HowTo: MailScanner 4.24 for Exim 4.24

interfasys

Verified User
Joined
Oct 31, 2003
Messages
2,100
Location
Switzerland
System: RedHat 9, ClamAv 0.67, MailScanner 4.28, Exim 4.24


*********************************
Install Spamassasin
*********************************
# cd /usr/local/directadmin/scripts
# ./spam.sh

You can also tweak spam.sh so that it picks up the latest version.

!Do not modify exim.conf to use spamassassin!
!Do not load spamd

I'm still trying to figure out if spamd is needed by somebody...


*********************************
Install ClamAV
*********************************
# wget http://crash.fce.vutbr.cz/crash-hat/1/clamav/clamav-0.72-1.i386.rpm

# rpm -Uvh clamav*.rpm

!Do not setup a cron for updates


*********************************
Install MailScanner
*********************************
# wget http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/rpm/MailScanner-4.28.6-1.rpm.tar.gz
# tar -zxvf MailScanner-4.28.6-1.rpm.tar.gz
# cd MailScanner-4.28.6-1
# ./Update-MakeMaker.sh
# ./install.sh
# chown -R mail:mail /var/spool/MailScanner

Note : Install missing modules when asked

# chown -R mail:mail /var/spool/MailScanner


*********************************
Configure Exim
*********************************
We need to run two Exim daemons: one to listen for SMTP connections, and one to do queue runs on the outgoing spool directory.

Thus, we need two .conf files. One for each exim process. The one created by directadmin will be used for incoming emails, we will tweak that one.

Backup
# cp /etc/exim.conf /etc/exim.back
Duplicate
#cp /etc/exim.conf /etc/exim_outgoing.conf

Configure
# pico -w /etc/exim.conf

and add the following lines in the main part of the configuration:

spool_directory = /var/spool/exim.in
queue_only = true
queue_only_override = false
log_file_path = /var/spool/exim/msglog/%slog


# pico -w /etc/init.d/exim

Original:
QUEUE=
[ -f /etc/sysconfig/exim ] && . /etc/sysconfig/exim
[ "$DAEMON" = yes ] && EXIM_OPTS="$EXIM_OPTS -bd"
[ -n "$QUEUE" ] && EXIM_OPTS="$EXIM_OPTS -q$QUEUE"

Change this to:
QUEUE="15m"
[ -f /etc/sysconfig/exim ] && . /etc/sysconfig/exim
[ "$DAEMON" = yes ] && EXIM_OPTS="$EXIM_OPTS -bd"
[ -f /etc/sysconfig/exim ] && . /etc/sysconfig/exim
[ "$DAEMON" = yes ] && EXIM_OPTS="$EXIM_OPTS -C /etc/exim_outgoing.conf"
[ -n "$QUEUE" ] && EXIM_OPTS="$EXIM_OPTS -q$QUEUE"


Create the following directories: /var/spool/exim.in,
/var/spool/exim.in/input,
/var/spool/exim.in/data,
/var/spool/exim.in/db

# mkdir /var/spool/exim.in
etc.

and assign them to mail.

# chown mail:mail /var/spool/exim.in


*********************************
Configure MailScanner
*********************************
#pico -w /etc/MailScanner/MailScanner.conf

and change theses settings:

Use you language for reports
%report-dir% = /etc/MailScanner/reports/fr

%org-name% = (Your org. name)
Run As User = mail
Run As Group = mail
Incoming Queue Dir = /var/spool/exim.in/input
Outgoing Queue Dir = /var/spool/exim/input
MTA = exim
Sendmail = /usr/sbin/exim -C /etc/exim.conf
Sendmail2 = /usr/sbin/exim -C /etc/exim_outgoing.conf
Virus Scanners = clamav
Use SpamAssassin = yes
Always Include SpamAssassin Report = yes

# pico -w /etc/sysconfig/MailScanner

MTA=exim
EXIM=/usr/sbin/exim
EXIMINCF=/etc/exim.conf # Incoming configuration file
EXIMSENDCF=/etc/exim_outgoing.conf # Outgoing configuration file


*********************************
Antivirus Auto-update
*********************************
Modify ClamAV scanner
# pico -w /usr/lib/MailScanner/clamav-autoupdate
Change this:
$PackageDir = "/usr";
$LogFile = "/var/log/clam-update.log";
$LockFile = "/var/log/ClamAVBusy.lock";


*********************************
Test MTA
*********************************
Stop the MailScanner process if it's running and restart the exim processes

# service MailScanner stop
# service exim restart

Try to send an email to an account that the exim is handling. When the email arrives it should be placed in the /var/spool/exim.in/input
directory. If it doesn't then the exim incoming process isn't working properly.

Now start the MailScanner.

# service MailScanner start

The email should now be moved from the directory and moved to /var/spool/exim/input where

it will be processed by the outgoing exim process.

You can view /var/log/maillog to see if the MailScanner scanned the file.

If the last two steps aren't working check the /var/log/maillog, /var/log/exim/exim_*,

/var/spool/exim/msglog/* for errors.


*********************************
Officially launch MailScanner
*********************************
Now that we've checked that everything is working, we can officially launch Mailscanner on the server.

# service exim stop
# service MailScanner stop
# killall exim
# service MailScanner start

If properly configured, Mailscanner will launch exim and scan your emails.


*********************************
Test virus scanner
*********************************
Try to send an email with a virus included and see if MailScanner detects it.

Just type this in a virus.txt file :

$CEliacmaTrESTuScikgsn$FREE-TEST-SIGNATURE$EEEEE$

and attach it in a test email.

------------------------------------------------------------------------

Original Howto made by :
Kaare Christensen, Mermaid Consulting ApS
kaare[at]mermaidconsulting[dot]com
http://www.mermaidconsulting.com
 
Last edited:
i have the follow error with creating exim.in/input dir


[root@internetplaza /]# mkdir /var/spool/exim.in/input
mkdir: cannot create directory `/var/spool/exim.in/input': No such file or directory
 
interfasys said:
OK, one step was missing.

We have to create exim.in first

Oke i have now a error with
/var/spool/MailScanner/incoming permission's are not correct

what's the owner etc for this dir


EDIT okee i have the problem /var/spool/MailScanner/incoming owner was root changed to mail
 
Last edited:
i have still a problem with the virusscanner.

if i look in de follow dir
/var/spool/exim/input there a plenty files that's not good there must going to the user mailboxes

i'm i right?
 
Ive installed mail scanner, but it dont detect the viruse you supplied, i get the e-mails but with the viruses attached still.

I used a fake virus site called http://sidebit.com/ProjectVirusTest.php and i dont seem to get that mail.

When i type service MailScanner restart i get the following:

[root@diradmin MailScanner-4.24-5]# service MailScanner restart
Shutting down MailScanner daemons:
MailScanner: [ OK ]
incoming sendmail: head: /var/run/sendmail.in.pid: No such file or dire
ctory
[ OK ]
outgoing sendmail: head: /var/run/sendmail.out.pid: No such file or dir
ectory
[ OK ]
Starting MailScanner daemons:
incoming sendmail: [ OK ]
outgoing sendmail: [ OK ]
MailScanner: [ OK ]
 
Last edited:
Ive checked my mail log and it has this in:

Nov 24 13:26:46 diradmin MailScanner[15080]: MailScanner E-Mail Virus Scanner v$
Nov 24 13:26:46 diradmin MailScanner[15080]: Using locktype = posix
Nov 24 13:26:46 diradmin MailScanner[15080]: Creating hardcoded struct_flock su$
Nov 24 13:26:56 diradmin MailScanner[15095]: MailScanner E-Mail Virus Scanner v$
Nov 24 13:26:56 diradmin MailScanner[15095]: Using locktype = posix
Nov 24 13:26:56 diradmin MailScanner[15095]: Creating hardcoded struct_flock su$
N
 
Re: Re: Re: HowTo: MailScanner 4.24 for Exim 4.24

WilcoOnline said:
Yes it's chown -R mail:mail /var/spool/MailScanner

:p i realised that, was trying to bring it to interfasys' attention

Chris
 
jasonyates said:
Ive installed mail scanner, but it dont detect the viruse you supplied, i get the e-mails but with the viruses attached still.

I used a fake virus site called http://sidebit.com/ProjectVirusTest.php and i dont seem to get that mail.

When i type service MailScanner restart i get the following:

[root@diradmin MailScanner-4.24-5]# service MailScanner restart
Shutting down MailScanner daemons:
MailScanner: [ OK ]
incoming sendmail: head: /var/run/sendmail.in.pid: No such file or dire
ctory
[ OK ]
outgoing sendmail: head: /var/run/sendmail.out.pid: No such file or dir
ectory
[ OK ]
Starting MailScanner daemons:
incoming sendmail: [ OK ]
outgoing sendmail: [ OK ]
MailScanner: [ OK ]

Hi i have the same problem and i have no soluction 4 this, anybody maybe?
 
I used to have that problem too, but then I redid the following steps and it worked.

Turn off mailscanner
Restart exim
Turn on mailscanner
 
interfasys said:
I used to have that problem too, but then I redid the following steps and it worked.

Turn off mailscanner
Restart exim
Turn on mailscanner


This is not the soluction.. i have after 1 minut the same problem
 
I get no output from either command, the first one took ages to do then i got no output from the second.

I tried to shutdown mail scanner, and i got the same message.

Also now i cannot use the e-mail address [email protected], i can recieve no mail sent to that address.
 
try the following

*Stop* mailscanner

# pico -w /etc/rc.d/init.d/MailScanner

you need to replace the lines:

INPID=/var/run/sendmail.in.pid
OUTPID=/var/run/sendmail.out.pid

with your exim pid files

*start* mailscanner

This may work, it may not.

Chris
 
I still get the same message:

[root@diradmin root]# service MailScanner restart
Shutting down MailScanner daemons:
MailScanner: [ OK ]
incoming sendmail: head: /var/run/sendmail.in.pid: No such file or dire
ctory
[ OK ]
outgoing sendmail: head: /var/run/sendmail.out.pid: No such file or dir
ectory
[ OK ]
 
Did you stop mailscanner, follow that and start it (not restart)?
 
./install.sh


Good. You have the patch command.

Your /usr/src/redhat, /usr/src/RPM or /usr/src/packages
tree is missing.
If you have access to an RPM called rpm-build
install it first and come back and try again.
 
Back
Top