Contents
Install clamav (anti-virus software)
1.Install Clam AntiVirus
2.Virus definition file update setting
●Line 75
Insert “#” at the beginning of the line “DatabaseMirror database.clamav.net” and add “DatabaseMirror db.jp.clamav.net”.
#DatabaseMirror database.clamav.net
DatabaseMirror db.jp.clamav.net
●Per line151
Add “NotifyClamd /etc/clamd.d/scan.conf”.
#NotifyClamd /path/to/clamd.conf
NotifyClamd /etc/clamd.d/scan.conf
ClamAV update process started at Thu Feb 3 20:04:55 2022
daily database available for download (remote version: 26442)
Time: 0.8s, ETA: 0.0s [========================>] 55.08MiB/55.08MiB
Testing database: ‘/var/lib/clamav/tmp.31cb943695/clamav-e129800b69d746b1fe1e8b2ef16f0d58.tmp-daily.cvd’ …
# vi /etc/clamd.d/scan.conf
●Line 14
# Default: disabled
LogFile /var/log/clamd.scan ← Uncomment
●Line 77
# Default: disabled
PidFile /run/clamd.scan/clamd.pid ← Uncomment
●Line 96
# Path to a local socket file the daemon will listen on.
# Default: disabled (must be specified by a user)
LocalSocket /run/clamd.scan/clamd.sock ← Uncomment
●Line 219
# Run as another user (clamd must be started by root for this option to work)
# Default: don’t drop privileges
#User clamscan ← Add # to the beginning of the line and comment it out (to make it work with root privileges)
5.Start Clam AntiVirus
# systemctl enable clamd@scan ← clamd auto-start setting
Created symlink /etc/systemd/system/multi-user.target.wants/clamd@scan.service → /usr/lib/systemd/system/clamd@.service.
# systemctl is-enabled clamd@scan
enabled
# systemctl status clamd@scan ← operation check
● clamd@scan.service – clamd scanner (scan) daemon
Loaded: loaded (/usr/lib/systemd/system/clamd@.service; enabled; vendor preset: disabled)
Active: active (running) since Sat 2022-01-22 15:57:41 JST; 57s ago
Docs: man:clamd(8)
man:clamd.conf(5)
https://www.clamav.net/documents/
Main PID: 190805 (clamd)
Tasks: 2 (limit: 4180)
Memory: 416.2M
CGroup: /system.slice/system-clamd.slice/clamd@scan.service
mq190805 /usr/sbin/clamd -c /etc/clamd.d/scan.conf
Feb 03 20:16:13 Lepard clamd[275984]: ELF support enabled.
Feb 03 20:16:13 Lepard clamd[275984]: Mail files support enabled.
Feb 03 20:16:13 Lepard clamd[275984]: OLE2 support enabled.
Feb 03 20:16:13 Lepard clamd[275984]: PDF support enabled.
■Download a test virus and perform a virus scan.
# clamscan –infected –remove –recursive
root/eicar.com: Win.Test.EICAR_HDB-1 FOUND ← virus detection
/root/eicar.com: Removed. ← virus removal
———- SCAN SUMMARY ———–
Known viruses: 8605057
Engine version: 0.103.5
Scanned directories: 1
Scanned files: 9
Infected files: 1 ← One virus detection
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 12.829 sec (0 m 12 s)
Start Date: 2022:02:03 20:23:05
End Date: 2022:02:03 20:23:17
# cd /var/www/system
Create clamscan.sh in /var/www/system with the following contents
# vi /var/www/system/clamscan.sh
#!/bin/bash
PATH=/usr/bin:/bin
# excludeopt setup
excludelist=/var/www/system/clamscan.exclude
if [ -s $excludelist ]; then
for i in `cat $excludelist`
do
if [ $(echo “$i”|grep \/$) ]; then
i=`echo $i|sed -e ‘s/^\([^ ]*\)\/$/\1/p’ -e d`
excludeopt=”${excludeopt} –exclude-dir=$i”
else
excludeopt=”${excludeopt} –exclude=$i”
fi
done
fi
# signature update
freshclam
# virus scan
clamscan –recursive –remove ${excludeopt} /
8.Virus scan exclusion directory setting
# echo “/sys/” >> /var/www/system/clamscan.exclude
# echo “/proc/” >> /var/www/system/clamscan.exclude
Exclude the sys and proc directories.
0 1 * * * /var/www/system/clamscan.sh > /dev/null 2>&1
Mail Server Install
1. Install Postfix
1.Install the required software.
# systemctl enable postfix
# systemctl enable dovecot
# systemctl enable saslauthd
# dnf install cyrus-sasl-md5
postfix-3.5.8-2.el8.x86_64
pcp-pmda-postfix-5.3.1-5.el8.x86_64
postfix-perl-scripts-3.5.8-2.el8.x86_64
Created symlink from /etc/systemd/system/multi-user.target.wants/postfix.service to /usr/lib/systemd/system/postfix.service.
# systemctl is-enabled postfix.service
enabled
# cp -p /etc/postfix/master.cf `date ‘+/etc/postfix/master.cf.%Y%m%d’`
Set up automatic sending and receiving of e-mails when a new user is added.
# chmod -R 700 /etc/skel/Maildir/
# echo “~/Maildir/”> /etc/skel/.forward
# chmod 600 /etc/skel/.forward
# chown -R <user>:<user> /home/<user>/Maildir/
# chmod 700 /home/<user>/Maildir
# chmod 700 /home/<user>/Maildir/{new,cur,tmp}
# vi /etc/sasl2/smtpd.conf
●Line 1,2 Comment out Add the following
# pwcheck_method: saslauthd
# mech_list: plain login
pwcheck_method: auxprop
auxprop_plugin: sasldb
mech_list: cram-md5 digest-md5 plain login
Created symlink from /etc/systemd/system/multi -user.target.wants/saslauthd.service to /usr/lib/systemd/sy stem/saslauthd.service.
# systemctl is-enabled saslauthd.service
enabled
# systemctl start saslauthd.service
# useradd -s /sbin/nologin puser
# passwd puser
Setting the SMTP-AUTH Password
# echo “<optional password>” | saslpasswd2 -p -u <Domain> -c puser
Confirm the registered user and change the group permissions in the file /etc/sasldb2 to
Change the group permissions in the file /etc/sasldb2 to the postfix group so that postfix can read it.
# sasldblistusers2
puser@<Domain>: userPassword
Change to the postfix group so that postfix can read it.
# chgrp postfix /etc/sasldb2
9.Postfix 設定ファイル編集
●Per line96 add
#myhostname = virtual.domain.tld
myhostname = mail.<Domain>
●Per line 103 Add a domain name
#mydomain = domain.tld
mydomain = <Domain>
●Per line 119 Uncomment out
myorigin = $mydomain
●Per line135 change
inet_interfaces = all
●Per line183 add
Comment out around line 183, and add it to line 184.
#mydestination = $myhostname, localhost.$mydomain, localhost
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
●Per line285 add
#mynetworks = 168.100.189.0/28, 127.0.0.0/8
#mynetworks = $config_directory/mynetworks
#mynetworks = hash:/etc/postfix/network_table
mynetworks = 192.168.11.0/24, 127.0.0.0/8 ←192.168.11.0/24 should match your environment.
●Per line440 Uncomment out
Set the mail storage format.
#home_mailbox = Mailbox
home_mailbox = Maildir/
●Per line447 add
#mail_spool_directory = /var/mail
mail_spool_directory = /var/spool/mail
●Per line593 add
#smtpd_banner = $myhostname ESMTP $mail_name
#smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
smtpd_banner = $myhostname ESMTP unknown
●Add the following to the last line
message_size_limit = 10485760
mailbox_size_limit = 1073741824
# SMTP-Auth Configuration
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $mydomain
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
Configure the submission port (port 587)
●Remove the “#” at the beginning of lines 17 and 20
submission inet n – n – – smtpd
# -o syslog_name=postfix/submission
# -o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
# systemctl start postfix.service
2.Install Dovecot
# vi /etc/dovecot/dovecot.conf
●Per line25 add
# protocols = imap pop3 lmtp
protocols = imap pop3
●Line 30 : Uncomment out
# To listen only to IPv4, remove [::] listen = *, ::
2.Edit the 10-auth.conf file
●Line 10 : Uncomment out change
Plain text authentication is also allowed.
disable_plaintext_auth = no
●Line 100 : add
auth_mechanisms = plain login
●Line 30 : Uncomment out
mail_location = maildir:~/Maildir
●Line 107-109 : uncomment out ,add
# Postfix smtp-auth
unix_listener /var/spool/postfix/private/auth {
mode = 0666
user = postfix
group = postfix
}
●Per lie 8
Change “ssl = required” to “ssl = yes”.
ssl = yes
Created symlink from /etc/systemd/system/multi-user.target.wants/dovecot.service to /usr/lib/systemd/system/dovecot.service.
# systemctl is-enabled dovecot.service
Enabled
# systemctl start dovecot.service
# firewall-cmd –permanent –add-service=imap
# firewall-cmd –permanent –add-service=smtp
# firewall-cmd –reload
Mail Server : Postfix + Clamav + Amavisd+SpamAssassin
1.Real-time scanning of emails
●Line 81:Uncomment out
TemporaryDirectory /var/tmp
# chown clamscan. /var/log/clamd.scan
# systemctl enable clamd@scan
# vi /etc/amavisd/amavisd.conf
●Per line 13 Deleting # at the beginning of a line
@bypass_spam_checks_maps = (1); # controls running of anti-spam code
●Line 23:
$mydomain = ‘Domain’;
●Per line28 comment out
#$QUARANTINEDIR = undef; # -Q
●Per line125 comment out
# $virus_admin = undef; # notifications recip
●Line 158:Uncomment out
$myhostname = ‘mail.Domain‘;
●Per line 163,164 Uncomment out
$notify_method = ‘smtp:[127.0.0.1]:10025’;
$forward_method = ‘smtp:[127.0.0.1]:10025’; # set to undef with milter!
# systemctl enable amavisd
Created symlink /etc/systemd/system/multi-user.target.wants/amavisd.service → /usr/lib/systemd/system/amavisd.service.
④Postfix Configuration
# Add to last line
content_filter=smtp-amavis:[127.0.0.1]:10024# vi /etc/postfix/master.cf
# Add to last line
smtp-amavis unix – – n – 2 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
127.0.0.1:10025 inet n – n – – smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
2.Email spam protection
# systemctl start spamassassin
# systemctl enable spamassassin
Created symlink /etc/systemd/system/multi-user.target.wants/spamassassin.service → /usr/lib/systemd/system/spamassassin.service.
●Per line24 Remove # from the beginning of the line
loadplugin Mail::SpamAssassin::Plugin::DCC
# vi /var/www/system/spamassassin-update.sh
#!/bin/bash
cd /etc/mail/spamassassinwget -q https://github.com/kittyfreak/spamassassin_user_prefs/archive/refs/heads/main.zip
[ $? -ne 0 ] && exitunzip main.zip >/dev/null 2>&1
[ $? -ne 0 ] && exit
rm -f main.zipmv spamassassin_user_prefs-main/user_prefs .
rm -rf spamassassin_user_prefs-main
diff user_prefs user_prefs.org > /dev/null 2>&1
if [ $? -ne 0 ]; then
cp user_prefs local.cf
echo “report_safe 0” >> local.cf
echo “rewrite_header Subject ***SPAM***” >> local.cf
if [ -f /etc/rc.d/init.d/spamassassin ]; then
/etc/rc.d/init.d/spamassassin restart > /dev/null
else
systemctl restart spamassassin > /dev/null
fi
fi
cp user_prefs user_prefs.org
Grant execute permission to the spamassassin-update script and run it.
# /var/www/system/spamassassin-update.sh
合計 1520
drwxr-xr-x 2 root root 4096 1月 21 22:24 channel.d
-rw-r–r– 1 root root 985 12月 12 19:06 init.pre
-rw-r–r– 1 root root 499337 1月 21 23:20 local.cf
drwx—— 2 root root 4096 12月 12 19:06 sa-update-keys
-rw-r–r– 1 root root 62 12月 12 19:06 spamassassin-default.rc
-rwxr-xr-x 1 root root 35 12月 12 19:06 spamassassin-helper.sh
-rw-r–r– 1 root root 55 12月 12 19:06 spamassassin-spamc.rc
-rw-r–r– 1 root root 499289 12月 29 00:02 user_prefs
-rw-r–r– 1 root root 499289 1月 21 23:20 user_prefs.org
-rw-r–r– 1 root root 2523 1月 21 22:52 v310.pre
-rw-r–r– 1 root root 1194 12月 12 19:06 v312.pre
-rw-r–r– 1 root root 2416 12月 12 19:06 v320.pre
-rw-r–r– 1 root root 1237 12月 12 19:06 v330.pre
0 2 * * * /var/www/system/spamassassin-update.sh > /dev/null 2>&1
# vi /etc/postfix/master.cf
●Per line12
Add a “#” to the beginning of line 11 and add SpamAssassin settings on line 12
# smtp inet n – n – – smtpd
smtp inet n – n – – smtpd -o content_filter=spamassassin
●Add to last line
smtp-amavis unix – – n – 2 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
127.0.0.1:10025 inet n – n – – smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
spamassassin unix – n n – – pipe
user=nobody argv=/usr/bin/spamc -e /usr/sbin/sendmail.postfix -oi -f ${sender} ${recipient}
# vi /etc/postfix/main.cf
●Add the following to the last line
content_filter=smtp-amavis:[127.0.0.1]:10024
⑤Restart postfix.
