Google

Part 15 - qmail-scanner w/qms-analog
If you will recall, when we compiled qmail earlier in this installation, we applied a patch to qmail called "qmailqueue.patch". This patch allows qmail to be configured to run with a substitute queuing mechanism. That's exactly what were about to do here. We're going to tell qmail to use Qmail-Scanner as the queuing mechanism. Qmail-scanner is going to allow us to integrate Clam Antivirus and SpamAssassin into our qmail server's mail queue. Once qmail-scanner is installed, there will be a master script that is filled with configuration options that help you to tailor the functionality of Clam Antivirus and SpamAssassin to your needs. To expand the number of configuration options, we are also going to apply a patch to qmail-scanner. For this patch, we will be using Mark Teel's qms-analog patch. Qms-analog incorporated the widely used qmail-scanner-st patch but it also adds some cool reporting functionality as well which we will utilize later in this installation guide. So let's get on it!

cd /downloads/qmailrocks

Unpack qmail-scanner...

tar zxvf qmail-scanner-1.25.tgz

Now unpack qms-analog...

tar zxvf qms-analog-0.4.4.tar.gz

Install qms-analog itself. This will come in handy in the next step when we install Qmailanalog.

cd qms-analog-0.4.4

make all

Next, we copy needed qms-analog files to the qmail-scanner source directory...

cp qmail-scanner-1.25-st-qms-20050618.patch /downloads/qmailrocks/qmail-scanner-1.25/

cp /downloads/qmailrocks/scripts/qms-config-script-cwrapper /downloads/qmailrocks/qmail-scanner-1.25/

Now, let's apply the qms-analog patch...

cd /downloads/qmailrocks/qmail-scanner-1.25

chmod 755 qms-config-script-cwrapper

patch -p1 < qmail-scanner-1.25-st-qms-20050618.patch

Now continue with the qmail-scanner installation...

groupadd qscand

useradd -g qscand -c "Qmail-Scanner Account" -s /bin/false qscand

Now we will configure qmail-scanner and install it. Ordinarily, you would run the ./configure script to configure and install qmail-scanner. However, Mark Teel has donated a handy little config script that does most of the work for you.This script is called "qms-config-script" and, if you look above, you should have already copied this config script into the qmail-scanner source directory.

By default, Slackware is setup to NOT allow setuid. Therefore, we'll start off with instructions based on a server that does not allow setuid. However, if you know for a fact that your server has been setup for setuid functionality, the redhat installation instructions for qmail-scanner should suffice.

So let's do it...

cd /downloads/qmailrocks/qmail-scanner-1.25/contrib

make install

Now we will customize the qmail-scanner configuration script...

cd /downloads/qmailrocks/qmail-scanner-1.25

vi qms-config-script-cwrapper

You will notice several fields that need to be customized to fit your needs. Let's have a look. I've highlighted the fields you should customize in RED

#!/bin/sh

if [ "$1" != "install" ]; then
INSTALL=
else
INSTALL="--install"
fi

./configure --domain yourdomain.com \
--admin postmaster \
--local-domains "yourdomain.com,yourotherdomain.com" \
--add-dscr-hdrs yes \
--dscr-hdrs-text "X-Antivirus-MYDOMAIN" \
--ignore-eol-check yes \
--sa-quarantine 0 \
--sa-delete 0 \
--sa-reject no \
--sa-delta 0 \
--sa-alt yes \
--sa-debug yes \
--sa-report yes \
--notify admin \
--skip-setuid-test \
"$INSTALL"


Now save and exit out of the config file. That was easy, wasn't it.

And now we will run a test config for qmail-scanner...

./qms-config-script-cwrapper

Answer YES to all questions. If you get no errors, you can then run the script in "install" mode and this will install qmail-scanner on your server. If you do get errors, check out these troubleshooting tips.

./qms-config-script-cwrapper install

Again, answer YES to all questions. If you get no errors, you can then run the script in "install" mode and this will install qmail-scanner on your server. If you do get errors, check out these troubleshooting tips.

vi /var/qmail/bin/qmail-scanner-queue.pl

Then change the first line of /var/qmail/bin/qmail-scanner-queue.pl
to "#!/usr/bin/perl (in other words, remove the "-T" from the perl call.)

chmod 0755 /var/qmail/bin/qmail-scanner-queue.pl

And now all that's left for qmail-scanner is to initiate the version file and the perlscanner database...

First, we'll initialize the version file. This command also helps to keep your server's /var/spool/qmailscan folder clear of rogue files that can develop when SMTP sessions are dropped. You may want to stick this command into your server's crontab and run it once a day. You'll see more on this in the "maintaining your qmail server" step near the end of this tutorial.. So let's run it...

setuidgid qscand /var/qmail/bin/qmail-scanner-queue.pl -z

And now we will generate a new perlscanner database for qmailp-scanner. For future reference, it's a good idea to run this next command whenever you upgrade qmail-scanner. You'll see more on this in the "maintaining your qmail server" step near the end of this tutorial. So let's do i t...

setuidgid qscand /var/qmail/bin/qmail-scanner-queue.pl -g

A successful database build should produce the following output:

perlscanner: generate new DB file from /var/spool/qmailscan/quarantine-attachments.txt
perlscanner: total of 9 entries.

And now one final ownership check...

chown -R qscand:qscand /var/spool/qmailscan

Woohoo, qmail-scanner is installed! Now it's time to tie qmail-scanner into qmail itself.

vi /var/qmail/supervise/qmail-smtpd/run

To instruct Qmail to use Qmail-Scanner as the alternative queuing mechanism, we add the following line to the SMTP "run" script right under the first line (#!/bin/sh):

QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue" export QMAILQUEUE

..and we change the "softlimit" in that same script...

change softlimit to 40000000

Note: It is absolutely vital that you change the "Softlimit" setting in this script. If you don't, qmail may fail to deliver mail!!!

So now the qmail-smtp/run file should look like this:

#!/bin/sh
QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue" export QMAILQUEUE
QMAILDUID=`id -u vpopmail`
NOFILESGID=`id -g vpopmail`
MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
LOCAL=`head -1 /var/qmail/control/me`
if [ -z "$QMAILDUID" -o -z "$NOFILESGID" -o -z "$MAXSMTPD" -o -z "$LOCAL" ]; then
echo QMAILDUID, NOFILESGID, MAXSMTPD, or LOCAL is unset in
echo /var/qmail/supervise/qmail-smtpd/run
exit 1
fi
if [ ! -f /var/qmail/control/rcpthosts ]; then
echo "No /var/qmail/control/rcpthosts!"
echo "Refusing to start SMTP listener because it'll create an open relay"
exit 1
fi
exec /usr/local/bin/softlimit -m 40000000 \
/usr/local/bin/tcpserver -v -R -l "$LOCAL" -x /etc/tcp.smtp.cdb -c "$MAXSMTPD" \
-u "$QMAILDUID" -g "$NOFILESGID" 0 smtp \
/var/qmail/bin/qmail-smtpd your_domain.com \
/home/vpopmail/bin/vchkpw /usr/bin/true 2>&1


Once you've got the qmail-smtpd file modified, save the changes and exit from the file. Now we will finalize the qmail-scanner installation by going over some post-install configuration options. After that, we'll fire everything up and take qmail-scanner for a test drive!.

To activate all the changes we just made, we're going to have to completely stop and restart qmail...

Stop it...

qmailctl stop

and start it...

qmailctl start

And a quick check of the qmail processes, just to be safe..

qmailctl stat

Now it's time to test the whole damn thing to see if Qmail-Scanner, Spamassassin and Clam AV are all working correctly. Fortunately, Qmail-Scanner comes with it's own testing script that does a fantastic job. So let's test it!

cd /downloads/qmailrocks/qmail-scanner-1.25/contrib

chmod 755 test_installation.sh

setuidgid qscand ./test_installation.sh -doit

A successful test should produce the following output. 2 messages should be quarantined by Clam Antivirus in /var/spool/quarantine/new and 2 messages should be set to whatever mailbox you specified in the Qmail-scanner configuration script. Don't worry if you don't get virus notification emails. The normal notification emails that get sent out upon virus detection usually don't work during the test.

setting QMAILQUEUE to /var/qmail/bin/qmail-scanner-queue.pl for this test...

Sending standard test message - no viruses...
done!

Sending eicar test virus - should be caught by perlscanner module...
done!

Sending eicar test virus with altered filename - should only be caught by commercial anti-virus modules (if you have any)...

Sending bad spam message for anti-spam testing - In case you are using SpamAssassin...
Done!

Finished test. Now go and check Email for postmaster@mydomain.com


If you get 2 messages in your inbox and you see 2 messages in the quarantine folder, it's time to crack open a cold one! You've successfully installed all 3 packages! Woohoo!

- Helpful Hints -

Post Install configuration tips for Qmail-Scanner
Although Qmail-Scanner should work pretty much "out of the box" so to speak, you can make some customizations to it's configuration by editing the qmail-scanner-queue.pl script located at /var/qmail/bin/qmail-scanner-queue.pl. The qmail-scanner-queue.pl script controls a lot of the functionality of both Clam AV and Spamassassin. Check it out for yourself and you will see that there are quite a few items you have control over. I wouldn't recommend touching most of them. In fact, the only setting that I changed in mine is in the Spamassassin section:

Can I have Spamassassin tag suspected spam with a custom subject line?

Yes. Edit the /var/qmail/bin/qmail-scanner-queue.pl file and find the following line:

my $spamc_subject=``;

Now type a custom spam subject. This subject line will be added to any mails that Spamassassin tags as suspected spam. Here's an example:

my $spamc_subject=`Hi, I'm Spam`;

The "spamc_subject" setting determines what message Spamassassin will append to the "subject" of e-mails which it deems as SPAM.

Can I delete e-mails that Spamassassin labels as spam?

Yes. Edit the /var/qmail/bin/qmail-scanner-queue.pl l file and find the following line:

my $sa_delete='0';

Now replace the '0' with a number that represents how far above your SpamAssassin "required_hits" variable that Qmail-scanner should start deleting messages at. For example, if you SpamAssassin required_hits variable is set to "5" and you set the "sa_delete" variable to "1.0", then any message that has a spam score of 1.0 over the "5" mark would be deleted. In other words, any mail with a score of 6 or more would be trashed automatically. So for this example, you would change the "sa_delete" variable as follows:

my $sa_delete='1.0';

Is is safe to tell qmail-scanner to delete e-mails that SpamAssassin marks as spam?

Spamassassin has been tested to have up to a 99% accuracy rating in terms of detecting real spam and leaving legitimate e-mail alone. I've been using it for over a year now and have never gotten a false positive. Therefore, I feel safe in telling it to just delete the stuff.

There are a host of other Spam and Virus handling directives that can be customized with the qmail-scanner.pl file. You can check out the qmail-scanner patch website at http://xoomer.virgilio.it/j.toribio/qmail-scanner/ for all the details.

Other than that, I left my qmail-scanner-queue.pl script as is.

Summary of functionality:

If you've gotten to this point, you should have Clam Anti-Virus, Spamassassin and Qmail-Scanner all working together. When a messages comes into the server, Qmail-Scanner takes the message and pipes it out to both Clam Anti-Virus and Spamassassin. If the message contains a virus, Clam AV quarantines it a /var/spool/qmailscan/quarantine and then send a notification e-mail to whoever you specified in the Qmail-Scanner installation. If the message does not contain a virus, it is then scanned by Spamassassin. Depending on the score that Spamassassin assigns to the message and whether or not that score breaks the SPAM threshold set by you in the /var/qmail/.spamassassin/user_prefs file, Spamassassin will either let the message go unaltered to its destination or it will tag the message as SPAM. If the message is tagged as SPAM, it will still arrive at its destination, but with an altered "subject" that will signal to the recipient that this was tagged as SPAM. The text that gets appended to the "subject" of the e-mail is set in the /var/qmail/bin/qmail-scanner-queue.pl file. (For example: If you set qmail-scanner-queue.pl to tag all SPAM with "HI, I'M SPAM!", mail tagged as such will be delivered to the recipient with "HI, I'M SPAM" added to the subject. Once the message is tagged, the recipient can then configure his/her mail client to deal with those tagged message in whatever manner he/she sees fit. Alternatively, you can tell Spamassassin to delete all suspected spam messages (like I do). You can find directions for this in the "Hints" box above.



Page Compile Time: 0.00014805793762207 Seconds.
54.161.45.156