MySpamGuard

InstallationManualversion5update0.1

OpenSourceCompetencyCentre(OSCC),MAMPU,LotE302304,EnterpriseBuilding3,63000Cyberjaya,Selangor.Tel:0383191200Fax:0383193206http://opensource.mampu.gov.myhttp://oscc.org.my/projects/ossspam

TableofContents

1. MySpamGuardIntroduction................................................................................... 1

2. MySpamGuardDiagram......................................................................................... 1

3. Prerequisites............................................................................................................ 1

4. HardwareRequirement........................................................................................... 1

5. SoftwareRequirement............................................................................................ 2

6. SuSELinux10.0Installation................................................................................... 2

7. PostfixConfiguration.............................................................................................. 3

8. ApachewithPHPsupportInstallation.................................................................... 4

9. MySQLInstallation................................................................................................ 4

10. MiscellaneousInstallation...................................................................................... 4

11. MailScannerInstallation......................................................................................... 5

12. ClamAVandSpamAssassinInstallation................................................................ 6

13. BayesianDatabaseInstallation............................................................................... 6

14. MailWatchInstallation........................................................................................... 7

15. WebminandMailScannermoduleInstallation...................................................... 9

16. MaintenanceofMySpamGuard.............................................................................. 9

17. ChangestoDomainNameServer........................................................................... 10

MySpamGuardIntroduction

ThisdocumentspecifythesystemrequirementandinstallationguidetosetupMySpamGuard,anopensourceantiSpamsolution.MySpamGuardconsolidatesoftwarewhichareavailableinpublicdomainasapowerfulandlowcostsolutionfororganizationseekingoptioninfightingSpam.ItconsistoftoolsforscanningmessagesforvirusandSpam,andreportingtoolsforadministrationandreporting.

MySpamGuardDiagram

Prerequisites

BasicknowledgeofLinux,Apache,MySQL,networkingandemailsystem.ThismanualisintendedforAdministratorwhowishtoimplementAntiSpamsolution,butitshouldbeeasyenoughforotherswhohadconsiderableLinuxexperience.

HardwareRequirement

ThehardwarerequirementforMySpamGuardisdependingonthenumberofprocessingdone.Themostimportantwillbetheprocessor,memoryanddiskspace.Setupexamplefor26,000messageperday: Pentium42.0GHz 1GBRAM 80GBharddisk

SoftwareRequirement

ThemainsoftwarecomponentofMySpamGuardisconsistofthelistbelow:

SuSELinux10.0 Postfix ApachewithPHPsupport MySQL MailScanner ClamAV SpamAssassin MailWatch WebminwithMailScannermodule

Note:Someofthecomponentwillrequireextrasoftwaretofunction.Thiswillbediscussininstallingdependenciessection.

SuSELinux10.0Installation

Followthisstepstoinstall.Moreinformationavailableat:

http://www.novell.com/documentation/suse10/index.html

Note:Transitionfromeachstepsdenoteclickingonthenextbutton.

1. InsertthefirstSuSELinuxCDortheDVDintothedrive.Thenrebootthecomputertostarttheinstallation.

2. Thebootscreendisplaysanumberofoptionsfortheinstallationprocedure.Toinstallthesystem,selectInstallation.Thisisthenormalinstallationmode,whichenableallmodernhardwarefunctions.TheactualSuSELinuxinstallationbeginswhentheYaSTinstallationprogramfinishedloading.Allbuttons,entryfieldsandlistsshouldbeavailableforaccesswiththemouseorthekeyboard.

3. Selectthelanguageyouwanttouse.

Note:YaSTandSUSELinuxingeneralcanbeconfiguredtousedifferentlanguagesaccordingtoyourneeds.Thelanguageselectedhereisalsousedforthekeyboardlayout.Inaddition,YaSTusesthelanguagesettingtoguessatimezoneforthesystemclock.Thesesettingscanbemodifiedlateralongwiththeselectionofsecondarylanguagestoinstallonyoursystem.

