idea.  Doing that way makes the spamsnake a bridge between the two networks that isn't protected by the firewall.  The only way to make it secure is to have the firewall accept mail on the external interface, with the appropriate firewall blocking, pass it to the spamsnake on the internal interface for processing and then forward it to a mail server for distribution.  If the spamsnake accepts mail on the external interface directly, it will bypass the firewall.

The more secure option is to have the spamsnake be a separate external machine, accept and process all mail there and only pass the legitimate mail to the internal network via the external interface of the firewall.  The other benefit of this method is it reduces the load on the firewall since all the spam, and the associated connections, has been dumped before it reaches the firewall.

From: at: 2008-05-10 13:27:38

I've been using file based Greylisting for more than an year and I would say it is faster than the DB based ones. I am using tumgreyspf.

From: at: 2008-05-13 12:35:22

When it comes to the addons, it's really your choice which one you want to use.  I've been quite lucky with the db setup so that's why I use it. 

Thanks for your recommendation though.  If I have any problems with my current setup, I would be more than happy to give your recommendation a shot.

From: at: 2008-08-05 11:00:51

Hello ! Any specific reason for using MailScanner and not AMaViS ? Just out of curiosity. Regards, Sebastian M Juergse

From: at: 2008-10-14 16:04:23

I tried this setup with Amavis but thought MailScanner was a bit faster.

From: ctrl at: 2010-01-09 09:30:03

Hello,
Large a thank you for your tutorial! I have used SpamSnake for 6 months and I am magic.

This morning, SpamSnake informs me of a very high number of message containing the Virus (Exploit.PDF-9669). Information taken, it acts of a bug in Clamav which I decide to update by a “apt-get install clamav clamav-demon clamav-fresclam” then I launch “freshclam” to recover the update of the database.

However, and in a more total way, I wishes knowledge if I could, without risk for the configuration of SpamSnake, throw a “apt-get upgrade”.

Better greetings,

From: Rob at: 2010-01-21 11:42:03

I installed this. Tested it and now it is running for all our domains and it works perfect! thanks :)

From: Haas at: 2008-11-16 16:01:24

Unarj: it seems, that unarj was removed from the Debian/Ubuntu archives

From: Anonymous at: 2008-11-25 18:57:52

Any news on how to install unarj now that it is no longer in the debian or ubuntu repos? I am trying to configure a spam snake following the tutorial but unarj is no longer available. Plese help.

 

From: Anonymous at: 2008-11-27 19:00:40

I've googled for 'linux arj options' and found that the options are the same as for 'arj'.

So I think that 'arj' already does the job of 'unarj'. If not, you can test if (as root or sudo) 'ln -s /usr/bin/arj /usr/bin/unarj' works...

Regards

From: Anonymous at: 2009-01-05 12:16:05

I downloaded the file from another mirror, saved it in my web folder and ointed linux to it ]

worked great

but can not get web admin working

 

From: Philip Jones at: 2009-02-23 15:09:11

Hi

 I found that if you change unarg... for arg_3.10.22-2_i386.deb at the end of the wget command it works fine, to check which files are available open the link (without the wget or filename) in your browser.

Great How-To

Thanks

From: Gagandeep at: 2009-03-21 20:20:56

I downloaded it from here

https://launchpad.net/ubuntu/warty/i386/unarj/3.10.21-1

From: Hurup at: 2008-11-11 18:04:26

Hi

After changed the Bind folder directories i get following error:

Nov 11 18:56:32 localservername named[20763]: starting BIND 9.4.2-P2 -u bind -t /var/lib/named
Nov 11 18:56:32 localservername named[20763]: found 1 CPU, using 1 worker thread
Nov 11 18:56:32 localservername named[20763]: loading configuration from '/etc/bind/named.conf'
Nov 11 18:56:32 localservername named[20763]: none:0: open: /etc/bind/named.conf: permission denied
Nov 11 18:56:32 localservername named[20763]: loading configuration: permission denied
Nov 11 18:56:32 localservername named[20763]: exiting (due to fatal error)
Nov 11 18:56:32 localservername kernel: [178236.619792] audit(1226426192.264:7): type=1503 operation="inode_permission" requested_mask="r::" denied_mask="r::" name="/var/lib/named/etc/bind/named.conf" pid=20764 profile="/usr/sbin/named" namespace="default"

The permissions are :

 # ls -la /etc/bind/
total 52
drwxr-sr-x 2 bind bind 4096 2008-11-11 18:38 .
drwxr-xr-x 3 root root 4096 2008-11-11 18:41 ..
-rw-r--r-- 1 bind bind  237 2008-10-10 18:53 db.0
-rw-r--r-- 1 bind bind  271 2008-10-10 18:53 db.127
-rw-r--r-- 1 bind bind  237 2008-10-10 18:53 db.255
-rw-r--r-- 1 bind bind  353 2008-10-10 18:53 db.empty
-rw-r--r-- 1 bind bind  270 2008-10-10 18:53 db.local
-rw-r--r-- 1 bind bind 2878 2008-10-10 18:53 db.root
-rw-r--r-- 1 bind bind  907 2008-10-10 18:53 named.conf
-rw-r--r-- 1 bind bind  165 2008-10-10 18:53 named.conf.local
-rw-r--r-- 1 bind bind  695 2008-10-10 18:53 named.conf.options
-rw-r----- 1 bind bind   77 2008-11-11 18:38 rndc.key
-rw-r--r-- 1 bind bind 1317 2008-10-10 18:53 zones.rfc1918
 

 

From: at: 2008-12-02 13:25:01

Hi,

Please make sure apparmor is disabled.

Rocky

From: Steve at: 2008-12-30 22:57:21

As an FYI, it would appear that installing bind9 re-enables apparmour

From: at: 2009-06-03 14:44:16

Confirmed.

 

You have to redo the Remove Apparmour steps from Page 2 again following the bind9 install

From: José Manuel Avalos García at: 2009-12-02 07:17:31

 one to keep active Apparmour, add to /etc/apparmor.d/usr.sbin.named the next lines

  #CHROOT /var/lib/named/
  /var/lib/named/dev/random r,
  /var/lib/named/etc/bind/** r,
  /var/lib/named/var/cache/bind/** rw,
  /var/lib/named/var/cache/bind/ rw,
  /var/lib/named/var/run/bind/run/named.pid w,
  /var/lib/named/var/run/bind/named.options r,
 
( before the last "}" ) 
 
and run
 
 /etc/init.d/apparmor restart
 /etc/init.d/bind9 start

From: Jamie Strandboge at: 2009-12-28 16:09:04

There is no reason to chroot bind9 if using AppArmor. Chrooting bind is the traditional way to limit file access for bind9, and it works fine, but does not confine bind9 as much as an AppArmor profile can. AppArmor also limits file access, networking and capabilities for bind9, and the Ubuntu developers have created a default bind9 installation that does not require any additional configuration for securing bind9. This way all users of bind9 can benefit from it.

Additionally, this tutorial recommends to disable all of AppArmor. Unless you have a very specific need to do so, this is not recommended. If you opt to chroot bind9 instead of use AppArmor, then please disable the profile, and leave the other profiles that are not causing problems to do their jobs. See my blog entry athttp://penguindroppings.wordpress.com/2009/07/07/should-i-disable-apparmor/ for details.

From: Jake at: 2009-10-22 09:50:19

I would like to know the issues if any to leave bind9 alone and let apparmor deal with the security? I see that the author would like you to chroot bind9 but I wonder if it is out of habit or necessity.

From: Mastech Miami at: 2011-09-02 14:09:49

It is a problem installing "pecl install imagick". it returns

Cannot find config.m4.
Make sure that you run '/Applications/MAMP/bin/php5/bin/phpize' in the top level source directory of the module

to work around:

cd /usr

 wget http://pear.php.net/go-pear.phar

 php go-pear.phar

 pecl install imagick

 

 

From: at: 2008-05-17 02:23:27

For those in the 64-bit world:

wget http://launchpadlibrarian.net/11565554/dcc-server_1.3.42-5_amd64.deb
wget http://launchpadlibrarian.net/11565552/dcc-common_1.3.42-5_amd64.deb
dpkg -i dcc-common_1.3.42-5_amd64.deb
dpkg -i dcc-server_1.3.42-5_amd64.deb

From: Patrick at: 2009-03-26 10:30:37

Use mailscanner_4.74.16-1_all.deb in stead.

