====== qmail-scanner ======

Using SpamAssassin and ClamAV Anti-Virus
GreyListing
Using SpamAssassin without qmail-scanner

====== Using SpamAssassin and ClamAV Anti-Virus ======

Download qmail-scanner from:

SpamAssassin is written in Perl and uses 3 additional modules:

Razor DCC (Distributed Checksum Clearinghouse)

Pyzor

Razor needs a selection of Perl modules - install using CPAN:


perl -MCPAN -e 'install Net::DNS'

echo 'Digest::SHA1
            Digest::MD5
            Digest::HMAC
            Digest::Nilsimsa
            Test::Simple
            Time::HiRes
            URI::Escape' | xargs -n1 -i perl -MCPAN -e 'install {}'

from razor-agents-2.xxx:

perl Makefile.PL && make && make test && make install razor-client

Install DCC:

./configure && make && make install

Install Pyzor and configure:

python setup.py build python setup.py install

Install SA role user and install.


/usr/sbin/useradd -u 106 -d /var/qmail/control/spamassassin -c "SpamAssassin" -m -k /dev/null spamd
perl -MCPAN -e 'install Mail::SpamAssassin'

Configure SpamAssassin options in /etc/mail/spamassassin/local.cf:

See man Mail::SpamAssassin::Conf


required_hits 5.0
#skip_rbl_checks 1
rewrite_header Subject *****SPAM*****
#use_terse_report 1
report_safe 1
dns_available yes
add_header all DCC _DCCB_: _DCCR_
add_header all Pyzor _PYZOR_
add_header all Report _REPORT_
ok_languages en
#clear_report_template
#report Redifine report text
#report according to man page _SUMMARY_

lock_method flock
bayes_learn_to_journal 1
pyzor_path /usr/bin/pyzor
dcc_path /usr/local/bin/dccproc

rbl_timeout 8
razor_timeout 4
pyzor_timeout 4
dcc_timeout 4

Install a startup script and start SpamAssassin:

Save as /etc/rc.d/init.d/spamassassin, chmod 755, and edit the OPTIONS line:

OPTIONS="-d -x -u spamd"

Start/restart spamassassin

(spamd should be running now)

Configure/test components

Test network connectivity (firewall may be configured to block needed incoming UDP source port 6277 * cdcc info

* su - spamd -c "pyzor discover"

* su - spamd -c "razor-admin -create"

* su - spamd -c "razor-admin -register" (I had to run this a couple times until it was successful)

I was doing some spamassassin reporting by procmail inside /var/qmail/alias, so I also needed to do:

* su - alias -c "pyzor discover"

* su - alias -c "razor-admin -create"

* su - alias -c "razor-admin -register"

Download ClamAV:

Add a clamav role-account and install:


/usr/sbin/groupadd -g 105 clamav
/usr/sbin/useradd -u 105 -g clamav -d /usr/local/share/clamav -m -k /dev/null -c "Clam Antivirus" clamav

./configure && make && make install

cd ..
clamscan -r -l scan.txt clamav-0.[tab key]

( should find ClamAV-Test-Signature in test/test1 )

Run: freshclam to update virus signatures, if that's ok - add freshclam as a daemon to your startup (rc.local)


echo "Starting FreshClam ClamAV daemon"
touch /var/log/clam-update.log
chown clamav /var/log/clam-update.log
su - clamav -c "/usr/local/bin/freshclam -d -c 2 -l /var/log/clam-update.log"

Install qmail-scanner:

The latest qmail-ldap patch already includes the QMAILQUEUE patch. Enable by setting LDAPFLAGS=-DALTQUEUE in the Makefile of your qmail-1.03 directory. Be sure to install other required bits according to


/usr/sbin/groupadd -g 107 qscand
/usr/sbin/useradd -u 107 -c "Qmail-Scanner Account" -g qscand  -s /bin/false qscand
./configure --admin ian --domain MrZesty.net --scanners clamscan,verbose_spamassassin --notify "sender,recips,admin" --debug no --install

After you've enabled the qmail-queue patch, there are a couple of tidbits you can put into your /var/qmail/control/qmail-smtpd.rules file:

If RELAYCLIENT is present - SpamAssassin will not be called from qmail-scanner. If RBLSMTPD is present and may or may not have a "comment" - the comment will be echoed back as a 451 retry-later failure if the sending IP is found in an RBL.

If RBLSMTPD is present and has a "-comment" - the comment will be echoed back as a 553 bounce message failure.

QMAILQUEUE should point to the queue handler to use for connections from those IP's (if not set in /service/qmail-smtpd/run above)


# No Qmail-Scanner or RBL check at all for mail from 127.0.0.1
127.0.0.1:allow,RELAYCLIENT="",RBLSMTPD=""
# Use Qmail-Scanner without SpamAssassin, no RBL check on any mail from the local network
# [it ignores SpamAssassin via the presence of the RELAYCLIENT var]
10.:allow,RELAYCLIENT="",RBLSMTPD="",QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl"
# Use Qmail-Scanner with SpamAssassin on any mail from the rest of the world
:allow,QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl"


make -C /var/qmail/control

Verify permissions - vi may have forgotten the suid:

-rwsr-xr-x 1 qscand qscand 80984 2003-09-04 01:28 /var/qmail/bin/qmail-scanner-queue.pl

You will probably want to set up a cron job to update qmail-scanner's info

0 12 * * * setuidgid qscand /var/qmail/bin/qmail-scanner-queue.pl -z ( -z - gather virus scanner/DAT versions and cleanup old temp files )

As well as one to remove quarantined messages before they fill up /var/spool

0 0 * * * find /var/spool/qmailscan/quarantine/new -mtime +10 | xargs -r rm

====== GreyListing ====== ====== Using SpamAssassin without qmail-scanner ======