Tuesday, March 29, 2011

Qmail-Scanner With ClamAV And SpamAssassin On Ubuntu


In continuation of my document http://www.howtoforge.com/qmail-openldap-on-ubuntu about setting up qmail-ldap on Ubuntu this document will help you to set up Qmail-Scanner with ClamAV antivirus and SpamAssassin spamfilter with your qmail server.

Introduction

Qmail-Scanner is an add-on that enables a Qmail email server to scan email for certain characteristics. It is typically used for its anti-virus and anti-spam protection functions, in which case it is used in conjunction with external scanners. It also enables a site (at a server/site level) to create "Policy blocks": i.e. react to email that contains specific strings in particular headers, or particular attachment filenames or types (e.g. *.EXE attachments even in a zip file).
Its archival features helps ISPs and corporations around the world with new or pending legislation, and regulatory requirements. It can archive all processed email into an archive maildir. This is ideal for backup purposes for audit policy reasons. Unlike certain Windows-based server solutions, the mail envelope headers (the "rcpt to:" and "mail from:" headers) are kept intact - appended to the bottom of each message - confirming true sender and destination addresses. Archiving also supports filtering to a subset of addresses (e.g. only archive "support@domain.name" emails instead of all).
We will bind spamassasin and clamav with qmailsacnner. Spamassassin is a open Source mail filter, written in Perl, to identify spam using a wide range of heuristic tests on mail headers and body text. It can also use some use full plugins like Pyzor, Razor, and DCC. Clamav will scan mail message for virus infected mails.

Installation

We will install and configure Qmail-Scanner, ClamAV and SpamAssassin with the plugins Pyzor, Razor, and DCC.

Clam Antivirus

ClamAV is an open source antivirus engine designed for detecting Trojans, viruses, malware and other malicious threats. It is the de facto standard for mail gateway scanning. It provides a high performance mutli-threaded scanning daemon, command line utilities for on demand file scanning, and an intelligent tool for automatic signature updates.

Download

Download latest version from http://downloads.sourceforge.net/project/clamav:
wget http://nchc.dl.sourceforge.net/project/clamav/clamav/0.97/clamav-0.97.tar.gz

Install and Configure ClamAV

cd /download
tar zxvf clamav-0.97.tar.gz
useradd -c "Qmail-Scanner Account" -s /bin/false qscand
cd clamav-0.97
./configure --with-user=qscand --with-group=qscand
make && make install
ldconfig -v
Now, we configure its configuration files, these are as follows:
vi /usr/local/etc/clamd.conf
#Example
LogFile /var/log/clamav/clamd.log
LogFileMaxSize 20M
LogTime yes
LogClean yes
LogSyslog yes
PidFile /var/run/clamav/clamd.pid
TemporaryDirectory /var/tmp
DatabaseDirectory /usr/local/share/clamav
LocalSocket /var/run/clamav/clamd.cl
MaxConnectionQueueLength 30
User qscand
MaxThreads 20
Scanmail yes
Now, create some directories with the ownership of qscand:
mkdir /var/run/clamav
chown -R qscand.qscand /var/run/clamav
mkdir /var/log/clamav
chown -R qscand.qscand /var/log/clamav
chmod -R 755 /var/log/clamav
By this, clamav is successfully installed.
/usr/local/sbin/clamd &
vi /usr/local/etc/freshclam.conf
#Example
DatabaseDirectory /usr/local/share/clamav
UpdateLogFile /var/log/clamav/freshclam.log
LogSyslog yes
DatabaseOwner qscand
DNSDatabaseInfo current.cvd.clamav.net
DatabaseMirror database.clamav.net
DatabaseMirror db.in.clamav.net
NotifyClamd /usr/local/etc/clamd.conf
Save and exit.
freshclam -v
crontab -e
25 1 * * * /usr/local/bin/freshclam -l /var/log/clamav/freshclam.log

SpamAssassin

SpamAssassin is a mail filter to identify spam. It is an intelligent email filter which uses a diverse range of tests to identify unsolicited bulk email, more commonly known as Spam. These tests are applied to email headers and content to classify email using advanced statistical methods.

