The Perfect SpamSnake - Ubuntu Jeos 12.04 LTS Precise Pangolin - Page 2

7. Install MailScanner (Apparmor, Clamav, DCC, Pyzor, Razor and Spamassassin)

apt-get install razor pyzor clamav-daemon libclamav6 apparmor -y


Apparmor configuration for Clamav

Add clamav to the www-data group so that it can access the directory:

usermod -a -G www-data clamav

Now edit the profile for clamd:

vi /etc/apparmor.d/usr.sbin.clamd

and add the following to the list of folders:

   /var/spool/MailScanner/** rw,
   /var/spool/MailScanner/incoming/** rw,

Reload apparmor:

/etc/init.d/apparmor reload


DCC 32bit/64bit Configuration

Install DCC from .deb source:

cd /tmp
wget$(uname -m | sed -e 's/x86_64/amd64/' -e 's/i686/i386/').deb && dpkg -i dcc-common_1.3.130-0ubuntu1~ppa2~quantal1_$(uname -m | sed -e 's/x86_64/amd64/' -e 's/i686/i386/').deb
wget$(uname -m | sed -e 's/x86_64/amd64/' -e 's/i686/i386/').deb && dpkg -i dcc-client_1.3.130-0ubuntu1~ppa2~quantal1_$(uname -m | sed -e 's/x86_64/amd64/' -e 's/i686/i386/').deb

Test our installation with:

cdcc info

You should get 'requests ok' from the servers.


Pyzor Configuration

Because pyzor doesn’t work with python2.6 very well, the workaround is to append the following to the first line of /usr/bin/pyzor to make it look like:

#!/usr/bin/python -Wignore::DeprecationWarning

Here we supply the IP address of the Pyzor server to Pyzor. This will create the server's IP address in a servers file therein. Then it will test the connection. If you are behind a firewall, open port 24441/udp in and out to your server. While you're at it also open up 6277/udp for DCC, 2703/tcp for Razor and 783/tcp for SpamAssassin:

mkdir /var/lib/MailScanner
pyzor --homedir=/var/lib/MailScanner discover
pyzor ping


Razor Configuration

Create the .razor configuration:

cd && rm /etc/razor/razor-agent.conf
mkdir /var/lib/MailScanner/.razor
razor-admin -home=/var/lib/MailScanner/.razor -create
razor-admin -home=/var/lib/MailScanner/.razor -discover
razor-admin -home=/var/lib/MailScanner/.razor -register
vi /var/lib/MailScanner/.razor/razor-agent.conf

and add/update the follwing

debuglevel      = 0
razorhome 	= /var/lib/MailScanner/.razor/


Install dependencies:

apt-get install libconvert-tnef-perl libdbd-sqlite3-perl libfilesys-df-perl libmailtools-perl libmime-tools-perl libmime-perl libnet-cidr-perl libsys-syslog-perl libio-stringy-perl libfile-temp-perl libole-storage-lite-perl libarchive-zip-perl libsys-hostname-long-perl libnet-cidr-lite-perl libhtml-parser-perl libdb-file-lock-perl libnet-dns-perl libncurses5-dev libdigest-hmac-perl libnet-ip-perl liburi-perl libfile-spec-perl spamassassin libnet-ident-perl libmail-spf-perl libmail-dkim-perl dnsutils libio-socket-ssl-perl gdebi-core -y
wget http$(uname -m | sed -e 's/x86_64/amd64/' -e 's/i686/i386/').deb && dpkg -i libdigest-sha1-perl_2.13-2build2_$(uname -m | sed -e 's/x86_64/amd64/' -e 's/i686/i386/').deb


Download and install the latest MailScanner:

cd /usr/src && wget
tar xvfz MailScanner-install-4.84.5-3.tar.gz && cd MailScanner-install-4.84.5

Add the following to cron:

