MailScanner & SpamAssassin Installation Guide -
Cobalt RaQ4
This page has been put together using notes from many sources and my own
experience. If you find any problems please let me know so I can include them
for the benefit of others.
MailScanner can be configured to run with various virus scanners but for the
sake of this page we are using f-prot. Please note that f-prot is free for
personal use but if you use it in a commercial environment you must pay a
licence fee. Given the value of the f-prot product this is very reasonable. I
would urge you to go to the Frisk
Software International website and pay the fee.
I thoroughly endorse the MailScanner product and can't praise the authors
enough. Since using MailScanner the incidence of virus and spam in our network
has plummeted. Please visit www.mailscanner.info
to find out more about it and show support by visiting the MailScanner
on-line store
I would also encourage you to show your appreciation of MailScanner by making
a contribution to the author by visiting here
Machine
This is a RaQ4 which is factory fresh with all the patches applied. Other than
the main base site, there are no other sites on it. I have also installed a
selection of patches from PkgMaster.com. I
specifically recommend installing OpenSSH
and disabling Tenet in the GUI.
I am going to install in the following order;
Support
If you run into problems installing MailScanner, please ask for help on the Cobalt
Users List or the MailScanner
mailing list. Please ensure you include your
- MailScanner version
- SpamAssassin version
- Installation info, fresh install or update
- The fact that it's a RaQ
A good reference start point is Sun
Cobalt Online Support page where there are links to
You need to have shell access to your RaQ. If you've installed SSH, use an SSH
client like Putty
and log in using your username and password.
You need to become root, so
su -
Don't forget the minus sign. You'll be prompted for your password again.
There are some basic commands being used, if you want to know more about them
just type "man" and the command name, some thing like
man wget
You may want to check for the latest version of the software
(replace the .tar.gz file below if it changes!!)
Latest Version: http://www.f-prot.com/download/getfplinfree.html
cd /usr/local
wget ftp://ftp.f-prot.com/pub/linux/fp-linux-ws-4.5.4.tar.gz
tar zxvf fp-linux-ws-4.5.4.tar.gz
ln -s /usr/local/f-prot/f-prot.sh /usr/local/bin/f-prot
ln -s /usr/local/f-prot/man_pages/f-prot.1 /usr/man/man1/
ln -s /usr/local/f-prot/man_pages/check-updates.pl.8 /usr/man/man8
chmod +x /usr/local/f-prot/f-prot*
cd /usr/local/f-prot/
Create a working directory for storing stuff
cd /home
mkdir mailscanner
cd mailscanner
You now need the MailScanner file. The one you want is the version for RedHat
Linux, currently Version 4.40.11-1 for RedHat Linux (and other RPM-based Linux
distributions)
To get the MailScanner file on the RaQ use wget
wget www.mailscanner.info/mailscanner/files/4/rpm/MailScanner-4.40.11-1.rpm.tar.gz
This gets the MailScanner file, if you want to check it's there, use
ls -la
You will get a list of the files in the current directory. You should get
something like this
[root mailscanner]# ls -la
total 1319
drwxr-xr-x 2 root root 1024 Feb 22 12:13 .
drwxr-xr-x 8 root root 1024 Feb 22 11:50 ..
-rw-r--r-- 1 root root 1341440 Feb 1 16:08 MailScanner-4.40.11-1.rpm.tar.gz
[root mailscanner]#
This distribution is provided as a tar file. You need to unpack the tar file
using a command line
tar zxvf MailScanner-4.40.11-1.rpm.tar.gz
This will create a new directory, called something like MailScanner-4.40.11-1.
Have a look using "ls -la" Move into the new directory
using the "cd" command. If you do an "ls
-la" at this point, you will see a file called "install.sh",
which you need to run using a command ./install.sh
ls -la
cd MailScanner-4.40.11-1
./install.sh
This will produce a very large amount of output, as it tries to build and
install all the packages that MailScanner uses. Don't worry too much about what
it prints out.
If it tells you your copy of the Perl module ExtUtils::MakeMaker is out of
date, run this command.
./Update-MakeMaker.sh
If you are having trouble making it install, first check that you only have 1
version of Perl installed. The one that came supplied is in /usr/bin/perl, but
you may also have /usr/local/bin/perl. If you have both, you are advised to get
rid of any traces of perl under /usr/local.
rm /usr/local/bin/*perl*
rm /usr/local/bin/pod*
rm -r /usr/local/lib/perl5
rm /usr/local/man/man1/perl*
If you get errors about "TokeParser" or the installation of the
perl module HTML::Parser fails, then you will need to create 4 dummy files to
keep Perl happy. You should do this:
cd /usr/lib/perl5/5.00503/i386-linux/CORE
touch opnames.h
touch perlapi.h
touch utf8.h
touch warnings.h
Then run the install.sh script again and HTML-Parser should install properly
If you get this
Can't locate object method "rel2abs" via package
"File::Spec" at Makefile.PL
line 55.
BEGIN failed--compilation aborted at Makefile.PL line 57.
make: *** No targets specified and no makefile found. Stop.
make: *** No rule to make target `install'. Stop.
Then do this
wget http://search.cpan.org/CPAN/authors/id/R/RB/RBS/File-Spec-0.82.tar.gz
tar zxvf File-Spec-0.82.tar.gz
cd File-Spec-0.82
perl Makefile.PL
make
make test
make install
cd ..
Now we run ./Update-MakeMaker.sh again and then ./install.sh
./Update-MakeMaker.sh
./install.sh
As I said above, this will produce a very large amount of output, as it tries
to build and install all the packages that MailScanner uses. Don't worry too
much about what it prints out. The last thing it will do is install the tnef
package, followed by MailScanner itself. It will then print a few instructions
for you showing the commands needed to start MailScanner running.
Ignore these instructions totally and follow on below!
We have to change a couple of things first
pico -w /etc/mail/sendmail.cf
Search for "QueueDirectory" and change the line to
O QueueDirectory=/var/spool/mqueue
Move any remaining queue files into the updated queue directory
cd /var/spool
mv /var/spool/mqueue/q*/* /var/spool/mqueue
mv /var/spool/mqueue.in/ /home/spool/
ln -s ../../home/spool/mqueue.in /var/spool/mqueue.in
Delete the old queue subdirectories
rmdir /var/spool/mqueue/q*
Now we want to edit the MailScanner Configuration file, also have a look at Configuration
file options
pico /etc/MailScanner/MailScanner.conf
Search through for these and replace (some of these may have been changed
already!!)
Virus Scanners = none
to
Virus Scanners = f-prot
Search for "Outgoing Queue Dir" and change the line to
Outgoing Queue Dir = /var/spool/mqueue
OK, nearly there. Now we want to stop sendmail and start
MailScanner and make sure it stays that way in the event of a reboot.
