Version 1.0
Author: Oliver Meyer <o [dot] meyer [at] projektfarm [dot] de>
Last edited 03/05/2008

This document describes how to customize Falko's "Virtual Users And Domains" - setup for CentOS 5.1 so that it works with MailScanner and Mailwatch. The resulting system provides a web interface (Mailwatch) where you can manage quarantined emails, train SpamAssassin, edit the white- and blacklist, view configuration files and the detailed MySQL database status ...

This howto is a practical guide without any warranty - it doesn't cover the theoretical backgrounds. There are many ways to set up such a system - this is the way I chose.

1 Preparation Part I

Open http://www.howtoforge.com/virtual-users-and-domains-postfix-courier-mysql-centos5.1 and follow steps 1 - 10.

2 Preparation Part II

2.1 Install ClamAV

yum -y install clamav clamd unrar

2.2 Language Configuration

vi /etc/sysconfig/i18n

Change:

LANG="en_US.UTF-8"

To:

LANG="en_US"

2.3 Get Mailscanner

Please have a look at http://www.mailscanner.info/downloads.html to find out which is the latest version. When I was writing this howto, it was version 4.66.5-3.

cd /tmp/
wget http://www.mailscanner.info/files/4/rpm/MailScanner-4.66.5-3.rpm.tar.gz
tar xvf MailScanner-4.66.5-3.rpm.tar.gz

3 Install Mailscanner

cd /tmp/MailScanner-4.66.5-3
./install.sh

This will take a while...

4 Mailscanner Configuration

mv MailScanner.conf MailScanner.conf.orig
cat MailScanner.conf.orig | egrep ^[^#] > MailScanner.conf
vi /etc/MailScanner/MailScanner.conf

Change some parameters so that they look like this:

Run As User = postfix
Run As Group = postfix
Incoming Queue Dir = /var/spool/postfix/hold
Outgoing Queue Dir = /var/spool/postfix/incoming
MTA = postfix
Incoming Work Group = clamav
Incoming Work Permissions = 0640
Virus Scanners = clamd
Clamd Socket = /tmp/clamd.socket
Clamd Lock File = /var/lock/subsys/clamd
SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin
Quarantine User = root
Quarantine Group = apache
Quarantine Permissions = 0660
Quarantine Whole Message = yes
Quarantine Whole Message As Queue Files = no
Detailed Spam Report = yes
Include Scores In SpamAssassin Report = yes
Spam Actions = store
High Scoring Spam Actions = store
Always Looked Up Last = &MailWatchLogging
Is Definitely Not Spam = &SQLWhitelist
Is Definitely Spam = &SQLBlacklist
Filename Rules = %etc-dir%/filename.rules
Filetype Rules = %etc-dir%/filetype.rules
Dangerous Content Scanning = %rules-dir%/content.scanning.rules

mkdir /var/spool/MailScanner/spamassassin/
chown -R postfix:postfix /var/spool/MailScanner/

5 Install Spamassassin

The MailScanner manual recommends to install spamassassin from .tar.gz or via perl shell. Some users reported problems with the .rpm-version.

perl -MCPAN -e shell

Answer "no" when you're asked if you are ready for manual configuration.

Enter the following within the perl shell:

o conf prerequisites_policy ask
install Net::DNS

Answer "no" when you're asked if you want to enable the online tests.

install Mail::SpamAssassin
quit

6 Postfix Configuration

touch /etc/postfix/header_checks
echo "/^Received:/ HOLD" > /etc/postfix/header_checks
vi /etc/postfix/main.cf

Add the following line:

header_checks = regexp:/etc/postfix/header_checks

Afterwards stop postfix & sendmail and start ClamAV.

chkconfig postfix off
/etc/init.d/postfix stop
chkconfig sendmail off
service sendmail stop
chkconfig clamd on
/etc/init.d/clamd start

7 Mailwatch

7.1 Needed Package

yum -y install php-gd

7.2 Get Mailwatch

Please have a look at http://mailwatch.sourceforge.net to find out which is the latest version. When I was writing this howto, it was version 1.04.

cd /tmp/
wget http://switch.dl.sourceforge.net/sourceforge/mailwatch/mailwatch-1.0.4.tar.gz
tar xvzf mailwatch-1.0.4.tar.gz

7.3 Mailwatch Database

First we create and populate the mailwatch database.

mysql -p < /tmp/mailwatch-1.0.4/create.sql

Next open a MySQL shell.

mysql -u root -p

Create the MySQL user for the database.