37      5 * * *  /opt/MailScanner/bin/update_phishing_sites &> /dev/null
07      * * * *  /opt/MailScanner/bin/update_bad_phishing_sites &> /dev/null
58     23 * * * /opt/MailScanner/bin/clean.quarantine &> /dev/null
42      * * * *  /opt/MailScanner/bin/update_virus_scanners &> /dev/null
3,23,43 * * * *  /opt/MailScanner/bin/check_mailscanner &> /dev/null


Fix Clamav autoupdate

vi /opt/MailScanner/etc/virus.scanners.conf
and update the following to:
clamav          /opt/MailScanner/lib/clamav-wrapper     /usr/


First we need to disable the default SpamAssassin configuration file:

mv /etc/spamassassin/ /etc/spamassassin/

Now let's backup the SpamAssassin configuration file in MailScanner then edit:

cp /opt/MailScanner/etc/spam.assassin.prefs.conf /opt/MailScanner/etc/spam.assassin.prefs.conf.back


SpamAssassin SQL Bayes

Pre-requisities: You'll need the perl-DBI and perl-DBD-MySQL modules installed.

Assumptions and Variables:

SpamAssassin Bayes Database Name: sa_bayes
SpamAssassin Bayes Database UserName: sa_user
SpamAssassin Bayes Database Password: sa_password

Create the MySQL database on the server where you intend on storing the bayesian information.

mysql -u root -p
mysql> create database sa_bayes;
mysql> GRANT ALL ON sa_bayes.* TO [email protected] IDENTIFIED BY 'sa_password';
mysql> flush privileges;

Import database structure:

mysql -u sa_user -p sa_bayes < /usr/share/doc/spamassassin/sql/bayes_mysql.sql

*Note: If errors about MyISAM appears, edit bayes_mysql.sql and change TYPE to ENGINE.

vi /etc/spamassassin/v310.pre

and enable DCC:

loadplugin  Mail::SpamAssassin::Plugin::DCC

Create the following to prevent an error in a lint test:

mkdir /var/www/.spamassassin
vi /opt/MailScanner/etc/spam.assassin.prefs.conf

and add the following to the top:

use_pyzor 1
pyzor_options --homedir /var/lib/MailScanner/
use_razor2 1
razor_config /var/lib/MailScanner/.razor/razor-agent.conf

Fix DCC path:

dcc_path /usr/bin/dccproc

Update header string:

bayes_ignore_header X-YOURDOMAIN-COM-MailScanner
bayes_ignore_header X-YOURDOMAIN-COM-MailScanner-SpamCheck
bayes_ignore_header X-YOURDOMAIN-COM-MailScanner-SpamScore
bayes_ignore_header X-YOURDOMAIN-COM-MailScanner-Information
#use_auto_whitelist 0

"YOURDOMAIN-COM" should be replaced with whatever you used for "%org-name%" in the MailScanner.conf file. Leave the "X-" in place. This is the same orgname used in the MailScanner.conf above.

Add sql connection string to bottom:

bayes_store_module Mail::SpamAssassin::BayesStore::SQL
bayes_sql_dsn DBI:mysql:sa_bayes:localhost
bayes_sql_username sa_user
bayes_sql_password sa_password
bayes_sql_override_username root

Add it to cron:

30 01 * * * /usr/bin/sa-learn --force-expire --sync -p /opt/MailScanner/etc/spam.assassin.prefs.conf 

Install missing perl packages:

perl -MCPAN -e shell
install IP::Country::Fast
install Encode::Detect
install Crypt::OpenSSL::RSA

Set permissions to bring it all together:

chown -R postfix:www-data /var/spool/postfix/hold
chmod -R ug+rwx /var/spool/postfix/hold

Test out the setup:

spamassassin -x -D -p /opt/MailScanner/etc/spam.assassin.prefs.conf --lint

Check for lines like:

debug: bayes: Database connection established
debug: bayes: found bayes db version 3
debug: bayes: Using userid: 2

You should see lines come up with DCC, Pyzor and Razor that say loading plugin and hopefully no errors.


