Contents
Clamav ( anti-virus software )
1.Clam AntiVirus Install
|
1 |
# yum -y install clamav clamd clamav-update |
2.Edit Clam AntiVirus configuration file
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 |
# vi /etc/clamd.d/scan.conf ●Kine 14 # Default: disabled LogFile /var/log/clamd.scan ← Uncomment ●Line 77 # Default: disabled PidFile /run/clamd.scan/clamd.pid ← Uncomment ●Line 96 # Path to a local socket file the daemon will listen on. # Default: disabled (must be specified by a user) LocalSocket /run/clamd.scan/clamd.sock ← Uncomment ●Line 219 # Run as another user (clamd must be started by root for this option to work) # Default: don't drop privileges #User clamscan ← Add # at the beginning of the line and comment it out (to make it work with root privileges) |
3.Virus definition file update settings
|
1 2 3 4 5 6 7 |
# vi /etc/freshclam.conf ●Line 75 #DatabaseMirror database.clamav.net ← Comment out DatabaseMirror db.jp.clamav.net ●Per line 151 #NotifyClamd /path/to/clamd.conf NotifyClamd /etc/clamd.d/scan.conf ← Add |
4.Virus definition file update
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 |
# freshclam ClamAV update process started at Fri Feb 17 13:57:32 2023 WARNING: Your ClamAV installation is OUTDATED! WARNING: Local version: 0.103.7 Recommended version: 0.103.8 DON'T PANIC! Read https://docs.clamav.net/manual/Installing.html daily database available for download (remote version: 26814) Time: 1.0s, ETA: 0.0s [========================>] 57.92MiB/57.92MiB Testing database: '/var/lib/clamav/tmp.74071b8e81/clamav-5c721fb2e9847debeac2250d462b62f6.tmp-daily.cvd' ... Database test passed. daily.cvd updated (version: 26814, sigs: 2020990, f-level: 90, builder: raynman) main database available for download (remote version: 62) Time: 3.9s, ETA: 0.0s [========================>] 162.58MiB/162.58MiB Testing database: '/var/lib/clamav/tmp.74071b8e81/clamav-fe04e5e17fdbecb650199572c6a4f1a3.tmp-main.cvd' ... Database test passed. main.cvd updated (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr) bytecode database available for download (remote version: 333) Time: 0.4s, ETA: 0.0s [========================>] 286.79KiB/286.79KiB Testing database: '/var/lib/clamav/tmp.74071b8e81/clamav-5882c19beb25579bd997d5e40e8d96e2.tmp-bytecode.cvd' ... Database test passed. bytecode.cvd updated (version: 333, sigs: 92, f-level: 63, builder: awillia2) |
5.Start Clam AntiVirus
|
1 |
# systemctl start clamd@scan ← clamd start. |
|
1 2 |
# systemctl enable clamd@scan ← Automatic clamd startup configuration Created symlink from /etc/systemd/system/multi-user.target.wants/clamd@scan.service to /usr/lib/systemd/system/clamd@.service. |
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 |
# systemctl status clamd@scan ← operation check ● clamd@scan.service - clamd scanner (scan) daemon Loaded: loaded (/usr/lib/systemd/system/clamd@.service; enabled; vendor preset: disabled) Active: active (running) since Fri 2023-02-17 14:00:20 JST; 1min 24s ago Docs: man:clamd(8) man:clamd.conf(5) https://www.clamav.net/documents/ Main PID: 2745 (clamd) CGroup: /system.slice/system-clamd.slice/clamd@scan.service mq2745 /usr/sbin/clamd -c /etc/clamd.d/scan.conf Feb 17 14:00:20 Lepard clamd[2745]: ELF support enabled. Feb 17 14:00:20 Lepard clamd[2745]: Mail files support enabled. Feb 17 14:00:20 Lepard clamd[2745]: OLE2 support enabled. Feb 17 14:00:20 Lepard clamd[2745]: PDF support enabled. Feb 17 14:00:20 Lepard clamd[2745]: SWF support enabled. Feb 17 14:00:20 Lepard clamd[2745]: HTML support enabled. Feb 17 14:00:20 Lepard clamd[2745]: XMLDOCS support enabled. Feb 17 14:00:20 Lepard clamd[2745]: HWP3 support enabled. Feb 17 14:00:20 Lepard clamd[2745]: Self checking every 600 seconds. Feb 17 14:00:20 Lepard systemd[1]: Started clamd scanner (scan) daemon. |
6.Perform virus scan
Download a test virus and perform a virus scan
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 |
# wget http://www.eicar.org/download/eicar.com # clamscan --infected --remove --recursive /root/eicar.com: Win.Test.EICAR_HDB-1 FOUND /root/eicar.com: Removed. ----------- SCAN SUMMARY ----------- Known viruses: 8652920 Engine version: 0.103.7 Scanned directories: 7 Scanned files: 11 Infected files: 1 Data scanned: 0.00 MB Data read: 0.00 MB (ratio 1.00:1) Time: 19.751 sec (0 m 19 s) Start Date: 2023:02:17 14:06:37 End Date: 2023:02:17 14:06:57 |
7.Deployment of virus scan auto-execution scripts
|
1 2 |
# mkdir -p /var/www/system # cd /var/www/system |
Create clamscan.sh in /var/www/system with the following contents
|
1 |
# vi /var/www/system/clamscan.sh |
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 |
#!/bin/bash PATH=/usr/bin:/bin # excludeopt setup excludelist=/var/www/system/clamscan.exclude if [ -s $excludelist ]; then for i in `cat $excludelist` do if [ $(echo "$i"|grep \/$) ]; then i=`echo $i|sed -e 's/^\([^ ]*\)\/$/\1/p' -e d` excludeopt="${excludeopt} --exclude-dir=$i" else excludeopt="${excludeopt} --exclude=$i" fi done fi # signature update freshclam # virus scan clamscan --recursive --remove ${excludeopt} / |
8.Virus scan exclusion directory settings
|
1 2 3 4 |
# chmod 700 clamscan.sh # echo "/sys/" >> /var/www/system/clamscan.exclude # echo "/proc/" >> /var/www/system/clamscan.exclude Exclude sys and proc directories. |
9.Scheduled virus scan
|
1 2 |
# crontab -e 0 1 * * * /var/www/system/clamscan.sh > /dev/null 2>&1 |
Mail Server Installation
1. Postfix Install
1.1 install
Install Postfix and build an SMTP server
|
1 |
# yum -y install postfix |
Make sure Postfix is installed
|
1 2 |
# rpm -qa | grep postfix postfix-2.10.1-9.el7.x86_64 |
1.2Register Postfix to the service
|
1 2 3 |
# systemctl enable postfix.service # systemctl is-enabled postfix.service enabled |
1.3 Backup postfix configuration files, main.cf and master.cf files
|
1 2 |
# cp -p /etc/postfix/main.cf `date '+/etc/postfix/main.cf.%Y%m%d'` # cp -p /etc/postfix/master.cf `date '+/etc/postfix/master.cf.%Y%m%d'` |
1.4 Edit postfix configuration file
To prevent unauthorized mail relay, configure Postfix to require authentication for outgoing mail as well, using Dovecot's SASL function.
To prevent unauthorized mail relay, configure Postfix to require authentication for outgoing mail as well, using Dovecot's SASL function.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 |
# vi /etc/postfix/main.cf ●Per line 77: Add #myhostname = virtual.domain.tld myhostname = mail.<Domain name> ●Per line84:Add your domain name #mydomain = domain.tld mydomain = <Domain name> ●Per line99: Uncomment myorigin = $mydomain ●Per line 116: Change inet_interfaces = all ●Per line164: Comment out Add under that #mydestination = $myhostname, localhost.$mydomain, localhost mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain ●Per line 268: Add #mynetworks = 168.100.189.0/28, 127.0.0.0/8 #mynetworks = $config_directory/mynetworks #mynetworks = hash:/etc/postfix/network_table mynetworks = 192.168.11.0/24, 127.0.0.0/8 ←192.168.11.0/24 to suit your environment ●Per line 420: Uncomment Set the mail storage format. #home_mailbox = Mailbox home_mailbox = Maildir/ ●Per line 428: Add #mail_spool_directory = /var/mail mail_spool_directory = /var/spool/mail ●Per line 575: Add #smtpd_banner = $myhostname ESMTP $mail_name #smtpd_banner = $myhostname ESMTP $mail_name ($mail_version) smtpd_banner = $myhostname ESMTP unknown ●Add the following to the last line # Limit send/receive mail size to 10M message_size_limit = 10485760 # Limit mailbox size to 1G mailbox_size_limit = 1073741824 # SMTP-Auth setting smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous smtpd_sasl_local_domain = $mydomain smtpd_recipient_restrictions = permit_mynetworks, permit_auth_destination, permit_sasl_authenticated, reject |
Release SMTP port (port 25)
|
1 2 3 4 |
# firewall-cmd --add-service=smtp --permanent success # firewall-cmd --reload success |
1.5 Start Postfix
|
1 |
# systemctl restart --now postfix |
2.Dovecot install
2.1 dovecot install
|
1 |
# yum -y install dovecot |
2.2 Edit dovecot.conf file
|
1 2 3 4 5 6 7 8 |
# cp -p /etc/dovecot/dovecot.conf `date '+ /etc/dovecot/dovecot.conf.%Y%m%d'` # vi /etc/dovecot/dovecot.conf ●Per line 25: Add # protocols = imap pop3 lmtp protocols = imap pop3 ●Line 30: Uncomment # Remove [::] if listening for IPv4 only listen = *, :: |
2.3 Edit 10-auth.conf file
|
1 2 3 4 5 6 |
# vi /etc/dovecot/conf.d/10-auth.conf ●Line 10: Uncomment and Change If plain text authentication is also allowed disable_plaintext_auth = no ●Line 100: Add auth_mechanisms = plain login |
2.3 Edit 10-mail.conf file
|
1 2 3 |
# vi /etc/dovecot/conf.d/10-mail.conf ●Line 31: Add mail_location = maildir:~/Maildir |
2.4 Edit 10-master.conf file
|
1 2 3 4 5 6 7 8 |
# vi /etc/dovecot/conf.d/10-master.conf ●Line 96-98: Uncomment and Add # Postfix smtp-auth unix_listener /var/spool/postfix/private/auth { mode = 0666 user = postfix group = postfix } |
2.5 Edit 10-ssl.conf file
|
1 2 3 |
# vi /etc/dovecot/conf.d/10-ssl.conf ●Per line 8: Change ssl = yes |
2.6 Register dovecot as a service and start it
|
1 2 3 4 5 |
# systemctl enable dovecot.service Created symlink from /etc/systemd/system/multi-user.target.wants/dovecot.service to /usr/lib/systemd/system/dovecot.service. # systemctl is-enabled dovecot.service Enabled # systemctl start dovecot.service |
2.7 Allow POP/IMAP services with firewalld
POP is [110/TCP], IMAP is [143/TCP].
|
1 2 3 |
# firewall-cmd --permanent --add-service=pop3 # firewall-cmd --permanent --add-service=imap # firewall-cmd --reload |
3.Create mail user and check operation
3.1 advance preparation
①Pretreatment for new users
When a new user is added, set up the system to automatically send and receive e-mail.
|
1 2 3 4 |
# mkdir -p /etc/skel/Maildir/{new,cur,tmp} # chmod -R 700 /etc/skel/Maildir/ # echo "~/Maildir/"> /etc/skel/.forward # chmod 600 /etc/skel/.forward |
②Mail environment pre-processing for existing users
Configure the already created users to be able to send and receive e-mail.
|
1 2 3 4 |
# mkdir -p /home/huong/Maildir/{new,cur,tmp} # chown -R huong:huong /home/huong/Maildir/ # chmod 700 /home/huong/Maildir # chmod 700 /home/huong/Maildir/{new,cur,tmp} |
3.2 User Account Creation
Mail client installation
|
1 2 |
# yum -y install mailx # echo 'export MAIL=$HOME/Maildir' >> /etc/profile.d/mail.sh |
Add user [linux]
|
1 2 3 4 5 |
# useradd linux # passwd linux New password:xxxxx Retype new password:xxxxx passwd: all authentication tokens updated successfully. |
3.3 Operation check ①
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 |
# su - linux $ mail linux@localhost Subject: Test Mail mail test . ← To end the text, type ".". EOT $ mail Heirloom Mail version 12.5 7/5/10. Type ? for help. "/home/linux/Maildir": 1 message 1 new >N 1 linux@korodes.com Fri Feb 17 16:40 17/536 "Test Mail" & 1 Message 1: From linux@korodes.com Fri Feb 17 16:40:53 2023 Return-Path: <linux@korodes.com> X-Original-To: linux@localhost Delivered-To: linux@localhost.korodes.com Date: Fri, 17 Feb 2023 16:40:53 +0900 To: linux@localhost.korodes.com Subject: Test Mail User-Agent: Heirloom mailx 12.5 7/5/10 Content-Type: text/plain; charset=us-ascii From: linux@korodes.com Status: R mail test & |
3.4 Operation check ②
Set up and confirm your account in Mozilla Thunderbird
Set up and confirm your account in Mozilla Thunderbird
①Start Thunderbird, and click "Tools", "Account Settings".
②「Account Actions」「Add Mail Account」
③Enter as follows
Your full name : Any name
Email addtess : huong@korodes.com" that I just added.
Password : Password for huong
Click on "Configure manually"
④Set "INCOMMING SERVER" and "OUTGOING SERVER" as shown below and click "Re-test".
⑤"The following settings were found by probinfg the given server"Displayed
After clicking "Done", the following "Warning" appears, but there is no problem, so click "Confirm".
⑥Click "Finish" when "Account syccessfuly created" is displayed.
Mail Server : Postfix + Clamav + Amavisd+SpamAssassin
1.Real-time scanning of e-mail
①Install Amavisd and Clamav Server
|
1 |
# yum --enablerepo=epel -y install amavisd-new clamav-scanner clamav-scanner-systemd |
➁Configuration File Edit
|
1 2 3 4 5 6 7 |
# vi /etc/clamd.d/scan.conf ●Line 77:Change PidFile /var/run/clamd.scan/clamd.pid ●Line 81:Uncomment TemporaryDirectory /var/tmp ●Line 96:Change LocalSocket /var/run/clamd.scan/clamd.sock |
|
1 2 3 |
# touch /var/log/clamd.scan # chown clamscan. /var/log/clamd.scan # systemctl enable clamd@scan |
➂Setup and start Amavisd
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 |
# vi /etc/amavisd/amavisd.conf ●Per line 13: Uncomment @bypass_spam_checks_maps = (1); # controls running of anti-spam code ● Line 23:Change to your domain name $mydomain = 'Domain name '; ●Per line28: comment-out #$QUARANTINEDIR = undef; # -Q ●Per line122: comment-out # $virus_admin = undef; # notifications recip ●Line 155:comment-out and Change to own hostname $myhostname = 'mail.domain name'; ●Line 157-158: Uncomment $notify_method = 'smtp:[127.0.0.1]:10025'; $forward_method = 'smtp:[127.0.0.1]:10025'; # set to undef with milter! # systemctl start amavisd clamd@amavisd # systemctl enable amavisd clamd@amavisd Created symlink from /etc/systemd/system/multi-user.target.wants/clamd@amavisd.service to /usr/lib/systemd/system/clamd@.service. Created symlink from /etc/systemd/system/multi-user.target.wants/amavisd.service to /usr/lib/systemd/system/amavisd.service. |
④Postfix Configuration
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 |
# vi /etc/postfix/main.cf # Add to the last line content_filter=smtp-amavis:[127.0.0.1]:10024 # vi /etc/postfix/master.cf # Add to the last line smtp-amavis unix - - n - 2 smtp -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes 127.0.0.1:10025 inet n - n - - smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_client_restrictions= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks=127.0.0.0/8 -o strict_rfc821_envelopes=yes -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 |
|
1 |
# systemctl restart postfix |
⑤I sent a test email to myself in Thunderbird, and in the header display section of the received email, I see the following X-Virus-Scanned: amavisd-new at korodes.
2.Email spam protection
①SpamAssassin installed to prevent spam
|
1 2 3 |
# yum -y install spamassassin spamass-milter-postfix # systemctl start spamassassin # systemctl enable spamassassin |
②SpamAssassin Settings
|
1 2 3 |
# vi /etc/mail/spamassassin/v310.pre ●Per line 24: Uncomment loadplugin Mail::SpamAssassin::Plugin::DCC |
③SpamAssassin configuration file update script
|
1 2 |
# cd /var/www/system # vi /var/www/system/spamassassin-update.sh |
#!/bin/bash
cd /etc/mail/spamassassin
wget -q https://github.com/kittyfreak/spamassassin_user_prefs/archive/refs/heads/main.zip
[ $? -ne 0 ] && exit
unzip main.zip >/dev/null 2>&1
[ $? -ne 0 ] && exit
rm -f main.zip
mv spamassassin_user_prefs-main/user_prefs .
rm -rf spamassassin_user_prefs-main
diff user_prefs user_prefs.org > /dev/null 2>&1
if [ $? -ne 0 ]; then
cp user_prefs local.cf
echo "report_safe 0" >> local.cf
echo "rewrite_header Subject ***SPAM***" >> local.cf
#SpamAssassin restart
if [ -f /etc/rc.d/init.d/spamassassin ]; then
/etc/rc.d/init.d/spamassassin restart > /dev/null
else
systemctl restart spamassassin > /dev/null
fi
fi
cp user_prefs user_prefs.org
Grant execute permission to the spamassassin-update script and run it
|
1 2 |
# chmod 700 /var/www/system/spamassassin-update.sh # /var/www/system/spamassassin-update.sh |
Verify that the SpamAssassin configuration file is created in the /etc/mail/spamassassin directory with the date of the day
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 |
# ls -l /etc/mail/spamassassin total 1500 drwxr-xr-x 2 root root 59 Feb 17 15:37 channel.d -rw-r--r-- 1 root root 1289 Oct 1 2020 init.pre -rw-r--r-- 1 root root 499331 Feb 17 19:08 local.cf drwx------ 2 root root 6 Oct 1 2020 sa-update-keys -rw-r--r-- 1 root root 62 Oct 1 2020 spamassassin-default.rc -rwxr-xr-x 1 root root 35 Oct 1 2020 spamassassin-helper.sh -rw-r--r-- 1 root root 55 Oct 1 2020 spamassassin-spamc.rc -rw-r--r-- 1 root root 499289 Dec 29 2021 user_prefs -rw-r--r-- 1 root root 499289 Feb 17 19:08 user_prefs.org -rw-r--r-- 1 root root 2523 Feb 17 18:51 v310.pre -rw-r--r-- 1 root root 1194 Oct 1 2020 v312.pre -rw-r--r-- 1 root root 2416 Oct 1 2020 v320.pre -rw-r--r-- 1 root root 1237 Oct 1 2020 v330.pre -rw-r--r-- 1 root root 1020 Oct 1 2020 v340.pre |
Set up cron to automatically run a script daily that updates the SpamAssassin configuration file定
|
1 2 |
# crontab -e 0 2 * * * /var/www/system/spamassassin-update.sh > /dev/null 2>&1 |
④Integrate SpamAssassin into Postfix
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 |
# vi /etc/postfix/master.cf ●Line 11:Comment out and add under # smtp inet n - n - - smtpd smtp inet n - n - - smtpd -o content_filter=spamassassin ●Add to last line smtp-amavis unix - - n - 2 smtp -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes 127.0.0.1:10025 inet n - n - - smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_client_restrictions= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks=127.0.0.0/8 -o strict_rfc821_envelopes=yes -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 spamassassin unix - n n - - pipe user=nobody argv=/usr/bin/spamc -e /usr/sbin/sendmail.postfix -oi -f ${sender} ${recipient} |
⑤Restart postfix
|
1 |
# systemctl restart postfix |
⑥If you send an e-mail to yourself in Thunderbird with the following information in the body, the following will appear in the header.
"XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X"
"XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X"
