Using MailScanner/Postfix/SpamAssassin/ClamAV in Gentoo Linux
Introduction
This document is an attempt to collect the knowledge needed to setup an email system capable of scanning emails for viruses and to block unwanted spam. The entire process of getting, compiling, installing, and configuring this process will be covered. Pointers to sites for more information will be included as needed and put into the Links section. This version of the HowTo is for MailScanner 4.25-14, Mail-SpamAssassin 2.63, Postifix 2.0.11, and ClamAV 0.65. This HowTo will be Gentoo Linux specific, but will apply to most (if not all) Linux distributions. All previous versions of MailScanner, Mail-SpamAssassin, Postfix, and ClamAV are either obsolete or not guaranteed. This document makes no promises as to the success of getting any of the previous versions working, but most newer versions should work fine.
Authors
List of everyone who has put words into this file.
[1] Jeremy Heslop
[2] Steve Elzey
[3] Asgeir
Please notify the HowTo maintainer if you believe you should be listed above.
What is MailScanner?
"MailScanner scans all e-mail for viruses, spam and attacks against security vulnerabilities. It is not tied to any particular virus scanner, but can be used with any combination of 14 different virus scanners, allowing sites to choose the "best of breed" virus scanner. Being open source, site administrators can audit and verify the integrity of the system. Its role is a major part in the security of a network, and so it must act as a trusted service. The only way to achieve the required level of trust is to be open source, an approach the commercial suppliers are not willing to take. MailScanner has been developed in a world-leading Electronics and Computer Science Department at the University of Southampton, and is distributed for *FREE* under the GNU Public License." -- Quoted from http://www.mailscanner.biz/introduction.html
For more information regarding specifics to MailScanner please refer to the MailScanner's main site
Why should we use MailScanner?
MailScanner combines multiple programs together to help get rid of unwanted email (spam) and block old and new viruses. It has any easy to understand configuration file. Best of all MailScanner is free.
What is Postfix?
Postfix is a program that allows for the sending and receive of email aka an email server program. Here is what it's website says about it:
"It is Wietse Venema's mailer that started life as an alternative to the widely-used Sendmail program.
Postfix attempts to be fast, easy to administer, and secure, while at the same time being sendmail compatible enough to not upset existing users. Thus, the outside has a sendmail-ish flavor, but the inside is completely different." -- Quoted from http://www.postfix.org/
Why should I use Postfix?
Postfix is easy to setup and can handle mail as fast, if not faster, than most MTAs on the market and being a free alternative makes it a good choice.
What is Mail-SpamAssassin?
"SpamAssassin is a mail filter to identify spam. Using its rule base, it uses a wide range of heuristic tests on mail headers and body text to identify "spam", also known as unsolicited commercial email." -- Quoted from http://www.spamassassin.org/
Why should I use Mail-SpamAssassin?
SpamAssassin is flexible, easy to extend, uses a wide-spectrum of tests, and is free. Everything that we could ever want from an anti-spam program.
What is ClamAV?
"Clam AntiVirus is a GPL anti-virus toolkit for UNIX. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command line scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use with your own software. Most importantly, the virus database is kept up to date." -- Quoted from http://www.clamav.net/
Why should I use ClamAV?
ClamAV is a fast, and up-to-date virus scanner that integrates well in MailScanner. Other anti-virus engines can be used with MailScanner, but the others either cost money or do not updates as regularly. ClamAV has an easy update utility to keep the virus list updated which will keep new viruses out of your in-box.
Setting up Mailscanner
Setting up MailScanner under Gentoo Linux will get easier when an ebuild for MailScanner makes it's way into the portage tree, but for now we will set it up manually which is well documented in the MailScanner download's INSTALL file.
Getting, compiling and installing
You can get the latest version of MailScanner from http://www.mailscanner.info
Because MailScanner is a perl program there is no need to compile it. You will however need to install the prerequisites for MailScanner. They are listed here: http://www.sng.ecs.soton.ac.uk/mailscanner/install/perl.shtml
Most of the perl modules can be emerged, except MIME-tools which should be used from the MailScanner site. (See perl page above) But first one has to run emerge inject dev-perl/MIME-tools to pretend that this module was emerged from portage (there are some dependencies to MIME-tools that may have to be installed).
NOTE: I have used the built in Gentoo MIME-tools (5.417) without any problems, but your mileage may vary. Always make sure you go use the recommended versions.
A detailed explanation of installing MailScanner is here: http://www.sng.ecs.soton.ac.uk/mailscanner/install/mailscanner.shtml
Read up on using CPAN to install perl modules. Once you have MailScanner installed under /opt/MailScanner/ (or your location) you will need to make sure it gets started at bootup. The MailScanner rpm packages does this for you, but in Gentoo we will need to create a init script. Here is the script /etc/init.d/mailscanner:
#!/sbin/runscript
# Copyright 1999-2003 Gentoo Technologies, Inc.
# Distributed under the terms of the GNU General Public License v2
opts="reload"
depend() {
need net
use logger dns
}
start() {
ebegin "Starting Incoming postfix"
/usr/sbin/postfix -c /etc/postfix.in start &>/dev/null
eend $?
ebegin "Starting Outgoing postfix"
/usr/sbin/postfix -c /etc/postfix start &>/dev/null
eend $?
ebegin "Starting MailScanner"
/sbin/start-stop-daemon --quiet \
--start --startas /opt/MailScanner/bin/check_mailscanner \
--pidfile /var/run/MailScanner.pid
eend $?
}
stop() {
ebegin "Stopping MailScanner"
start-stop-daemon -o --quiet --stop --pidfile /var/run/MailScanner.pid
[ -f /var/run/MailScanner.pid ] && rm /var/run/MailScanner.pid
eend $?
ebegin "Stopping Outgoing postfix"
/usr/sbin/postfix -c /etc/postfix stop &>/dev/null
eend $?
ebegin "Stopping Incoming postfix"
/usr/sbin/postfix -c /etc/postfix.in stop &>/dev/null
eend $?
}
reload() {
ebegin "Reloading incoming postfix"
/usr/sbin/postfix -c /etc/postfix.in reload &>/dev/null
eend $?
ebegin "Reloading outgoing postfix"
/usr/sbin/postfix -c /etc/postfix reload &>/dev/null
eend $?
ebegin "Reloading MailScanner workers:"
pid=`pidof -x MailScanner`
if [ -n "$pid" ] ;
then
/bin/kill -HUP $pid
fi
eend $?
}
Now just add mailscanner to bootup:
rc-update add mailscanner default
Configuring MailScanner.conf
To properly setup MailScanner we will have to make sure it knows what MTA, spam, and anti-virus tools we want to use. Here are the options you will need to change:
%org-name% = yoursite Run As User = postfix Run As Group = postfix Incoming Queue Dir = /var/spool/postfix.in/deferred Outgoing Queue Dir = /var/spool/postfix/incoming MTA = postfix Virus Scanners = clamav
Here we specify that we are using postfix as our email server and clamav as our anti-virus tool. MailScanner does not use Mail-SpamAssassin by default so we will configure it later in this HowTo. However MailScanner does have spam checks turned on by default. These spam checks use blacklists sometimes referred to as RBL (Realtime Blackhole List) to check email senders in realtime. Here is what I usually change the Spam List to in MailSCanner.conf when setting up MailScanner.
Spam List = spamhaus.org spamcop.net ORDB-RBL
Spamhaus is a very conservative blacklist however spamcop is more aggressive so if you find good emails being marked as spam it's possible spamcop could be marking them, but usually rightly so. Check your mail logs for more specific information regarding spams being marked incorrectly.
There are a lot of additional tweaks you can make to MailScanner.conf, such as how your system handles each virus caught. Please refer to the config file comments for details.
Setting up Postfix
Most if not all of this information is coming from this document: http://www.sng.ecs.soton.ac.uk/mailscanner/install/postfix.shtml So if you get lost or confused please consult the link above.
Getting, compiling and installing
You can get postfix from http://www.postfix.org, but for gentoo we will just emerge it:
emerge postfix
This will do all the getting, compiling and installing for you. We will now need to configure postfix for MailScanner. Any extra configurations of postfix like aliases are out of the scope of this document.
Configuring two versions of postfix
MailScanner used to sit in between two versions of postfix, but now we only need one version running. This section referenced from this webpage: http://www.sng.ecs.soton.ac.uk/mailscanner/install/postfix.shtml
We will need to edit postfix to hold all email messages so that MailScanner can scan them and then put them in the mail queue. We will first need to edit /etc/postfix/main.cf to hold all incoming messages:
header_checks = regexp:/etc/postfix/header_checks
Then we will need to create the header_checks file /etc/postfix/header_checks and put in this information:
/^Received:/ HOLD
You will need to ensure that the user "postfix" can write to /var/spool/MailScanner/incoming and /var/spool/MailScanner/quarantine:
chown postfix.postfix /var/spool/MailScanner/incoming chown postfix.postfix /var/spool/MailScanner/quarantine
Just as an added check make sure that you don't have postfix run by itself. MailScanner will now start each version of postfix for you:
rc-update del postfix default
Now we have a configured our mail setup. Let's move on to ridding emails of spam and viruses.
Setting up Mail-SpamAssassin
Setting up Mail-SpamAssassin is pretty straight forward. We will install it and then do some minor tweaks to get it setup.
Getting, compiling and installing
Getting, compiling and installing is a very simple especially in Gentoo Linux. We will just emerge it.
emerge spamassassin
This will setup the dependencies of SpamAssassin and install the perl modules needed.
Configuring Mail-SpamAssassin
Mailscanner by default has SpamAssassin turned off. We will need to change the MailScanner.conf file to turn it on:
Use SpamAssassin = yes
You can tweak other settings for SpamAssassin, but be default they are pretty good at catching a good percent of spam emails.
Setting up ClamAV
ClamAV as stated above is a great anti-virus tool and setting it up is a trivial process.
Getting, compiling and installing
Like most other Gentoo Linux packages clamav is a straight forward emerge:
emerge clamav
Configuring ClamAV
Once installed we will have to make sure Gentoo Linux starts clamav server process when the computer starts. We will need to make sure this is in /etc/conf.d/clamd:
START_CLAMD=yes
This will make sure that when the initial bootup process is started clamd will start as well. Then we need to add clam and freshclam to the startup process:
rc-update add clamd default
Now we need to make sure the Example line in /etc/clamav.conf is commented out or clamd will not start:
# Comment or remove the line below. #Example
Configuring auto-updates
ClamAV gets updated twice a day by default with freshclam daemon. If you want to change that then edit /etc/conf.d/clamd and change the number two in "-c 2" to a higher or lower number (ie check 3 times a day then -c 3). Freshclam will get started automatically during bootup when you start ClamAV unless you change the line in /etc/conf.d/clamd to tell it otherwise.
Links
- MailScanner (www.mailscanner.info)
- Postfix (www.postfix.org)
- Mail-SpamAssassin (www.spamassassin.org)
- ClamAV (www.clamav.net)
- MailScanner ebuild (bugs.gentoo.org)
- MailScanner HowTo (gentoo-wiki.com)
- MailScanner Wiki (wiki.mailscanner.info)