mysgmanual_ver5.0.1
DESCRIPTION
MySpam Guard User ManualTRANSCRIPT
-
MySpamGuard
InstallationManualversion5update0.1
OpenSourceCompetencyCentre(OSCC),MAMPU,LotE302304,EnterpriseBuilding3,63000Cyberjaya,Selangor.Tel:0383191200Fax:0383193206http://opensource.mampu.gov.myhttp://oscc.org.my/projects/ossspam
-
TableofContents
1. MySpamGuardIntroduction................................................................................... 1
2. MySpamGuardDiagram......................................................................................... 1
3. Prerequisites............................................................................................................ 1
4. HardwareRequirement........................................................................................... 1
5. SoftwareRequirement............................................................................................ 2
6. SuSELinux10.0Installation................................................................................... 2
7. PostfixConfiguration.............................................................................................. 3
8. ApachewithPHPsupportInstallation.................................................................... 4
9. MySQLInstallation................................................................................................ 4
10. MiscellaneousInstallation...................................................................................... 4
11. MailScannerInstallation......................................................................................... 5
12. ClamAVandSpamAssassinInstallation................................................................ 6
13. BayesianDatabaseInstallation............................................................................... 6
14. MailWatchInstallation........................................................................................... 7
15. WebminandMailScannermoduleInstallation...................................................... 9
16. MaintenanceofMySpamGuard.............................................................................. 9
17. ChangestoDomainNameServer........................................................................... 10
-
MySpamGuardIntroduction
ThisdocumentspecifythesystemrequirementandinstallationguidetosetupMySpamGuard,anopensourceantiSpamsolution.MySpamGuardconsolidatesoftwarewhichareavailableinpublicdomainasapowerfulandlowcostsolutionfororganizationseekingoptioninfightingSpam.ItconsistoftoolsforscanningmessagesforvirusandSpam,andreportingtoolsforadministrationandreporting.
MySpamGuardDiagram
Prerequisites
BasicknowledgeofLinux,Apache,MySQL,networkingandemailsystem.ThismanualisintendedforAdministratorwhowishtoimplementAntiSpamsolution,butitshouldbeeasyenoughforotherswhohadconsiderableLinuxexperience.
HardwareRequirement
ThehardwarerequirementforMySpamGuardisdependingonthenumberofprocessingdone.Themostimportantwillbetheprocessor,memoryanddiskspace.Setupexamplefor26,000messageperday: Pentium42.0GHz 1GBRAM 80GBharddisk
SoftwareRequirement
ThemainsoftwarecomponentofMySpamGuardisconsistofthelistbelow:
-
SuSELinux10.0 Postfix ApachewithPHPsupport MySQL MailScanner ClamAV SpamAssassin MailWatch WebminwithMailScannermodule
Note:Someofthecomponentwillrequireextrasoftwaretofunction.Thiswillbediscussininstallingdependenciessection.
SuSELinux10.0Installation
Followthisstepstoinstall.Moreinformationavailableat:
http://www.novell.com/documentation/suse10/index.html
Note:Transitionfromeachstepsdenoteclickingonthenextbutton.
1. InsertthefirstSuSELinuxCDortheDVDintothedrive.Thenrebootthecomputertostarttheinstallation.
2. Thebootscreendisplaysanumberofoptionsfortheinstallationprocedure.Toinstallthesystem,selectInstallation.Thisisthenormalinstallationmode,whichenableallmodernhardwarefunctions.TheactualSuSELinuxinstallationbeginswhentheYaSTinstallationprogramfinishedloading.Allbuttons,entryfieldsandlistsshouldbeavailableforaccesswiththemouseorthekeyboard.
3. Selectthelanguageyouwanttouse.
Note:YaSTandSUSELinuxingeneralcanbeconfiguredtousedifferentlanguagesaccordingtoyourneeds.Thelanguageselectedhereisalsousedforthekeyboardlayout.Inaddition,YaSTusesthelanguagesettingtoguessatimezoneforthesystemclock.Thesesettingscanbemodifiedlateralongwiththeselectionofsecondarylanguagestoinstallonyoursystem.
