Contents
1. Antivirus software Clamav installed
Install Clam AntiVirus, a free anti-virus software for Linux, as an anti-virus measure.
By installing this anti-virus software, you can not only scan the entire server for viruses, but also scan incoming and outgoing mail for viruses if you build and configure a mail server.
1.1 Install
The clamav-related configuration files are installed in the /etc/clamav/ folder.
1.2 Virus Definition Update
# freshclam
If the virus definitions can be updated with the above command, but the following error occurs, change the log settings and run the command again.
ERROR: /var/log/clamav/freshclam.log is locked by another process
ERROR: Problem with internal logger (UpdateLogFile = /var/log/clamav/freshclam.log).
ERROR: initialize: libfreshclam init failed.
ERROR: Initialization error!
If the above error occurs, delete the log file once and change the log rotate settings as follows.
# touch /var/log/clamav/freshclam.log
# chown clamav:clamav /var/log/clamav/freshclam.log
Fri Jun 3 08:13:24 2022 -> ClamAV update process started at Fri Jun 3 08:13:24 2022
Fri Jun 3 08:13:24 2022 -> daily.cvd database is up-to-date (version: 26561, sigs: 1985547, f-level: 90, builder: raynman)
Fri Jun 3 08:13:24 2022 -> main.cvd database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)
Fri Jun 3 08:13:24 2022 -> bytecode.cvd database is up-to-date (version: 333, sigs: 92, f-level: 63, builder: awillia2)
Edit configuration file
create 640 clamav adm
↓
create 640 clamav clamav
Automatic virus definition update confirmation
Ensure that the service is registered for automatic virus definition updates.
It appears as follows
● clamav-freshclam.service - ClamAV virus database updater
Loaded: loaded (/lib/systemd/system/clamav-freshclam.service; enabled; >
Active: active (running) since Fri 2022-06-03 08:10:42 EDT; 4min 51s ago
Docs: man:freshclam(1)
man:freshclam.conf(5)
https://docs.clamav.net/
Main PID: 1093 (freshclam)
Tasks: 1 (limit: 2300)
Memory: 230.6M
CPU: 28.154s
CGroup: /system.slice/clamav-freshclam.service
mq1093 /usr/bin/freshclam -d --foreground=true
Jun 03 08:11:00 debian freshclam[1093]: Fri Jun 3 08:11:00 2022 -> daily.cv>
Jun 03 08:11:00 debian freshclam[1093]: Fri Jun 3 08:11:00 2022 -> main dat>
Jun 03 08:11:05 debian freshclam[1093]: Fri Jun 3 08:11:05 2022 -> Testing >
Jun 03 08:11:15 debian freshclam[1093]: Fri Jun 3 08:11:15 2022 -> Database>
Jun 03 08:11:15 debian freshclam[1093]: Fri Jun 3 08:11:15 2022 -> main.cvd>
Jun 03 08:11:15 debian freshclam[1093]: Fri Jun 3 08:11:15 2022 -> bytecode>
Jun 03 08:11:15 debian freshclam[1093]: Fri Jun 3 08:11:15 2022 -> Testing >
Jun 03 08:11:15 debian freshclam[1093]: Fri Jun 3 08:11:15 2022 -> Database>
Logs are recorded in the file /var/log/clamav/freshclam.log.
1.3 Virus Check Confirmation
①Running manual virus checks
----------- SCAN SUMMARY -----------
Known viruses: 8617610
Engine version: 0.103.6
Scanned directories: 3
Scanned files: 7
Infected files: 0
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 25.954 sec (0 m 25 s)
Start Date: 2022:06:03 08:17:43
End Date: 2022:06:03 08:18:09
Infected files: 0, so no virus
②Virus detection by downloading test viruses
Download a harmless virus and test it for detection.
Log in as a general user and check
$ wget http://www.eicar.org/download/eicar.com
$ clamscan --infected --remove --recursive /home
/home/<user name>/eicar.com: Win.Test.EICAR_HDB-1 FOUND
/home/<user name>/eicar.com: Removed.----------- SCAN SUMMARY -----------
Known viruses: 8617610
Engine version: 0.103.6
Scanned directories: 3
Scanned files: 8
Infected files: 1
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 19.905 sec (0 m 19 s)
Start Date: 2022:06:03 08:20:04
End Date: 2022:06:03 08:20:24
As you can see, the virus is notified with the message "FOUND" and "Infected files: 1". The "--remove" option was also added, so the test virus was removed.
1.4 Create a script file to do a full scan
①Create a script file storage directory (/opt/script) in advance.
Password:
# mkdir /opt/script
②Create script file
Contents of clam-full.sh (new)
echo =========================================
date
hostname
clamscan / \
--infected \
--recursive \
--log=/var/log/clamav/clamscan.log \
--move=/var/log/clamav/virus \
--exclude-dir=^/boot \
--exclude-dir=^/sys \
--exclude-dir=^/proc \
--exclude-dir=^/dev \
--exclude-dir=^/var/log/clamav/virus
if [ $? = 0 ]; then
echo “Virus not detected.”
else
echo “Virus detection!!”
fi
③execute authorization
④Create a folder for virus quarantine
If not, a runtime error will occur because the above script specifies it as an excluded directory.
⑤Script Execution
Takes quite a long time to complete.
Logs are recorded in the /var/log/clamav/clamscan.log file.
0 2 * * mon /opt/script/clam-full.sh >> /var/log/clamav/clamascan.log
In the above example, it runs regularly every Monday at 2:00 AM.
2. Mail server installation
Postfix was developed as a Mail Transport Agent (MTA) to replace sendmail, and is a mail server that is highly compatible with sendmail, secure, easy to maintain, and fast.
In addition, since Postfix only functions as an SMTP server for sending mail, the POP server Dovecot for receiving mail will be installed separately in the latter half.
2.1 Postfix : Installation Configuration
①Install Postfix
Install Postfix and build an SMTP server; SMTP uses 25/TCP.
To prevent unauthorized mail relay, use the SASL function of Dovecot, described below, and configure Postfix so that authentication is also required for sending.
You will be asked to select general configuration settings, select "No configuration " to set them manually later
②Edit configuration file (main.cf)
# vi /etc/postfix/main.cf
Editorial content
# Line 78:Uncomment
mail_owner = postfix
# Line 94:Uncomment and specify hostname
myhostname = mail.<domain name>
# Line 102:Uncomment and specify domain name
mydomain = <domain name>
# Line 123:Uncomment
myorigin = $mydomain
# Line 137:Uncomment
inet_interfaces = all
# Line 185:Uncomment
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
# Line 228:Uncomment
local_recipient_maps = unix:passwd.byname $alias_maps
# Line 270:Uncomment
mynetworks_style = subnet
# Line 287:self-networking addition
mynetworks = 127.0.0.0/8, 192.168.11.0/24
# Line 407:Uncomment
alias_maps = hash:/etc/aliases
# Line 418:Uncomment
alias_database = hash:/etc/aliases
# Line 440:Uncomment
home_mailbox = Maildir/
# Line 576:Make it a comment and add below it
#smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
smtpd_banner = $myhostname ESMTP
# Line 650:add
sendmail_path = /usr/sbin/postfix
# Line 655:add
newaliases_path = /usr/bin/newaliases
# Line 660:add
mailq_path = /usr/bin/mailq
# Line 666:add
setgid_group = postdrop
# Line 670:comment
#html_directory =
# Line 674:comment
#manpage_directory =
# Line 679:comment
#sample_directory =
# Line 683:comment
#readme_directory =
# Added to the last line: Limit sent/received mail size to 10M
message_size_limit = 10485760
# Limit mailbox size to 1G
mailbox_size_limit = 1073741824
# SMTP-Auth setup
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
smtpd_recipient_restrictions = permit_mynetworks, permit_auth_destination, permit_sasl_authenticated, reject
③Edit configuration file (master.cf)
Editorial content
smtp inet n - y - - smtpd
#smtp inet n - y - 1 postscreen
#smtpd pass - - y - - smtpd
#dnsblog unix - - y - 0 dnsblog
#tlsproxy unix - - y - 0 tlsproxy
submission inet n - y - - smtpd
# -o syslog_name=postfix/submission
# -o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
# -o smtpd_tls_auth_only=yes
Reflect settings, reboot
# systemctl restart postfix
2.2 Dovecot : Installation Configuration
①Install Dovecot
Install Dovecot and build a POP/IMAP server, using 110/TCP for POP and 143/TCP for IMAP.
②Configure Dovecot to provide SASL functionality for Postfix
# vi /etc/dovecot/dovecot.conf
Line 30:Uncomment
listen = *, ::
Line 10:Uncomment and change (also allow plain text authentication)
disable_plaintext_auth = no
Line 100:add
auth_mechanisms = plain login
Line 30:Change to Maildir format
mail_location = maildir:~/Maildir
Line 107-109:Uncommented and added
# Postfix smtp-authi
unix_listener /var/spool/postfix/private/auth {
mode = 0666
user = postfix
group = postfix
}
③Reflect settings, reboot
2.3 Email User Account Registration
Register a user account for e-mail.
This setting is for when a user account on the OS is also used for e-mail.
If you want to use mail with a user account on the OS, no additional configuration is required, just register the OS user
①Mail client installed
②Mailboxes are set to refer to Maildir
2.4 operation check ①
①Send test mail to yourself [mail (user name)@(host name)].
user name : huong
$ mail huong@localhost
Cc:
Subject: Test Mail
This is the first mail.
Check incoming mail
"/home/huong/Maildir/": 1 message 1 new
>N 1 huong Fri Jun 3 13:11 13/441 Test Mail
? 1
Return-Path: <huong@debian.korodes.com>
X-Original-To: huong@localhost
Delivered-To: huong@localhost
Received: by mail.korodes.com (Postfix, from userid 1000)
id 392CAA0038; Fri, 3 Jun 2022 09:11:54 -0400 (EDT)
To: <huong@localhost>
Subject: Test Mail
X-Mailer: mail (GNU Mailutils 3.10)
Message-Id: <20220603131154.392CAA0038@mail.korodes.com>
Date: Fri, 3 Jun 2022 09:11:54 -0400 (EDT)
From: huong <huong@debian.korodes.com>
This is the first mail.
2.5 operation check ②
Set up and confirm your account in Mozilla Thunderbird
①Start Thunderbird, and click "Tools", "Account Settings".
②「Account Actions」「Add Mail Account」
③Your full name" is an optional name
Email addtess" is "huong@korodes.com" added earlier
Password" is the password for user huong
Click on "Configure manually"
④Set "INCOMMING SERVER" and "OUTGOING SERVER" as shown below and click "Re-test".
⑤The "Server Found" message appears.(The following settings were found by probinfg the given server)
After clicking "Done," the following "Warning" appears, but there is no problem, so click "Confirm.
⑥Click "Finish" when "Account syccessfuly created" is displayed.
3 Applied ClamAV to mail server Postfix
①Install Amavisd and Clamav Daemon and start Clamav Daemon
Set up Postfix and Clamav to work together to scan incoming and outgoing mail in real time.
use strict;
# $myhostname is used by amavisd-new for node identification, and it is
# important to get it right (e.g. for ESMTP EHLO, loop detection, and so on) .
chomp($myhostname = `hostname --fqdn`);
# To manually set $myhostname, edit the following line with the correct Full y
# Qualified Domain Name (FQDN) and remove the # at the beginning of the line .
#
$myhostname = "mail.<domain name>";
1; # ensure a defined return
②Virus Scan Enable
Uncomment and enable virus scan
@bypass_virus_checks_maps = (
\%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re);
③Register your own domain name
④Edit configuration file (Main.cf)
Add to last line
content_filter=smtp-amavis:[127.0.0.1]:10024
⑤Edit configuration file (master.cf)
Editorial content
# Add all the following lines to the last line
smtp-amavis unix - - n - 2 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
127.0.0.1:10025 inet n - n - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
⑥Settings reflect
# usermod -G amavis clamav
# systemctl restart clamav-daemon amavis postfix
When you send an e-mail to yourself on Thuderbird, etc., it is successful if you see the following message in the header of the incoming e-mail.
4. Install spamassassin in Postfix to prevent spam
①Install
②Preparation for SpamAssassin configuration
Create a directory ".Spam" in Maildir format for storing spam mails. First, log in as an ordinary user (e.g. huong)
$ cd ~
$ cd Maildir
$ /usr/bin/maildirmake.dovecot .Spam
$ su –
③Prepare Procmail
Check if Procmail is installed on the server machine.
If not, install it.
Check the path to Procmail with the following command
/usr/bin/procmail
④Procmail Settings
The settings are applied to all users by putting them in "/etc/procmailrc", which is in charge of the entire mail filter.
The filter will be applied only to that user if it is written in "/home/username/.procmailrc", which is a mail filter file for each user.
This time, to apply to all users, we will describe it in "/etc/procmailrc".
procmailrc description (newly created)
PATH=/bin:/usr/bin:/usr/local/bin
# Mailbox Settings
MAILDIR=$HOME/Maildir
DEFAULT=$MAILDIR/
# Specify where to output Procmail log files
LOGFILE=$MAILDIR/procmaillog
# Specify lock file path
LOCKFILE=$HOME/.lockmail
# If there is no "X-Spam-***" in the mail header, spamassassassin will be started.
:0fw
*!^X-Spam.*
|spamassassin
# If the mail header contains "X-Spam-Status: Yes", the mail will be stored in the ".Spam" directory.
:0
* ^X-Spam-Status: Yes
$MAILDIR/.Spam/
⑤Edit Postfix main.cf
Add to the last line
mailbox_command = /usr/bin/procmail
⑥Reflecting settings, starting up and checking operation
# systemctl restart postfix
⑦Spam Email Learning
The following command will learn all the contents of all users' ".Spam" directories as spam mail
Learned tokens from 0 message(s) (0 message(s) examined). <-- Learned 0 emails as spam mails
⑧Normal mail Learning
Learned tokens from 4 message(s) (4 message(s) examined). <-- Learned 4 emails as normal emails
⑨Create a script and register it with Cron
Name the file "spam-learns.sh" and place it under /opt/script/.
After saving the script, give it executable access as "chmod 750 spam-learns.sh".
spam-learns.sh Contents
# Spam Email Learning
/usr/bin/sa-learn --spam /home/*/Maildir/.Spam/cur
# Learning normal mail
/usr/bin/sa-learn --ham /home/*/Maildir/cur
# If you want to force the deletion of the contents of the spam mail storage directory, add the following statement
/bin/rm -f /home/*/Maildir/.Spam/cur
After spam-learns.sh is created, create a definition file directly under /lib/systemd/system. The name should end in .service, such as spam-learns.service.
Type is defined by simple
# vi spam-learns.service
Contents of spam-learns.service
Description=demo sample node.js program
[Service]
Type=simple
ExecStart= /opt/script/spam-learns.sh
Restart=always
[Install]
WantedBy=multi-user.target
Register the learning script in Cron
0 4 * * * /opt/script/spam-learns.sh
Study scripts run daily at 4:00 a.m.
⑩Set to start automatically
⑪Send a blank email to yourself in Thunderbird, etc., and if you see the following message in the header of the received email, you have succeeded.
