qmail Qmail-Scanner SpamAssassin インストール

SpamAssassin インストール
[root@centos ~]# yum -y install spamassassin
[root@centos ~]# yum -y install tnef
[root@centos ~]# yum -y install pcre-devel
maildrop install
[root@centos ~]# wget https://sourceforge.net/projects/courier/files/maildrop/2.5.2/maildrop-2.5.2.tar.bz2
[root@centos ~]# tar jxvf maildrop-2.5.2.tar.bz2
[root@centos ~]# cd maildrop-2.5.2
[root@centos ~]# ./configure
[root@centos ~]# make
[root@centos ~]# make install-strip
[root@centos ~]# make install-man
[root@centos ~]# cd
[root@centos ~]# rm -fr maildrop-2.5.2
[root@centos ~]# rm -f maildrop-2.5.2.tar.bz2
qmailqueue-patch
[root@centos ~]# cd /usr/local/src/qmail-1.03
[root@centos ~]# wget http://www.qmail.org/qmailqueue-patch
[root@centos ~]# patch < qmailqueue-patch
[root@centos ~]# svc -d /service/*
[root@centos ~]# make setup
[root@centos ~]# svc -u /service/*
[root@centos ~]# cd
perl-suidperl install
[root@centos ~]# yum -y install perl-suidperl
qmail-scanner install
[root@centos ~]# wget http://jaist.dl.sourceforge.net/sourceforge/qmail-scanner/qmail-scanner-2.08.tgz
[root@centos ~]# groupadd qscand
[root@centos ~]# useradd -d /tmp -g qscand -s /sbin/nologin -M qscand
[root@centos ~]# tar zxvf qmail-scanner-2.08.tgz
[root@centos ~]# cd qmail-scanner-2.08
[root@centos ~]# ./configure \
--admin postmaster \
--scanners clamdscan,verbose_spamassassin \
--add-dscr-hdrs yes \
--install


Building Qmail-Scanner 2.08...


                ***** NOTE ******

Qmail-Scanner doesn't have language translations for ja_JP.UTF-8,
- so defaulting to english...

[Hit <RETURN> to continue]



This script will search your system for the virus scanners it knows
about, and will ensure that all external programs
qmail-scanner-queue.pl uses are explicitly pathed for performance
reasons.

Continue? ([Y]/N) ←Enterキークリック


Something like spamc for SpamAssassin detected - but not correctly installed
(didn't include a "X-Spam-Status" line in output).
Please read Q-S FAQ if you want it - especially check that spamd daemon
is running. Ignoring...


Found tnef on your system! That means we'll be able to decode stupid
M$ attachments :-)


The following binaries and scanners were found on your system:

mimeunpacker=/usr/local/bin/reformime
tnef=/usr/bin/tnef

Content/Virus Scanners installed on your System

max-scan-size=100000000
clamdscan=/usr/bin/clamdscan (which means clamscan won't be used as clamdscan is better)

Qmail-Scanner details.

log-details=syslog
log-crypto=0
fix-mime=2
ignore-eol-check=0
debug=1
notify=psender,nmlvadm
redundant-scanning=yes
sa-tempfail=1
sa-faulttolerant=1
sa-maxsize=256000
virus-admin=System Anti-Virus Administrator <postmaster@centos.orz>
local-domains='host.centos.orz'
silent-viruses='klez','bugbear','hybris','yaha','braid','nimda','tanatos','sobig','winevar','palyh','fizzer','gibe','cailont',                                                                                                                                                                                               'lovelorn','swen','dumaru','sober','hawawi','holar-i','mimail','poffer','bagle','worm.galil','mydoom','worm.sco','tanx','novar                                                                                                                                                                                               g','\@mm'
scanners="clamdscan"

If that looks correct, I will now generate qmail-scanner-queue.pl
for your system...
Continue? ([Y]/N) ←Enterキークリック

Testing suid nature of /usr/local/bin/perl...
Looks OK...
Hit RETURN to create initial directory structure under /var/spool/qscan,
and install qmail-scanner-queue.pl under /var/qmail/bin:
perlscanner: generate new DB file from /var/spool/qscan/quarantine-events.txt
perlscanner: total of 12 entries.

Finished installation of initial directory structure for Qmail-Scanner
under /var/spool/qscan and qmail-scanner-queue.pl under /var/qmail/bin. ←Enterキークリック

Finished. Please read README(.html) and then go over the script
(/var/qmail/bin/qmail-scanner-queue.pl) to check paths/etc.

"/var/qmail/bin/qmail-scanner-queue.pl -r" should return some well-known virus
definitions to show that the internal perlscanner component is working.

That's it!



              ****** FINAL TEST ******

Please log into an unpriviledged account and run
/var/qmail/bin/qmail-scanner-queue.pl -g

If you see the error "Can't do setuid", or "Permission denied", then
refer to the FAQ.

(e.g.  "setuidgid qmaild /var/qmail/bin/qmail-scanner-queue.pl -g")


That's it! To report success:

   % (echo 'First M. Last'; cat SYSDEF)|mail jhaar-s4vstats@crom.trimble.co.nz
Replace First M. Last with your name.

[root@centos ~]# cd
[root@centos ~]# rm -fr qmail-scanner-2.08
[root@centos ~]# rm -f qmail-scanner-2.08.tgz
spamassassin start
[root@centos ~]# /etc/rc.d/init.d/spamassassin start
[root@centos ~]# chkconfig spamassassin on
qmail-scanner
[root@centos ~]# vi /etc/cron.daily/qmail-scanner
#!/bin/bash

rm -f /var/spool/qmailscan/quarantine/new/*
[root@centos ~]# chmod +x /etc/cron.daily/qmail-scanner [root@centos ~]# sed -i 's/^#.vbs/.vbs/g' /var/spool/qscan/quarantine-events.txt [root@centos ~]# sed -i 's/^#.lnk/.lnk/g' /var/spool/qscan/quarantine-events.txt [root@centos ~]# sed -i 's/^#.scr/.scr/g' /var/spool/qscan/quarantine-events.txt [root@centos ~]# sed -i 's/^#.wsh/.wsh/g' /var/spool/qscan/quarantine-events.txt [root@centos ~]# sed -i 's/^#.hta/.hta/g' /var/spool/qscan/quarantine-events.txt [root@centos ~]# sed -i 's/^#.pif/.pif/g' /var/spool/qscan/quarantine-events.txt [root@centos ~]# sed -i 's/^#.cpl/.cpl/g' /var/spool/qscan/quarantine-events.txt [root@centos ~]# sed -i 's/CPL files not allowed per Company security policy/CPL files not allowed per Company security policy\n.bat\tSIZE=-1\tBAT files not allowed per Company security policy\n.com\tSIZE=-1\tCOM files not allowed per Company security policy\n.exe\tSIZE=-1\tEXE files not allowed per Company security policy\n/g' /var/spool/qscan/quarantine-events.txt [root@centos ~]# vi /var/spool/qscan/quarantine-events.txt
.vbs	SIZE=-1	VBS files not allowed per Company security policy ←コメント解除
.lnk	SIZE=-1	LNK files not allowed per Company security policy ←コメント解除
.scr	SIZE=-1	SCR files not allowed per Company security policy ←コメント解除
.wsh	SIZE=-1	WSH files not allowed per Company security policy ←コメント解除
.hta	SIZE=-1	HTA files not allowed per Company security policy ←コメント解除
.pif	SIZE=-1	PIF files not allowed per Company security policy ←コメント解除
.cpl	SIZE=-1	CPL files not allowed per Company security policy ←コメント解除
.bat	SIZE=-1	BAT files not allowed per Company security policy ←追加
.com	SIZE=-1	COM files not allowed per Company security policy ←追加
.exe	SIZE=-1	EXE files not allowed per Company security policy ←追加
[root@centos ~]# /var/qmail/bin/qmail-scanner-queue.pl -g
spamassassin
[root@centos ~]# sed -i 's/^#loadplugin Mail::SpamAssassin::Plugin::TextCat/loadplugin Mail::SpamAssassin::Plugin::TextCat/g' /etc/mail/spamassassin/v310.pre
[root@centos ~]# vi /etc/mail/spamassassin/v310.pre
loadplugin Mail::SpamAssassin::Plugin::TextCat ←コメント解除
[root@centos ~]# vi /etc/cron.daily/spamassassin
#!/bin/bash

cd /etc/mail/spamassassin
wget -qN http://tlec.linux.or.jp/docs/user_prefs || wget -qN http://www.flcl.org/~yoh/user_prefs
cp user_prefs local.cf
cat << EOF >> local.cf
report_safe 0
rewrite_header Subject ***SPAM***
EOF
/etc/rc.d/init.d/spamassassin restart > /dev/null
[root@centos ~]# chmod +x /etc/cron.daily/spamassassin [root@centos ~]# /etc/cron.daily/spamassassin
spamassassin qmail-scanner
[root@centos ~]# vi /etc/sysconfig/spamassassin
# Options to spamd
SPAMDOPTIONS="-d -c -m5 -H"
↓
SPAMDOPTIONS="-d -c -m5 -H -u qscand" ←変更
qmail qmail-scanner
[root@centos ~]# vi /etc/tcp.smtp
127.:allow,RELAYCLIENT=""
:allow,QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl"
[root@centos ~]# tcprules /etc/tcp.smtp.cdb /etc/tcp.smtp.tmp < /etc/tcp.smtp [root@centos ~]# cd [root@centos ~]# vi /var/qmail/service/smtpd/run
#!/bin/sh

QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl"
export QMAILQUEUE
exec env - PATH="/var/qmail/bin:$PATH" \
envdir /etc/relay-ctrl relay-ctrl-chdir \
tcpserver -v -x /etc/tcp.smtp.cdb \
-R -H -l0 -u `id -u qmaild` -g `id -g qmaild` 0 smtp \
relay-ctrl-check \
qmail-smtpd 2>&1
[root@centos ~]# vi /var/qmail/service/smtpd_ssl/run
#!/bin/sh

QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl"
export QMAILQUEUE
exec env - PATH="/var/qmail/bin:$PATH" \
envdir /etc/relay-ctrl relay-ctrl-chdir \
tcpserver -v -s -x /etc/tcp.smtp.cdb \
-n /etc/pki/tls/certs/mail.pem \
-R -H -l0 -u `id -u qmaild` -g `id -g qmaild` 0 smtps \
relay-ctrl-check \
qmail-smtpd 2>&1
qmail restart
[root@centos ~]# svc -t /service/*
Procmail (POP)
[root@centos ~]# vi /etc/procmailrc
SHELL=/bin/bash
PATH=/bin:/usr/bin
DROPPRIVS=yes
MAILDIR=$HOME/Maildir
DEFAULT=$MAILDIR/
LOGFILE=$MAILDIR/procmail.log
#VERBOSE=ON # Detailed log output

# Mail including "Advertisement without consent *" ..subject.. is annulled.
:0
* ^Subject:.*=\?[Ii][Ss][Oo]-2022-[Jj][Pp]\?[Bb]\?GyRCTCQ\+NUJ6OS05cCIo
/dev/null

# Spamassassin is started when there is no "X-Spam-***" in the header.
:0fw
*!^X-Spam.*
|spamassassin
Home PageTop