Linux Step By Step

Step By Step install Mailscanner Solution

Overview

MailScanner is a highly-respected open-source e-mail security system that scans all e-mail for viruses, spam and attacks against security vulnerabilities. It is not tied to any particular virus scanner and may be used with any combination of 14 different virus scanners. This document explains how to install MailScanner using a single copy of Postfix to handle both incoming and outgoing mail delivery.
The approach described here does not require Mailscanner to access the active queue. Instead Postfix puts all incoming email into a hold queue so Mailscanner can safely access these emails for scanning and then pass them back to the Postfix active queue for delivery.
Anti-virus and anti-spam filtering is provided by the following optional components:

AntiVir
BitDefender
ClamAV
SpamAssassin

Installing AntirVir

AntiVir is provided courtesy of AntiVir PersonalProducts GmbH. The private, non-commercial use of AntiVir Workstation for Linux is free. Please check their Web site for the latest version. To install AntiVir, use the following commands:

wget http://free-av.com/personal/en/unix/antivir-workstation-pers.tar.gz
gzip -d antivir-workstation-pers.tar.gz
tar -xvf antivir-workstation-pers.tar
cd antivir-workstation-pers-2.1.4-20/
./install
The default settings offered by the script are acceptable since MailScanner will ensure the virus definitions are kept up-to-date. To update AntiVir type from the command line:
antivir –update
To scan from the command line use:
antivir

Installing BitDefender

BitDefender is provided courtesy of SOFTWIN SRL. BitDefender Linux Edition is a freeware product, which doesn’t require a license to be used. Please check their Web site for the latest version. To install BitDefender, use the following commands:

wget http://download.bitdefender.com/linux/free/bitdefender-console/en/BitDefender-Console-Antivirus-7.1-3.linux-gcc3x.i386.rpm
apt-get install compat-libstdc++-33
rpm -Uvh BitDefender-Console-Antivirus-7.1-3.linux-gcc3x.i386.rpm
To update BitDefender from the command line use:
bdc –update
To scan from the command line use:
bcd

Installing ClamAV

ClamAV is a free anti-virus toolkit for UNIX and is provided courtesy of the ClamAV Project. Clam AntiVirus is licensed under the GNU Public Licence. Packages used in this Howto are either built and/or maintained by Dag Wieers. Please check each Web site for the latest versions. To install ClamAV, use the following commands:

wget http://dag.wieers.com/packages/clamav/clamav-0.87-1.2.el4.rf.i386.rpm
wget http://dag.wieers.com/packages/clamav/clamav-db-0.87-1.2.el4.rf.i386.rpm
wget http://dag.wieers.com/packages/clamav/clamd-0.87-1.2.el4.rf.i386.rpm
rpm -Uvh clamav*
rpm -Uvh clamd-0.87-1.2.el4.rf.i386.rpm
service clamd start
To update ClamAV from the command line use:
freshclam
To scan from the command line use:
clamdscan

Installing SpamAssassin

SpamAssassin is an open-source spam filter provided courtesy of The Apache SpamAssassin Project. Clam AntiVirus is licensed under the GNU Public Licence. Please check their Web site for the latest version. To install SpamAssassin simply use the following command:

yum install spamassassin

Remove cc-spamassassin before installing spamassassin.

yum remove cc-spamassassin


Install and configure MailScanner

MailScanner is developed by the Electronics and Computer Science Department at the University of Southampton and is distributed for free under the GNU Public Licence. Please check their Web site for the latest version.
Before you proceed any further you will need to install the ClarkConnect developer tools on your system. For instructions go to the following howto: Installing and Removing the Developer Tools. To install MailScanner, use the following commands:

wget http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/rpm/MailScanner-4.47.4-2.rpm.tar.gz
gzip -d MailScanner-4.47.4-2.rpm.tar.gz
tar -xvf MailScanner-4.47.4-2.rpm.tar
cd MailScanner-4.47.4-2/
./install.sh
Installing MailScanner will generate lots of output; ensure it finishes without error before proceeding.

Now is a good time to backup your configuration!

Nescessary, execute the following commands before configuring MailScanner:

service postfix stop
chkconfig postfix off
Open /etc/postfix/main.cf and make sure that you add the following line: header_checks = regexp:/etc/postfix/header_checks

Next, open the file /etc/postfix/header_checks and add this line: /^Received:/ HOLD
This tells Postfix to move all messages to the HOLD queue. Now edit the file /etc/MailScanner/MailScanner.conf and change the following 6 settings, which are all near the top of the file:

Run As User = postfix
Run As Group = postfix
Incoming Queue Dir = /var/spool/postfix/hold
Outgoing Queue Dir = /var/spool/postfix/incoming
MTA = postfix
SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin
Next, make sure Postfix can write to /var/spool/MailScanner/incoming and /var/spool/MailScanner/quarantine:
chown postfix.postfix /var/spool/MailScanner/incoming
chown postfix.postfix /var/spool/MailScanner/quarantine
Finally, execute the following commands and you’re ready for testing:
mkdir /var/spool/MailScanner/spamassassin
chown postfix.postfix /var/spool/MailScanner/spamassassin
mkdir /var/spool/mqueue
chown postfix.postfix /var/spool/mqueue
touch /var/lock/subsys/MailScanner.off

If you have not already done so, open port 25 using Webconfig.

Using MailScanner

Now you are ready to test MailScanner without using anti-virus or anti-spam filtering:
service MailScanner start
If you can successfully send and recieve mail start adding virus scanners and SpamAssassin one at a time. Modify /etc/MailScanner/MailScanner.conf accordingly: Virus Scanning = yes
Virus Scanners = antivir bitdefender clamav
Use SpamAssassin = yes
Notify Senders = no
Once you are satisfied that everything is working correctly, edit the organisation and server identification information: %org-name% = YOURSITENAME
%org-long-name% = The name of your organisation
%web-site% = http://www.yoursite.com
Finally, you need to amend the virus scanner wrapper so that ClamAV is automatically updated. Modify /etc/MailScanner/virus.scanners.conf: clamav /usr/lib/MailScanner/clamav-wrapper /usr/bin/clamdscan
You may test this by issuing the following from the shell:
/usr/lib/MailScanner/clamav-wrapper /usr/bin/clamdscan /tmp

1 Comment »

  1. Hi,

    I’d just like to say this was an extremely helpful and informative post. I already have a postfix/mailscanner/spamassassin box running, I followed a howto called “the perfect spamsnake” on howtoforge. The tutorial was extremely detailed in WHAT to do, but not in WHY to do it. Your post explained how mailscanner accesses the messages from postfix, using the hold queue, which I have been trying to understand ever since I got the box up and running, so thank you for this!

    Rob

    Comment by Rob Golding — January 12, 2009 @ 12:08 pm | Reply


RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Create a free website or blog at WordPress.com.

%d bloggers like this: