Home
# Maia Mailguard 1.0.3 installation on CentOS 6 - kind of a quick and dirty HOWTO
# Absolutely no warranty, use entirely at your own risk
# Absolutely no support - however - let me know if something is very wrong
# mr88talent at yahoo dot com
# 08 AUG 2011
# If this document has been forged the downloads could destroy the entire planet
# Experience with Linux and Postfix is assumed
#
# Document assumes you are using copy and paste, if not then on some lines
# with 'sed' commands it would probably be easier to simply edit the file.
#
# The base directory is /var/amavisd so I don't have to edit a
# bunch of maia scripts. I do not install amavisd-new at all
# I also do not install clamav/clamd from an rpm
# This document assumes a fresh CentOS 6 install using the 'Minimal' installation
# I do not install a GUI (like Gnome) and I use the PuTTY ssh client to access the command line
# I do uncomment 'PermitRootLogin yes' in /etc/ssh/sshd_config
# Use your favorite editor if you don't want to use vim
# I download and burn netinstall CD from http://wiki.centos.org/Download
# The installation media is then 'URL' with the URL http://mirror.centos.org/centos/6.0/os/i386 (for 32-bit)
# or http://mirror.centos.org/centos/6.0/os/x86_64 (for 64-bit)
# A few commands in this document will wrap - be sure you place the entire command on one line
# This document does not cover a lot things like configuring the firewall (system-config-securitylevel-tui)
# or disabling unnecessary daemons. It's focus is getting you to the point
# you can log on to Maia
# This document is not a tutorial for any of the programs listed here
# You can edit this document to customize it. The host name I use is 'ahost'
# The domain name I used is 'example.com' and the administrator's email name is 'adminguy'
# Root's MySQL password is 'roots_password'
# Save this file, then do a search and replace on those four items. Only replace them once.
# Optional (this is not a Centos tutorial - heck, I use Debian myself)
yum update
# If you currently have SELinux enforced, set it to permissive (or even disabled)
sed -i 's/SELINUX=enforcing/SELINUX=permissive/' /etc/selinux/config
cat /etc/selinux/config
# make sure SELINUX is not enforcing, then reboot:
reboot
# If want to prevent 3rd party repositories from preferring themselves over base repositories
yum install yum-protectbase
# For CentOS, Please read http://wiki.centos.org/PackageManagement/Yum/ProtectBase
# I don't think RHEL6 works the same way with yum-protectbase. I have not had good luck figuring this out
# but the Dag rpmforge repo we will add later is generally considered safe, so personally I do not bother.
# a mail server should keep accurate time. If using a firewall, you will want to allow port 123 UDP in.
yum -y install ntp
ntpdate clock.fmt.he.net
ntpdate ntp1.tummy.com
chkconfig --level 235 ntpd on
hwclock --systohc
service ntpd start
# add the amavis user
adduser -r -d /var/amavisd -c "amavis user" -s /bin/sh amavis
# add yourself (as the maia administrator)
adduser adminguy
passwd adminguy
vi /etc/hosts
# in the /etc/hosts file I hate the way Red Hat does it.
# I do it more like this, adding the actual IP and moving our host name there
# (this assumes you are using a static IP address):
127.0.0.1 localhost.localdomain localhost
192.168.1.222 ahost.example.com ahost
# In this test setup, I don't have DNS MX records set up but I want to be able to
# locally send test mail to adminguy@example.com, so I am going to temporarily add
# the domain to the interface:
127.0.0.1 localhost.localdomain localhost
192.168.1.222 ahost.example.com ahost example.com
# make the home directories for Maia
mkdir /var/virusmails
chown amavis:amavis /var/virusmails
mkdir /var/amavisd
mkdir /var/amavisd/db
mkdir /var/amavisd/var
mkdir /var/amavisd/tmp
mkdir /var/amavisd/maia
mkdir /var/amavisd/maia/scripts
chown -R amavis:amavis /var/amavisd
chmod -R 750 /var/amavisd
# Install the junk we need
yum -y install mysql mysql-server perl-DBD-MySQL perl-DBI subversion patch db4 db4-devel db4-utils
yum -y install perl-HTML-Parser perl-Compress-Zlib php php-pear php-mysql perl-libwww-perl system-config-firewall-tui
yum -y install perl-Digest-HMAC perl-Digest-SHA1 perl-Net-DNS perl-Net-IP perl-URI mlocate file rsync curl
yum -y install perl-Archive-Zip perl-Archive-Tar perl-Digest-SHA1 perl-Digest-HMAC perl-Net-DNS perl-URI
yum -y install php-gd pax cpio tmpwatch bzip2 php-xml php-imap php-ldap php-pgsql php-mbstring wget bind-utils
yum -y install binutils gzip spamassassin php-bcmath gcc make bison zlib zlib-devel gmp-devel perl-LDAP
# It wouldn't hurt to run those installs again to make sure we got them all. Also install Pyzor:
cd /usr/local/src
wget ftp://ftp.pbone.net/mirror/download.fedora.redhat.com/pub/fedora/epel/6/x86_64/pyzor-0.5.0-3.el6.noarch.rpm
rpm -ivh pyzor-0.5.0-3.el6.noarch.rpm
# We are going to add Dag Wieers rpmforge repositores in order to get stuff we can't get from Red Hat:
# If you are using a 32-bit .i686 version of RHEL 6/CentOS 6:
rpm -Uhv http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el6.rf.i686.rpm
# If you are using a 64-bit .x86_64 version of RHEL 6/CentOS 6:
rpm -Uhv http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm
# Now install addtional packages from Dag:
yum -y install perl-BerkeleyDB perl-Convert-TNEF perl-Convert-UUlib perl-Data-UUID perl-Mail-DKIM perl-MailTools
yum -y install perl-MIME-tools perl-MailTools perl-MIME-tools perl-Net-Server perl-Template-Toolkit perl-Unix-Syslog
yum -y install perl-Text-CSV nomarch cabextract re2c perl-Net-CIDR-Lite razor-agents
yum -y install perl-Mail-DomainKeys perl-Mail-SPF-Query perl-Sys-Hostname-Long perl-IP-Country perl-IO-stringy
There is no lha package for CentoOS 6, so manually install it.
For a 32-bit system:
wget dag.wieers.com/redhat/el5/en/i386/dag/RPMS/lha-1.14i-19.2.2.el5.rf.i386.rpm
rpm -ivh lha-1.14i-19.2.2.el5.rf.i386.rpm
For a 64-bit system:
wget dag.wieers.com/redhat/el5/en/x86_64/dag/RPMS/lha-1.14i-19.2.2.el5.rf.x86_64.rpm
rpm -ivh lha-1.14i-19.2.2.el5.rf.x86_64.rpm
# Read the note before you run 'svn checkout'
mkdir /usr/local/src/maia
cd /usr/local/src/maia
svn -r 1518 checkout https://www.maiamailguard.com/svn/branches/1.0
# answer (p)ermanently?
# Due to major changes made after SVN 1518, the newest stable build I can recommend is 1518
# please make a note of the SVN revision that you get
# if you need to download again, first move or remove /usr/local/src/maia then start over
# If you picked a version less than 1184, you need to apply a security patch:
cd 1.0/php
cp xlogin.php xlogin.php~
cp login.php login.php~
cp internal-init.php internal-init.php~
wget http://verchick.com/mecham/public_html/spam/maiasecuritypatch1184.txt
patch -p0 < maiasecuritypatch1184.txt
# If the patch was applied successfully:
rm -f xlogin.php~
rm -f login.php~
rm -f internal-init.php~
# I don't use sendmail, I am assuming you will use Postfix as I do
yum -y install postfix cyrus-sasl
rpm -e sendmail
alternatives --config mta
# then select /usr/sbin/sendmail.postfix if needed
# set up pyzor and razor
su amavis -c 'pyzor discover'
su amavis -c 'razor-admin -create'
su amavis -c 'razor-admin -create'
su amavis -c 'razor-admin -register'
# (may have to run that last one twice - if it gives an error the first time>
# test pyzor (a few times if needed)
su amavis -c 'pyzor ping'
# disable razor logging (debuglevel = 0)
sed -i 's/= 3/= 0/' /var/amavisd/.razor/razor-agent.conf
cat /var/amavisd/.razor/razor-agent.conf
# create initial bayes database
su amavis -c 'sa-learn --sync'
