8. Baruwa
Make sure links are correct for MailScanner:
ln -s /opt/MailScanner/etc /etc/MailScanner
ln -s /opt/MailScanner/lib/MailScanner/CustomFunctions /etc/MailScanner
Install and configure Rabbitmq-Server:
vi/etc/apt/sources.list
and add the following:
deb http://www.rabbitmq.com/debian/ testing main
Update sources and install key:
wget http://www.rabbitmq.com/rabbitmq-signing-key-public.asc
apt-key add rabbitmq-signing-key-public.asc
apt-get update
Install rabbitmq-server:
apt-get install rabbitmq-server -y
Add the database credentials:
rabbitmqctl add_user baruwa password
rabbitmqctl add_vhost baruwa
rabbitmqctl set_permissions -p baruwa baruwa ".*" ".*" ".*"
rabbitmqctl delete_user guest
Restart rabbitmq-server:
/etc/init.d/rabbitmq-server restart
Add sources for Baruwa 1.1.2-4 and install dependencies:
wget -O - http://apt.baruwa.org/baruwa-apt-keys.gpg | apt-key add -
vi /etc/apt/sources.list
and add the following:
#baruwa deb http://apt.baruwa.org/ubuntu precise main
Install Dependencies:
apt-get update
apt-get install python-django-celery python-importlib -y
Download and install Baruwa1.1.2-4sn:
mkdir /usr/src/baruwa1124 && cd /usr/src/baruwa1124
wget https://docs.google.com/uc?id=0B9cN15Q3pKnwLW1WNG9rN0dQNzg&export=download&hl=en && mv 0B9cN15Q3pKnwLW1WNG9rN0dQNzg baruwa_1.1.2-4sn_all.deb
wget https://docs.google.com/uc?id=0B9cN15Q3pKnwMHFUMFhWMW4ycU0&export=download&hl=en && mv 0B9cN15Q3pKnwMHFUMFhWMW4ycU0 baruwa-doc_1.1.2-4sn_all.deb
gdebi baruwa_1.1.2-4sn_all.deb
gdebi baruwa-doc_1.1.2-4sn_all.deb
You'll be prompted with the following, answer according to your setup:
Webserver to configure manually
Virtual Host name
Choose whether to configure mysql automatically
My Host
Database administrator name/password
Baruwa username/password/dbname
RabbitMQ host/username/password
Admin user/password/email for Baruwa Web
Fix the symlinks for settings.py:
rm –r /usr/share/pyshared/baruwa/settings.py && ln –s /etc/baruwa/settings.py /usr/share/pyshared/baruwa/
vi /etc/baruwa/settings.py
and fix the baruwa database configuration:
DATABASES = { 'default': { # Add 'postgresql_psycopg2', 'postgresql', 'mysql', 'sqlite3' # or 'oracle'. 'ENGINE': 'django.db.backends.mysql', # Or path to database file if using sqlite3. 'NAME': 'baruwa', # Not used with sqlite3. 'USER': 'baruwa', # Not used with sqlite3. 'PASSWORD': 'password', # Set to empty string for localhost. Not used with sqlite3. 'HOST': '', # Set to empty string for default. Not used with sqlite3. 'PORT': '', } } QUARANTINE_REPORT_HOSTURL = 'http://baruwa-alpha.local'
Populate the database:
# baruwa-admin syncdb --noinput
# for name in $(echo "accounts messages lists reports status fixups config"); do
baruwa-admin migrate $name;
done
vi /etc/MailScanner/MailScanner.conf
change the following:
Run As Group = celeryd Quarantine User = celeryd Quarantine Group = celeryd Always Looked Up Last = &BaruwaSQL Is Definitely Not Spam = &BaruwaWhitelist Is Definitely Spam = &BaruwaBlacklist Required SpamAssassin Score = &BaruwaLowScore High SpamAssassin Score = &BaruwaHighScore
vi /etc/MailScanner/conf.d/baruwa.conf
and update the following:
Quarantine User = celeryd #(Or what ever your `Run As User` is set to) DB DSN = DBI:mysql:database=baruwa;host=localhost;port=3306 #set to valid DSN DB Username = baruwa # your DB username DB Password = password # your DB password
vi /etc/init.d/mailscanner
and update it changing the following:
CONFFILE=/etc/MailScanner/MailScanner.conf PIDFILE=/var/run/MailScanner/MailScanner.pid check_dir /var/spool/MailScanner ${user:-postfix} ${group:-celeryd} check_dir /var/lib/MailScanner ${user:-postfix} ${group:-celeryd} check_dir /var/run/MailScanner ${user:-postfix} ${group:-celeryd} check_dir /var/lock/subsys/MailScanner ${user:-postfix} ${group:-celeryd} start-stop-daemon --start --quiet --startas $STARTAS --pidfile "$PIDFILE" --test > /dev/null \ start-stop-daemon --start --quiet --nicelevel $run_nice --chuid postfix:celeryd --exec $DAEMON --pidfile "$PIDFILE" -- $DAEMON_ARGS \ start-stop-daemon --stop --retry=TERM/30 --pidfile "$PIDFILE" start-stop-daemon --stop --signal 1 --quiet --pidfile "$PIDFILE"
Add celeryd user to clamav group:
usermod -a -G celeryd clamav
Change the group ownership of the quarantine folder and content:
chgrp -R celeryd /var/spool/MailScanner/quarantine
If you’re going to use signatures, initialize it by running:
baruwa-admin initconfig
Otherwise, disable the options in /etc/MailScanner/conf.d/baruwa.conf:
#Inline HTML Signature = htmlsigs.customize #Inline Text Signature = textsigs.customize #Signature Image Filename = sigimgfiles.customize #Signature Image Filename = sigimgs.customize
Finally, run to create the Baruwa super user:
baruwa-admin createsuperuser
Reboot your system and enjoy Baruwa 112-4sn.
9. Nginx with Uwsgi
Install nginx and uwsgi:
apt-get install nginx-full uwsgi uwsgi-plugin-python -y
vi /etc/uwsgi/apps-available/baruwa.ini
with the following content:
[uwsgi] workers = 2 chdir = /usr/share/pyshared/baruwa env = DJANGO_SETTINGS_MODULE=baruwa.settings module = django.core.handlers.wsgi:WSGIHandler()
vi /etc/nginx/sites-available/baruwa.conf
with the following content:
server { listen 80; server_name example.com; root /usr/share/pyshared/baruwa; autoindex on; access_log /var/log/nginx/access.log; error_log /var/log/nginx/error.log; location /static { root /usr/share/pyshared/baruwa/static/; } # static resources location ~* ^.+\.(html|jpg|jpeg|gif|png|ico|css|zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|ppt|txt|tar|mid|midi|wav|bmp|rtf|js)$ { expires 30d; break; } location / { uwsgi_pass unix:///var/run/uwsgi/app/baruwa/socket; include uwsgi_params; } }
*Note: Make sure to change example.com to a FQDN that matches your setup.
Create symlinks:
ln -s /etc/nginx/sites-available/baruwa.conf /etc/nginx/sites-enabled/baruwa.conf
ln -s /etc/uwsgi/apps-available/baruwa.ini /etc/uwsgi/apps-enabled/baruwa.ini
rm -r /etc/nginx/sites-enabled/default
cp /usr/share/doc/uwsgi-extra/nginx/uwsgi_params /etc/nginx/uwsgi_params
Restart both nginx and uwsgi:
/etc/init.d/nginx restart && /etc/init.d/uwsgi restart
Remove the default virtual host and copy over uwsgi_params:
rm -r /etc/nginx/sites-enabled/default
cp /usr/share/doc/uwsgi-extra/nginx/uwsgi_params /etc/nginx/uwsgi_params
ln -s /etc/nginx/sites-available/baruwa.conf /etc/nginx/sites-enabled/baruwa.conf
ln -s /etc/uwsgi/apps-available/baruwa.ini /etc/uwsgi/apps-enabled/baruwa.ini
Restart services:
/etc/init.d/uwsgi restart && /etc/init.d/nginx restart
Create a symlink to manage.py:
ln -s /usr/share/pyshared/baruwa/manage.py /usr/bin/manage.py
chmod +x /usr/bin/manage.py
Add cron jobs:
@daily manage.py cleanquarantine &> /dev/null #Clean quarantine @daily manage.py sendquarantinereports &> /dev/null #Send quarantine reports @monthly manage.py dbclean &> /dev/null #Clean maillog @weekly manage.py updatesarules &> /dev/null #Update spamassassin rules @daily manage.py sendpdfreports &> /dev/null #Send PDF Reports
Start up MailScanner:
/etc/init.d/mailscanner start
*Note: Point your browser to http://hostname used login with admin user and password and start working. You can now use the interface to add users and process messages, etc.
