Using MailScanner/Postfix/SpamAssassin/ClamAV in Gentoo Linux

From LQWiki
Jump to: navigation, search

Introduction

This document is an attempt to collect the knowledge needed to setup an email system capable of scanning emails for viruses and to block unwanted spam. The entire process of getting, compiling, installing, and configuring this process will be covered. Pointers to sites for more information will be included as needed and put into the Links section. This version of the HowTo is for MailScanner 4.25-14, Mail-SpamAssassin 2.63, Postifix 2.0.11, and ClamAV 0.65. This HowTo will be Gentoo Linux specific, but will apply to most (if not all) Linux distributions. All previous versions of MailScanner, Mail-SpamAssassin, Postfix, and ClamAV are either obsolete or not guaranteed. This document makes no promises as to the success of getting any of the previous versions working, but most newer versions should work fine.

Authors

List of everyone who has put words into this file.

[1] Jeremy Heslop

[2] Steve Elzey

[3] Asgeir

Please notify the HowTo maintainer if you believe you should be listed above.

What is MailScanner?

"MailScanner scans all e-mail for viruses, spam and attacks against security vulnerabilities. It is not tied to any particular virus scanner, but can be used with any combination of 14 different virus scanners, allowing sites to choose the "best of breed" virus scanner. Being open source, site administrators can audit and verify the integrity of the system. Its role is a major part in the security of a network, and so it must act as a trusted service. The only way to achieve the required level of trust is to be open source, an approach the commercial suppliers are not willing to take. MailScanner has been developed in a world-leading Electronics and Computer Science Department at the University of Southampton, and is distributed for *FREE* under the GNU Public License." -- Quoted from http://www.mailscanner.biz/introduction.html

For more information regarding specifics to MailScanner please refer to the MailScanner's main site


Why should we use MailScanner?

MailScanner combines multiple programs together to help get rid of unwanted email (spam) and block old and new viruses. It has any easy to understand configuration file. Best of all MailScanner is free.


What is Postfix?

Postfix is a program that allows for the sending and receive of email aka an email server program. Here is what it's website says about it:

"It is Wietse Venema's mailer that started life as an alternative to the widely-used Sendmail program.

Postfix attempts to be fast, easy to administer, and secure, while at the same time being sendmail compatible enough to not upset existing users. Thus, the outside has a sendmail-ish flavor, but the inside is completely different." -- Quoted from http://www.postfix.org/


Why should I use Postfix?

Postfix is easy to setup and can handle mail as fast, if not faster, than most MTAs on the market and being a free alternative makes it a good choice.


What is Mail-SpamAssassin?

"SpamAssassin is a mail filter to identify spam. Using its rule base, it uses a wide range of heuristic tests on mail headers and body text to identify "spam", also known as unsolicited commercial email." -- Quoted from http://www.spamassassin.org/


Why should I use Mail-SpamAssassin?

SpamAssassin is flexible, easy to extend, uses a wide-spectrum of tests, and is free. Everything that we could ever want from an anti-spam program.


What is ClamAV?

"Clam AntiVirus is a GPL anti-virus toolkit for UNIX. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command line scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use with your own software. Most importantly, the virus database is kept up to date." -- Quoted from http://www.clamav.net/


Why should I use ClamAV?

ClamAV is a fast, and up-to-date virus scanner that integrates well in MailScanner. Other anti-virus engines can be used with MailScanner, but the others either cost money or do not updates as regularly. ClamAV has an easy update utility to keep the virus list updated which will keep new viruses out of your in-box.


Setting up Mailscanner

Setting up MailScanner under Gentoo Linux will get easier when an ebuild for MailScanner makes it's way into the portage tree, but for now we will set it up manually which is well documented in the MailScanner download's INSTALL file.


Getting, compiling and installing

You can get the latest version of MailScanner from http://www.mailscanner.info

Because MailScanner is a perl program there is no need to compile it. You will however need to install the prerequisites for MailScanner. They are listed here: http://www.sng.ecs.soton.ac.uk/mailscanner/install/perl.shtml

Most of the perl modules can be emerged, except MIME-tools which should be used from the MailScanner site. (See perl page above) But first one has to run emerge inject dev-perl/MIME-tools to pretend that this module was emerged from portage (there are some dependencies to MIME-tools that may have to be installed).

NOTE: I have used the built in Gentoo MIME-tools (5.417) without any problems, but your mileage may vary. Always make sure you go use the recommended versions.

A detailed explanation of installing MailScanner is here: http://www.sng.ecs.soton.ac.uk/mailscanner/install/mailscanner.shtml

Read up on using CPAN to install perl modules. Once you have MailScanner installed under /opt/MailScanner/ (or your location) you will need to make sure it gets started at bootup. The MailScanner rpm packages does this for you, but in Gentoo we will need to create a init script. Here is the script /etc/init.d/mailscanner:

#!/sbin/runscript
# Copyright 1999-2003 Gentoo Technologies, Inc.
# Distributed under the terms of the GNU General Public License v2
                                                                                
opts="reload"
                                                                                
depend() {
        need net
        use logger dns
}
                                                                                
start() {
        ebegin "Starting Incoming postfix"
        /usr/sbin/postfix -c /etc/postfix.in start &>/dev/null
        eend $?
        ebegin "Starting Outgoing postfix"
        /usr/sbin/postfix -c /etc/postfix start &>/dev/null
        eend $?
        ebegin "Starting MailScanner"
        /sbin/start-stop-daemon --quiet \
                --start --startas /opt/MailScanner/bin/check_mailscanner \
                --pidfile /var/run/MailScanner.pid
        eend $?
}

stop() {
        ebegin "Stopping MailScanner"
        start-stop-daemon -o --quiet --stop --pidfile /var/run/MailScanner.pid
    [ -f /var/run/MailScanner.pid ] && rm /var/run/MailScanner.pid
        eend $?
        ebegin "Stopping Outgoing postfix"
        /usr/sbin/postfix -c /etc/postfix stop &>/dev/null
        eend $?
        ebegin "Stopping Incoming postfix"
        /usr/sbin/postfix -c /etc/postfix.in stop &>/dev/null
        eend $?
}

reload() {
        ebegin "Reloading incoming postfix"
                /usr/sbin/postfix -c /etc/postfix.in reload &>/dev/null
        eend $?
        ebegin "Reloading outgoing postfix"
                /usr/sbin/postfix -c /etc/postfix reload &>/dev/null
        eend $?
        ebegin "Reloading MailScanner workers:"
                pid=`pidof -x MailScanner`
                if [ -n "$pid" ] ;
                then
                        /bin/kill -HUP $pid
                fi
        eend $?
}

Now just add mailscanner to bootup:

rc-update add mailscanner default

Configuring MailScanner.conf

To properly setup MailScanner we will have to make sure it knows what MTA, spam, and anti-virus tools we want to use. Here are the options you will need to change:

%org-name% = yoursite
Run As User = postfix
Run As Group = postfix
Incoming Queue Dir = /var/spool/postfix.in/deferred
Outgoing Queue Dir = /var/spool/postfix/incoming
MTA = postfix
Virus Scanners = clamav

Here we specify that we are using postfix as our email server and clamav as our anti-virus tool. MailScanner does not use Mail-SpamAssassin by default so we will configure it later in this HowTo. However MailScanner does have spam checks turned on by default. These spam checks use blacklists sometimes referred to as RBL (Realtime Blackhole List) to check email senders in realtime. Here is what I usually change the Spam List to in MailSCanner.conf when setting up MailScanner.

Spam List = spamhaus.org spamcop.net ORDB-RBL

Spamhaus is a very conservative blacklist however spamcop is more aggressive so if you find good emails being marked as spam it's possible spamcop could be marking them, but usually rightly so. Check your mail logs for more specific information regarding spams being marked incorrectly.

There are a lot of additional tweaks you can make to MailScanner.conf, such as how your system handles each virus caught. Please refer to the config file comments for details.


Setting up Postfix

Most if not all of this information is coming from this document: http://www.sng.ecs.soton.ac.uk/mailscanner/install/postfix.shtml So if you get lost or confused please consult the link above.


Getting, compiling and installing

You can get postfix from http://www.postfix.org, but for gentoo we will just emerge it:

emerge postfix

This will do all the getting, compiling and installing for you. We will now need to configure postfix for MailScanner. Any extra configurations of postfix like aliases are out of the scope of this document.


Configuring two versions of postfix

MailScanner used to sit in between two versions of postfix, but now we only need one version running. This section referenced from this webpage: http://www.sng.ecs.soton.ac.uk/mailscanner/install/postfix.shtml

We will need to edit postfix to hold all email messages so that MailScanner can scan them and then put them in the mail queue. We will first need to edit /etc/postfix/main.cf to hold all incoming messages:

header_checks = regexp:/etc/postfix/header_checks

Then we will need to create the header_checks file /etc/postfix/header_checks and put in this information:

/^Received:/ HOLD

You will need to ensure that the user "postfix" can write to /var/spool/MailScanner/incoming and /var/spool/MailScanner/quarantine:

chown postfix.postfix /var/spool/MailScanner/incoming
chown postfix.postfix /var/spool/MailScanner/quarantine

Just as an added check make sure that you don't have postfix run by itself. MailScanner will now start each version of postfix for you:

rc-update del postfix default

Now we have a configured our mail setup. Let's move on to ridding emails of spam and viruses.

Setting up Mail-SpamAssassin

Setting up Mail-SpamAssassin is pretty straight forward. We will install it and then do some minor tweaks to get it setup.


Getting, compiling and installing

Getting, compiling and installing is a very simple especially in Gentoo Linux. We will just emerge it.

emerge spamassassin

This will setup the dependencies of SpamAssassin and install the perl modules needed.

Configuring Mail-SpamAssassin

Mailscanner by default has SpamAssassin turned off. We will need to change the MailScanner.conf file to turn it on:

Use SpamAssassin = yes

You can tweak other settings for SpamAssassin, but be default they are pretty good at catching a good percent of spam emails.


Setting up ClamAV

ClamAV as stated above is a great anti-virus tool and setting it up is a trivial process.


Getting, compiling and installing

Like most other Gentoo Linux packages clamav is a straight forward emerge:

emerge clamav


Configuring ClamAV

Once installed we will have to make sure Gentoo Linux starts clamav server process when the computer starts. We will need to make sure this is in /etc/conf.d/clamd:

START_CLAMD=yes

This will make sure that when the initial bootup process is started clamd will start as well. Then we need to add clam and freshclam to the startup process:

rc-update add clamd default

Now we need to make sure the Example line in /etc/clamav.conf is commented out or clamd will not start:

# Comment or remove the line below.
#Example

Configuring auto-updates

ClamAV gets updated twice a day by default with freshclam daemon. If you want to change that then edit /etc/conf.d/clamd and change the number two in "-c 2" to a higher or lower number (ie check 3 times a day then -c 3). Freshclam will get started automatically during bootup when you start ClamAV unless you change the line in /etc/conf.d/clamd to tell it otherwise.


Links