Installing Spamassassin and Clamav on Qmail References:http://qmailrocks.org/clamspam_rh.htm # Install the following Perl Modules using Cpan Digest::SHA1 Digest::HMAC Net::DNS Time::HiRes HTML::Tagset HTML::Parser Pod::Usage Parse::Syslog Statistics::Distributions yum install yum install yum install #Installing
perl-suidperl unzip gmp-devel ClamAv ( http://www.clamav.net/ )
yum install clamav-devel /usr/sbin/useradd -c "Qmail-Scanner Account" -s /bin/false qscand #Installing Clamav Manually /usr/sbin/useradd -c "Qmail-Scanner Account" -s /bin/false qscand cd /tmp wget http://freshmeat.net/redir/clamav/29355/url_tgz/clamav-0.90.tar.gz tar zxvf clamav-0.90.tar.gz cd clamav-0.90 ./configure --with-user=qscand --with-group=qscand make make install vi /usr/local/etc/clamd.conf "Example" - should already be commented out. However, if it is not, make sure that it is commented out (#) "LogFile" - should be set to /var/log/clamd.log "User" - should be set to qscand "PidFile" - should be set to /var/run/clamd.pid LogTime 1 FixStaleSocket 1 ScanMail 1 LogSyslog 1 cd /var/run/ touch clamd.pid chown qscand clamd.pid
cp -a /tmp/clamav-0.90/contrib/init/RedHat/clamd /etc/init.d/ chown root.root /etc/rc.d/init.d/clamd /sbin/chkconfig clamd on vi /usr/local/etc/freshclam.conf #Make the necessary changes in the conf file touch /var/log/freshclam.log cd /var/log/ chown qscand.root freshclam.log chown qscand.root clamd.log cd /usr/local/share/ #chown clamav.qscand clamav (no clamav user) chown qscand.qscand clamav /usr/local/bin/freshclam crontab -e 00 00 * * * /usr/local/bin/freshclam cd /etc/logrotate.d/ vi clamd # # Rotate Clam AV daemon log file # /var/log/clamd.log { missingok create 640 root qscand postrotate /bin/kill -HUP `cat /var/run/clamd.pid 2> /dev/null` 2> /dev/null || true endscript } chown root.root clamd chmod 644 clamd /etc/rc.d/init.d/clamd start #Installing SpamAssassin #Using cpan install the following Perl Module install Mail::SpamAssassin yum install spamassassin /usr/sbin/groupadd spamd
/usr/sbin/useradd -g spamd -s /home/spamd spamd vi /etc/sysconfig/spamassassin If the above file exists, replace its contents with the following line. If the file does not exist, create it and add the following line: SPAMDOPTIONS="-x -u spamd -H /home/spamd -d" vi /etc/mail/spamassassin/local.cf Add the following line... required_hits 5 /etc/rc.d/init.d/spamassassin start /sbin/chkconfig spamassassin on # If you encounter the following errors in /var/log/maillog ########### Jan 14 03:59:49 66-226-73-100 spamd[27442]: Failed to run __ENV_AND_HDR_FROM_MATCH SpamAssassin test, skipping:__(Can't locate object method "check_for_matching_env_and_hdr_from" via package "Mail::SpamAssassin::PerMsgStatus" at /usr/lib/perl5/vendor_perl/5.8.6/Mail/SpamAssassin/PerMsgStatus.pm line 2341,
line 193._) Jan 14 03:59:49 66-226-73-100 spamd[27442]: Failed to run USER_IN_DEF_SPF_WL SpamAssassin test, skipping:__(Can't locate object method "check_for_def_spf_whitelist_from" via package "Mail::SpamAssassin::PerMsgStatus" at /usr/lib/perl5/vendor_perl/5.8.6/Mail/SpamAssassin/PerMsgStatus.pm line 2341, line 193._) Jan 14 03:59:49 66-226-73-100 spamd[27442]: Failed to run USER_IN_SPF_WHITELIST SpamAssassin test, skipping:__(Can't locate object method "check_for_spf_whitelist_from" via package "Mail::SpamAssassin::PerMsgStatus" at /usr/lib/perl5/vendor_perl/5.8.6/Mail/SpamAssassin/PerMsgStatus.pm line 2341, line 193._) ########## # then do the following cp -a /etc/mail/spamassassin/init.pre /etc/mail/spamassassin/init.pre.orig vi /etc/mail/spamassassin/init.pre # Comment out this line #loadplugin Mail::SpamAssassin::Plugin::SPF # Update spammassain every night by setting up a cronjob /usr/lib/cpan install LWP::UserAgent yum install gnupg # Please check the update by running /usr/bin/sa-update manually to ensure no
errors are encountered crontab -e 00 1 * * * /usr/bin/sa-update && /sbin/service spamassassin restart ps aux | grep spamd #You should the following info concerning spamassassin. The PID might differ on your system, but you get the idea. #spamd 3734 0.2 2.0 24992 20808 ? S 14:21 0:01 /usr/bin/spamd -x -u spamd -H /home/spamd -d setup #One in the setup menu, scroll down and select the "system services" option. From the system services menu, scroll down to "clamd". #Installing Qmail Scanner (http://qmail-scanner.sourceforge.net/) and Qmail analog ( http://www.qms-analog.teel.ws/ ) cd /tmp wget http://kent.dl.sourceforge.net/sourceforge/qms-analog/qms-analog-0.4.4.tar.gz tar zxvf qms-analog-0.4.4.tar.gz cd qms-analog-0.4.4 make all cd /tmp wget http://kent.dl.sourceforge.net/sourceforge/qmail-scanner/qmail-scanner2.01.tgz tar zxvf qmail-scanner-2.01.tgz # Download the Qmail-Scanner-2.01st (st patch) patch from http://toribio.apollinare.org/qmail-scanner/ cd /tmp wget http://toribio.apollinare.org/qmail-scanner/download/q-s-2.01st20070204.patch.gz gunzip q-s-2.01st-20070204.patch.gz cp -a q-s-2.01st-20070204.patch /tmp/qmail-scanner-2.01 cd /tmp/qmail-scanner-2.01 patch -p1 < q-s-2.01st-20070204.patch #Install PCRE from http://www.pcre.org/ cd /tmp
wget ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-6.7.tar.gz tar zxvf pcre-6.7.tar.gz cd pcre-6.7 ./configure make make check make install #Install Maildrop from http://www.courier-mta.org/maildrop/ cd /tmp wget http://kent.dl.sourceforge.net/sourceforge/courier/maildrop-2.0.2.tar.bz2 tar jxvf maildrop-2.0.2.tar.bz2 cd maildrop-2.0.2 ./configure make make install-strip cd /tmp/qmail-scanner-2.01 vi qms-config #!/bin/sh if [ "$1" != "install" ]; then INSTALL= else INSTALL="--install" fi ./configure --domain yourdomain.com \ --admin postmaster \ --local-domains "yourdomain.com,yourotherdomain.com" \ --add-dscr-hdrs yes \ --dscr-hdrs-text "X-Antivirus-MYDOMAIN" \ --ignore-eol-check yes \ --sa-quarantine 0 \ --sa-delete 0 \ --sa-reject no \ --sa-subject ":SPAM:" \ --sa-delta 0 \ --sa-alt yes \ --sa-debug no \ --notify precips,admin \ "$INSTALL" # Test your installation by running the following chmod 700 qms-config ./qms-config # If no errors are reported then run ./qms-config install setuidgid qscand /var/qmail/bin/qmail-scanner-queue.pl -z
setuidgid qscand /var/qmail/bin/qmail-scanner-queue.pl -g #A successful database build should produce the following output: #perlscanner: generate new DB file from /var/spool/qscan/quarantine-events.txt #perlscanner: total of 35 entries. chown -R qscand:qscand /var/spool/qscan/ vi /var/qmail/supervise/qmail-smtpd/run #To instruct Qmail to use Qmail-Scanner as the alternative queuing mechanism, we add the following line to the SMTP "run" script right under the first line (#!/bin/sh): QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl" ; export QMAILQUEUE #..and we change the "softlimit" in that same script... #change softlimit to 40000000 #Note: It is absolutely vital that you change the "Softlimit" setting in this script. If you don't, qmail may fail to deliver mail!!! qmailctl stop qmailctl start qmailctl stat cd /tmp/qmail-scanner-2.01/contrib/ chmod 755 test_installation.sh ./test_installation.sh -doit #A successful test should produce the following output. 