Installing Spamassassin and Clamav on Qmail

References:http://qmailrocks.org/clamspam_rh.htm

# Install the following Perl Modules using Cpan

Digest::SHA1
Digest::HMAC
Net::DNS
Time::HiRes
HTML::Tagset
HTML::Parser
Pod::Usage
Parse::Syslog
Statistics::Distributions

yum install perl-suidperl

yum install unzip
yum install gmp-devel
#Installing ClamAv ( http://www.clamav.net/ )

yum install clamav-devel

/usr/sbin/useradd -c "Qmail-Scanner Account" -s /bin/false qscand

#Installing Clamav Manually

/usr/sbin/useradd -c "Qmail-Scanner Account" -s /bin/false qscand

cd /tmp
wget http://freshmeat.net/redir/clamav/29355/url_tgz/clamav-0.90.tar.gz
tar zxvf clamav-0.90.tar.gz

cd clamav-0.90

./configure --with-user=qscand --with-group=qscand

make
make install

vi /usr/local/etc/clamd.conf

"Example" - should already be commented out. However, if it is not, make sure that
it is commented out (#)
"LogFile" - should be set to /var/log/clamd.log
"User" - should be set to qscand
"PidFile" - should be set to /var/run/clamd.pid
LogTime 1
FixStaleSocket 1
ScanMail 1
LogSyslog 1

cd /var/run/
touch clamd.pid
chown qscand clamd.pid
cp -a /tmp/clamav-0.90/contrib/init/RedHat/clamd /etc/init.d/

chown root.root /etc/rc.d/init.d/clamd

/sbin/chkconfig clamd on

vi /usr/local/etc/freshclam.conf

#Make the necessary changes in the conf file

touch /var/log/freshclam.log

cd /var/log/

chown qscand.root freshclam.log

chown qscand.root clamd.log
cd /usr/local/share/

#chown clamav.qscand clamav (no clamav user)

chown qscand.qscand clamav

/usr/local/bin/freshclam

crontab -e

00 00 * * * /usr/local/bin/freshclam

cd /etc/logrotate.d/

vi clamd

#
# Rotate Clam AV daemon log file
#

/var/log/clamd.log {
missingok
create 640 root qscand
postrotate
/bin/kill -HUP `cat /var/run/clamd.pid 2> /dev/null` 2> /dev/null || true
endscript
}

chown root.root clamd

chmod 644 clamd

/etc/rc.d/init.d/clamd start

#Installing SpamAssassin

#Using cpan install the following Perl Module

install Mail::SpamAssassin

yum install spamassassin

/usr/sbin/groupadd spamd
/usr/sbin/useradd -g spamd -s /home/spamd spamd

vi /etc/sysconfig/spamassassin

If the above file exists, replace its contents with the following line. If the
file does not exist, create it and add the following line:

SPAMDOPTIONS="-x -u spamd -H /home/spamd -d"

vi /etc/mail/spamassassin/local.cf

Add the following line...

required_hits 5

/etc/rc.d/init.d/spamassassin start
/sbin/chkconfig spamassassin on

# If you encounter the following errors in /var/log/maillog

###########
Jan 14 03:59:49 66-226-73-100 spamd[27442]: Failed to run __ENV_AND_HDR_FROM_MATCH
SpamAssassin test, skipping:__(Can't locate object method
"check_for_matching_env_and_hdr_from" via package
"Mail::SpamAssassin::PerMsgStatus" at
/usr/lib/perl5/vendor_perl/5.8.6/Mail/SpamAssassin/PerMsgStatus.pm line 2341,
<GEN281> line 193._)
Jan 14 03:59:49 66-226-73-100 spamd[27442]: Failed to run USER_IN_DEF_SPF_WL
SpamAssassin test, skipping:__(Can't locate object method
"check_for_def_spf_whitelist_from" via package "Mail::SpamAssassin::PerMsgStatus"
at /usr/lib/perl5/vendor_perl/5.8.6/Mail/SpamAssassin/PerMsgStatus.pm line 2341,
<GEN281> line 193._)
Jan 14 03:59:49 66-226-73-100 spamd[27442]: Failed to run USER_IN_SPF_WHITELIST
SpamAssassin test, skipping:__(Can't locate object method
"check_for_spf_whitelist_from" via package "Mail::SpamAssassin::PerMsgStatus" at
/usr/lib/perl5/vendor_perl/5.8.6/Mail/SpamAssassin/PerMsgStatus.pm line 2341,
<GEN281> line 193._)
##########

# then do the following

cp -a /etc/mail/spamassassin/init.pre /etc/mail/spamassassin/init.pre.orig

vi /etc/mail/spamassassin/init.pre
# Comment out this line
#loadplugin Mail::SpamAssassin::Plugin::SPF

# Update spammassain every night by setting up a cronjob

/usr/lib/cpan
install LWP::UserAgent

yum install gnupg

# Please check the update by running /usr/bin/sa-update manually to ensure no

errors are encountered
crontab -e

00 1 * * * /usr/bin/sa-update && /sbin/service spamassassin restart

ps aux | grep spamd

#You should the following info concerning spamassassin. The PID might differ on
your system, but you get the idea.

#spamd 3734 0.2 2.0 24992 20808 ? S 14:21 0:01 /usr/bin/spamd -x -u spamd -H
/home/spamd -d

setup

#One in the setup menu, scroll down and select the "system services" option. From
the system services menu, scroll down to "clamd".

#Installing Qmail Scanner (http://qmail-scanner.sourceforge.net/) and Qmail analog

( http://www.qms-analog.teel.ws/ )

cd /tmp

wget http://kent.dl.sourceforge.net/sourceforge/qms-analog/qms-analog-0.4.4.tar.gz

tar zxvf qms-analog-0.4.4.tar.gz

cd qms-analog-0.4.4

make all

cd /tmp

wget http://kent.dl.sourceforge.net/sourceforge/qmail-scanner/qmail-scanner-
2.01.tgz

tar zxvf qmail-scanner-2.01.tgz

# Download the Qmail-Scanner-2.01st (st patch) patch from

http://toribio.apollinare.org/qmail-scanner/

cd /tmp

wget http://toribio.apollinare.org/qmail-scanner/download/q-s-2.01st-
20070204.patch.gz

gunzip q-s-2.01st-20070204.patch.gz

cp -a q-s-2.01st-20070204.patch /tmp/qmail-scanner-2.01

cd /tmp/qmail-scanner-2.01

patch -p1 < q-s-2.01st-20070204.patch

#Install PCRE from http://www.pcre.org/

cd /tmp
wget ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-6.7.tar.gz
tar zxvf pcre-6.7.tar.gz
cd pcre-6.7
./configure
make
make check
make install

#Install Maildrop from http://www.courier-mta.org/maildrop/

cd /tmp
wget http://kent.dl.sourceforge.net/sourceforge/courier/maildrop-2.0.2.tar.bz2
tar jxvf maildrop-2.0.2.tar.bz2
cd maildrop-2.0.2
./configure
make
make install-strip

cd /tmp/qmail-scanner-2.01

vi qms-config

#!/bin/sh

if [ "$1" != "install" ]; then

INSTALL=
else
INSTALL="--install"
fi

./configure --domain yourdomain.com \

--admin postmaster \
--local-domains "yourdomain.com,yourotherdomain.com" \
--add-dscr-hdrs yes \
--dscr-hdrs-text "X-Antivirus-MYDOMAIN" \
--ignore-eol-check yes \
--sa-quarantine 0 \
--sa-delete 0 \
--sa-reject no \
--sa-subject ":SPAM:" \
--sa-delta 0 \
--sa-alt yes \
--sa-debug no \
--notify precips,admin \
"$INSTALL"

# Test your installation by running the following

chmod 700 qms-config

./qms-config

# If no errors are reported then run

./qms-config install

setuidgid qscand /var/qmail/bin/qmail-scanner-queue.pl -z

setuidgid qscand /var/qmail/bin/qmail-scanner-queue.pl -g

#A successful database build should produce the following output:

#perlscanner: generate new DB file from /var/spool/qscan/quarantine-events.txt

#perlscanner: total of 35 entries.

chown -R qscand:qscand /var/spool/qscan/

vi /var/qmail/supervise/qmail-smtpd/run

#To instruct Qmail to use Qmail-Scanner as the alternative queuing mechanism, we

add the following line to the SMTP "run" script right under the first line
(#!/bin/sh):

QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl" ; export QMAILQUEUE

#..and we change the "softlimit" in that same script...

#change softlimit to 40000000

#Note: It is absolutely vital that you change the "Softlimit" setting in this
script. If you don't, qmail may fail to deliver mail!!!

qmailctl stop

qmailctl start

qmailctl stat

cd /tmp/qmail-scanner-2.01/contrib/

chmod 755 test_installation.sh

./test_installation.sh -doit

#A successful test should produce the following output. 2 messages should be

quarantined by Clam Antivirus in /var/spool/quarantine/new and 2 messages should
be set to whatever mailbox you specified in the Qmail-scanner configuration
script. Don't worry if you don't get virus notification emails. The normal
notification emails that get sent out upon virus detection usually don't work
during the test.

#setting QMAILQUEUE to /var/qmail/bin/qmail-scanner-queue.pl for this test...

Sending standard test message - no viruses...

done!

Sending eicar test virus - should be caught by perlscanner module...

done!

Sending eicar test virus with altered filename - should only be caught by
commercial anti-virus modules (if you have any)...

Sending bad spam message for anti-spam testing - In case you are using
SpamAssassin...
Done!

Finished test. Now go and check Email for postmaster@mydomain.com

If you get 2 messages in your inbox and you see 2 messages in the quarantine
folder, it's time to crack open a cold one! You've successfully installed all 3
packages! Woohoo!

#Maintainance Setup
#Reference: http://qmailrocks.org/maintain.php
#Configure the following commands to be run everyday.
crontab -e

00 4 * * * rm -rf /var/spool/qscan/quarantine/viruses/new/*

# Setup Logrotate for qmail-queue.log

cd /etc/logrotate.d
vi qscan

###
/var/spool/qscan/qmail-queue.log {
missingok
notifempty
copytruncate
}
###

chown root.root qscan

chmod 644 qscan

# Please ensure the permissions of the file /etc/logrotate.d/qscan is same as the

other files in the /etc/logrotate.d directory

# Setting up Spam folder with automatic spam message filtering and redirection to
Spam Imap folder

Reference: http://opensourceheaven.net/?page_id=98

cd /home/vpopmail/domains/yourdomain.com/
vi mailfilter
Copy and paste the contents of the script
( http://www.tnpi.biz/internet/mail/toaster/etc/mailfilter-domain )into the
window.

#############
SHELL="/bin/sh"
import EXT
import HOST
VPOP="| /usr/local/vpopmail/bin/vdelivermail '' bounce-no-mailbox"
VHOME=`/usr/local/vpopmail/bin/vuserinfo -d $EXT@$HOST`

##
# title: mailfilter-domain
# author: Matt Simerson
# version 2.0
# http://www.tnpi.biz/internet/mail/toaster/etc/mailfilter-domain
#
# Usage: Install this file in ~vpopmail/domains/example.com/mailfilter
#
# Create a .qmail-default file with the following:
# "| /usr/local/bin/maildrop mailfilter"
#
# After your satisifed that this is working properly, comment out all
# the lines that start with "log"
##

logfile "/var/log/mail/maildrop.log"
log "==== BEGIN maildrop processing for $EXT@$HOST ==="

if ( $VHOME eq "" )
{
LOG " ERROR: VHOME isn't set, falling back to vdelivermail"
LOG "=== EXIT === "
to "$VPOP"
}

##
# Comment out this section if you run SpamAssassin via qmailscanner
# Spamassassin is slow enough, no point in doubling your expense
#
# Note that if you want to pass a message larger than 250k to spamd
# and have it processed, you'll need to also set spamc -s. See the
# spamc man page for more details.
##

if ( $SIZE < 256000 ) # Filter if message is less than 250k

{
log " running message through spamc"
exception {
xfilter '/usr/local/bin/spamc -u "$EXT@$HOST"'
}
}

##
# Include any rules set up for the user - this gives the
# administrator a way to override the domain's mailfilter file
#
# this is also the "suggested" way to set individual values
# for maildrop such as quota.
##

`test -r $VHOME/.mailfilter`
if( $RETURNCODE == 0 )
{
log " including $VHOME/.mailfilter"
exception {
include $VHOME/.mailfilter
}
}

##
# create the maildirsize file if it doesn't already exist
# (could also be done via "deliverquota user@dom.com 10MS,1000C)
##
`test -e $VHOME/Maildir/maildirsize`
if( $RETURNCODE == 1)
{
log " creating $VHOME/Maildir/maildirsize for quotas"
`/usr/local/vpopmail/bin/vuserinfo -Q $EXT@$HOST`

`test -s "$VHOME/Maildir/maildirsize"`
if ( $RETURNCODE == 0 )
{
`/usr/sbin/chown vpopmail:vchkpw $VHOME/Maildir/maildirsize`
`/bin/chmod 640 $VHOME/Maildir/maildirsize`
}
}

##
# Set MAILDIRQUOTA. If this isn't set, maildrop and deliverquota
# will not enforce quotas for message delivery.
#
# I find this much easier than creating yet another config file
# to store this in. This way, any time the quota is changed in
# vpopmail, it'll get noticed by maildrop immediately.
##

MAILDIRQUOTA=`/usr/bin/head -n1 $VHOME/Maildir/maildirsize`

##
# The message should be tagged, so let's bag it.
##
if ( /^X-Spam-Status: *Yes/)
{
`test -d $VHOME/Maildir/.Spam` # make sure .Spam folder exists
if( $RETURNCODE == 1 )
{
log " creating $VHOME/Maildir/.Spam "
`maildirmake -f Spam $VHOME/Maildir`
`/usr/local/sbin/subscribeIMAP.sh Spam $VHOME`
}

log " SPAM: attempting quota delivery to $VHOME/Maildir/.Spam"

exception {
xfilter "/usr/local/bin/deliverquota $VHOME/Maildir/.Spam"
}

if( $RETURNCODE == 77)

{
log " QUOTA FAILURE: bouncesaying '$EXT@$HOST is over quota'"
to "|/var/qmail/bin/bouncesaying '$EXT@$HOST is over quota'"
}

log "=== END === success"

exit
}

log " message is clean"

##
# Include any other rules that the user might have from
# sqwebmail or other compatible program
##

`test -r $VHOME/Maildir/.mailfilter`
if( $RETURNCODE == 0 )
{
log " including $VHOME/Maildir/.mailfilter"
exception {
include $VHOME/Maildir/.mailfilter
}
}

exception {
log " quota enabled delivery to $VHOME/Maildir"
xfilter "/usr/local/bin/deliverquota $VHOME/Maildir"
}

##
# check to make sure the message was delivered
# returncode 77 means that out maildir was overquota - bounce mail
##
if( $RETURNCODE == 77)
{
log " BOUNCED: bouncesaying '$EXT@$HOST is over quota'"
to "|/var/qmail/bin/bouncesaying '$EXT@$HOST is over quota'"
}

log "=== END === success"

#######

Modify

logfile "/var/log/mail/maildrop.log"

# to

logfile "/var/log/qmail/maildrop.log"

# Change these lines:

VPOP="| /usr/local/vpopmail/bin/vdelivermail '' bounce-no-mailbox"

VHOME=`/usr/local/vpopmail/bin/vuserinfo -d $EXT@$HOST`

# to this:

VPOP="| /home/vpopmail/bin/vdelivermail '' bounce-no-mailbox"

VHOME=`/home/vpopmail/bin/vuserinfo -d $EXT@$HOST`

# Save and close, then we'll create this log file:

touch /var/log/qmail/maildrop.log
chown vpopmail:vchkpw /var/log/qmail/maildrop.log
chmod 774 /var/log/qmail/maildrop.log

cd /home/vpopmail/domains/yourdomain.com/
chown vpopmail:vchkpw mailfilter
chmod 600 mailfilter
vi .qmail-default

# Comment out your existing line and add this one (all on one line)
| /usr/local/bin/maildrop /home/vpopmail/domains/yourdomain.com/mailfilter

chown vpopmail:vchkpw .qmail-default

chown qmaill:vchkpw /var/log/qmail
vi /usr/local/sbin/subscribeIMAP.sh

# Paste this script

######
#!/bin/sh
#
# This subscribes the folder passed as $1 to courier imap
# so that Maildir reading apps (Sqwebmail, Courier-IMAP) and
# IMAP clients (squirrelmail, Mailman, etc) will recognize the
# extra mail folder.

# Matt Simerson - 12 June 2003

LIST="$2/Maildir/courierimapsubscribed"

if [ -f "$LIST" ]; then
# if the file exists, check it for the new folder
TEST=`cat "$LIST" | grep "INBOX.$1"`

# if it is not there, add it

if [ "$TEST" = "" ]; then
echo "INBOX.$1" >> $LIST
fi
else
# the file does not exist so we define the full list
# and then create the file.
FULL="INBOX\nINBOX.Sent\nINBOX.Trash\nINBOX.Drafts\nINBOX.$1"

echo -e $FULL > $LIST

/bin/chown vpopmail:vchkpw $LIST
/bin/chmod 644 $LIST
fi
#######

chmod 755 /usr/local/sbin/subscribeIMAP.sh

qmailctl stop
qmailctl start
qmailctl stat

In case of issues check these log files

tail -f /var/log/qmail/qmail-smtpd/current
tail -f /var/log/qmail/qmail-send/current

# Setup Log rotation for maildrop.log file as follows

cd /etc/logrotate.d/
vi maildrop
###
/var/log/qmail/maildrop.log {
missingok
notifempty
copytruncate
}
###

chown root.root maildrop

chmod 644 maildrop

# DCC Razor Pyzor and RBL setup

# Install DCC
mkdir /downloads/spam
cd /downloads/spam
# Download DCC from http://www.rhyolite.com/anti-spam/dcc/
wget http://www.rhyolite.com/anti-spam/dcc/source/dcc.tar.Z
tar zxfv dcc.tar.Z
cd dcc-1.3.45/
./configure
make install
cd /downloads/spam

# Install Pyzor
Download Pyzor from http://pyzor.sourceforge.net
cd /downloads/spam
wget http://nchc.dl.sourceforge.net/sourceforge/pyzor/pyzor-0.4.0.tar.bz2
tar xjvf pyzor-0.4.0.tar.bz2
cd pyzor-0.4.0
python setup.py build
python setup.py install
pyzor discover
cd /downloads/spam

# Setup cronjob to update pyzor servers automatically

00 1 * * * /usr/bin/pyzor discover

# Install Razor

# Install the following perl modules

perl -MCPAN -e "install Time::HiRes"

perl -MCPAN -e "install Digest::SHA1"
perl -MCPAN -e "install MIME::Base64"
perl -MCPAN -e "install Test::Simple"
perl -MCPAN -e "install Test::Harness"
perl -MCPAN -e "install Getopt::Long"
perl -MCPAN -e "install File::Copy"
perl -MCPAN -e "install URI::Escape"

# Download Razor from http://razor.sourceforge.net/

cd /downloads/spam
wget http://jaist.dl.sourceforge.net/sourceforge/razor/razor-agents-2.82.tar.bz2
tar xjvf razor-agents-2.82.tar.bz2
cd razor-agents-2.82
perl Makefile.PL
make test
make install

razor-admin -create

cd /root/.razor
chown spamd.spamd razor-agent.conf
chmod 764 razor-agent.conf
razor-admin -register -user=postmaster@yourdomain.com
cp -a /etc/mail/spamassassin/local.cf /etc/mail/spamassassin/local.cf.orig

#Generate a local.cf file from http://www.yrex.com/spam/spamconfig.php.Use the

http://opensourceheaven.net/local.cf.txt file as reference.
vi /etc/mail/spamassassin/local.cf
# Paste the contents of the generated local.cf file here

dcc_home /var/dcc
dcc_path /usr/local/bin/dccproc
dcc_dccifd_path /var/dcc/libexec/dccifd

pyzor_path /usr/bin/pyzor
score PYZOR_CHECK 1

########

sa-learn --sync

/etc/rc.d/init.d/spamassassin restart

# Run the following command to check if spamassassin configuration is correct

spamassassin -D --lint

# Enabling Surbl in spamassassin

perl -MCPAN -e "install Net::DNS::Resolver"

updatedb && locate v310.pre

#If this file is already in /etc/mail/spamassassin, then you are ready for the
next bit. If the file is somewhere else on your system, copy it to
/etc/mail/spamassassin/.

