Set Up Ubuntu-Server 6.06 LTS As A Firewall/Gateway For Your Small Business Environment - Page 6

Now edit etc/postfix/header_checks.

It should look like this:

/^Received:/ HOLD

cd /root

  Now configure MailScanner.

chown postfix.postfix /var/spool/MailScanner/incoming

chown postfix.postfix /var/spool/MailScanner/quarantine

mkdir /var/spool/MailScanner/spamassassin

ln -s /etc/MailScanner/spam.assassin.prefs.conf /etc/spamassassin/

chown postfix.postfix /var/spool/MailScanner/spamassassin

Now edit /etc/MailScanner/MailScanner.conf and set the following lines as shown:

Run As User = postfix
Run As Group = postfix
Queue Scan Interval = 120
Incoming Queue Dir = /var/spool/postfix/hold
Outgoing Queue Dir = /var/spool/postfix/incoming
MTA = postfix
Virus Scanners = clamav
Always Include SpamAssassin Report = yes
SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin
Uncomment the line # run_mailscanner=1 in your /etc/default/mailscanner.

Now make a cron job of /usr/sbin/check_mailscanner and run it every 20 minutes.

Now we are going to fool the startup script of MailScanner. This is necessary because MailScanner refuses to start, due to an exim aimed script, I suspect (I've never actually used Exim, so I'm not sure about that). I don't want to modify the script itself, as it might be replaced with another 'not starting' update in the future. Just to be on the safe side.

touch /etc/init.d/mailscanner_pre

Edit /etc/init.d/mailscanner_pre. It should look like this:

mkdir /var/lock/subsys
mkdir /var/lock/subsys/MailScanner
mkdir /var/run/MailScanner
chown postfix.postfix /var/run/MailScanner
chown postfix.postfix /var/lock/subsys/MailScanner

chmod 755 /etc/init.d/mailscanner_pre

mv /etc/rc2.d/S20mailscanner /etc/rc2.d/S99mailscanner

mv /etc/rc3.d/S20mailscanner /etc/rc3.d/S99mailscanner

mv /etc/rc4.d/S20mailscanner /etc/rc4.d/S99mailscanner

mv /etc/rc5.d/S20mailscanner /etc/rc5.d/S99mailscanner

ln -s /etc/init.d/mailscanner_pre /etc/rc2.d/S20mailscanner_pre

chown postfix.postfix /var/spool/MailScanner

chown postfix.postfix /var/lib/MailScanner

That should do the trick now, don't you agree?

Share this page:

2 Comment(s)

Add comment


From: at: 2006-12-17 23:46:26

a lot of lines in policy file.. i'm using simpler version.. is this any less secure??

$FW    all    ACCEPT
loc    all    ACCEPT
all    all    DROP    info


From: at: 2007-06-06 13:18:17

This work is very helpful, but for novice it can be added (Page 8, before words

"To complete this step, do:

/etc/init.d/shorewall restart")

because if I establish VPN connection then I get new zone. I added:

To add in file /etc/shorewall/policy before the last line:

##### Added for support VPN connections

vpn loc ACCEPT


loc vpn ACCEPT


To add in file /etc/shorewall/zones before the las line:

vpn ipv4

To add in file /etc/shorewall/interfaces before the last line:

vpn ppp0

It was necessary to my system to allow VPN connections from Internet.

Sorry for dump question, but why in /etc/shorewall/rules exists a line

DNAT   net   fw: 47

I can't find the protocol 47 anywhere

Sincerely yours, buhcia2006 dog yandex dot ru