Monday, September 28, 2009

SENDMAIL Notes 13: Sendmail Content Scanning


Configuring the full functional content scanning using Mailscanner, Clamav and Spamassassin

Initially we will configure the clamav antivirus.


Installation of CLAMAV Antivirus:

Download the Source code of the software

# wget
# tar -zxvf clamav-0.95.2.tar.gz
# cd clamav-0.95.2

    The clamav relies upon mainly the following packages. So have to install the packages prior to compiling and installation of clamav. so install the following packages prior to compiling.

1. zlibs It needs zlib-1.2.2 atleast
2. bzip2
3. gmp
4. curl

Add the following user and group.

#groupadd clamav
#useradd -g clamav -s /sbin/nologin clamav

Now Compile the clamav

# ./configure
# make
# make install

    This will copy the binaries to the standard location. Normaly to /usr/local/*. Now type clam can see the new binaries that installed by make-install.

Configuring CLAMAV Antivirus:

#cd /usr/loca/etc

it will contain 2 files clamd.conf (this is read by clamd deamon) and freshclam.conf (Reads by the update tool).

For starting the clamd daemon, have to edit the following parameters in clamd.conf

#vim clamd.conf
#comment out the Example

#vim freshclam.conf
#comment out the Example

    Now create the log file to log by freshclam.

#touch /var/log/freshclam.log
#chmod 600 /var/log/freshclam.log
#chown clamav.clamav /var/log/freshclam.log

Now update the virus database and start the freshclam daemon.

#/usr/loca/bin/freshclam -d

    This runs the freshclam as a daemon. Add the freshclam entry to the cron job to update daily twice or thrice. And any update regarding the virus signatures will be logged to /var/log/freshclam.log.

It is time to start the clamd daemon now.

#ps -ef |grep clam

    this will show both (freshclam and clamd) daemon runns.

Adding clamd daemon to init startup(This part is optional).

#cd clamav-ver/contrib/init
#vim clamd

    Change the path parameters to suite the installation. and place it in init directory.

#cp clamd /etc/init.d

Now start configuring the Spamassassin



Download the Source code of the software

# wget
# tar -jxvf Mail-SpamAssassin-3.2.5.tar.bz2
# cd Mail-SpamAssassin-3.2.5

We need the following packages for compiling the spamassassin:
1. HTML::Parser

Install the pre-requiesties using cpanel.

>install HTML::Parser

Download from and compile and install

#tar -zxvf HTML-Parser-version.gz
# cd HTML-Parser-version
# perl
# make
# make install

The spamassassin uses the perl for compiling

#perl Makefile.PL

    This will prompt us certain details.
1.mail address of admin for whom can send mail about the spam report. test
3.Checks for all the dependencies of modules. if script exits by any failed dependencies install it.

# make
# make install

    This wil setup the spamassassin with all of the rules in /usr/share/spamassassin. The installed bnaries will  be /usr/binspamc(The client binaries) & /usr/bin/spamd(spamassassin daemon binaries).

Now we can install the init scripts from the source code.

#cd Mail-SpamAssassin-3.2.5/spamd
# ./ start

    This will start the daemon. So copy the file to /etc/init.d/ and rename it if we need to run as init daemon.

Now start the spamd

# spamd -d -c -m5 -H

    This starts the spamassassin daemon and runs in background.

Its time to install and configure the Mailscanner

    mailscanner need not to have clamd or spamassassin running to initialize or run the service.In fact it just need the perl modules that required to start.
Download the source code of the software.

#tar -zxvf MailScanner-install-4.75.11-1.tar.gz
# cd MailScanner-install-4.75.11-1
it contains perl modules and install script

    This installs the mailscanner in /opt directory. And mailscanner creates a new queue directory struchure in /var/spool (MailScanner,

    This is a temperory directory userd for processing the msgs.

    After starting the Mailscanner daemon we need to update the sendmail configuration to reflect the new queue structure. The new queue structure is implemented for the new two sendmail daemons. One for processing the inbound msgs i.e, the standard MTA which will accepts the mail on port 25 process the msgs and places those msgs in to queue in queue only mode. Those msgs are then re-routed in to the directory (we will be altering the sendmail configuration to queue msgs to not to deliver them).From there Mailscanner that had configured to check the for all 5 sec will scan the by consulting clamav, spamassassin and other mailicious contents and then places the msg in to mqueue directory. From here the second instance of the sendmail will deliver the msg to the destination.

    port25 sendmail(1) recieves msg -> Place the msg in -> Mailscanner scans and places in mqueue -> sendmail(2) will deliver the msg from mqueue to destination.

Configuring MailScanner:

#cd /opt/MailScanner
    This is a symbolic link created by for the installed version of MailScanner.
# cd /opt/MailScanner/etc
    This file contains the main configuration of MailScanner.

Edit the main configuration to change some key settings to start the MailScanner.

# vi MailScanner.conf
%org-name% = kiranjith
%org-long-name% = Kiran's School for Linux Lovers
%web-site% =
Max Children = 5
#by default mailscanner will launch upto 5 process to handle the mails in the This can be increased according to the msg queue.
Run As User = root
# has to specify the mailscanner to run as.
Queue Scan Interval = 5
# this tells the mailscanner to check the directory in every 5 sec for a new msg.
Incoming Queue Dir = /var/spool/
#This is the directory where the 1st sendmail instance will put the incoming mails for scanning.
Outgoing Queue Dir = /var/spool/mqueue
#This is the directory where the mailscanner will place the scanned mails for 2nd instance of the sendmail to deliver.
Incoming Work Dir = /var/spool/MailScanner/incoming
#This is the directory where mailscanner process the msgs.
Quarantine Dir = /var/spool/MailScanner/quarantine
#In this directory MailScanner places the msgs which is infected by Virus.
Restart Every = 14400
#Every 14400 sec the child process will get restarted
MTA = sendmail
#This specifies the current mta running in the system.
Sendmail = /usr/lib/sendmail
#path to sendmail which used to deliver the error generated on scanning
Max Normal Queue Size = 800
# this tells mailscanner to stop scanning if the mail queue is this much big
#Note:- TNEF Module is needed to scan the content send from MS Outlook.
Virus Scanning = yes
# This enables the virus scanning
Virus Scanners = clamav
#sets the virus scanner to clamav.
Use SpamAssassin = yes
# makes mailscanner to invoke the spamassassin
Always Include SpamAssassin Repot = yes
#this invokes mailscanner to involve the result of spamassassin.
# The SpamAssassin returns a score for the scanned msg and mailscanner will make a decission upon this score. This will invoke both clamav and spamassassin.
Always Include SpamAssassin Report = yes
# This will include the spamassassin repot in the mail header.


            This file consists of the rules for the spamassassin, eg:-,the white list, Black list, Spam score threshold.


            This file contains the preferences of Virus scanner.


            This Directory is contains the rules of mail contents (rules about the extension of the mail attachment)


            This directory contains the executables to run and check the mailscanner service.


            This will launch the mailscanner service

#ps -ef |grep -i mailscanner

            This will show the mailscanner configuration

Sendmail Integrating with MailScanner:

            By default the sendmail will be running as MSP as queue directory /var/spool/cilentmqueue and as MTA that binds to the default port of 25.

#/usr/sbin/sendmail -L sm-msp-queue -Ac -q30m
#/usr/sbin/sendmail -L sm-mta -bd -q30m

            These are the default deamon options that runs sendmail. So we have to change the deamon options or change the init script of sendmail with the following options.

#kill any existing sendmail deamons

Now create a sendmail start script

#Run the sendmail as MSP program.
$sendmail -L sm-msp-queue -Ac -q30m
#Run the sendmail MTA for inbound (To accept the mail and keep in /var/spool/ directory in queueonly mode)
$sendmail -L sm-mta-inbound -bd   -OprivacyOptions=noetrn   -OdeliveryMode=queueonly   -OqueueDirectory=/var/spool/  -OPidFile=/var/run/  -q30m
#Define the Outbound MTA for delivery msg from /var/spool/mqueue directory,which has been scanned by and placed by MailScanner. The inervel should be short for delivering the mail ASAP.
$sendmail -q1m

Save and execute the script.

#ps -ef |grep sendmail

            This will show the 3 sendmail process running

Check the mail logs

# tail /var/log/maillog

If the sendmail installation is RPM Based. Then follow this

Change Commands That Start Sendmail. Currently, your copy of sendmail will be started by a script such as /etc/init.d/mail or /etc/rc.d/init.d/sendmail. Somewhere in this script will be the command to start sendmail itself. This should look like this:

sendmail −bd −q15m
You should change this to the following two lines:
sendmail −bd  -OprivacyOptions=noetrn   -OdeliveryMode=queueonly   -OqueueDirectory=/var/spool/  -OPidFile=/var/run/ -q30m
sendmail -q1m


This first starts the copy of sendmail that provides SMTP service, building the work queue for MailScanner. It then starts the copy of sendmail that delivers the output from MailScanner. You also might need to change the commands used to shut down sendmail as it now needs to find 2 copies and kill them both.

            The spamd and clamd deamons are not needed to be running. It is just to ensure the configuration files working or not.

No comments:

Post a Comment

tag ur valuable ideas below