SENDMAIL Notes 13: Sendmail Content Scanning

SENDMAIL CONTENT SCANNING:

Configuring the full functional content scanning using Mailscanner, Clamav and Spamassassin

Initially we will configure the clamav antivirus.

CLAMAV ANTIVIRUS:

Installation of CLAMAV Antivirus:

Download the Source code of the software

# wget http://sourceforge.net/projects/clamav/files/clamav/0.95.2/clamav-0.95.2.tar.gz/download
# tar -zxvf clamav-0.95.2.tar.gz
# cd clamav-0.95.2

    The clamav relies upon mainly the following packages. So have to install the packages prior to compiling and installation of clamav. so install the following packages prior to compiling.

1. zlibs It needs zlib-1.2.2 atleast
    zlibs-devel
2. bzip2
    bzip2-libs
    bzip2-devel
3. gmp
4. curl
    curl-devel

Add the following user and group.

#groupadd clamav
#useradd -g clamav -s /sbin/nologin clamav

Now Compile the clamav

# ./configure
# make
# make install

    This will copy the binaries to the standard location. Normaly to /usr/local/*. Now type clam can see the new binaries that installed by make-install.

Configuring CLAMAV Antivirus:

#cd /usr/loca/etc

it will contain 2 files clamd.conf (this is read by clamd deamon) and freshclam.conf (Reads by the update tool).

For starting the clamd daemon, have to edit the following parameters in clamd.conf

#vim clamd.conf
#comment out the Example
#Example

#vim freshclam.conf
#comment out the Example
#Example

    Now create the log file to log by freshclam.

#touch /var/log/freshclam.log
#chmod 600 /var/log/freshclam.log
#chown clamav.clamav /var/log/freshclam.log

Now update the virus database and start the freshclam daemon.

#freshclam
#/usr/loca/bin/freshclam -d

    This runs the freshclam as a daemon. Add the freshclam entry to the cron job to update daily twice or thrice. And any update regarding the virus signatures will be logged to /var/log/freshclam.log.

It is time to start the clamd daemon now.

#/usr/local/sbin/clamd
#ps -ef |grep clam

    this will show both (freshclam and clamd) daemon runns.

Adding clamd daemon to init startup(This part is optional).

#cd clamav-ver/contrib/init
#vim clamd

    Change the path parameters to suite the installation. and place it in init directory.

#cp clamd /etc/init.d

Now start configuring the Spamassassin

SPAMASSASSIN:

Installation:
Download the Source code of the software

# wget http://www.bizdirusa.com/mirrors/apache/spamassassin/source/Mail-SpamAssassin-3.2.5.tar.bz2
# tar -jxvf Mail-SpamAssassin-3.2.5.tar.bz2
# cd Mail-SpamAssassin-3.2.5

We need the following packages for compiling the spamassassin:
1. HTML::Parser

Install the pre-requiesties using cpanel.

#cpanel
>install HTML::Parser

or
Download from cpan.org and compile and install

#tar -zxvf HTML-Parser-version.gz
# cd HTML-Parser-version
# perl Makefile.pl
# make
# make install

The spamassassin uses the perl for compiling

#perl Makefile.PL

    This will prompt us certain details.
1.mail address of admin for whom can send mail about the spam report.
2.network test
3.Checks for all the dependencies of modules. if script exits by any failed dependencies install it.

# make
# make install

    This wil setup the spamassassin with all of the rules in /usr/share/spamassassin. The installed bnaries will  be /usr/binspamc(The client binaries) & /usr/bin/spamd(spamassassin daemon binaries).

Now we can install the init scripts from the source code.

#cd Mail-SpamAssassin-3.2.5/spamd
# ./redhat-rc-script.sh start

    This will start the daemon. So copy the file to /etc/init.d/ and rename it if we need to run as init daemon.

Now start the spamd

# spamd -d -c -m5 -H

    This starts the spamassassin daemon and runs in background.

Its time to install and configure the Mailscanner


MAILSCANNER:
Installation:
    mailscanner need not to have clamd or spamassassin running to initialize or run the service.In fact it just need the perl modules that required to start.
Download the source code of the software.

#wget http://www.mailscanner.info/files/4/tar/MailScanner-install-4.75.11-1.tar.gz
#tar -zxvf MailScanner-install-4.75.11-1.tar.gz
# cd MailScanner-install-4.75.11-1
    it contains perl modules and install script
#./install.sh

    This installs the mailscanner in /opt directory. And mailscanner creates a new queue directory struchure in /var/spool (MailScanner, mqueue.in)

/var/spool/MailScanner
    This is a temperory directory userd for processing the msgs.
/var/spool/mqueue.in

    After starting the Mailscanner daemon we need to update the sendmail configuration to reflect the new queue structure. The new queue structure is implemented for the new two sendmail daemons. One for processing the inbound msgs i.e, the standard MTA which will accepts the mail on port 25 process the msgs and places those msgs in to queue in queue only mode. Those msgs are then re-routed in to the directory mqueue.in (we will be altering the sendmail configuration to queue msgs to mqueue.in not to deliver them).From there Mailscanner that had configured to check the mqueue.in for all 5 sec will scan the mqueue.in by consulting clamav, spamassassin and other mailicious contents and then places the msg in to mqueue directory. From here the second instance of the sendmail will deliver the msg to the destination.

    port25 sendmail(1) recieves msg -> Place the msg in mqueue.in -> Mailscanner scans and places in mqueue -> sendmail(2) will deliver the msg from mqueue to destination.

