Hsphere Spam and Virus Filtering for Qmail (RedHat)

  • After spending an afternoon wading through the documentation for Qmail, Qmail-Scanner, Clam AV, and SpamAssassin trying to figure out what was applicable to Hsphere, I decided it might be a good idea to write a howto for anyone else who wants to install it. If you follow the steps contained in this howto, you should be up and running in no time.

Recompiling Qmail for Qmail-scanner support

First of all you need to shutdown qmail before proceeding further via the following command:

  /etc/init.d/qmaild stop

If you don’t follow this step you will run into problems during the recompiling of qmail. You do not really need to worry about loosing mail while you work on this, because per RFC the remote mail server is supposed to queue the mail it could not deliver for at least six hours (If memory serves me correctly) if not several days in the event it can not reach your mail server. The only mail servers who typically do not follow this, are ones used by spammers because they care about sending lots of messages quickly, and not necessarily making sure they got delivered.

After doing that, you then need to download the following files to recompile qmail:

http://www.qmail.org/qmail-1.03.tar.gz

http://www.qmail.org/qmailqueue-patch

http://www.psoft.net/shiv/qmail-smtpd.patch
Then you need to edit the qmailqueue-patch and remove the email comment at the top of the file (Everything above the diff -u qmail-… line). After doing that execute the following commands from the prompt.
# tar -xzf qmail-1.03.tar.gz

# cd qmail-1.03

# patch -p0 < ../qmail-smtpd.patch

# patch -p1 < ../qmailqueue-patch

# make setup check

# ./config-fast “your domain name”

# [ -d /hsphere/local/var ] || mkdir -p /hsphere/local/var

# rm -f /hsphere/local/var/qmail

# mkdir -p /hsphere/local/var

# ln -s /var/qmail /hsphere/local/var/qmail

# cp -f /hsphere/local/var/qmail/boot/home /hsphere/local/var/qmail/rc
Make sure you change “your domain name” to the domain name of your mail server (ie. “psoft.net”).
While we are on the topic of qmail itself, you also will need to change the memory usage limits on qmail. To do this you need to edit the /etc/rc.d/init.d/qmaild file. In it you should see a line similar to the following:
#POP before SMTP authentication

/hsphere/shared/bin/tcpserver -H -x /hsphere/local/var/vpopmail/ …

or

# SMTP Authentication

/hsphere/shared/bin/tcpserver -H -u ${USER_QMAILD} -g ${GROUP_QMAIL} …

Â
Whichever one you use, you need to edit it and make it look like the following:

Â
softlimit -a 10000000 /hsphere/shared/bin/tcpserver -H …

Â
You should notice that we added a “softlimit -a 10000000” to the front of the command. This adjusts the allowed memory usage on the mail server. This is needed because the spam and virus checkers take up more RAM than just qmail by itself (as one would expect). You might have to play with the above limit to see what works best on your system, but the 10M limit seems to work fine and is what is suggested in the qmail-scanner documentation. If you don’t have softlimit on your machine, then you need to go get it from here:

Â
http://www.rpmfind.net

Â
That site is a savior for anyone who uses machines which use RPM. If you didn’t already know about that site, then make sure you bookmark it. The package you will be searching for is “daemontools”.

Â
Clam Antivirus Installation

The next thing we need to do is add a virus scanner to the machine. There are many choices out there, but I choose to use Clam AV as it is decently fast, and it and virus updates are free. It won’t catch every virus under the sun, but it will catch probably better than 95% of anything which is going around the Internet currently.

First of all you need to download the latest version of Clam AV from here:

http://sourceforge.net/project/showfiles.php?group_id=86638

After you download it you need to add a user and group for Clam AV by type the following as root:
# groupadd clamav

# useradd -g clamav -s /bin/false -c “Clam AntiVirus” clamav

Â
Then extract the files, configure, and make as so:

Â
# tar -xzvf clamav-0.60.tar.gz

# cd clamav-0.60

# ./configure –sysconfdir=/etc

# make

# make install

Â
You then need to edit the /etc/clamav.conf file and set it up. The documentation in the config is pretty good so I won’t rehash it here. Just make sure you remember to remove the “Example” line from the file. After that is done you need to setup the the clamav daemon and the freshclam virus definition file updater daemon. Edit the /etc/rc.d/rc.local and add the following two lines:

Â
/usr/local/bin/freshclam -d -c 2 -l /var/log/clam-update.log

/usr/local/sbin/clamd -c /etc/clamav.conf

Â
After you add them there, you need to create the log file for freshclam to log to and give it appropriate permissions. You can do this as so:

Â
# touch /var/log/clam-update.log

# chmod 600 /var/log/clam-update.log

# chown clamav /var/log/clam-update.log

Â
After doing that you need to start the daemons as so:

Â
# /usr/local/bin/freshclam -d -c 2 -l /var/log/clam-update.log

# /usr/local/sbin/clamd -c /etc/clamav.conf

Â
Now you have the virus scanning completely setup.

Â
SpamAssassin Installation

Now that we have virus scanning knocked out of the way, we need to work on spam filtering. First thing we need to do is download SpamAssassin. Download it from here, choosing which version you want to run. I decided to go with the 2.63, but your free to go with what your comfort level allows.

Â
http://useast.spamassassin.org/released/Mail-SpamAssassin-2.63.tar.gz

http://useast.spamassassin.org/released/Mail-SpamAssassin-2.60.tar.gz

http://useast.spamassassin.org/released/Mail-SpamAssassin-2.55.tar.gz

Â
After you download it. You need to extract and compile it via the following commands:

Â
# tar -xzvf Mail-SpamAssassin-2.XX.tar.gz

# cd Mail-SpamAssassin-2.XX

# perl Makefile.PL

# make

# make install

Â
If you get any errors saying your missing anything from your Perl configuration then look here http://useast.spamassassin.org/full/2.5x/dist/INSTALL for information on installing the required modules. I didn’t need to install anything, so hopefully you won’t either. After getting SpamAssassin compiled and installed, you need to setup your configuration. The place this is stored in is /etc/mail/spamassassin/local.cf. A good place to generate a config file is here:

Â
http://www.yrex.com/spam/spamconfig.php

Â

It allows you to select the options you want, and it will generate the configuration for you automatically. Here is my configuration in case you want to go off of it:

Â
required_hits 7.5

rewrite_subject 0

report_safe 1

report_header 1

use_terse_report 0

use_bayes 1

auto_learn 1

skip_rbl_checks 1

ok_languages all

ok_locales all

Â
The above is by no means the “perfect” configuration, but it is what I use. Take it for what it’s worth. After doing that you need to once again edit the system startup script (/etc/rc.d/rc.local) and add a new line to load the SpamAssassin daemon. The line I use it as follows:

Â
/usr/bin/spamd -x -d

Â
It explicitly disables per user configuration. I am going to later add support for it when I have time to hack it into Hsphere, but for now it’s best to disable it. As we did before after editing the config, we also need to start the daemon by typing the following at the prompt:

Â
# /usr/bin/spamd -x -d

Â
You should now have SpamAssassin up and running.

Â
Qmail-Scanner Installation

The last thing we need to do, is install qmail-scanner which adds the virus and spam checking into Qmail. You can download qmail-scanner and the required files here:

Â
http://prdownloads.sourceforge.net/qmail-scanner/qmail-scanner-1.20rc3.tgz?download

http://download.sourceforge.net/courier/maildrop-1.6.0.tar.bz2

http://prdownloads.sourceforge.net/tnef/tnef-1.2.1.tar.gz?download

ftp://rpmfind.net/linux/redhat/7.3/en/os/i386/RedHat/RPMS/perl-suidperl-5.6.1-34.99.6.i386.rpm

Â
You might also need to install a few Perl modules. This can be done as follows:

Â
# perl -MCPAN -e shell

> install Time::HiRes

> install DB_File

> install Sys::Syslog

Â
You should probably already have the second two modules already, but it’s best to make sure. After getting the Perl modules, you can start off with installing the SUID addon for Perl via the following:

Â
# rpm -Uvh perl-suidperl-5.6.1-34.99.6.i386.rpm

Â
After that, you need to extract and compile maildrop and tnef. Here are the commands to do that:

Â
# bunzip2 maildrop-1.6.0.tar.bz2

# tar -xvf maildrop-1.6.0.tar

# cd maildrop-1.6.0

# ./configure

# make

# make install

and

# tar -xzvf tnef-1.2.1.tar.gz

# cd tnef-1.2.1

# ./configure

# make

# make install

Â
Now that you have the required modules installed, it’s time to install qmail-scanner. Extract it and compile as follows:

Â
# groupadd qscand

# useradd -c “Qmail-Scanner Account” -g qscand -s /bin/false qscand

# tar -xzvf qmail-scanner-1.20rc3.tgz

# cd qmail-scanner-1.20rc3

# ./configure –admin postmaster –domain yourdomain.com –scanners clamuko,verbose_spamassassin –notify admin –install

Â
As you did before, make sure you replace yourdomain.com with your domain name. The above configure line is what I would suggest using. It uses verbose SpamAssassin reporting on emails it logs as Spam, and also doesn’t send “A virus was detected in your email” emails to the sender as is the deafult. The Internet is getting spammed with these as of late because of Sobig, so we should do our part to cut down on them. We now need to do the final step, which is to configure Qmail to use the newly installed qmail-scanner-queue.pl. We do this by editing the/hsphere/local/var/vpopmail/etc/tcp.smtp file and adding the following line to it:

Â
:allow,QMAILQUEUE=”/var/qmail/bin/qmail-scanner-queue.pl”

Â
You should probably also add the following to the end of the existing lines in that file:

Â
,QMAILQUEUE=”/var/qmail/bin/qmail-queue”

Â
So the line which once read:

127.0.0.:allow,RELAYCLIENT=””

Now reads:

127.0.0.:allow,RELAYCLIENT=””,QMAILQUEUE=”/var/qmail/bin/qmail-queue”

Â
By doing that you make sure that virus checking and spam filtering isn’t done on locally sent mail. You now need to rebuild tcpserver’s database so it recognized your changes. You do this with the following command:

Â
# cd /hsphere/local/var/vpopmail/etc/

# /hsphere/shared/bin/tcprules tcp.smtp.cdb tcp.smtp.tmp < tcp.smtp

Â
Now start qmail via the following command:

/etc/init.d/qmaild start

Â
and send a couple test emails through the system. If you followed my instructions here, all should be working well and you now have spam tagging and virus filtering.

Â

Â

***************Disclaimer******************
Although these instructions are what I followed (more or less) I can not take responsibility if you screw up your production server. As is always the case, make sure you have backups just in case.  Also make sure your comfortable with following the above instructions before you dive in.

Advertisements
Leave a comment

Leave your opinion

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: