[[howto:gentoo_linux_e-mail_archiver_gateway_for_exchange_w_mailscanner_spamassassin_clamav_mailarchiva]]
 
Trace: » e-harmony_profile_for_bruce_marriner » awstats_on_gentoo_with_virtual_hosts » build_a_media_center_pc » complete_media_server » connect_to_iseries_as_400_db_with_php_db2_connect_pe » drdb » dynamic_dns » elkm1 » freebsd_8.2_on_dell_r710 » gentoo_linux_e-mail_archiver_gateway_for_exchange_w_mailscanner_spamassassin_clamav_mailarchiva
Introduction

GFI Sucks. I'll probably get sued for that. I've had more trouble and headaches from that company and it's MailEssentials and MailArchiver software to cause me to never ever want to deal with them again. Because of that we're trying to find a replacement for them. And here we are. This guide will cover how to setup a Gentoo Linux server to act as a E-Mail gateway and archiver. This machine sits in front of the Exchange server and all E-Mail will pass through it. It'll be scanned for viruses, spam, then Archived and sent to the Exchange Server for local mail box delivery.

Assumptions

I assume you know what you are doing. I assume you realize if you jack something up it's all your fault. I'm not going to detail every single baby step here. So if you're looking for the point and click install guide - this isn't it.

What I Used

I doubt that it's required you use these specific version but here's what I used. * Postfix 2.3.6 * MailScanner 4.69.9-3 * MailWatch * SpamAssassin 3.2.1-r1 * ClamAV * MailArchiva * Exchange 2003 on Windows Server 2003.

How I did it

More of an order thing. I like doing things a piece at a time. Making sure each piece works before moving to the next. So I setup postfix as a gateway. Then Added MailScanner and got it working. Next SpamAssassin was added to the mix. I got that all working then added ClamAV into things. Once that all looked good I added MailArchiva to the mix.

Postfix

I already had Postfix installed and running as a e-mail server for a couple of other domains. So I modified my install to work with my new goals. You can find a zillion postfix howto's I'm sure - if you need help getting it going on Gentoo or any other distribution.

Inside the the main.cf file for postfix you need to add a line to relay for your specific domain. So for example if your domain was happy.com you would add a line like.. # relay_domains = happy.com

Now, you need to make sure this linux box knows how to access the Exchange server for happy.com. Luckily for me - the way my DNS is configured my linux server resolves the MX record for my domain to our internal Exchange server. If that's not the case I think there's a configuration option for postfix to tell it where to send mail for whatever domain. Have to look that up yourself though cause I don't know it as of typing this right now.

I did modify postfix to kill backscatter http://taint.org/2007/05/30/164456a.html

Routing

Once you make the above changes, Postfix should happily forward all mail it gets for your Exchange domain right on over to your Exchange server. So you can change your router configuration so that all inbound E-Mail is sent to the Linux server instead of your Exchange server. Once you do this, make sure your test everything and have it working. Now you can leave it this way while we do all the rest of the setup. If there's ever a problem you can just change your router to send e-mail traffic back to your exchange server to get this back up quickly.

MailScanner

There's a ebuild for MailScanner hardmasked in portage. But that's taken a long long time and there's reports of the ebuild being a serious pain to maintain. The .tar distribution form MailScanner's website installs very easily and cleanly into /opt/ and I'm going that route instead of messing with a potentially messy ebuild from portage.

Download MailScanner from their website @ http://www.mailscanner.info/downloads.html I went with the .tar distribution which they had labeled 'for Solaris / BSD / Other Linux / Other Unix' at the time.

Uncompress that to /opt/ it should create a folder and inside of that will be an install package. Just change into that folder and run the install script. (install.sh)

This will check your system, install needed perl modules, and then install MailScanner to /opt/MailScanner-Version and create a link from that folder to /opt/MailScanner

After it installed, it asked me to add the below lines to my /etc/crontab file - which I did.