Setup Instructions for Baruwa
Log into Baruwa as admin --> Settings --> Accounts --> Create Account
Once you've created the user account, you'll get two new tabs on that page, Profile Settings and Associated Addresses.
Fill out Profile Settings choosing Domain Admin and set a low score of 6 and a high score of 9 and check scan email.
Click the + sign under Associated Addresses and enter a domains for which the user is the admin of eg. domain.com. domain.com will show up under Associated Addresses.
Click on domain.com and you'll be taken into Domain Information, where you'll be able to setup SMTP delivery information. Go ahead and add the receiving smtp server, or the ip of the receiving smtp server. Select enable and if you use a non-standard port, set it, otherwise use 25. Once you've done that, you can click on the test button next to the pencil, to see if your receiving server will accept the connection.
Now, you can log out as admin, and log in as the user you just setup and mails should start flowing.
The relay_recipients, relay_domains and transports settings in /etc/postfix/main.cf will use the entries you've provided in Baruwa. Therefore, no hash file is required. The associated queries in the mysql cf files will pull the result in the proper format and feed it to postfix for use.
However, if you'd like to use a hash for any of your config files, use the following as an example of how to setup /etc/postfix/main.cf:
relay_recipient_maps = hash:/etc/postfix/relay_recipients
Of course, you would have to create the hash file(s), populate it and postmap it for postfix to use.
*Note: If you do end up using hash for relay_recipients for specific domains, you'll have to remove that domain from /etc/postfix/access. All other domain users can still be verified using look_ahead
Also, if you need to do mx lookups, you'll have to edit /etc/postfix/mysql-transports.cf query to look like:
concat('smtp:', mail_hosts.address, ':', port) 'transport'
The [ and ] were removed to allow MX lookups.
Enjoy Baruwa!
10. Install and Configure SPF
Install:
apt-get install postfix-policyd-spf-python -y
vi /etc/postfix/master.cf
and add the following stanza at the end:
policy-spf unix - n n - - spawn user=nobody argv=/usr/bin/policyd-spf
*Note: (The leading spaces before user=nobody are important so that Postfix knows that this line belongs to the previous one!)
*Note: We already added the entry for main.cf using the postfix setup script.
Then restart Postfix:
/etc/init.d/postfix restart
That's it already.
11. Install and Configure FuzzyOcr
FuzzyOCR has some prerequisites like ocrad and gocr that we can install like this:
apt-get install fuzzyocr netpbm gifsicle libungif-bin gocr ocrad libstring-approx-perl libmldbm-sync-perl libdigest-md5-perl libdbd-mysql-perl imagemagick tesseract-ocr -y
wget http://users.own-hero.net/~decoder/fuzzyocr/fuzzyocr-3.6.0.tar.gz && tar xvfz fuzzyocr-3.6.0.tar.gz && cd FuzzyOcr-3.6.0/
vi /etc/spamassassin/FuzzyOcr.cf
and uncomment the following lines:
focr_global_wordlist /etc/spamassassin/FuzzyOcr.words focr_preprocessor_file /etc/spamassassin/FuzzyOcr.preps focr_scanset_file /etc/spamassassin/FuzzyOcr.scansets focr_enable_image_hashing 3 focr_digest_db /etc/spamassassin/FuzzyOcr.hashdb focr_db_hash /etc/spamassassin/FuzzyOcr.db focr_db_safe /etc/spamassassin/FuzzyOcr.safe.db focr_bin_helper convert, tesseract
Comment out the path:
#focr_path_bin /usr/local/netpbm/bin:/usr/local/bin:/usr/bin
Enable the following lines:
focr_mysql_db FuzzyOcr focr_mysql_hash Hash focr_mysql_safe Safe focr_mysql_user fuzzyocr focr_mysql_pass fuzzyocr focr_mysql_host localhost focr_mysql_port 3306 focr_mysql_socket /var/run/mysqld/mysqld.sock
We will be storing the image hashes in a mysql database to improve on performance such that images that we have already scanned do not get scanned again as OCR is a resource intense activity.
