Home

# Maia Mailguard 1.0.3 (svn 1581) installation on Fedota 17 - kind of a quick and dirty HOWTO
# Absolutely no warranty, use entirely at your own risk
# Absolutely no support - however - let me know if something is very wrong
# mr88talent at yahoo dot com
# 01 JUL 2012
# If this document has been forged the downloads could destroy the entire planet
# Experience with Linux and Postfix is assumed
#
# Document assumes you are using copy and paste, if not then on some lines
# with 'sed' commands it would probably be easier to simply edit the file.
#
# The base directory is /var/lib/maia so I don't have to edit a bunch of maia scripts.
# I do not install clamav/clamd from an rpm

# This document assumes a fresh Fedora 17 install to hard disk
# I download and burn the CD from http://fedoraproject.org/en/get-fedora-options
# Make sure when asked to add a user, select the checkbox to "Add to Administrators Group"
# Also choose the option to "Synchronize date and time over the network"
# Once logged in, you need to go into Applications, System Tools, System Settings, Network,
# and change the IPv4 settings from DHCP to manual IP address
# Use a static IPv4 address. I also use the address of a real DNS server - not my SOHO router's address for DNS.

# I use System Tools, Terminal to su to root, then uncomment 'PermitRootLogin yes' in /etc/ssh/sshd_config
# I also run: systemctl enable sshd.service in order to start the sshd service
# Then go into Applications, Other, Firewall and enable (at least) Mail, Secure WWW, SSH and WWW and then reboot.
# I then use the PuTTY ssh client to access the command line from a remote machine
# I use vi in this document. Use your favorite editor if you don't want to use vi
# A few commands in this document will wrap - be sure you place the entire command on one line

# This document does not cover disabling unnecessary daemons. # Its focus is getting you to the point where you can log on to Maia
# This document is not a tutorial for any of the programs listed here

# You can edit this document to customize it. The host name I use is 'ahost'
# The domain name I used is 'example.com' and the administrator's email name is 'adminguy'
# Root's MySQL password is 'roots_password'
# Maia's MySQL password is 'maia_password'
# Save this file, then using a plain text editor, do a search and replace on those five items.
# Only replace them once.

# Optional (this is not a Fedora tutorial - heck, I use Debian myself)
yum -y update

# If you currently have SELinux enforced, set it to permissive (or even disabled)
sed -i 's/SELINUX=enforcing/SELINUX=permissive/' /etc/selinux/config
cat /etc/selinux/config


# make sure SELINUX is not enforcing, then reboot:
reboot

# A mail server should keep accurate time.
# If you previously did not choose the option to "Synchronize date and time over the network", then install ntp:
yum -y install ntp
ntpdate clock.fmt.he.net
ntpdate ntp1.tummy.com
chkconfig --level 235 ntpd on
hwclock --systohc
service ntpd start

# add the maia user
adduser -r -d /var/lib/maia -c "maia user" -s /bin/sh maia

# add yourself (as the maia administrator) - unless this user is already added
adduser adminguy
passwd adminguy

vi /etc/hosts
# in the /etc/hosts file I hate the way Red Hat does it.
# I do it more like this, adding the actual IP and moving our host name there
# (this assumes you are using a static IP address):
127.0.0.1			localhost.localdomain localhost
192.168.1.222		ahost.example.com ahost
# In this test setup, I don't have DNS MX records set up but I want to be able to
# locally send test mail to adminguy@example.com, so I am going to temporarily add
# the domain to the interface:
127.0.0.1			localhost.localdomain localhost
192.168.1.222		ahost.example.com ahost example.com
# Install the junk we need
yum -y install mysql mysql-server perl-DBD-MySQL perl-DBI subversion patch db4 db4-devel db4-utils uuid-perl
yum -y install perl-HTML-Parser perl-Compress-Zlib php php-pear php-mysql perl-libwww-perl system-config-firewall-tui

yum -y install perl-Digest-HMAC perl-Digest-SHA1 perl-Net-DNS perl-Net-IP perl-URI mlocate file rsync curl
yum -y install perl-Archive-Zip perl-Archive-Tar perl-Digest-SHA1 perl-Digest-HMAC perl-Net-DNS perl-URI perl-Error

yum -y install php-gd pax cpio tmpwatch bzip2 php-xml php-imap php-ldap php-pgsql php-mbstring wget bind-utils
yum -y install binutils gzip spamassassin php-bcmath gcc make bison zlib zlib-devel gmp-devel perl-LDAP perl-Image-Info

yum -y install perl-Mail-DKIM perl-MailTools perl-MIME-tools perl-Template-Toolkit man lsof pyzor perl-Razor-Agent
yum -y install perl-BerkeleyDB perl-Convert-TNEF perl-Convert-UUlib perl-Net-Server perl-Unix-Syslog perl-Text-CSV

yum -y install nomarch cabextract re2c perl-Net-CIDR-Lite perl-forks perl-Sys-Hostname-Long perl-IO-stringy perl-Mail-SPF


# It wouldn't hurt to run those installs again to make sure we got them all.
# make the home directories for Maia
cd
mkdir /var/virusmails
chmod 0750 /var/virusmails
chown maia:maia /var/virusmails
mkdir /etc/maia
mkdir /var/run/maia
chown maia:root /var/run/maia
mkdir /var/lock/maia
chown maia:root /var/lock/maia
echo "d /var/run/maia 0755 maia root" > /etc/tmpfiles.d/maia.conf
echo "d /var/lock/maia 0755 maia root" >> /etc/tmpfiles.d/maia.conf

mkdir /var/lib/maia
mkdir /var/lib/maia/db
mkdir /var/lib/maia/tmp
mkdir /var/lib/maia/scripts
chown -R maia:maia /var/lib/maia
chmod -R 750 /var/lib/maia
mkdir /var/log/maia
touch /var/log/maia/process-quarantine.log
chown -R maia:maia /var/log/maia
wget http://verchick.com/mecham/public_html/spam/maia.txt
mv maia.txt /etc/logrotate.d/maia

# Download Maia svn version 1581
mkdir /usr/local/src/maia
cd /usr/local/src/maia
svn -r 1581 --non-interactive --trust-server-cert checkout https://www.maiamailguard.com/svn/branches/1.0

# please make a note of the SVN revision that you get
# if you need to download again, first move or remove /usr/local/src/maia then start over
# useful link: https://www.maiamailguard.com/maia/browser/branches/1.0
# useful link: https://www.maiamailguard.com/svn/branches/1.0
# I don't use sendmail, I am assuming you will use Postfix as I do
yum -y install postfix cyrus-sasl
rpm -e sendmail
alternatives --config mta
# then select /usr/sbin/sendmail.postfix if needed

# set up pyzor and razor
su maia -c 'pyzor discover'
su maia -c 'razor-admin -create'
su maia -c 'razor-admin -create'
su maia -c 'razor-admin -register'

# (may have to run that last one twice - if it gives an error the first time>
# test pyzor (a few times if needed)
su maia -c 'pyzor ping'

# disable razor logging (debuglevel = 0)
sed -i 's/= 3/= 0/' /var/lib/maia/.razor/razor-agent.conf
cat /var/lib/maia/.razor/razor-agent.conf

# create initial bayes database
su maia -c 'sa-learn --sync'
ls -l /var/lib/maia/.spamassassin/

######################
# install DCC
cd /usr/local/src
wget http://www.dcc-servers.net/dcc/source/old/dcc-1.3.142.tar.Z
tar xzf dcc-1.3.142.tar.Z

cd dcc-1.3.142
./configure --with-uid=maia && make && make install

chown -R maia:maia /var/dcc
ln -s /var/dcc/libexec/cron-dccd /usr/bin/cron-dccd

crontab -e
# and insert (at the top):
43 11 * * * /usr/bin/cron-dccd

######################

# enable DCC in v310.pre (if you abide by the license)
cp /etc/mail/spamassassin/v310.pre /etc/mail/spamassassin/v310.pre-mybackup
sed -i 's|#loadplugin Mail::SpamAssassin::Plugin::DCC|loadplugin Mail::SpamAssassin::Plugin::DCC|' /etc/mail/spamassassin/v310.pre
head -30 /etc/mail/spamassassin/v310.pre

# test - look for pyzor, dcc. razor may not trigger on this.
cd /var/lib/maia
wget http://verchick.com/mecham/public_html/spam/sample-spam.txt
su maia -c 'spamassassin -D <sample-spam.txt'

# Install needed pear modules
cd
pear channel-update pear.php.net

pear install Mail_Mime-1.8.5
pear install Mail_mimeDecode-1.5.5
pear install Log-1.12.7
pear install Pager-2.4.8

pear install Image_Color-1.0.4
pear install Image_Canvas-0.3.4
pear install Image_Graph-0.8.0
pear install Numbers_Roman-1.0.2
pear install Numbers_Words-0.16.4

pear install Auth_SASL-1.0.6
pear install Net_Socket-1.0.10
pear install Net_IMAP-1.1.0
pear install Net_POP3-1.3.8
pear install DB-1.7.14
pear install Net_SMTP-1.6.1

pear channel-discover htmlpurifier.org

pear install hp/HTMLPurifier


# May want to run those again to make sure you got them all
# Copy some Maia files to the home directory
cp /usr/local/src/maia/1.0/scripts/* /var/lib/maia/scripts
test -e /etc/maia/maia.conf && cp /etc/maia/maia.conf /etc/maia/maia.conf-backup
test -e /etc/maia/maiad.conf && cp /etc/maia/maiad.conf /etc/maia/maiad.conf-backup
cp /usr/local/src/maia/1.0/maia.conf.dist /etc/maia/maia.conf
sed -i "s|'password'|'maia_password'|" /etc/maia/maia.conf
chmod 0640 /etc/maia/maia.conf
chgrp maia /etc/maia/maia.conf

cp -r /usr/local/src/maia/1.0/templates /etc/maia
chmod 640 /etc/maia/templates/*.tpl
chown -R maia:maia /etc/maia/templates

# Copy some custom spamassassin rules
cp /usr/local/src/maia/1.0/*.cf /etc/mail/spamassassin

vi /etc/maia/maia.conf

# and edit the base_url - I use /mail - and this document assumes you will too
$base_url = 'http://ahost.example.com/mail';

# you will probably need to make an entry in the hosts file on any computer
# that you are going to use to browse the server unless a DNS record exists.

# See http://www.mysqlperformanceblog.com/2006/09/29/what-to-tune-in-mysql-server-after-installation/
# Out of the box, MySQL is poorly tuned for use with InnoDB. Assuming this is a
# fresh installation (with the default of innodb_fast_shutdown = 1), I am going to
# suggest some optimization. I set innodb_buffer_pool_size to 25% of physical RAM
# and innodb_log_file_size to 25% of innodb_buffer_pool_size. I set innodb_log_buffer_size
# to 8MB. Setting innodb_buffer_pool_size to at least 128M (assuming you have sufficient RAM)
# will greatly increase performance. When innodb_log_file_size is changed, the logs must be
# deleted and recreated. Make sure MySQL is not running when you do this.

service mysqld stop
vi /etc/my.cnf


# Under the [mysqld] section, add these entries:
innodb_buffer_pool_size = 128M
innodb_additional_mem_pool_size = 4M
innodb_log_file_size = 32M
innodb_log_buffer_size = 8M
max_allowed_packet = 20M


# Then rename the log files so they be recreated at a larger size.
# See http://dev.mysql.com/doc/refman/5.0/en/innodb-data-log-reconfiguration.html :
test -e /var/lib/mysql/ib_logfile0 && mv /var/lib/mysql/ib_logfile0 /var/lib/mysql/iblogfile0-old
test -e /var/lib/mysql/ib_logfile1 && mv /var/lib/mysql/ib_logfile1 /var/lib/mysql/iblogfile1-old

systemctl enable mysqld.service
service mysqld start

# If you have not yet added a password:
# (substitute a real password for roots_password and notice the host name)
mysql

SET PASSWORD FOR 'root'@'localhost' = PASSWORD('roots_password');
SET PASSWORD FOR 'root'@'ahost.example.com' = PASSWORD('roots_password');

CREATE DATABASE maia;
USE maia;
SOURCE /usr/local/src/maia/1.0/maia-mysql.sql;
GRANT CREATE, DROP, ALTER, SELECT, INSERT, UPDATE, DELETE ON maia.* TO maia@localhost IDENTIFIED BY 'maia_password';
FLUSH PRIVILEGES;
ALTER TABLE `bayes_seen` ADD `lastupdate` timestamp default CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP;

quit

# Now grab a script that runs weekly that does bayes_seen and awl cleaning
cd /etc
wget http://verchick.com/mecham/public_html/spam/trim.awl.sql
cd /etc/cron.weekly
wget http://verchick.com/mecham/public_html/maia/trim-sql-awl-weekly.txt
mv trim-sql-awl-weekly.txt trim-sql-awl-weekly
chmod +x trim-sql-awl-weekly
cd /usr/sbin
wget http://verchick.com/mecham/public_html/maia/trim-awl.txt
mv trim-awl.txt trim-awl
sed -i 's/passwd/maia_password/' trim-awl
chmod 0750 trim-awl