4. Chooseagreetothelicenseagreementtocontinuetheinstallation.Ifyoudonotagreetothelicense,theinstallationwillterminates.
5. SelectNewInstallationorUpdateanexistingsystem.Thefollowingsectionswilldescribeprocedureofinstallinganewsystem.
6. Selectyourregionandtimezonefromthelists.
7. Chooseyourdesktop,youcouldchoosebetweenKDEorGNOME.
8. Afterathoroughsystemanalysis,YaSTpresentsreasonablesuggestionsforallinstallation.ClickAcceptinthesuggestionwindowtobegintheinstallation.ConfirmwithInstallinthedialogthatopens.Theinstallationusuallytakesbetween15and30minutes,dependingonthe
-
systemperformanceandthesoftwareselected.Assoonasallpackagesareinstalled,YaSTbootsintothenewLinuxsystem,afterwhichyoucanconfigurethehardwareandsetupsystemservices.
9. Aftercompletingthebasicsystemsetupandtheinstallationofallselectedsoftwarepackages,provideapasswordfortheaccountofthesystemadministrator(therootuser).YoucanthenconfigureyourInternetaccessandnetworkconnection,onaDHCPnetworkthisissetautomatically.Youmaywanttoskipthenetworktesting,becauseitwillcheckforupdatewhichmighttakesometimetofinish.
10. SuSELinuxwilloffersfourpossibilitiesformanagingusersaccounts.PleaseselectLocalUserAdministrationforstandaloneserver,thisoptiongiveusersmanagementusingthelocalfile/etc/passwd.Thesystemwilloffertocreateausersaccounts,youmayskipthisifyoudon'twhattocreateany.Notethat,normaluserhavelimitedpermission,whichisgoodifyouallowmultipleuserstoaccessthemachine.
11. Aftercompletingtheuserauthenticationsetup,YaSTdisplaythereleasenotes.Readingthemisadvisedbecausetheycontainimportantuptodateinformationnotavailablewhenthemanualwereprinted.
12. Attheendoftheinstallation,YaSTopensadialogforconfigurationofthegraphicscardandotherhardwarecomponents.Forthemostpart,YaSTdetectsandconfiguresthedevicesautomatically,butyoumaychangeitifyouhaveotherpreferences.
13. SuSELinuxisnowinstalled.Enteryouloginandpasswordtostartusingthesystem.
PostfixConfiguration
Bydefault,postfixistheMTAforSuSELinux10.0.Youcangetmoreinformationaboutpostfixat:
http://www.postfix.org
MySpamGuardrequirepostfixwithavalidconfigurationtowork.Inthismanualwewillshowhowtoconfigurepostfixtorunasagatewayformailserverswithintheintranet.Themainconfigurationofpostifxisthefilemain.cf.Openthefilemain.cfwithyoufavoritetexteditorandeditthefollowingparameters.Weuseviinthisexample:
main.cfmyhostname=YOUR_HOST_NAMEEntertheFQDNofthehost.
main.cfinet_interface=YOUR_HOST_IP_ADDRESSrelayhost=[YOUR_MAIL_SERVER_IP_ADDRESS]Notethat,therelayhostvalueisintheform[host],whicheffectivelyturnsoffMXlookups.Ifyouhostingmorethatonemailserver,thenyouwillneedtousethetransport_mapsparameter.
main.cf
-
transport_maps=hash:/etc/postfix/transportOpenthefile/etc/postfix/transportandenterthevalueintheform:
DOMAIN1 smtp:[MAIL_SERVER1_IP_ADDRESS]DOMAIN2 smtp:[MAIL_SERVER2_IP_ADDRESS]
Thenrunthecommandpostmap/etc/postfix/transporttobuilddatabaseforthisentry.
Next,enabletheparameterheader_checks:
main.cfheader_checks=regexp:/etc/postfix/header_checksOpenthefile/etc/postfix/header_checksandenterthevalue:
/^Received:/HOLD
Thisentry,instructpostfixtodivertallincomingemailintoitsholddirectory.ThereasonforthiswillbeexplainlaterintheMailScannersection.
ApachewithPHPsupportInstallation
OpentheYaSTsoftwaremanagementandsearchforpackageusingthekeywordapache.Selectthepackagesbelowfromthelist:
1. apache22. apache2mod_php43. apache2prefork4. libapr0
Note:Installtheadditionalrequiredpackages.
Next,searchforpackageusingthekeywordphpandselectthethispackages:
1. php4curl2. php4gd3. php4mysql4. php4session5. php4zlib
MySQLInstallation
OpentheYaSTsoftwaremanagementandsearchforpackageusingthekeywordmysql.Selectthepackagesbelow:
1. mysql2. mysqlclient
Note:Accepttoinstallanydependencies.ItisrecommendedtosetapasswordfortherootuserofMySQL.Tosetthepasswordrunthiscommands:mysqladmin -u root passwordNEW _PASSWORD andmysqladmin -h localhost -u root password N EW_PASSWORD .
-
MiscellaneousInstallation
OpentheYaSTsoftwaremanagementandinstallthepackagegcc,zlibandzlibdevel.Accepttoinstallanydependencies.
MailScannerInstallation
MailScannerpackageisavailablefromitofficialwebsite:
http://www.sng.ecs.soton.ac.uk/mailscanner/
andalsoavailableat:
http://oscc.org.my/projects/oss-spam
Followthisstepstoinstall.1. Extractthetarballandexecutethefileinstall.sh.e.g.:
[root@linux]# tar -xzf MailScanner-4.51.6-1.rpm.tar.gz[root@linux]# cd MailScanner-4.51.6-1[root@linux]# sh install.sh
Theinstallationusuallytakesbetween5and15minutes.Itisadvisedtomonitortheprogressastherewillbealotofimportantmessagesdisplayedduringinstallation.
2. Afteritfinished,youneedtostoppostfixanddisableitsbootupscriptandletMailScannertostartonboot.Enterthiscommandintheconsole:
[root@linux]# rcpostfix stop[root@linux]# chkconfig postfix off [root@linux]# chkconfig MailScanner on
3. ChangethepermissionforMailScannerincomingandquarantinedirectorysothatitcanbewrittenintobytheuserpostfix.
[root@linux]# chown postfix.postfix /var/spool/MailScanner/incoming[root@linux]# chown postfix.www /var/spool/MailScanner/quarantine[root@linux]# chmod ug=rwx /var/spool/MailScanner/quarantine
Note:Thegroupforquarantinedirectoryissettowww(thesamegroupasapache),laterthiswillbeneededbyMailWatchtofunctionproperly.
4. Next,openthefile/etc/MailScanner/MailScanner.conf,thenfindtheparameterslistedbelow(lefthandside)andedittothevaluegiven:
MailScanner.conf%orgname%=YOUR_ORGANIZATION_SHORT_NAME%orglongname%=YOUR_ORGANIZATION_NAME%website%=YOUR_ORGANIZATION_WEBSITERunAsUser=postfixRunAsGroup=postfix
-
IncomingQueueDir=/var/spool/postfix/holdOutgoingQueueDir=/var/spool/postfix/incomingMTA=postfixTheincomingandoutgoingqueuedirectoriesiscorrespondtothepostfixdirectories,thistellMailScannerwheretofindmessagestoprocessandwheretoputitback.ItisimportantthatpostfixputallitsincomingmessagesintotheholddirectorybecauseMailScanneritselfdoesnothavethecapabilitiestodeliveramessagetotherecipients,itssolefunctionistoscanmessages.
