The Perfect SpamSnake - Ubuntu Jeos 10.10 Maverick Meerkat - Page 2

6. Install Postfix:

apt-get install postfix postfix-mysql postfix-doc procmail

You will be asked two questions. Answer as follows:

General type of mail configuration: --> Internet Site
System mail name: --> server1.example.com

Stop Postfix:

postfix stop

We’ll want to edit Postfix with the below:

vi master.cf

We need to add two items below the pickup service type. The pickup service "picks up" local mail (local meaning "on this machine") and delivers it. This is a way to bypass content filtering for mail generated by this machine.

It should look like this when you are done:

pickup    fifo  n       -       -       60      1       pickup
         -o content_filter=
         -o receive_override_options=no_header_body_checks

Edit main.cf:

vi /usr/src/postfix.sh

#!/bin/sh
postconf -e "alias_maps = hash:/etc/aliases"
newaliases
postconf -e "myorigin = domain.tld"
postconf -e "myhostname = server1.domain.tld"
postconf -e "mynetworks = 127.0.0.0/8, 192.168.0.0/24"
postconf -e "message_size_limit = 10485760"
postconf -e "local_transport = error:No local mail delivery"
postconf -e "mydestination = "
postconf -e "local_recipient_maps = "
postconf -e "relay_domains = mysql:/etc/postfix/mysql-relay_domains.cf"
postconf -e "relay_recipient_maps = mysql:/etc/postfix/mysql-relay_recipients.cf"
postconf -e "transport_maps = mysql:/etc/postfix/mysql-transports.cf"
postconf -e "virtual_alias_maps = hash:/etc/postfix/virtual"
postconf -e "disable_vrfy_command = yes"
postconf -e "strict_rfc821_envelopes = no"
postconf -e "smtpd_banner = $myhostname ESMTP SpamSnake"
postconf -e "smtpd_delay_reject = yes"
postconf -e "smtpd_recipient_limit = 100"
postconf -e "smtpd_helo_required = yes"
postconf -e "smtpd_client_restrictions = permit_sasl_authenticated, permit_mynetworks, permit"
postconf -e "smtpd_helo_restrictions = permit_sasl_authenticated, permit_mynetworks, permit"
postconf -e "smtpd_sender_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_non_fqdn_sender, reject_unknown_sender_domain, permit"
postconf -e "smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unknown_recipient_domain, reject_unauth_destination, whitelist_policy, grey_policy, rbl_policy, spf_policy, permit"
postconf -e "smtpd_data_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_pipelining"
postconf -e "smtpd_restriction_classes = spf_policy, rbl_policy, grey_policy, whitelist_policy"
postconf -e "spf_policy = check_policy_service unix:private/policy"
postconf -e "rbl_policy = reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net"
postconf -e "grey_policy = check_policy_service unix:private/greyfix"
postconf -e "whitelist_policy = check_client_access mysql:/etc/postfix/mysql-global_whitelist.cf, check_sender_access mysql:/etc/postfix/mysql-global_whitelist.cf"
postconf -e "header_checks = regexp:/etc/postfix/header_checks"
touch /etc/postfix/virtual
echo "root administrator@example.com" >> /etc/postfix/virtual && echo "abuse administrator@example.com" >> /etc/postfix/virtual && echo "postmaster administrator@example.com" >> /etc/postfix/virtual
postmap /etc/postfix/virtual
touch /etc/postfix/header_checks
echo "/^Received:/ HOLD" >> /etc/postfix/header_checks
postmap /etc/postfix/header_checks
cat > /etc/postfix/mysql-global_whitelist.cf <<EOF
#mysql-global_whitelist
user = baruwa
password =
password
dbname = baruwa
query = select concat('PERMIT') 'action' from lists where from_address='%s' AND list_type='1';
hosts = 127.0.0.1
EOF
cat > /etc/postfix/mysql-relay_domains.cf <<EOF
#mysql-relay_domains
user = baruwa
password =
password
dbname = baruwa
query = select concat(address, ' ', 'OK') 'domain' from user_addresses where user_addresses.address='%s' and user_addresses.enabled='1';
hosts = 127.0.0.1
EOF

cat > /etc/postfix/mysql-relay_recipients.cf <<EOF
#mysql-relay_recipients
user = baruwa
password = password
dbname = baruwa
query = select concat('@', address, 'OK') 'email' from user_addresses where user_addresses.address='%d';
hosts = 127.0.0.1
EOF
cat > /etc/postfix/mysql-transports.cf <<EOF
#mysql-transports
user = baruwa
password = password
dbname = baruwa
query = select concat('smtp:[', mail_hosts.address, ']', ':', port) 'transport' from mail_hosts, user_addresses where user_addresses.address = '%s' AND user_addresses.id = mail_hosts.useraddress_id;
hosts = 127.0.0.1
EOF

Note: For this step, make sure to replace anything@example.com, example.com and @example.com with real values that matches your setup.

chmod +x /usr/src/postfix.sh

and run using

./usr/src/postfix.sh

*Note: The user/password for the cf files needs to be the same as the user/password you'll use with your Baruwa DB setup later on.  Make sure to change everything in red before running the script.

Postfix Recipient Callout(Optional)

This feature queries the recipient server to see if the recipient exists. If not, it replies with a 550 error to the sending server and drops the connection. If the user does exist, the SpamSnake will continue processing the email. This is just another method to prevent backscatter, but comes at a price. Read up on it at http://www.postfix.org/ADDRESS_VERIFICATION_README.html. You can skip this method and use the script method (later on in this guide) if you decide it will bog down your server.

vi /etc/postfix/main.cf

and add the following:

verify_recipient = reject_unknown_recipient_domain, reject_unverified_recipient
look_ahead = check_recipient_access hash:/etc/postfix/access
unverified_recipient_reject_code = 550
address_verify_map = btree:/var/lib/postfix/verify

Add this to your smtpd_restriction_classes:

verify_recipient, look_ahead

Add this to smptd_recipient_restrictions:

smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, look_ahead, whitelist_policy, grey_policy, rbl_policy, spf_policy, permit

touch /etc/postfix/access

and add your domains:

domainA.com verify_recipient
domainB.com verify_recipient

*Note: Make sure to add valid domains you're filtering for.