Configuring MailScanner:

#cd /opt/MailScanner
    This is a symbolic link created by for the installed version of MailScanner.
# cd /opt/MailScanner/etc
    This file contains the main configuration of MailScanner.

Edit the main configuration to change some key settings to start the MailScanner.

# vi MailScanner.conf
%org-name% = kiranjith
%org-long-name% = Kiran's School for Linux Lovers
%web-site% = kiranjith83.blogspot.com
Max Children = 5
#by default mailscanner will launch upto 5 process to handle the mails in the mqueue.in. This can be increased according to the msg queue.
Run As User = root
# has to specify the mailscanner to run as.
Queue Scan Interval = 5
# this tells the mailscanner to check the mqueue.in directory in every 5 sec for a new msg.
Incoming Queue Dir = /var/spool/mqueue.in
#This is the directory where the 1st sendmail instance will put the incoming mails for scanning.
Outgoing Queue Dir = /var/spool/mqueue
#This is the directory where the mailscanner will place the scanned mails for 2nd instance of the sendmail to deliver.
Incoming Work Dir = /var/spool/MailScanner/incoming
#This is the directory where mailscanner process the msgs.
Quarantine Dir = /var/spool/MailScanner/quarantine
#In this directory MailScanner places the msgs which is infected by Virus.
Restart Every = 14400
#Every 14400 sec the child process will get restarted
MTA = sendmail
#This specifies the current mta running in the system.
Sendmail = /usr/lib/sendmail
#path to sendmail which used to deliver the error generated on scanning
Max Normal Queue Size = 800
# this tells mailscanner to stop scanning if the mail queue is this much big
#Note:- TNEF Module is needed to scan the content send from MS Outlook.
Virus Scanning = yes
# This enables the virus scanning
Virus Scanners = clamav
#sets the virus scanner to clamav.
Use SpamAssassin = yes
# makes mailscanner to invoke the spamassassin
Always Include SpamAssassin Repot = yes
#this invokes mailscanner to involve the result of spamassassin.
# The SpamAssassin returns a score for the scanned msg and mailscanner will make a decission upon this score. This will invoke both clamav and spamassassin.
Always Include SpamAssassin Report = yes
# This will include the spamassassin repot in the mail header.

/opt/MailScanner/spam.assassin.prefs.conf

            This file consists of the rules for the spamassassin, eg:-,the white list, Black list, Spam score threshold.

/opt/MailScanner/virus.scanners.conf

            This file contains the preferences of Virus scanner.

/opt/MailScanner/mcp

            This Directory is contains the rules of mail contents (rules about the extension of the mail attachment)

/opt/MailScanner/bin

            This directory contains the executables to run and check the mailscanner service.

#./check_mailscanner

            This will launch the mailscanner service

#ps -ef |grep -i mailscanner

            This will show the mailscanner configuration


Sendmail Integrating with MailScanner:

            By default the sendmail will be running as MSP as queue directory /var/spool/cilentmqueue and as MTA that binds to the default port of 25.

#/usr/sbin/sendmail -L sm-msp-queue -Ac -q30m
#/usr/sbin/sendmail -L sm-mta -bd -q30m

            These are the default deamon options that runs sendmail. So we have to change the deamon options or change the init script of sendmail with the following options.

#kill any existing sendmail deamons

Now create a sendmail start script

#vim sendmail_startup.sh
#!/bin/bash
sendmail=/usr/sbin/sendmail
#Run the sendmail as MSP program.
$sendmail -L sm-msp-queue -Ac -q30m
#Run the sendmail MTA for inbound (To accept the mail and keep in /var/spool/mqueue.in directory in queueonly mode)
$sendmail -L sm-mta-inbound -bd   -OprivacyOptions=noetrn   -OdeliveryMode=queueonly   -OqueueDirectory=/var/spool/mqueue.in  -OPidFile=/var/run/sendmail-in.pid  -q30m
#Define the Outbound MTA for delivery msg from /var/spool/mqueue directory,which has been scanned by and placed by MailScanner. The inervel should be short for delivering the mail ASAP.
$sendmail -q1m

Save and execute the script.

#ps -ef |grep sendmail

            This will show the 3 sendmail process running

Check the mail logs

# tail /var/log/maillog

If the sendmail installation is RPM Based. Then follow this

Change Commands That Start Sendmail. Currently, your copy of sendmail will be started by a script such as /etc/init.d/mail or /etc/rc.d/init.d/sendmail. Somewhere in this script will be the command to start sendmail itself. This should look like this:

---------------
sendmail −bd −q15m
--------------
You should change this to the following two lines:
-------------
sendmail −bd  -OprivacyOptions=noetrn   -OdeliveryMode=queueonly   -OqueueDirectory=/var/spool/mqueue.in  -OPidFile=/var/run/sendmail-in.pid -q30m
sendmail -q1m
-------------

This first starts the copy of sendmail that provides SMTP service, building the work queue for MailScanner. It then starts the copy of sendmail that delivers the output from MailScanner. You also might need to change the commands used to shut down sendmail as it now needs to find 2 copies and kill them both.

Note:-
            The spamd and clamd deamons are not needed to be running. It is just to ensure the configuration files working or not.