vi /etc/mail/spamassassin/v310.pre

Add these lines at the end:

# SURBL DNS Blacklisting

loadplugin Mail::SpamAssassin::Plugin::URIDNSBL

qmailctl stop
qmailctl start
/etc/init.d/spamd restart

#To test if the changes are working, send yourself a message (from a different
email address) with http://surbl-org-permanent-test-point.com in the message body.
If all is well message should be tagged as spam.
#Enable RBL checking

vi /var/qmail/supervise/qmail-smtpd/run
# Edit the lines as shown below
/etc/tcp.smtp.cdb -c "$MAXSMTPD" \ -u "$QMAILDUID" -g ................ \
rblsmtpd \
-r zen.spamhaus.org \
-r bl.spamcop.net \
-r relays.ordb.org \
/var/qmail/bin/qmail-smtpd server.yourdomain.com \
qmailctl stop
qmailctl start
qmailctl stat

# Installing fuzzyocr to block image spam

References:
http://www.goodcleanemail.com/kb.php?ToDo=view&questId=90&catId=2
http://fuzzyocr.own-hero.net/wiki/Downloads

# Installing dependecnies
yum install ImageMagick
yum install netpbm
yum install netpbm-progs
yum install netpbm-devel
yum install libungif
# On Fedora Core 6 libungif is known as giflib
yum install libungif-progs
# On Fedora Core install giflib-utils instead of libungif-progs

cpan
install String::Approx

# Installing GOCR

# Download gocr from http://jocr.sourceforge.net

cd /tmp
wget http://prdownloads.sourceforge.net/jocr/gocr-0.43.tar.gz
tar zxvf gocr-0.43.tar.gz
cd gocr-0.43
./configure --with-netpbm=/usr/lib/
make
make install

# Installing Fuzzyocr

Dwonload Fuzzyocr from http://fuzzyocr.own-hero.net/wiki/Downloads

cd /tmp

wget http://users.own-hero.net/~decoder/fuzzyocr/fuzzyocr-2.3b.tar.gz

tar zxvf fuzzyocr-2.3b.tar.gz

cd /tmp/FuzzyOcr-2.3b
vi FuzzyOcr.cf

# Make necessary changes on the lines as shown below

#########
focr_logfile /var/log/FuzzyOcr.log

# Set this to 1 if you are running a version < 3.1.4.

# This will disable a function used in conjunction with animated gifs that isn't
available in earlier versions (Default value: 0.0)
#focr_pre314 0.0
focr_pre314 1
focr_enable_image_hashing 1
focr_digest_db /etc/mail/spamassassin/FuzzyOcr.hashdb
focr_base_score 2
###########

vi FuzzyOcr.pm

# Change the log file location as shown below

# Add this line below any existing use statements at start of the file

use Mail::SpamAssassin::Timeout;

######

our $logfile = "/var/log/FuzzyOcr.log";

######

cd /var/log

touch FuzzyOcr.log

chown spamd.spamd FuzzyOcr.log

chmod 755 FuzzyOcr.log

cp -a FuzzyOcr.cf /etc/mail/spamassassin/
cp -a FuzzyOcr.words.sample /etc/mail/spamassassin/
cp -a FuzzyOcr.pm /etc/mail/spamassassin/
cd /etc/mail/spamassassin/
mv FuzzyOcr.words.sample FuzzyOcr.words
chown root.root FuzzyOcr.*

touch focr_digest_db
chmod o+w focr_digest_db

vi v310.pre

# Add these lines

####
# FuzzyOcr Image Spam Filter
loadplugin FuzzyOcr FuzzyOcr.pm
#####

cd /var/log/qmail
chown spamd.spamd FuzzyOcr.log
chmod 600 FuzzyOcr.log

# Run the following command to check if spamassassin configuration is correct

spamassassin -D --lint

/etc/rc.d/init.d/spamassassin restart

# Testing

/tmp/FuzzyOcr-2.3b/samples
spamassassin -t < animated-gif.eml
spamassassin -t < corrupted-gif.eml
spamassassin -t < jpeg.eml
spamassassin -t < png.eml