Postmap it:

postmap /etc/postfix/access

Final look at the Postfix install:

less /etc/postfix/main.cf

Check the contents of the file for errors and repair if needed. Fire up Postfix:

postfix start

Check that Postfix responds:

telnet 127.0.0.1 25

You should see:

220 [yourFQDNhere] ESMTP Postfix (Ubuntu)

 

7. Install MailScanner (Apparmor, Clamav, DCC, Pyzor, Razor and Spamassassin)

cd /usr/src
wget http://http.us.debian.org/debian/pool/main/libt/libtool/libltdl3_1.5.26-4+lenny1_$(uname -m | sed -e 's/x86_64/amd64/' -e 's/i686/i386/').deb
dpkg -i libltdl*
apt-get install razor pyzor clamav-daemon libclamav6 apparmor

 

Apparmor configuration for Clamav

Add clamav to the www-data group so that it can access the directory:

usermod -a -G www-data clamav

Now edit the profile for clamd:

vi /etc/apparmor.d/usr.sbin.clamd

and add the Incoming folder to the list of folders

/usr/sbin/clamd {
   #clamav
   /var/spool/MailScanner/** rw,
   /var/spool/MailScanner/incoming/** rw,
   }

Reload apparmor:

/etc/init.d/apparmor reload

 

DCC 32bit/64bit Configuration

Install DCC from .deb source:

cd /tmp
wget http://ppa.launchpad.net/jonasped/ppa/ubuntu/pool/main/d/dcc/dcc-common_1.3.130-0ubuntu1~ppa1~karmic1_$(uname -m | sed -e 's/x86_64/amd64/' -e 's/i686/i386/').deb && dpkg -i dcc-common_1.3.130-0ubuntu1~ppa1~karmic1_$(uname -m | sed -e 's/x86_64/amd64/' -e 's/i686/i386/').deb
wget http://ppa.launchpad.net/jonasped/ppa/ubuntu/pool/main/d/dcc/dcc-client_1.3.130-0ubuntu1~ppa1~karmic1_$(uname -m | sed -e 's/x86_64/amd64/' -e 's/i686/i386/').deb && dpkg -i dcc-client_1.3.130-0ubuntu1~ppa1~karmic1_$(uname -m | sed -e 's/x86_64/amd64/' -e 's/i686/i386/').deb

Test our installation with:

cdcc info

You should get 'requests ok' from the servers.

 

Pyzor Configuration

Because pyzor doesn’t work with python2.6 very well, the workaround is to append the following to the first line of /usr/bin/pyzor to make it look like:

#!/usr/bin/python -Wignore::DeprecationWarning

Here we supply the IP address of the Pyzor server to Pyzor. This will create the server's IP address in a servers file therein. Then it will test the connection. If you are behind a firewall, open port 24441/udp in and out to your server. While you're at it also open up 6277/udp for DCC, 2703/tcp for Razor and 783/tcp for SpamAssassin:

mkdir /var/lib/MailScanner
pyzor --homedir=/var/lib/MailScanner discover
pyzor ping

 

Razor Configuration

Create the .razor configuration:

cd && rm /etc/razor/razor-agent.conf
mkdir /var/lib/MailScanner/.razor
razor-admin -home=/var/lib/MailScanner/.razor -create
razor-admin -home=/var/lib/MailScanner/.razor -discover
razor-admin -home=/var/lib/MailScanner/.razor -register

vi /var/lib/MailScanner/.razor/razor-agent.conf

debuglevel      = 0
razorhome 	     = /var/lib/MailScanner/.razor/

 

Install dependencies:

apt-get install libconvert-tnef-perl libdbd-sqlite3-perl libfilesys-df-perl libmailtools-perl libmime-tools-perl libmime-perl libnet-cidr-perl libsys-syslog-perl libio-stringy-perl libfile-temp-perl libole-storage-lite-perl libarchive-zip-perl libsys-hostname-long-perl libnet-cidr-lite-perl libhtml-parser-perl libdb-file-lock-perl libnet-dns-perl libncurses5-dev libdigest-hmac-perl libdigest-sha1-perl libnet-ip-perl liburi-perl libfile-spec-perl spamassassin libnet-ident-perl libmail-spf-query-perl libmail-dkim-perl dnsutils libio-socket-ssl-perl gdebi-core

 

Download and install the latest MailScanner:

cd /usr/src && wget http://www.mailscanner.info/files/4/tar/MailScanner-install-4.81.4-1.tar.gz
tar xvfz MailScanner-install-4.81.4-1.tar.gz && cd MailScanner-install-4.81.4
./install.sh

Run crontab -e and add the following entries:

37      5 * * *  /opt/MailScanner/bin/update_phishing_sites &> /dev/null 
07      * * * *  /opt/MailScanner/bin/update_bad_phishing_sites &> /dev/null 
58     23 * * * /opt/MailScanner/bin/clean.quarantine &> /dev/null 
42      * * * *  /opt/MailScanner/bin/update_virus_scanners &> /dev/null 
3,23,43 * * * *  /opt/MailScanner/bin/check_mailscanner &> /dev/null 

 

SpamAssassin

First we need to disable the default SpamAssassin configuration file:

mv /etc/spamassassin/local.cf /etc/spamassassin/local.cf.disabled

Now let's backup the SpamAssassin configuration file in MailScanner then edit:

cp /opt/MailScanner/etc/spam.assassin.prefs.conf /opt/MailScanner/etc/spam.assassin.prefs.conf.back

 

SpamAssassin SQL Bayes

Pre-requisities: You'll need the perl-DBI and perl-DBD-MySQL modules installed.

Assumptions and Variables:

SpamAssassin Bayes Database Name: sa_bayes
SpamAssassin Bayes Database UserName: sa_user
SpamAssassin Bayes Database Password: sa_password

Create the MySQL database on the server where you intend on storing the bayesian information.

mysql -u root -p
mysql> create database sa_bayes;
mysql> GRANT ALL ON sa_bayes.* TO sa_user@localhost IDENTIFIED BY 'sa_password';
mysql> flush privileges;

Import database structure:

mysql -u sa_user -p sa_bayes < /usr/share/doc/spamassassin/sql/bayes_mysql.sql

vi /etc/spamassassin/v310.pre to enable DCC:

loadplugin  Mail::SpamAssassin::Plugin::DCC

Create the following to prevent an error in a lint test:

mkdir /var/www/.spamassassin

vi /opt/MailScanner/etc/spam.assassin.prefs.conf

and add the following to the top:

#pyzor
use_pyzor 1
pyzor_options --homedir /var/lib/MailScanner/
   
#razor
use_razor2 1
razor_config /var/lib/MailScanner/.razor/razor-agent.conf

Fix DCC path:

dcc_path /usr/bin/dccproc

Update header string:

bayes_ignore_header X-YOURDOMAIN-COM-MailScanner
bayes_ignore_header X-YOURDOMAIN-COM-MailScanner-SpamCheck
bayes_ignore_header X-YOURDOMAIN-COM-MailScanner-SpamScore
bayes_ignore_header X-YOURDOMAIN-COM-MailScanner-Information
#use_auto_whitelist 0

"YOURDOMAIN-COM" should be replaced with whatever you used for "%org-name%" in the MailScanner.conf file. Leave the "X-" in place. This is the same orgname used in the MailScanner.conf above.

Add sql connection string to bottom:

bayes_store_module Mail::SpamAssassin::BayesStore::SQL
bayes_sql_dsn DBI:mysql:sa_bayes:localhost
bayes_sql_username sa_user
bayes_sql_password sa_password
bayes_sql_override_username root

vi v310.pre

and comment out domainkeys since DKIM has superseeded it:

#loadplugin  Mail::SpamAssassin::Plugin::DomainKeys

Add it to cron:

30 01 * * * /usr/bin/sa-learn --force-expire --sync -p /opt/MailScanner/etc/spam.assassin.prefs.conf 

Install missing perl packages:

perl -MCPAN -e shell
install IP::Country::Fast
install Encode::Detect
install Crypt::OpenSSL::RSA

Set permissions to bring it all together:

chown -R postfix:www-data /var/spool/postfix/hold
chmod -R ug+rwx /var/spool/postfix/hold

Test out the setup:

spamassassin -x -D -p /opt/MailScanner/etc/spam.assassin.prefs.conf --lint

Check for lines like:

debug: bayes: Database connection established
debug: bayes: found bayes db version 3
debug: bayes: Using userid: 2

You should see lines come up with DCC, Pyzor and Razor that say loading plugin and hopefully no errors.

 

MailScanner Configuration

We need to make a directory for SpamAssassin in the spool and give postfix permissions to it, if you run sa-learn --force as root, bayes databese that is stored in these directories will change to root:root and spamassassin will error looking at the db. Just keep an eye on the mail.log and you'll remember to change the permissions back. Also disable the MailScanner default configs:

mkdir /var/spool/MailScanner/spamassassin

Backup your MailScanner.conf file:

cp /opt/MailScanner/etc/MailScanner.conf /opt/MailScanner/etc/MailScanner.conf.dist
vi /opt/MailScanner/etc/MailScanner.conf

Change the following parameters in MailScanner.conf with the following script:

vi /usr/src/mailscanner.sh

chmod +x mailscanner.sh

and run using

./usr/src/mailscanner.sh

sed -i "/^%org-name% =/ c\%org-name% =orgname" /opt/MailScanner/etc/MailScanner.conf
sed -i "/^%org-long-name% =/ c\%org-long-name% = longorgname" /opt/MailScanner/etc/MailScanner.conf
sed -i "/^%web-site% =/ c\%web-site% = www.domain.tld" /opt/MailScanner/etc/MailScanner.conf
sed -i "/^Run As User =/ c\Run As User = postfix" /opt/MailScanner/etc/MailScanner.conf
sed -i "/^Run As Group =/ c\Run As Group =  www-data" /opt/MailScanner/etc/MailScanner.conf
sed -i "/^Incoming Work Group =/ c\Incoming Work Group = clamav" /opt/MailScanner/etc/MailScanner.conf
sed -i "/^Incoming Work Permissions =/ c\Incoming Work Permissions = 0640" /opt/MailScanner/etc/MailScanner.conf
sed -i "/^Incoming Queue Dir =/ c\Incoming Queue Dir = /var/spool/postfix/hold" /opt/MailScanner/etc/MailScanner.conf
sed -i "/^Outgoing Queue Dir =/ c\Outgoing Queue Dir = /var/spool/postfix/incoming" /opt/MailScanner/etc/MailScanner.conf
sed -i "/^MTA =/ c\MTA = postfix" /opt/MailScanner/etc/MailScanner.conf
sed -i "/^Quarantine User =/ c\Quarantine User = root" /opt/MailScanner/etc/MailScanner.conf
sed -i "/^Quarantine Group =/ c\Quarantine Group = www-data" /opt/MailScanner/etc/MailScanner.conf
sed -i "/^Quarantine Permissions =/ c\Quarantine Permissions = 0660" /opt/MailScanner/etc/MailScanner.conf
sed -i "/^Quarantine Whole Message =/ c\Quarantine Whole Message = yes" /opt/MailScanner/etc/MailScanner.conf
sed -i "/^Virus Scanners =/ c\Virus Scanners = clamd" /opt/MailScanner/etc/MailScanner.conf
sed -i "/^Monitors for ClamAV Updates =/ c\Monitors for ClamAV Updates = /var/lib/clamav/*.cld /var/lib/clamav/*.cvd" /opt/MailScanner/etc/MailScanner.conf
sed -i "/^Clamd Socket =/ c\Clamd Socket = /var/run/clamav/clamd.ctl" /opt/MailScanner/etc/MailScanner.conf
sed -i "/^Clamd Lock File =/ c\Clamd Lock File = /var/run/clamav/clamd.pid" /opt/MailScanner/etc/MailScanner.conf
sed -i "/^Spam Subject Text =/ c\Spam Subject Text = ***SPAM***" /opt/MailScanner/etc/MailScanner.conf
sed -i "/^Spam Actions =/ c\Spam Actions = deliver store" /opt/MailScanner/etc/MailScanner.conf
sed -i "/^High Scoring Spam Actions =/ c\High Scoring Spam Actions = store delete" /opt/MailScanner/etc/MailScanner.conf
sed -i "/^Non Spam Actions =/ c\Non Spam Actions = deliver store" /opt/MailScanner/etc/MailScanner.conf
sed -i "/^SpamAssassin User State Dir =/ c\SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin" /opt/MailScanner/etc/MailScanner.conf 