MailScanner Configuration

We need to make a directory for SpamAssassin in the spool and give postfix permissions to it, if you run sa-learn --force as root, bayes databese that is stored in these directories will change to root:root and spamassassin will error looking at the db. Just keep an eye on the mail.log and you'll remember to change the permissions back. Also disable the MailScanner default configs:

mkdir /var/spool/MailScanner/spamassassin

Backup your MailScanner.conf file:

cp /opt/MailScanner/etc/MailScanner.conf /opt/MailScanner/etc/MailScanner.conf.dist
vi /usr/src/

with the following content:

*Note: This step populates the MailScanner.conf file.

sed -i "/^%org-name% =/ c\%org-name% =orgname" /opt/MailScanner/etc/MailScanner.conf
sed -i "/^%org-long-name% =/ c\%org-long-name% = longorgname" /opt/MailScanner/etc/MailScanner.conf
sed -i "/^%web-site% =/ c\%web-site% = www.domain.tld" /opt/MailScanner/etc/MailScanner.conf
sed -i "/^Run As User =/ c\Run As User = postfix" /opt/MailScanner/etc/MailScanner.conf
sed -i "/^Run As Group =/ c\Run As Group = www-data" /opt/MailScanner/etc/MailScanner.conf
sed -i "/^Incoming Work Group =/ c\Incoming Work Group = clamav" /opt/MailScanner/etc/MailScanner.conf
sed -i "/^Incoming Work Permissions =/ c\Incoming Work Permissions = 0640" /opt/MailScanner/etc/MailScanner.conf
sed -i "/^Incoming Queue Dir =/ c\Incoming Queue Dir = /var/spool/postfix/hold" /opt/MailScanner/etc/MailScanner.conf
sed -i "/^Outgoing Queue Dir =/ c\Outgoing Queue Dir = /var/spool/postfix/incoming" /opt/MailScanner/etc/MailScanner.conf
sed -i "/^MTA =/ c\MTA = postfix" /opt/MailScanner/etc/MailScanner.conf
sed -i "/^Quarantine User =/ c\Quarantine User = root" /opt/MailScanner/etc/MailScanner.conf
sed -i "/^Quarantine Group =/ c\Quarantine Group = www-data" /opt/MailScanner/etc/MailScanner.conf
sed -i "/^Quarantine Permissions =/ c\Quarantine Permissions = 0660" /opt/MailScanner/etc/MailScanner.conf
sed -i "/^Quarantine Whole Message =/ c\Quarantine Whole Message = yes" /opt/MailScanner/etc/MailScanner.conf
sed -i "/^Virus Scanners =/ c\Virus Scanners = clamd" /opt/MailScanner/etc/MailScanner.conf
sed -i "/^Monitors for ClamAV Updates =/ c\Monitors for ClamAV Updates = /var/lib/clamav/*.cld /var/lib/clamav/*.cvd" /opt/MailScanner/etc/MailScanner.conf
sed -i "/^Clamd Socket =/ c\Clamd Socket = /var/run/clamav/clamd.ctl" /opt/MailScanner/etc/MailScanner.conf
sed -i "/^Clamd Lock File =/ c\Clamd Lock File = /var/run/clamav/" /opt/MailScanner/etc/MailScanner.conf
sed -i "/^Spam Subject Text =/ c\Spam Subject Text = ***SPAM***" /opt/MailScanner/etc/MailScanner.conf
sed -i "/^Spam Actions =/ c\Spam Actions = deliver store" /opt/MailScanner/etc/MailScanner.conf
sed -i "/^High Scoring Spam Actions =/ c\High Scoring Spam Actions = store delete" /opt/MailScanner/etc/MailScanner.conf
sed -i "/^Non Spam Actions =/ c\Non Spam Actions = deliver store" /opt/MailScanner/etc/MailScanner.conf
sed -i "/^SpamAssassin User State Dir =/ c\SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin" /opt/MailScanner/etc/MailScanner.conf

*Note: Make sure to change the items in red before running the script.

Make it executable and run it:

chmod +x


MailScanner Startup Script:

vi /etc/init.d/mailscanner

with the following content:

#! /bin/sh
   # Provides:          MailScanner daemon
   # Required-Start:    $local_fs $remote_fs
   # Required-Stop:     $local_fs $remote_fs
   # Default-Start:     2 3 4 5
   # Default-Stop:      0 1 6
   # Short-Description: Controls mailscanner instances
   # Description:       MailScanner is a queue-based spam/virus filter
   # Author: Simon Walter <[email protected]>
   # PATH should only include /usr/* if it runs after the script
   DESC="mail spam/virus scanner"
   # Exit if the package is not installed
   [ -x "$DAEMON" ] || exit 0
   # Read configuration variable file if it is present
   [ -r /etc/default/$PNAME ] && . /etc/default/$PNAME
   # Load the VERBOSE setting and other rcS variables
   . /lib/init/
   # Define LSB log_* functions.
   # Depend on lsb-base (>= 3.0-6) to ensure that this file is present.
   . /lib/lsb/init-functions
   # sanity check for permissions
   echo >&2 "$0: $1"
   exit 1
   if [ ! -d $1 ]; then
   mkdir -p "$1" || \
   fail "directory $1: does not exist and cannot be created"
   actual="$(stat -c %U $1)"
   if [ "$actual" != "$2" ]; then
   chown -R "$2" "$1" || \
   fail "directory $1: wrong owner (expected $2 but is $actual)"
   actual="$(stat -c %G $1)"
   if [ "$actual" != "$3" ]; then
   chgrp -R "$3" "$1" || \
   fail "directory $1: wrong group (expected $3 but is $actual)"
   user=$(echo $(awk -F= '/^Run As User/ {print $2; exit}' $CONFFILE))
   group=$(echo $(awk -F= '/^Run As Group/ {print $2; exit}' $CONFFILE))
   check_dir /var/spool/MailScanner       ${user:-postfix} ${group:-www-data}
   check_dir /var/lib/MailScanner         ${user:-postfix} ${group:-www-data}
   check_dir /var/run/MailScanner         ${user:-postfix} ${group:-www-data}
   check_dir /var/lock/subsys	${user:-root}	${group:-root} #Required to Create Folder
   check_dir /var/lock/subsys/MailScanner ${user:-postfix} ${group:-www-data}
   # Function that starts the daemon/service
   # Return
   #   0 if daemon has been started
   #   1 if daemon was already running
   #   2 if daemon could not be started
   start-stop-daemon --start --quiet --startas $STARTAS --name $NAME --test > /dev/null \
   || return 1
   start-stop-daemon --start --quiet --nicelevel $run_nice --chuid postfix:www-data --exec $DAEMON --name $NAME -- $DAEMON_ARGS \
   || return 2
   # Add code here, if necessary, that waits for the process to be ready
   # to handle requests from services started subsequently which depend
   # on this one.  As a last resort, sleep for some time.
   # Set lockfile to inform cronjobs about the running daemon
   if [ $RETVAL -eq 0 ]; then
   touch /var/lock/subsys/mailscanner
   rm -f $stopped_lockfile
   if [ $RETVAL -eq 0 ]; then
   echo "MailScanner Started"
   # Function that stops the daemon/service
   # Return
   #   0 if daemon has been stopped
   #   1 if daemon was already stopped
   #   2 if daemon could not be stopped
   #   other if a failure occurred
   start-stop-daemon --stop --retry=TERM/30 --name $NAME
   [ "$RETVAL" = 2 ] && return 2
   # Remove lockfile for cronjobs
   if [ $RETVAL -eq 0 ]; then
   rm -f /var/lock/subsys/mailscanner
   touch $stopped_lockfile
   if [ $RETVAL -eq 0 ]; then
   echo "MailScanner Stopped"
   # Function that sends a SIGHUP to the daemon/service
   do_reload() {
   start-stop-daemon --stop --signal 1 --quiet --name $NAME
   return 0
   case "$1" in
   [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME"
   case "$?" in
   0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
   2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
   [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME"
   case "$?" in
   0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
   2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
   # If the "reload" option is implemented then remove the
   # 'force-reload' alias
   log_daemon_msg "Restarting $DESC" "$NAME"
   case "$?" in
   case "$?" in
   0) log_end_msg 0 ;;
   1) log_end_msg 1 ;; # Old process is still running
   *) log_end_msg 1 ;; # Failed to start
   # Failed to stop
   log_end_msg 1
   echo "Usage: $SCRIPTNAME {start|stop|restart|force-reload}" >&2
   exit 3
 exit 0