37 5 * * * /opt/MailScanner/bin/update_phishing_sites 07 * * * * /opt/MailScanner/bin/update_bad_phishing_sites 58 23 * * * /opt/MailScanner/bin/clean.quarantine 42 * * * * /opt/MailScanner/bin/update_virus_scanners 3,23,43 * * * * /opt/MailScanner/bin/check_mailscanner

I then followed the instructions here - http://www.mailscanner.info/postfix.html

I restarted postfix and started MailScanner then tested that e-mail was still passing through to my Exchange server.

Then I created a init script for Gentoo.

{{Box File|/etc/init.d/mailscanner|<pre> #!/sbin/runscript # Copyright 1999-2008 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 # $Header: $

depend() { 

need net
need postfix
use logger dns

}

start() { 

ebegin "Starting MailScanner"
  /opt/MailScanner/bin/check_mailscanner -q >/dev/null
  RETVAL=$?
  [ ${RETVAL} -eq 0 ] && touch /var/lock/subsys/MailScanner
  [ ${RETVAL} -eq 0 ] && rm -f /var/lock/subsys/MailScanner.off
  eend ${RETVAL}

}

stop() { 

ebegin "Stopping MailScanner"
  killall -15 MailScanner
  RETVAL=$?
  [ ${RETVAL} -eq 0 ] && rm -f /var/lock/subsys/MailScanner
  [ ${RETVAL} -eq 0 ] && touch /var/lock/subsys/MailScanner.off
  eend ${RETVAL}

}

reload() { 

ebegin "Reloading MailScanner workers:"
  pid=`pidof -x MailScanner`
  if [ -n "$pid" ] ;
    then
    /bin/kill -HUP $pid
    eend $?
  else
    eend 1
  fi

} </pre>}} ~

SpamAssassin

Installing SpamAssassin is simple. Just emerge it.

emerge spamassassin

My MailScanner configuration had SpamAssassin enabled by default. Just in case your version doesn't. You can check the MailScanner.conf file and there should be a line as shown below.

Use SpamAssassin = yes

I restarted SpamAssassin and now looking at the result of

ps aux | grep MailScanner

I can see that MailScanner is “checking with SpamAssassin” so.. It's working right? Well this would be a good time to do another test e-mail to make sure your Exchange server is still getting E-Mail.

I changed the MailScanner.conf file to log Spam (Log Spam = Yes) and under “What to do with spam” in the MailScanner.conf I changed the action to forward the email an e-mail address. Just so I could see what was going on. (We actually forward all spam into an exchange public folder for my office, so it's easy to go and check peoples spam folder if we need to - which I'll do later). You will want to read http://www.mailscanner.info/MailScanner.conf.5.html#SpamAssassin for sure. Your setup is bound to be different from mine. Anyhow after doing this all types of spam started flooding into my test e-mail box. I later changed the forward to point to our company spam folder on exchange. There's a -TON- of options for SpamAssassin and you will want to explore them both through MailScanner's documentation and SpamAssassins own documentation.

Configure Bayes

Ohh Lookie! This is a fantastic idea http://gtmp.org/publications/sa-postfix-en

That fantastic idea didn't work so well.

So.. In Exchange 2003 I created a Public folder named “This is Spam” and set permissions to allow users to drag and drop E-Mail into this folder but not view the contents of the folder. Then setup courier-imap on my mail gateway with a spam and ham e-mail account. I've added those accounts as IMAP accounts into my Outlook. I can now drag and drop items into them. Then I created a cron job on my server to execute sa-learn on those imap mail folders..

/etc/cron.daily/sa-learn|<pre> #!/bin/bash sa-learn --spam /home/sa-learn-spam/.maildir/cur/ sa-learn --ham /home/sa-learn-ham/.maildir/cur/ </pre>

Web Control

http://sourceforge.net/projects/webuserprefs/

Configure Razor

Configure Pyzor

Configure DCC

NOTE -- Future

I'm testing options for SpamAssassin and will be for at least a week before I move forward with the rest of this.