*Note: Make sure to change the items in red before running the script.

 

MailScanner Startup Script:

vi /etc/init.d/mailscanner

with the following and do a

chmod +x /etc/init.d/mailscanner

#! /bin/sh
   ### BEGIN INIT INFO
   # Provides:          MailScanner daemon
   # Required-Start:    $local_fs $remote_fs
   # Required-Stop:     $local_fs $remote_fs
   # Default-Start:     2 3 4 5
   # Default-Stop:      0 1 6
   # Short-Description: Controls mailscanner instances
   # Description:       MailScanner is a queue-based spam/virus filter
   ### END INIT INFO
   # Author: Simon Walter <simon.walter@hp-factory.de>
   # PATH should only include /usr/* if it runs after the mountnfs.sh script
   PATH=/usr/sbin:/usr/bin:/bin:/sbin:/opt/MailScanner/bin
   DESC="mail spam/virus scanner"
   NAME=MailScanner
   PNAME=mailscanner
   DAEMON=/opt/MailScanner/bin/$NAME
   STARTAS=MailScanner
   SCRIPTNAME=/etc/init.d/$PNAME
   CONFFILE=/opt/MailScanner/etc/MailScanner.conf
   # Exit if the package is not installed
   [ -x "$DAEMON" ] || exit 0
   run_nice=0
   stopped_lockfile=/var/lock/subsys/MailScanner.off
   # Read configuration variable file if it is present
   [ -r /etc/default/$PNAME ] && . /etc/default/$PNAME
   # Load the VERBOSE setting and other rcS variables
   . /lib/init/vars.sh
   # Define LSB log_* functions.
   # Depend on lsb-base (>= 3.0-6) to ensure that this file is present.
   . /lib/lsb/init-functions
   # sanity check for permissions
   fail()
   {
   echo >&2 "$0: $1"
   exit 1
   }
   check_dir()
   {
   if [ ! -d $1 ]; then
   mkdir -p "$1" || \
   fail "directory $1: does not exist and cannot be created"
   fi
   actual="$(stat -c %U $1)"
   if [ "$actual" != "$2" ]; then
   chown -R "$2" "$1" || \
   fail "directory $1: wrong owner (expected $2 but is $actual)"
   fi
   actual="$(stat -c %G $1)"
   if [ "$actual" != "$3" ]; then
   chgrp -R "$3" "$1" || \
   fail "directory $1: wrong group (expected $3 but is $actual)"
   fi
   }
   user=$(echo $(awk -F= '/^Run As User/ {print $2; exit}' $CONFFILE))
   group=$(echo $(awk -F= '/^Run As Group/ {print $2; exit}' $CONFFILE))
   check_dir /var/spool/MailScanner       ${user:-postfix} ${group:-www-data}
   check_dir /var/lib/MailScanner         ${user:-postfix} ${group:-www-data}
   check_dir /var/run/MailScanner         ${user:-postfix} ${group:-www-data}
   check_dir /var/lock/subsys	${user:-root}	${group:-root} #Required to Create Folder
   check_dir /var/lock/subsys/MailScanner ${user:-postfix} ${group:-www-data}
   #
   # Function that starts the daemon/service
   #
   do_start()
   {
   # Return
   #   0 if daemon has been started
   #   1 if daemon was already running
   #   2 if daemon could not be started
   start-stop-daemon --start --quiet --startas $STARTAS --name $NAME --test > /dev/null \
   || return 1
   start-stop-daemon --start --quiet --nicelevel $run_nice --chuid postfix:www-data --exec $DAEMON --name $NAME -- $DAEMON_ARGS \
   || return 2
   # Add code here, if necessary, that waits for the process to be ready
   # to handle requests from services started subsequently which depend
   # on this one.  As a last resort, sleep for some time.
   # Set lockfile to inform cronjobs about the running daemon
   RETVAL="$?"
   if [ $RETVAL -eq 0 ]; then
   touch /var/lock/subsys/mailscanner
   rm -f $stopped_lockfile
   fi
   if [ $RETVAL -eq 0 ]; then
   echo "MailScanner Started"
   fi
   }
   #
   # Function that stops the daemon/service
   #
   do_stop()
   {
   # Return
   #   0 if daemon has been stopped
   #   1 if daemon was already stopped
   #   2 if daemon could not be stopped
   #   other if a failure occurred
   start-stop-daemon --stop --retry=TERM/30 --name $NAME
   RETVAL="$?"
   [ "$RETVAL" = 2 ] && return 2
   # Remove lockfile for cronjobs
   if [ $RETVAL -eq 0 ]; then
   rm -f /var/lock/subsys/mailscanner
   touch $stopped_lockfile
   fi
   if [ $RETVAL -eq 0 ]; then
   echo "MailScanner Stopped"
   fi
   }
   #
   # Function that sends a SIGHUP to the daemon/service
   #
   do_reload() {
   start-stop-daemon --stop --signal 1 --quiet --name $NAME
   return 0
   }
   case "$1" in
   start)
   [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME"
   do_start
   case "$?" in
   0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
   2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
   esac
   ;;
   stop)
   [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME"
   do_stop
   case "$?" in
   0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
   2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
   esac
   ;;
   restart|force-reload)
   #
   # If the "reload" option is implemented then remove the
   # 'force-reload' alias
   #
   log_daemon_msg "Restarting $DESC" "$NAME"
   do_stop
   case "$?" in
   0|1)
   do_start
   case "$?" in
   0) log_end_msg 0 ;;
   1) log_end_msg 1 ;; # Old process is still running
   *) log_end_msg 1 ;; # Failed to start
   esac
   ;;
   *)
   # Failed to stop
   log_end_msg 1
   ;;
   esac
   ;;
   *)
   echo "Usage: $SCRIPTNAME {start|stop|restart|force-reload}" >&2
   exit 3
   ;;
   esac
 exit 0

