Click here for "Safe Air Conditioner Repair and Proper Freon Recovery".

Debian10 ; Installing a mail server, virus protection

1. virus protection

As an anti-virus measure, we will install Clam AntiVirus, a free anti-virus software for Linux.
By installing this anti-virus software, you can not only scan the entire server for viruses, but you can also scan incoming and outgoing e-mails for viruses once you have built and configured your mail server.

1.1 Installed anti-virus software Clamav.

①Install

Configuration files related to clamav will be installed in the /etc/clamav/ folder.

②Update virus definitions

The above command will update the virus definitions, but if you get the following error, change the log settings and run it again.

ERROR: /var/log/clamav/freshclam.log is locked by another process
ERROR: Problem with internal logger (UpdateLogFile = /var/log/clamav/freshclam.log).

If the above error occurs, delete the log file once and change the logrotate setting as follows.

③Edit the configuration file

④Check for automatic virus definition updates
Make sure that the service that automatically updates virus definitions is registered.

The following will be displayed.
● clamav-freshclam.service - ClamAV virus database updater
Loaded: loaded (/lib/systemd/system/clamav-freshclam.service; enabled; vendor preset: e
Active: active (running) since Fri 2019-08-16 02:00:32 JST; 2 days ago
Docs: man:freshclam(1)
man:freshclam.conf(5)
https://www.clamav.net/documents
Main PID: 888 (freshclam)
Tasks: 1 (limit: 4915)
CGroup: /system.slice/clamav-freshclam.service
└─888 /usr/bin/freshclam -d --foreground=true
8月 18 07:25:02 server freshclam[888]: Sun Aug 18 07:25:02 2019 -> daily.cld is up to d
8月 18 07:25:02 server freshclam[888]: Sun Aug 18 07:25:02 2019 -> bytecode.cld is up t
8月 18 08:25:02 server freshclam[888]: Sun Aug 18 08:25:02 2019 -> Received signal: wak
8月 18 08:25:02 server freshclam[888]: Sun Aug 18 08:25:02 2019 -> ClamAV update proces

In addition, the log will be recorded in /var/log/clamav/freshclam.log file.

⑤Run a virus check

Download a harmless virus and test to see if it detects it. (Log in as a regular user)

As you can see, it notifies me of the virus with the message "FOUND" and "Infected files: 1". Also, the "--remove" option has been added, so the test virus has been removed.

1.2 Create a script file to do a full scan

①Create a directory (/opt/script) to store script files in advance.

②Create a script file

③Authorize Execution

④Create a virus quarantine folder
If it already exists, it's OK, but if it doesn't, a runtime error will occur because the above script specifies it as an excluded directory.

⑤execution

It takes quite a while to complete.
In addition, the log will be recorded in /var/log/clamav/clamscan.log file.

⑥Regularly run virus scans with cron

In the above example, it runs periodically every Monday at 2 am.

2. Introduction of email software

Postfix is a software developed as an MTA (Mail Transport Agent) to replace Sendmail, and it is a mail server with features such as high compatibility with Sendmail, safety, easy maintenance, and speed.
Postfix only functions as an SMTP server for sending mails, so you will need to install Dovecot, a POP server for receiving mails, separately in the second half of the tutorial.

2.1 Postfix : Installation Configuration

①Install Postfix.
Install Postfix and build an SMTP server. 25/TCP is used for SMTP.
To prevent unauthorized mail relay, use the SASL function of Dovecot (described later), and configure Postfix so that authentication is also required for sending.

You will be prompted to select a general configuration setting, but select "No Configuration" to set it manually later.

+------+ Postfix Configuration +-------+
| General type of mail configuration: |
| |
| No configuration |
| Internet Site |
| Internet with smarthost |
| Satellite system |
| Local only |
| |
| |
| <Ok> <Cancel> |
| |
+--------------------------------------+

②Edit the configuration file (main.cf)

Reflection of settings, reboot

③Edit the configuration file (master.cf)

Unmment  some of the information about submission and smtps.

submission inet n       -       y       -       -       smtpd
-o syslog_name=postfix/submission
#  -o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_tls_auth_only=yessmtps     inet  n       -       y       -       -       smtpd
-o syslog_name=postfix/smtps
-o smtpd_tls_wrappermode=yes

Reflection of settings, reboot

2.2 Dovecot : Installation Configuration

①Install Dovecot
Install Dovecot and set up a POP/IMAP server, using 110/TCP for POP and 143/TCP for IMAP
①Configure Dovecot so that Postfix can provide SASL functionality

②Edit the configuration file (dovecot.conf)

③Edit the configuration file (10-auth.conf)

④Edit the configuration file (10-mail.conf)

⑤Edit the configuration file (10-master.conf)

Reflection of settings, reboot

2.3 Register for an email user account

Register a user account for mail.
This setting is for when you want to use the user account on the OS for e-mail as well.
If you want to use e-mail with a user account on the OS, no additional settings are required, just register the OS user.

