Click here for "Error Codes for Commercial Air Conditioners".

Debian10 ; Installing a mail server, virus protection

1. virus protection

As an anti-virus measure, we will install Clam AntiVirus, a free anti-virus software for Linux.
By installing this anti-virus software, you can not only scan the entire server for viruses, but you can also scan incoming and outgoing e-mails for viruses once you have built and configured your mail server.

1.1 Installed anti-virus software Clamav.

①Install

# apt install clamav clamav-daemon

Configuration files related to clamav will be installed in the /etc/clamav/ folder.

②Update virus definitions

# freshclam

The above command will update the virus definitions, but if you get the following error, change the log settings and run it again.
ERROR: /var/log/clamav/freshclam.log is locked by another process
ERROR: Problem with internal logger (UpdateLogFile = /var/log/clamav/freshclam.log).

If the above error occurs, delete the log file once and change the logrotate setting as follows.

# rm /var/log/clamav/freshclam.log
# touch /var/log/clamav/freshclam.log
# chown clamav:clamav /var/log/clamav/freshclam.log

③Edit the configuration file

# vi /etc/logrotate.d/clamav-freshclam
create 640 clamav adm

create 640 clamav clamav

④Check for automatic virus definition updates
Make sure that the service that automatically updates virus definitions is registered.

# service clamav-freshclam status

The following will be displayed.

● clamav-freshclam.service – ClamAV virus database updater
Loaded: loaded (/lib/systemd/system/clamav-freshclam.service; enabled; vendor preset: e
Active: active (running)since Fri 2019-08-16 02:00:32 JST; 2 days ago
Docs: man:freshclam(1)
man:freshclam.conf(5)
https://www.clamav.net/documents
Main PID: 888 (freshclam)
Tasks: 1 (limit: 4915)
CGroup: /system.slice/clamav-freshclam.service
└─888 /usr/bin/freshclam -d –foreground=true
8月 18 07:25:02 server freshclam[888]: Sun Aug 18 07:25:02 2019 -> daily.cld is up to d
8月 18 07:25:02 server freshclam[888]: Sun Aug 18 07:25:02 2019 -> bytecode.cld is up t
8月 18 08:25:02 server freshclam[888]: Sun Aug 18 08:25:02 2019 -> Received signal: wak
8月 18 08:25:02 server freshclam[888]: Sun Aug 18 08:25:02 2019 -> ClamAV update proces

In addition, the log will be recorded in /var/log/clamav/freshclam.log file.

⑤Run a virus check

# clamscan –infected –remove –recursive /home

Download a harmless virus and test to see if it detects it. (Log in as a regular user)

# su – <user>
$ cd ~  ← /home/<user> Go to the directory
$ wget http://www.eicar.org/download/eicar.com
$ clamscan –infected –remove –recursive /home
/home/lan/eicar.com: Eicar-Test-Signature FOUND
/home/lan/eicar.com: Removed.

———– SCAN SUMMARY ———–
Known viruses: 6281795
Engine version: 0.100.3
Scanned directories: 206
Scanned files: 657
Infected files: 1
Data scanned: 25.92 MB
Data read: 12.33 MB (ratio 2.10:1)
Time: 59.342 sec (0 m 59 s)

As you can see, it notifies me of the virus with the message “FOUND” and “Infected files: 1”. Also, the “–remove” option has been added, so the test virus has been removed.

1.2 Create a script file to do a full scan

①Create a directory (/opt/script) to store script files in advance.

# mkdir /opt/script

②Create a script file

# vi /opt/script/clam-full.sh

#!/bin/sh
echo =========================================
date
hostname
clamscan / \
–infected \
–recursive \
–log=/var/log/clamav/clamscan.log \
–move=/var/log/clamav/virus \
–exclude-dir=^/boot \
–exclude-dir=^/sys \
–exclude-dir=^/proc \
–exclude-dir=^/dev \
–exclude-dir=^/var/log/clamav/virus

# –infected      Output results only for files that have been detected as infected
# –recursive    Recursively scans specified directories and below. Compressed files are decompressed and scanned.
# –log=FILE    logfile
# –move=DIR    Quarantine location for files detected as infected
# –remove      Delete the file that detected the infection.
# –exclude=FILE   Files excluded from inspection (specified by pattern)
# –exclude-dir=DIR Directory to be excluded from inspection (specified by pattern)

if [ $? = 0 ]; then
echo “virus undetected.”
else
echo “virus detection!!”
fi

③Authorize Execution

# chmod +x /opt/script/clam-full.sh

④Create a virus quarantine folder
If it already exists, it’s OK, but if it doesn’t, a runtime error will occur because the above script specifies it as an excluded directory.

# mkdir /var/log/clamav/virus

⑤execution

# /opt/script/clam-full.sh

It takes quite a while to complete.
In addition, the log will be recorded in /var/log/clamav/clamscan.log file.

⑥Regularly run virus scans with cron

# crontab -e

# m h dom mon dow command

0 2 * * mon /opt/script/clam-full.sh >> /var/log/clamav/clamascan.log

In the above example, it runs periodically every Monday at 2 am.

2. Introduction of email software

Postfix is a software developed as an MTA (Mail Transport Agent) to replace Sendmail, and it is a mail server with features such as high compatibility with Sendmail, safety, easy maintenance, and speed.
Postfix only functions as an SMTP server for sending mails, so you will need to install Dovecot, a POP server for receiving mails, separately in the second half of the tutorial.

2.1 Postfix : Installation Configuration

①Install Postfix.
Install Postfix and build an SMTP server. 25/TCP is used for SMTP.
To prevent unauthorized mail relay, use the SASL function of Dovecot (described later), and configure Postfix so that authentication is also required for sending.

# apt -y install postfix sasl2-bin

You will be prompted to select a general configuration setting, but select “No Configuration” to set it manually later.

+——+ Postfix Configuration +——-+
| General type of mail configuration: |
| |
| No configuration |
| Internet Site |
| Internet with smarthost |
| Satellite system |
| Local only |
| |
| |
| <Ok> <Cancel> |
| |
+————————————–+

②Edit the configuration file (main.cf)

# cp /usr/share/postfix/main.cf.dist /etc/postfix/main.cf
# vi /etc/postfix/main.cf
# Line 78: uncomment
mail_owner = postfix
# Line 94: uncomment and specify host name
myhostname = mail.korodes.com
# Line 102: Uncomment and specify domain name
mydomain = korodes.com
# Line 123: Uncomment
myorigin = $mydomain
# Line 137: uncomment
inet_interfaces = all
# Line 185: uncomment
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
# Line 228: uncomment
local_recipient_maps = unix:passwd.byname $alias_maps
# Line 270: uncomment
mynetworks_style = subnet
# Line 287: Add your own network.
mynetworks = 127.0.0.0/8, 192.168.11.0/24
# Line 407: Uncomment
alias_maps = hash:/etc/aliases
# Line 418: Uncomment
alias_database = hash:/etc/aliases
# Line 440: Uncomment
home_mailbox = Maildir/
# Line 576: Make it a comment and add it below.
#smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_banner = $myhostname ESMTP
# 650 line items: memorial
sendmail_path = /usr/sbin/postfix
# 655 line item: memorial
newaliases_path = /usr/bin/newaliases
# 660 line items: memorial
mailq_path = /usr/bin/mailq
# 666 line items: memorial
setgid_group = postdrop
# Line 670: Commenting
#html_directory =
# Line 674: Commenting
#manpage_directory =
# Line 679: Commenting
#sample_directory =
# Line 683: Commenting
#readme_directory =
# Addendum to last line: Limit send/receive mail size to 10M.
message_size_limit = 10485760
# Limit mailbox size to 1G.
mailbox_size_limit = 1073741824
# SMTP-Auth Configuration
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
smtpd_recipient_restrictions = permit_mynetworks, permit_auth_destination, permit_sasl_authenticated, reject

Reflection of settings, reboot

# newaliases
# systemctl restart postfix

③Edit the configuration file (master.cf)

# vi /etc/postfix/master.cf

Comment out some of the information about submission and smtps.

submission inet n       –       y       –       –       smtpd

  -o syslog_name=postfix/submission

#  -o smtpd_tls_security_level=encrypt

  -o smtpd_sasl_auth_enable=yes

  -o smtpd_tls_auth_only=yes

 

#

smtps     inet  n       –       y       –       –       smtpd

  -o syslog_name=postfix/smtps

  -o smtpd_tls_wrappermode=yes

Reflection of settings, reboot

# newaliases
# systemctl restart postfix

2.2 Dovecot : Installation Configuration

①Install Dovecot
Install Dovecot and set up a POP/IMAP server, using 110/TCP for POP and 143/TCP for IMAP
①Configure Dovecot so that Postfix can provide SASL functionality

# apt -y install dovecot-core dovecot-pop3d dovecot-imapd

②Edit the configuration file (dovecot.conf)

# vi /etc/dovecot/dovecot.conf

# Line 30: uncomment
listen = *, ::

③Edit the configuration file (10-auth.conf)

# vi /etc/dovecot/conf.d/10-auth.conf

# Line 10: uncomment and change (also allow plain text authentication)
disable_plaintext_auth = no

# 100 line items: memorial
auth_mechanisms = plain login

④Edit the configuration file (10-mail.conf)

# vi /etc/dovecot/conf.d/10-mail.conf

# Line 30: Change to Maildir format.
mail_location = maildir:~/Maildir

⑤Edit the configuration file (10-master.conf)

# vi /etc/dovecot/conf.d/10-master.conf

# Lines 107-109: uncommented and added
# Postfix smtp-auth
unix_listener /var/spool/postfix/private/auth {
mode = 0666
user = postfix
group = postfix
}

Reflection of settings, reboot

# systemctl restart dovecot

2.3 Register for an email user account

Register a user account for mail.
This setting is for when you want to use the user account on the OS for e-mail as well.
If you want to use e-mail with a user account on the OS, no additional settings are required, just register the OS user.

①Mail client installation

# apt -y install mailutils

②Configure mailboxes to refer to Maildir.

# echo ‘export MAIL=$HOME/Maildir/’ >> /etc/profile.d/mail.sh

③Add an OS user [hoge as an example]

# adduser hoge
Password ← Enter password when asked, not displayed
Password again

④Log in with the added user account and test sending an email

# su – hoge
$ mail hoge@localhost  ← Send an email to yourself.
Cc:
Subject:test ← Item Name
testmail ← Main text (press Ctrl + D to exit)
Email confirmation
$ mail
To exit, press [q].

2.4 Apply ClamAV to mail server Postfix

Configure Postfix and Clamav to scan incoming and outgoing mails in real time.
Install Amavisd and Clamav Daemon and start Clamav Daemon

# apt -y install clamav-daemon amavisd-new

①Enable virus scan

# vi /etc/amavis/conf.d/15-content_filter_mode

 

Uncomment the following sections to enable virus scanning
@bypass_virus_checks_maps = (
\%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re);

②Register your own domain name

# echo ‘hoge.com’ > /etc/mailname

③Edit the configuration file (main.cf)

# vi /etc/postfix/main.cf
# Add to last line
content_filter=smtp-amavis:[127.0.0.1]:10024

④Edit the configuration file (master.cf)

# vi /etc/postfix/master.cf
# Add the following full line to the last line
smtp-amavis unix – – n – 2 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
127.0.0.1:10025 inet n – n – – smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000

 

#systemctl restart clamav-daemon amavis postfix

If configured correctly, you will see a line “X-Virus-Scanned:Debian amavisd-new at source server” in the header of incoming mail.
“X-Virus-Scanned:Debian amavisd-new at source server

2.5 Install spamassassin on your Postfix mail server to prevent spam

①Install

# apt install spamassassin

②Prep for setting up SpamAssassin
Create a directory “.Spam” in the Maildir format for storing spam mails. First, log in as a regular user (e.g., hoge).

# su – hoge
$ cd ~
$ cd Maildir
$ /usr/bin/maildirmake.dovecot .Spam
$ su –

③Prepare Procmail.
Check if Procmail is installed on the server machine.
If it is not installed, install it.

# apt install procmail

Find the path to Procmail with the following command

# which procmail
/usr/bin/procmail

④Procmail Configuration
If the configuration is written in “/etc/procmailrc”, which controls the entire mail filter, it will be applied to all users.
If you put the settings in “/etc/procmailrc”, which controls the whole mail filter, the settings will be applied to all users, and if you put the settings in “/home/username/.procmailrc”, which is a mail filter file for each user, the settings will be applied only to that user.
In this case, we will put it in “/etc/procmailrc” to apply it to all users.

# vi /etc/procmailrc

Fill in the following information and save it.

# Set the path

PATH=/bin:/usr/bin:/usr/local/bin

# Setting up a mailbox

MAILDIR=$HOME/Maildir

DEFAULT=$MAILDIR/

# Specify the output destination of the Procmail log file.

LOGFILE=$MAILDIR/procmaillog

# Specify the path to the lock file

LOCKFILE=$HOME/.lockmail

 

# If there is no “X-Spam-***” in the mail header, spamassassin will be started.

:0fw

*!^X-Spam.*

|spamassassin

# If “X-Spam-Status: Yes” is written in the mail header, the mail will be stored in the “.Spam” directory.

:0

* ^X-Spam-Status: Yes

$MAILDIR/.Spam/

⑤Edit Postfix main.cf

# vi /etc/postfix/main.cf

Add the following statement to the last line
mailbox_command = /usr/bin/procmail

⑥Reflection of settings, startup and operation check

# systemctl start spamassassin
# systemctl restart postfix

⑦confirmation
Try to send an email to your domain.
If you see the following message in the header of the email, your settings are working properly.
The following header is the description when the mail is judged as spam mail.

・・Abbreviation・・・
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 2.64 (2004-01-11) on mail.example.com
X-Spam-Report:
* 0.1 HTML_60_70 BODY: Message is 60% to 70% HTML
* 0.0 HTML_MESSAGE BODY: HTML included in message
・・省略・・・
X-Spam-Status: Yes, hits=8.2 required=5.5 tests=CLICK_BELOW,
FORGED_RCVD_NET_HELO,HTML_60_70,HTML_FONTCOLOR_UNSAFE,
HTML_IMAGE_ONLY_08,HTML_LINK_CLICK_HERE,HTML_MESSAGE,QENCTXT
autolearn=no version=2.64
X-Spam-Level: ********
・・・Abbreviation・・・

If you see the above “X-Spam-***” in the mail header, SpamAssassin is working properly.
If there is an “X-Spam-Status: Yes”, then the message is considered spam.
On the other hand, if the message has X-Spam-Status: No, it is considered normal mail.

⑧Learning about spam emails
The following command will learn the entire contents of the “.Spam” directory of all users as spam mail

# /usr/bin/sa-learn –spam /home/*/Maildir/.Spam/cur
Learned from 89 message(s) (89 message(s) examined).

Learning to send regular emails

# /usr/bin/sa-learn –ham /home/*/Maildir/cur
Learned from 157 message(s) (157 message(s) examined).

Write a simple script and register it with Cron to run automatically on a regular basis.
Save the script in “/opt/script”. The file name should be something like “spam-learns.sh”.
After saving the script, give it executable access rights as “chmod 750 spam-learns.sh”.

# vi /opt/script/spam-learns.sh

Contents of the script file

#! /bin/sh
# Learning about spam emails
/usr/bin/sa-learn –spam /home/*/Maildir/.Spam/cur
# Learn normal mail
/usr/bin/sa-learn –ham /home/*/Maildir/cur
# Add the following statement if you want to force the deletion of the contents of the spam mail storage directory.

/bin/rm -f /home/*/Maildir/.Spam/cur

 

# chmod 750 /opt/script/spam-learns.sh

After spam-learns.sh is created, create the definition file directly under /lib/systemd/system. The name should end in .service, such as spam-learns.service.

# cd /lib/systemd/system
vi spam-learns.service

Definition file contents
There are various types, but we’ll define simple for now.

[Unit] Description=demo sample node.js program[Service] Type=simple
ExecStart= /usr/local/bin/spam-learns.sh
Restart=always[Install] WantedBy=multi-user.target

Register the learning script to Cron.

# crontab -e
0 4 * * * /opt/script/spam-learns.sh

Run the learning script every day at 4:00 a.m.

⑨Set to start automatically.

# systemctl enable spam-learns
タイトルとURLをコピーしました