+ %TITLE%
<toc>
+ Using SpamAssassin and ClamAV Anti-Virus
* Download qmail-scanner from: http://qmail-scanner.sourceforge.net/
* SpamAssassin is written in Perl and uses 3 additional modules:
Razor http://razor.sourceforge.net/
DCC (Distributed Checksum Clearinghouse) http://www.rhyolite.com/anti-spam/dcc/source/dcc-dccproc.tar.Z
Pyzor http://pyzor.sourceforge.net/
* Razor needs a selection of Perl modules - install using CPAN:
<code>
perl -MCPAN -e 'install Net::DNS'
echo 'Digest::SHA1
Digest::MD5
Digest::HMAC
Digest::Nilsimsa
Test::Simple
Time::HiRes
URI::Escape' | xargs -n1 -i perl -MCPAN -e 'install {}'
</code>
* from razor-agents-2.xxx:
=perl Makefile.PL && make && make test && make install=
=razor-client=
* Install DCC:
=./configure && make && make install=
* Install Pyzor and configure:
=python setup.py build=
=python setup.py install=
* Install SA role user and install.
<code>
/usr/sbin/useradd -u 106 -d /var/qmail/control/spamassassin -c "SpamAssassin" -m -k /dev/null spamd
perl -MCPAN -e 'install Mail::SpamAssassin'
</code>
* Configure SpamAssassin options in =/etc/mail/spamassassin/local.cf=:
See =man Mail::SpamAssassin::Conf=
<code>
required_hits 5.0
#skip_rbl_checks 1
rewrite_header Subject *****SPAM*****
#use_terse_report 1
report_safe 1
dns_available yes
add_header all DCC _DCCB_: _DCCR_
add_header all Pyzor _PYZOR_
add_header all Report _REPORT_
ok_languages en
#clear_report_template
#report Redifine report text
#report according to man page _SUMMARY_
lock_method flock
bayes_learn_to_journal 1
pyzor_path /usr/bin/pyzor
dcc_path /usr/local/bin/dccproc
rbl_timeout 8
razor_timeout 4
pyzor_timeout 4
dcc_timeout 4
</code>
* Install a startup script and start SpamAssassin:
http://www.spamassassin.org/dist/spamd/
Save as =/etc/rc.d/init.d/spamassassin=, chmod 755, and edit the OPTIONS line:
=OPTIONS="-d -x -u spamd"=
* Start/restart spamassassin
(spamd should be running now)
* Configure/test components
Test network connectivity (firewall may be configured to block needed incoming UDP source port 6277
* =cdcc info=
* =su - spamd -c "pyzor discover"=
* =su - spamd -c "razor-admin -create"=
* =su - spamd -c "razor-admin -register"= (I had to run this a couple times until it was successful)
I was doing some spamassassin reporting by procmail inside /var/qmail/alias, so I also needed to do:
* =su - alias -c "pyzor discover"=
* =su - alias -c "razor-admin -create"=
* =su - alias -c "razor-admin -register"=
* Download ClamAV: http://www.clamav.net/
* Add a clamav role-account and install:
<code>
/usr/sbin/groupadd -g 105 clamav
/usr/sbin/useradd -u 105 -g clamav -d /usr/local/share/clamav -m -k /dev/null -c "Clam Antivirus" clamav
./configure && make && make install
cd ..
clamscan -r -l scan.txt clamav-0.[tab key]
</code>
( should find ClamAV-Test-Signature in test/test1 )
* Run: =freshclam= to update virus signatures, if that's ok - add =freshclam= as a daemon to your startup (rc.local)
<code>
echo "Starting FreshClam ClamAV daemon"
touch /var/log/clam-update.log
chown clamav /var/log/clam-update.log
su - clamav -c "/usr/local/bin/freshclam -d -c 2 -l /var/log/clam-update.log"
</code>
* Install qmail-scanner:
The latest qmail-ldap patch already includes the QMAILQUEUE patch. Enable by setting LDAPFLAGS=-DALTQUEUE in the Makefile of your qmail-1.03 directory. Be sure to install other required bits according to http://qmail-scanner.sf.net/
<code>
/usr/sbin/groupadd -g 107 qscand
/usr/sbin/useradd -u 107 -c "Qmail-Scanner Account" -g qscand -s /bin/false qscand
./configure --admin ian --domain MrZesty.net --scanners clamscan,verbose_spamassassin --notify "sender,recips,admin" --debug no --install
</code>
* After you've enabled the qmail-queue patch, there are a couple of tidbits you can put into your =/var/qmail/control/qmail-smtpd.rules= file:
If =RELAYCLIENT= is present - SpamAssassin will not be called from qmail-scanner.
If =RBLSMTPD= is present and may or may not have a "comment" - the comment will be echoed back as a 451 retry-later failure if the sending IP is found in an RBL.
If =RBLSMTPD= is present and has a "-comment" - the comment will be echoed back as a 553 bounce message failure.
QMAILQUEUE should point to the queue handler to use for connections from those IP's (if not set in =/service/qmail-smtpd/run= above)
<code>
# No Qmail-Scanner or RBL check at all for mail from 127.0.0.1
127.0.0.1:allow,RELAYCLIENT="",RBLSMTPD=""
# Use Qmail-Scanner without SpamAssassin, no RBL check on any mail from the local network
# [it ignores SpamAssassin via the presence of the RELAYCLIENT var]
10.:allow,RELAYCLIENT="",RBLSMTPD="",QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl"
# Use Qmail-Scanner with SpamAssassin on any mail from the rest of the world
:allow,QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl"
</code>
<code>
make -C /var/qmail/control
</code>
* Verify permissions - vi may have forgotten the suid:
=-rwsr-xr-x 1 qscand qscand 80984 2003-09-04 01:28 /var/qmail/bin/qmail-scanner-queue.pl=
* You will probably want to set up a cron job to update qmail-scanner's info
=0 12 * * * setuidgid qscand /var/qmail/bin/qmail-scanner-queue.pl -z=
( -z - gather virus scanner/DAT versions and cleanup old temp files )
As well as one to remove quarantined messages before they fill up /var/spool
=0 0 * * * find /var/spool/qmailscan/quarantine/new -mtime +10 | xargs -r rm=
|
+ %TITLE%
<toc>
+ Using SpamAssassin and ClamAV Anti-Virus
* Download qmail-scanner from: http://qmail-scanner.sourceforge.net/
* SpamAssassin is written in Perl and uses 3 additional modules:
Razor http://razor.sourceforge.net/
DCC (Distributed Checksum Clearinghouse) http://www.rhyolite.com/anti-spam/dcc/source/dcc-dccproc.tar.Z
Pyzor http://pyzor.sourceforge.net/
* Razor needs a selection of Perl modules - install using CPAN:
<code>
perl -MCPAN -e 'install Net::DNS'
echo 'Digest::SHA1
Digest::MD5
Digest::HMAC
Digest::Nilsimsa
Test::Simple
Time::HiRes
URI::Escape' | xargs -n1 -i perl -MCPAN -e 'install {}'
</code>
* from razor-agents-2.xxx:
=perl Makefile.PL && make && make test && make install=
=razor-client=
* Install DCC:
=./configure && make && make install=
* Install Pyzor and configure:
=python setup.py build=
=python setup.py install=
* Install SA role user and install.
<code>
/usr/sbin/useradd -u 106 -d /var/qmail/control/spamassassin -c "SpamAssassin" -m -k /dev/null spamd
perl -MCPAN -e 'install Mail::SpamAssassin'
</code>
* Configure SpamAssassin options in =/etc/mail/spamassassin/local.cf=:
See =man Mail::SpamAssassin::Conf=
<code>
required_hits 5.0
#skip_rbl_checks 1
rewrite_header Subject *****SPAM*****
#use_terse_report 1
report_safe 1
dns_available yes
add_header all DCC _DCCB_: _DCCR_
add_header all Pyzor _PYZOR_
add_header all Report _REPORT_
ok_languages en
#clear_report_template
#report Redifine report text
#report according to man page _SUMMARY_
lock_method flock
bayes_learn_to_journal 1
pyzor_path /usr/bin/pyzor
dcc_path /usr/local/bin/dccproc
rbl_timeout 8
razor_timeout 4
pyzor_timeout 4
dcc_timeout 4
</code>
* Install a startup script and start SpamAssassin:
http://www.spamassassin.org/dist/spamd/
Save as =/etc/rc.d/init.d/spamassassin=, chmod 755, and edit the OPTIONS line:
=OPTIONS="-d -x -u spamd"=
* Start/restart spamassassin
(spamd should be running now)
* Configure/test components
Test network connectivity (firewall may be configured to block needed incoming UDP source port 6277
* =cdcc info=
* =su - spamd -c "pyzor discover"=
* =su - spamd -c "razor-admin -create"=
* =su - spamd -c "razor-admin -register"= (I had to run this a couple times until it was successful)
I was doing some spamassassin reporting by procmail inside /var/qmail/alias, so I also needed to do:
* =su - alias -c "pyzor discover"=
* =su - alias -c "razor-admin -create"=
* =su - alias -c "razor-admin -register"=
* Download ClamAV: http://www.clamav.net/
* Add a clamav role-account and install:
<code>
/usr/sbin/groupadd -g 105 clamav
/usr/sbin/useradd -u 105 -g clamav -d /usr/local/share/clamav -m -k /dev/null -c "Clam Antivirus" clamav
./configure && make && make install
cd ..
clamscan -r -l scan.txt clamav-0.[tab key]
</code>
( should find ClamAV-Test-Signature in test/test1 )
* Run: =freshclam= to update virus signatures, if that's ok - add =freshclam= as a daemon to your startup (rc.local)
<code>
echo "Starting FreshClam ClamAV daemon"
touch /var/log/clam-update.log
chown clamav /var/log/clam-update.log
su - clamav -c "/usr/local/bin/freshclam -d -c 2 -l /var/log/clam-update.log"
</code>
* Install qmail-scanner:
The latest qmail-ldap patch already includes the QMAILQUEUE patch. Enable by setting LDAPFLAGS=-DALTQUEUE in the Makefile of your qmail-1.03 directory. Be sure to install other required bits according to http://qmail-scanner.sf.net/
<code>
/usr/sbin/groupadd -g 107 qscand
/usr/sbin/useradd -u 107 -c "Qmail-Scanner Account" -g qscand -s /bin/false qscand
./configure --admin ian --domain MrZesty.net --scanners clamscan,verbose_spamassassin --notify "sender,recips,admin" --debug no --install
</code>
* After you've enabled the qmail-queue patch, there are a couple of tidbits you can put into your =/var/qmail/control/qmail-smtpd.rules= file:
If =RELAYCLIENT= is present - SpamAssassin will not be called from qmail-scanner.
If =RBLSMTPD= is present and may or may not have a "comment" - the comment will be echoed back as a 451 retry-later failure if the sending IP is found in an RBL.
If =RBLSMTPD= is present and has a "-comment" - the comment will be echoed back as a 553 bounce message failure.
QMAILQUEUE should point to the queue handler to use for connections from those IP's (if not set in =/service/qmail-smtpd/run= above)
<code>
# No Qmail-Scanner or RBL check at all for mail from 127.0.0.1
127.0.0.1:allow,RELAYCLIENT="",RBLSMTPD=""
# Use Qmail-Scanner without SpamAssassin, no RBL check on any mail from the local network
# [it ignores SpamAssassin via the presence of the RELAYCLIENT var]
10.:allow,RELAYCLIENT="",RBLSMTPD="",QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl"
# Use Qmail-Scanner with SpamAssassin on any mail from the rest of the world
:allow,QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl"
</code>
<code>
make -C /var/qmail/control
</code>
* Verify permissions - vi may have forgotten the suid:
=-rwsr-xr-x 1 qscand qscand 80984 2003-09-04 01:28 /var/qmail/bin/qmail-scanner-queue.pl=
* You will probably want to set up a cron job to update qmail-scanner's info
=0 12 * * * setuidgid qscand /var/qmail/bin/qmail-scanner-queue.pl -z=
( -z - gather virus scanner/DAT versions and cleanup old temp files )
As well as one to remove quarantined messages before they fill up /var/spool
=0 0 * * * find /var/spool/qmailscan/quarantine/new -mtime +10 | xargs -r rm=
|
