This work is licensed under a Creative Commons License.
This
work is licensed under a Creative Commons License.
Revision History:
Revision 0.5 2005-12-19 Revised by: jah
Added NOTE for MIME-tools based on inquiry by Matt Dittbenner <matt (at) plaudit.com>.
Revision 0.4 2005-05-27 Revised by: jah
Changed instructions based on new postfix installation documentation. Tip given by Chan Min Wai on bugs.gentoo.org.
Revision 0.3 2004-07-18 Revised by: jah
Added a few changes suggested from Asgeir <ajs (at) vifilfell.is>.
Revision 0.2 2004-05-01 Revised by: jah
Added Creative Commons License to document. Share to all!
Revision 0.1 2004-01-30 Revised by: jah
Initial document creation.
This
document describes how to setup an email server that has anti-spam
and ant-virus capabilities. Specifically setting up the MailScanner
system with Postfix for email, SpamAssassin for anti-spam and ClamAV
for anti-virus duties in Gentoo Linux.
This document is
distributed in the hope that it will be useful, but WITHOUT ANY
WARRANTY, either expressed or implied. While every effort has been
taken to ensure the accuracy of the information documented herein,
the author(s)/editor(s)/maintainer(s)/contributor(s) assumes NO
RESPONSIBILITY for any errors, or for any damages, direct or
consequential, as a result of the use of the information documented
herein.
Table of Contents
Introduction
Latest Version
Disclaimer
Authors
What is MailScanner?
Why should I use MailScanner?
What is Postfix?
Why should I use Postfix?
What is Mail-SpamAssassin?
Why should I use Mail-SpamAssassin?
What is ClamAV?
Why should I use ClamAV?
Setting up Mailscanner
Getting, compiling and installing
Configuring MailScanner.conf
Setting up Postfix
Getting, compiling and installing
Configuring postfix
Setting up Mail-SpamAssassin
Getting, compiling and installing
Configuring Mail-SpamAssassin
Setting up ClamAV
Getting, compiling and installing
Configuring ClamAV
Configuring auto-updates
Links
1. Introduction
This document is an attempt to collect the knowledge needed to setup an email system capable of scanning emails for viruses and to block unwanted spam. The entire process of getting, compiling, installing, and configuring this process will be covered. Pointers to sites for more information will be included as needed and put into the Links section. This version of the HowTo is for MailScanner 4.25-14, Mail-SpamAssassin 2.63, Postifix 2.0.11, and ClamAV 0.65. This HowTo will be Gentoo Linux specific, but will apply to most (if not all) Linux distributions.
All
previous versions of MailScanner, Mail-SpamAssassin, Postfix, and
ClamAV are either obsolete or not guaranteed. This document makes no
promises as to the success of getting any of the previous versions
working, but most newer versions should work fine.
1.1.
Latest Version
The latest versions of this document will be kept in this location:
<http://footon.jheslop.com/howto/>
1.2.
Disclaimer
This document is distributed in the hope that
it will be useful, but WITHOUT ANY WARRANTY, either expressed or
implied. While every effort has been taken to ensure the accuracy of
the information documented herein, the
author(s)/editor(s)/maintainer(s)/contributor(s) assumes NO
RESPONSIBILITY for any errors, or for any damages, direct or
consequential, as a result of the use of the information documented
herein.
1.3.
Authors
List of everyone who has put words into this file.
[mailto:jeremy@jheslop.com_NOSPAM] Jeremy Heslop
[mailto:steve.elzey@opustechsystems.com_NOSPAM] Steve Elzey
[mailto:ajs@vifilfell.is_NOSPAM] Asgeir
Please
notify the HowTo maintainer if you believe you should be listed
above.
2. What is MailScanner?
“MailScanner
scans all e-mail for viruses, spam and attacks against security
vulnerabilities. It is not tied to any particular virus scanner, but
can be used with any combination of 14 different virus scanners,
allowing sites to choose the "best of breed" virus scanner.
Being open source, site administrators can audit and verify the
integrity of the system. Its role is a major part in the security of
a network, and so it must act as a trusted service. The only way to
achieve the required level of trust is to be open source, an approach
the commercial suppliers are not willing to take. MailScanner has
been developed in a world-leading Electronics and Computer Science
Department at the University of Southampton, and is distributed for
*FREE* under the GNU Public License.”
-- Quoted from http://www.mailscanner.biz/introduction.html
For more information regarding specifics to MailScanner please refer to the MailScanner's main site <http://www.mailscanner.info/>
2.1 Why should we use MailScanner?
MailScanner
combines multiple programs together to help get rid of unwanted email
(spam) and block old and new viruses. It has any easy to understand
configuration file. Best of all MailScanner is free.
3.
What is Postfix?
Postfix is a program that allows for the
sending and receive of email aka an email server program. Here is
what it's website says about it:
“It is Wietse Venema's
mailer that started life as an alternative to the widely-used
Sendmail program.
Postfix
attempts to be fast, easy to administer, and secure, while at the
same time being sendmail compatible enough to not upset existing
users. Thus, the outside has a sendmail-ish flavor, but the inside is
completely different.”
-- Quoted from
http://www.postfix.org/
3.1
Why should I use Postfix?
Postfix is easy to setup and
can handle mail as fast, if not faster, than most MTAs on the market
and being a free alternative makes it a good choice.
4.
What is Mail-SpamAssassin?
“SpamAssassin is a mail
filter to identify spam. Using its rule base, it uses a wide range of
heuristic tests on mail headers and body text to identify "spam",
also known as unsolicited commercial email.”
--
Quoted from http://www.spamassassin.org/
4.1
Why should I use Mail-SpamAssassin
SpamAssassin is
flexible, easy to extend, uses a wide-spectrum of tests, and is free.
Everything that we could ever want from an anti-spam program.
5. What is ClamAV?
“Clam
AntiVirus is a GPL anti-virus toolkit for UNIX. The main purpose of
this software is the integration with mail servers (attachment
scanning). The package provides a flexible and scalable
multi-threaded daemon, a command line scanner, and a tool for
automatic updating via Internet. The programs are based on a shared
library distributed with the Clam AntiVirus package, which you can
use with your own software. Most importantly, the virus database is
kept up to date.”
--
Quoted from http://www.clamav.net/
5.1
Why should I use ClamAV?
ClamAV is a fast, and up-to-date
virus scanner that integrates well in MailScanner. Other anit-virus
engines can be used with MailScanner, but the others either cost
money or do not updates as regularly. ClamAV has an easy update
utility to keep the virus list updated which will keep new viruses
out of your inbox.
6.
Setting up Mailscanner
Setting up MailScanner under
Gentoo Linux will get easier when an ebuild for MailScanner makes
it's way into the portage tree, but for now we will set it up
manually which is well documented in the MailScanner download's
INSTALL file.
6.1 Getting, compiling and installing
You can get the latest version of MailScanner from http://www.mailscanner.info
Because MailScanner is a perl program there is no need to compile it. You will however need to install the prerequisites for MailScanner. They are listed here: http://www.sng.ecs.soton.ac.uk/mailscanner/install/perl.shtml
Most of the perl modules can be emerged, except MIME-tools which should be used from the MailScanner site. (See perl page above) But first one has to run emerge inject dev-perl/MIME-tools to pretend that this module was emerged from portage (there are some dependencies to MIME-tools that may have to be installed).
NOTE: I have used the built in Gentoo MIME-tools (5.417) without any problems, but your mileage may vary. Always make sure you go use the recommended versions.
A detailed explanation of installing MailScanner is here: http://www.sng.ecs.soton.ac.uk/mailscanner/install/mailscanner.shtml
Read up on using CPAN to install perl modules. Once you have MailScanner installed under /opt/MailScanner/ (or your location) you will need to make sure it gets started at bootup. The MailScanner rpm packages does this for you, but in Gentoo we will need to create a init script. Here is the script /etc/init.d/mailscanner:
#!/sbin/runscript
# Copyright 1999-2003 Gentoo Technologies, Inc.
# Distributed under the terms of the GNU General Public License v2
# $Header: /home/cvsroot/gentoo-x86/net-www/apache/files/2.0.40/apache2.initd,v 1.13 2003/10/31 07:17:45 rajiv Exp $
opts="reload"
depend() {
need net
use logger dns
}
start() {
ebegin "Starting postfix"
/usr/sbin/postfix -c /etc/postfix start &>/dev/null
eend $?
ebegin "Starting MailScanner"
/opt/MailScanner/bin/check_mailscanner -q >/dev/null
RETVAL=$?
[ ${RETVAL} -eq 0 ] && touch /var/lock/subsys/MailScanner
[ ${RETVAL} -eq 0 ] && rm -f /var/lock/subsys/MailScanner.off
eend
${RETVAL}
}
stop() {
ebegin "Stopping MailScanner"
killall -15 MailScanner
RETVAL=$?
[ ${RETVAL} -eq 0 ] && rm -f /var/lock/subsys/MailScanner
[ ${RETVAL} -eq 0 ] && touch /var/lock/subsys/MailScanner.off
eend ${RETVAL}
ebegin "Stopping postfix"
/usr/sbin/postfix -c /etc/postfix stop &>/dev/null
eend $?