①Mail client installation

②Configure mailboxes to refer to Maildir.

③Add an OS user [hoge as an example]

④Log in with the added user account and test sending an email

2.4 Apply ClamAV to mail server Postfix

Configure Postfix and Clamav to scan incoming and outgoing mails in real time.
Install Amavisd and Clamav Daemon and start Clamav Daemon

①Enable virus scan

②Register your own domain name

③Edit the configuration file (main.cf)

④Edit the configuration file (master.cf)

If configured correctly, you will see a line "X-Virus-Scanned:Debian amavisd-new at source server" in the header of incoming mail.
"X-Virus-Scanned:Debian amavisd-new at source server

2.5 Install spamassassin on your Postfix mail server to prevent spam

①Install

②Prep for setting up SpamAssassin
Create a directory ".Spam" in the Maildir format for storing spam mails. First, log in as a regular user (e.g., hoge).

③Prepare Procmail.
Check if Procmail is installed on the server machine.
If it is not installed, install it.

Find the path to Procmail with the following command

④Procmail Configuration
If the configuration is written in "/etc/procmailrc", which controls the entire mail filter, it will be applied to all users.
If you put the settings in "/etc/procmailrc", which controls the whole mail filter, the settings will be applied to all users, and if you put the settings in "/home/username/.procmailrc", which is a mail filter file for each user, the settings will be applied only to that user.
In this case, we will put it in "/etc/procmailrc" to apply it to all users.

Fill in the following information and save it.

# Set the path
PATH=/bin:/usr/bin:/usr/local/bin
# Setting up a mailbox
MAILDIR=$HOME/Maildir
DEFAULT=$MAILDIR/
# Specify the output destination of the Procmail log file.
LOGFILE=$MAILDIR/procmaillog
# Specify the path to the lock file
LOCKFILE=$HOME/.lockmail
# If there is no "X-Spam-***" in the mail header, spamassassin will be started.
:0fw
*!^X-Spam.*
|spamassassin
# If "X-Spam-Status: Yes" is written in the mail header, the mail will be stored in the ".Spam" directory.
:0
* ^X-Spam-Status: Yes
$MAILDIR/.Spam/

⑤Edit Postfix main.cf

⑥Reflection of settings, startup and operation check

⑦confirmation
Try to send an email to your domain.
If you see the following message in the header of the email, your settings are working properly.
The following header is the description when the mail is judged as spam mail.

・・Abbreviation・・・
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 2.64 (2004-01-11) on mail.example.com
X-Spam-Report:
* 0.1 HTML_60_70 BODY: Message is 60% to 70% HTML
* 0.0 HTML_MESSAGE BODY: HTML included in message
・・省略・・・
X-Spam-Status: Yes, hits=8.2 required=5.5 tests=CLICK_BELOW,
FORGED_RCVD_NET_HELO,HTML_60_70,HTML_FONTCOLOR_UNSAFE,
HTML_IMAGE_ONLY_08,HTML_LINK_CLICK_HERE,HTML_MESSAGE,QENCTXT
autolearn=no version=2.64
X-Spam-Level: ********
・・・Abbreviation・・・

If you see the above "X-Spam-***" in the mail header, SpamAssassin is working properly.
If there is an "X-Spam-Status: Yes", then the message is considered spam.
On the other hand, if the message has X-Spam-Status: No, it is considered normal mail.

⑧Learning about spam emails
The following command will learn the entire contents of the ".Spam" directory of all users as spam mail

⑨Learning to send regular emails

Write a simple script and register it with Cron to run automatically on a regular basis.
Save the script in "/opt/script". The file name should be something like "spam-learns.sh".
After saving the script, give it executable access rights as "chmod 750 spam-learns.sh".

Contents of the script file
#! /bin/sh
# Learning about spam emails
/usr/bin/sa-learn --spam /home/*/Maildir/.Spam/cur
# Learn normal mail
/usr/bin/sa-learn --ham /home/*/Maildir/cur
# Add the following statement if you want to force the deletion of the contents of the spam mail storage directory.
/bin/rm -f /home/*/Maildir/.Spam/cur

After spam-learns.sh is created, create the definition file directly under /lib/systemd/system. The name should end in .service, such as spam-learns.service.

Definition file contents
There are various types, but we'll define simple for now.

[Unit] Description=demo sample node.js program[Service] Type=simple
ExecStart= /usr/local/bin/spam-learns.sh
Restart=always[Install] WantedBy=multi-user.target

Register the learning script to Cron.

Run the learning script every day at 4:00 a.m.

⑨Set to start automatically.

タイトルとURLをコピーしました