Tuesday, May 13, 2008

Configuring FreeBSD Postfix Mailscanner and Mailwatch

Configuring Mailscanner Mailwatch and Postfix for FreeBSD

The Install guide is here

I have split the install guide and the configuration guide as they are pretty involved and might cause confusion if they where put together. I will start off with the easier stuff like clamav and then move on to spamassassin and postfix and then finally to mailscanner and mailwatch.

if you have not already read the Install Guide Which might be helpful to newcomers here is a summery of what has been installed.

Apache and php - this is for the Mailwatch web frontend.
Mysql - This is where mailscanner will log info and where your black and white lists will live.
Mailwatch - Mailwatch is the web front end to help monitor and manage Mailscanner.
Spamassassin - This is the system that checks the mail content looking for spam.
Clamav - the Antivirus scanner that Mailscaner will use
Mailscanner - The server that uses all of the above to keep your mail clean and spam free.

Ok now that that is over:

Configuring Clamav

to configure clamav cd /usr/local/etc/
you will see 2 files clamd.conf and freshclam.conf, you can leave them as default if you like but have a look at the files you will see a few handy options that including logging and setting virus update frequency.

To set freshclam to check for updates every hour
vi freshclam.conf

# Number of database checks per day.
# Default: 12 (every two hours)
Checks 24

here are some other handy options
# Log time with each message.
# Default: no
LogTime yes

# Enable verbose logging.
# Default: no
LogVerbose yes

# Use system logger (can work together with UpdateLogFile).
# Default: no
LogSyslog yes

Once you are happy with what you have configured save the file and vi /usr/local/etc/clamd.conf

Once again you can leave it as default but I would suggest maybe looking at some of the logging options.
# Log time with each message.
# Default: no
LogTime yes

# Also log clean files. Useful in debugging but drastically increases the
# log size.
# Default: no
LogClean yes

# Use system logger (can work together with LogFile).
# Default: no
LogSyslog yes

Spamassassin (sa-spamd)
You can leave this as is with no real changes what so ever. You can tweak it if you like or add new rules. One thing I would suggest is have a daily cronjob that runs sa-update or sa-update --nogpg
so update rules.

the mail config files for spamassassin are here /usr/local/etc/mail/spamassassin on Freebsd
and the rule files are here /usr/local/share/spamassassin

Postfix Configuration

I am assuming that you have at least the basic postfix know how. Although I will be adding a Postfix How-To at a later stage.

vi /usr/local/etc/postfix/main.cf

and add these lines

unknown_local_recipient_reject_code = 550

If your server does not know who the mail should be for then its pointless keeping the mail and trying again later which is what a 450 would do although a 450 is probably good for testing initially

bounce_notice_recipient = postmaster@yourdomain.com

Only add this if you want the usual postwaster notifies, although you will get a fair amount of useless mail its somehting that can help you detect a problem before others do.

bounce_queue_lifetime = 2d

If you do bouce a message back to notify someone that a particular address does not exist it will keep that notification for 2 days before discarding it. remember chances are 80% of the mail you get will be SPAM and you dont want to clog up your queues with undeliverable mail.


relay_domains = /usr/local/etc/postfix/relay_domains

These are the domains that you allow to relay i.e. your domains or your clients domains.
to add domains to the relay_domains file
cd /usr/local/etc/postfix
vi relay_domains and add a domain.com, domain2.com, domain3.com, domain4 etc. I find it seems to work best as 1 line rahter than say
domain.com,
domain2.com,
domain3.com,
domain4.com

Once you save the file type in postmap relay_domains
you will now see a relay_domains and relay_domains.db

transport_maps = hash:/usr/local/etc/postfix/transport

This is where the mail should go if its not local to the server. In this case the mailserver is a gate way so no mail is local to it at all.
to edit and add domains and mail servers here cd /usr/local/etc/postfix
then vi transport
add a domain and the server the mail for that domain should go to per line. as below

domain1.com smtp:[mail.domain1.com]
domain2.com smtp:[mail.domain2.com]
domain3.com smtp:[mail.domain3.com]
domain4.com smtp:[mail.domain4.com]

once again postmap the file.
postmap transport

header_checks = regexp:/usr/local/etc/postfix/header_checks hash_queue_depth = 2 hash_queue_names = incoming, hold defer deferred

These 3 are pretty much all related and has to do with how mailscanner handles mail.
Effectivly a mail arrives and is put into a hold queue then mailscanner scans the mail for spam or virus content then it is released.

Defer and defferred is a wait queue for delivery
and incoming is both and in and an out queue in this case from what I can recall basically active mail coming into the system or leaving the system.

vi header_checks
and simply add this

/^Received:/ HOLD

and write the file.

All this does is takes a new "Received" mail and puts it in the Hold queue.

As a part of the mailscanner postfix config you have to create your MailScanner queue directories
cd /var/spool
mkdir Mailscanner
mkdir Mailscanner/incoming
mkdir Mailscanner/quarantine
mkdir Mailscanner/spamassassin

Then set the permissions
As with most things Unix Permissions are pretty important.

chown root:daemon /var/spool/MailScanner
chown postfix:wheel /var/spool/MailScanner/incoming
chown root:www /var/spool/MailScanner/quarantine
chown postfix:postfix /var/spool/MailScanner/spamassassin

Mailscanner

cd /usr/local/etc/MailScanner
cp MailScanner.conf.sample to MailScanner.conf
vi MailScanner.conf
and check the config in there there are a few things you will have to change but most of it can be left as default at least until you are ready to start adding custom configs. the filre is pretty well documented.

some of the things you must change in MailScanner.conf
entries are examples
%org-name% = My Company Name

%org-long-name% = My Company Name

%web-site% = www.mycompany.com

%etc-dir% = /usr/local/etc/MailScanner

Just check the Paths:

%report-dir% = /usr/local/share/MailScanner/reports/en
%rules-dir% = /usr/local/etc/MailScanner/rules
%mcp-dir% = /usr/local/etc/MailScanner/mcp

More things that Must change

Run As User = postfix
Run As Group = postfix

Incoming Queue Dir = /var/spool/postfix/hold
Outgoing Queue Dir = /var/spool/postfix/incoming
Incoming Work Dir = /var/spool/MailScanner/incoming
Quarantine Dir = /var/spool/MailScanner/quarantine

MTA = postfix

Sendmail2 = /usr/sbin/sendmail

Incoming Work User = postfix
Incoming Work Group = wheel
Incoming Work Permissions = 0750
Quarantine User = root
Quarantine Group = www # set to www because of Mailwatch
Quarantine Permissions = 0660

most of the stuff below this is really just defaults I would suggest that you check paths etc to confirm that everything is there and in place.

When you are ready to start testing make sure that you tail the mail logs as it will help you to find any problems the errors you see should be pretty straight forward and will probably be related to incorrect directories or file permissions.

You might want to use Mailwatch's custom Black and White Lists.
see below

Is Definitely Not Spam = &SQLWhitelist
Is Definitely Spam = &SQLBlacklist
and further down the config file
Always Looked Up Last = &MailWatchLogging

Be sure to check Spamassassin directories in MailScanner.conf
e.g.
SpamAssassin Temporary Dir = /var/spool/MailScanner/incoming/SpamAssassin-Temp
SpamAssassin User State Dir = /usr/local/share/spamassassin
SpamAssassin Install Prefix = /usr/local/share/spamassassin
SpamAssassin Site Rules Dir = /usr/local/share/spamassassin
SpamAssassin Local Rules Dir = /usr/local/etc/mail/spamassassin
SpamAssassin Default Rules Dir = /usr/local/share/spamassassin

Check for the Subject changes as well
Here is an example:
Scanned Modify Subject = no # end
Scanned Subject Text = {Scanned}

If set to yes when mail arrives it will have a subject of " {Scanned} original subject."

You can also set your level of spam rules
Required SpamAssassin Score = 4
if its higher than a 4 its classified as spam
High SpamAssassin Score = 6
if its higher than a 6 its High scoring spam

You can also setup Bayes or the Bayesian engine in the /usr/local/etc/Mailscanner directory
vi spam.assassin.prefs.conf and check the following lines

Go here to get the Starter Bayes database

you are probably using Spamassassin version 3 so download Bayes Starter DB (FreeBSD SA 3.0)

Bayesian Filtering
use_bayes 1
bayes_path /usr/local/etc/MailScanner/bayes/bayes # be sure to create these directories and set the permissions.

bayes_file_mode 0660
# To disable bayes autolearn
bayes_auto_learn 1
# Change X-YOURDOMAIN-COM to match your %org-name% as
# set in MailScanner.conf

bayes_ignore_header Yourdomain-MailScanner
bayes_ignore_header Yourdomain-MailScanner-SpamCheck
bayes_ignore_header Yourdomain-MailScanner-SpamScore
bayes_ignore_header Yourdomain-MailScanner-Information


Mailwatch
Now that you have setup everything else, we will now setup Mailwatch, the Web frontend.

You have already downloaded it and extracted the file and moved it to the apache working directory, in this case /usr/local/www/mailwatch

Before you start check the INSTALL file for php4 settings that you have to change.
by default installing php4 or 5 on FreeBSD does not create a php.ini file although there will be a php.ini-dist and php.ini-recommended in /usr/local/etc/

simply cp php.ini-dist php.ini and change the following if they are different.
short_open_tag = On
safe_mode = Off
register_globals = Off
magic_quotes_gpc = On
magic_quotes_runtime = Off
session.auto_start = 0

If you have not already started the mysql server then go ahead and start it so long
/usr/local/etc/rc.d/mysql-server start
then in the mailwatch directory
type in the following
mysql <> GRANT ALL ON mailscanner.* TO mailwatch@localhost IDENTIFIED BY 'password';
mysql> GRANT FILE ON *.* TO mailwatch@localhost IDENTIFIED BY 'password';
mysql> FLUSH PRIVILEGES;

then quit
Now you setup the Mailwatch Web Admin user, you can log in with the details you supplied above.
# mysql mailscanner -u mailwatch -p
Enter password: ******
mysql> INSERT INTO users VALUES ('admin',md5('adminpassword'),'Admin','A','0','0','0','0','0');
and enter then quit.

No go ahead and edit MailWatch.pm and SQLBlackWhiteList.pm and change the $db_user and $db_pass values accordingly and move MailWatch.pm and SQLBlackWhiteList.pm to /usr/local/lib/MailScanner/MailScanner/CustomFunctions
cp MailWatch.pm /usr/local/lib/MailScanner/MailScanner/CustomFunctions/
cp SQLBlackWhiteList.pm /usr/local/lib/MailScanner/MailScanner/CustomFunctions/

Mailwatch.pm is in your Apache Working directory.

ok now cd to /usr/local/www/mailwatch/mailscanner
now you have to chmod and chown the images and images/cache directories
chown root:apache images
chown root:apache images/cache
chmod 775 images
chmod 775 images/cache

then copy conf.php.example to conf.php
and edit it.
be sure to change the following to whatever you set above.

define(DB_TYPE, 'mysql');
define(DB_USER, 'mailwatch');
define(DB_PASS, 'mailwatchpassword');
define(DB_HOST, 'localhost');
define(DB_NAME, 'mailscanner');

Check your paths in the conf.php file
// Paths
define(MAILWATCH_HOME, '/usr/local/www/data-dist/mailwatch/mailscanner');
define(MS_CONFIG_DIR, '/usr/local/etc/MailScanner/');
define(MS_LIB_DIR, '/usr/local/lib/MailScanner/');
define(CACHE_DIR, './images/cache/'); // JpGraph cache
define(TTF_DIR,'./jpgraph/fonts/'); // JpGraph fonts
define(SA_DIR,'/usr/local/bin/');
define(SA_RULES_DIR, '/usr/local/share/spamassassin/');
define(SA_PREFS, MS_CONFIG_DIR.'spam.assassin.prefs.conf');
define(FPDF_FONTPATH,'./fpdf/font/');

you can also set how long to keep messages in the Quarantine.
define(QUARANTINE_USE_FLAG, true);
define(QUARANTINE_DAYS_TO_KEEP, 7);

There are alot of other settings you can change more info can be seen here

Now all you have to do is setup apache.

Now all you have to do is start all the services and tail the maillog file and check if there are any errors.

tail -f /var/log/maillog

if you get an error like this
Could not use Custom Function code MailScanner::CustomConfig::InitSQLWhitelist, it could not be "eval"ed. Make sure the module is correct with perl -wc

then run
perl -MStorable -MDBI -MDBD::mysql -e 'print "OK\n";'
you will probably get this output

Can't locate DBD/mysql.pm in @INC (@INC contains: /usr/local/lib/perl5/5.8.8/BSDPAN /usr/local/lib/perl5/site_perl/5.8.8/mach /usr/local/lib/perl5/site_perl/5.8.8 /usr/local/lib/perl5/site_perl /usr/local/lib/perl5/5.8.8/mach /usr/local/lib/perl5/5.8.8 .).
BEGIN failed--compilation aborted.

If so cd /usr/ports/databases/p5-DBD-mysql
make install clean
the run
perl -MStorable -MDBI -MDBD::mysql -e 'print "OK\n";'
if all is ok you will see an OK

to test you can simply send a message i.e.
telnet 192.168.1.46 25
Trying 192.168.1.46...
Connected to 192.168.1.46.
Escape character is '^]'.
220 mailav01.test.com ESMTP Postfix (2.5.1)
ehlo mail.test.com
250-mailav01.test.com
250-PIPELINING
250-SIZE 512000000
250-VRFY
250-ETRN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
mail from:
250 2.1.0 Ok
rcpt to:
250 2.1.5 Ok
data
354 End data with .
test mail.
.
250 2.0.0 Ok: queued as 6CCCB5AF06E
quit
221 2.0.0 Bye
Connection closed by foreign host.

if all goes well you will see no errors and you should get your mail
also check here for FreeBSD tips regarding Mailwatch

2 comments:

Brandon Friedman said...

Hi

Followed you howto -
I noticed you never included the creation of the mysql database:
mysql < /usr/local/www/mailwatch/create.sql

I had to edit it to get it working.
However I am still not getting any logging into the sql database from mailscanner - checked permissions, ran db connection tests -all seems fine?

I am running Freebsd7 amd64
Regards
Brandon

The Help Guy said...

check if p5-DBI and p5-DBD-mysql is installed they can be found in /usr/ports/databases/

also you might want to tail -f /var/log/maillog you should see something about SQL in the log
and also set the debug options in Mailscanner.conf

Joe's Store