2 messages should be quarantined by Clam Antivirus in /var/spool/quarantine/new and 2 messages should be set to whatever mailbox you specified in the Qmail-scanner configuration script. Don't worry if you don't get virus notification emails. The normal notification emails that get sent out upon virus detection usually don't work during the test. #setting QMAILQUEUE to /var/qmail/bin/qmail-scanner-queue.pl for this test... Sending standard test message - no viruses... done! Sending eicar test virus - should be caught by perlscanner module... done! Sending eicar test virus with altered filename - should only be caught by commercial anti-virus modules (if you have any)... Sending bad spam message for anti-spam testing - In case you are using
SpamAssassin... Done! Finished test. Now go and check Email for [email protected] If you get 2 messages in your inbox and you see 2 messages in the quarantine folder, it's time to crack open a cold one! You've successfully installed all 3 packages! Woohoo! #Maintainance Setup #Reference: http://qmailrocks.org/maintain.php #Configure the following commands to be run everyday. crontab -e 00 4 * * * rm -rf /var/spool/qscan/quarantine/viruses/new/* # Setup Logrotate for qmail-queue.log cd /etc/logrotate.d vi qscan ### /var/spool/qscan/qmail-queue.log { missingok notifempty copytruncate } ### chown root.root qscan chmod 644 qscan # Please ensure the permissions of the file /etc/logrotate.d/qscan is same as the other files in the /etc/logrotate.d directory # Setting up Spam folder with automatic spam message filtering and redirection to Spam Imap folder Reference: http://opensourceheaven.net/?page_id=98 cd /home/vpopmail/domains/yourdomain.com/ vi mailfilter Copy and paste the contents of the script ( http://www.tnpi.biz/internet/mail/toaster/etc/mailfilter-domain )into the window. ############# SHELL="/bin/sh" import EXT import HOST VPOP="| /usr/local/vpopmail/bin/vdelivermail '' bounce-no-mailbox" VHOME=`/usr/local/vpopmail/bin/vuserinfo -d $EXT@$HOST` ## # title: mailfilter-domain # author: Matt Simerson # version 2.0
# # # # # # # # # ##
http://www.tnpi.biz/internet/mail/toaster/etc/mailfilter-domain Usage: Install this file in ~vpopmail/domains/example.com/mailfilter Create a .qmail-default file with the following: "| /usr/local/bin/maildrop mailfilter" After your satisifed that this is working properly, comment out all the lines that start with "log"
logfile "/var/log/mail/maildrop.log" log "==== BEGIN maildrop processing for $EXT@$HOST ===" if ( $VHOME eq "" ) { LOG " ERROR: VHOME isn't set, falling back to vdelivermail" LOG "=== EXIT === " to "$VPOP" } ## # Comment out this section if you run SpamAssassin via qmailscanner # Spamassassin is slow enough, no point in doubling your expense # # Note that if you want to pass a message larger than 250k to spamd # and have it processed, you'll need to also set spamc -s. See the # spamc man page for more details. ## if ( $SIZE < 256000 ) # Filter if message is less than 250k { log " running message through spamc" exception { xfilter '/usr/local/bin/spamc -u "$EXT@$HOST"' } } ## # Include any rules set up for the user - this gives the # administrator a way to override the domain's mailfilter file # # this is also the "suggested" way to set individual values # for maildrop such as quota. ## `test -r $VHOME/.mailfilter` if( $RETURNCODE == 0 ) { log " including $VHOME/.mailfilter" exception { include $VHOME/.mailfilter } } ## # create the maildirsize file if it doesn't already exist
# (could also be done via "deliverquota [email protected] 10MS,1000C) ## `test -e $VHOME/Maildir/maildirsize` if( $RETURNCODE == 1) { log " creating $VHOME/Maildir/maildirsize for quotas" `/usr/local/vpopmail/bin/vuserinfo -Q $EXT@$HOST`
}
`test -s "$VHOME/Maildir/maildirsize"` if ( $RETURNCODE == 0 ) { `/usr/sbin/chown vpopmail:vchkpw $VHOME/Maildir/maildirsize` `/bin/chmod 640 $VHOME/Maildir/maildirsize` }
## # Set MAILDIRQUOTA. If this isn't set, maildrop and deliverquota # will not enforce quotas for message delivery. # # I find this much easier than creating yet another config file # to store this in. This way, any time the quota is changed in # vpopmail, it'll get noticed by maildrop immediately. ## MAILDIRQUOTA=`/usr/bin/head -n1 $VHOME/Maildir/maildirsize` ## # The message should be tagged, so let's bag it. ## if ( /^X-Spam-Status: *Yes/) { `test -d $VHOME/Maildir/.Spam` # make sure .Spam folder exists if( $RETURNCODE == 1 ) { log " creating $VHOME/Maildir/.Spam " `maildirmake -f Spam $VHOME/Maildir` `/usr/local/sbin/subscribeIMAP.sh Spam $VHOME` } log " SPAM: attempting quota delivery to $VHOME/Maildir/.Spam" exception { xfilter "/usr/local/bin/deliverquota $VHOME/Maildir/.Spam" } if( $RETURNCODE == 77) { log " QUOTA FAILURE: bouncesaying '$EXT@$HOST is over quota'" to "|/var/qmail/bin/bouncesaying '$EXT@$HOST is over quota'" } log "=== END === exit
success"
} log " ##
message is clean"
# Include any other rules that the user might have from # sqwebmail or other compatible program ## `test -r $VHOME/Maildir/.mailfilter` if( $RETURNCODE == 0 ) { log " including $VHOME/Maildir/.mailfilter" exception { include $VHOME/Maildir/.mailfilter } } exception { log " quota enabled delivery to $VHOME/Maildir" xfilter "/usr/local/bin/deliverquota $VHOME/Maildir" } ## # check to make sure the message was delivered # returncode 77 means that out maildir was overquota - bounce mail ## if( $RETURNCODE == 77) { log " BOUNCED: bouncesaying '$EXT@$HOST is over quota'" to "|/var/qmail/bin/bouncesaying '$EXT@$HOST is over quota'" } log "=== END === success" ####### Modify logfile "/var/log/mail/maildrop.log" # to logfile "/var/log/qmail/maildrop.log" # Change these lines: VPOP="| /usr/local/vpopmail/bin/vdelivermail '' bounce-no-mailbox" VHOME=`/usr/local/vpopmail/bin/vuserinfo -d $EXT@$HOST` # to this: VPOP="| /home/vpopmail/bin/vdelivermail '' bounce-no-mailbox" VHOME=`/home/vpopmail/bin/vuserinfo -d $EXT@$HOST` # Save and close, then we'll create this log file: touch /var/log/qmail/maildrop.log chown vpopmail:vchkpw /var/log/qmail/maildrop.log chmod 774 /var/log/qmail/maildrop.log cd /home/vpopmail/domains/yourdomain.com/
chown vpopmail:vchkpw mailfilter chmod 600 mailfilter vi .qmail-default # Comment out your existing line and add this one (all on one line) | /usr/local/bin/maildrop /home/vpopmail/domains/yourdomain.com/mailfilter chown vpopmail:vchkpw .qmail-default chown qmaill:vchkpw /var/log/qmail vi /usr/local/sbin/subscribeIMAP.sh # Paste this script ###### #!/bin/sh # # This subscribes the folder passed as $1 to courier imap # so that Maildir reading apps (Sqwebmail, Courier-IMAP) and # IMAP clients (squirrelmail, Mailman, etc) will recognize the # extra mail folder. # Matt Simerson - 12 June 2003 LIST="$2/Maildir/courierimapsubscribed" if [ -f "$LIST" ]; then # if the file exists, check it for the new folder TEST=`cat "$LIST" | grep "INBOX.