ClamAV

Installing ClamAV was simple. There's probably more to it but at this point I just emerged it, downloaded the laitest DB, added it to the default boot level, then started it.. and told MailScanner about it. So..

emerge clamav freshclam rc-update add clamd default /etc/init.d/clamd start

then edit MailScanner.conf file and make sure “Virus Scanning” is set to “Yes” and “Virus Scanners” is either clamav or Auto

I'm sure I need to setup more stuff, like an update cron job. But I'm just getting this working then fine turning afterwords.

MailWatch

I downloaded MailWatch from their site. untar'd it into /opt/ and then just followed the directions provided on their website. It was fairly easy to setup. I did create a symbolic link /opt/mailwatch to the folder the tarball created ( /opt/mailwatch-1.0.4 ). I used the new quarintine methods as described in the installation documentation. I also added the cron job to delete messages after 60 days.

NTLM Authentication

We use a home-brew portal system here that has it's own user level security features and what not. Our system uses NTLM authentication for all users and when I tried to shove MailWatch inside out portal system it was really unhappy because it wanted to use it's own Basic Authentication scheme and then apache wasn't happy because it already authenticated the use with ntlm_auth. So… I modified the 'Authenticate' function inside of functions.php for MailWatch as shown below. This is work in progress and I currently just have it modified to accept the REMOTE_USER variable and ignore passwords.

Please note - this is just the Authenticate function an not the entire functions.php file. {{Box File|functions.php|<pre> function authenticate($security_level=false) { 

$user = $_SERVER['REMOTE_USER'];
$sql = sprintf("SELECT fullname, type FROM users WHERE username=%s", quote_smart($user));
$sth = dbquery($sql);
$result = mysql_fetch_row($sth);
if (isset($user) && mysql_num_rows($sth) > 0) {
  $GLOBALS['full_name'] = $result[0];
  $GLOBALS['user_type'] = $result[1];
  if($security_level) {
    if($GLOBALS['user_type'] <> $security_level) {
      html_start("Not authorised");
      echo "<TABLE CLASS=\"BOXTABLE\" WIDTH=100%><TR><TD><H1><FONT COLOR=\"RED\">Not Authorised</FONT></H1>Your are not authorised to view this page!.</TD></TR>\n";
      html_end();
      exit;
    }
  }
  // Filtering code
  if(check_username_format()) {
    $filters[] = $user;
  }
  $sql = "SELECT filter FROM user_filters WHERE active='Y' and username='$user'";
  $sth = dbquery($sql);
  if(mysql_num_rows($sth)>0) {
    while($row=mysql_fetch_array($sth)) {
      $filters[] = $row[0];
    }
  }
  if(count($filters)>0) {
    $GLOBALS['global_filter'] = address_filter_sql($filters,$GLOBALS['user_type']);
  } else {
    $GLOBALS['global_filter'] = "1=1";
  }
  return;
} else {
  trigger_error('Unable to Authenticate for MailWatch',E_USER_ERROR);
}

} </pre>}}

Tips ?

http://www.topdog.za.net/tips#mailwatch_improved_quarantine_release

MailArchiva

This has been moved to it's own how to - http://sqls.net/wiki/HOWTO:_Gentoo_Linux_E-Mail_Archiver_w/_MailArchiva_/_MS_Exchange_/_Postfix

Additional Reading

* http://footon.jheslop.com/howto/anti-virus-spam-howto.html ←- Found this recently, another howto on MailScanner w/ Gentoo * http://wiki.linuxquestions.org/wiki/Using_MailScanner/Postfix/SpamAssassin/ClamAV_in_Gentoo_Linux#What_is_ClamAV.3F Found this too! Very nice.

 
howto/gentoo_linux_e-mail_archiver_gateway_for_exchange_w_mailscanner_spamassassin_clamav_mailarchiva.txt · Last modified: 2010/08/25 10:55 by bruce
 
Except where otherwise noted, content on this wiki is licensed under the following license:CC Attribution-Noncommercial-Share Alike 3.0 Unported
Recent changes RSS feed Donate Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki