Because previous solution that I have done on Windows didn’t worked in way I wanted, I have decided to make dedicated Linux SMTP filtering gateway.
Note: You can copy/paste all commands written here although they are not inline, they will be when you paste them to shell or file.
For this I needed to have:
Fully functional Linux machine ( I had already installed Ubuntu 8.04 server )
Postfix – default installation will do
Mail Scanner – free package that you can get on MailScanner home page
SpamAssassin – free antispam solution
Clam AV – free antivirus
Before of installing anything we will fetch the latest list of packages from Ubuntu repositories with command:
aptitude update
Now before installation of a Mail Scanner we need to install some packages with command:
aptitude install libconvert-tnef-perl libdbd-sqlite3-perl libfilesys-df-perl libmailtools-perl libmime-tools-perl libmime-perl libnet-cidr-perl libsys-syslog-perl libio-stringy-perl libfile-temp-perl libole-storage-lite-perl libarchive-zip-perl postfix clamav clamav-daemon libsys-hostname-long-perl libnet-cidr-lite-perl spamassassin
Answer with Y when asked to install dependencies for these packages. During the installation of postfix you will get simple menu in which you need to select Internet site and write your full host name with domain.
Because whole configuration of Postfix is being done via main.cf and master.cf files we need to change some values in them. Open main.cf and add/edit following lines to look like this:
myhostname = ubuntu.sp.local
mydomain = sp.local
myorgin = $mydomain
inet_interfaces = all
mydestination = $myhostname, localhost.$mydomain $mydomain
mynetwork_style = host
relay_domains = lab.net
transport_maps = hash:/etc/postfix/transport
append_at_myorigin = no
local_recipient_maps =
header_checks = regexp:/etc/postfix/header_checks
Now open /etc/postfix/transport and add your forwarding domains in it. For multiple domains go to new row by same principle.
sp.local smtp:[192.168.1.5]
This ip 192.168.1.5 is IP of my Exchange server, not of my Linux machine and sp.local is the name of my domain, replace IP and domain name with yours. After this editing we need to create hash of the transport file and to restart Postfix.
postmap /etc/postfix/transport
/etc/init.d/postfix restart
Now you can control if Postfix is working like it should and if it transports mail. If everything works stop it so that we can configure other options in it and because it needs to be started after MailScanner.
/etc/init.d/postfix stop
Next step would be to unpack and install the latest version of Mail Scanner because Ubuntu 8.04 still doesn’t have the latest version in the repositories. You can get the latest version of Mail Scanner here. Because we will compile it we need .tar.gz version.
wget http://mailscanner.info/files/4/tar/MailScanner-install-4.71.10-1.tar.gz
tar zxvf MailScanner-install-4.71.10-1.tar.gz
cd MailScanner-install-4.71.10
./install.sh
You will see lot of output when you run ./install.sh because it will check which Perl modules do you have installed and install those that are missing, but as installation says:
Do not worry too much about errors from the next command.
It is quite likely that some of the Perl modules are
already installed on your system.
When install.sh is done you will get message to enter some lines in crontab to automatize jobs. Type crontab -e and enter following lines in crontab (:w to write and exit if you are using Vi editor ctrl+x for Pico).
37 5 * * * /opt/MailScanner/bin/update_phishing_sites
07 * * * * /opt/MailScanner/bin/update_bad_phishing_sites
58 23 * * * /opt/MailScanner/bin/clean.quarantine
42 * * * * /opt/MailScanner/bin/update_virus_scanners
3,23,43 * * * * /opt/MailScanner/bin/check_mailscanner
Now we need to edit /etc/default/spamassassin file and to enable SpamAssassin daemon. Open this file with editor and change these lines:
ENABLED=0 to ENABLED=1
CRON=0 to CRON=1
Now we have enabled SpamAssassin as a daemon and enabled it to update daily via cron. It’s time to start it for the first time.
/etc/init.d/spamassassin start
Next step would be to edit MailScanner.conf. Find following lines and edit them to look like this:
Run As User = postfix
Run As Group = postfix
MTA = postfix
Incoming Queue Dir = /var/spool/postfix/hold
Outgoing Queue Dir = /var/spool/postfix/incoming
Virus Scanners = clamav
Spam List = SBL+XBL
SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin
Now we will run MailScanner with command:
/opt/MailScanner/bin/check_mailscanner
It will automatically go to background. Now we need to tell Postfix to wait with forwarding of mails while they are checked against spam and antivirus definitions. We will need to edit file /etc/postfix/header_checks and to add following line because without it nothing will work.
/^Received:/ HOLD
Now we need to restart Postfix with command:
/etc/init.d/postfix start
I have got interesting output when I once killed MailScanner process that really make me laugh.
11818 ? Ss 0:00 MailScanner: killing children, bwahaha!
11819 ? Z 0:01 [MailScanner]
11862 ? Z 0:01 [MailScanner]
11905 ? Z 0:01 [MailScanner]
11948 ? Z 0:01 [MailScanner]
11991 ? Z 0:01 [MailScanner]
12038 ? Ss 0:00 MailScanner: killing children, bwahaha!
12039 ? Z 0:01 [MailScanner]
12083 ? Z 0:01 [MailScanner]
12126 ? Z 0:01 [MailScanner]
12169 ? Z 0:01 [MailScanner]
12212 ? Z 0:01 [MailScanner]
LOL, they have a good sense of humor.
So if everything is working correctly you should receive now mails with small footer text:
–
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
You can control message delivery with command:
tail -f /var/log/syslog
There you will see scrolling text like:
Sep 11 10:14:14 ubuntu postfix/smtpd[13220]: connect from web54408.mail.yahoo.com[206.190.49.138]
Sep 11 10:14:14 ubuntu postfix/smtpd[13220]: CE433E643: client=web54408.mail.yahoo.com[206.190.49.138]
Sep 11 10:14:15 ubuntu postfix/cleanup[13222]: CE433E643: hold: header Received: from web54408.mail.yahoo.com (web54408.mail.yahoo.com [206.190.49.138])??by ubuntu.sp.local (Postfix) with SMTP id CE433E643??for
Sep 11 10:14:15 ubuntu postfix/cleanup[13222]: CE433E643: message-id=<225121.37413.qm@web54408.mail.yahoo.com>
Sep 11 10:14:15 ubuntu postfix/smtpd[13220]: disconnect from web54408.mail.yahoo.com[206.190.49.138]
Sep 11 10:14:15 ubuntu MailScanner[13211]: New Batch: Scanning 1 messages, 2392 bytes
Sep 11 10:14:16 ubuntu MailScanner[13211]: Virus and Content Scanning: Starting
Sep 11 10:14:20 ubuntu MailScanner[13211]: Requeue: CE433E643.352A5 to 424A5E650
Sep 11 10:14:20 ubuntu postfix/qmgr[13003]: 424A5E650: from=
Sep 11 10:14:20 ubuntu postfix/smtp[13245]: 424A5E650: to=
Sep 11 10:14:20 ubuntu postfix/qmgr[13003]: 424A5E650: removed
Sep 11 10:14:20 ubuntu MailScanner[13211]: Uninfected: Delivered 1 messages
This means that MailScanner is scanning messages against spam and viruses.
Now the latest step would be to create RC script to start MailScanner on boot and before Postfix. Here you can read/download file mailscanner.txt file which you will use to create new /etc/init.d/mailscanner file.
This script is slightly modified original init script for MailScanner from Ubuntu. Next step would be to change permissions to the file and to create symlinks with commands:
chmod 755 /etc/init.d/mailscanner
cd /etc/rc0.d/
ln -s ../init.d/mailscanner K20mailscanner
cd /etc/rc1.d/
ln -s ../init.d/mailscanner K20mailscanner
cd /etc/rc2.d/
ln -s ../init.d/mailscanner S20mailscanner
cd /etc/rc3.d/
ln -s ../init.d/mailscanner S20mailscanner
cd /etc/rc4.d/
ln -s ../init.d/mailscanner S20mailscanner
cd /etc/rc5.d/
ln -s ../init.d/mailscanner S20mailscanner
cd /etc/rc6.d/
ln -s ../init.d/mailscanner K20mailscanner
So now we need to test everything with commands:
/etc/init.d/postfix stop
/etc/init.d/mailscanner start
/etc/init.d/postfix start
----------------------Diğer bir makale
Öncelikle sendmail'i durdurmalıyız.
Service sendmail stop ile sendmaili durduruyoruz
chkconfig sendmail off komutu da sendmail'in açılışta çalışmasını engelliyor
yum install postfix komutu ile postfix'i kuruyoruz.
Ardından /etc/psotfix/main.cf dosyasında aşağıdaki değişiklikleri yapıyoruz:
myhostname = altalan.alanadi.com.tr
mydomain = altalan.alanadi.com.tr
myorigin = $mydomain
inet_interfaces = all
mydestination = $myhostname, localhost.$mydomain $mydomain
mynetworks_style = host
relay_domains = alanadi.com.tr
transport_maps = hash:/etc/postfix/transport
append_at_myorigin = no
/etc/postfix/transport dosyasına şu satırı ekliyoruz
alalanadi.com.tr smtp:[exchange server ip'si]
postmap /etc/postfix/transport koumutu ile postfix'in transport dosyasını indekslemesini sağlıyoruz.
service postfix stop
service postfix start komutlarıyla da yaptığımız değşiklikleri aktif hale getiriyoruz.
Lütfen bu aşamada maillerin exchange'e ulaştığından emin olun. Hataları sonra düzeltmek daha zor olacaktır.
NOT: Ayrıca altalan.alanadi.com.tr ismine dikkat edin. Exchange sunucusu da kendisini aynı şekilde tanıtırsa postfix mailleri exchange'e teslim etmeyecektir.