$1"` # if it is not there, add it if [ "$TEST" = "" ]; then echo "INBOX.$1" >> $LIST fi else # the file does not exist so we define the full list # and then create the file. FULL="INBOX\nINBOX.Sent\nINBOX.Trash\nINBOX.Drafts\nINBOX.$1" echo -e $FULL > $LIST /bin/chown vpopmail:vchkpw $LIST /bin/chmod 644 $LIST fi ####### chmod 755 /usr/local/sbin/subscribeIMAP.sh qmailctl stop qmailctl start qmailctl stat In case of issues check these log files tail -f /var/log/qmail/qmail-smtpd/current tail -f /var/log/qmail/qmail-send/current # Setup Log rotation for maildrop.log file as follows cd /etc/logrotate.d/
vi maildrop ### /var/log/qmail/maildrop.log { missingok notifempty copytruncate } ### chown root.root maildrop chmod 644 maildrop # DCC Razor Pyzor and RBL setup # Install DCC mkdir /downloads/spam cd /downloads/spam # Download DCC from http://www.rhyolite.com/anti-spam/dcc/ wget http://www.rhyolite.com/anti-spam/dcc/source/dcc.tar.Z tar zxfv dcc.tar.Z cd dcc-1.3.45/ ./configure make install cd /downloads/spam # Install Pyzor Download Pyzor from http://pyzor.sourceforge.net cd /downloads/spam wget http://nchc.dl.sourceforge.net/sourceforge/pyzor/pyzor-0.4.0.tar.bz2 tar xjvf pyzor-0.4.0.tar.bz2 cd pyzor-0.4.0 python setup.py build python setup.py install pyzor discover cd /downloads/spam # Setup cronjob to update pyzor servers automatically 00 1 * * * /usr/bin/pyzor discover # Install Razor # Install the following perl modules perl perl perl perl perl perl perl perl
-MCPAN -MCPAN -MCPAN -MCPAN -MCPAN -MCPAN -MCPAN -MCPAN
-e -e -e -e -e -e -e -e
"install "install "install "install "install "install "install "install
Time::HiRes" Digest::SHA1" MIME::Base64" Test::Simple" Test::Harness" Getopt::Long" File::Copy" URI::Escape"
# Download Razor from http://razor.sourceforge.net/ cd /downloads/spam wget http://jaist.dl.sourceforge.net/sourceforge/razor/razor-agents-2.82.tar.bz2 tar xjvf razor-agents-2.82.tar.bz2 cd razor-agents-2.82
perl Makefile.PL make test make install razor-admin -create cd /root/.razor chown spamd.spamd razor-agent.conf chmod 764 razor-agent.conf razor-admin -register [email protected] cp -a /etc/mail/spamassassin/local.cf /etc/mail/spamassassin/local.cf.orig #Generate a local.cf file from http://www.yrex.com/spam/spamconfig.php.Use the http://opensourceheaven.net/local.cf.txt file as reference. vi /etc/mail/spamassassin/local.cf # Paste the contents of the generated local.cf file here dcc_home /var/dcc dcc_path /usr/local/bin/dccproc dcc_dccifd_path /var/dcc/libexec/dccifd pyzor_path /usr/bin/pyzor score PYZOR_CHECK 1 ######## sa-learn --sync /etc/rc.d/init.d/spamassassin restart # Run the following command to check if spamassassin configuration is correct spamassassin -D --lint # Enabling Surbl in spamassassin perl -MCPAN -e "install Net::DNS::Resolver" updatedb && locate v310.pre #If this file is already in /etc/mail/spamassassin, then you are ready for the next bit. If the file is somewhere else on your system, copy it to /etc/mail/spamassassin/. vi /etc/mail/spamassassin/v310.pre Add these lines at the end: # SURBL DNS Blacklisting loadplugin Mail::SpamAssassin::Plugin::URIDNSBL qmailctl stop qmailctl start /etc/init.d/spamd restart #To test if the changes are working, send yourself a message (from a different email address) with http://surbl-org-permanent-test-point.com in the message body. If all is well message should be tagged as spam.