From: Klaus Hochlehnert at: 2008-12-28 22:23:36

Hi, couldn't get mailscanner from the mentioned location.
But I found it in the Intrepid archive:

wget http://mirrors.kernel.org/ubuntu/pool/universe/m/mailscanner/mailscanner_4.68.8-1_all.deb

Regards, Klaus

From: PieterJ at: 2008-09-25 14:04:57

You have to change this line in db_clean also:

require('/var/www/html/mailscanner/functions.php');

to

require('/var/www/mailscanner/functions.php');


 

From: Eric at: 2008-12-18 02:06:23

9.24.2 Filename and Filetype Release:
/etc/MailScanner/filename.rules.allowall.conf:
allow   .*      -       -

/etc/MailScanner/filetype.rules.allowall.conf:
allow   .*      -       -

Remember to separate fields with tab characters

From: Mircsicz at: 2008-10-27 14:02:12

9.11 Fix to allow MailWatch to work with Postfix Inbound/Outbound Queue

the URL changed to:

http://www.gbnetwork.co.uk/mailscanner/files/postfixmail.tar.gz

From: Eric at: 2008-12-18 02:08:14

9.24.2 Filename and Filetype Release: /etc/MailScanner

/filename.rules.allowall.conf:

allow .* - -

/etc/MailScanner/filetype.rules.allowall.conf:

allow .* - -

Remember to separate fields with tab characters

From: Anonymous at: 2009-06-11 12:59:08

SQLBlackWhiteList.pm is to be found within

/root/mailwatch-1.0.4

hope that I'm not the only one that dident find this file :P

From: Steve Baker at: 2009-10-14 07:24:59

Hi,

Newer versions of Ubuntu enable an apparmor profile on /usr/sbin/clamd, this prohibits clam from seeing the Mailscanner spool folders and thus it cannot scan for viruses.  This issue is shown in the clamav logs as a 'permission denied' or 'access denied' error or similar, even if the permissions/groups on those folders is set correctly.

You need to edit the file /etc/apparmor.d/usr.sbin.clamd and add the following line:

 /var/spool/MailScanner/incoming/** r,

Regards,
Steve

From: Walmiro Muzzi at: 2009-08-27 12:04:51

I'm having this warning when run spamassassin -D -p /etc/MailScanner/spam.assassin.prefs.conf --lint:

[6154] warn: lint: 2 issues detected, please rerun with debug enabled for more information

Please, how I fix it?

 

Thanks in advance.

From: Patrick at: 2009-03-29 00:20:31

Could you be a bit more specific on which howto this would be?

From: linch_y at: 2009-02-13 21:13:42

If someone finds it useful:

Instead of importing the users you may use live lookups against the AD. There is a howto in the howtoforge forums.

Good luck. 

From: hattmardy at: 2009-01-31 20:15:30

nevermind, i just realized i had simply forgot to uncomment out

open VALID, ">$VALID" or die "CANNOT OPEN $VALID $!";

and this was printing to this file ... doh!

From: hattmardy at: 2009-01-31 20:10:21

I had to modify the print VALID $mail line from:

print VALID $mail." OK\n";

 print "VALID = ", $mail ," OK!\n";

for some reason, the perl print string wasn't formed properly by default.

I was getting lots of  error messages:

print() on unopened filehandle VALID at /usr/bin/getadsmtp.pl line 86, <DATA> line 656

From: Anonymous at: 2009-08-21 16:44:13

I get this error email from cronjob : need help to resolve this issue.

 /opt/MailScanner/bin/MailScanner .... 

Starting MailScanner...Can't locate Filesys/Df.pm in @INC (@INC contains: /opt/MailScanner/lib /etc/perl /usr/local/share/perl/5.8.8 /usr/lib/perl5 /usr/share/perl5 /usr/share/perl/5.8 /usr/local/lib/site_perl /opt/MailScanner/lib /usr/local/lib/perl/5.8.8 /usr/lib/perl/5.8) at /opt/MailScanner/bin/MailScanner line 91.
BEGIN failed--compilation aborted at /opt/MailScanner/bin/MailScanner line 91.
 Failed.

 Please help ...

From: Patrick at: 2009-03-30 08:36:35

So, 13.1 should be apt-get install curl rsync

From: Patrick at: 2009-03-30 08:18:31
From: Richard at: 2009-05-26 20:17:34

Fix not necessary with Jaunty.

From: Tom at: 2009-07-01 18:24:16

The cron job set up to clean up the greylist table every night is too squeaky clean for me. It has the effect of wiping out the entire table every night. the greylist table uses column 'n' as a counter of how many times the entry has been hit. On the initial attempt this value is set to 1, when the remote MTA resends a valid email this value is set to 2 and incremented from there. This means that the minimum 'n' value for a valid entry is 2.

 I prefer to have my valid entries kept indefinitely, that way there isn't an ongoing delay for communication between valid business contacts. I set my crontab entry like so:

 55 23 * * * /usr/bin/mysql -ugld_user -pgld_pass -e 'USE gld_db; DELETE FROM greylist WHERE n < 2;' &> /dev/null

From: at: 2009-11-13 16:41:44

I will be sure to update the guide reflecting your correction. T

Thanks,