Örn: Linux makinanın adını mail.egeonline.com yazmşsam ve exchange sunucusu da kendisini mail.egeonline.com olarak tanıtırsa, linux üzerinde kurulu postfix mailleri teslim etmeyecektir. Bu sorunun çözümü için şöyle yapabiliriz:
Eğer exchange sunucumuzun adı mail.egeonline.com ise, linux sunucunun adını linux.egeonline.com şeklinde ayarlayın. Alan adımız yani $mydomain egeonline.com oalcağı için sorun çıkmaz.
Eğer
Recipient address rejected: User unknown in local recipient table;
şeklinde bir hata alırsanız mydomain değişkenini myhostname ile aynı yapmayı deneyin.
MailScanner kurulumu
http://mailscanner.info adresinden sisteminize ait dosyayı indiriniz.
tar zxvf MailScanner-versiyon.tar.gz komutuyla mailscanner'ı açıyoruz.
sonra da cd MailScanner-versiyon komutuyla bu dizine giriyoruz.
./install komutu sizin için gerekli kurulumları yapacaktır. Eğer eksik bir bileşen varsa bunu kurmanız için sizi uyaracaktır.
Bende rpm-build paketi eksikti. yum install rpm-build komutuyla bu paketi kurdum.
chkconfig --list | grep MailScanner komutuyla kurulumun durumunu kontrol edelim. Çıktı şu şekilde olmalıdır :
MailScanner
0:kapalı 1:kapalı 2:açık 3:açık 4:açık 5:açık 6:kapalı
chkconfig postfix off komutuyla postfixi devreden çıkarıyoruz. MailScanner postfix'i kendisi çalıştıracaktır.
/etc/postfix/main.cf dosyasına
header_checks = regexp:/etc/postfix/header_checks satırını ekliyoruz.
/etc/postfix/header_checks dosyasına:
/^Received:/ HOLD satırını ekliyoruz.
/etc/MailScanner/MailScanner.conf dosyasında aşağıdaki değişikikleri yapıyoruz
Run As User = postfix
Run As Group = postfix
Incoming Queue Dir = /var/spool/postfix/hold
Outgoing Queue Dir = /var/spool/postfix/incoming
MTA = postfix
Sonra da MailScanner çalışma dizinlerinin sahipliklerini değiştiriyoruz:
chown postfix.postfix /var/spool/MailScanner/incoming
chown postfix.postfix /var/spool/MailScanner/quarantine
service MailScanner restart komutuyla mailscanner'i yeniden çalıştırıyoruz.
Bu aşamada tekrar mail alıp gödnermeyi deneyiniz. Bir hata var ise büyümeden düzeltmek zamanımızı kurtaracaktır.
Spamassassin
http://dag.wieers.com/rpm/packages/rpmforge-release/rpmforge-release-0.3.6-1.el5.rf.i386.rpm
dosyasını indirerek rpmforge repo'sunu repo lsitemize ekliyoruz
yum install perl-Digest-SHA1 perl-HTML-Parser perl-MIME-Base64 perl-Net-DNS perl-Mail-SPF-Query perl-Time-HiRes perl-DB_File komutuyla gerekli perl modüllerini kuruyoruz
yum install spamassassin komutu da spamassassin kurulumunu bizim için yapacaktır.
Kurulum tamamlandıktan sonra /etc/MailScanner/MailScanner.conf dosyasına:
SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin
komutunu ekliyoruz. Yada zaten vasrsa bu şekle gelmesini sağlıyoruz.
Ardından şu komutları çalıştırıyoruz:
mkdir /var/spool/MailScanner/spamassassin
chown postfix.postfix /var/spool/MailScanner/spamassassin
service MailScanner restart komutuyla mailscanner'ı yeniden başlatıyoruz.
ClamAV
Sıra geldi clamav kurulumuna
groupadd clamav
useradd -g clamav -s /bin/false -c "Clam AntiVirus" clamav
http://dag.wieers.com/rpm/packages/clamav/clamav-0.92.1-1.el5.rf.i386.rpm
http://dag.wieers.com/rpm/packages/clamav/clamav-db-0.92.1-1.el5.rf.i386.rpm
http://dag.wieers.com/rpm/packages/clamav/clamd-0.92.1-1.el5.rf.i386.rpm
clamav'ın centos 5 rpm'leri yukarıdaki adreste verilmiştir.
ardından gerekli perl modüllerini sistemimize yüklüyoruz
yum install perl-Parse-RecDescent perl-Inline perl-Mail-ClamAV
service clamd start komutuyla clamavı başlatıyoruz.
freshclam komutuyla clamav veritabanını güncelliyoruz.
/etc/MailScanner/MailScanner.conf dosyasına clamav'ı kullanmasını söylüyoruz:
'Virus Scanners = clamav'
ve
Monitors for ClamAV Updates = /var/clamav/*.inc/* /var/clamav/*.cvd
ile güncellenmiş dosyaların yerşni bildiriyoruz.
Artık Exchange'inizin önünde bir spam ve antivirüs tarayıcısı var.