#Enable RBL checking vi /var/qmail/supervise/qmail-smtpd/run # Edit the lines as shown below /etc/tcp.smtp.cdb -c "$MAXSMTPD" \ -u "$QMAILDUID" -g ................ \ rblsmtpd \ -r zen.spamhaus.org \ -r bl.spamcop.net \ -r relays.ordb.org \ /var/qmail/bin/qmail-smtpd server.yourdomain.com \ qmailctl stop qmailctl start qmailctl stat # Installing fuzzyocr to block image spam References: http://www.goodcleanemail.com/kb.php?ToDo=view&questId=90&catId=2 http://fuzzyocr.own-hero.net/wiki/Downloads # Installing dependecnies yum install ImageMagick yum install netpbm yum install netpbm-progs yum install netpbm-devel yum install libungif # On Fedora Core 6 libungif is known as giflib yum install libungif-progs # On Fedora Core install giflib-utils instead of libungif-progs cpan install String::Approx # Installing GOCR # Download gocr from http://jocr.sourceforge.net cd /tmp wget http://prdownloads.sourceforge.net/jocr/gocr-0.43.tar.gz tar zxvf gocr-0.43.tar.gz cd gocr-0.43 ./configure --with-netpbm=/usr/lib/ make make install #
Installing Fuzzyocr
Dwonload Fuzzyocr from http://fuzzyocr.own-hero.net/wiki/Downloads cd /tmp wget http://users.own-hero.net/~decoder/fuzzyocr/fuzzyocr-2.3b.tar.gz tar zxvf fuzzyocr-2.3b.tar.gz cd /tmp/FuzzyOcr-2.3b
vi FuzzyOcr.cf # Make necessary changes on the lines as shown below ######### focr_logfile /var/log/FuzzyOcr.log # Set this to 1 if you are running a version < 3.1.4. # This will disable a function used in conjunction with animated gifs that isn't available in earlier versions (Default value: 0.0) #focr_pre314 0.0 focr_pre314 1 focr_enable_image_hashing 1 focr_digest_db /etc/mail/spamassassin/FuzzyOcr.hashdb focr_base_score 2 ########### vi FuzzyOcr.pm # Change the log file location as shown below # Add this line below any existing use statements at start of the file use Mail::SpamAssassin::Timeout; ###### our $logfile
= "/var/log/FuzzyOcr.log";
###### cd /var/log touch FuzzyOcr.log chown spamd.spamd FuzzyOcr.log chmod 755 FuzzyOcr.log cp -a FuzzyOcr.cf /etc/mail/spamassassin/ cp -a FuzzyOcr.words.sample /etc/mail/spamassassin/ cp -a FuzzyOcr.pm /etc/mail/spamassassin/ cd /etc/mail/spamassassin/ mv FuzzyOcr.words.sample FuzzyOcr.words chown root.root FuzzyOcr.* touch focr_digest_db chmod o+w focr_digest_db vi v310.pre # Add these lines #### # FuzzyOcr Image Spam Filter loadplugin FuzzyOcr FuzzyOcr.pm ##### cd /var/log/qmail
chown spamd.spamd FuzzyOcr.log chmod 600 FuzzyOcr.log # Run the following command to check if spamassassin configuration is correct spamassassin -D --lint /etc/rc.d/init.d/spamassassin restart # Testing /tmp/FuzzyOcr-2.3b/samples spamassassin -t < animated-gif.eml spamassassin -t < corrupted-gif.eml spamassassin -t < jpeg.eml spamassassin -t < png.eml