Sunday, March 22, 2015

How to set up MailScanner, Clam Antivirus and SpamAssassin in CentOS mail server

I had originally written this tutorial for
In the world of mail servers, MailScanner is one of the best open source software for virus scanning and spam detection. MailScanner relies on pre-installed anti-virus and anti-spam software to check incoming and outgoing emails for malicious content or patterns of spamming. This makes sure that the mail server does not participate in the distribution of malware and unsolicited spam emails. It also helps preventing the mail server IP from becoming blacklisted, keeping the mail server records clean.
This tutorial will focus on setting up MailScanner along with Clam Antivirus and SpamAssassin in a CentOS system. The procedure should work on RHEL as well. If you are interested in setting up this system on Ubuntu, refer to this tutorial instead.
Installing MailScanner is a lengthy process, but going forward step by step should make the deployment process easy.

Preparing the System

Before we start doing anything, it should be mentioned that SELinux is disabled on CentOS. Configuring SELinux for MailScanner is beyond the scope of this tutorial. It is also necessary to add Repoforge repository on CentOS.

Installing Dependencies

yum is used to install packages that are required for MailScanner. The list is long, but fortunately yum can resolve all the dependencies.
# yum install gcc cpp perl bzip2 zip unrar make patch automake rpm-build perl-DBI perl-MIME-tools perl-DBD-SQLite binutils glibc-devel perl-Filesys-Df zlib zlib-devel

Installing ClamAV and SpamAssassin

yum can be used to install ClamAV and SpamAssassin as well. The following few steps cover how to install and prepare them.
# yum install clamav spamassassin
Update ClamAV.
# freshclam -v
Update and start SpamAssassin.
# sa-update
# service spamassassin start
# chkconfig spamassassin on
Fix a path to MailScanner by creating a symbolic link.
# ln -s /usr/bin/freshclam /usr/local/bin/freshclam

Configuring Postfix

Postfix is stopped and disabled on start-up. Postfix should not auto-start because the MailScanner service will be responsible for invoking Postfix whenever necessary.
# service postfix stop
# chkconfig postfix off
Postfix header_checks is used to hold any incoming email that Postfix receives. MailScanner performs checks on the emails held in a queue.
# vim /etc/postfix/
## This line is added ##
header_checks = regexp:/etc/postfix/header_checks
# vim /etc/postfix/header_checks
## This line is added ##
/^Received:/ HOLD

Preparing MailScanner

MailScanner is not yet available in CentOS or Repoforge repositories. We will download packages from the official MailScanner site and install it.
# wget
Now we will extract and install the packages. The installation will take some time, so you can take a break if you want.
# tar zxvf MailScanner-4.84.6-1.rpm.tar.gz
# cd MailScanner-4.84.6-1
# ./install
After installation, the directories necessary for SpamAssassin are created and permissions are modified.
# mkdir /var/spool/MailScanner/spamassassin
# chown postfix /var/spool/MailScanner/spamassassin
# chown postfix /var/spool/MailScanner/incoming/*
Next, the configuration file for MailScanner is backed up and then modified.
# vim /etc/MailScanner/MailScanner.conf
%org-name% = test CentOS Mail Server
%org-long-name% = ORGFULLNAME
%web-site% = ORG WEBSITE

Run As User = postfix
Run As Group = postfix
MTA = postfix

Incoming Queue Dir = /var/spool/postfix/hold
Outgoing Queue Dir = /var/spool/postfix/incoming

Virus Scanners = clamav

## please check /etc/MailScanner/spam.lists.conf for more details ##
Spam List = SBL+XBL

## the directory created earlier ##
SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin
At this point, MailScanner is ready. We can initialize the service.
Debug MailScanner stats before firing up.
# MailScanner -lint
# service MailScanner start
# chkconfig MailScanner on

Verifying MailScanner Operation

After MailScanner has been deployed, the events that take place behind the scenes can be viewed in /var/log/maillog. The following log snippet shows the sample activities while a mail is processed by Postfix.
# tailf /var/log/maillog
Mar  8 03:12:15 centos postfix/pickup[15865]: 79F6D1391: uid=0 from=
Mar  8 03:12:15 centos postfix/cleanup[15871]: 79F6D1391: hold: header Received: by mail.example.tst (Postfix, from userid 0)??id 79F6D1391; Sat,  8 Mar 2014 03:12:15 +0600 (BDT) from local; from= to=
Mar  8 03:12:15 centos postfix/cleanup[15871]: 79F6D1391: message-id=<20140307211215.79F6D1391@mail.example.tst>
Mar  8 03:12:16 centos MailScanner[15832]: New Batch: Scanning 1 messages, 668 bytes
Mar  8 03:12:16 centos MailScanner[15832]: Virus and Content Scanning: Starting
Mar  8 03:12:22 centos MailScanner[15832]: Requeue: 79F6D1391.AA526 to 0FA2E139C
Mar  8 03:12:22 centos MailScanner[15832]: Uninfected: Delivered 1 messages
Mar  8 03:12:22 centos postfix/qmgr[15866]: 0FA2E139C: from=, size=442, nrcpt=1 (queue active)
Mar  8 03:12:22 centos MailScanner[15832]: Deleted 1 messages from processing-database
Mar  8 03:12:22 centos postfix/local[15897]: 0FA2E139C: to=, relay=local, delay=6.8, delays=6.7/0.01/0/0.07, dsn=2.0.0, status=sent (delivered to mailbox)
Mar  8 03:12:22 centos postfix/qmgr[15866]: 0FA2E139C: removed
The above process can be summarized as:
  1. As instructed, Postfix holds the mail upon receipt.
  2. MailScanner swoops in and scans the email in queue.
  3. MailScanner re queues the email and hands it over back to Postfix.
  4. Postfix processes the email as necessary and delivers the mail to recipient.
On a finishing note, MailScanner is a very powerful tool for providing necessary security to a mail server. It can protect the mail server from malware for both incoming and outgoing mails. It is a must for any email server deployed in production environment.
This tutorial covered setting up MailScanner with basic configuration. The parameters of MailScanner as well as SpamAssassin and ClamAV can be customized to meet the requirements of the production environment.
Hope this helps.

No comments:

Post a Comment