• About

blog.alam.rocks

blog.alam.rocks

Tag Archives: antismap

Postfix : Anti Spam & Anti Virus Solution

23 Tuesday Nov 2010

Posted by Fakrul Alam in Uncategorized

≈ Leave a comment

Tags

antismap, antivirus, Clamav, greylisting, mailqueue, mailscanner, postfix, postgrey

SPAM or Unsolicited Commercial Email (UCE) is always hated by everybody. It is nightmare for all the system administrator. There are lot of talking and solutions regarding SPAM. I have collect some of this useful inforamtion and implement. These work miracle in my case. I have write this tutorial (basically collect!) to help you out. In this tutorial we will use Postfix as MTA. We will integrate MailScanner and Clamav for Antivirus solution and SpamAssassin and GreyListing for Antispam solution.

1. Postfix
2. Mailscanner

2. Clamav
4. SpamAssassin

5. GreyListing


MailScanner:

Before installing MailScanner make sure that your postfix is working properly. Download the MailScanner from http://www.mailscanner.info/downloads.html. Untar the file. Rune ./configure to install the MailScanner.
In the Postfix configuration file /etc/postfix/main.cf add this line:

header_checks = regexp:/etc/postfix/header_checks
In the file /etc/postfix/header_checks add this line:

/^Received:/ HOLD
The effect of this is to tell Postfix to move all messages to the HOLD queue.

In your MailScanner.conf file (probably in /etc/MailScanner or /opt/MailScanner/etc), there are 5 settings you need to change. They are all really near the top of the file. The settings are
Run As User = postfix

Run As Group = postfix
Incoming Queue Dir = /var/spool/postfix/hold

Outgoing Queue Dir = /var/spool/postfix/incoming
MTA = postfix

You will need to ensure that the user “postfix” can write to /var/spool/MailScanner/incoming and /var/spool/MailScanner/quarantine:
chown postfix.postfix /var/spool/MailScanner/incoming

chown postfix.postfix /var/spool/MailScanner/quarantine
Now run MailScanner, /etc/init.d/MailScanner start

Do the following to start MailScanner at startup
chkconfig postfix off

chkconfig —level 2345 MailScanner on
Clamav:

Download the clamav from http://www.clamav.net/. Untar the file. Add group clamav and user clamav under that group. Install the clamav. We don’t have to change anything in clamav configuration file. Make the following changes to the /etc/MailScanner/MailScanner.conf file:
Virus Scanning = yes

Virus Scanners = clamav 
Spamassain:

Download the spamassain from www.spamassassin.org. We need some perl module.
perl -MCPAN -e shell

Whenever it asks about manual configuration, say no
cpan> o conf prerequisites_policy ask

cpan> install Time::HiRes
cpan> quit

tar xzf Mail-SpamAssassin-version-no.tar.gz
cd Mail-SpamAssassin-version-no

perl Makefile.PL
make

You may now get some errors about pod2text. If you do, then do this command
ln -s /usr/bin/pod2man /usr/bin/pod2text

make
make test

This will fail horribly due to lack of Pod/Usage.pm, so now do this (remember whenever it asks about manual configuration, say no)
perl -MCPAN -e shell

cpan> o conf prerequisites_policy ask
cpan> install Pod::Usage

cpan> quit
Now to try the tests again

make test
make install

You now have installed SpamAssassin. The next step is to configure it and MailScanner.
vi /etc/MailScanner/MailScanner.conf

Change the setting for “Required SpamAssassin Score” to more than 5 as that generates quite a few false alarms.
It’s advised to set “Log Spam = yes” to start with.

You will of course need “Use SpamAssassin = yes”.
You are almost done! Just restart the MailScanner again. Send some test mail and check the maillog that if you are receiving mail or not.

SpamAssassin mainly tagged the mail as spam or not. If you check the mail header you will get something like this:
X-Spam-Status: Yes

or
X-Spam-Status: No

If mail is tagged as spam than the spam status will be yes otherwise it will be no. Now we will send the spam tagged mail in user spam folder. For this we need procmail. Install procmail from www.procmail.org. Let say our user name is info and home folder in /home/info. Info user mail are stored in /home/info/mail folder. Create a file named “spam” in /home/info/mail folder.
touch /home/info/mail/spam

chown info:info /home/info/mail/spam
Now create the following file in /home/info/ folder:

.procmailrc
# My variables

HOME=/home/info
MAILDIR=$HOME/mail

# neccessary variables
PATH=/usr/local/bin:/usr/bin

VERBOSE=no
LOGABSTRACT=yes

COMSAT=no
LOGFILE=$HOME/procmail.log

:0
* ^X-Spam-Status: Yes

$HOME/mail/spam
# spamassassin rule ends here

Here ^X-Spam-Status: Yes is the main part. If the mail is tagged as spam than the spam mail will be send to user spam folder.
create the following file in /home/info folder

.forward
”|/usr/bin/procmail -t #info”

From now the spam tagged mail for info user will go it’s spam folder.
GreyListing:

GreyListing is the comparatively new technique to fight against spam. This technique work in following ways:
“When a request for delivery of a mail is received by Postfix via SMTP, the triplet CLIENT_IP / SENDER / RECIPIENT is built. If it is the first time that this triplet is seen, or if the triplet was first seen, less than 5 minutes ago, then the mail gets rejected with a temporary error. Hopefully spammers or viruses will not try again later, as it is however required per RFC.” [http://isg.ee.ethz.ch/tools/postgrey/]

With postfix we use PostGrey. Download PostGrey from http://isg.ee.ethz.ch/tools/postgrey/
For PostGrey we need the following perl module:

Net::Server
IO::Multiplex

BerkeleyDB (Perl module)
Berkeley DB (Library, version = 4.1)

wget http://isg.ee.ethz.ch/tools/postgrey/pub/postgrey-1.27.tar.gz
tar -zxvf postgrey-1.27.tar.gz

cd postgrey-1.27
cp postgrey_whitelist_* /etc/postfix/

cp postgrey /usr/local/bin
cp postgrey /usr/local/sbin

groupadd nogroup
adduser postgrey

mkdir /var/spool/postfix/postgrey/
chown postgrey:nogroup /var/spool/postfix/postgrey/

And make the following change to the postfix main.cf file:
main.cf

smtpd_recipient_restrictions = check_policy_service inet:127.0.0.1:10023
Run the following command:

/usr/local/sbin/postgrey —inet=10023 -d —delay=50 —greylist-text=”Policy restrictions; try later”
If everything is ok, postgrey will start. If anything does wrong you will get the output in /var/log/maillog.

Check netstat –nat for the port 10023. Try to send some test mail.
To start the postgrey at startup add the following lines in /etc/rc.local file:

# Start Postgrey
echo -n ‘Postgrey’;  /usr/local/sbin/postgrey —inet=10023 -d —delay=50 —greylist-text=”Policy restrictions; try later”

 # To /etc/rc.local before the start postfix line.

That’s all you need. Happy spam free mail.

Monitor Antispam & Antivirus gateway

05 Friday Jan 2007

Posted by Fakrul Alam in Uncategorized

≈ Leave a comment

Tags

antismap, antivirus, linux, mailscanner, mailwatch, My Work, vispan

In my last post I have shown how to create an antispam & antivirus gateway. This give me spam and virus free emails. But how much this is efficient!! I have looked through the internet and find two very good software. These are Vispan and MailWatch. Both of them are web based.

Vispan show yearly, monthly, daily, hourly updates with fine graphs and detailed statistics. Using this mail gateway I was able to filter 90%-95% spam. It’s amaizing!!

MailWatch is also webbased and with lots of features. Vispan only give us the statistical output and reports. In MailWatch we can also change the configuration of MailScanner along with mailllog, quarantine maillist and lots of reports.

These tools don’t have any effect on spam filter. But it’s very nice to find out how efficient the Antispam & Antivirus gateway is.

This is a vispan report from my antispam & antivirus gateways server:

Vispan report

Social

  • View rapappu’s profile on Twitter
  • View fakrulalam’s profile on LinkedIn
  • View fakrul’s profile on GitHub
  • View FakrulAlamPappu’s profile on Google+
  • View fakrulalam’s profile on Flickr

Twitter Updates

  • #sydeny #summer https://t.co/4FhMTbgG1g 1 week ago
  • RT @protocoljournal: The August 2022 issue of IPJ is ready. Head over to protocoljournal.org for your copy! https://t.co/c0dfwBQAuu 3 weeks ago
  • RT @teamcymru: Take The first step toward clarity, visibility, and reducing external asset related risks With our free Attack Surface Asses… 3 weeks ago
  • RT @akanygren: Have you been working with tech for years and want an overview of #IPv6? I've been working on an open source "Inessential I… 1 month ago
  • blog.lastpass.com/2022/11/notice… 2 months ago
  • #bdnog15 CfP is now open bdnog.org/bdnog15/cfp.php #bdnog #bangladesh #nog #networkoperatorsgroup 2 months ago
  • RT @Cloudflare: Today we’re introducing Cloudflare Radar’s route leak data and API so that anyone can get information about route leaks acr… 2 months ago
  • Battling Zimbabwe fall short as Bangladesh win in chaotic final-over finish espncricinfo.com/series/icc-men… #t20 #worldcup #bangladeh 3 months ago
  • RT @vince2_: With the team @Free_1337, we have developed a Netflow/IPFIX collector and visualizer. It is available at https://t.co/6XtpOtm9… 6 months ago
  • RT @openbsdnow: Effective Shell effective-shell.com 7 months ago
  • RT @nocontextfooty: https://t.co/PU0JeRSrbD 7 months ago
  • smallstep.com/blog/if-openss… 7 months ago
  • github.com/tldr-pages/tldr 9 months ago
  • How to properly interpret a traceroute or MTR | APNIC Blog blog.apnic.net/2022/03/28/how… 9 months ago
  • #dayandnight #Newcastle #beachlife https://t.co/LaKATcEsFY 10 months ago
Follow @rapappu

Tags

antismap antivirus automation Azure bangladesh BASH BASH Script BDCERT bgp bind ccsp centos CentOS mirror CERT CISA cisco Cyber Security ddos dhaka dhakacom DNS DNSSEC GSM intrusion detectoin system Intrusion prevention system ips IPv6 ISACA junos linux Looking Glass lxc lxc profile lxd mailqueue mailscanner Mail Server mailwatch Meraki mikrotik monitor mpls MPLS L3 VPN mysql My Work network network management nginx NSD observium OpenVPN perl PHP ping postfix Proxy PTA python RANCID Reading RPKI Shell Script sms sms server SNMP SSH Tutorial ubuntu Ubuntu Mirror Server Virtual Box vispan vmware websvn Youtube hack খামাখা

Blog at WordPress.com.

  • Follow Following
    • blog.alam.rocks
    • Join 27 other followers
    • Already have a WordPress.com account? Log in now.
    • blog.alam.rocks
    • Customize
    • Follow Following
    • Sign up
    • Log in
    • Report this content
    • View site in Reader
    • Manage subscriptions
    • Collapse this bar