0. Specification of the test enviroment
0.1 Softwares
| Tested Operating Systems | 1. OpenSUSE 11.0 2. Fedora 9 |
| Kernel versions | Linux linux-jnwt 2.6.25.20-0.1-pae #1 SMP 2008-12-12 20:30:38 +0100 i686 i686 i386 GNU/Linux |
| Mail server | netqmail-1.06.tar.gz ucspi-tcp-0.88.tar.gz daemontools-0.76.tar.gz |
| AntiVirus | clamav-0.94.2.tar.gz |
| Spamfilter | Mail-SpamAssassin-3.2.5.tar.gz |
| Mail scanner | qmail-scanner-2.05.tgz maildrop-2.0.4.tar.bz2 |
| DNS | djbdns-1.05.tar.gz |
In my test the folder for all downloaded files was /usr/local/src/. Exception the daemontools that is in /package.
This is not a detailed documentation, that means you should read install guides as well.
Generally all package has a file called INSTALL or README. That makes your life and people you would ask easier.
I used wget to download all the packages, but I was behind a proxy (that required no AUTH)
As the first step I had to setup wget to use proxy.
Wget setup:
| http_proxy = http://x.y.v.z:3128/ ftp_proxy = http:// x.y.v.z:3128/ use_proxy = on |
0.2 Setup access to the Mail Gateway
IP Address: <IP> <Mask>
DF GW: <IP>
Username: …
Password: …
Change the ssh port to something different, I always use port 66623 for all my servers, hosts.
(Don’t believe it and choose what you want over 1024)
| linux-jnwt:/ # vi /etc/ssh/sshd_config Port 66623 |
1. Qmail Installation with Maildir
RTFM I used can be found here: http://www.lifewithqmail.org/lwq.html
If you want to say goodbye for qmail here is a quick howto DELETE QMAIL: http://whatislinux.net/how-do-i-compleetly-remove-qmail
1.1 Requirements
You should read them carefully:
http://www.lifewithqmail.org/lwq.html#preparation
http://www.lifewithqmail.org/lwq.html#system-requirements
1.2 Download sourcecode for qmail and stuff
| linux@linux-jnwt:~> su linux-jnwt:/home/linux # umask 022 linux-jnwt:/home/linux # mkdir -p /usr/local/src linux-jnwt:/home/linux # cd /usr/local/src linux-jnwt:/usr/local/src # wget http://www.qmail.org/netqmail-1.06.tar.gz linux-jnwt:/usr/local/src # wget http://cr.yp.to/ucspi-tcp/ucspi-tcp-0.88.tar.gz linux-jnwt:/usr/local/src # mkdir -p /package linux-jnwt:/usr/local/src # cd /package linux-jnwt:/package # wget http://cr.yp.to/daemontools/daemontools-0.76.tar.gz linux-jnwt:/package # chmod 1755 /package |
1.3 Extract sourcecodes
| linux-jnwt:/package # cd /usr/local/src linux-jnwt:/usr/local/src # gunzip netqmail-1.06.tar.gz linux-jnwt:/usr/local/src # tar xpf netqmail-1.06.tar linux-jnwt:/usr/local/src # gunzip ucspi-tcp-0.88.tar.gz linux-jnwt:/usr/local/src # tar xpf ucspi-tcp-0.88.tar linux-jnwt:/usr/local/src # cd /package linux-jnwt:/package # gunzip daemontools-0.76.tar.gz linux-jnwt:/package # tar xpf daemontools-0.76.tar |
1.4 Create folder for qmail
| linux-jnwt:/package # mkdir /var/qmail |
1.5 Create required users and groups
For these users should we allow the following shells, as they will never login and so on…
/false – http://www.manpagez.com/man/1/false/
/nologin – http://www.manpagez.com/man/8/nologin/
/true – http://www.manpagez.com/man/1/true/
With Opensuse I used /sbin/nologin.
| linux-jnwt:/usr/local/src/netqmail-1.06 # export PATH=$PATH:/usr/sbin:/sbin linux-jnwt:/package # cd /usr/local/src/netqmail-1.06 linux-jnwt:/usr/local/src/netqmail-1.06 # cp INSTALL.ids IDS linux-jnwt:/usr/local/src/netqmail-1.06 # vi IDS groupadd nofiles useradd -g nofiles -d /var/qmail/alias alias -s /sbin/nologin useradd -g nofiles -d /var/qmail qmaild -s /sbin/nologin useradd -g nofiles -d /var/qmail qmaill -s /sbin/nologin useradd -g nofiles -d /var/qmail qmailp -s /sbin/nologin groupadd qmail useradd -g qmail -d /var/qmail qmailq -s /sbin/nologin useradd -g qmail -d /var/qmail qmailr -s /sbin/nologin useradd -g qmail -d /var/qmail qmails -s /sbin/nologin |
| linux-jnwt:/usr/local/src/netqmail-1.06 # chmod 700 IDS linux-jnwt:/usr/local/src/netqmail-1.06 # ./IDS |
1.6 Download and add patches and compile Netqmail
Qmail Patches I used:
- Validrcptto: http://qmail.jms1.net/patches/validrcptto.cdb.shtml
- Djbdns: http://cr.yp.to/djbdns.html
Have you read the links?
There is a lot of patches available apart from those 2 I choosed:
http://qmail.internet-trendsetting.de/top.html#addons
1.6.1 Djbdns install
| linux-jnwt:/ # cd /usr/local/src/ linux-jnwt:/usr/local/src # wget http://cr.yp.to/djbdns/djbdns-1.05.tar.gz linux-jnwt:/usr/local/src # gunzip djbdns-1.05.tar linux-jnwt:/usr/local/src # tar -xf djbdns-1.05.tar linux-jnwt:/usr/local/src # cd djbdns-1.05 linux-jnwt:/usr/local/src/djbdns-1.05 # echo gcc -O2 -include /usr/include/errno.h > conf-cc linux-jnwt:/usr/local/src/djbdns-1.05 # make linux-jnwt:/usr/local/src/djbdns-1.05 # make setup check —> install the djbdns programs under /usr/local linux-jnwt:/usr/local/src/djbdns-1.05 # cd.. |
1.6.2 Validrcptto install
As you have red the links I mentioned this validrcptto allows mails only if the recipient is known. All recipient can be held in a database locally, saving time to ask every time the User Directory. There is a lot of possibilities to collect mail recipients. We can download it from LDAP server or from local system or from a text file and so on… Here I use a local user collection and text file method.
Requirements:
– Query, download and build perl modules from CPAN sites:
perl-CPAN.i386
– GNU tool which simplifies the build process for users:
make.i386 : A GNU tool which simplifies the build process for users [My version 3.81-12.fc9]
– GNU Compiler Collection:
gcc.i386 : Various compilers (C, C++, Objective-C, Java, …) [My version 4.3.0-8]
| linux-jnwt:/usr/local/src # wget http://qmail.jms1.net/patches/netqmail-1.05-validrcptto.cdb.patch linux-jnwt:/usr/local/src # cp netqmail-1.05-validrcptto.cdb.patch /usr/local/src/netqmail-1.06 linux-jnwt:/usr/local/src # cd /usr/local/src/netqmail-1.06 linux-jnwt:/usr/local/src/netqmail-1.06 # patch < ../netqmail-1.05-validrcptto.cdb.patch patching file Makefile patching file qmail-smtpd.c linux-jnwt:/home/linux # cd /usr/local/src linux-jnwt:/usr/local/src # wget http://cr.yp.to/cdb/cdb-0.75.tar.gz linux-jnwt:/usr/local/src # tar xvzf cdb-0.75.tar.gz linux-jnwt:/usr/local/src # cd cdb-0.75/ linux-jnwt:/usr/local/src/cdb-0.75 # make ./compile cdb.c … When we got a problem: linux-jnwt:/usr/local/src/cdb-0.75 # vi error.h Before: extern int errno; After: /* extern int errno; */ #include <errno.h> linux-jnwt:/usr/local/src/cdb-0.75 # make ./compile cdb.c … linux-jnwt:/usr/local/src/cdb-0.75 # make setup check ./install ./instcheck linux-jnwt:/usr/local/src/cdb-0.75 # perl -MCPAN -e shell cpan[1]> install CDB_File cpan[2]> exit |
Create validrcptto.cdb DataBase from local users (on this Linux System):
Source Link:
http://qmail.jms1.net/scripts/mkvalidrcptto.shtml
| linux-jnwt:/usr/local/src # cd /usr/local/bin linux-jnwt:/usr/local/bin # wget http://qmail.jms1.net/scripts/mkvalidrcptto linux-jnwt:/usr/local/bin # chmod 755 mkvalidrcptto linux-jnwt:/usr/local/bin # perl -c /usr/local/bin/mkvalidrcptto /usr/local/bin/mkvalidrcptto syntax OK linux-jnwt:/usr/local/bin # less /usr/local/bin/mkvalidrcptto à That should you read not just run… linux-jnwt:/usr/local/bin # mkvalidrcptto -c validrcptto.cdb linux-jnwt:/usr/local/bin # mv validrcptto.cdb /var/qmail/control/ |
Create validrcptto.cdb DataBase from txt file:
| linux-jnwt:/usr/local/bin # cd /var/qmail/control linux-jnwt:/usr/local/bin # wget http://qmail.jms1.net/scripts/adexport-go linux-jnwt:/usr/local/bin # wget http://qmail.jms1.net/scripts/adexport.txt linux-jnwt:/usr/local/bin # mv adexport-go adexport-go.sh linux-jnwt:/usr/local/bin # mv adexport.txt adexport.pl linux-jnwt:/usr/local/bin # chmod 755 adexport* linux-jnwt:/usr/local/bin # vi adexport-go.sh 2 changes I have used: 1. #./adexport.pl | grep -v ‘^systemmailbox{‘ | sort > validrcptto.new 2. #mv validrcptto.new validrcptto.txt cp validrcptto.new validrcptto.txt linux-jnwt:/usr/local/bin # vi validrcptto.new …Here I have adde users / recipients/. linux-jnwt:/usr/local/bin # sh adexport-go.sh |
1.6.3 Compile Netqmail
| linux-jnwt:/home/linux # cd /usr/local/src/netqmail-1.06/ linux-jnwt:/usr/local/src/netqmail-1.06 # make setup check linux-jnwt:/usr/local/src/netqmail-1.06 # ./config-fast linux-jnwt.testmailsrv.de |
1.7 Patch and compile ucspi-tcp
| linux-jnwt:/ # cd /usr/local/src/ucspi-tcp-0.88 linux-jnwt:/usr/local/src/ucspi-tcp-0.88 # patch < /usr/local/src/netqmail-1.06/other-patches/ucspi-tcp-0.88.errno.patch linux-jnwt:/usr/local/src/ucspi-tcp-0.88 # make linux-jnwt:/usr/local/src/ucspi-tcp-0.88 # make setup check |
1.8 Patch and compile daemontools
| linux-jnwt:/ # cd /package/admin/daemontools-0.76 linux-jnwt:/package/admin/daemontools-0.76 # cd src linux-jnwt:/package/admin/daemontools-0.76 # patch < /usr/local/src/netqmail-1.06/other-patches/daemontools-0.76.errno.patch linux-jnwt:/package/admin/daemontools-0.76 # cd .. linux-jnwt:/package/admin/ # package/install |
Here should we use “ps -ef | grep svscan” or “ps waux | grep svscan” to check if svscan runs.
With Fedora it is not so easy:
| linux-jnwt:/usr/local/src/netqmail-1.06 # less /etc/inittab SV:123456:respawn:/command/svscanboot Fedora does not use currently inittab. That should be placed in event.d folder: # vi /etc/event.d/daemontools # daemontools start on runlevel 2 start on runlevel 3 start on runlevel 4 start on runlevel 5 stop on shutdown respawn exec /command/svscanboot # initctl start daemontools For me that was strange, because clamd was always duplicated. I do not use it now and need to troubleshoot… |
1.9 Start your Qmail
1.9.1 The Boot-Scripts
Qmail-Boot-Script:
| linux-jnwt:/ # vi /var/qmail/rc #!/bin/sh # Using stdout for logging # Using control/defaultdelivery from qmail-local to deliver messages by default exec env – PATH=”/var/qmail/bin:$PATH” \ qmail-start “`cat /var/qmail/control/defaultdelivery`” linux-jnwt:/ # chmod 755 /var/qmail/rc linux-jnwt:/ # mkdir /var/log/qmail linux-jnwt:/ # echo ./Maildir/ >/var/qmail/control/defaultdelivery |
1.9.2 Systemstart files
1.9.2.1 The qmailctl-Script
| linux-jnwt:/ # vi /var/qmail/bin/qmailctl #!/bin/sh # # For Red Hat chkconfig # chkconfig: – 80 30 # description: the qmail MTA # PATH=/var/qmail/bin:/bin:/usr/bin:/usr/local/bin:/usr/local/sbin # export PATH # QMAILDUID=`id -u qmaild` NOFILESGID=`id -g qmaild` # case “$1” in start) echo “Starting qmail” if svok /service/qmail-send ; then svc -u /service/qmail-send /service/qmail-send/log else echo “qmail-send supervise not running” fi if svok /service/qmail-smtpd ; then svc -u /service/qmail-smtpd /service/qmail-smtpd/log else echo “qmail-smtpd supervise not running” fi if [ -d /var/lock/subsys ]; then touch /var/lock/subsys/qmail fi ;; stop) echo “Stopping qmail…” echo ” qmail-smtpd” svc -d /service/qmail-smtpd /service/qmail-smtpd/log echo ” qmail-send” svc -d /service/qmail-send /service/qmail-send/log if [ -f /var/lock/subsys/qmail ]; then rm /var/lock/subsys/qmail fi ;; stat) svstat /service/qmail-send svstat /service/qmail-send/log svstat /service/qmail-smtpd svstat /service/qmail-smtpd/log qmail-qstat ;; doqueue|alrm|flush) echo “Flushing timeout table and sending ALRM signal to qmail-send.” /var/qmail/bin/qmail-tcpok svc -a /service/qmail-send ;; queue) qmail-qstat qmail-qread ;; reload|hup) echo “Sending HUP signal to qmail-send.” svc -h /service/qmail-send ;; pause) echo “Pausing qmail-send” svc -p /service/qmail-send echo “Pausing qmail-smtpd” svc -p /service/qmail-smtpd ;; cont) echo “Continuing qmail-send” svc -c /service/qmail-send echo “Continuing qmail-smtpd” svc -c /service/qmail-smtpd ;; restart) echo “Restarting qmail:” echo “* Stopping qmail-smtpd.” svc -d /service/qmail-smtpd /service/qmail-smtpd/log echo “* Sending qmail-send SIGTERM and restarting.” svc -t /service/qmail-send /service/qmail-send/log echo “* Restarting qmail-smtpd.” svc -u /service/qmail-smtpd /service/qmail-smtpd/log ;; cdb) tcprules /etc/tcp.smtp.cdb /etc/tcp.smtp.tmp < /etc/tcp.smtp chmod 644 /etc/tcp.smtp.cdb echo “Reloaded /etc/tcp.smtp.” ;; help) cat <<HELP stop — stops mail service (smtp connections refused, nothing goes out) start — starts mail service (smtp connection accepted, mail can go out) pause — temporarily stops mail service (connections accepted, nothing leaves) cont — continues paused mail service stat — displays status of mail service cdb — rebuild the tcpserver cdb file for smtp restart — stops and restarts smtp, sends qmail-send a TERM & restarts it doqueue — schedules queued messages for immediate delivery reload — sends qmail-send HUP, rereading locals and virtualdomains queue — shows status of queue alrm — same as doqueue flush — same as doqueue hup — same as reload HELP ;; *) echo “Usage: $0 {start|stop|restart|doqueue|flush|reload|stat|pause|cont|cdb|queue|help}” exit 1 ;; esacexit 0 linux-jnwt:/ # chmod 755 /var/qmail/bin/qmailctl |
1.9.2.2 The supervise-Scripts
| linux-jnwt:/ # mkdir -p /var/qmail/supervise/qmail-send/log linux-jnwt:/ # mkdir -p /var/qmail/supervise/qmail-smtpd/log linux-jnwt:/ # vi /var/qmail/supervise/qmail-send/run #!/bin/sh exec /var/qmail/rc linux-jnwt:/ # vi /var/qmail/supervise/qmail-send/log/run #!/bin/sh exec /usr/local/bin/setuidgid qmaill /usr/local/bin/multilog t /var/log/qmail linux-jnwt:/ # vi /var/qmail/supervise/qmail-smtpd/run #!/bin/shQMAILDUID=`id -u qmaild` NOFILESGID=`id -g qmaild` MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` LOCAL=`head -1 /var/qmail/control/me` if [ -z “$QMAILDUID” -o -z “$NOFILESGID” -o -z “$MAXSMTPD” -o -z “$LOCAL” ]; if [ ! -f /var/qmail/control/rcpthosts ]; exec /usr/local/bin/softlimit -m 2000000 \ linux-jnwt:/ # echo 20 > /var/qmail/control/concurrencyincoming |
The /service folder will be created when daemontools is installed.
1.9.2.3 SMTP access-control
| linux-jnwt:/ # echo ‘127.:allow,RELAYCLIENT=””‘ >>/etc/tcp.smtp linux-jnwt:/ # qmailctl cdb |
1.9.3 Stop and delete installed MTA
Here has to be tested that we do not have any app listening on tcp port 25. If so find it and kill it. If not so step forward.
| linux-jnwt:/ # netstat -a | grep smtp linux-jnwt:/ # mv /usr/lib/sendmail /usr/lib/sendmail.old # Error messages can be ignored linux-jnwt:/ # mv /usr/sbin/sendmail /usr/sbin/sendmail.old # Error messages can be ignored linux-jnwt:/ # chmod 0 /usr/lib/sendmail.old /usr/sbin/sendmail.old # Error messages can be ignored linux-jnwt:/ # ln -s /var/qmail/bin/sendmail /usr/lib linux-jnwt:/ # ln -s /var/qmail/bin/sendmail /usr/sbin |
1.9.4 Create Systemaliases
| linux-jnwt:/ # echo example@example.com > /var/qmail/alias/.qmail-root linux-jnwt:/ # echo example@example.com > /var/qmail/alias/.qmail-postmaster linux-jnwt:/ # ln -s .qmail-postmaster /var/qmail/alias/.qmail-mailer-daemon linux-jnwt:/ # chmod 644 /var/qmail/alias/.qmail-root /var/qmail/alias/.qmail-postmaster |
If you need more info about aliases see INSTALL.alias.
1.9.5 Start Qmail
| linux-jnwt:/ # qmailctl start |
1.10 Test the Installation
| linux-jnwt:/ # qmailctl stat linux-jnwt:/ # cd /usr/local/src linux-jnwt:/usr/local/src # wget http://lifewithqmail.org/inst_check linux-jnwt:/usr/local/src # sh inst_check linux-jnwt:/usr/local/src # ps -efl | grep “service errors” | grep -v grep |
2. Use Mutt with “/Maildir”
(Mutt user manual: http://www.mutt.org/doc/manual/manual-2.html)
Information for Maildir folder creation:
qmail-local can deliver mail to maildir mailboxes, but it can’t create them.
Maildir mailboxes should be created with the maildirmake program that comes with qmail. E.g., “maildirmake ~/Maildir”. Be sure to run maildirmake as the owner of the maildir, not as root. Your useradd or adduser command might support a “skeleton” directory, e.g. /etc/skel, where you can create a maildir that will be copied for all new users.
3 Qmail-scanner mit Spamassassin und Clamav
3.1 Clamav
Requirements:
Link I used :
http://www.clamav.net/doc/latest/html/node10.html
– GNU tool which simplifies the build process for users:
make.i386 : A GNU tool which simplifies the build process for users [My version 3.81-12.fc9]
– GNU Compiler Collection:
gcc.i386 : Various compilers (C, C++, Objective-C, Java, …) [My version 4.3.0-8]
– The zlib compression and decompression library:
zlib.i386 : The zlib compression and decompression library [My version 1.2.3-18.fc9]
zlib-devel.i386 : Header files and libraries for Zlib development [My version 1.2.3-18.fc9]
– GNU Multiple Precision Arithmetic Library:
gmp.i386 : A GNU arbitrary precision library [My version 4.2.2-7.fc9]
– A unit test framework for C:
check.i386 : A unit test framework for C [My version 0.9.6-1.fc9]
– The clamav user and group (actually we will use qscand, avoid this if you can.):
[root@myweb-lp clamav-0.94.2]# /usr/sbin/groupadd clamav
[root@myweb-lp clamav-0.94.2]# /usr/sbin/useradd -g clamav -s /bin/false -c “Clam AntiVirus” clamav
I found a document on clamav and qmail-scanner that is hmmm, helped me a bit, but lead me sometimes in wrong directions (maybe my fault):
http://tldp.org/HOWTO/Qmail-ClamAV-HOWTO/x120.html
3.1.1 Clamav installation
| linux-jnwt:/usr/local/src # groupadd clamav linux-jnwt:/usr/local/src # useradd clamav -g clamav -c “Clam Antivirus” -s /bin/false linux-jnwt:/usr/local/src # tar -xvzf clamav-0.94.2.tar.gz linux-jnwt:/usr/local/src # cd clamav-0.94.2 linux-jnwt:/usr/local/src/clamav-0.94.2 # ./configure linux-jnwt:/usr/local/src/clamav-0.94.2 # make linux-jnwt:/usr/local/src/clamav-0.94.2 # make install linux-jnwt:/usr/local/src/clamav-0.94.2 # cd .. |
3.1.2 Clamav configuration
In clamav config file use whatever you want. I will use whatever I want.
| linux-jnwt:/usr/local/src # cp /usr/local/etc/clamd.conf /usr/local/etc/clamd.conf_orig linux-jnwt:/usr/local/src # vi /usr/local/etc/clamd.conf Example –> DELETE! LogFileUnlock yes PidFile /var/run/clamav/clamd.pid DatabaseDirectory /var/lib/clamav -> Default Virus DB dir: /usr/local/share/clamav/ LocalSocket /tmp/clamd.socket – Add qscand user and group: linux-jnwt:/usr/local/src/ # groupadd qscand |
3.1.3 Clam test
Clamav Test:
| linux-jnwt:/usr/local/src # clamscan -r -l scan.txt clamav-0.94.2 clamscan: error while loading shared libraries: libclamav.so.5: cannot open shared object file: No such file or directory # In this case run an ldconfig linux-jnwt:/usr/local/src # ldconfig |
ClamavD Test:
| linux-jnwt:/usr/local/src # clamd linux-jnwt:/usr/local/src # clamdscan -l scan3.txt clamav-0.94.2 |
3.1.4 Clamav with Daemontools
Link I used :
http://qmail.jms1.net/clamav/daemontools.shtml
The clamdctl Script:
Link I used:
http ://tldp.org/HOWTO/Qmail-ClamAV-HOWTO/x142.html
| linux-jnwt:/ # vi /usr/local/bin/clamdctl #!/bin/sh PATH=/usr/local/clamav/bin:/bin:/usr/bin:/usr/local/bin:/usr/local/sbin exit 0 |
Die Supervise-Skripts für Clamav:
Links I used:
http://tldp.org/HOWTO/Qmail-ClamAV-HOWTO/x142.html
http://qmail.jms1.net/clamav/daemontools.shtml
| linux-jnwt:/home/linux # mkdir -p /var/clamav/supervise/clamd/log linux-jnwt:/home/linux # cd /var/clamav/supervise/clamd/ linux-jnwt:/var/clamav/supervise/clamd # vi /var/clamav/supervise/clamd/run #!/bin/sh exec /usr/local/bin/setuidgid qscand /usr/local/sbin/clamd 2>&1 linux-jnwt:/var/clamav/supervise/clamd # chmod 755 /var/clamav/supervise/clamd/run linux-jnwt:/var/clamav/supervise/clamd # cd log linux-jnwt:/var/clamav/supervise/clamd/log # vi /var/clamav/supervise/clamd/log/run #!/bin/sh exec /usr/local/bin/setuidgid qscand /usr/local/bin/multilog t /var/log/clamd linux-jnwt:/var/clamav/supervise/clamd/log # chmod 755 /var/clamav/supervise/clamd/log/run linux-jnwt:/var/clamav/supervise/clamd # mkdir /var/log/clamd linux-jnwt:/var/clamav/supervise/clamd # chown qscand:qscand /var/log/clamd linux-jnwt:/usr/local/src # ln -s /var/clamav/supervise/clamd /service |
Start Clamav manually:
| linux-jnwt:/home/linux # svc -u /service/clamd or use linux-jnwt:/home/linux # clamdctl start |
3.2 Freshclam
3.2.1 Freshclam configuration
Feel the freedom here as well. What I used is only a few things.
| linux-jnwt:/usr/local/src # cd /usr/local/etc/ linux-jnwt:/usr/local/src # cp freshclam.conf freshclam.conf_orig linux-jnwt:/usr/local/src # vi /usr/local/etc/freshclam.conf #Example DatabaseDirectory /var/lib/clamav UpdateLogFile /var/log/freshclam.log LogFileMaxSize 10M LogTime yes LogVerbose yes DatabaseOwner qscand DatabaseMirror db.de.clamav.net DatabaseMirror database.clamav.net MaxAttempts 3 Checks 12 NotifyClamd /usr/local/etc/clamd.conf PidFile /var/run/freshclam/freshclam.pid AllowSupplementaryGroups yes DNSDatabaseInfo current.cvd.clamav.net OnUpdateExecute /usr/local/sbin/freshclam-good OnErrorExecute /usr/local/sbin/freshclam-bad- create Freshclam log file: linux-jnwt:/usr/local/src # touch /var/log/freshclam.log – create folder for Freshclam PID file (pid will be created by Freshclam): linux-jnwt:/usr/local/src # mkdir /var/run/freshclam – create a script for Clamav version update for Qmail-scanner linux-jnwt:/home/linux # vi /usr/local/sbin/freshclam-good #!/bin/sh if [ -e /var/qmail/bin/qmail-scanner-queue.pl ] exit 0 linux-jnwt:/home/linux # chmod 755 /usr/local/sbin/freshclam-good cat <<EOF | qmail-inject exit 0 linux-jnwt:/usr/local/bin # chmod 755 /usr/local/sbin/freshclam-bad |
3.2.2 Freshclam test
| linux-jnwt:/usr/local/src # freshclam –u qscand linux-jnwt:/usr/local/src # less /var/log/ freshclam.log |
Freshclam configuration in crontab:
Add a cron job with the following command. In the following example what times wil the freshclam will be used?
If you do not know:
http://en.wikipedia.org/wiki/Cron#Fields
| linux-jnwt:/usr/local/src # vi /etc/crontab 0 * * * * /usr/local/bin/freshclam -u qscand –quiet |
Info:
-u USER run as USER
–quiet only output error messages
3.3 Spamassassin
(http://wiki.apache.org/spamassassin/IntegratedInQmailWithQmailScanner)
If you already installed spamassasin, check this:
| linux-jnwt:/home/linux # perldoc Mail::SpamAssassin::Conf |
Folder for *.cf Datei (the rules):
The following folders holds the rules of spamassassin
/usr/share/spamassassin/
/usr/local/share/spamassassin/
Examples.:
10_default_prefs.cf
20_advance_fee.cf
20_body_tests.cf
20_compensate.cf
20_dnsbl_tests.cf
20_drugs.cf
20_dynrdns.cf
You will check them as soon as you got an operating mail gateway and you check your spam log files. There sou will see a value for all mail. Definetly you then want to know what values are used if special rules are matched.