Create Symlinks for mailscanner script to work:

chmod 755 /etc/init.d/mailscanner
update-rc.d mailscanner defaults
ln -s /opt/MailScanner/bin/Quick.Peek /usr/sbin/Quick.Peek

Start the system:

/etc/init.d/mailscanner start
/etc/init.d/postfix start

Check your logs for errors:

tail -f /var/log/mail.log

Check your mail.log (tail –f /var/log/mail.log) and you should see the following:

Jun 13 12:18:23 hoshi MailScanner[26388]: MailScanner E-Mail Virus Scanner version 4.81.4 starting...

Congratulations - you now have MailScanner logging to MySQL.

Share this page:

39 Comment(s)

Add comment

Comments

From: at: 2010-12-03 02:06:32

Updated.

From: tokamak at: 2010-12-02 01:46:55

 i get an script error for the postfix.sh


Zeile 41: Syntaxfehler beim unerwarteten Wort `(' 


LINE 41: Syntaxerror  unknow word  `('


 


 


 

From: Matt Juaire at: 2011-01-20 01:14:37

I know the howto has this setup on a virtual server. What did you recommend to give to the system for resources (cpu count, memory, hd size)?

From: at: 2011-01-20 15:29:13

This is my current setup:


CPU: 2.8GHZ divided by 3 vms


Ram: 1GB allocated for vm


HDD: 5GB allocated for vm


As you can see, my setup is a vm and I only filter 2 local domains.  Based on your needs, you may need to increase your HDD space for quarantine.  You can install this as a vm or as a stand alone.

From: at: 2011-03-17 16:23:01


your tutorial is very interesting, but i think that it could be more simple for a lot of people to install a solution like  MailCleaner Open Source Edition



Installation CD ISO image and full web admin interface


The result will be quite the same


 Olivier


From: at: 2010-12-21 17:38:17

Hi!


As always, great guide! 


I am using Ubuntu Server 10.04 and in "Install missing perl packages" step I get the following error:


---


root@spamsnake:~# perl -MCPAN -e shell
Terminal does not support AddHistory.

cpan shell -- CPAN exploration and modules installation (v1.9402)
Enter 'h' for help.

cpan[1]> install Crypt::OpenSSL::RSA
CPAN: Storable loaded ok (v2.20)
Going to read '/root/.cpan/Metadata'
  Database was generated on Tue, 21 Dec 2010 16:35:00 GMT
Running install for module 'Crypt::OpenSSL::RSA'
CPAN: Data::Dumper loaded ok (v2.124)
'YAML' not installed, falling back to Data::Dumper and Storable to read prefs '/root/.cpan/prefs'
Running make for I/IR/IROBERTS/Crypt-OpenSSL-RSA-0.26.tar.gz
CPAN: Digest::SHA loaded ok (v5.47)
CPAN: Compress::Zlib loaded ok (v2.02)
Checksum for /root/.cpan/sources/authors/id/I/IR/IROBERTS/Crypt-OpenSSL-RSA-0.26.tar.gz ok
Scanning cache /root/.cpan/build for sizes
............................................................................DONE
CPAN: Archive::Tar loaded ok (v1.52)
Crypt-OpenSSL-RSA-0.26/
Crypt-OpenSSL-RSA-0.26/RSA.xs
Crypt-OpenSSL-RSA-0.26/RSA.pm
Crypt-OpenSSL-RSA-0.26/typemap
Crypt-OpenSSL-RSA-0.26/MANIFEST
Crypt-OpenSSL-RSA-0.26/Makefile.PL
Crypt-OpenSSL-RSA-0.26/LICENSE
Crypt-OpenSSL-RSA-0.26/Changes
Crypt-OpenSSL-RSA-0.26/t/
Crypt-OpenSSL-RSA-0.26/t/format.t
Crypt-OpenSSL-RSA-0.26/t/bignum.t
Crypt-OpenSSL-RSA-0.26/t/rsa.t
Crypt-OpenSSL-RSA-0.26/README
Crypt-OpenSSL-RSA-0.26/META.yml
CPAN: File::Temp loaded ok (v0.22)

  CPAN.pm: Going to build I/IR/IROBERTS/Crypt-OpenSSL-RSA-0.26.tar.gz

Checking if your kit is complete...
Looks good
Warning: prerequisite Crypt::OpenSSL::Random 0 not found.
Writing Makefile for Crypt::OpenSSL::RSA
Could not read '/root/.cpan/build/Crypt-OpenSSL-RSA-0.26-PTQVSZ/META.yml'. Falling back to other methods to determine prerequisites
---- Unsatisfied dependencies detected during ----
----  IROBERTS/Crypt-OpenSSL-RSA-0.26.tar.gz  ----
    Crypt::OpenSSL::Random [requires]
Shall I follow them and prepend them to the queue
of modules we are processing right now? [yes]
Running make test
  Delayed until after prerequisites
Running make install
  Delayed until after prerequisites
Running install for module 'Crypt::OpenSSL::Random'
'YAML' not installed, falling back to Data::Dumper and Storable to read prefs '/root/.cpan/prefs'
Running make for I/IR/IROBERTS/Crypt-OpenSSL-Random-0.04.tar.gz
Checksum for /root/.cpan/sources/authors/id/I/IR/IROBERTS/Crypt-OpenSSL-Random-0.04.tar.gz ok
Crypt-OpenSSL-Random-0.04/
Crypt-OpenSSL-Random-0.04/Random.pm
Crypt-OpenSSL-Random-0.04/Random.xs
Crypt-OpenSSL-Random-0.04/LICENSE
Crypt-OpenSSL-Random-0.04/Changes
Crypt-OpenSSL-Random-0.04/test.pl
Crypt-OpenSSL-Random-0.04/Makefile.PL
Crypt-OpenSSL-Random-0.04/META.yml
Crypt-OpenSSL-Random-0.04/MANIFEST

  CPAN.pm: Going to build I/IR/IROBERTS/Crypt-OpenSSL-Random-0.04.tar.gz

Checking if your kit is complete...
Looks good
Writing Makefile for Crypt::OpenSSL::Random
Could not read '/root/.cpan/build/Crypt-OpenSSL-Random-0.04-T4RbJx/META.yml'. Falling back to other methods to determine prerequisites
cp Random.pm blib/lib/Crypt/OpenSSL/Random.pm
AutoSplitting blib/lib/Crypt/OpenSSL/Random.pm (blib/lib/auto/Crypt/OpenSSL/Random)
/usr/bin/perl /usr/share/perl/5.10/ExtUtils/xsubpp  -typemap /usr/share/perl/5.10/ExtUtils/typemap  Random.xs > Random.xsc && mv Random.xsc Random.c
Please specify prototyping behavior for Random.xs (see perlxs manual)
cc -c   -D_REENTRANT -D_GNU_SOURCE -DDEBIAN -fno-strict-aliasing -pipe -fstack-protector -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -O2 -g   -DVERSION=\"0.04\" -DXS_VERSION=\"0.04\" -fPIC "-I/usr/lib/perl/5.10/CORE"   Random.c
Random.xs:5:26: error: openssl/rand.h: No such file or directory
make: *** [Random.o] Error 1
  IROBERTS/Crypt-OpenSSL-Random-0.04.tar.gz
  /usr/bin/make -- NOT OK
Warning (usually harmless): 'YAML' not installed, will not store persistent state
Running make test
  Can't test without successful make
Running make install
  Make had returned bad status, install seems impossible
Running make for I/IR/IROBERTS/Crypt-OpenSSL-RSA-0.26.tar.gz
  Has already been unwrapped into directory /root/.cpan/build/Crypt-OpenSSL-RSA-0.26-PTQVSZ

  CPAN.pm: Going to build I/IR/IROBERTS/Crypt-OpenSSL-RSA-0.26.tar.gz

Warning: Prerequisite 'Crypt::OpenSSL::Random => 0' for 'IROBERTS/Crypt-OpenSSL-RSA-0.26.tar.gz' failed when processing 'IROBERTS/Crypt-OpenSSL-Random-0.04.tar.gz' with 'make => NO'. Continuing, but chances to succeed are limited.
CPAN: Time::HiRes loaded ok (v1.9719)
cp RSA.pm blib/lib/Crypt/OpenSSL/RSA.pm
AutoSplitting blib/lib/Crypt/OpenSSL/RSA.pm (blib/lib/auto/Crypt/OpenSSL/RSA)
/usr/bin/perl /usr/share/perl/5.10/ExtUtils/xsubpp  -typemap /usr/share/perl/5.10/ExtUtils/typemap -typemap typemap  RSA.xs > RSA.xsc && mv RSA.xsc RSA.c
cc -c   -D_REENTRANT -D_GNU_SOURCE -DDEBIAN -fno-strict-aliasing -pipe -fstack-protector -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -O2 -g   -DVERSION=\"0.26\" -DXS_VERSION=\"0.26\" -fPIC "-I/usr/lib/perl/5.10/CORE"  -DPERL5 -DOPENSSL_NO_KRB5 RSA.c
RSA.xs:5:25: error: openssl/bio.h: No such file or directory
[several errors like above...]
make: *** [RSA.o] Error 1
  IROBERTS/Crypt-OpenSSL-RSA-0.26.tar.gz
  /usr/bin/make -- NOT OK
Warning (usually harmless): 'YAML' not installed, will not store persistent state
Running make test
  Can't test without successful make
Running make install
  Make had returned bad status, install seems impossible
Failed during this command:
 IROBERTS/Crypt-OpenSSL-Random-0.04.tar.gz    : make NO
 IROBERTS/Crypt-OpenSSL-RSA-0.26.tar.gz       : make NO

cpan[2]>


---


Any ideas of how to fix it?

From: Naz at: 2010-12-08 03:48:32

Hi, thank you for the great how-to. pyzor_add_header 1 is no longer a valid config option with the newer versions of spamassassin and will generate warning. You can see it at the --lint output.

From: at: 2010-12-08 15:22:56

Updated thanks.

From: Anonymous at: 2010-12-07 15:07:58

 spamassing test error

 

Dec  7 15:20:15.262 [15606] warn: config: failed to parse line, skipping, in "/etc/spamassassin/mailscanner.cf": pyzor_add_header 1

Dec  7 15:20:15.264 [15606] warn: config: failed to parse line, skipping, in "/opt/MailScanner/etc/spam.assassin.prefs.conf": pyzor_add_header 1                                          

best regards

 

 

 

From: at: 2010-12-04 17:11:04

Guide updated, mailscanner should be installed first.

From: Anonymous at: 2010-12-04 09:51:46

there is no directory: cp /opt/MailScanner/etc/spam.assassin.prefs.conf


 

From: Eddo at: 2010-11-30 14:49:36

Great I was waiting for this one!


At step 7 I think you mean the libclamav-client-perl?


Regards,

From: Eddo at: 2010-11-30 14:58:36

Great I was waiting for this one!


At step 7 I think you mean the libclamav-client-perl? and should we install spamassassin here or download it and install from source?


Regards,

From: at: 2010-12-01 19:16:11

It should be libclamav6. Also, I moved the dependencies up a bit, we want it before the spamassassin section.