ls -l /var/amavisd/.spamassassin/
######################
# install DCC
cd /usr/local/src
wget http://www.dcc-servers.net/dcc/source/old/dcc-1.3.140.tar.Z
tar xzf dcc-1.3.140.tar.Z
cd dcc-1.3.140
./configure --with-uid=amavis && make && make install
chown -R amavis:amavis /var/dcc
ln -s /var/dcc/libexec/cron-dccd /usr/bin/cron-dccd
crontab -e
# and insert (at the top):
43 11 * * * /usr/bin/cron-dccd
######################
# enable DCC in v310.pre (if you abide by the license)
# we also enable the AWL plugin (but personally I turn it off).
cp /etc/mail/spamassassin/v310.pre /etc/mail/spamassassin/v310.pre-mybackup
sed -i 's|#loadplugin Mail::SpamAssassin::Plugin::DCC|loadplugin Mail::SpamAssassin::Plugin::DCC|' /etc/mail/spamassassin/v310.pre
sed -i 's|#loadplugin Mail::SpamAssassin::Plugin::AWL|loadplugin Mail::SpamAssassin::Plugin::AWL|' /etc/mail/spamassassin/v310.pre
head -30 /etc/mail/spamassassin/v310.pre
# test - look for pyzor, razor, dcc
wget http://verchick.com/mecham/public_html/spam/sample-spam.txt
su amavis -c 'spamassassin -D <sample-spam.txt'
# Install needed pear modules
cd
pear channel-update pear.php.net
pear install Mail_Mime-1.8.1
pear install Mail_mimeDecode-1.5.5
pear install Log-1.12.6
pear install Pager-2.4.8
pear install Image_Color-1.0.4
pear install Image_Canvas-0.3.1
pear install Image_Graph-0.8.0
pear install Numbers_Roman-1.0.2
pear install Numbers_Words-0.16.1
pear install Auth_SASL-1.0.4
pear install Net_Socket-1.0.10
pear install Net_IMAP-1.1.0
pear install Net_POP3-1.3.8
pear install DB-1.7.13
pear install Net_SMTP-1.4.4
pear channel-discover htmlpurifier.org
pear install hp/HTMLPurifier
# May want to run those again to make sure you got them all
# Copy some Maia files to the home directory
cd /var/amavisd/maia/scripts
cp /usr/local/src/maia/1.0/scripts/* .
test -e /etc/maia.conf && cp /etc/maia.conf /etc/maia.conf-backup
cp /usr/local/src/maia/1.0/maia.conf.dist /etc/maia.conf
cp -r /usr/local/src/maia/1.0/templates /var/amavisd/maia/templates
chown -R amavis:amavis /var/amavisd
chmod -R 750 /var/amavisd
chmod 640 /var/amavisd/maia/templates/*.tpl
# Copy some custom spamassassin rules
cp /usr/local/src/maia/1.0/*.cf /etc/mail/spamassassin
vi /etc/maia.conf
# and edit the base_url - I use /mail - and this document assumes you will too
$base_url = "http://ahost.example.com/mail";
# you will probably need to make an entry in the hosts file on any computer
# that you are going to use to browse the server unless a DNS record exists.
# See http://www.mysqlperformanceblog.com/2006/09/29/what-to-tune-in-mysql-server-after-installation/
# Out of the box, MySQL is poorly tuned for use with InnoDB. Assuming this is a
# fresh installation (with the default of innodb_fast_shutdown = 1), I am going to
# suggest some optimization. I set innodb_buffer_pool_size to 25% of physical RAM
# and innodb_log_file_size to 25% of innodb_buffer_pool_size. I set innodb_log_buffer_size
# to 8MB. Setting innodb_buffer_pool_size to at least 128M (assuming you have sufficient RAM)
# will greatly increase performance. When innodb_log_file_size is changed, the logs must be
# deleted and recreated. Make sure MySQL is not running when you do this.
service mysqld stop
vi /etc/my.cnf
# Under the [mysqld] section, add these entries:
innodb_buffer_pool_size = 128M
innodb_additional_mem_pool_size = 4M
innodb_log_file_size = 32M
innodb_log_buffer_size = 8M
max_allowed_packet = 20M
# Then rename the log files so they be recreated at a larger size.
# See http://dev.mysql.com/doc/refman/5.0/en/innodb-data-log-reconfiguration.html :
test -e /var/lib/mysql/ib_logfile0 && mv /var/lib/mysql/ib_logfile0 /var/lib/mysql/iblogfile0-old
test -e /var/lib/mysql/ib_logfile1 && mv /var/lib/mysql/ib_logfile1 /var/lib/mysql/iblogfile1-old
chkconfig --level 235 mysqld on
service mysqld start
# If you have not yet added a password:
# (substitute a real password for roots_password and notice the host name)
mysql
SET PASSWORD FOR 'root'@'localhost' = PASSWORD('roots_password');
SET PASSWORD FOR 'root'@'ahost.example.com' = PASSWORD('roots_password');
# literally use the password of 'passwd' here
CREATE DATABASE maia;
USE maia;
SOURCE /usr/local/src/maia/1.0/maia-mysql.sql;
GRANT CREATE, DROP, ALTER, SELECT, INSERT, UPDATE, DELETE ON maia.* TO amavis@localhost IDENTIFIED BY 'passwd';
FLUSH PRIVILEGES;
