|
Absolutely no warranty, use entirely at your own risk. See the disclaimer at
http://verchick.com/mecham/public_html/spam/.
Note: This document assumes you have installed amavisd-new (from source) per one
of the documents at
http://verchick.com/mecham/public_html/spam/.
It also assumes you have installed and configured spamassassin, clamav clamav-daemon and Postfix.
(Hint, after installing clamav-daemon, run 'gpasswd -a clamav amavis' to add the clamav user
to the amavis group). If you have not yet installed amavisd-new,
please do not install a Debian 'testing' (etch) or 'unstable' (sid) version
(why?).
If you have installed one of these Debian packages, it must be removed (and at least the initscript replaced with
the 20030616p10-5 version). Here is a procedure that will remove the Debian 2.4.x amavisd-new,
replace the init scrip with a version that appears to be compatible with both the Debian version
of amavisd-new and Maia, and then puts the Debian version of amavisd-new back together so
it still works: First test that when you remove amavisd-new, only amavisd-new will be removed:
apt-get -s remove amavisd-new
If it is the only thing that will be removed, continue on:
mkdir /etc/ambackup
|
The first thing to do is backup our current amavisd-new. There is nearly
no doubt you will make use of these backup files, so protect them well:
cp /etc/amavis/amavisd.conf /etc/amavis/amavisd.conf-debianWe need to make a symbolic link because Maia will want to use /etc/amavisd.conf, not /etc/amavis/amavisd.conf: ln -s /etc/amavis/amavisd.conf /etc/amavisd.conf
Download the current revision of Maia 1.0.x. The last time I updated this guide, the most current revision was 1160 (which I believe is the bundled version of 1.0.2). I advise you browse https://www.maiamailguard.com/svn/branches/1.0 and make a note of the revision of the trunk you may choose to install today. You can of course pick a particular revision, but be aware that this document is based on revision 1160. OK, let's get started:
apt-get updateChoose the most current SVN version, or revision 1160. Notice the last line of the download shows the version number you got. Keep this number handy: svn checkout https://www.maiamailguard.com/svn/branches/1.0
(or to specify the exact version) svn -r 1160 checkout https://www.maiamailguard.com/svn/branches/1.0
Answer (p) if it asks... If you ever use this method to download Maia again, you should first move the old downloaded files to another directory to avoid overwriting them. Read this thread. If you picked a version less than 1184, you need to apply a security patch: cd 1.0/php
If the patch was applied successfully: rm -f xlogin.php~
Now, install MySQL 4.1 (if you do not have MySQL installed): apt-get install mysql-server
This one is optional but recommended. If you have problems with dependencies during installation you can skip this: apt-get install libmysqlclient15-dev
Install more needed programs: apt-get install libcrypt-blowfish-perl libcrypt-cbc-perl libossp-uuid-perl libtemplate-perl libwww-perl
All of these programs should already be installed, but you can run this just in case: apt-get install libdigest-sha1-perl libhtml-parser-perl libdbd-mysql-perl libdbi-perl libunix-syslog-perl libio-stringy-perl libnet-server-perl libmailtools-perl libmime-perl libconvert-uulib-perl libconvert-tnef-perl libarchive-zip-perl libarchive-tar-perl
We install some others: apt-get install cabextract libberkeleydb-perl libdigest-sha1-perl libdigest-hmac-perl libnet-dns-perl pax
Install PHP5, Pear and some additional Pear modules. This may also install/upgrade x11-common. Be forewarned you may get this warning. This should not be an issue if you are not using a GUI. apt-get install php5 php-pear php5-common php5-mysql php5-gd php5-sqlite smarty
There is a bug in Pie.php provided with Image_Graph-0.7.2. If you have installed
this version of Image_Graph, grab a file from me to fix the bug:
cd /usr/share/php/Image/Graph/Plot/
When the time comes you want to view Pie charts, enable them with Settings->Miscellaneous Settings->Display graphic charts?
Install Apache2 apt-get install apache2 libapache2-mod-php5
To avoid redirecting the root of the web server pages, edit this file: vi /etc/apache2/sites-available/default
and comment out this line: RedirectMatch ^/$ /apache2-default/
Change the firewall rules to allow access to port 80. Edit this to reflect your network (and any other custom modifications you made to the original version), or this will lock you out! Please see http://verchick.com/mecham/public_html/spam/debian-smtp-firewall.html if this does not look familiar to you. It is quite likely you have your firewall set up using some other means, but the idea remains that you need to open up tcp port 80: iptables -F
You should now be able to open a browser and browse to the IP address of the
spamfilter. I recommend adding the IP address and FQDN hostname of the spamfilter
to your hosts file, so you can browse the server using the hostname instead
of the IP address. Of course, eventually you will need to set up the host in DNS
if you have not already done so. If this is a production server, obviously you already have.