Install and configure SpamAssassin

apt-get install spamassassin libdigest-sha1-perl libnet-dns-perl libmail-spf-query-perl libgeo-ip-perl libnet-ident-perl libio-socket-ssl-perl libio-socket-inet6-perl perl-modules
groupadd spamd
useradd -g spamd -s /bin/false spamd
vi /etc/default/spamassassin
ENABLED=1
OPTIONS=" --user-config --username=spamd --max-children 5 --debug --helper-home-dir=/home/spamd"
vi /etc/mail/spamassassin/local.cf
required_score 5.0
dns_available yes
use_pyzor 1
use_razor2 1
use_bayes 1
bayes_auto_learn 1
bayes_file_mode 0700
include /etc/mail/spamassassin/autowhitelist
bayes_path /etc/mail/spamassassin/.spamassassin/bayes
bayes_auto_learn_threshold_nonspam       0.1
bayes_auto_learn_threshold_spam         12.0
ok_languages en hi
ok_locales en
Now start up SpamAssassin...
/etc/init.d/spamassassin start
Now add some plugins..

Razor

cd /downloads/
wget "http://citylan.dl.sourceforge.net/project/razor/razor-agents/2.85/razor-agents-2.85.tar.bz2"
wget 'http://citylan.dl.sourceforge.net/project/razor/razor-agents-sdk/2.07/razor-agents-sdk-2.07.tar.bz2'
tar xvf razor-agents-sdk-2.07.tar.bz2
cd razor-agents-sdk-2.07
perl Makefile.PL
make
make test
make install
cd /downloads/
tar xvfj razor-agents-2.85.tar.bz2
cd razor-agents-2.85
perl Makefile.PL
make
make test
make install
Make sure your firewall is allowing port tcp/2703.
razor-admin -home=/home/spamd/.razor -create
razor-admin -home=/home/spamd/.razor -register
razor-admin -home=/home/spamd/.razor -discover

DCC

cd /downloads/
wget http://www.rhyolite.com/anti-spam/dcc/source/dcc.tar.Z
tar xvfz dcc.tar.Z
cd dcc-1.3.120/
./configure
make && make install
Make sure your firewall is allowing port udp/6277.

Pyzor

cd /downloads/
wget http://space.dl.sourceforge.net/project/pyzor/pyzor/0.5.0/pyzor-0.5.0.tar.gz
tar xvf pyzor-0.5.0.tar.gz
cd pyzor-0.5.0
python setup.py build
python setup.py install
python -c 'import gdbm' && echo 'gdbm found'
Run the next command to complete pyzor installation.
pyzor --homedir /home/spamd discover
vi /etc/mail/spamassassin/v310.pre
enable the line
loadplugin Mail::SpamAssassin::Plugin::DCC
spamassassin –lint

Qmail-Scanner

cd /downloads/qmailrocks
tar xvfz qmail-scanner-1.25.tgz
tar zxvf qms-analog-0.4.2.tar.gz
cd qms-analog-0.4.2
make all
cp qmail-scanner-1.25-st-qms-20050219.patch ../qmail-scanner-1.25/
cd ../qmail-scanner-1.25
patch -p1 < qmail-scanner-1.25-st-qms-20050219.patch
vi qms-config
./configure --domain yourdomain.com \
--admin postmaster \
--local-domains "yourdomain.com" \
--add-dscr-hdrs yes \
--dscr-hdrs-text "X-Antivirus-YOURDOMAIN" \
--ignore-eol-check yes \
--sa-quarantine 0 \
--sa-delete 0 \
--sa-reject no \
--sa-subject ":SPAM:" \
--sa-alt yes \
--sa-debug yes \
--sa-report yes \
--notify "psender,admin" \
--redundant yes \
--unzip yes \
--qms-monitor no \
"$INSTALL"
chmod 755 qms-config
./qms-config
If configuration is ok then...
./qms-config install
setuidgid qscand /var/qmail/bin/qmail-scanner-queue.pl -z
setuidgid qscand /var/qmail/bin/qmail-scanner-queue.pl -g
vi /var/qmail/bin/qmail-scanner-queue.pl
msg_size > 500000
chown -R qscand:qscand /var/spool/qmailscan
vi /service/qmail-smtpd/run
QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl" ; export QMAILQUEUE
Now restart your qmail server and see if everything works...

No comments:

Post a Comment