|
||||||||||||||||||||||||
Part
15 - qmail-scanner w/qms-analog |
||||||||||||||||||||||||
If you will recall, when we compiled qmail earlier in this installation, we applied a patch to qmail called "qmailqueue.patch". This patch allows qmail to be configured to run with a substitute queuing mechanism. That's exactly what were about to do here. We're going to tell qmail to use Qmail-Scanner as the queuing mechanism. Qmail-scanner is going to allow us to integrate Clam Antivirus and SpamAssassin into our qmail server's mail queue. Once qmail-scanner is installed, there will be a master script that is filled with configuration options that help you to tailor the functionality of Clam Antivirus and SpamAssassin to your needs. To expand the number of configuration options, we are also going to apply a patch to qmail-scanner. For this patch, we will be using Mark Teel's qms-analog patch. Qms-analog incorporated the widely used qmail-scanner-st patch but it also adds some cool reporting functionality as well which we will utilize later in this installation guide. So let's get on it! cd /downloads/qmailrocks Unpack qmail-scanner... tar zxvf qmail-scanner-1.22.tgz Now unpack qms-analog... tar zxvf qms-analog-0.3.4.tar.gz Install qms-analog itself. This will come in handy in the next step when we install Qmailanalog. cd qms-analog-0.3.4 make all Next, we copy needed qms-analog files to the qmail-scanner source directory... cp qmail-scanner-1.22-st-qms-YYYYMMDD.patch /downloads/qmailrocks/qmail-scanner-1.22/ cp qms-config-script-cwrapper /downloads/qmailrocks/qmail-scanner-1.22/ Now, let's apply the qms-analog patch... cd /downloads/qmailrocks/qmail-scanner-1.22 chmod 755 qms-config-script-cwrapper patch -p1 < qmail-scanner-1.22-st-qms-YYYYMMDD.patch Now continue with the qmail-scanner installation... groupadd qscand useradd -g qscand -c "Qmail-Scanner Account" -s /bin/false qscand Now we will configure qmail-scanner and install it. Ordinarily, you would run the ./configure script to configure and install qmail-scanner. However, Mark Teel has donated a handy little config script that does most of the work for you.This script is called "qms-config-script" and, if you look above, you should have already copied this config script into the qmail-scanner source directory. By default, Slackware is setup to NOT allow setuid. Therefore, we'll start off with instructions based on a server that does not allow setuid. However, if you know for a fact that your server has been setup for setuid functionality, the redhat installation instructions for qmail-scanner should suffice. So let's do it... cd /downloads/qmailrocks/qmail-scanner-1.22/contrib make install Now we will customize the qmail-scanner configuration script... cd /downloads/qmailrocks/qmail-scanner-1.22 vi qms-config-script-cwrapper You will notice several fields that need to be customized to fit your needs. Let's have a look. I've highlighted the fields you should customize in RED #!/bin/sh if
[ "$1" != "install" ]; then ./configure
--domain yourdomain.com \ Now save and exit out of the config file. That was easy, wasn't it. And now we will run a test config for qmail-scanner... ./qms-config-script-cwrapper Answer YES to all questions. If you get no errors, you can then run the script in "install" mode and this will install qmail-scanner on your server. If you do get errors, check out these troubleshooting tips. ./qms-config-script-cwrapper install Again, answer YES to all questions. If you get no errors, you can then run the script in "install" mode and this will install qmail-scanner on your server. If you do get errors, check out these troubleshooting tips. vi /var/qmail/bin/qmail-scanner-queue.pl Then
change the first line of /var/qmail/bin/qmail-scanner-queue.pl chmod 0755 /var/qmail/bin/qmail-scanner-queue.pl And now all that's left for qmail-scanner is to initiate the version file and the perlscanner database... First, we'll initialize the version file. This command also helps to keep your server's /var/spool/qmailscan folder clear of rogue files that can develop when SMTP sessions are dropped. You may want to stick this command into your server's crontab and run it once a day. You'll see more on this in the "maintaining your qmail server" step near the end of this tutorial.. So let's run it... setuidgid qscand /var/qmail/bin/qmail-scanner-queue.pl -z And now we will generate a new perlscanner database for qmailp-scanner. For future reference, it's a good idea to run this next command whenever you upgrade qmail-scanner. You'll see more on this in the "maintaining your qmail server" step near the end of this tutorial. So let's do i t... setuidgid qscand /var/qmail/bin/qmail-scanner-queue.pl -g A successful database build should produce the following output: perlscanner:
generate new DB file from /var/spool/qmailscan/quarantine-attachments.txt And now one final ownership check... chown -R qscand:qscand /var/spool/qmailscan Woohoo, qmail-scanner is installed! Now it's time to tie qmail-scanner into qmail itself. vi /var/qmail/supervise/qmail-smtpd/run To instruct Qmail to use Qmail-Scanner as the alternative queuing mechanism, we add the following line to the SMTP "run" script right under the first line (#!/bin/sh): QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue" export QMAILQUEUE ..and we change the "softlimit" in that same script... change softlimit to 40000000 Note: It is absolutely vital that you change the "Softlimit" setting in this script. If you don't, qmail may fail to deliver mail!!! So now the qmail-smtp/run file should look like this: #!/bin/sh Once you've got the qmail-smtpd file modified, save the changes and exit from the file. Now we will finalize the qmail-scanner installation by going over some post-install configuration options. After that, we'll fire everything up and take qmail-scanner for a test drive!. To activate all the changes we just made, we're going to have to completely stop and restart qmail... Stop it... qmailctl stop and start it... qmailctl start And a quick check of the qmail processes, just to be safe.. qmailctl stat Now it's time to test the whole damn thing to see if Qmail-Scanner, Spamassassin and Clam AV are all working correctly. Fortunately, Qmail-Scanner comes with it's own testing script that does a fantastic job. So let's test it! cd /downloads/qmailrocks/qmail-scanner-1.22/contrib chmod 755 test_installation.sh setuidgid qscand ./test_installation.sh -doit A successful test should produce the following output. 2 messages should be quarantined by Clam Antivirus in /var/spool/quarantine/new and 2 messages should be set to whatever mailbox you specified in the Qmail-scanner configuration script. Don't worry if you don't get virus notification emails. The normal notification emails that get sent out upon virus detection usually don't work during the test. setting QMAILQUEUE to /var/qmail/bin/qmail-scanner-queue.pl for this test... Sending
standard test message - no viruses... Sending
eicar test virus - should be caught by perlscanner module... Sending eicar test virus with altered filename - should only be caught by commercial anti-virus modules (if you have any)... Sending
bad spam message for anti-spam testing - In case you are using SpamAssassin... Finished test. Now go and check Email for postmaster@mydomain.com If you get 2 messages in your inbox and you see 2 messages in the quarantine folder, it's time to crack open a cold one! You've successfully installed all 3 packages! Woohoo!
Summary of functionality: If you've gotten to this point, you should have Clam Anti-Virus, Spamassassin and Qmail-Scanner all working together. When a messages comes into the server, Qmail-Scanner takes the message and pipes it out to both Clam Anti-Virus and Spamassassin. If the message contains a virus, Clam AV quarantines it a /var/spool/qmailscan/quarantine and then send a notification e-mail to whoever you specified in the Qmail-Scanner installation. If the message does not contain a virus, it is then scanned by Spamassassin. Depending on the score that Spamassassin assigns to the message and whether or not that score breaks the SPAM threshold set by you in the /var/qmail/.spamassassin/user_prefs file, Spamassassin will either let the message go unaltered to its destination or it will tag the message as SPAM. If the message is tagged as SPAM, it will still arrive at its destination, but with an altered "subject" that will signal to the recipient that this was tagged as SPAM. The text that gets appended to the "subject" of the e-mail is set in the /var/qmail/bin/qmail-scanner-queue.pl file. (For example: If you set qmail-scanner-queue.pl to tag all SPAM with "HI, I'M SPAM!", mail tagged as such will be delivered to the recipient with "HI, I'M SPAM" added to the subject. Once the message is tagged, the recipient can then configure his/her mail client to deal with those tagged message in whatever manner he/she sees fit. Alternatively, you can tell Spamassassin to delete all suspected spam messages (like I do). You can find directions for this in the "Hints" box above.
|
||||||||||||||||||||||||
|
||||||||||||||||||||||||
home | about | the installation | utilities | faq | contact | journal | mailing list | list archive | forum | links | donate | merchandise |
||||||||||||||||||||||||
This mirror last modified:
Thursday, August 9th, 2012 15:58:55 CEST
|
||||||||||||||||||||||||