Set Up Virus and Spam Scanning on Ubuntu 8.10
Install of Amavisd-New on Ubuntu 8.10
One of the most frustrating problems with setting up any mail server is the configuration required for anti-virus protection and Spam checking. Amavisd-new provides an excellent tool to help in setting that up. This is a step-by-step process in providing your mail server, the example is Ubuntu 8.10, with the ability to scan all incoming mail for viruses and Spam.
apt-get install amavisd-new
Starting Amavisd-New
In order to get amavisd-new running, execute the command below to view content in debug mode so you can see what it is doing. One thing you will notice is that by default there is no virus program attached nor any scanning for Spam as it is disabled by default. The point to note here is the modules that it is using, the ports, and the general look and fell of the program.
/etc/init.d/amavis debug
Trying to run amavisd-new in debug mode…
Jan 9 12:46:47.927 nag.example.com /usr/sbin/amavisd-new[4384]: starting. /usr/sbin/amavisd-new at nag.example.com amavisd-new-2.6.1 (20080629), Unicode aware, LANG=”en_US.UTF-8″
Jan 9 12:46:47.928 nag.example.com /usr/sbin/amavisd-new[4384]: user=, EUID: 112 (112); group=, EGID: 123 123 (123 123)
Jan 9 12:46:47.928 nag.example.com /usr/sbin/amavisd-new[4384]: Perl version 5.010000
Jan 9 12:46:47.980 nag.example.com /usr/sbin/amavisd-new[4384]: INFO: no optional modules: IO::Socket::INET6
Jan 9 12:46:47.982 nag.example.com /usr/sbin/amavisd-new[4384]: Net::Server: 2009/01/09-12:46:47 Amavis (type Net::Server::PreForkSimple) starting! pid(4384)
Jan 9 12:46:47.987 nag.example.com /usr/sbin/amavisd-new[4384]: Net::Server: Binding to UNIX socket file /var/lib/amavis/amavisd.sock using SOCK_STREAM
Jan 9 12:46:47.988 nag.example.com /usr/sbin/amavisd-new[4384]: Net::Server: Binding to TCP port 10024 on host 127.0.0.1
Jan 9 12:46:47.989 nag.example.com /usr/sbin/amavisd-new[4384]: Net::Server: Group Not Defined. Defaulting to EGID ‘123 123′
Jan 9 12:46:47.989 nag.example.com /usr/sbin/amavisd-new[4384]: Net::Server: User Not Defined. Defaulting to EUID ‘112′
Jan 9 12:46:47.989 nag.example.com /usr/sbin/amavisd-new[4384]: Net::Server: Setting up serialization via flock
Jan 9 12:46:47.990 nag.example.com /usr/sbin/amavisd-new[4384]: after_chroot_init: EUID: 112 (112); EGID: 123 123 (123 123)
Jan 9 12:46:47.990 nag.example.com /usr/sbin/amavisd-new[4384]: config files read: /usr/share/amavis/conf.d/10-debian_scripts, /usr/share/amavis/conf.d/20-package, /etc/amavis/conf.d/01-debian, /etc/amavis/conf.d/05-domain_id, for .tar tried: pax
Jan 9 12:46:48.037 nag.example.com /usr/sbin/amavisd-new[4384]: Found decoder for .tar at /bin/cpio
Jan 9 12:46:48.038 nag.example.com /usr/sbin/amavisd-new[4384]: Found decoder for .deb at /usr/bin/ar
—cut—
Enable Virus Checks and Spam Checks
Verify that clamav is running .
sudo /etc/init.d/clamav-daemon start
Modify this line in /etc/default/spamassassin
ENABLED=1
It is 0 by default so you must enable Spamassassin to be able to run, now start it.
sudo /etc/init.d/spamassassin start
To enable amavisd-new to work with Spamassassin and clamav you need to modify the /etc/amavis/conf.d/15-content_filter_mode. Uncomment the lines as the root user so they now look like the example and restart amavisd-new in debug mode to view the activity. Now you will see that clamav and Spamassassin are now working with amavisd-new.
15-content_filter_mode
@bypass_virus_checks_maps = (
\%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re);
@bypass_spam_checks_maps = (
\%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re);
Jan 9 12:54:47.978 nag.example.com /usr/sbin/amavisd-new[4563]: Found secondary av scanner ClamAV-clamscan at /usr/bin/clamscan
Jan 9 12:54:47.979 nag.example.com /usr/sbin/amavisd-new[4563]: No secondary av scanner: FRISK F-Prot Antivirus
Jan 9 12:54:47.979 nag.example.com /usr/sbin/amavisd-new[4563]: No secondary av scanner: Trend Micro FileScanner
Jan 9 12:54:47.979 nag.example.com /usr/sbin/amavisd-new[4563]: No secondary av scanner: drweb - DrWeb Antivirus
Jan 9 12:54:47.980 nag.example.com /usr/sbin/amavisd-new[4563]: No secondary av scanner: KasperskyLab kavscanner
Jan 9 12:54:48.003 nag.example.com /usr/sbin/amavisd-new[4563]: SpamControl: initializing Mail::SpamAssassin
Jan 9 12:54:48.004 nag.example.com /usr/sbin/amavisd-new[4563]: SpamAssassin debug facilities: info
Jan 9 12:54:49.559 nag.example.com /usr/sbin/amavisd-new[4563]: SpamControl: init_pre_fork on SpamAssassin done
Jan 9 12:54:49.576 nag.example.com /usr/sbin/amavisd-new[4573]: SpamControl: init_child on SpamAssassin done
Finish the Amavisd-New Configuration
Create Necessary users and folders as root.
# useradd vscan
# mkdir /var/vscan
# mkdir /var/vscan/tmp
# mkdir /var/vscan/var
# mkdir /var/vscan/db
# mkdir /var/vscan/home
# chown -R vscan:vscan /var/vscan
# chmod -R 750 /var/vscan
Creating a Reinjection Port
The process that you see below shows how mail arrives at the server and is then sent to a content_filter on port 10024, on to the qmgr and then to amavisd-new which then executes the scanning with both Spamassassin and clamav. When the scanning is complete you do not want to send the scanned mail back to port 10024 because you will create a loop. So you need to create a reinjection port so that the mail that has been scanned will be recognized as complete. The reinjection port that is used is port 10025. This section will now show you how to set up those two ports and activate Spamassassin and clamav.
Edit main.cf and Add Content Filter
#Amavisd SetUp
content_filter=amavisd-new:[127.0.0.1]:10024
Edit master.cf and Add Reinjection
amavisd-new unix - - n - 2 smtp
-o smtp_data_done_timeout=1200s
-o disable_dns_lookups=yes
127.0.0.1:10025 inet n - n - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
Add clamav to the group amavis
amavis:x:123:clamav
Send an email and watch the system as it runs in debug mode.
sendmail -f mike@example.com tom@example.com
Review File Contents for Amavisd-New
cd /etc/amavis/conf.d
Once you have install amavisd-new you will find a number of files that make up the configuration for amaavisd-new and how it interacts with Spamassassin and clamav. These files, at least the important parts, are listed here with a brief description.
01-debian
These are the various ways of compressing files. Do not modify.
# SETTINGS RARELY MODIFIED BY THE LOCAL ADMIN
$ENV{PATH} = $path = ‘/usr/local/sbin:/usr/local/bin:/usr/sbin:/sbin:/usr/bin:/bin’;
$file = ‘file’;
$gzip = ‘gzip’;
$bzip2 = ‘bzip2′;
$lzop = ‘lzop’;
$rpm2cpio = ['rpm2cpio.pl','rpm2cpio'];
$cabextract = ‘cabextract’;
$uncompress = ['uncompress', 'gzip -d', 'zcat'];
#$unfreeze = ['unfreeze', 'freeze -d', 'melt', 'fcat']; #disabled (non-free, no security support)
$unfreeze = undef;
$arc = ['nomarch', 'arc'];
$unarj = ['arj', 'unarj'];
#$unrar = ['rar', 'unrar']; #disabled (non-free, no security support)
$unrar = ['unrar-free'];
$zoo = ‘zoo’;
#$lha = ‘lha’; #disabled (non-free, no security support)
$lha = undef;
$pax = ‘pax’;
$cpio = ‘cpio’;
$ar = ‘ar’;
$ripole = ‘ripole’;
$dspam = ‘dspam’;
1; # ensure a defined return
05-domain_id
# amavisd-new needs to know which email domains are to be considered local
# to the administrative domain. Only emails to “local” domains are subject
# to certain functionality, such as the addition of spam tags.
#
# Default local domains to $mydomain and all subdomains. Remember to
# override or redefine this if $mydomain is changed later in the config
# sequence.
@local_domains_acl = ( “.$mydomain” );
1; # ensure a defined return
05-node_id
If you have problems with your FQDN you can alter that manually here.
# $myhostname is used by amavisd-new for node identification, and it is
# important to get it right (e.g. for ESMTP EHLO, loop detection, and so on).
chomp($myhostname = `hostname –fqdn`);
15-av_scanners
This file holds the information required for amavisd to locate the virus scanners you may have installed on your box.
15-content_filter_mode
This file turns off by default the ability of amavisd-new to scan for virus activity or check for spam.
use strict;
# You can modify this file to re-enable SPAM checking through spamassassin
# and to re-enable antivirus checking.
#
# Default antivirus checking mode
# Uncomment the two lines below to enable it back
#
#@bypass_virus_checks_maps = (
# \%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re);
#
# Default SPAM checking mode
# Uncomment the two lines below to enable it back
#
#@bypass_spam_checks_maps = (
# \%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re);
1; # ensure a defined return
21-ubuntu_defaults
There are settings here that you can modify to determine the action your machine should take when it discovers either a virus email or spam.
use strict;
#
# These are Ubuntu specific defaults for amavisd-new configuration
#
# DOMAIN KEYS IDENTIFIED MAIL (DKIM)
$enable_dkim_verification = 1;
# Don’t be verbose about sending mail:
@whitelist_sender_acl = qw( .$mydomain );
$final_virus_destiny = D_DISCARD; # (defaults to D_BOUNCE)
$final_banned_destiny = D_BOUNCE; # (defaults to D_BOUNCE)
$final_spam_destiny = D_DISCARD; # (defaults to D_REJECT)
$final_bad_header_destiny = D_PASS; # (defaults to D_PASS), D_BOUNCE suggested
$warnbannedsender = 1;
$warnbadhsender = 1;
$virus_admin = undef;
$spam_admin = undef;
25-amavis_helpers
Functionality required for amavis helpers like amavis-release.
30-template_localization
read_l10n_templates(’en_US’, ‘/etc/amavis’);
40-policy_banks
# DKIM signing domain whitelist. The domain to use is the domain after
# d= in the DKIM header.
@author_to_policy_bank_maps = ( {
# ‘friends.example.net’ => ‘WHITELIST,NOBANNEDCHECK’,
# ‘user1@cust.example.net’ => ‘WHITELIST,NOBANNEDCHECK’,
‘.ebay.com’ => ‘WHITELIST’,
‘.ebay.co.uk’ => ‘WHITELIST’,
‘ebay.at’ => ‘WHITELIST’,
‘ebay.ca’ => ‘WHITELIST’,
‘ebay.de’ => ‘WHITELIST’,
‘ebay.fr’ => ‘WHITELIST’,
‘.paypal.co.uk’ => ‘WHITELIST’,
‘.paypal.com’ => ‘WHITELIST’, # author signatures
‘./@paypal.com’ => ‘WHITELIST’, # 3rd-party sign. by paypal.com
‘alert.bankofamerica.com’ => ‘WHITELIST’,
‘amazon.com’ => ‘WHITELIST’,
‘cisco.com’ => ‘WHITELIST’,
‘.cnn.com’ => ‘WHITELIST’,
’skype.net’ => ‘WHITELIST’,
‘welcome.skype.com’ => ‘WHITELIST’,
‘cc.yahoo-inc.com’ => ‘WHITELIST’,
‘cc.yahoo-inc.com/@yahoo-inc.com’ => ‘WHITELIST’,
# ‘google.com’ => ‘MILD_WHITELIST’,
# ‘googlemail.com’ => ‘MILD_WHITELIST’,
# ‘./@googlegroups.com’ => ‘MILD_WHITELIST’,
# ‘./@yahoogroups.com’ => ‘MILD_WHITELIST’,
# ‘./@yahoogroups.co.uk’ => ‘MILD_WHITELIST’,
# ‘./@yahoogroupes.fr’ => ‘MILD_WHITELIST’,
# ‘yousendit.com’ => ‘MILD_WHITELIST’,
# ‘meetup.com’ => ‘MILD_WHITELIST’,
# ‘dailyhoroscope@astrology.com’ => ‘MILD_WHITELIST’,
} );
50-user
# Place your configuration directives here. They will override those in
# earlier files.
#
# See /usr/share/doc/amavisd-new/ for documentation and examples of
# the directives you can use in this file
#
No comments:
Post a Comment