4. Chooseagreetothelicenseagreementtocontinuetheinstallation.Ifyoudonotagreetothelicense,theinstallationwillterminates.

5. SelectNewInstallationorUpdateanexistingsystem.Thefollowingsectionswilldescribeprocedureofinstallinganewsystem.

6. Selectyourregionandtimezonefromthelists.

7. Chooseyourdesktop,youcouldchoosebetweenKDEorGNOME.

8. Afterathoroughsystemanalysis,YaSTpresentsreasonablesuggestionsforallinstallation.ClickAcceptinthesuggestionwindowtobegintheinstallation.ConfirmwithInstallinthedialogthatopens.Theinstallationusuallytakesbetween15and30minutes,dependingonthe

systemperformanceandthesoftwareselected.Assoonasallpackagesareinstalled,YaSTbootsintothenewLinuxsystem,afterwhichyoucanconfigurethehardwareandsetupsystemservices.

9. Aftercompletingthebasicsystemsetupandtheinstallationofallselectedsoftwarepackages,provideapasswordfortheaccountofthesystemadministrator(therootuser).YoucanthenconfigureyourInternetaccessandnetworkconnection,onaDHCPnetworkthisissetautomatically.Youmaywanttoskipthenetworktesting,becauseitwillcheckforupdatewhichmighttakesometimetofinish.

10. SuSELinuxwilloffersfourpossibilitiesformanagingusersaccounts.PleaseselectLocalUserAdministrationforstandaloneserver,thisoptiongiveusersmanagementusingthelocalfile/etc/passwd.Thesystemwilloffertocreateausersaccounts,youmayskipthisifyoudon'twhattocreateany.Notethat,normaluserhavelimitedpermission,whichisgoodifyouallowmultipleuserstoaccessthemachine.

11. Aftercompletingtheuserauthenticationsetup,YaSTdisplaythereleasenotes.Readingthemisadvisedbecausetheycontainimportantuptodateinformationnotavailablewhenthemanualwereprinted.

12. Attheendoftheinstallation,YaSTopensadialogforconfigurationofthegraphicscardandotherhardwarecomponents.Forthemostpart,YaSTdetectsandconfiguresthedevicesautomatically,butyoumaychangeitifyouhaveotherpreferences.

13. SuSELinuxisnowinstalled.Enteryouloginandpasswordtostartusingthesystem.

PostfixConfiguration

Bydefault,postfixistheMTAforSuSELinux10.0.Youcangetmoreinformationaboutpostfixat:

http://www.postfix.org

MySpamGuardrequirepostfixwithavalidconfigurationtowork.Inthismanualwewillshowhowtoconfigurepostfixtorunasagatewayformailserverswithintheintranet.Themainconfigurationofpostifxisthefilemain.cf.Openthefilemain.cfwithyoufavoritetexteditorandeditthefollowingparameters.Weuseviinthisexample:

main.cfmyhostname=YOUR_HOST_NAMEEntertheFQDNofthehost.

main.cfinet_interface=YOUR_HOST_IP_ADDRESSrelayhost=[YOUR_MAIL_SERVER_IP_ADDRESS]Notethat,therelayhostvalueisintheform[host],whicheffectivelyturnsoffMXlookups.Ifyouhostingmorethatonemailserver,thenyouwillneedtousethetransport_mapsparameter.

main.cf

transport_maps=hash:/etc/postfix/transportOpenthefile/etc/postfix/transportandenterthevalueintheform:

DOMAIN1 smtp:[MAIL_SERVER1_IP_ADDRESS]DOMAIN2 smtp:[MAIL_SERVER2_IP_ADDRESS]

Thenrunthecommandpostmap/etc/postfix/transporttobuilddatabaseforthisentry.

Next,enabletheparameterheader_checks:

main.cfheader_checks=regexp:/etc/postfix/header_checksOpenthefile/etc/postfix/header_checksandenterthevalue:

/^Received:/HOLD

Thisentry,instructpostfixtodivertallincomingemailintoitsholddirectory.ThereasonforthiswillbeexplainlaterintheMailScannersection.