GRANT ALL ON mailscanner.* TO mailwatch@localhost IDENTIFIED BY '%sql_user_password%';
FLUSH PRIVILEGES;
quit;

After that we have to insert the account data from above into some files.

vi /tmp/mailwatch-1.0.4/MailWatch.pm

my($db_user) = 'mailwatch';
my($db_pass) = '%sql_user_password%';

mv /tmp/mailwatch-1.0.4/MailWatch.pm /usr/lib/MailScanner/MailScanner/CustomFunctions/

vi /var/www/html/mailscanner/conf.php.example

define(DB_USER, 'mailwatch');
define(DB_PASS, '%sql_user_password%');
define(QUARANTINE_USE_FLAG, true);

mv /var/www/html/mailscanner/conf.php.example /var/www/html/mailscanner/conf.php

vi /tmp/mailwatch-1.0.4/SQLBlackWhiteList.pm

my($db_user) = 'mailwatch';
my($db_pass) = '%sql_user_password%';

mv /tmp/mailwatch-1.0.4/SQLBlackWhiteList.pm /usr/lib/MailScanner/MailScanner/CustomFunctions/

7.4 Mailwatch Web Administrator

Now open a MySQL shell with the mailwatch MySQL user.

mysql mailscanner -u mailwatch -p

Create the web admin account.

INSERT INTO users VALUES ('%web_user_username%',md5('%web_user_password%'),'%web_user_name%','A','0','0','0','0','0');
quit;

7.5 Mailwatch VHost

Create a vhost like this:

<VirtualHost 192.168.0.110:80>
    ServerName mailwatch.example.com
    ServerAdmin admin@example.com
    DocumentRoot /var/www/html/mailscanner/
    php_admin_flag short_open_tag On
    php_admin_flag safe_mode Off
    php_admin_flag register_globals Off
    php_admin_flag magic_quotes_gpc On
    php_admin_flag magic_quotes_runtime Off
    php_admin_flag session.auto_start 0
    php_admin_flag allow_url_fopen On
    LogLevel warn
    ErrorLog logs/mailwatch-error_log
    CustomLog logs/mailwatch-access_log combined

</VirtualHost>

Afterwards move the needed files for the webinterface to the right place ...

mv mailwatch-1.0.4/mailscanner/ /var/www/html/
mkdir /var/www/html/mailscanner/temp/

... and change the ownership.

chown -R apache:apache /var/www/html/mailscanner/
chown root:apache /var/www/html/mailscanner/images/ /var/www/html/mailscanner/images/cache/
chmod ug+rwx /var/www/html/mailscanner/images/ /var/www/html/mailscanner/images/cache/
chmod ug+rw /var/www/html/mailscanner/temp/

7.6 Spamassassin Configuration

vi /etc/MailScanner/spam.assassin.prefs.conf

Change:

#bayes_path /etc/MailScanner/bayes/bayes
# bayes_file_mode 0770

To:

bayes_path /var/spool/MailScanner/spamassassin/bayes
bayes_file_mode 0660

And modify the directory permissions:

chown postfix:apache /var/spool/MailScanner/spamassassin/ /var/spool/MailScanner/spamassassin/bayes_*
chmod g+rws /var/spool/MailScanner/spamassassin/
chmod g+rw /var/spool/MailScanner/spamassassin/bayes_*

Test the spamassassin configuration.

spamassassin -D -p /etc/MailScanner/spam.assassin.prefs.conf --lint

You should see lines like the following in the output:

dbg: config: using "/etc/MailScanner/spam.assassin.prefs.conf" for user prefs file
dbg: bayes: tie-ing to DB file R/O /var/spool/MailScanner/spamassassin/bayes_toks
dbg: bayes: tie-ing to DB file R/O /var/spool/MailScanner/spamassassin/bayes_seen
dbg: bayes: found bayes db version 3
dbg: config: score set 0 chosen.

7.7 GeoIP Bugfix

In order that the geoip database update in the Mailwatch webinterface will work we have to fix a little bug.

vi /var/www/html/mailscanner/geoip_update.php

Change:

dbquery("LOAD DATA INFILE '".$base.'/'.$file2."' INTO TABLE geoip_country FIELDS TERMINATED BY ',' ENCLOSED BY '\"'");

To:

dbquery("LOAD DATA LOCAL INFILE '".$base.'/'.$file2."' INTO TABLE geoip_country FIELDS TERMINATED BY ',' ENCLOSED BY '\"'");

8 Cronjobs

8.1 MailScanner Quarantine

vi /etc/cron.daily/clean.quarantine

Make sure that it's disabled - the corresponding line should look like this:

$disabled = 1;

8.2 Mailwatch Quarantine

vi /tmp/mailwatch-1.0.4/tools/db_clean.php

Change the first line that it looks like this:

#!/usr/bin/php -q

cp /tmp/mailwatch-1.0.4/tools/quarantine_maint.php /usr/local/bin/
cp /tmp/mailwatch-1.0.4/tools/db_clean.php /usr/local/bin/
chmod +x /usr/local/bin/quarantine_maint.php /usr/local/bin/db_clean.php
echo "/usr/local/bin/quarantine_maint.php --clean" > /etc/cron.daily/mailwatch_quarantine_maint.sh
echo "/usr/local/bin/db_clean.php" > /etc/cron.daily/mailwatch_db_clean.sh
chmod +x /etc/cron.daily/mailwatch*

8.3 Mail Queue Watcher

First copy the mail queue watcher script.

cp /tmp/mailwatch-1.0.4/mailq.php /usr/local/bin/

Afterwards we create a new cronjob.

crontab -e

Add the following line:

0-59 * * * * /usr/local/bin/mailq.php

9 Quarantine Release Fix

In order that a released email is not checked again (it would be quarantined again) we have to add/modify some rules.

9.1 WhiteList SQL Database

Connect to phpmyadmin (%server_ip%/phpmyadmin) and log in as mailwatch. Afterwards select the database "mailscanner" and then the table "whitelist". Create a new record:

to_address = default
to_domain = default
from_address = 127.0.0.1

9.2 MailScanner Rules

Note that the entries in all lines of the following files have to be separated with tabs!

cd /etc/Mail
touch filename.rules filetype.rules filename.rules.allowall.conf filetype.rules.allowall.conf rules/content.scanning.rules

vi filename.rules

From:          127.0.0.1       /etc/MailScanner/filename.rules.allowall.conf
FromOrTo:      default         /etc/MailScanner/filename.rules.conf

vi filetype.rules

From:          127.0.0.1       /etc/MailScanner/filetype.rules.allowall.conf
FromOrTo:      default         /etc/MailScanner/filetype.rules.conf

vi filename.rules.allowall.conf

allow   .*      -       -

vi filetype.rules.allowall.conf

allow   .*      -       -

vi rules/content.scanning.rules

From:           127.0.0.1      no
FromOrTo:       default        yes

Now adjust the permissions for the quarantine directory.

chown -R postfix:apache /var/spool/MailScanner/quarantine/
chmod g+rws /var/spool/MailScanner/quarantine/

Note: The needed MailScanner settings were already included in step 4.

10 Start

chkconfig --level 2345 MailScanner on
service MailScanner start && tail -f /var/log/maillog

You should see lines like the following in the output:

Mar 6 07:33:21 server1 MailScanner[8594]: Config: calling custom init function SQLBlacklist
Mar 6 07:33:21 server1 MailScanner[8594]: Starting up SQL Blacklist
Mar 6 07:33:21 server1 MailScanner[8594]: Read 0 blacklist entries
Mar 6 07:33:21 server1 MailScanner[8594]: Config: calling custom init function MailWatchLogging
Mar 6 07:33:21 server1 MailScanner[8594]: Started SQL Logging child
Mar 6 07:33:21 server1 MailScanner[8594]: Config: calling custom init function SQLWhitelist
Mar 6 07:33:21 server1 MailScanner[8594]: Starting up SQL Whitelist
Mar 6 07:33:21 server1 MailScanner[8594]: Read 1 whitelist entries

11 Remaining Configuration

http://www.howtoforge.com/virtual-users-and-domains-postfix-courier-mysql-centos5.1 from step 14 till the end.

Keep in mind that the commands to start, stop or restart postfix have changed!

To start MailScanner & Postfix:

service MailScanner start

To restart MailScanner & Postfix:

service MailScanner restart

To stop MailScanner & Postfix:

service MailScanner stop

12 Mailwatch Webinterface

Now you can access the mailwatch webinterface via http://mailwatch.example.com. Log in with the username & password that you created in step 7.4 .

First you should update the SpamAssassin rule descriptions and the GeoIP database. You'll find both options when you click on the "Tools/Links" button.

13 Links

• CentOS: http://www.centos.org/
• MailScanner: http://www.mailscanner.info
• Mailwatch: http://mailwatch.sourceforge.net

VM

The attached VM is configured as follows.

• IP: 192.168.0.110
• Gateway: 192.168.0.2
• All passwords: howtoforge
• Mailwatch web admin: olli

Original link: http://www.howtoforge.com/virtua...