We need to create some directories and copy some files per the INSTALL instructions. We use 'sed' to change /var/amavisd to /var/lib/amavisd in a few files: vi /etc/maia.conf
Save and exit the file. We need to log into MySQL and set the passwords for root (unless you have already set the password, in which case log in with 'mysql -p'.). Note that I use the hostname 'sfa' in the example which you need to change to the actual hostname of your machine, and I also use 'Roots_Password' as a place holder for a real password that you supply: mysql -u root
While you are still logged in to MySQL (if you are not, please do so), we now create the maia database:
CREATE DATABASE maia;
Be careful that the next command points to the correct location of "maia-mysql.sql": SOURCE /usr/local/src/maia/1.0/maia-mysql.sql;
You should have seen a number of lines similar to "Query OK, 1 row affected (0.01 sec)" scroll by. Now we create the amavis user and then quit (there are 3 commands here). Literally use the password of 'passwd' here: GRANT CREATE, DROP, ALTER, SELECT, INSERT, UPDATE, DELETE ON maia.* TO amavis@localhost IDENTIFIED BY 'passwd';
Let's see if our configuration looks OK so far:cd /var/lib/amavis/maia/scripts/
This should result in something like:Perl : 5.8.4 : OK file(1) : 4.12 : OK Archive::Tar : 1.23 : OK Archive::Zip : 1.14 : OK BerkeleyDB : 0.26 : OK Compress::Zlib : 1.34 : UPGRADE RECOMMENDED (minimum version ... Convert::TNEF : 0.17 : OK Convert::UUlib : 1.051 : UPGRADE RECOMMENDED (minimum version ... Crypt::Blowfish : 2.09 : OK Crypt::CBC : 2.12 : OK Crypt::OpenSSL::RSA : N/A : NOT INSTALLED (SpamAssassin's optional... Data::UUID : 0.11 : OK DB_File : 1.808 : OK DBD::mysql : 2.9006 : OK DBD::Pg : N/A : NOT INSTALLED (required if you use Postgre... DBI : 1.46 : OK Digest::MD5 : 2.33 : OK Digest::SHA1 : 2.10 : OK File::Spec : 0.87 : OK HTML::Parser : 3.45 : OK HTTP::Date : 1.46 : OK IO::Stringy : 2.110 : OK IO::Zlib : 1.04 : OK IP::Country : N/A : NOT INSTALLED (SpamAssassin's optional ... LWP::UserAgent : 2.033 : OK Mail::Address : 1.62 : OK Mail::DomainKeys : N/A : NOT INSTALLED (SpamAssassin's optional ... Mail::Internet : 1.62 : OK Mail::SpamAssassin : 3.0.3 : OK Mail::SPF::Query : N/A : NOT INSTALLED (SpamAssassin's optional SPF ... MIME::Base64 : 3.04 : OK MIME::Parser : 5.417 : UPGRADE RECOMMENDED (minimum version 5.420) MIME::QuotedPrint : 3.03 : OK Net::CIDR::Lite : N/A : NOT INSTALLED (SpamAssassin's optional SPF ... Net::DNS : 0.48 : OK Net::Server : 0.87 : UPGRADE RECOMMENDED (minimum version 0.93) Net::SMTP : 2.29 : OK Pod::Usage : 1.16 : OK Template : 2.14 : OK Time::HiRes : 1.59 : OK Unix::Syslog : 0.100 : OK URI : 1.35 : OK Database DSN test : PASSEDWe are using Debian stable which means some of our programs will be a little old, but most of these upgrade recommendations are based on security issues which have been patched in the Debian packages. Other modules are only recommendations. Hopefully you are familiar with the Debian naming convention of Perl packages. For example, Mail::SPF::Query would be libmail-spf-query-perl (which is probably a good one to have). Not all of the Perl modules are this easy to find however as many of them are included in packages that contain a number of modules. You can also upgrade to newer versions of some Perl modules using CPAN if desired, but if you do, the Debian package of the same program will be ignored from now on. If (and only if) DB_File is missing, you may have to install it from CPAN: perl -MCPAN -e shell install DB_File quit Now we copy SpamAssassin's rules to the MySQL database (make sure 'spamassassin --lint' does not return any errors; if it does, repair the errors before you continue): spamassassin --lint
You should have seen a bunch of rules get loaded; if not, then check that this script points to the correct directories (you edited it earlier). Now we will copy the web interface files to the web site. We also need to make 'themes' writable by the www-data user (and amavis): mkdir /var/www/mail
Enable mysql and gd graphics in php.ini:
vi /etc/php5/apache2/php.ini
and uncomment these two lines (remove the semicolons)
;extension=mysql.so
Save and exit the file, then stop and start Apache2:
/etc/init.d/apache2 stop
If you are running Postfix:
cp /etc/passwd /var/spool/postfix/etc/passwd
Now you browse to configtest.php to test the installation, for example:http://192.168.1.222/mail/admin/configtest.php (or) http://sfa.example.com/mail/admin/configtest.php The result should look something like this. Note: if you need the IMAP, LDAP or MCrypt libraries you are free to apt-get install php5-imap php5-ldap php5-mcrypt (but only as needed). Also note: we have already applied the patches to Image_Graph and Net_IMAP. Also, remember to stop and start apache2 if you make changes. We are going to copy (and rename) the maia version of amavisd-new: cp /usr/local/src/maia/1.0/amavisd-maia /usr/sbin/amavisd-new-maia
We will start off with a configuration file specific
to Maia. I have modified such a file for use with Debian:
cd /etc/amavis
We need to make a few changes to amavisd.conf-maia:
vi /etc/amavis/amavisd.conf-maia
I suggest you place the SVN release number of Maia in a comment in this file. If you have not configured this amavisd.conf in the past, at the very least you need to set $mydomain. Note that you may also wish to temporarily set $log_level to 5 for when we send a few test messages through, examining /var/log/mail.log for signs of trouble. Also, please read section "12. Configure amavisd-maia" of the Maia installation instructions for other suggested amavisd-maia settings. Save and exit the file, and then make a backup copy:
cp /etc/amavis/amavisd.conf-maia /etc/amavis/amavisd.conf-maia-backup
Now, when you want to try Maia as your program, you first stop amavisd-new: amavisd-new stop
Then you copy the Maia files on top of the amavisd-new files:
cp /usr/sbin/amavisd-new-maia /usr/sbin/amavisd-new
Then you start up amavisd-new (Maia) (actually, the first time you start it up it would be a good idea to do so with 'amavisd-new debug'):
amavisd-new start
You can keep an eye out for errors by using: tail -f /var/log/mail.logYou should watch the log for at least 10 messages, then use [Ctrl]+c to return to the shell prompt. If you had amavisd-new installed and need to revert to it, first you would stop amavisd-new (I mean Maia), copy the Debian files on top of the Maia files, and start up amavisd-new, like this: amavisd-new stop cp /usr/sbin/amavisd-new-debian /usr/sbin/amavisd-new cp /etc/amavis/amavisd.conf-debian /etc/amavis/amavisd.conf amavisd-new start If you have 20030616-p10 installed, you should prevent new versions of amavisd-new from installing during an 'apt-get upgrade': echo "amavisd-new hold" | dpkg --set-selections
If you should need to reverse this, you would replace "amavisd-new hold"
with "amavisd-new install".
To avoid losing configuration changes, you should always make configuration changes to amavisd.conf-debian or amavisd.conf-maia and then copy the one you are currently using to amavisd.conf. At this point, nothing is set up in Maia, so If I am correct, all mail will simply pass. I believe the default behavior is to bypass all checks for recipients not in the database so you will quickly want to add and configure your users and/or domains. Continue on by going to https://www.maiamailguard.com/maia/wiki/Install and start reading from "14. Login and become the super-administrator". Since you are starting out using the "Internal" authentication method, run the http://sfa.example.com/mail/internal-init.php script before running the http://sfa.example.com/mail/login.php?super=register script. My internal-init.php page looked similar to this example. If all goes well, you will get a "250 Ok" response on the screen and your password in a message in your inbox. Place your email address in the "E-mail address your login credentials should be mailed to" box. Run the super-register script shown above next. Don't forget you need to set up DNS (if you have not done so) so your users can use your server's FQDN to access Maia. |
bayes_store_module Mail::SpamAssassin::BayesStore::SQL bayes_sql_dsn DBI:mysql:maia:localhost bayes_sql_username amavis bayes_sql_password passwd # change ::SQL to ::MySQL if SpamAssassin >= 3.1.0 and MySQL >= 4.1 bayes_sql_override_username amavis auto_whitelist_factory Mail::SpamAssassin::SQLBasedAddrList user_awl_dsn DBI:mysql:maia:localhost user_awl_sql_username amavis user_awl_sql_password passwdIf you have not used SQL based Bayes before (you are currently using the default BDB based Bayes) and you need to migrate Bayes data or AWL data to SQL, see http://verchick.com/mecham/public_html/spam/debian-maia-spamassassin-sql.html
|
PS: Here is a hint if you would like to change the password used by amavis to access the MySQL database. The default MySQL password for the amavis user is 'passwd'. Stop Apache2: /etc/init.d/apache2 stopStop Maia (amavisd-new): /etc/init.d/amavis stopLocate and change the $maia_sql_dsn password in config.php: vi /var/www/mail/config.phpLocate and change the @lookup_sql_dsn password in amavisd.conf: vi /etc/amavis/amavisd.confLocate and change the @lookup_sql_dsn password in amavisd.conf-maia: vi /etc/amavis/amavisd.conf-maiaLocate and change the password in /etc/maia.conf: vi /etc/maia.confLocate and change the password in /etc/spamassassin/local.cf: vi /etc/spamassassin/local.cfLog in to mysql and change the password there, obviously, replace NEW-passwd with the new password: mysql -p
Run configtest.pl to make sure the "Database DSN test" passes:/var/lib/amavis/maia/scripts/configtest.plStart Maia (amavisd-new): /etc/init.d/amavis startStart Apache2: /etc/init.d/apache2 startIt would be a good idea to run configtest.php: http://sfa.example.com/mail/admin/configtest.php
I'm tired, that's all I have to give on this project, you are on your own now... good luck. |