From: at: 2010-12-23 06:51:38

You do not have the openssl header files. Random.xs:5:26: error: openssl/rand.h: No such file or directory


 Install the openssl-dev package

From: w0rldart at: 2011-01-17 13:03:42

Hi, i am suposed to look for 




debug: bayes: Database connection established
debug: bayes: found bayes db version 3
debug: bayes: Using userid: 2

as response to  spamassassin -x -D -p /opt/MailScanner/etc/spam.assassin.prefs.conf --lint , but in stead i get



 Jan 17 13:56:55.129 [10360] dbg: timing: total 1152 ms - init: 770 (66.8%), parse: 0.81 (0.1%), extract_message_metadata: 1.36 (0.1%), get_uri_detail_list: 0.98 (0.1%), tests_pri_-1000: 7 (0.6%), compile_gen: 149 (12.9%), compile_eval: 16 (1.4%), tests_pri_-950: 5 (0.4%), tests_pri_-900: 5 (0.5%), tests_pri_-400: 5 (0.4%), tests_pri_0: 309 (26.8%), tests_pri_500: 45 (3.9%)

Jan 17 13:56:55.129 [10360] warn: lint: 2 issues detected, please rerun with debug enabled for more information


 


 Can any1 help me out?

From: at: 2011-01-18 13:40:28

Hi,


Please post your issue in the support forum and we'll gladly help you out.


Thanks,


Rocky

From: Anvar at: 2011-02-10 07:58:09

Maybe handy to add the location of the master.cf file; /etc/postfix

From: Anvar at: 2011-02-10 08:30:57

Best to install the clamav data;


 apt-get install clamav-data and afterwards /etc/init.d/clamav-daemon start

From: Alexander Meesters at: 2011-04-06 12:33:52

i think its better to use:

 sudo update-rc.d mailscanner defaults

 then creating it by hand...

From: lugi at: 2011-04-15 16:05:24

When i trying to lauch => install Crypt::OpenSSL::RSA i have this problem . Can you help me please.

I trying => Crypt::OpenSSL::Random  but it doesn't work also 

 

Checking if your kit is complete...
Looks good
Writing Makefile for Crypt::OpenSSL::Random
cp Random.pm blib/lib/Crypt/OpenSSL/Random.pm
AutoSplitting blib/lib/Crypt/OpenSSL/Random.pm (blib/lib/auto/Crypt/OpenSSL/Random)
/usr/bin/perl /usr/share/perl/5.10/ExtUtils/xsubpp  -typemap /usr/share/perl/5.10/ExtUtils/typemap  Random.xs > Random.xsc && mv Random.xsc Random.c
Please specify prototyping behavior for Random.xs (see perlxs manual)
cc -c   -D_REENTRANT -D_GNU_SOURCE -DDEBIAN -fno-strict-aliasing -pipe -fstack-protector -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -O2 -g   -DVERSION=\"0.04\" -DXS_VERSION=\"0.04\" -fPIC "-I/usr/lib/perl/5.10/CORE"   Random.c
Random.xs:5: fatal error: openssl/rand.h: No such file or directory
compilation terminated.
make: *** [Random.o] Error 1
  IROBERTS/Crypt-OpenSSL-Random-0.04.tar.gz
  /usr/bin/make -- NOT OK
Running make test
  Can't test without successful make
Running make install
  Make had returned bad status, install seems impossible
Running make for I/IR/IROBERTS/Crypt-OpenSSL-RSA-0.26.tar.gz
  Has already been unwrapped into directory /root/.cpan/build/Crypt-OpenSSL-RSA-0.26-OaSkf7

  CPAN.pm: Going to build I/IR/IROBERTS/Crypt-OpenSSL-RSA-0.26.tar.gz

Warning: Prerequisite 'Crypt::OpenSSL::Random => 0' for 'IROBERTS/Crypt-OpenSSL-RSA-0.26.tar.gz' failed when processing 'IROBERTS/Crypt-OpenSSL-Random-0.04.tar.gz' with 'make => NO'. Continuing, but chances to succeed are limited.
CPAN: Time::HiRes loaded ok (v1.9719)
cp RSA.pm blib/lib/Crypt/OpenSSL/RSA.pm
AutoSplitting blib/lib/Crypt/OpenSSL/RSA.pm (blib/lib/auto/Crypt/OpenSSL/RSA)
/usr/bin/perl /usr/share/perl/5.10/ExtUtils/xsubpp  -typemap /usr/share/perl/5.10/ExtUtils/typemap -typemap typemap  RSA.xs > RSA.xsc && mv RSA.xsc RSA.c
cc -c   -D_REENTRANT -D_GNU_SOURCE -DDEBIAN -fno-strict-aliasing -pipe -fstack-protector -I/usr/local/include -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -O2 -g   -DVERSION=\"0.26\" -DXS_VERSION=\"0.26\" -fPIC "-I/usr/lib/perl/5.10/CORE"  -DPERL5 -DOPENSSL_NO_KRB5 RSA.c
RSA.xs:5: fatal error: openssl/bio.h: No such file or directory
compilation terminated.
make: *** [RSA.o] Error 1
  IROBERTS/Crypt-OpenSSL-RSA-0.26.tar.gz
  /usr/bin/make -- NOT OK
Running make test
  Can't test without successful make
Running make install
  Make had returned bad status, install seems impossible

From: at: 2011-04-18 17:53:20


Try:


apt-get install libcrypt-openssl-random-perl libcrypt-openssl-rsa-perl


From: Tony Grenda at: 2011-05-12 19:44:07

I had to open Port 873/TCP on my firewall for the rsync protocol to work for the SaneSecurity signatures to download.