Create MySQL Database:
The sql script creates the database for fuzzyocr:
mysql -p < FuzzyOcr.mysql
Set up FuzzyOcr Database Cleaner:
vi /usr/sbin/fuzzy-cleanmysql
with the following content:
#!/usr/bin/perl #Script to clean out mysql tables of data. Default is to leave data in Safe for 1 day and Hash for 10 days. #Fuzzyocr-cleanmysql use Getopt::Long; use DBI; use MLDBM qw(DB_File Storable); my %Files = ( db_hash => '/var/lib/fuzzyocr/FuzzyOcr.db', db_safe => '/var/lib/fuzzyocr/FuzzyOcr.safe.db', ); use DBI; $database = "FuzzyOcr"; $hostname = "localhost"; $socket = "/var/run/mysqld/mysqld.sock"; $port = "3306"; $username = "fuzzyocr"; $password = 'password'; # defaults my $cfgfile = "/etc/spamassassin/FuzzyOcr.cf"; my %App; my %age; $age{'age'} = 10*24; # 10 days $age{'hash'} = $age{'age'}; $age{'safe'} = 0; my $help = 0; my $verbose = 0; GetOptions( \%age, 'age=i', 'config=s' => \$cfgfile, 'hash=i', 'help' => \$help, 'safe=i', 'verbose' => \$verbose, ); if ($help) { print "Usage: fuzzy-cleanmysql [Options]\n"; print "\n"; print "Available options:\n"; print "--age=i Global age in hours to keep in db\n"; print "--config=s Specify location of FuzzyOcr.cf\n"; print " Default: /etc/spamassassin/FuzzyOcr.cf\n"; print "--hash=i Number of hours old to keep in Hash db\n"; print "--safe=i Number of hours old to keep in Safe db\n"; print "--verbose Show more informations\n"; print "\n"; exit 1; } # Convert hours to seconds $age{'age'} *= 60 * 60; $age{'hash'} *= 60 * 60; $age{'safe'} *= 60 * 60; $age{'safe'} = $age{'safe'} ? $age{'safe'} : $age{'age'}; # Read custom paths from FuzzyOcr.cf my $app_path = q(/usr/local/netpbm/bin:/usr/local/bin:/usr/bin); open CONFIG, "< $cfgfile" or warn "Can't read configuration file, using defaults...\n"; while () { chomp; if ($_ =~ m/^focr_bin_(\w+) (.+)/) { $App{$1} = $2; printf "Found custom path \"$2\" for application \"$1\"\n" if $verbose; } if ($_ =~ m/^focr_path_bin (.+)/) { $app_path = $1; printf "Found new path: \"$1\"\n" if $verbose; } if ($_ =~ m/^focr_enable_image_hashing (\d)/) { $App{hashing_type} = $1; printf "Found DB Hashing\n" if ($verbose and $1 == 2); printf "Found MySQL Hashing\n" if ($verbose and $1 == 3); } if ($_ =~ m/^focr_mysql_(\w+) (.+)/) { $MySQL{$1} = $2; printf "Found MySQL option $1 => '$2'\n" if $verbose; } if ($_ =~ m/^focr_threshold_max_hash (.+)/) { $App{max_hash} = $1; printf "Updated Thresold{max_hash} = $1\n" if $verbose; } } close CONFIG; # make shure we have this threshold set $App{max_hash} = 5 unless defined $App{max_hash}; # search path for bin_util unless already specified in configuration file foreach my $app (@bin_utils) { next if defined $App{$app}; foreach my $d (split(':',$app_path)) { if (-x "$d/$app") { $App{$app} = "$d/$app"; last; } } } sub get_ddb { my %dopts = ( AutoCommit => 1 ); my $dsn = "DBI:mysql:database=$database"; if (defined $socket) { $dsn .= ";mysql_socket=$socket"; } else { $dsn .= ";host=$hostname"; $dns .= ";port=$port" unless $port == 3306; } printf "Connecting to: $dsn\n" if $verbose; return DBI->connect($dsn, $username, $password,\%dopts) or die("Could not connect!"); } if ($App{hashing_type} == 3) { my $ddb = get_ddb(); if ($ddb) { my $sql; foreach my $ff (sort keys %Files) { $ff =~ s/db_//; $sqlbase = "FROM $MySQL{$ff} WHERE $MySQL{$ff}.\`check\` < ?"; my $timestamp = time; $timestamp = $timestamp - $age{$ff}; $sql = "DELETE $sqlbase"; if ( $verbose ) { printf "Delete from Table $MySQL{$ff}\n"; print "$sql, $timestamp\n"; print "Timestamp is ", scalar(localtime($timestamp)), "\n"; print "That's $age{$ff} seconds earlier than now.\n"; print "\n"; } $ddb->do($sql,undef,$timestamp); } $ddb->disconnect; } }
Make it executable:
chmod +x /usr/sbin/fuzzy-cleanmysql
Add it to cron:
@weekly /usr/sbin/fuzzy-cleanmysql &> /dev/null #FuzzyOcr DB cleaner
We can feed each of these emails to SpamAssassin now to see if FuzzyOCR is linked correctly into SpamAssassin.
spamassassin --debug FuzzyOcr < /usr/src/FuzzyOcr-3.6.0/samples/ocr-gif.eml > /dev/null
You should now see a lot of output, the end should look like this:
[...]
[10025] dbg: FuzzyOcr:
[10025] dbg: FuzzyOcr: Friday Augurt 4, 4:01 pm ET
[10025] dbg: FuzzyOcr: LAS VEGAS, NEVADA--(MARKET WIRE)--Aug 4, 2006 -- auantum Energy, lnc. (OTC
[10025] dbg: FuzzyOcr: BB:aEGY.oB-_-
[10025] dbg: FuzzyOcr: auantum Energy, lnc. is pleased to announce that it has applied to have its shares listed for
[10025] dbg: FuzzyOcr: trading on the Frankfurt Stock Exchange. The company has retained the services ofBaltic
[10025] dbg: FuzzyOcr: lnvestment Group of Hamburg, Germany to assist with the application.
[10025] dbg: FuzzyOcr:
[10025] dbg: FuzzyOcr: _ qEGY,OB "
12. Filtering PDF, XLS and Phishing Spam with ClamAV (Sanesecurity Signatures)
There is currently a lot of spam where the spam "information" is attached as .pdf or .xls files, sometimes also hidden inside a .zip file. While these spam mails are not easy to catch with e.g. SpamAssassin or a Bayes filter, the ClamAV virus scanner can catch them easily when it is fed with the correct signatures as ClamAV is built to scan mail attachments.
Create a folder for sanesecurity and download and give the script the proper permission:
apt-get install curl rsync -y
mkdir /usr/src/sanesecurity && cd /usr/src/sanesecurity
wget http://downloads.sourceforge.net/project/unofficial-sigs/clamav-unofficial-sigs-3.7.1.tar.gz
tar -zxf clamav-unofficial-sigs-3.7.1.tar.gz && cd clamav-unofficial-sigs-3.7.1
mv clamav-unofficial-sigs.sh /usr/sbin
mv clamav-unofficial-sigs.conf /etc/
chmod +x /usr/sbin/clamav-unofficial-sigs.sh
vi /etc/clamav-unofficial-sigs.conf
and change the following variables to match your installation:
clam_dbs="/var/lib/clamav" clamd_pid="/var/run/clamav/clamd.pid" reload_dbs="yes" reload_opt="kill -USR2 `cat $clamd_pid`" #Signals PID to reload dbs work_dir="/var/lib/clamav" user_configuration_complete="yes"
Now we run the update script to check if the download works:
clamav-unofficial-sigs.sh
Add it to cron:
00 04 * * * /usr/sbin/clamav-unofficial-sigs.sh -c /etc/clamav-unofficial-sigs.conf &> /dev/null
13. Greylisting with Greyfix
Greyfix is a tiny greylisting daemon that works extremely well and is easy on resources.
Install:
cd /usr/src && wget http://www.kim-minh.com/pub/greyfix/greyfix-0.3.9.tar.gz
tar -xf greyfix-0.3.9.tar.gz && cd greyfix-0.3.9
./configure --localstatedir=/var
make
make install
vi /etc/postfix/master.cf
and add the following:
greyfix unix - n n - - spawn user=nobody argv=/usr/local/sbin/greyfix --greylist-delay 60 -/ 24
*Note: We already added the entry for main.cf using the postfix setup script.