ApachewithPHPsupportInstallation

OpentheYaSTsoftwaremanagementandsearchforpackageusingthekeywordapache.Selectthepackagesbelowfromthelist:

1. apache22. apache2mod_php43. apache2prefork4. libapr0

Note:Installtheadditionalrequiredpackages.

Next,searchforpackageusingthekeywordphpandselectthethispackages:

1. php4curl2. php4gd3. php4mysql4. php4session5. php4zlib

MySQLInstallation

OpentheYaSTsoftwaremanagementandsearchforpackageusingthekeywordmysql.Selectthepackagesbelow:

1. mysql2. mysqlclient

Note:Accepttoinstallanydependencies.ItisrecommendedtosetapasswordfortherootuserofMySQL.Tosetthepasswordrunthiscommands:mysqladmin -u root passwordNEW _PASSWORD andmysqladmin -h localhost -u root password N EW_PASSWORD .

MiscellaneousInstallation

OpentheYaSTsoftwaremanagementandinstallthepackagegcc,zlibandzlibdevel.Accepttoinstallanydependencies.

MailScannerInstallation

MailScannerpackageisavailablefromitofficialwebsite:

http://www.sng.ecs.soton.ac.uk/mailscanner/

andalsoavailableat:

http://oscc.org.my/projects/oss-spam

Followthisstepstoinstall.1. Extractthetarballandexecutethefileinstall.sh.e.g.:

[root@linux]# tar -xzf MailScanner-4.51.6-1.rpm.tar.gz[root@linux]# cd MailScanner-4.51.6-1[root@linux]# sh install.sh

Theinstallationusuallytakesbetween5and15minutes.Itisadvisedtomonitortheprogressastherewillbealotofimportantmessagesdisplayedduringinstallation.

2. Afteritfinished,youneedtostoppostfixanddisableitsbootupscriptandletMailScannertostartonboot.Enterthiscommandintheconsole:

[root@linux]# rcpostfix stop[root@linux]# chkconfig postfix off [root@linux]# chkconfig MailScanner on

3. ChangethepermissionforMailScannerincomingandquarantinedirectorysothatitcanbewrittenintobytheuserpostfix.

[root@linux]# chown postfix.postfix /var/spool/MailScanner/incoming[root@linux]# chown postfix.www /var/spool/MailScanner/quarantine[root@linux]# chmod ug=rwx /var/spool/MailScanner/quarantine

Note:Thegroupforquarantinedirectoryissettowww(thesamegroupasapache),laterthiswillbeneededbyMailWatchtofunctionproperly.

4. Next,openthefile/etc/MailScanner/MailScanner.conf,thenfindtheparameterslistedbelow(lefthandside)andedittothevaluegiven:

MailScanner.conf%orgname%=YOUR_ORGANIZATION_SHORT_NAME%orglongname%=YOUR_ORGANIZATION_NAME%website%=YOUR_ORGANIZATION_WEBSITERunAsUser=postfixRunAsGroup=postfix

IncomingQueueDir=/var/spool/postfix/holdOutgoingQueueDir=/var/spool/postfix/incomingMTA=postfixTheincomingandoutgoingqueuedirectoriesiscorrespondtothepostfixdirectories,thistellMailScannerwheretofindmessagestoprocessandwheretoputitback.ItisimportantthatpostfixputallitsincomingmessagesintotheholddirectorybecauseMailScanneritselfdoesnothavethecapabilitiestodeliveramessagetotherecipients,itssolefunctionistoscanmessages.

ClamAVandSpamAssassinInstallation

ClamAVisavailablefordownloadfromitsofficialwebsite:

http://www.clamav.net

andSpamAssassinisavailableat:

http://spamassassin.apache.org

BothClamAVandSpamAssassinpackagesisalsoavailableasasingleeasytoinstallpackagefrom:

http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/install-Clam-SA.tar.gz

andalsoavailableat:

http://oscc.org.my/projects/oss-spam

Followthisstepstoinstall.1. Extractthetarballandexecutethefileinstall.sh.e.g.:

[root@linux]# tar -xzf install-Clam-SA.tar.gz[root@linux]# cd install-Clam-SA[root@linux]# sh install.sh

Theinstallationusuallytakesbetween5and15minutes.Itisadvisedtomonitortheprogressastherewillbealotofimportantmessagesdisplayedduringinstallation.

2. Again,openthefile/etc/MailScanner/MailScanner.conf,thenfindtheparameterslistedbelow(lefthandside)andedittothevaluegiven:

MailScanner.confVirusScanners=clamavUseSpamAssassin=yesSpamList=ORDBRBLSBL+XBL

BayesianDatabaseInstallation

ToincreasethecapabilitytocapturemoreSPAM,italwaysagoodideatousetheBayesianmethodwithSpamAssassin.BayesianmethodisaSpamfilteringtechniquewhichusesthe

Bayesianprobabilitytheorem.TheBayesengineisalreadybuiltininSpamAssassin,theonlythingtodoismakereadythedatabaseitself.Downloadtheinitialdatabasefrom:

http://www.fsl.com/support/bayes-Linux-SA-3.0-starter-db.tar.gz

or

http://oscc.org.my/projects/oss-spam

Followthisstepstoinstall.1. Extractthetarballintodirectory/etc/MailScanner,thenchangeitspermission:

[root@linux]# tar -xzf bayes-Linux-SA-3.0-starter-db.tar.gz -C /etc/MailScanner[root@linux]# chown -R root.www /etc/MailScanner/bayes/bayes_*[root@linux]# chmod g+rws /etc/MailScanner/bayes

2. Next,openthefile/etc/MailScanner/spam.assassin.prefs.conf,thenfindtheparameterslistedbelow(lefthandside)andedittothevaluegiven:

spam.assassin.prefs.confbayes_path/etc/MailScanner/bayes/bayesbayes_file_mode0770bayes_ignore_headerXYOURDOMAINCOMMailScannerbayes_ignore_headerXYOURDOMAINCOMMailScannerSpamCheckbayes_ignore_headerXYOURDOMAINCOMMailScannerSpamScorebayes_ignore_headerXYOURDOMAINCOMMailScannerInformationskip_rbl_checks 1ChangeXYOURDOMAINCOMtomatchyour%orgname%assetinMailScanner.conf

MailWatchInstallation

MailWatchisawebbasedfrontendforMailScanner.Itisavailablefordownloadfromitsofficialwebsite::

http://mailwatch.sourceforge.net

or

http://oscc.org.my/projects/oss-spam

Followthisstepstoinstall.1. Extractthetarballintothecurrentdirectory.Thencreatethemailscannerdatabaseusingthe

filecreate.sql.BeforeexecutingthecommandmakesuretheMySQLserverisrunning,ifyournotsurejustissuethecommandtorestart:

[root@linux]# rcmysql restart[root@linux]# tar -xzf mailwatch-1.0.3.tar.gz[root@linux]# cd mailwatch[root@linux]# ls[root@linux]# mysql -u root -p < create.sql

Tocheckthecreateddatabase,loginintoMySQLandusethecommandshow databases.

Note:Ifyoudidnotsetanypasswordfortherootuser,useonlythecommandmysql grant all on mailscanner.* to admin@localhost identified by 'PASSWORD';mysql> grant file on *.* to admin@localhost identified by 'PASSWORD';mysql> flush privileges;mysql> use mailscanner;mysql> insert into users values ('mailwatch', md5('PASSWORD'), 'Administrator', 'A', '', '', '', '', '');mysql> exit

TheGRANTcommandcreateandgavetheuseradminprivilegeonthemailscannerdatabaseandalsotheFILEprivilegeforthewholedatabaseserver.BothMailScannerandMailWatchwillusetheuseradmintoaccessthemailscannerdatabase.TheINSERTcommandcreateausernamedmailwatchasanadministratorfortheMailWatchwebsite.

3. Next,openthefileMailWatch.pmthenfindtheparameterslistedbelow(lefthandside)andedittothevaluegiven.CopythefileintoMailScanner'sprogramdirectory:

MailWatch.pmmy($db_user)='admin';my($db_pass)='PASSWORD';Usetheusernameandpasswordcreatedfromthepreviousstep.

[root@linux]# cp MailWatch.pm /usr/lib/MailScanner/MailScanner/CustomFunctions

4. Next,openthefile/etc/MailScanner/MailScanner.conf,thenfindtheparameterslistedbelow(lefthandside)andedittothevaluegiven:

MailScanner.confAlwaysLookedUpLast=&MailWatchLoggingQuarantineWholeMessage=yesQuarantineUser=rootQuarantineGroup=wwwQuarantinePermissions=0660SpamActions=storeHighScoringSpamActions=store

5. Next,copythemailscannerdirectorytotheapache'srootdirectory,thechangeitspermission:

[root@linux]# cp -r mailscanner /srv/www/htdocs[root@linux]# cd /srv/www/htdocs/mailscanner[root@linux]# chown root.www images[root@linux]# chown root.www images/cache[root@linux]# chmod ug+rwx images[root@linux]# chmod ug+rwx images/cache

6. Next,copythesampleconfigurationtothenameconf.phpthenopenitandfindtheparameterslistedbelowandeditaccordingly:

[root@linux]# cp conf.php.example conf.php

conf.phpdefine(DB_USER,'admin');define(DB_PASS,'PASSWORD');define(MAILWATCH_HOME,'/srv/www/htdocs/mailscanner');define(QUARANTINE_MAIL_HOST,'YOUR_HOST_IP_ADDRESS');define(MAILQ,false);Usetheusernameandpasswordcreatedfromthepreviousstep.

7. Next,youneedtoenablethequarantinefileautomaticcleanup.Thistopreventthequarantinefilesfromfillinguptheharddisk.Openthefileclean.quarantineinthe/etc/cron.dailydirectory,andenablethescriptbychangingitsvaluetozero:

[root@linux]# cd /etc/cron.daily

clean.quarantine$disable=0;

8. Next,refreshallservicesbyrestartingitsinstances:

[root@linux]# rcmysql restart[root@linux]# rcapache2 restart[root@linux]# rcMailScanner restart

9. LaunchanInternetbrowserandaccesstheMailWatchpageathttp://localhost/mailscanner.

WebminandMailScannermoduleInstallation

WebminisawebbasedfrontendforsystemadministrationofUnix/Linuxserver.Itisavailablefordownloadfromitsofficialwebsite:

http://www.webmin.com

TheMailScannermoduleforwebminisavailableat:

http://lushsoft.dyndns.org/mailscanner-webmin/

Bothpackagesisalsoavailablefordownloadat:

http://oscc.org.my/projects/oss-spam

Followthisstepstoinstall.1. Toinstall,simplyopenthefileusingYaSTorexecutetheRPMcommandtoinstall.

[root@linux]# rpm -iv webmin-1.260-1.noarch.rpm

2. Wheninstalled,Webminwillrunaserviceonport10000.Youmayaccesstheserviceusingawebbrowser(e.g.firefox)attheURLhttps://localhost:10000.Loginusingyourhostrootuseranditspassword.

3. UploadtheMailScannermoduleintoWebmin(theinstructorwillshowyouhow).TheMailScannercategorywillbeavailableimmediatelyundertheserversmenu.

4. ClickontheMailScannericonandfillintheinformationbelow:

FullpathtoMailScannerprogram=/usr/lib/MailScanner/FullpathandfilenameofMailScannerconfigfile=/etc/MailScanner/MailScanner.confFullpathtoMailScannerbindirectory=/usr/sbinFullpathandfilenamefortheMailScannerpidfile=/var/run/MailScanner.pidCommandtostartMailScanner=/usr/sbin/rcMailScannerstartCommandtostopMailScanner=/usr/sbin/rcMailScannerstop

MaintenanceofMySpamGuard

Thefollowingshouldbecheckedonaregularbasis:1. Networkconnection

TheAdministratorshouldverifytheserverisreachablefromthepublicnetworktoavoidserviceinterruption.Networkmonitoringisbeyondthescopeofthesemanual.

2. ServicesTheAdministratorshouldverifyallservicesisrunningallthetimetoavoidinterruption.Easiestwaytocheck,isbymonitoringthelistofopenedport.Notethat,MySpamGuardcomponentsopentheport25,80,3306and10000.AlocalprocesswillalsoberunningusingthenameMailWatchSQL.Issuethiscommandintheconsoletoseethelistofopenedports.

[root@linux]# netstat -ltpn

3. DiskspaceTheAdministratorshouldverifythatthereisalwaysfreespaceforallpartitionsintheserver.Rarely,thequarantinedirectorywillfillupspeciallyduringvirusandSpamoutbreak.OnethingtheAdministratorcandoisreducingthenumberofdaystokeepquarantinefilesintheclean.quarantinefileandexecutingthescriptmanually.

[root@linux]# perl clean.quarantine

4. LogfileTheAdministratorshouldcheckthelogfileregularlytomonitoranydiscrepancyintherunningsystem.ThemostimportantlogfileforMySpamGuardis/var/log/mail,almosttheentireactivitiesofMySpamGuardareloggedinthisfile.Itisadvisedtoregularlymonitorthecontentofthisfile.Tomonitorinrealtimeusethecommand:

[root@linux]# tail -f /var/log/mail

5. Update/patchesItismostimportanttokeepthepackagesuptodate.MostofMySpamGuardcomponentsareeasytoupdate.ThosepackageswhichincludedwithSuSELinuxaretheeasiestone,youmaydownloadandapplyupdateforthesepackagesautomaticallyusingYaST.Fortheothersrepeatingthesamestepsabovewilleffectivelyoverwritetheoldinstallation.Pleasemakebackupcopyofoldconfigurationsthatyouneedbeforeupgrading.

6. UpgradingMailScannerStableversionofMailScannerisusuallyreleasedonamonthlybasis.Itisrecommendedtokeepupwiththeseupdateregularlyalthoughthechangesaresometimesmallforeachconsecutivemonth,theremaybeimportantbugfixesinbetween.Toupdate,makebackupcopyofyourcurrentMailScanner

[root@linux]# cp -a /etc/MailScanner /etc/MailScanner.$(date +%Y%m%d)[root@linux]# cp -a /usr/lib/MailScanner /usr/lib/MailScanner.$(date +%Y%m%d)[root@linux]# cp -a /usr/sbin/MailScanner /usr/sbin/MailScanner.$(date +%Y%m%d)

Extractthelatestversionandruntheinstallscript.Then,runthecommandupgrade_MailScanner_confandupgrade_language_conf.Itwillexplainyouwhattodo.

ChangesonDomainNameServer

MailsystemsdependonDNStorelayemailontheInternet.TheSMTPcommunicationbetweentwoserversisdonebytheMTAsuchaspostfixinthoseservers.WhenanMTAwanttosendamessagetotheotherMTA,itfirstcheckfromtheDNSfortheMXrecordofitsdestination.IfMXrecorddoesnotexistthenitwillreverttousingtheArecord.ThisfacilitymakesiteasytointerceptmessagesforfilteringwithtoolssuchasMySpamGuard.ItisrecommendedthatanMXrecordisaddedtotheDNSwhenworkingwithMySpamGuard.BelowareexampleofDNSentryinaMySpamGuardprotectedenvironmentforthedomainexample.org.my.

DNSentryexample.org.my IN MX 10mysg.example.org.my.

mail IN A 210.187.27.99mysg IN A 210.187.27.100

IfyousetMySpamGuardasprimaryMXserverintheDNS,youwillalsoneedtousetheparametertransport_maps = hash:/etc/postfix/transport(pleaserefertoPostfixConfigurationsection).