# Then run the script (no news is probably good news):
/etc/cron.weekly/trim-sql-awl-weekly

# You don't have to have every possible program (we do not need Crypt::Blowfish, Cyrpt::CBC and DBD:Pg),
# but make sure nothing is broken here:
cd /var/lib/maia/scripts/
./configtest.pl

# If you see "Patch 'MySQL Bug 46675' needs to be applied", install a patch:
cd /usr/share/perl5/vendor_perl/Mail/SpamAssassin/BayesStore
wget http://www.maiamailguard.com/maia/raw-attachment/ticket/565/mysql-bug-46675.patch
patch MySQL.pm < mysql-bug-46675.patch


# setup and run sa-update to get the latest spamassassin rules (make sure there are no error messages here)
# you should run sa-update on occasion (and then run a Maia 'load-sa-rules.pl' script to load them into Maia)
sa-update
sa-update


# Make sure we lint Ok
su maia -c 'spamassassin --lint'

# Load SpamAssassin rules into the Maia database:
cd /var/lib/maia/scripts
./load-sa-rules.pl

# Copy files to apache
mkdir /var/www/html/mail
cp -r /usr/local/src/maia/1.0/php/* /var/www/html/mail
cp /var/www/html/mail/config.php.dist /var/www/html/mail/config.php
chgrp maia /var/www/html/mail/themes/*/compiled
chmod 775 /var/www/html/mail/themes/*/compiled
sed -i 's/maia:passwd/maia:maia_password/' /var/www/html/mail/config.php

# Add apache to the maia group
gpasswd -a apache maia

# Install and configure Smarty;
cd /usr/local/src
wget http://verchick.com/mecham/public_html/spam/php-Smarty-2.6.26-3.fc17.noarch.rpm

rpm -ivh php-Smarty-2.6.26-3.fc17.noarch.rpm
ln -s /usr/share/php/Smarty /var/www/html/mail/libs/Smarty

# Create a cache directory for HTMLPurifier
mkdir -p /var/cache/HTMLPurifier
chown apache /var/cache/HTMLPurifier
chmod o-rwx /var/cache/HTMLPurifier

# Configure maia so it can find the HTMLPurifier cache
sed -i 's|$purifier_cache = null|$purifier_cache = "/var/cache/HTMLPurifier"|' /var/www/html/mail/config.php
grep purifier_cache /var/www/html/mail/config.php

# (start or restart)
systemctl enable httpd.service
service httpd start

# You may have to configure the firewall to allow at least WWW (HTTP) and Mail (SMTP) connections if you have not already done so:
system-config-firewall-tui

# Assuming you have an A record in DNS configured for the server's host name
# (or at least an entry in your hosts file) (from a client) test out the install:
http://ahost.example.com/mail/admin/configtest.php
# remember to restart httpd if you make changes - service httpd restart.
# don't worry about the MCrypt library Failure. It's a bad idea to encrypt quarantined messages.

# You should ensure the database schema is up to date:
http://ahost.example.com/mail/admin/upgrade.php

# grab an init script from me
cd /etc/init.d
wget http://verchick.com/mecham/public_html/redhat/maiad-init.sh
mv maiad-init.sh maia
chmod +x maia
chkconfig --add maia

# copy maiad into place, make backups of current ones if you have them
test -e /usr/local/sbin/maiad && cp /usr/local/sbin/maiad /usr/local/sbin/maiad-mybackup
test -e /usr/sbin/maiad && cp /usr/sbin/maiad /usr/sbin/maiad-mybackup
cp /usr/local/src/maia/1.0/maiad /usr/sbin/maiad
hash -r

# Customize maiad.conf - or at least use many of these settings in yours
cd /etc/maia
test -e maiad.conf && cp maiad.conf maiad.conf-myoriginal

cp /usr/local/src/maia/1.0/maiad.conf.dist /etc/maia/maiad.conf

sed -i 's/^\$lha/#$lha/' /etc/maia/maiad.conf
sed -i 's/yourdomain.tld/example.com/' /etc/maia/maiad.conf
sed -i 's/DO_SYSLOG = 0/DO_SYSLOG = 1/' /etc/maia/maiad.conf
sed -i 's/virusalert/postmaster/' /etc/maia/maiad.conf
sed -i 's/spam.police/postmaster/' /etc/maia/maiad.conf
sed -i 's/host.domain.tld/ahost.example.com/' /etc/maia/maiad.conf
sed -i "s/# qr'\^MAIL/ qr'\^MAIL/" /etc/maia/maiad.conf
sed -i "s/'password'/'maia_password'/" /etc/maia/maiad.conf

# edit maiad.conf and check the settings
# Make a comment noting your revision number, e.g.: # SVN revision 1581
# I change $DO_SYSLOG = 1; so maiad logs to /var/log/maillog
# insure:
# @lookup_sql_dsn = ( ['DBI:mysql:maia:localhost:3306', 'maia', 'maia_password'] );
vi /etc/maia/maiad.conf

######################
# clamd
adduser -r -d /var/lib/clamav -c "clamav user" -s /sbin/nologin clamav

gpasswd -a clamav maia

# install clamav from source
cd /usr/local/src

# Download location and version are examples only (but valid when I wrote this), always use latest version of ClamAV
# see http://sourceforge.net/project/showfiles.php?group_id=86638
wget http://surfnet.dl.sourceforge.net/project/clamav/clamav/0.97.5/clamav-0.97.5.tar.gz

tar xzf clamav-0.97.5.tar.gz
cd clamav-0.97.5
./configure && make && make install

# Grab an init script for clamd
cd /etc/init.d
wget http://verchick.com/mecham/public_html/clamav95/clamd.init.fc17.txt
mv clamd.init.fc17.txt clamd
chmod +x clamd
chkconfig --add clamd

# Make directories clamd will need
mkdir /var/log/clamav/
chown -R clamav:clamav /var/log/clamav/
mkdir /var/run/clamav
chown -R clamav:clamav /var/run/clamav/
echo "d /var/run/clamav 0755 clamav clamav" >> /etc/tmpfiles.d/clamd.conf

mkdir /var/lib/clamav/
chown -R clamav:clamav /var/lib/clamav/

# cheat and use my conf files for this particular setup (if you want this stuff to work):
cd /usr/local/etc/
mv clamd.conf clamd.conf.old
mv freshclam.conf freshclam.conf.old
wget http://verchick.com/mecham/public_html/clamav9/clamd.conf
sed -i 's/clamd.sock/clamd.ctl/' clamd.conf
wget http://verchick.com/mecham/public_html/clamav9/freshclam.conf

freshclam

# It's OK that you got "WARNING: Clamd was NOT notified:" because we have not started clamd.
# So, start clamd:
service clamd start

# check for errors:
cat /var/log/clamav/clamav.log

#########
# For freshclam updates you can either use this script:
cd /etc/init.d
wget http://verchick.com/mecham/public_html/redhat/freshclam
chmod +x freshclam
chkconfig --add freshclam
service freshclam start

# (or) make a crontab entry:
crontab -e

# and make the following entry.
# change NN here to a number between 1 and 59 (three minutes from now)
NN * * * * /usr/local/bin/freshclam --quiet

#########

# keep an eye on the freshclam.log to make sure updates are happening
# if there is no freshclam.log we are in trouble
cat /var/log/clamav/freshclam.log

######################

# We are going to use Bill Landry's script (version 3.7) that downloads clamav unofficial signatures (like sanesecurity)
# http://sourceforge.net/projects/unofficial-sigs/"
cd /usr/local/src
wget http://verchick.com/mecham/public_html/spam/clamav-unofficial-sigs-3.7.tar.gz
tar xzf clamav-unofficial-sigs-3.7.tar.gz
cd clamav-unofficial-sigs-3.7
cp -u clamav-unofficial-sigs-logrotate /etc/logrotate.d/
cp -u clamav-unofficial-sigs.sh /usr/sbin
cp -u clamd-status.sh /usr/sbin
cp -u clamav-unofficial-sigs.conf /etc
gzip clamav-unofficial-sigs.8
cp -u clamav-unofficial-sigs.8.gz /usr/share/man/man8

sed -i 's|clamd\.sock|clamd.ctl|' /usr/sbin/clamd-status.sh
sed -i 's|user_configuration_complete="no"|user_configuration_complete="yes"|' /usr/sbin/clamd-status.sh
sed -i 's|clamd_pid="/var/run/clamd.pid"|clamd_pid="/var/run/clamav/clamd.pid"|' /etc/clamav-unofficial-sigs.conf
sed -i 's|reload_dbs="no"|reload_dbs="yes"|' /etc/clamav-unofficial-sigs.conf
sed -i 's|#clamd_socket="/var/run/clamd.socket"|clamd_socket="/var/run/clamav/clamd.ctl"|' /etc/clamav-unofficial-sigs.conf
sed -i 's|#clamd_lock="/var/lock/subsys/clamd"|clamd_lock="/var/lock/subsys/clamd"|' /etc/clamav-unofficial-sigs.conf
sed -i 's|#start_clamd="service clamd start"|start_clamd="service clamd start"|' /etc/clamav-unofficial-sigs.conf
sed -i 's|min_sleep_time="60"|min_sleep_time="3"|' /etc/clamav-unofficial-sigs.conf
sed -i 's|max_sleep_time="600"|max_sleep_time="30"|' /etc/clamav-unofficial-sigs.conf
sed -i 's|work_dir="/usr/unofficial-dbs"|work_dir="/var/lib/clamav-unofficial-sigs"|' /etc/clamav-unofficial-sigs.conf
sed -i 's|curl_silence="no"|curl_silence="yes"|' /etc/clamav-unofficial-sigs.conf
sed -i 's|rsync_silence="no"|rsync_silence="yes"|' /etc/clamav-unofficial-sigs.conf
sed -i 's|gpg_silence="no"|gpg_silence="yes"|' /etc/clamav-unofficial-sigs.conf
sed -i 's|comment_silence="no"|comment_silence="yes"|' /etc/clamav-unofficial-sigs.conf
sed -i 's|enable_logging="no"|enable_logging="yes"|' /etc/clamav-unofficial-sigs.conf
sed -i 's|user_configuration_complete="no"|user_configuration_complete="yes"|' /etc/clamav-unofficial-sigs.conf

Comment out MalwarePatrol Database:
sed -i "185s/^/#/" /etc/clamav-unofficial-sigs.conf
sed -i "186s/^/#/" /etc/clamav-unofficial-sigs.conf
sed -i "187s/^/#/" /etc/clamav-unofficial-sigs.conf
sed -i "188s/^/#/" /etc/clamav-unofficial-sigs.conf

# Now run the scripts and check for errors:
clamd-status.sh

clamav-unofficial-sigs.sh

service clamd restart


ls -l /var/lib/clamav should look similar to this:
-rw-r--r-- 1 clamav clamav   104690 Feb 27 04:37 bytecode.cvd
-rw-r--r-- 1 clamav clamav  1438230 Feb 27 04:37 daily.cvd
-rw-r--r-- 1 clamav clamav    52824 Feb 27 04:40 honeynet.hdb
-rw-r--r-- 1 clamav clamav  5041859 Feb 25 04:51 junk.ndb
-rw-r--r-- 1 clamav clamav   501212 Feb 27 03:50 jurlbl.ndb
-rw-r--r-- 1 clamav clamav 26224310 Feb 27 04:37 main.cvd
-rw-r--r-- 1 clamav clamav   213539 Feb 27 04:40 mbl.ndb
-rw-r--r-- 1 clamav clamav       52 Feb 27 04:38 mirrors.dat
-rw-r--r-- 1 clamav clamav  2557590 Feb 25 04:51 phish.ndb
-rw-r--r-- 1 clamav clamav   117050 Feb 24 11:50 rogue.hdb
-rw-r--r-- 1 clamav clamav     8502 Jan 21 01:50 sanesecurity.ftm
-rw-r--r-- 1 clamav clamav  1753797 Feb 25 03:49 scam.ndb
-rw-r--r-- 1 clamav clamav  9669520 Feb 27 04:40 securiteinfo.hdb
-rw-r--r-- 1 clamav clamav    56529 Feb 24 03:51 spamimg.hdb
-rw-r--r-- 1 clamav clamav   724108 Feb 27 04:40 vx.hdb
-rw-r--r-- 1 clamav clamav  1144084 Feb 27 03:45 winnow_malware.hdb
-rw-r--r-- 1 clamav clamav   707283 Feb 27 03:45 winnow_malware_links.ndb
# You should stop clamd, and then run the clamd-status.sh script to see if it works.
# Now we add a crontab entry with download attempts performed every 6th hour:
crontab -e

# Insert these two entries. Replace MM (minutes) below with a number between 1 and 59:
MM */6 * * * /usr/sbin/clamav-unofficial-sigs.sh
*/6 * * * * /usr/sbin/clamd-status.sh


# Save and exit the file. The first cron job should run every 6 hours, and the second, every 6 minutes.
# The clamav-status.sh script will restart clamd after a crash.
# There is a log file at /var/log/clamav-unofficial-sigs.log and you can read the man page at 'man clamav-unofficial-sigs'.

# Start maiad in debug mode and check for severe errors. "INFO: no optional modules:" is not a problem, Use [Ctrl]+c to cancel:
# Note that there will be modules we are not using. This is not a problem either. Hopefully you get: "Net::Server: Parent ready for children."
service maia stop
maiad debug

# If everything looks Ok, cancel debug mode (Ctrl+C) and start maiad
service maia start

######################
# Minimal Postfix configuration:- you are on your own here, this is not a Postfix HOWTO
# this delivers locally to one domain (using mbox format)
# If you already have a working Postfix, keep your eyes open here
# If you are relaying mail instead of storing it locally, you may wish to read my Debian document
# http://verchick.com/mecham/public_html/spam/spamfilter20110303.html#maincf
# Also, you would not want to have the bare domain in the hosts file, which I placed there for this test.
# This first part enables the content_filter and adds the smtp-maia transport to master.cf:
cd /etc/postfix
cp main.cf main.cf-myoriginal

postconf -e "content_filter = smtp-maia:[127.0.0.1]:10024"
wget http://verchick.com/mecham/public_html/spam/maiad-master.txt

cp master.cf master.cf-backup

cp master.cf master.cf-myoriginal

grep 'smtp-maia' master.cf || cat master.cf-myoriginal maiad-master.txt > master.cf
cat master.cf

# If you already have a working Postfix, you will not want to run these
postconf -e "alias_maps = hash:/etc/aliases"
newaliases
postconf -e "myorigin = example.com"
postconf -e "mydomain = example.com"
postconf -e "myhostname = ahost.example.com"
postconf -e "inet_interfaces = all"
postconf -e "mynetworks = 127.0.0.0/8, 192.168.0.0/16, 10.0.0.0/8, 172.16.0.0/12"
chkconfig postfix on

# system dependent, default is $myhostname, localhost.$mydomain, localhost
# this is for local mail delivery
# If you already have a working Postfix, you will not want to run this
postconf -e "mydestination = \$myhostname, localhost.\$mydomain, localhost, \$mydomain"

# note that we escaped the $ sign when using postconf - the backslash does not actually go in main.cf
service postfix stop
service postfix start
postfix flush

# did Postfix die? Is so, why?:
tail -30 /var/log/maillog | grep postfix

######################
reboot

# When the system comes back up, make sure clamd and maia (and freshclam?) are running (may take a minute)
ps aux | egrep '(clam|maia)' | grep -v grep

# send a simple test message
echo "test" | sendmail adminguy@example.com

# after about 30 seconds the result should be in:
tail -30 /var/spool/mail/adminguy

# I got (notice the processing by maiad):
######################
From root@example.com  Fri Jun 22 21:46:19 2012
Return-Path: <root@example.com>
X-Original-To: adminguy@example.com
Delivered-To: adminguy@example.com
Received: from localhost (localhost [127.0.0.1])
        by ahost.example.com (Postfix) with ESMTP id 3250E1405F2
        for <adminguy@example.com>; Fri, 22 Jun 2012 21:46:19 -0600 (MDT)
Received: from ahost.example.com ([127.0.0.1])
 by localhost (ahost.example.com [127.0.0.1]) (maiad, port 10024) with ESMTP
 id 01319-01 for <adminguy@example.com>; Fri, 22 Jun 2012 21:46:18 -0600 (MDT)
Received: by ahost.example.com (Postfix, from userid 0)
        id 900421405E2; Fri, 22 Jun 2012 21:46:18 -0600 (MDT)
Message-Id: <20120623034618.900421405E2@ahost.example.com>
Date: Fri, 22 Jun 2012 21:46:18 -0600 (MDT)
From: root@example.com (root)
To: undisclosed-recipients:;

test
# If you look in  /var/log/httpd/error_log  you may or may not see a number of errors like this:
[Sat Feb 20 16:56:44 2010] [error] [client 192.168.1.41] PHP Warning:
strftime(): It is not safe to rely on the system's timezone settings.
You are *required* to use the date.timezone setting or the
date_default_timezone_set() function. In case you used any of those
methods and you are still getting this warning, you most likely
misspelled the timezone identifier. We selected 'America/Denver' for
'MST/-7.0/no DST' instead in
/usr/share/php/Smarty/plugins/modifier.date_format.php on line 53,
referer: http://ahost.example.com/mail/settings.php?


# So, you want to vi /etc/php.ini and uncomment and configure the date.timezone setting.
# Here is page to refer to as to the wording of the time zones: http://us.php.net/manual/en/timezones.php

# You may also get errors such as: PHP Deprecated: Function set_magic_quotes_runtime() is deprecated in /usr/share/pear/PEAR/Registry.php on line 1144
# then I suggest changing error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT to error_reporting = E_ALL & ~E_NOTICE & ~E_STRICT & ~E_DEPRECATED in /etc/php.ini
# It appears that in this version of PHP (5.4.3) my suggestion is the default setting, so I was able to simply comment out the error_reporting line
# Then restart apache2:
vi /etc/php.ini

service httpd restart


You can run http://ahost.example.com/mail/admin/configtest.php
as a quick test - to see if errors continue in /var/log/httpd/error_log

######################

# Note that the administrator you create here (by running internal-init.php and login.php?super=register) must be your real
# address because you will get an email at that address with your password. I hope the mail system is functioning enough
# to actually deliver mail to that user.
# I am going to use internal authentication, so first:
# here is a sample of what we are after next:
http://verchick.com/mecham/public_html/spam/authentication5.htm

http://ahost.example.com/mail/internal-init.php

# If all goes well, you will get a "250 Ok" response on the screen when you submit this page
# and your password in a message in your inbox:
tail -30 /var/spool/mail/adminguy

# Then log in with your email address and password
# The first person to log in (hopefully you) to this script will be the super user.
http://ahost.example.com/mail/login.php?super=register

# You will want to change your password.
# Send eicar.com.txt virus as an attachment in order to test clamd once
# you have enabled virus scanning in Maia.
# tail -f /var/log/maillog
#
# The SQL based Bayes and AWL tables have been created for you.
# You can enable them by placing this in /etc/mail/spamassassin/local.cf:
vi /etc/mail/spamassassin/local.cf

bayes_store_module              Mail::SpamAssassin::BayesStore::MySQL
bayes_sql_dsn                   DBI:mysql:maia:localhost
bayes_sql_username              maia
bayes_sql_password              maia_password

bayes_sql_override_username         maia

# auto_whitelist_factory          Mail::SpamAssassin::SQLBasedAddrList
# user_awl_dsn                    DBI:mysql:maia:localhost
# user_awl_sql_username           maia
# user_awl_sql_password           maia_password
# You will need to restart maiad after making that change - service maia restart - We also need to initialize
# the Bayes Database (and we always want to lint SA after making changes):
cd
service maia restart
su maia -c 'spamassassin --lint'

wget http://spamassassin.apache.org/gtube/gtube.txt
sa-learn --spam gtube.txt
sa-learn --dump magic

http://ahost.example.com/mail

# This is just the beginning.
# Please read the Maia documentation to continue. Make sure you set up
# maintenance scripts and move the admin directory out of http
# http://www.maiamailguard.com/maia/wiki/MaintenanceScripts
# Note: in System Configuration, please provide the full pathname to "E-mail reminder template file:"
# /etc/maia/templates/reminder.tpl

######################
# I would test again with 'maiad debug'. Now, read the documentation:
http://www.maiamailguard.com/docs.php

Here is a sample of what root's crontab may look like for the Maia scripts:
# Minute   Hour   Day of Month       Month          Day of Week        Command    
# (0-59)  (0-23)     (1-31)    (1-12 or Jan-Dec)  (0-6 or Sun-Sat)
30 * * * * /bin/su maia -c '/var/lib/maia/scripts/process-quarantine.pl --learn --report'
10 1 * * * /bin/su maia -c '/var/lib/maia/scripts/expire-quarantine-cache.pl --quiet'
10 2 * * 3 /bin/su maia -c '/var/lib/maia/scripts/send-quarantine-reminders.pl'
*/5 * * * * /bin/su maia -c '/var/lib/maia/scripts/send-quarantine-digests.pl'
0 * * * * /bin/su maia -c '/var/lib/maia/scripts/stats-snapshot.pl' >/null
# If you are using SVN 1581 - As of PHP 5.4, the session_is_registered() function has been removed
# There are a few Maia php files that will need to be patched. My patch has not been tested - but appears to work
cd /var/www/html/mail/
cp logout.php logout.php.original
cp confirm.php confirm.php.original
cp rescue.php rescue.php.original
cp viewer.php viewer.php.original
wget http://verchick.com/mecham/public_html/spam/session_is_registered.patch.txt
patch -p0 < session_is_registered.patch.txt