Linux Help Desk

Linux Help Desk

Wednesday, April 8, 2015

How to set up MailScanner, Clam Antivirus and SpamAssassin in CentOS 6.5

In the world of mail servers, MailScanner is one of the best open source software for virus scanning and spam detection. MailScanner relies on pre-installed anti-virus and anti-spam software to check incoming and outgoing emails for malicious content or patterns of spamming. This makes sure that the mail server does not participate in the distribution of malware and unsolicited spam emails. It also helps preventing the mail server IP from becoming blacklisted, keeping the mail server records clean.

Preparing the System

Before we start doing anything, it should be mentioned that SELinux is disabled on CentOS. It is also necessary to add Repoforge repository on CentOS

Install EPEL Repository:We will use Squirrelmail for webmail client. Squirrelmail will not be found on CentOS official repositories, so let us enable EPEL repository. Follow the below link to install and enable EPEL repository.

## RHEL/CentOS 6 32-Bit ##
# wget http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm
# rpm -ivh epel-release-6-8.noarch.rpm

## RHEL/CentOS 6 64-Bit ##
# wget http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
# rpm -ivh epel-release-6-8.noarch.rpm

Installing Dependencies

yum is used to install packages that are required for MailScanner. The list is long, but fortunately yum can resolve all the dependencies.

# yum install gcc cpp perl bzip2 zip unrar make patch automake rpm-build perl-DBI perl-MIME-tools perl-DBD-SQLite binutils glibc-devel perl-Filesys-Df zlib zlib-devel -y

Installing ClamAV and SpamAssassin

yum can be used to install ClamAV and SpamAssassin as well. The following few steps cover how to install and prepare them.
# yum install clamav spamassassin

Update ClamAV.
# freshclam -v

Update and start SpamAssassin.

# sa-update

# service spamassassin start
# chkconfig spamassassin on

# service clamd start
# chkconfig clamd on


Fix a path to MailScanner by creating a symbolic link.
# ln -s /usr/bin/freshclam /usr/local/bin/freshclam

Configuring Postfix

Postfix header_checks is used to hold any incoming email that Postfix receives. MailScanner performs checks on the emails held in a queue.
# vim /etc/postfix/main.cf

## This line is added ##
header_checks = regexp:/etc/postfix/header_checks

# vim /etc/postfix/header_checks

## This line is added ##
/^Received:/ HOLD

Preparing MailScanner

MailScanner is not yet available in CentOS or Repoforge repositories. We will download packages from the official MailScanner site and install it.

# wget https://s3.amazonaws.com/mailscanner/release/v4/rpm/MailScanner-4.85.2-1.rpm.tar.gz

Now we will extract and install the packages. The installation will take some time, so you can take a break if you want.

# tar zxvf MailScanner-4.85.2-1.rpm.tar.gz
# cd MailScanner-4.85.2-1
# ./install

After installation, the directories necessary for SpamAssassin are created and permissions are modified.

Next, the configuration file for MailScanner is backed up and then modified.
# vim /etc/MailScanner/MailScanner.conf

%org-name% = test
Run As User = postfix
Run As Group = postfix
Incoming Queue Dir = /var/spool/postfix/hold
Outgoing Queue Dir = /var/spool/postfix/incoming
MTA = postfix
Incoming Work Group = clam
Incoming Work Permissions = 0640
Virus Scanners = clamd
Clamd Socket = /var/run/clamav/clamd.sock
SpamAssassin User State Dir = /var/spool/MailScanner/
spamassassin
High Scoring Spam Actions = deliver

## please check /etc/MailScanner/spam.lists.conf for more details ##
Spam List = SBL+XBL


# vi /etc/MailScanner/virus.scanners.conf
clamd /bin/false /usr
# vi /etc/MailScanner/spam.assassin.prefs.conf
bayes_ignore_header X-test-MailScanner
bayes_ignore_header X-test-MailScanner-SpamCheck
bayes_ignore_header X-test-MailScanner-SpamScore
bayes_ignore_header X-test-MailScanner-Information
envelope_sender_header X-test-MailScanner-From
#use_auto_whitelist 0
# cd /var/spool/MailScanner
# mkdir spamassassin
# chown -R postfix:clam *
# chmod -R 750 *

Debug MailScanner stats before firing up.
# MailScanner -lint

# service MailScanner start
# chkconfig MailScanner on

Verifying MailScanner Operation

After MailScanner has been deployed, the events that take place behind the scenes can be viewed in /var/log/maillog. The following log snippet shows the sample activities while a mail is processed by Postfix.

# tailf /var/log/maillog

On a finishing note, MailScanner is a very powerful tool for providing necessary security to a mail server. It can protect the mail server from malware for both incoming and outgoing mails. It is a must for any email server deployed in production environment.

No comments:

Post a Comment