/etc/rc.d/init.d/MailScanner stop
I usually have to give that command about 3 times to make sure
it has properly stopped, to check that it has stopped, use
ps auxw | grep -i mail
It should give an output like
root 23633 0.0 0.3
1360 496 pts/1 S 00:13
0:00 grep -i mail
You may even have to give that command twice. Once you are
sure it has stopped, issue the following commands
chkconfig sendmail off
chkconfig --level 2345 MailScanner on
Lets start it all up
/etc/rc.d/init.d/MailScanner start
To check that it's OK, use the same command as above that you
used to check it had stopped
ps auxw | grep -i mail
It should produce an output like this:
root 23790 0.0 0.9
2492 1176 ? S
00:16 0:00 sendmail: accepting connections
root 23793 0.0 0.9 2492 1180
? S
00:16 0:00 /usr/sbin/sendmail -q15m
root 23802 0.0 6.4 9472 8236
? S
00:16 0:00 perl -I/usr/lib/MailScanner /usr/sbin/MailScanner
/etc/MailScanner/Ma
root 23803 0.2 6.9 10120 8876
? S
00:16 0:00 perl -I/usr/lib/MailScanner /usr/sbin/MailScanner
/etc/MailScanner/Ma
root 23809 0.2 6.9 10120 8876
? S
00:16 0:00 perl -I/usr/lib/MailScanner /usr/sbin/MailScanner
/etc/MailScanner/Ma
root 23833 0.2 6.9 10120 8876
? S
00:17 0:00 perl -I/usr/lib/MailScanner /usr/sbin/MailScanner
/etc/MailScanner/Ma
root 23843 0.2 6.9 10120 8876
? S
00:17 0:00 perl -I/usr/lib/MailScanner /usr/sbin/MailScanner
/etc/MailScanner/Ma
root 23848 0.3 6.9 10120 8876
? S
00:17 0:00 perl -I/usr/lib/MailScanner /usr/sbin/MailScanner
/etc/MailScanner/Ma
root 23933 0.0 0.4 1364 512
pts/1 S 00:19 0:00 grep -i
mail
Please note that you might not have as many MailScanner processes as shown in
the sample output, as it may still be forking off its child processes at that
point (there's a 10 second delay between starting each one).
If you want, you can look at the maillog to see it actually
running
tail -f -n100 /var/log/maillog
You should see an output similar to this where you can also see that the
f-prot autoupdate script is working which runs every hour.
Feb 23 00:01:00 raq4i3 update.virus.scanners: Found f-prot installed
Feb 23 00:01:00 raq4i3 update.virus.scanners: Updating f-prot
Feb 23 00:01:01 raq4i3 F-Prot autoupdate[23036]: F-Prot successfully updated.
Feb 23 00:13:12 raq4i3 MailScanner[21677]: MailScanner child caught a SIGHUP
Feb 23 00:13:12 raq4i3 MailScanner[21713]: MailScanner child caught a SIGHUP
Feb 23 00:13:12 raq4i3 MailScanner[21684]: MailScanner child caught a SIGHUP
Feb 23 00:13:12 raq4i3 MailScanner[21718]: MailScanner child caught a SIGHUP
Feb 23 00:13:12 raq4i3 MailScanner[21689]: MailScanner child caught a SIGHUP
Feb 23 00:16:38 raq4i3 sendmail[23786]: alias database /etc/mail/aliases rebuilt by admin
Feb 23 00:16:38 raq4i3 sendmail[23786]: /etc/mail/aliases: 17 aliases, longest 10 bytes, 189 bytes total
Feb 23 00:16:38 raq4i3 sendmail[23786]: alias database /etc/mail/aliases.majordomo rebuilt by admin
Feb 23 00:16:38 raq4i3 sendmail[23786]: /etc/mail/aliases.majordomo: 12 aliases, longest 69 bytes, 519 bytes total
Feb 23 00:16:38 raq4i3 sendmail[23790]: starting daemon (8.10.2): SMTP
Feb 23 00:16:38 raq4i3 sendmail[23793]: starting daemon (8.10.2): queueing@00:15:00
Feb 23 00:16:41 raq4i3 MailScanner[23803]: MailScanner
Feb 23 00:16:41 raq4i3 MailScanner[23803]: MailScanner E-Mail Virus Scanner version
4.40.11-1 starting...
Feb 23 00:16:41 raq4i3 MailScanner[23803]: Using locktype = flock
Feb 23 00:16:51 raq4i3 MailScanner[23809]: MailScanner
Feb 23 00:16:51 raq4i3 MailScanner[23809]: MailScanner E-Mail Virus Scanner version
4.40.11-1 starting...
Feb 23 00:16:51 raq4i3 MailScanner[23809]: Using locktype = flock
Feb 23 00:17:01 raq4i3 MailScanner[23833]: MailScanner
Feb 23 00:17:01 raq4i3 MailScanner[23833]: MailScanner E-Mail Virus Scanner version
4.40.11-1 starting...
Feb 23 00:17:01 raq4i3 MailScanner[23833]: Using locktype = flock
Feb 23 00:17:11 raq4i3 MailScanner[23843]: MailScanner
Feb 23 00:17:11 raq4i3 MailScanner[23843]: MailScanner E-Mail Virus Scanner version
4.40.11-1 starting...
Feb 23 00:17:11 raq4i3 MailScanner[23843]: Using locktype = flock
Feb 23 00:17:21 raq4i3 MailScanner[23848]: MailScanner
Feb 23 00:17:21 raq4i3 MailScanner[23848]: MailScanner E-Mail Virus Scanner version
4.40.11-1 starting...
Feb 23 00:17:21 raq4i3 MailScanner[23848]: Using locktype = flock
There's a "clean.quarantine" script included as a daily cron job.
It is disabled by default. Edit it to see how to enable it. If you edit it, it
will not be over-written by later upgrades to MailScanner.
pico -w /etc/cron.daily/clean.quarantine
MailScanner Summary
To find out if your mails are being checked
Each email that is checked will have the following inserted
into the Email Header (assuming you do not disable this feature )
X-MailScanner: Found to be clean
or
X-MailScanner: Found to be infected
or
X-MailScanner: Disinfected
/etc/rc.d/init.d/MailScanner stop
This should work reliably now, but will take a few seconds to return. You
should then find there are no MailScanner processes running.
ps -auxw | grep -i mail
Once you're happy it has stopped, just restart it with
/etc/rc.d/init.d/MailScanner start
To stop/start MailScanner using the RaQ Control Panel
First we need to make a little change so that when you tick the check box for
Email Server in the control panel it's the MailScanner that starts and not the
sendmail script.
cd /etc/rc.d/init.d
mv sendmail sendmail.old
chmod a-x sendmail.old
ln -s MailScanner sendmail
Now you can turn the MailScanner on and off using the RaQ
control panel. This also fixes the problem caused when a new user or site is
added to the RaQ.
Many thanks to Julian Field the author of MailScanner for this bit, he sent
me his notes when he installed this on one of my other RaQs
Download Mail-SpamAssassin-2.63.tar.gz from www.spamassassin.org into
somewhere sensible such as /root or /tmp. I put it in the mailscanner directory
I created earlier under /home
If the site is down, search Google for the file and you'll find a copy.
cd /home/mailscanner
wget www.spamassassin.org/released/Mail-SpamAssassin-2.63.tar.gz
perl -MCPAN -e shell
Whenever it asks about manual configuration, say no
cpan> o conf prerequisites_policy ask
cpan> install Time::HiRes
cpan> quit
tar xzf Mail-SpamAssassin-2.63.tar.gz
cd Mail-SpamAssassin-2.63
perl Makefile.PL
make
You may now get some errors about pod2text. If you do, then do this command
ln -s /usr/bin/pod2man /usr/bin/pod2text
make
make test
This will fail horribly due to lack of Pod/Usage.pm, so now do this (remember
whenever it asks about manual configuration, say no)
perl -MCPAN -e shell
cpan> o conf prerequisites_policy ask
cpan> install Pod::Usage
cpan> quit
Now to try the tests again
make test
make install
You now have installed SpamAssassin. The next step is to configure it and
MailScanner.
pico -w /etc/MailScanner/MailScanner.conf
Change the setting for "Required SpamAssassin Score" to more than 5
as that
generates quite a few false alarms. Julian's recommended value is 9.
I personally recommend 5 :-)
It's advised to set "Log Spam = yes" to start with.
You will of course need "Use SpamAssassin = yes".
If you don't have a very fast link, increase "SpamAssassin Timeout" to
nearer 20.
Then just stop and start MailScanner using the above commands - To
stop/start MailScanner
Joe Quinn
www.qitc.net
|