quit
# We are going to alter the database. Some changes are for SA 3.3.0, and some are so we can keep
# awl and bayes_seen clean (otherwise they grow forever). Supply root's password when prompted.
cd
wget http://verchick.com/mecham/public_html/spam/330_and_gary.sql
mysql -u root -p maia --force < 330_and_gary.sql
# Now grab a script that runs weekly that does the cleaning
cd /etc
wget http://verchick.com/mecham/public_html/spam/trim.awl.sql
cd /etc/cron.weekly
wget http://verchick.com/mecham/public_html/maia/trim-sql-awl-weekly
chmod +x trim-sql-awl-weekly
cd /usr/sbin
wget http://verchick.com/mecham/public_html/maia/trim-awl
chmod 0750 trim-awl
# We need to set the amavis sql password in /usr/sbin/trim-awl
sed -i 's/PASSWD/passwd/' /usr/sbin/trim-awl
# Then run the script (no news is probably good news):
/etc/cron.weekly/trim-sql-awl-weekly
# You don't have to have every possible program (we do not need Crypt::Blowfish, Cyrpt::CBC and DBD:Pg),
# but make sure nothing is broken here:
cd /var/amavisd/maia/scripts/
./configtest.pl
# setup and run sa-update to get the latest spamassassin rules (make sure there are no error messages here)
# you should run sa-update on occasion (and then run a Maia 'load-sa-rules.pl' script to load them into Maia)
sa-update
sa-update
# Make sure we lint Ok
su amavis -c 'spamassassin --lint'
# Load SpamAssassin rules into the Maia database:
cd /var/amavisd/maia/scripts
./load-sa-rules.pl
# Copy files to apache
mkdir /var/www/html/mail
cp -r /usr/local/src/maia/1.0/php/* /var/www/html/mail
cp /var/www/html/mail/config.php.dist /var/www/html/mail/config.php
chgrp amavis /var/www/html/mail/themes/*/compiled
chmod 775 /var/www/html/mail/themes/*/compiled
# Add apache to the amavis group
gpasswd -a apache amavis
# Install and configure Smarty;
cd /usr/local/src
wget http://verchick.com/mecham/public_html/spam/php-Smarty-2.6.26-1.el5.noarch.rpm
rpm -ivh php-Smarty-2.6.26-1.el5.noarch.rpm
ln -s /usr/share/php/Smarty /var/www/html/mail/libs/Smarty
# Create a cache directory for HTMLPurifier
mkdir -p /var/cache/HTMLPurifier
chown apache /var/cache/HTMLPurifier
chmod o-rwx /var/cache/HTMLPurifier
# Configure maia so it can find the HTMLPurifier cache
sed -i 's|$purifier_cache = null|$purifier_cache = "/var/cache/HTMLPurifier"|' /var/www/html/mail/config.php
grep purifier_cache /var/www/html/mail/config.php
# (start or restart)
chkconfig --level 235 httpd on
service httpd start
# You may have to configure the firewall to allow at least WWW (HTTP) and Mail (SMTP) connections if you have not already done so:
system-config-firewall-tui
# Assuming you have an A record in DNS configured for the server's host name
# (or at least an entry in your hosts file) (from a client) test out the install:
http://ahost.example.com/mail/admin/configtest.php
# remember to restart httpd if you make changes - service httpd restart. Don't worry about
the Image_Graph message
# and don't worry about the MCrypt library Failure either. It's a bad idea to encrypt quarantined messages.
# You should ensure the database schema is up to date:
http://ahost.example.com/mail/admin/upgrade.php
# grab an init script from me
cd /etc/init.d
wget http://verchick.com/mecham/public_html/redhat/amavisd_init.sh
mv amavisd_init.sh amavis
chmod +x amavis
chkconfig --add amavis
# copy amavisd into place, make backups of current ones if you have them
test -e /usr/local/sbin/amavisd && cp /usr/local/sbin/amavisd /usr/local/sbin/amavisd-mybackup
test -e /usr/sbin/amavisd && cp /usr/sbin/amavisd /usr/sbin/amavisd-mybackup
cp /usr/local/src/maia/1.0/amavisd-maia /usr/sbin/amavisd
hash -r
# May need a small fix to prevent SpamAssassin 3.3.0 from crashing
sed -i 's/$spamassassin_obj->{bayes_scanner/#$spamassassin_obj->{bayes_scanner/' /usr/sbin/amavisd
# Customize amavisd.conf - or at least use many of these settings in yours
# also get the 2.2.1 amavisd.conf-sample
cd /etc
test -e amavisd.conf && cp amavisd.conf amavisd.conf-myoriginal
wget http://verchick.com/mecham/public_html/spam/2.2.1/amavisd.conf-sample
cp /usr/local/src/maia/1.0/amavisd.conf.dist /etc/amavisd.conf
sed -i 's/yourdomain.tld/example.com/' /etc/amavisd.conf
sed -i 's/DO_SYSLOG = 0/DO_SYSLOG = 1/' /etc/amavisd.conf
sed -i 's/password/passwd/' /etc/amavisd.conf
sed -i 's/virusalert/postmaster/' /etc/amavisd.conf
sed -i 's/spam.police/postmaster/' /etc/amavisd.conf
sed -i 's/host.domain.tld/ahost.example.com/' /etc/amavisd.conf
sed -i "s/# qr'\^MAIL/ qr'\^MAIL/" /etc/amavisd.conf
sed -i 's|/var/amavisd/clamd.sock|/var/run/clamav/clamd.sock|' /etc/amavisd.conf
# edit amavisd.conf and set at least $mydomain
# include all your domains in @local_domains_maps. e.g.:
# @local_domains_maps = ( [".$mydomain", '.example.com', '.example.org'] );
# Make a comment noting your revision number, e.g.: # SVN revision 1504
# I change $DO_SYSLOG = 1; so amavisd logs to /var/log/maillog
# insure:
# @lookup_sql_dsn = ( ['DBI:mysql:maia:localhost', 'amavis', 'passwd'] );
vi /etc/amavisd.conf
######################
# clamd
adduser -r -d /var/lib/clamav -c "clamav user" -s /sbin/nologin clamav
gpasswd -a clamav amavis
# install clamav from source
cd /usr/local/src
# Download location and version are examples only (but valid when I wrote this), always use latest version of ClamAV
# see http://sourceforge.net/project/showfiles.php?group_id=86638
wget http://surfnet.dl.sourceforge.net/project/clamav/clamav/0.97.1/clamav-0.97.1.tar.gz
tar xzf clamav-0.97.1.tar.gz
cd clamav-0.97.1
./configure && make && make install
# Grab an init script for clamd
cd /etc/init.d
wget http://verchick.com/mecham/public_html/clamav95/clamd.init.txt
mv clamd.init.txt clamd
chmod +x clamd
chkconfig --add clamd
# Make directories clamd will need
mkdir /var/log/clamav/
chown -R clamav:clamav /var/log/clamav/
mkdir /var/run/clamav/
chown -R clamav:clamav /var/run/clamav/
mkdir /var/lib/clamav/
chown -R clamav:clamav /var/lib/clamav/
# cheat and use my conf files for this particular setup (if you want this stuff to work):
cd /usr/local/etc/
mv clamd.conf clamd.conf.old
mv freshclam.conf freshclam.conf.old
wget http://verchick.com/mecham/public_html/clamav9/clamd.conf
wget http://verchick.com/mecham/public_html/clamav9/freshclam.conf
freshclam
# It's OK that you got "WARNING: Clamd was NOT notified:" because we have not started clamd.
# So, start clamd:
service clamd start
# check for errors:
cat /var/log/clamav/clamav.log
#########
# For freshclam updates you can either use this script:
cd /etc/init.d
wget http://verchick.com/mecham/public_html/redhat/freshclam
chmod +x freshclam
chkconfig --add freshclam
service freshclam start
# (or) make a crontab entry:
crontab -e
# and make the following entry.
# change NN here to a number between 1 and 59 (three minutes from now)
NN * * * * /usr/local/bin/freshclam --quiet
#########
# keep an eye on the freshclam.log to make sure updates are happening
# if there is no freshclam.log we are in trouble
cat /var/log/clamav/freshclam.log
######################
# We are going to use Bill Landry's script (version 3.7) that downloads clamav unofficial signatures (like sanesecurity)
# http://sourceforge.net/projects/unofficial-sigs/"
cd /usr/local/src
wget http://verchick.com/mecham/public_html/spam/clamav-unofficial-sigs-3.7.tar.gz
tar xzf clamav-unofficial-sigs-3.7.tar.gz
cd clamav-unofficial-sigs-3.7
cp -u clamav-unofficial-sigs-logrotate /etc/logrotate.d/
cp -u clamav-unofficial-sigs.sh /usr/sbin
cp -u clamd-status.sh /usr/sbin
cp -u clamav-unofficial-sigs.conf /etc
gzip clamav-unofficial-sigs.8
cp -u clamav-unofficial-sigs.8.gz /usr/share/man/man8
sed -i 's|user_configuration_complete="no"|user_configuration_complete="yes"|' /usr/sbin/clamd-status.sh
sed -i 's|clamd_pid="/var/run/clamd.pid"|clamd_pid="/var/run/clamav/clamd.pid"|' /etc/clamav-unofficial-sigs.conf
sed -i 's|reload_dbs="no"|reload_dbs="yes"|' /etc/clamav-unofficial-sigs.conf
sed -i 's|#clamd_socket="/var/run/clamd.socket"|clamd_socket="/var/run/clamav/clamd.sock"|' /etc/clamav-unofficial-sigs.conf
sed -i 's|#clamd_lock="/var/lock/subsys/clamd"|clamd_lock="/var/lock/subsys/clamd"|' /etc/clamav-unofficial-sigs.conf
sed -i 's|#start_clamd="service clamd start"|start_clamd="service clamd start"|' /etc/clamav-unofficial-sigs.conf
sed -i 's|min_sleep_time="60"|min_sleep_time="3"|' /etc/clamav-unofficial-sigs.conf
sed -i 's|max_sleep_time="600"|max_sleep_time="30"|' /etc/clamav-unofficial-sigs.conf
sed -i 's|work_dir="/usr/unofficial-dbs"|work_dir="/var/lib/clamav-unofficial-sigs"|' /etc/clamav-unofficial-sigs.conf
sed -i 's|curl_silence="no"|curl_silence="yes"|' /etc/clamav-unofficial-sigs.conf
sed -i 's|rsync_silence="no"|rsync_silence="yes"|' /etc/clamav-unofficial-sigs.conf
sed -i 's|gpg_silence="no"|gpg_silence="yes"|' /etc/clamav-unofficial-sigs.conf
sed -i 's|comment_silence="no"|comment_silence="yes"|' /etc/clamav-unofficial-sigs.conf
sed -i 's|enable_logging="no"|enable_logging="yes"|' /etc/clamav-unofficial-sigs.conf
sed -i 's|user_configuration_complete="no"|user_configuration_complete="yes"|' /etc/clamav-unofficial-sigs.conf
# Now run the sripts and check for errors:
clamd-status.sh
clamav-unofficial-sigs.sh
service clamd restart
ls -l /var/lib/clamav should look similar to this:-rw-r--r-- 1 clamav clamav 104690 Feb 27 04:37 bytecode.cvd
-rw-r--r-- 1 clamav clamav 1438230 Feb 27 04:37 daily.cvd
-rw-r--r-- 1 clamav clamav 52824 Feb 27 04:40 honeynet.hdb
-rw-r--r-- 1 clamav clamav 5041859 Feb 25 04:51 junk.ndb
-rw-r--r-- 1 clamav clamav 501212 Feb 27 03:50 jurlbl.ndb
-rw-r--r-- 1 clamav clamav 26224310 Feb 27 04:37 main.cvd
-rw-r--r-- 1 clamav clamav 213539 Feb 27 04:40 mbl.ndb
-rw-r--r-- 1 clamav clamav 52 Feb 27 04:38 mirrors.dat
-rw-r--r-- 1 clamav clamav 2557590 Feb 25 04:51 phish.ndb
-rw-r--r-- 1 clamav clamav 117050 Feb 24 11:50 rogue.hdb
-rw-r--r-- 1 clamav clamav 8502 Jan 21 01:50 sanesecurity.ftm
-rw-r--r-- 1 clamav clamav 1753797 Feb 25 03:49 scam.ndb
-rw-r--r-- 1 clamav clamav 9669520 Feb 27 04:40 securiteinfo.hdb
-rw-r--r-- 1 clamav clamav 56529 Feb 24 03:51 spamimg.hdb
-rw-r--r-- 1 clamav clamav 724108 Feb 27 04:40 vx.hdb
-rw-r--r-- 1 clamav clamav 1144084 Feb 27 03:45 winnow_malware.hdb
-rw-r--r-- 1 clamav clamav 707283 Feb 27 03:45 winnow_malware_links.ndb
# You should stop clamd, and then run the clamd-status.sh script to see if it works.
# Now we add a crontab entry with download attempts performed every 6th hour:
crontab -e
# Insert these two entries. Replace MM (minutes) below with a number between 1 and 59:
MM */6 * * * /usr/sbin/clamav-unofficial-sigs.sh
*/6 * * * * /usr/sbin/clamd-status.sh
# Save and exit the file. The first cron job should run every 6 hours, and the second, every 6 minutes.
# The clamav-status.sh script will restart clamd after a crash.
# There is a log file at /var/log/clamav-unofficial-sigs.log and you can read the man page at 'man clamav-unofficial-sigs'.
# Start amavisd in debug mode and check for severe errors. "INFO: no optional modules:" is not a problem, Use [Ctrl]+c to cancel:
# Note that there will be modules we are not using. This is not a problem either. Hopefully you get: "Net::Server: Parent ready for children."
service amavis stop
amavisd debug
# If everything looks Ok, cancel debug mode (Ctrl+C) and start amavisd-maia
service amavis start
######################
# Minimal Postfix configuration:- you are on your own here, this is not a Postfix HOWTO
# this delivers locally to one domain (using mbox format)
# If you already have a working Postfix, keep your eyes open here
# If you are relaying mail instead of storing it locally, you may wish to read my Debian document
# http://verchick.com/mecham/public_html/spam/spamfilter20110303.html#maincf
# Also, you would not want to have the bare domain in the hosts file, which I placed there for this test.
# This first part enables the content_filter and adds the smtp-amavis transport to master.cf:
cd /etc/postfix
cp main.cf main.cf-myoriginal
postconf -e "content_filter = smtp-amavis:[127.0.0.1]:10024"
wget http://verchick.com/mecham/public_html/spam/amavisd-master.txt
cp master.cf master.cf-backup
cp master.cf master.cf-myoriginal
grep 'smtp-amavis' master.cf || cat master.cf-myoriginal amavisd-master.txt > master.cf
cat master.cf
# If you already have a working Postfix, you will not want to run these
postconf -e "alias_maps = hash:/etc/aliases"
newaliases
postconf -e "myorigin = example.com"
postconf -e "mydomain = example.com"
postconf -e "myhostname = ahost.example.com"
postconf -e "inet_interfaces = all"
postconf -e "mynetworks = 127.0.0.0/8, 192.168.0.0/16, 10.0.0.0/8, 172.16.0.0/12"
chkconfig postfix on
# system dependent, default is $myhostname, localhost.$mydomain, localhost
# this is for local mail delivery
# If you already have a working Postfix, you will not want to run this
postconf -e "mydestination = \$myhostname, localhost.\$mydomain, localhost, \$mydomain"
# note that we escaped the $ sign when using postconf - the backslash does not actually go in main.cf
service postfix stop
service postfix start
postfix flush
# did Postfix die? Is so, why?:
tail -30 /var/log/maillog | grep postfix
######################
reboot
# When the system comes back up, make sure clamd and amavis (and freshclam?) are running
ps aux | egrep '(clam|amavis)' | grep -v grep
# send a simple test message
echo "test" | sendmail adminguy@example.com
# after about 30 seconds the result should be in:
tail -30 /var/spool/mail/adminguy
# I got (notice the processing by amavisd):
######################
From root@example.com Fri Feb 19 18:08:12 2010
Return-Path: <root@example.com>
X-Original-To: adminguy@example.com
Delivered-To: adminguy@example.com
Received: from localhost (localhost [127.0.0.1])
by ahost.example.com (Postfix) with ESMTP id BBEF91D72
for <adminguy@example.com>; Fri, 19 Feb 2010 18:08:11 -0700 (MST)
Received: from ahost.example.com ([127.0.0.1])
by localhost (ahost.example.com [127.0.0.1]) (amavisd-maia, port 10024)
with ESMTP id 01671-01 for <adminguy@example.com>;
Fri, 19 Feb 2010 18:08:11 -0700 (MST)
Received: by ahost.example.com (Postfix, from userid 0)
id 36FC11D70; Fri, 19 Feb 2010 18:08:11 -0700 (MST)
Message-Id: <20100220010811.36FC11D70@ahost.example.com>
Date: Fri, 19 Feb 2010 18:08:11 -0700 (MST)
From: root@example.com (root)
To: undisclosed-recipients:;
test
# If you look in /var/log/httpd/error_log you may or may not see a number of errors like this:
[Sat Feb 20 16:56:44 2010] [error] [client 192.168.1.41] PHP Warning:
strftime(): It is not safe to rely on the system's timezone settings.
You are *required* to use the date.timezone setting or the
date_default_timezone_set() function. In case you used any of those
methods and you are still getting this warning, you most likely
misspelled the timezone identifier. We selected 'America/Denver' for
'MST/-7.0/no DST' instead in
/usr/share/php/Smarty/plugins/modifier.date_format.php on line 53,
referer: http://ahost.example.com/mail/settings.php?
# So, you want to vi /etc/php.ini and uncomment and configure the date.timezone setting.
# Here is page to refer to as to the wording of the time zones:
http://us.php.net/manual/en/timezones.php
# You may also get errors suh as:
PHP Notice: Use of undefined constant PEAR_LOG_DEBUG - assumed
'PEAR_LOG_DEBUG' in /var/www/html/mail/config.php on line 79
# then I suggest changing error_reporting = E_ALL to error_reporting = E_ALL & ~E_NOTICE
# Then restart apache2:
service httpd restart
######################
# Note that the administrator you create here (by running internal-init.php and login.php?super=register) must be your real
# address because you will get an email at that address with your password. I hope the mail system is functioning enough
# to actually deliver mail to that user.
# I am going to use internal authentication, so first:
# here is a sample of what we are after next:
http://verchick.com/mecham/public_html/spam/authentication4.htm
http://ahost.example.com/mail/internal-init.php
# If all goes well, you will get a "250 Ok" response on the screen when you submit this page
# and your password in a message in your inbox:
tail -30 /var/spool/mail/adminguy
# Then log in with your email address and password
# The first person to log in (hopefully you) to this script will be the super user.
http://ahost.example.com/mail/login.php?super=register
# You will want to change your password.
# Send eicar.com.txt virus as an attachment in order to test clamd once
# you have enabled virus scanning in Maia.
#
# The SQL based Bayes and AWL tables have been created for you.
# You can enable them by placing this in /etc/mail/spamassassin/local.cf:
vi /etc/mail/spamassassin/local.cf
bayes_store_module Mail::SpamAssassin::BayesStore::MySQL
bayes_sql_dsn DBI:mysql:maia:localhost
bayes_sql_username amavis
bayes_sql_password passwd
bayes_sql_override_username amavis
# auto_whitelist_factory Mail::SpamAssassin::SQLBasedAddrList
# user_awl_dsn DBI:mysql:maia:localhost
# user_awl_sql_username amavis
# user_awl_sql_password passwd
# You will need to reload amavisd - amavisd reload - after making that change. We also need to initialize
# the Bayes Database (and we always want to lint SA after making changes):
cd
su amavis -c 'spamassassin --lint'
wget http://spamassassin.apache.org/gtube/gtube.txt
sa-learn --spam gtube.txt
sa-learn --dump magic
# See this document that describes issues with SA 3.3.1 amd MySQL 5.1. We are going to fix Bayes.
# We are going to wipe out Bayes and start over
# Stop Maia
service amavis stop
# log into MySQL (as root)
mysql -p
# Then run these commands:
USE maia;
DELETE from awl;
DELETE from bayes_expire;
DELETE from bayes_global_vars;
INSERT INTO bayes_global_vars VALUES ('VERSION','3');
DELETE from bayes_seen;
DELETE from bayes_token;
DELETE from bayes_vars;
ALTER TABLE bayes_token MODIFY token BINARY(5) NOT NULL DEFAULT '';
ALTER TABLE bayes_token DROP PRIMARY KEY;
ALTER TABLE bayes_token ADD PRIMARY KEY (id, token);
ALTER TABLE awl MODIFY email VARBINARY(255) NOT NULL DEFAULT '';
ALTER TABLE awl DROP PRIMARY KEY;
ALTER TABLE awl ADD PRIMARY KEY (username, email, signedby, ip);
# Then:
quit
# Apply the patch to SpamAssassin 3.3.1 MySQL.pm:
cd /usr/share/perl5/Mail/SpamAssassin/BayesStore/
wget http://verchick.com/mecham/public_html/spam/sa.mysql.patch1.txt
if ! grep 46675 -q MySQL.pm; then patch MySQL.pm<sa.mysql.patch1.txt; fi
# Test Bayes again:
cd
su amavis -c 'spamassassin --lint'
sa-learn --spam gtube.txt
sa-learn --dump magic
# Start up Maia:
service amavis start
http://ahost.example.com/mail
# This is just the beginning.
# Please read the Maia documentation to continue. Make sure you set up
# maintenance scripts and move the admin directory out of http
# http://www.maiamailguard.com/maia/wiki/MaintenanceScripts
# Note: in System Configuration, please provide the full pathname to "E-mail reminder template file:"
# /var/amavisd/maia/templates/reminder.tpl
######################
# I would test again with 'amavisd debug'. Now, read the documentation:
http://www.maiamailguard.com/docs.php
Here is a sample of what root's crontab may look like for the Maia scripts:# Minute Hour Day of Month Month Day of Week Command
# (0-59) (0-23) (1-31) (1-12 or Jan-Dec) (0-6 or Sun-Sat)
30 * * * * /bin/su amavis -c '/var/amavisd/maia/scripts/process-quarantine.pl --learn --report --quiet'
10 1 * * * /bin/su amavis -c '/var/amavisd/maia/scripts/expire-quarantine-cache.pl --quiet'
10 2 * * 3 /bin/su amavis -c '/var/amavisd/maia/scripts/send-quarantine-reminders.pl'
*/5 * * * * /bin/su amavis -c '/var/amavisd/maia/scripts/send-quarantine-digests.pl'
0 * * * * /bin/su amavis -c '/var/amavisd/maia/scripts/stats-snapshot.pl' >/null