Make it executable:

chmod +x /etc/init.d/mailscanner

Create Symlinks for mailscanner script to work:

chmod 755 /etc/init.d/mailscanner
update-rc.d mailscanner defaults
ln -s /opt/MailScanner/bin/Quick.Peek /usr/sbin/Quick.Peek

Start the system:

/etc/init.d/mailscanner start
/etc/init.d/postfix start

Check your logs for errors:

tail -f /var/log/mail.log

Check your mail.log (tail –f /var/log/mail.log) and you should see the following:

Jun 13 12:18:23 hoshi MailScanner[26388]: MailScanner E-Mail Virus Scanner version 4.84.5 starting...

Congratulations - you now have MailScanner logging to MySQL.

Share this page:

10 Comment(s)

Add comment

Please register in our forum first to comment.


By: JR

In addition to the instructions provided here, it was also necessary to create the MailScanner incoming directory:

mkdir /var/spool/MailScanner/incoming
chown postfix:www-data /var/spool/MailScanner/incoming

Mailscanner started just fine after this...  



By: Anonymous

dcc package dcc-common_1.3.130-0ubuntu1~ppa2~quantal1 as well as client seems to be unavailable.  I installed with 1.3.144-0ubuntu1~ppa1~precise1 which seems to be working fine. So to install dcc try this:

 wget$(uname -m | sed -e 's/x86_64/amd64/' -e 's/i686/i386/').deb && dpkg -i dcc-common_1.3.144-0ubuntu1~ppa1~precise1_$(uname -m | sed -e 's/x86_64/amd64/' -e 's/i686/i386/').deb
wget$(uname -m | sed -e 's/x86_64/amd64/' -e 's/i686/i386/').deb && dpkg -i dcc-client_1.3.144-0ubuntu1~ppa1~precise1_$(uname -m | sed -e 's/x86_64/amd64/' -e 's/i686/i386/').deb

NB I didn't run this by Rocky...  but it is working fine for me.



By: Andy

Another question on this...  Is there any particular reason to install the "quantal" version on "precise", and why are we doing it this way instead of adding the ppa and installing it via apt?  Not criticising, just asking the question, because I'm sure Rocky has a good reason, and I want to know :)



By: newbie


DCC still failed to start based on your sources;

I got this unavailable error:

[email protected]:/tmp#  wget$(uname -m | sed -e 's/x86_64/amd64/' -e 's/i686/i386/').deb && dpkg -i dcc-common_1.3.144-0ubuntu1~ppa1~precise1_$(uname -m | sed -e 's/x86_64/amd64/' -e 's/i686/i386/').deb
--2013-04-15 12:06:21--
Resolving (
Connecting to (||:80... connected.
HTTP request sent, awaiting response... 404 Not Found
2013-04-15 12:06:21 ERROR 404: Not Found.

Please help , many thanks:)


ya they changed the file name again.  In this case you just need to change the instances of ppa1 in the name to ppa2.  You can always go to to see which version of the files are currently available.

By: jamesloker

If you receive this error when running the spamassassin test run the command:

#sa-learn --sync

Then try the spamassassin test again 

By: Anonymous

you might need to run this  

 apt-get install libssl-dev 

 before you can install Crypt::OpenSSL::RSA


I had the same issue.  I also had to install libmysqlclient-dev before I could install DBD::mysql


Create the following to prevent an error in a lint test:

mkdir /var/www/.spamassassin

But not have /var/www now.




For this part don't forget to run  

apt-get install libmysqlclient-dev