From: at: 2011-12-06 19:43:45

How can i customize spamassassin rules? baruwa is reporting valid mail marked as spam:

3.09  DOS_OE_TO_MX                  Delivered direct to MX with OE headers
0.00 DYN_RDNS_SHORT_HELO_HTML Sent by dynamic rDNS, short HELO, and HTML
0.00 FSL_HELO_NON_FQDN_1
0.00 HELO_NO_DOMAIN Relay reports its domain incorrectly
0.00 HTML_MESSAGE HTML included in message
3.56 RCVD_IN_PBL Received via a relay in Spamhaus PBL
1.28 RCVD_IN_RP_RNBL Relay in RNBL, https://senderscore.org/blacklistlookup/
0.36 RDNS_DYNAMIC Delivered to internal network by host with dynamic-looking rDNS

Thanks

From: at: 2012-03-12 00:21:52

on ubuntu its

apt-get install libssl-dev

regards

From: Eddo Jansen at: 2010-12-09 12:53:50


Even after your latest changes I get the Insecure dependency error.

save_execute: Insecure dependency in open while running with -T switch at /usr/share/perl5/FuzzyOcr/Misc.pm line 92.
save_execute: Insecure dependency in open while running with -T switch at /usr/share/perl5/FuzzyOcr/Misc.pm line 92.
Dec  9 13:49:16.320 [26635] dbg: FuzzyOcr: Elapsed [26653]: 0.041086 sec. (/usr/bin/giftext: exit 8)
Dec  9 13:49:16.320 [26635] warn: readline() on closed filehandle INFILE at /usr/share/perl5/FuzzyOcr/Misc.pm line 205.
Dec  9 13:49:16.321 [26635] info: FuzzyOcr: Image is single non-interlaced...
Dec  9 13:49:16.324 [26635] warn: rules: failed to run FUZZY_OCR test, skipping:
Dec  9 13:49:16.324 [26635] warn:  (Insecure dependency in printf while running with -T switch at /usr/share/perl5/FuzzyOcr.pm line 469.
Dec  9 13:49:16.324 [26635] warn: )
root@srvnld0005:/usr/src# Insecure dependency in printf while running with -T switch at /usr/share/perl5/FuzzyOcr.pm line 469.


apt-get install fuzzyocr 3 does not work for me... only if I do not configure the database...


Any thoughts on this?

From: at: 2010-12-10 22:13:37

For future problems, please post support questions in the forum.


 Please remove Fuzzy by doing:


apt-get install fuzzyocr netpbm gifsicle libungif-bin gocr ocrad libstring-approx-perl libmldbm-sync-perl libdigest-md5-perl libdbd-mysql-perl imagemagick tesseract-ocr fuzzyocr3


If anything is left, run apt-get autoremove to get rid of them.


Redo the complete FuzzyOcr section and you shouldn't have any problems.

From: at: 2010-12-04 20:34:29

Hmm, that is really strange, I must have uploaded the wrong baruwa to my storage.  I have a modified version for this install. 

 Link is good now.

From: Eddo Jansen at: 2010-12-03 12:34:31

Great guide but I came across some minor issue's...


Beside making the Spamassassin modifications after you install MailScanner, Baruwa installs a package maintained version of MailScanner as a missing dependency and places the essential .pm files in /etc/MailScanner/CustomFunctions...


You will have to move these files to the correct location:


mv /etc/MailScanner/CustomFunctions/Baruwa* /opt/MailScanner/lib/MailScanner/CustomFunctions/


Rename the old version of MailScanner to avoid problems:


mv /etc/MailScanner/ /etc/MailScanner_obsolete


Make sure you have not overwritten the /etc/init.d/mailscanner script by installing the Baruwa dependencies, otherwise make the appropriate changes to that file.


I thought I should share this with you, it might give people a headache (It gave me one  )


Cheers!

From: Sander de Rijk at: 2011-02-11 07:15:19

Great guide, I followed it and it indeed stops all my spam with no false positives :)


A few notes though: 


Baruwa recommends to install it on apache and most people already have apache running. It took me some extra work to get it running on apache but I suggest you include that in your guide or a link telling that you can actually also run it on apache.


The second one is SPF related. My DNS service also has a relayservice for email in case my mailserver is down. The current SPF setup will bounce mail because it doesnt understand that the relayservice should be trusted for the SPF module. I turned it off and still need to dig into it so that host is excluded from SPF checks.


 If you install all the cronjobs that you specified directly you will get ALOT of emails from the mailserver. I suggest to test them and then add &> /dev/null at the end of every line.

From: at: 2011-02-15 02:03:46

Thank you, really appreciate your suggestions.


Baruwa can be installed on any webserver than can run Django and nginx happens to be very fast and light.  Apache is supported out of the box with the distributed release but my custom package is strictly for nginx, which was chosen to make the system as slim as possible.


As for the SPF issue, this build has a global whitelist, which will bypass all checks once you have that ip/host in the whitelist.  Go ahead and whitelist your relayhost and that should bypass SPF checks.

From: John M at: 2011-04-06 18:40:26

The /usr/sbin/fuzzy-cleanmysql didn't work for my until I changed the following line

while () {

to

while(<CONFIG>) {


A nasty infinite loop occurs otherwise.

From: at: 2011-04-20 13:49:19

Thanks.

From: Tony Grenda at: 2011-05-12 18:49:28

I had to create a symlink to the /tmp/mysql.sock file since Ubuntu does not use this file (it is /var/run/mysqld/mysqld.sock). Use the next line to creat the symlink.

sudo ln -s /var/run/mysqld/mysqld.sock /tmp/mysql.sock

I could not get the FuzzyOcr check using spamassassin to work properly until I made the change.

From: at: 2011-06-10 08:08:56

Upgrade worked like a charm, thanks.

From: at: 2011-07-12 07:13:00

Great guide but shouldnt you have Baruwa installed AFTER Nginx? as you call for it to be restarted in step 8 but it isnt installed until step 9.

From: kup at: 2011-10-24 08:25:47

Hello. For the first, I would like to say - this is a great howto. My question ... do you have in your repositories the latest version of Baruwa frontend (1.1.1)? Many thanks.

From: at: 2012-02-16 13:18:01

The confusion is caused by the upgrade section.  You have to completely finish the build first then go back and do the upgrade.

From: at: 2012-02-16 13:18:38

Done, check the guide.