In continue to my document https://help.ubuntu.com/community/QmailOpenLDAP about setting up qmail-ldap on ubuntu this document will help you to setup qmail-scanner with clamav antivirus and spamassassin spamfilter.

Introduction

Qmail-Scanner is an add-on that enables a Qmail email server to scan email for certain characteristics. It is typically used for its anti-virus and anti-spam protection functions, in which case it is used in conjunction with external scanners. It also enables a site (at a server/site level) to create "Policy blocks": i.e. react to email that contains specific strings in particular headers, or particular attachment filenames or types (e.g. *.EXE attachments even in a zip file).

Its archival features helps ISPs and corporations around the world with new or pending legislation, and regulatory requirements. It can archive all processed email into an archive maildir. This is ideal for backup purposes for audit policy reasons. Unlike certain Windows-based server solutions, the mail envelope headers (the "rcpt to:" and "mail from:" headers) are kept intact - appended to the bottom of each message - confirming true sender and destination addresses. Archiving also supports filtering to a subset of addresses (e.g. only archive "support@domain.name" emails instead of all).

We will bind spamassasin and clamav with qmailsacnner. Spamassassin is a open Source mail filter, written in Perl, to identify spam using a wide range of heuristic tests on mail headers and body text. It can also use some use full plugins like Pyzor, Razor, and DCC. Clamav will scan mail message for virus infected mails.

Installation

We will install and configure Qmail-Scanner, Clamav and SpamAssassin with plugins Pyzor, Razor, and DCC.

Clam Antivirus

ClamAV is an open source antivirus engine designed for detecting Trojans, viruses, malware and other malicious threats. It is the de facto standard for mail gateway scanning. It provides a high performance mutli-threaded scanning daemon, command line utilities for on demand file scanning, and an intelligent tool for automatic signature updates.

Download

Download latest version from http://downloads.sourceforge.net/project/clamav

wget http://nchc.dl.sourceforge.net/project/clamav/clamav/0.97/clamav-0.97.tar.gz

Install and Configure ClamAV

cd /download
tar zxvf  clamav-0.97.tar.gz
useradd -c "Qmail-Scanner Account" -s /bin/false qscand
cd clamav-0.97
./configure --with-user=qscand --with-group=qscand
make && make install
ldconfig -v

Now, we configure its configuration files,these are as:

vi /usr/local/etc/clamd.conf

#Example
LogFile /var/log/clamav/clamd.log
LogFileMaxSize 20M
LogTime yes
LogClean yes
LogSyslog yes
PidFile /var/run/clamav/clamd.pid
TemporaryDirectory /var/tmp
DatabaseDirectory /usr/local/share/clamav
LocalSocket /var/run/clamav/clamd.cl
MaxConnectionQueueLength 30
User qscand
MaxThreads 20
Scanmail yes

Now, create some directories with the ownership of qscand

mkdir /var/run/clamav
chown -R qscand.qscand /var/run/clamav
mkdir /var/log/clamav
chown -R qscand.qscand /var/log/clamav
chmod -R 755 /var/log/clamav

By this, clamav is will successful install.

/usr/local/sbin/clamd &

vi /usr/local/etc/freshclam.conf

#Example
DatabaseDirectory /usr/local/share/clamav
UpdateLogFile /var/log/clamav/freshclam.log
LogSyslog yes
DatabaseOwner qscand
DNSDatabaseInfo current.cvd.clamav.net
DatabaseMirror database.clamav.net
DatabaseMirror db.in.clamav.net
NotifyClamd /usr/local/etc/clamd.conf

Save and exit

freshclam -v

crontab -e
25 1 * * * /usr/local/bin/freshclam -l /var/log/clamav/freshclam.log

SpamAssassin

SpamAssassin is a mail filter to identify spam. It is an intelligent email filter which uses a diverse range of tests to identify unsolicited bulk email, more commonly known as Spam. These tests are applied to email headers and content to classify email using advanced statistical methods.

Install and configure spamassassin

apt-get install spamassassin libdigest-sha1-perl libnet-dns-perl libmail-spf-query-perl libgeo-ip-perl  libnet-ident-perl libio-socket-ssl-perl libio-socket-inet6-perl perl-modules

groupadd spamd
useradd -g spamd -s /bin/false spamd

vi /etc/default/spamassassin

ENABLED=1 
OPTIONS=" --user-config --username=spamd --max-children 5 --debug --helper-home-dir=/home/spamd" 

vi /etc/mail/spamassassin/local.cf

required_score 5.0 
dns_available yes
use_pyzor 1
use_razor2 1
use_bayes 1
bayes_auto_learn 1
bayes_file_mode 0700
include /etc/mail/spamassassin/autowhitelist
bayes_path /etc/mail/spamassassin/.spamassassin/bayes
bayes_auto_learn_threshold_nonspam       0.1
bayes_auto_learn_threshold_spam         12.0
ok_languages en hi
ok_locales en

Now start up Spamassassin...

/etc/init.d/spamassassin start

Now add some plugins..

Razor

cd /downloads/
wget "http://citylan.dl.sourceforge.net/project/razor/razor-agents/2.85/razor-agents-2.85.tar.bz2"
wget 'http://citylan.dl.sourceforge.net/project/razor/razor-agents-sdk/2.07/razor-agents-sdk-2.07.tar.bz2'

tar xvf razor-agents-sdk-2.07.tar.bz2
cd razor-agents-sdk-2.07 
perl Makefile.PL 
make 
make test 
make install

cd /downloads/
tar xvfj razor-agents-2.85.tar.bz2
cd razor-agents-2.85
perl Makefile.PL
make
make test
make install

Make sure your firewall is allowing port tcp/2703

razor-admin -home=/home/spamd/.razor -create
razor-admin -home=/home/spamd/.razor -register
razor-admin -home=/home/spamd/.razor -discover

DCC

cd /downloads/
wget http://www.rhyolite.com/anti-spam/dcc/source/dcc.tar.Z

tar xvfz dcc.tar.Z
cd dcc-1.3.120/
./configure
make && make install

Make sure your firewall is allowing port udp/6277

Pyzor

cd /downloads/
wget http://space.dl.sourceforge.net/project/pyzor/pyzor/0.5.0/pyzor-0.5.0.tar.gz

tar xvf pyzor-0.5.0.tar.gz
cd pyzor-0.5.0 
python setup.py build 
python setup.py install 
python -c 'import gdbm' && echo 'gdbm found' 

run the next command to complete pyzor installation

pyzor --homedir /home/spamd discover 

vi /etc/mail/spamassassin/v310.pre

enable the line 
loadplugin Mail::SpamAssassin::Plugin::DCC

spamassassin –lint

Qmail-Scanner

cd /downloads/qmailrocks
tar xvfz qmail-scanner-1.25.tgz 
tar zxvf qms-analog-0.4.2.tar.gz

cd qms-analog-0.4.2

make all
cp qmail-scanner-1.25-st-qms-20050219.patch ../qmail-scanner-1.25/
cd ../qmail-scanner-1.25
patch -p1 < qmail-scanner-1.25-st-qms-20050219.patch 

vi qms-config

./configure    --domain yourdomain.com \
               --admin postmaster \
               --local-domains "yourdomain.com" \
               --add-dscr-hdrs yes \
               --dscr-hdrs-text "X-Antivirus-YOURDOMAIN" \
               --ignore-eol-check yes \
               --sa-quarantine 0 \
               --sa-delete 0 \
               --sa-reject no \
               --sa-subject ":SPAM:" \
               --sa-alt yes \
               --sa-debug yes \
               --sa-report yes \
               --notify "psender,admin" \
               --redundant yes \
               --unzip yes \
               --qms-monitor no \
               "$INSTALL"

chmod 755 qms-config
./qms-config

if configuretion are ok then..

./qms-config install

setuidgid qscand /var/qmail/bin/qmail-scanner-queue.pl -z
setuidgid qscand /var/qmail/bin/qmail-scanner-queue.pl -g

vi /var/qmail/bin/qmail-scanner-queue.pl
msg_size > 500000

chown -R qscand:qscand /var/spool/qmailscan

vi /service/qmail-smtpd/run
QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl" ; export QMAILQUEUE

now restart your qmail server and see things works...

Qmail-Scanner with Spamassassin and Clamav (last edited 2011-03-07 05:16:38 by delhi-203)