In the world of mail servers, MailScanner is one of the best open source software for virus scanning and spam detection. MailScanner relies on pre-installed anti-virus and anti-spam software to check incoming and outgoing emails for malicious content or patterns of spamming. This makes sure that the mail server does not participate in the distribution of malware and unsolicited spam emails. It also helps preventing the mail server IP from becoming blacklisted, keeping the mail server records clean.
Preparing the System
Before we start doing anything, it should be mentioned that SELinux is disabled on CentOS. It is also necessary to add Repoforge repository on CentOS
Install EPEL Repository:We will use Squirrelmail for webmail client. Squirrelmail will not be found on CentOS official repositories, so let us enable EPEL repository. Follow the below link to install and enable EPEL repository.
## RHEL/CentOS 6 32-Bit ##
# wget http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm
# rpm -ivh epel-release-6-8.noarch.rpm
## RHEL/CentOS 6 64-Bit ##
# wget http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
# rpm -ivh epel-release-6-8.noarch.rpm
Installing Dependencies
yum is used to install packages that are required for MailScanner. The list is long, but fortunately yum can resolve all the dependencies.
# yum install gcc cpp perl bzip2 zip unrar make patch automake rpm-build perl-DBI perl-MIME-tools perl-DBD-SQLite binutils glibc-devel perl-Filesys-Df zlib zlib-devel -y
Installing ClamAV and SpamAssassin
yum can be used to install ClamAV and SpamAssassin as well. The following few steps cover how to install and prepare them.
# yum install clamav spamassassin
Update ClamAV.
# freshclam -v
Update and start SpamAssassin.
# sa-update
# service spamassassin start
# chkconfig spamassassin on
# service clamd start
# chkconfig clamd on
Fix a path to MailScanner by creating a symbolic link.
# ln -s /usr/bin/freshclam /usr/local/bin/freshclam
Configuring Postfix
Postfix header_checks is used to hold any incoming email that Postfix receives. MailScanner performs checks on the emails held in a queue.
# vim /etc/postfix/main.cf
## This line is added ##
header_checks = regexp:/etc/postfix/header_checks
# vim /etc/postfix/header_checks
## This line is added ##
/^Received:/ HOLD
Preparing MailScanner
MailScanner is not yet available in CentOS or Repoforge repositories. We will download packages from the official MailScanner site and install it.
# wget https://s3.amazonaws.com/mailscanner/release/v4/rpm/MailScanner-4.85.2-1.rpm.tar.gz
Now we will extract and install the packages. The installation will take some time, so you can take a break if you want.
# tar zxvf MailScanner-4.85.2-1.rpm.tar.gz
# cd MailScanner-4.85.2-1
# ./install
After installation, the directories necessary for SpamAssassin are created and permissions are modified.
Next, the configuration file for MailScanner is backed up and then modified.
# vim /etc/MailScanner/MailScanner.conf
%org-name% = test
Run As User = postfix
Run As Group = postfix
Incoming Queue Dir = /var/spool/postfix/hold
Outgoing Queue Dir = /var/spool/postfix/incoming
MTA = postfix
Incoming Work Group = clam
Incoming Work Permissions = 0640
Virus Scanners = clamd
Clamd Socket = /var/run/clamav/clamd.sock
SpamAssassin User State Dir = /var/spool/MailScanner/
High Scoring Spam Actions = deliver
## please check /etc/MailScanner/spam.lists.conf for more details ##
Spam List = SBL+XBL
# vi /etc/MailScanner/virus.
# mkdir spamassassin
# chown -R postfix:clam *
# chmod -R 750 *
Debug MailScanner stats before firing up.
# MailScanner -lint
# service MailScanner start
# chkconfig MailScanner on
Verifying MailScanner Operation
After MailScanner has been deployed, the events that take place behind the scenes can be viewed in /var/log/maillog. The following log snippet shows the sample activities while a mail is processed by Postfix.
# tailf /var/log/maillog
On a finishing note, MailScanner is a very powerful tool for providing necessary security to a mail server. It can protect the mail server from malware for both incoming and outgoing mails. It is a must for any email server deployed in production environment.
Preparing the System
Before we start doing anything, it should be mentioned that SELinux is disabled on CentOS. It is also necessary to add Repoforge repository on CentOS
Install EPEL Repository:We will use Squirrelmail for webmail client. Squirrelmail will not be found on CentOS official repositories, so let us enable EPEL repository. Follow the below link to install and enable EPEL repository.
## RHEL/CentOS 6 32-Bit ##
# wget http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm
# rpm -ivh epel-release-6-8.noarch.rpm
## RHEL/CentOS 6 64-Bit ##
# wget http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
# rpm -ivh epel-release-6-8.noarch.rpm
Installing Dependencies
yum is used to install packages that are required for MailScanner. The list is long, but fortunately yum can resolve all the dependencies.
# yum install gcc cpp perl bzip2 zip unrar make patch automake rpm-build perl-DBI perl-MIME-tools perl-DBD-SQLite binutils glibc-devel perl-Filesys-Df zlib zlib-devel -y
Installing ClamAV and SpamAssassin
yum can be used to install ClamAV and SpamAssassin as well. The following few steps cover how to install and prepare them.
# yum install clamav spamassassin
Update ClamAV.
# freshclam -v
Update and start SpamAssassin.
# sa-update
# service spamassassin start
# chkconfig spamassassin on
# service clamd start
# chkconfig clamd on
Fix a path to MailScanner by creating a symbolic link.
# ln -s /usr/bin/freshclam /usr/local/bin/freshclam
Configuring Postfix
Postfix header_checks is used to hold any incoming email that Postfix receives. MailScanner performs checks on the emails held in a queue.
# vim /etc/postfix/main.cf
## This line is added ##
header_checks = regexp:/etc/postfix/header_checks
# vim /etc/postfix/header_checks
## This line is added ##
/^Received:/ HOLD
Preparing MailScanner
MailScanner is not yet available in CentOS or Repoforge repositories. We will download packages from the official MailScanner site and install it.
# wget https://s3.amazonaws.com/mailscanner/release/v4/rpm/MailScanner-4.85.2-1.rpm.tar.gz
Now we will extract and install the packages. The installation will take some time, so you can take a break if you want.
# tar zxvf MailScanner-4.85.2-1.rpm.tar.gz
# cd MailScanner-4.85.2-1
# ./install
After installation, the directories necessary for SpamAssassin are created and permissions are modified.
Next, the configuration file for MailScanner is backed up and then modified.
# vim /etc/MailScanner/MailScanner.conf
%org-name% = test
Run As User = postfix
Run As Group = postfix
Incoming Queue Dir = /var/spool/postfix/hold
Outgoing Queue Dir = /var/spool/postfix/incoming
MTA = postfix
Incoming Work Group = clam
Incoming Work Permissions = 0640
Virus Scanners = clamd
Clamd Socket = /var/run/clamav/clamd.sock
SpamAssassin User State Dir = /var/spool/MailScanner/
High Scoring Spam Actions = deliver
## please check /etc/MailScanner/spam.lists.conf for more details ##
Spam List = SBL+XBL
# vi /etc/MailScanner/virus.
clamd /bin/false /usr# vi /etc/MailScanner/spam.
bayes_ignore_header X-test-MailScanner# cd /var/spool/MailScanner
bayes_ignore_header X-test-MailScanner-SpamCheck
bayes_ignore_header X-test-MailScanner-SpamScore
bayes_ignore_header X-test-MailScanner-Information
envelope_sender_header X-test-MailScanner-From
#use_auto_whitelist 0
# mkdir spamassassin
# chown -R postfix:clam *
# chmod -R 750 *
Debug MailScanner stats before firing up.
# MailScanner -lint
# service MailScanner start
# chkconfig MailScanner on
Verifying MailScanner Operation
After MailScanner has been deployed, the events that take place behind the scenes can be viewed in /var/log/maillog. The following log snippet shows the sample activities while a mail is processed by Postfix.
# tailf /var/log/maillog
On a finishing note, MailScanner is a very powerful tool for providing necessary security to a mail server. It can protect the mail server from malware for both incoming and outgoing mails. It is a must for any email server deployed in production environment.
No comments:
Post a Comment