ClamAVandSpamAssassinInstallation
ClamAVisavailablefordownloadfromitsofficialwebsite:
http://www.clamav.net
andSpamAssassinisavailableat:
http://spamassassin.apache.org
BothClamAVandSpamAssassinpackagesisalsoavailableasasingleeasytoinstallpackagefrom:
http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/install-Clam-SA.tar.gz
andalsoavailableat:
http://oscc.org.my/projects/oss-spam
Followthisstepstoinstall.1. Extractthetarballandexecutethefileinstall.sh.e.g.:
[root@linux]# tar -xzf install-Clam-SA.tar.gz[root@linux]# cd install-Clam-SA[root@linux]# sh install.sh
Theinstallationusuallytakesbetween5and15minutes.Itisadvisedtomonitortheprogressastherewillbealotofimportantmessagesdisplayedduringinstallation.
2. Again,openthefile/etc/MailScanner/MailScanner.conf,thenfindtheparameterslistedbelow(lefthandside)andedittothevaluegiven:
MailScanner.confVirusScanners=clamavUseSpamAssassin=yesSpamList=ORDBRBLSBL+XBL
BayesianDatabaseInstallation
ToincreasethecapabilitytocapturemoreSPAM,italwaysagoodideatousetheBayesianmethodwithSpamAssassin.BayesianmethodisaSpamfilteringtechniquewhichusesthe
-
Bayesianprobabilitytheorem.TheBayesengineisalreadybuiltininSpamAssassin,theonlythingtodoismakereadythedatabaseitself.Downloadtheinitialdatabasefrom:
http://www.fsl.com/support/bayes-Linux-SA-3.0-starter-db.tar.gz
or
http://oscc.org.my/projects/oss-spam
Followthisstepstoinstall.1. Extractthetarballintodirectory/etc/MailScanner,thenchangeitspermission:
[root@linux]# tar -xzf bayes-Linux-SA-3.0-starter-db.tar.gz -C /etc/MailScanner[root@linux]# chown -R root.www /etc/MailScanner/bayes/bayes_*[root@linux]# chmod g+rws /etc/MailScanner/bayes
2. Next,openthefile/etc/MailScanner/spam.assassin.prefs.conf,thenfindtheparameterslistedbelow(lefthandside)andedittothevaluegiven:
spam.assassin.prefs.confbayes_path/etc/MailScanner/bayes/bayesbayes_file_mode0770bayes_ignore_headerXYOURDOMAINCOMMailScannerbayes_ignore_headerXYOURDOMAINCOMMailScannerSpamCheckbayes_ignore_headerXYOURDOMAINCOMMailScannerSpamScorebayes_ignore_headerXYOURDOMAINCOMMailScannerInformationskip_rbl_checks 1ChangeXYOURDOMAINCOMtomatchyour%orgname%assetinMailScanner.conf
MailWatchInstallation
MailWatchisawebbasedfrontendforMailScanner.Itisavailablefordownloadfromitsofficialwebsite::
http://mailwatch.sourceforge.net
or
http://oscc.org.my/projects/oss-spam
Followthisstepstoinstall.1. Extractthetarballintothecurrentdirectory.Thencreatethemailscannerdatabaseusingthe
filecreate.sql.BeforeexecutingthecommandmakesuretheMySQLserverisrunning,ifyournotsurejustissuethecommandtorestart:
[root@linux]# rcmysql restart[root@linux]# tar -xzf mailwatch-1.0.3.tar.gz[root@linux]# cd mailwatch[root@linux]# ls[root@linux]# mysql -u root -p < create.sql
-
Tocheckthecreateddatabase,loginintoMySQLandusethecommandshow databases.
Note:Ifyoudidnotsetanypasswordfortherootuser,useonlythecommandmysql grant all on mailscanner.* to admin@localhost identified by 'PASSWORD';mysql> grant file on *.* to admin@localhost identified by 'PASSWORD';mysql> flush privileges;mysql> use mailscanner;mysql> insert into users values ('mailwatch', md5('PASSWORD'), 'Administrator', 'A', '', '', '', '', '');mysql> exit
TheGRANTcommandcreateandgavetheuseradminprivilegeonthemailscannerdatabaseandalsotheFILEprivilegeforthewholedatabaseserver.BothMailScannerandMailWatchwillusetheuseradmintoaccessthemailscannerdatabase.TheINSERTcommandcreateausernamedmailwatchasanadministratorfortheMailWatchwebsite.
3. Next,openthefileMailWatch.pmthenfindtheparameterslistedbelow(lefthandside)andedittothevaluegiven.CopythefileintoMailScanner'sprogramdirectory:
MailWatch.pmmy($db_user)='admin';my($db_pass)='PASSWORD';Usetheusernameandpasswordcreatedfromthepreviousstep.
[root@linux]# cp MailWatch.pm /usr/lib/MailScanner/MailScanner/CustomFunctions
4. Next,openthefile/etc/MailScanner/MailScanner.conf,thenfindtheparameterslistedbelow(lefthandside)andedittothevaluegiven:
MailScanner.confAlwaysLookedUpLast=&MailWatchLoggingQuarantineWholeMessage=yesQuarantineUser=rootQuarantineGroup=wwwQuarantinePermissions=0660SpamActions=storeHighScoringSpamActions=store
5. Next,copythemailscannerdirectorytotheapache'srootdirectory,thechangeitspermission:
[root@linux]# cp -r mailscanner /srv/www/htdocs[root@linux]# cd /srv/www/htdocs/mailscanner[root@linux]# chown root.www images[root@linux]# chown root.www images/cache[root@linux]# chmod ug+rwx images[root@linux]# chmod ug+rwx images/cache
-
6. Next,copythesampleconfigurationtothenameconf.phpthenopenitandfindtheparameterslistedbelowandeditaccordingly:
[root@linux]# cp conf.php.example conf.php
conf.phpdefine(DB_USER,'admin');define(DB_PASS,'PASSWORD');define(MAILWATCH_HOME,'/srv/www/htdocs/mailscanner');define(QUARANTINE_MAIL_HOST,'YOUR_HOST_IP_ADDRESS');define(MAILQ,false);Usetheusernameandpasswordcreatedfromthepreviousstep.
7. Next,youneedtoenablethequarantinefileautomaticcleanup.Thistopreventthequarantinefilesfromfillinguptheharddisk.Openthefileclean.quarantineinthe/etc/cron.dailydirectory,andenablethescriptbychangingitsvaluetozero:
[root@linux]# cd /etc/cron.daily
clean.quarantine$disable=0;
8. Next,refreshallservicesbyrestartingitsinstances:
[root@linux]# rcmysql restart[root@linux]# rcapache2 restart[root@linux]# rcMailScanner restart
9. LaunchanInternetbrowserandaccesstheMailWatchpageathttp://localhost/mailscanner.
WebminandMailScannermoduleInstallation
WebminisawebbasedfrontendforsystemadministrationofUnix/Linuxserver.Itisavailablefordownloadfromitsofficialwebsite:
http://www.webmin.com
TheMailScannermoduleforwebminisavailableat:
http://lushsoft.dyndns.org/mailscanner-webmin/
Bothpackagesisalsoavailablefordownloadat:
http://oscc.org.my/projects/oss-spam
Followthisstepstoinstall.1. Toinstall,simplyopenthefileusingYaSTorexecutetheRPMcommandtoinstall.
[root@linux]# rpm -iv webmin-1.260-1.noarch.rpm
-
2. Wheninstalled,Webminwillrunaserviceonport10000.Youmayaccesstheserviceusingawebbrowser(e.g.firefox)attheURLhttps://localhost:10000.Loginusingyourhostrootuseranditspassword.
3. UploadtheMailScannermoduleintoWebmin(theinstructorwillshowyouhow).TheMailScannercategorywillbeavailableimmediatelyundertheserversmenu.
4. ClickontheMailScannericonandfillintheinformationbelow:
FullpathtoMailScannerprogram=/usr/lib/MailScanner/FullpathandfilenameofMailScannerconfigfile=/etc/MailScanner/MailScanner.confFullpathtoMailScannerbindirectory=/usr/sbinFullpathandfilenamefortheMailScannerpidfile=/var/run/MailScanner.pidCommandtostartMailScanner=/usr/sbin/rcMailScannerstartCommandtostopMailScanner=/usr/sbin/rcMailScannerstop
MaintenanceofMySpamGuard
Thefollowingshouldbecheckedonaregularbasis:1. Networkconnection
TheAdministratorshouldverifytheserverisreachablefromthepublicnetworktoavoidserviceinterruption.Networkmonitoringisbeyondthescopeofthesemanual.
2. ServicesTheAdministratorshouldverifyallservicesisrunningallthetimetoavoidinterruption.Easiestwaytocheck,isbymonitoringthelistofopenedport.Notethat,MySpamGuardcomponentsopentheport25,80,3306and10000.AlocalprocesswillalsoberunningusingthenameMailWatchSQL.Issuethiscommandintheconsoletoseethelistofopenedports.
[root@linux]# netstat -ltpn
3. DiskspaceTheAdministratorshouldverifythatthereisalwaysfreespaceforallpartitionsintheserver.Rarely,thequarantinedirectorywillfillupspeciallyduringvirusandSpamoutbreak.OnethingtheAdministratorcandoisreducingthenumberofdaystokeepquarantinefilesintheclean.quarantinefileandexecutingthescriptmanually.
[root@linux]# perl clean.quarantine
4. LogfileTheAdministratorshouldcheckthelogfileregularlytomonitoranydiscrepancyintherunningsystem.ThemostimportantlogfileforMySpamGuardis/var/log/mail,almosttheentireactivitiesofMySpamGuardareloggedinthisfile.Itisadvisedtoregularlymonitorthecontentofthisfile.Tomonitorinrealtimeusethecommand:
[root@linux]# tail -f /var/log/mail
-
5. Update/patchesItismostimportanttokeepthepackagesuptodate.MostofMySpamGuardcomponentsareeasytoupdate.ThosepackageswhichincludedwithSuSELinuxaretheeasiestone,youmaydownloadandapplyupdateforthesepackagesautomaticallyusingYaST.Fortheothersrepeatingthesamestepsabovewilleffectivelyoverwritetheoldinstallation.Pleasemakebackupcopyofoldconfigurationsthatyouneedbeforeupgrading.
6. UpgradingMailScannerStableversionofMailScannerisusuallyreleasedonamonthlybasis.Itisrecommendedtokeepupwiththeseupdateregularlyalthoughthechangesaresometimesmallforeachconsecutivemonth,theremaybeimportantbugfixesinbetween.Toupdate,makebackupcopyofyourcurrentMailScanner
[root@linux]# cp -a /etc/MailScanner /etc/MailScanner.$(date +%Y%m%d)[root@linux]# cp -a /usr/lib/MailScanner /usr/lib/MailScanner.$(date +%Y%m%d)[root@linux]# cp -a /usr/sbin/MailScanner /usr/sbin/MailScanner.$(date +%Y%m%d)
Extractthelatestversionandruntheinstallscript.Then,runthecommandupgrade_MailScanner_confandupgrade_language_conf.Itwillexplainyouwhattodo.
ChangesonDomainNameServer
MailsystemsdependonDNStorelayemailontheInternet.TheSMTPcommunicationbetweentwoserversisdonebytheMTAsuchaspostfixinthoseservers.WhenanMTAwanttosendamessagetotheotherMTA,itfirstcheckfromtheDNSfortheMXrecordofitsdestination.IfMXrecorddoesnotexistthenitwillreverttousingtheArecord.ThisfacilitymakesiteasytointerceptmessagesforfilteringwithtoolssuchasMySpamGuard.ItisrecommendedthatanMXrecordisaddedtotheDNSwhenworkingwithMySpamGuard.BelowareexampleofDNSentryinaMySpamGuardprotectedenvironmentforthedomainexample.org.my.
DNSentryexample.org.my IN MX 10mysg.example.org.my.
mail IN A 210.187.27.99mysg IN A 210.187.27.100
IfyousetMySpamGuardasprimaryMXserverintheDNS,youwillalsoneedtousetheparametertransport_maps = hash:/etc/postfix/transport(pleaserefertoPostfixConfigurationsection).