Here is the configuration files for Spamassassin:
/etc/mail/spamassassin/
z.B.:
init.pre – Here used the ‘rewrite_header’ and ‘ifplugin’ with ‘uridnsbl_skip_domain’ for Opensuse und novell domainnames.
| linux-jnwt:/ # more /etc/mail/spamassassin/init.pre |grep -v “^$\|^#”
loadplugin Mail::SpamAssassin::Plugin::URIDNSBL |
local.cf – other commands for local.cf can be found here: „perldoc Mail::SpamAssassin::Conf“
v310.pre – Here will be loaded other plugins like dkim…
v312.pre – Here will be loaded other plugins AFAIK
v320.pre – Here will be loaded other plugins AFAIK
From those three directories, SpamAssassin will first read files ending in “.pre” in lexical order and then it will read files ending in “.cf” in lexical order (most files begin with two numbers to make the sorting order obvious).
In other words, it will read init.pre first, then 10_default_prefs.cf before 50_scores.cf and 20_body_tests.cf before 20_head_tests.cf. Options in later files will override earlier files.
3.3.1 Spamassassin installation
| linux-jnwt:/usr/local/src # tar -xvzf Mail-SpamAssassin-3.2.5.tar.gz
linux-jnwt:/usr/local/src # cd Mail-SpamAssassin-3.2.5 – …RTFM? linux-jnwt:/usr/local/src/Mail-SpamAssassin-3.2.5 # less INSTALL – We need to check Requirement for Perl Modules: linux-jnwt:/usr/local/src/Mail-SpamAssassin-3.2.5 # perl build/check_dependencies |
This is a list of my missing Requirements:
optional module missing: Mail::SPF
optional module missing: Mail::SPF::Query
optional module missing: IP::Country
optional module missing: Razor2
optional module missing: Net::Ident
optional module missing: IO::Socket::INET6
optional module missing: Mail::DomainKeys
optional module missing: Mail::DKIM
optional module missing: Encode::Detect
Informations about all modules can be found here: http://search.cpan.org/
We can install those modules with perl interactive Shell.
Installing Spamassassin and its requirements:
| linux-jnwt:/home/linux # perl -MCPAN -e shell
…default values at first usage… cpan[18]> o conf prerequisites_policy ask |
When I installed spamassassin for Fedora, I just installed it from repo. It is faster, but this way you will not get info about modules, I guess J.
For Fedora:
| # yum install spamassasin |
3.3.2 Spamassassin configuration
Here you can create your own konf file with your own rules etc.
There is a manual for it at this link:
http://wiki.apache.org/spamassassin/WritingRules
| linux-jnwt:/ # vi /etc/mail/spamassassin/local.cf report_contact example@example required_hits 5.0 rewrite_header Subject ***Warning! That can be a spam!*** lock_method flock report_safe 0 use_bayes 1 bayes_auto_learn 1 bayes_learn_to_journal 1 trusted_networks <your networks> whitelist_from whatavaryouwnat@toavoidspamchecking blacklist_from whatavaryouwnat@toavoidforwarding skip_rbl_checks 0 ok_languages en <your language> ok_locales en <your language> … |
3.3.3 Spamassassin with Daemontools
The spamdctl script:
| linux-jnwt:/ # vi /usr/bin/spamdctl #!/bin/sh PATH=/usr/local/clamav/bin:/bin:/usr/bin:/usr/local/bin:/usr/local/sbin export PATH case “$1” in start) echo “Starting spamd and log” if svok /service/spamd ; then svc -u /service/spamd /service/spamd/log else echo spamd supervise not running fi if [ -d /var/lock/subsys ]; then touch /var/lock/subsys/spamd fi ;; stop) echo “Stopping spamd and log…” echo ” spamd” svc -d /service/spamd svc -d /service/spamd/log if [ -f /var/lock/subsys/spamd ]; then rm /var/lock/subsys/spamd fi ;; stat) svstat /service/spamd svstat /service/spamd/log ;; restart) echo “Restarting spamd:” echo “* Stopping spamd.” svc -d /service/spamd svc -d /service/spamd/log echo “* Sending spamd SIGTERM and restarting.” svc -t /service/spamd svc -t /service/spamd/log echo “* Restarting spamd.” svc -u /service/spamd svc -u /service/spamd/log ;; hup) echo “Sending HUP signal to spamd.” svc -h /service/spamd svc -h /service/spamd/log ;; help) cat <<HELP stop — stops spamd service (smtp connections refused, nothing goes out) start — starts spamd service (smtp connection accepted, mail can go out) stat — displays status of spamd service restart — stops and restarts the spamd service hup — same as reload HELP ;; *) echo “Usage: $0 {start|stop|stat|restart|hup|help}” exit 1 ;; esac exit 0 linux-jnwt:/ # chmod 755 /usr/bin/spamdctl |
The Supervise-Scripts for Spamassassin:
| linux-jnwt:/ # mkdir -p /var/spamd/supervise/spamd/log linux-jnwt:/ # vi /var/spamd/supervise/spamd/run #!/bin/bash export LANG=de exec /usr/local/bin/softlimit -m 60000000 /usr/bin/spamd -x -u qscand 2>&1 linux-jnwt:/ # vi /var/spamd/supervise/spamd/log/run #!/bin/sh exec /usr/local/bin/setuidgid qscand /usr/local/bin/multilog t n20 s16000000 /var/log/spamd linux-jnwt:/ # chmod 755 /var/spamd/supervise/spamd/log/run linux-jnwt:/ # chmod 755 /var/spamd/supervise/spamd/run linux-jnwt:/ # mkdir /var/log/spamd/ linux-jnwt:/ # chown qscand:qscand /var/log/spamd/ linux-jnwt:/ # ln -s /var/spamd/supervise/spamd /service |
Start spamassassin manually:
| linux-jnwt:/ # svc -u /service/spamd or linux-jnwt:/ # spamdctl start |
Info for softlimit:
-m membytes
Info for spamd:
-x, –nouser-config Disable user config files
-u username, –username=username Run as username
Check Spamassassin processes:
| linux-jnwt:/usr/local/src/qmail_test/qmail-scanner-2.05 # ps axfu | grep spam |
3.4 Qmail-Scanner
The official site:
http://qmail-scanner.sourceforge.net/
3.4.1 Requirements for Qmail-scanner
1. Netqmail 1.05 (or qmail-1.03 with Patches)
2. User (and group) used to run Qmail-Scanner: qscand
3. reformime from Maildrop 1.3.8+
4. Perl 5.005_03+
5. Perl modul Time::HiRes
6. Perl modul DB_File
7. Perl modul Sys::Syslog
8. Perl modul MIME::Base64
9. Optional: Mark Simpson’s TNEF unpacker
10. Optional: uudecode
11. Optional: unzip
12. qmail patch: QMAILQUEUE
13. setuid bit von Perl
- qmail
This is already ready (Version netqmail-1.06)
- User (If you do not have it!)
| linux-jnwt:/usr/local/src/ # groupadd qscand linux-jnwt:/usr/local/src/ # useradd -g qscand -c “Qmail Scanner” -s /bin/false qscand |
- Reformime from Maildrop 1.3.8+
For Fedora 9 there was a package for Maildrop from repository. For Opensuse there was nothing, I had to use source code.
Requirements for Maildrop:
- # C++ compiler – A C++ compiler is required.
- # make – The GNU make is recommended. Solaris’s make is to be avoided. xBSD already has a gmake port, install it and use it (use gmake everywhere this document refers to make).
- # GDBM/DB – optional.
- # The PCRE library (http:/www.pcre.org) is required.
| linux-jnwt:/home/linux # zipper install gcc-c++ —> I did not have c++ installed, get it now. linux-jnwt:/home/linux # cd /usr/local/src linux-jnwt:/usr/local/src # wget http://prdownloads.sourceforge.net/courier/maildrop-2.0.4.tar.bz2 linux-jnwt:/usr/local/src/maildrop-2.0.4 # tar jxvf maildrop-2.0.4.tar.bz2 linux-jnwt:/usr/local/src/maildrop-2.0.4 # cd maildrop-2.0.4/ linux-jnwt:/usr/local/src/maildrop-2.0.4 # less INSTALL linux-jnwt:/usr/local/src/maildrop-2.0.4 # ./configure linux-jnwt:/usr/local/src/maildrop-2.0.4 # make linux-jnwt:/usr/local/src/maildrop-2.0.4 # make install-strip linux-jnwt:/usr/local/src/maildrop-2.0.4 # make install-man |
I run into an error with Maildrop:
| linux-jnwt:/usr/local/src/maildrop-2.0.4 # ./configure … checking pcre.h usability… no checking pcre.h presence… no checking for pcre.h… no checking pcre/pcre.h usability… no checking pcre/pcre.h presence… no checking for pcre/pcre.h… no configure: error: pcre.h not found – install PCRE from http://www.pcre.org —> In this case: linux-jnwt:/usr/local/src/maildrop-2.0.4 # zypper info pcre-devel |
For Fedora:
| [root@mylaptop /]# yum search pcre-devel |
- Perl 5.005_03+
In Suse 11.0 ist es bereits installiert (Version: 5.10.0-37.6)
- Time::HiRes Perl Modul:
There is a perl modul checking method that can we use any time.
| linux-jnwt:/usr/local/src # perl -M<Module-name here> -e l
linux-jnwt:/usr/local/src # perl -MTime::HiRes -e l —> If we get an error message, than it is not installed. |
If a module is not isntalled see the link:
http://www.cpan.org/modules/INSTALL.html
| linux-jnwt:/home/linux # perl -MCPAN -e shell …default values at first usage… cpan[18]> o conf prerequisites_policy ask cpan[1]> install Time::HiRes |
- Perl module DB_File —>In my OpenSUSE 11.0 this was installed by default
- Perl module Sys::Syslog —>In my OpenSUSE 11.0 this was installed by default.
- Perl module MIME::Base64 —>In my OpenSUSE 11.0 this was installed by default.
- Optional: Mark Simpson’s TNEF unpacker.
| linux-jnwt:/home/linux # zypper install tnef |
For Fedora:
| [root@mylaptop /]# yum install perl-Convert-TNEF … Installed: perl-Convert-TNEF.noarch 0:0.17-8.fc9 Dependencies installed: [root@mylaptop src]# wget http://downloads.sourceforge.net/tnef/tnef-1.4.5.tar.gz?use_mirror=heanet&filesize=3935273 |
- Optional: uudecode —> In my OpenSUSE 11.0 this was installed by default.
Für Fedora:
| [root@mylaptop /]# yum search sharutils |
- Optional: unzip —> In my OpenSUSE 11.0 this was installed by default.
- qmail patch: QMAILQUEUE —>This is installed in netqmail 1-06.
- Allow setuid for perl (In Opensuse)
| linux-jnwt:/usr/local/src/qmail-scanner-2.05 # vi /etc/permissions.local
/usr/bin/sperl5.10.0 root.root 4711 |
download setuid module for Fedora:
| [root@mylaptop /]# yum install perl-suidperl |
3.4.2 Qmail-scanner installation
| linux-jnwt:/usr/local/src # wget http://prdownloads.sourceforge.net/qmail-scanner/qmail-scanner-2.05.tgz?download linux-jnwt:/usr/local/src # tar -xvzf qmail-scanner-2.05.tgz linux-jnwt:/usr/local/src # cd qmail-scanner-2.05/ linux-jnwt:/usr/local/src/qmail-scanner-2.05 #./configure –help —> Optionen sollte man zuerst nachschauen. linux-jnwt:/usr/local/src/qmail-scanner-2.05 # ./configure Building Qmail-Scanner 2.05… ***** NOTE ****** Qmail-Scanner doesn’t have language translations for de_DE.UTF-8, /usr/bin/uudecode works as expected on system… The following binaries and scanners were found on your system: log-details=syslog silent-viruses=’klez’,’bugbear’,’hybris’,’yaha’,’braid’,’nimda’,’tanatos’,’sobig’,’winevar’,’palyh’,’fizzer’,’gibe’,’cailont’,’lovelorn’,’swen’,’dumaru’,’sober’,’hawawi’,’holar-i’,’mimail’,’poffer’,’bagle’,’worm.galil’,’mydoom’,’worm.sco’,’tanx’,’novarg’,’\@mm’ scanners=”clamdscan”,”fast_spamassassin” If that looks correct, I will now generate qmail-scanner-queue.pl for your system… Testing suid nature of /usr/bin/perl… Finished installation of initial directory structure for Qmail-Scanner under /var/spool/qscan and qmail-scanner-queue.pl under /var/qmail/bin. (/var/qmail/bin/qmail-scanner-queue.pl) to check paths/etc. That’s it! ****** FINAL TEST ****** Please log into an unpriviledged account and run If you see the error “Can’t do setuid”, or “Permission denied”, then refer to the FAQ. (e.g. “setuidgid qmaild /var/qmail/bin/qmail-scanner-queue.pl -g”) That’s it! To report success: linux-jnwt:/usr/local/src/qmail-scanner-2.05 # ./configure –install |
If qmail-scanner got an error during installation:
http://qmail-scanner.sourceforge.net/FAQ.php
3.4.3 Qmail-scanner test
| linux-jnwt:/usr/local/src/qmail_test/qmail-scanner-2.05 # ./contrib/test_installation.sh linux-jnwt:/usr/local/src/qmail_test/qmail-scanner-2.05 # ./contrib/test_installation.sh -doit |
In this test Spamassassin will not scan mails, because test-emails come from local users.
4. Sanesecurity Signatures
Requirements:
- Curl or Wget {curl >= 7.19.4 recommended} {wget >= 1.11.4 recommended}
b. http://www.gnu.org/software/wget/
- rsync {Version >= 3.0.5 recommended}
a. http://samba.anu.edu.au/rsync/
- gnupg {Version >= 2.0.11 recommended}
a. http://lists.gnupg.org/pipermail/gnupg-announce/2009q1/000287.html
- clamav {Version >= 0.95 recommended}
Source:
/usr/local/src/scamp-5.0.5b/README
/usr/local/share/clamav/tmp/sane/readme.txt
4.1 Sansecurity installation
| – Generate gpg keys for actual user: linux-jnwt: # gpg gpg: directory `/root/.gnupg’ created gpg: new configuration file `/root/.gnupg/gpg.conf’ created gpg: WARNING: options in `/root/.gnupg/gpg.conf’ are not yet active during this run gpg: keyring `/root/.gnupg/secring.gpg’ created gpg: keyring `/root/.gnupg/pubring.gpg’ created linux-jnwt: # cd /usr/local/src/ linux-jnwt:/usr/local/src # wget http://ftp.seibercom.net/pub/scamp.tar.gz linux-jnwt:/usr/local/src/scamp # tar -xvzf scamp.tar.gz linux-jnwt:/usr/local/src # cd scamp-5.* linux-jnwt:/usr/local/src # less README |
Stop Clamav and delete(backup) database:
| – Stop ClamAV and Spamd and Qmail linux-jnwt:/usr/local/src # qmailctl stop && svc -d /service/clamd && svc -d /service/spamd – Backup ClamAV Database linux-jnwt:/usr/local/src # mkdir /var/lib/clamavdbbak linux-jnwt:/usr/local/src # cd /var/lib/clamav linux-jnwt:/var/lib/clamav # cp –r * /var/lib/clamavdbbak linux-jnwt:/var/lib/clamav # rm –r * linux-jnwt:/var/lib/clamav # cd /usr/local/src/scamp-5* linux-jnwt:/usr/local/src # scamp.sh Enter the location of the Clamav Database. It must be a Fully Qualified Path: /var/lib/clamav Clamav PID file location: /var/run/clamav/clamd.pid Do you want to turn on the random download timer? It only works when run via CRON. 1=on & 0=off 1 Enter: GROUP ownership of files: qscand Enter: USER ownership of files: qscand Install the Sanesecurity files: 1=yes & 0=no 1 <Aktualizierung mit rsync durch Zielport 873!> Install the MSRBL files: 1=yes & 0=no 1 <Aktualizierung mit rsync durch Zielport 873!> Install the Malware files: 1=yes & 0=no 1 Install the Securiteinfo files: 1=yes & 0=no 1 Reload clamd after update: 1=yes & 0=no 0 Install the *.ldb files: 1=yes & 0=no Do you want a summary screen printed out when finished? Do you want to create a log file? |
Download with Freshclam the Clamav Database:
| linux-jnwt:/var/lib/clamav/scamp # /usr/local/bin/freshclam -u qscand linux-jnwt:/var/lib/clamav/scamp # cat /var/log/freshclam.log linux-jnwt:/usr/local/src/clamav-0.94.2 # svc -u /service/spamd && svc -u /service/clamd && qmailctl start linux-jnwt:/usr/local/src/clamav-0.94.2 # ps axfu | grep spam linux-jnwt:/usr/local/src/clamav-0.94.2 # ps axfu | grep qmail linux-jnwt:/usr/local/src/clamav-0.94.2 # ps axfu | grep clam linux-jnwt:/usr/local/src/clamav-0.94.2 #qlog linux-jnwt:/usr/local/src/clamav-0.94.2 #spamlog |
4.2 Sanesecurity test
We will send 3 e-mails with the following contents to test the new signatures. On official website can be found maybe new test messages.
| TEST 1 — Html.Sanesecurity.TestSig_Type3_Bdy Send a HTML formatted email to yourself with this text in the BODYof the email: body_rrg63uhj2ucyeccrux7d83a4qd5ua5vnlgwjp6b6fmpzpobzjabftehuhraxfbyzzzzz |
| TEST 2 –Email.Sanesecurity.TestSig_Type4_Hdr Send an email to yourself with this text in the SUBJECT of the email: rrg63Uhj2UCyECcruX7D83A4qd5UA5vnlgwJp6b6fmPZpObZJAbftehuhRAXFby |
| TEST 3 — Email.Sanesecurity.TestSig_Type4_Bdy Send an email to yourself with this text in the BODY of the email: body_rrg63Uhj2UCyECcruX7D83A4qd5UA5vnlgwJp6b6fmPZ0ajdjkwjnSSDfsdfsdfnwerd |
5. Backup and Restore
The first thing that should be saved is all the configuration files used ba all of our applications.
Qmail:
I followed this link partly:
http://qmail.jms1.net/backup.shtml
All Supervise Scripts:
/var/qmail/supervise/qmail-send/log/run
/var/qmail/supervise/qmail-send/run
/var/qmail/supervise/qmail-smtpd/log/run
/var/qmail/supervise/qmail-smtpd/run
Full /var/qmail/alias/ folder:
/var/qmail/alias/.qmail-abuse -> .qmail-postmaster
/var/qmail/alias/.qmail-mailer-daemon -> .qmail-postmaster
/var/qmail/alias/.qmail-postmaster
/var/qmail/alias/.qmail-root
The SMTP-access control (for tcpserver):
/etc/tcp.smtp
/etc/tcp.smtp.cdb ?Should I ?
Full /var/qmail/control/ folder:
/var/qmail/control/defaultdomain
/var/qmail/control/defaultdelivery
/var/qmail/control/me
/var/qmail/control/locals
/var/qmail/control/plusdomain
/var/qmail/control/concurrencyincoming
/var/qmail/control/rcpthosts
/var/qmail/control/validrcptto.cdb
Clamav and Spamassassin:
– clamd.conf
– freshclam.conf
– Virusdatabase
Spamassassin:
– init.pre
– local.cf
– learnt spams: http://blogama.org/node/12
Daemontools:
– run files
– <xyz>ctl files
6. Administration Guide
6.1 Jobcontrol for repeatedly tasks
The cronjobs can be found in /var/spool/cron/crontabs/root or /var/spool/cron/tabs/root
The crontab commands:
| linux-jnwt:/ # crontab –l – shows actual cron-table of user. linux-jnwt:/ # crontab –e – With the $EDITOR variable defined Editor will be the /var/cron/tabs/root-file opened. linux-jnwt:/ # crontab –r – Remove cron-table of user. |
6.1.1 Qmail
| PATH=/usr/bin:/usr/sbin:/sbin:/bin:/usr/lib/news/bin:/usr/local/bin
<That should be finished sooner or later> |
6.1.2 Validrcptto
| <That should be finished sooner or later> |
6.1.3 Qmail-scanner
| PATH=/usr/bin:/usr/sbin:/sbin:/bin:/usr/lib/news/bin:/usr/local/bin
<That should be finished sooner or later> |
6.1.4 Clamav
| PATH=/usr/bin:/usr/sbin:/sbin:/bin:/usr/lib/news/bin:/usr/local/bin
0 * * * * /usr/local/bin/freshclam 1>/dev/null 2>&1 |
6.1.5 Sanesecurity
| 0 4 * * * /var/lib/clamav/scamp/scamp.sh 1> /var/log/clamd/updatesane.log 2>&1 |
6.1.6 Spamassassin
| <That should be finished sooner or later> |
6.2 Mailing-lists
If you want to get informations on used applications, then sign in for the following lists.
- Qmail
Other mailinglists:
- Clamav
Create account for Clamav Bugzilla Reports:
https://wwws.clamav.net/bugzilla/
Mail Preferences setup!
Create Account for Clamav Announces:
http://lists.clamav.net/mailman/listinfo/clamav-announce
Create Account for Clamav Users:
http://lists.clamav.net/mailman/listinfo/clamav-users
Other Mailinglists:
http://www.clamav.net/support/ml
- Sanesecurity
Mailinglist only for Sanesecurity. Signature Announce:
http://www.freelists.org/list/sanesecurity_announce
- Spamassassin
http://wiki.apache.org/spamassassin/MailingLists
For Subscription send mail to announce-subscribe@spamassassin.apache.org
For Subscription send mail to users-subscribe@spamassassin.apache.org
- Qmail-scanner
Qmail-scanner users:
https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
Announce-only:
https://lists.sourceforge.net/lists/listinfo/qmail-scanner-announce
IF any of the links mentioned here is not reachable the should you search (Google) for Mailing List Informations.
6.3 Clamav update
Update von 0.94 -> 0.94.2
Clamav 0.94-2 package download, extract and install:
| linux-jnwt:/ # cd /usr/local/src
linux-jnwt:/usr/local/src # wget http://freshmeat.net/redir/clamav/29355/url_tgz/clamav-0.94.2.tar.gz |
Download with Freshclam dthe new Clamav Database:
| linux-jnwt:/var/lib/clamav/scamp # /usr/local/bin/freshclam -u qscand –quiet linux-jnwt:/var/lib/clamav/scamp # cat /var/log/clam-update.log linux-jnwt:/usr/local/src/clamav-0.94.2 # svc -u /service/spamd && svc -u /service/clamd && qmailctl start linux-jnwt:/usr/local/src/clamav-0.94.2 # ps axfu | grep spam linux-jnwt:/usr/local/src/clamav-0.94.2 # ps axfu | grep qmail linux-jnwt:/usr/local/src/clamav-0.94.2 # ps axfu | grep clam linux-jnwt:/usr/local/src/clamav-0.94.2 #qlog linux-jnwt:/usr/local/src/clamav-0.94.2 #spamlog |
6.4 Administration of Spamassassin
6.4.1 Whitelist entry in Spamassassin rule
If you need new domain in white_list:
| linux-jnwt:/usr/local/src/clamav-0.94.2 # vi /etc/mail/spamassassin/local.cf
whitelist_from new@domain linux-jnwt:/usr/local/src/clamav-0.94.2 # svc –d /service/spamd |
6.4.2 Tuning Rulescores
Rules description:
http://wiki.apache.org/spamassassin/CategoryRule
Adjust Rulescore:
http://wiki.apache.org/spamassassin/AdjustRuleScore
Example:
2009-03-18 17:27:27.096178500 [2311] info: spamd: processing message (unknown) for xyz@yxzdomain:1002
2009-03-18 17:27:31.865761500 [2311] info: spamd: identified spam (6.7/5.0) for xyz@yxzdomain:1002 in 5.0 seconds, 8422 bytes.
2009-03-18 17:27:32.112578500 [2311] info: spamd: result: Y 6 – BAYES_99,FORGED_MUA_OUTLOOK,HTML_MESSAGE,MISSING_MID,RDNS_NONE scantime=5.0,size=8422,user= xyz@yxzdomain,uid=1002,required_score=5.0,rhost=localhost,raddr=127.0.0.1,rport=46423,mid=(unknown),bayes=1.000000,autolearn=no,shortcircuit=no
Scores for this example:
1. BAYES_99
1
2. FORGED_MUA_OUTLOOK
root@mx:/# grep FORGED_MUA_OUTLOOK /usr/local/share/spamassassin/50_scores.cf
score FORGED_MUA_OUTLOOK 4.199 4.199 2.963 3.116
3. HTML_MESSAGE
root@mx:/# grep HTML_MESSAGE /usr/local/share/spamassassin/50_scores.cf
score HTML_MESSAGE 0.001
4. MISSING_MID
root@mx:/# grep MISSING_MID /usr/local/share/spamassassin/50_scores.cf
score MISSING_MID 0.001 # n=1 n=2 n=3
5. RDNS_NONE
root@mx:/# grep RDNS_NONE /usr/local/share/spamassassin/50_scores.cf
score RDNS_NONE 0.1
6.5 Logging Administration
6.5.1 Actual logentries
Logfiles for qmail:
| linux-jnwt:/ # tree -a /var/log/qmail/ /var/log/qmail/ |– current – qmail-send writes logs here. |– lock |– smtpd | |– current — qmail-smtpd writes logs here. | |– lock | `– state `– state |
Logfiles for qmail-scanner:
| linux-jnwt:/ # tree /var/spool/qscan/
/var/spool/qscan/ |– archives – Here will be logs archived from „/var/spool/qscan/quarantine/spam/new/“ |
Logfiles for Spamassassin:
| linux-jnwt:/ # more /var/log/spamd/current – SA writes logentries here because of Spamd Supervise Script. linux-jnwt:/ # more var/log/mail– SA writes logs here as well. |
Logfiles for Clamav:
| linux-jnwt:/ # more /var/log/clamd/current – Clamav SA writes here the logs because of Clamav Supervise Script. |
Logfiles for DNSCache:
| linux-jnwt:/ # more /var/log/dnscache/current |
Logfiles for Freshclam:
| linux-jnwt:/ # more /var/log/freshclam.log |
Logfiles for Sanesecurity:
| linux-jnwt:/ # more /var/lib/clamav/updatesane.log |
6.5.2 Archiving of emails (quarantined only)
Spammails:
| linux-jnwt:/ # vi /var/spool/qscan/zipspams.sh
find /var/spool/qscan/quarantine/spam/new/ > /var/spool/qscan/tmp/spamlist |
Virusmails:
| linux-jnwt:/ # vi /var/spool/qscan/zipviruses.sh
#!/bin/sh |
6.5.3 Archiving of logs
Logs should be saved from the following applications:
Qmail
Clamav
Freshclam
Qmail-scanner
itsecworks 
Posted on November 25, 2010
0