}
reload() {
ebegin "Reloading postfix"
/usr/sbin/postfix -c /etc/postfix reload &>/dev/null
eend $?
ebegin "Reloading MailScanner workers:"
pid=`pidof -x MailScanner`
if [ -n "$pid" ] ;
then
/bin/kill -HUP $pid
eend $?
else
eend 1
fi
}
Now just add mailscanner to bootup:
rc-update add mailscanner default
6.2
Configuring MailScanner.conf
To properly setup
MailScanner we will have to make sure it knows what MTA, spam, and
anti-virus tools we want to use. Here are the options you will need
to change:
%org-name% = yoursite
Run As User = postfix
Run As Group = postfix
Incoming Queue Dir = /var/spool/postfix/hold
Outgoing Queue Dir = /var/spool/postfix/incoming
MTA = postfix
Virus Scanners = clamav
Here we specify that we are using postfix as our email server and clamav as our anti-virus tool. MailScanner does not use Mail-SpamAssassin by default so we will configure it later in this HowTo. However MailScanner does have spam checks turned on by default. These spam checks use blacklists sometimes referred to as RBL (Realtime Blackhole List) to check email senders in realtime. Here is what I usually change the Spam List to in MailSCanner.conf when setting up MailScanner.
Spam List = spamhaus.org spamcop.net ORDB-RBL
Spamhaus
is a very conservative blacklist however spamcop is more aggressive
so if you find good emails being marked as spam it's possible spamcop
could be marking them, but usually rightly so. Check your mail logs
for more specific information regarding spams being marked
incorrectly.
There
are a lot of additional tweaks you can make to MailScanner.conf, such
as how your system handles each virus caught. Please refer to the
config file comments for details.
7. Setting up
Postfix
Most if not all of this information is coming
from this document:
http://www.sng.ecs.soton.ac.uk/mailscanner/install/postfix.shtml So
if you get lost or confused please consult the link above.
7.1 Getting,
compiling and installing
You can get postfix from
http://www.postfix.org, but for gentoo we will just emerge it:
emerge postfix
This
will do all the getting, compiling and installing for you. We will
now need to configure postfix for MailScanner. Any extra
configurations of postfix like aliases are out of the scope of this
document.
7.2
Configuring postfix
MailScanner used to sit in between
two versions of postfix, but now we only need one version running.
This section referenced from this webpage:
http://www.sng.ecs.soton.ac.uk/mailscanner/install/postfix.shtml
We will need to edit
postfix to hold all email messages so that MailScanner can scan them
and then put them in the mail queue. We will first need to edit
/etc/postfix/main.cf to hold all incoming messages:
header_checks
= regexp:/etc/postfix/header_checks
Then we will need to create the header_checks file /etc/postfix/header_checks and put in this information:
/^Received:/ HOLD
You will need to ensure that the user "postfix" can write to
/var/spool/MailScanner/incoming and
/var/spool/MailScanner/quarantine:
chown postfix.postfix /var/spool/MailScanner/incoming
chown postfix.postfix /var/spool/MailScanner/quarantine
Just
as an added check make sure that you don't have postfix run by
itself. MailScanner will now start each version of postfix for you:
rc-update del postfix default
Now we have a configured our mail setup. Let's move on to ridding emails of spam and viruses.
8.
Setting up Mail-SpamAssassin
Setting
up Mail-SpamAssassin is pretty straight forward. We will install it
and then do some minor tweaks to get it setup.
8.1
Getting, compiling and installing
Getting, compiling and
installing is a very simple especially in Gentoo Linux. We will just
emerge it.
emerge
spamassassin
This
will setup the dependencies of SpamAssassin and install the perl
modules needed.
8.2
Configuring Mail-SpamAssassin
Mailscanner by default has
SpamAssassin turned off. We will need to change the MailScanner.conf
file to turn it on:
Use
SpamAssassin = yes
You
can tweak other settings for SpamAssassin, but be default they are
pretty good at catching a good percent of spam emails.
9.
Setting up ClamAV
ClamAV as stated above is a great
anti-virus tool and setting it up is a trivial process.
9.1
Getting, compiling and installing
Like most other Gentoo
Linux packages clamav is a straight forward emerge:
emerge
clamav
9.2
Configuring ClamAV
Once installed we will have to make
sure Gentoo Linux starts clamav server process when the computer
starts. We will need to make sure this is in /etc/conf.d/clamd:
START_CLAMD=yes
This will make sure
that when the initial bootup process is started clamd will start as
well. Then we need to add clam and freshclam to the startup process:
rc-update add clamd default
Now
we need to make sure the Example line in /etc/clamav.conf is
commented out or clamd will not start:
# Comment or remove the line below.
#Example
9.3
Configuring auto-updates
ClamAV gets updated twice a day
by default with freshclam daemon. If you want to change that then
edit /etc/conf.d/clamd and change the number two in “-c 2”
to a higher or lower number (ie check 3 times a day then -c 3).
Freshclam will get started automatically during bootup when you start
ClamAV unless you change the line in /etc/conf.d/clamd to tell it
otherwise.
10.
Links
MailScanner - http://www.mailscanner.info
Postfix - http://www.postfix.org
Mail-SpamAssassin - http://www.spamassassin.org/
ClamAV - http://www.clamav.net
MailScanner ebuild - http://bugs.gentoo.org/show_bug.cgi?id=36060
MailScanner HowTo - http://gentoo-wiki.com/HOWTO_Email_Virus_Scanner_--_Mailscanner
MailScanner Wiki - http://wiki.mailscanner.info/