In the world of mail servers, MailScanner is one of the best open source software for virus scanning and spam detection. MailScanner relies on pre-installed anti-virus and anti-spam software to check incoming and outgoing emails for malicious content or patterns of spamming. This makes sure that the mail server does not participate in the distribution of malware and unsolicited spam emails. It also helps preventing the mail server IP from becoming blacklisted, keeping the mail server records clean.
This tutorial will focus on setting up MailScanner along with Clam Antivirus and SpamAssassin in a CentOS system. The procedure should work on RHEL as well. If you are interested in setting up this system on Ubuntu, refer to this tutorial instead.
Installing MailScanner is a lengthy process, but going forward step by step should make the deployment process easy.
Preparing the System
Before we start doing anything, it should be mentioned that SELinux is disabled on CentOS. Configuring SELinux for MailScanner is beyond the scope of this tutorial. It is also necessary to add Repoforge repository on CentOS.
yum is used to install packages that are required for MailScanner. The list is long, but fortunately yum can resolve all the dependencies.
Installing ClamAV and SpamAssassin
yum can be used to install ClamAV and SpamAssassin as well. The following few steps cover how to install and prepare them.
Update and start SpamAssassin.
# service spamassassin start
# chkconfig spamassassin on
Fix a path to MailScanner by creating a symbolic link.
Postfix is stopped and disabled on start-up. Postfix should not auto-start because the MailScanner service will be responsible for invoking Postfix whenever necessary.
# chkconfig postfix off
Postfix header_checks is used to hold any incoming email that Postfix receives. MailScanner performs checks on the emails held in a queue.
## This line is added ## header_checks = regexp:/etc/postfix/header_checks
## This line is added ## /^Received:/ HOLD
MailScanner is not yet available in CentOS or Repoforge repositories. We will download packages from the official MailScanner site and install it.
Now we will extract and install the packages. The installation will take some time, so you can take a break if you want.
# cd MailScanner-4.84.6-1
After installation, the directories necessary for SpamAssassin are created and permissions are modified.
# chown postfix /var/spool/MailScanner/spamassassin
# chown postfix /var/spool/MailScanner/incoming/*
Next, the configuration file for MailScanner is backed up and then modified.
%org-name% = test CentOS Mail Server %org-long-name% = ORGFULLNAME %web-site% = ORG WEBSITE Run As User = postfix Run As Group = postfix MTA = postfix Incoming Queue Dir = /var/spool/postfix/hold Outgoing Queue Dir = /var/spool/postfix/incoming Virus Scanners = clamav ## please check /etc/MailScanner/spam.lists.conf for more details ## Spam List = SBL+XBL ## the directory created earlier ## SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin
At this point, MailScanner is ready. We can initialize the service.
Debug MailScanner stats before firing up.
# chkconfig MailScanner on
Verifying MailScanner Operation
After MailScanner has been deployed, the events that take place behind the scenes can be viewed in /var/log/maillog. The following log snippet shows the sample activities while a mail is processed by Postfix.
Mar 8 03:12:15 centos postfix/pickup: 79F6D1391: uid=0 from=
Mar 8 03:12:15 centos postfix/cleanup: 79F6D1391: hold: header Received: by mail.example.tst (Postfix, from userid 0)??id 79F6D1391; Sat, 8 Mar 2014 03:12:15 +0600 (BDT) from local; from= to= Mar 8 03:12:15 centos postfix/cleanup: 79F6D1391: message-id=<20140307211215.79F6D1391@mail.example.tst> Mar 8 03:12:16 centos MailScanner: New Batch: Scanning 1 messages, 668 bytes Mar 8 03:12:16 centos MailScanner: Virus and Content Scanning: Starting Mar 8 03:12:22 centos MailScanner: Requeue: 79F6D1391.AA526 to 0FA2E139C Mar 8 03:12:22 centos MailScanner: Uninfected: Delivered 1 messages Mar 8 03:12:22 centos postfix/qmgr: 0FA2E139C: from= , size=442, nrcpt=1 (queue active) Mar 8 03:12:22 centos MailScanner: Deleted 1 messages from processing-database Mar 8 03:12:22 centos postfix/local: 0FA2E139C: to= , relay=local, delay=6.8, delays=6.7/0.01/0/0.07, dsn=2.0.0, status=sent (delivered to mailbox) Mar 8 03:12:22 centos postfix/qmgr: 0FA2E139C: removed
The above process can be summarized as:
- As instructed, Postfix holds the mail upon receipt.
- MailScanner swoops in and scans the email in queue.
- MailScanner re queues the email and hands it over back to Postfix.
- Postfix processes the email as necessary and delivers the mail to recipient.
On a finishing note, MailScanner is a very powerful tool for providing necessary security to a mail server. It can protect the mail server from malware for both incoming and outgoing mails. It is a must for any email server deployed in production environment.
This tutorial covered setting up MailScanner with basic configuration. The parameters of MailScanner as well as SpamAssassin and ClamAV can be customized to meet the requirements of the production environment.
Hope this helps.
Subscribe to Xmodulo
Do you want to receive Linux FAQs, detailed tutorials and tips published at Xmodulo? Enter your email address below, and we will deliver our Linux posts straight to your email box, for free. Delivery powered by Google Feedburner.