MiracleLinux ; Anti-virus, mail server

Install clamav (anti-virus software)

1.Install Clam AntiVirus

# dnf –enablerepo=epel -y install clamav clamav-update clamav-scanner-systemd

2.Virus definition file update setting

# vi /etc/freshclam.conf
●Line 75
Insert “#” at the beginning of the line “DatabaseMirror database.clamav.net” and add “DatabaseMirror db.jp.clamav.net”.
#DatabaseMirror database.clamav.net
DatabaseMirror db.jp.clamav.net
●Per line151
Add “NotifyClamd /etc/clamd.d/scan.conf”.
#NotifyClamd /path/to/clamd.conf
NotifyClamd /etc/clamd.d/scan.conf
3.Update virus definition files
# freshclam
ClamAV update process started at Thu Feb 3 20:04:55 2022
daily database available for download (remote version: 26442)
Time: 0.8s, ETA: 0.0s [========================>] 55.08MiB/55.08MiB
Testing database: ‘/var/lib/clamav/tmp.31cb943695/clamav-e129800b69d746b1fe1e8b2ef16f0d58.tmp-daily.cvd’ …
4.Edit Clam AntiVirus configuration file

# vi /etc/clamd.d/scan.conf
●Line 14
# Default: disabled
LogFile /var/log/clamd.scan ← Uncomment
●Line 77
# Default: disabled
PidFile /run/clamd.scan/clamd.pid ← Uncomment
●Line 96
# Path to a local socket file the daemon will listen on.
# Default: disabled (must be specified by a user)
LocalSocket /run/clamd.scan/clamd.sock ← Uncomment
●Line 219
# Run as another user (clamd must be started by root for this option to work)
# Default: don’t drop privileges
#User clamscan ← Add # to the beginning of the line and comment it out (to make it work with root privileges)

5.Start Clam AntiVirus

# systemctl start clamd@scan ← Start clamd
# systemctl enable clamd@scan ← clamd auto-start setting
Created symlink /etc/systemd/system/multi-user.target.wants/clamd@scan.service → /usr/lib/systemd/system/clamd@.service.
# systemctl is-enabled clamd@scan
enabled
# systemctl status clamd@scan ← operation check
clamd@scan.service – clamd scanner (scan) daemon
Loaded: loaded (/usr/lib/systemd/system/clamd@.service; enabled; vendor preset: disabled)
Active: active (running) since Sat 2022-01-22 15:57:41 JST; 57s ago
Docs: man:clamd(8)
man:clamd.conf(5)
https://www.clamav.net/documents/
Main PID: 190805 (clamd)
Tasks: 2 (limit: 4180)
Memory: 416.2M
CGroup: /system.slice/system-clamd.slice/clamd@scan.service
mq190805 /usr/sbin/clamd -c /etc/clamd.d/scan.conf
Feb 03 20:16:13 Lepard clamd[275984]: ELF support enabled.
Feb 03 20:16:13 Lepard clamd[275984]: Mail files support enabled.
Feb 03 20:16:13 Lepard clamd[275984]: OLE2 support enabled.
Feb 03 20:16:13 Lepard clamd[275984]: PDF support enabled.
6.Perform virus scan.
■Download a test virus and perform a virus scan.
# wget http://www.eicar.org/download/eicar.com
# clamscan –infected –remove –recursive
root/eicar.com: Win.Test.EICAR_HDB-1 FOUND ← virus detection
/root/eicar.com: Removed. ← virus removal
———- SCAN SUMMARY ———–
Known viruses: 8605057
Engine version: 0.103.5
Scanned directories: 1
Scanned files: 9
Infected files: 1  ← One virus detection
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 12.829 sec (0 m 12 s)
Start Date: 2022:02:03 20:23:05
End Date: 2022:02:03 20:23:17
7.Deployment of automatic virus scan execution scripts
# mkdir -p /var/www/system
# cd /var/www/system

Create clamscan.sh in /var/www/system with the following contents
# vi /var/www/system/clamscan.sh
#!/bin/bash
PATH=/usr/bin:/bin
# excludeopt setup
excludelist=/var/www/system/clamscan.exclude
if [ -s $excludelist ]; then
for i in `cat $excludelist`
do
if [ $(echo “$i”|grep \/$) ]; then
i=`echo $i|sed -e ‘s/^\([^ ]*\)\/$/\1/p’ -e d`
excludeopt=”${excludeopt} –exclude-dir=$i”
else
excludeopt=”${excludeopt} –exclude=$i”
fi
done
fi
# signature update
freshclam
# virus scan
clamscan –recursive –remove ${excludeopt} /

8.Virus scan exclusion directory setting

# chmod 700 clamscan.sh
# echo “/sys/” >> /var/www/system/clamscan.exclude
# echo “/proc/” >> /var/www/system/clamscan.exclude
Exclude the sys and proc directories.
9.Run regular virus scans
# crontab -e
0 1 * * * /var/www/system/clamscan.sh > /dev/null 2>&1

Mail Server Install

1. Install Postfix

1.Install the required software.

# dnf -y install postfix dovecot cyrus-sasl cyrus-sasl-plain 
# systemctl enable postfix
# systemctl enable dovecot
# systemctl enable saslauthd
# dnf install cyrus-sasl-md5
Check if Postfix is installed.
# rpm -qa | grep postfix
postfix-3.5.8-2.el8.x86_64
pcp-pmda-postfix-5.3.1-5.el8.x86_64
postfix-perl-scripts-3.5.8-2.el8.x86_64
2.Register Postfix to the service.
# systemctl enable postfix.service
Created symlink from /etc/systemd/system/multi-user.target.wants/postfix.service to /usr/lib/systemd/system/postfix.service.
# systemctl is-enabled postfix.service
enabled
3.Backup postfix configuration files, main.cf and master.cf files
# cp -p /etc/postfix/main.cf `date ‘+/etc/postfix/main.cf.%Y%m%d’`
# cp -p /etc/postfix/master.cf `date ‘+/etc/postfix/master.cf.%Y%m%d’`
4.Preprocessing for new users
Set up automatic sending and receiving of e-mails when a new user is added.
# mkdir -p /etc/skel/Maildir/{new,cur,tmp}
# chmod -R 700 /etc/skel/Maildir/
# echo “~/Maildir/”> /etc/skel/.forward
# chmod 600 /etc/skel/.forward
5.Pretreatment for existing users
# mkdir -p /home/<user>/Maildir/{new,cur,tmp}
# chown -R <user>:<user> /home/<user>/Maildir/
# chmod 700 /home/<user>/Maildir
# chmod 700 /home/<user>/Maildir/{new,cur,tmp}
6.Editing the SMTP Authentication Configuration File
# cp -p /etc/sasl2/smtpd.conf `date ‘+ /etc/sasl2/smtpd.conf.%Y%m%d’`
# vi /etc/sasl2/smtpd.conf
●Line 1,2 Comment out   Add the following
# pwcheck_method: saslauthd
# mech_list: plain login
pwcheck_method: auxprop 
auxprop_plugin: sasldb 
mech_list: cram-md5 digest-md5 plain login
7.Registering and starting the saslauthd service
# systemctl enable saslauthd.service
Created symlink from /etc/systemd/system/multi -user.target.wants/saslauthd.service to /usr/lib/systemd/sy stem/saslauthd.service.
# systemctl is-enabled saslauthd.service
enabled
# systemctl start saslauthd.service
8.Create a Postfix user (e.g. puser)

# useradd -s /sbin/nologin puser
# passwd puser

Setting the SMTP-AUTH Password
# echo “<optional password>” | saslpasswd2 -p -u <Domain> -c puser

Confirm the registered user and change the group permissions in the file /etc/sasldb2 to
Change the group permissions in the file /etc/sasldb2 to the postfix group so that postfix can read it.
# sasldblistusers2
puser@<Domain>: userPassword

Change to the postfix group so that postfix can read it.
# chgrp postfix /etc/sasldb2

9.Postfix 設定ファイル編集

# vi /etc/postfix/main.cf
●Per line96   add
#myhostname = virtual.domain.tld
myhostname = mail.<Domain>
●Per line 103   Add a domain name
#mydomain = domain.tld
mydomain = <Domain>
●Per line 119  Uncomment out
myorigin = $mydomain
●Per line135 change
inet_interfaces = all
●Per line183  add
Comment out around line 183, and add it to line 184.
#mydestination = $myhostname, localhost.$mydomain, localhost
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
●Per line285  add
#mynetworks = 168.100.189.0/28, 127.0.0.0/8
#mynetworks = $config_directory/mynetworks
#mynetworks = hash:/etc/postfix/network_table
mynetworks = 192.168.11.0/24, 127.0.0.0/8 ←192.168.11.0/24 should match your environment.
●Per line440  Uncomment out
Set the mail storage format.
#home_mailbox = Mailbox
home_mailbox = Maildir/ 
●Per line447  add
#mail_spool_directory = /var/mail
mail_spool_directory = /var/spool/mail 
●Per line593  add
#smtpd_banner = $myhostname ESMTP $mail_name
#smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
smtpd_banner = $myhostname ESMTP unknown
●Add the following to the last line
message_size_limit = 10485760
mailbox_size_limit = 1073741824
# SMTP-Auth Configuration
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $mydomain
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination

Configure the submission port (port 587)

# vi /etc/postfix/master.cf
●Remove the “#” at the beginning of lines 17 and 20
submission inet n – n – – smtpd
# -o syslog_name=postfix/submission
# -o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
10.Start Postfix.
# postmap hash:/etc/postfix/virtual 
# systemctl start postfix.service

2.Install Dovecot

1.Edit the dovecot.conf file
# cp -p /etc/dovecot/dovecot.conf `date ‘+ /etc/dovecot/dovecot.conf.%Y%m%d’`
# vi /etc/dovecot/dovecot.conf
●Per line25  add
# protocols = imap pop3 lmtp
protocols = imap pop3
●Line 30 : Uncomment out
# To listen only to IPv4, remove [::] listen = *, ::

2.Edit the 10-auth.conf file

# vi /etc/dovecot/conf.d/10-auth.conf
●Line 10 : Uncomment out  change
Plain text authentication is also allowed.
disable_plaintext_auth = no
●Line 100 : add
auth_mechanisms = plain login
3.Edit the 10-mail.conf file
# vi /etc/dovecot/conf.d/10-mail.conf
●Line 30 : Uncomment out
mail_location = maildir:~/Maildir
4.Edit the 10-master.conf file
# vi /etc/dovecot/conf.d/10-master.conf
●Line 107-109 : uncomment out  ,add
# Postfix smtp-auth
unix_listener /var/spool/postfix/private/auth {
mode = 0666
user = postfix
group = postfix
}
5.Edit the 10-ssl.conf file
# vi /etc/dovecot/conf.d/10-ssl.conf
●Per lie 8
Change “ssl = required” to “ssl = yes”.
ssl = yes
6.Register dovecot as a service and start it.
# systemctl enable dovecot.service
Created symlink from /etc/systemd/system/multi-user.target.wants/dovecot.service to /usr/lib/systemd/system/dovecot.service.
# systemctl is-enabled dovecot.service
Enabled
# systemctl start dovecot.service
7.Open ports with firewalld
# firewall-cmd –permanent –add-service=pop3 
# firewall-cmd –permanent –add-service=imap 
# firewall-cmd –permanent –add-service=smtp 
# firewall-cmd –reload

Mail Server : Postfix + Clamav + Amavisd+SpamAssassin

1.Real-time scanning of emails

①Install Amavisd and Clamav Server
# dnf -y install amavisd-new clamd perl-Digest-SHA1 perl-IO-stringy
➁Edit configuration file
# vi /etc/clamd.d/scan.conf
●Line 81:Uncomment out
TemporaryDirectory /var/tmp
# touch /var/log/clamd.scan
# chown clamscan. /var/log/clamd.scan
# systemctl enable  clamd@scan
➂Configure and start Amavisd

# vi /etc/amavisd/amavisd.conf
●Per line 13 Deleting # at the beginning of a line
@bypass_spam_checks_maps = (1); # controls running of anti-spam code 
●Line 23:
$mydomain = ‘Domain’;
●Per line28 comment out
#$QUARANTINEDIR = undef; # -Q
●Per line125 comment out
# $virus_admin = undef; # notifications recip
●Line 158:Uncomment out
$myhostname = ‘mail.Domain‘;
●Per line 163,164 Uncomment out
$notify_method = ‘smtp:[127.0.0.1]:10025’; 
$forward_method = ‘smtp:[127.0.0.1]:10025’; # set to undef with milter!

# systemctl enable  amavisd 
Created symlink /etc/systemd/system/multi-user.target.wants/amavisd.service → /usr/lib/systemd/system/amavisd.service.

④Postfix Configuration

# vi /etc/postfix/main.cf
# Add to last line
content_filter=smtp-amavis:[127.0.0.1]:10024# vi /etc/postfix/master.cf
# Add to last line
smtp-amavis unix – – n – 2 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
127.0.0.1:10025 inet n – n – – smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
# systemctl restart postfix

2.Email spam protection

 ①Install SpamAssassin to prevent spam.
# dnf -y install spamassassin spamass-milter-postfix
# systemctl start spamassassin
# systemctl enable spamassassin
Created symlink /etc/systemd/system/multi-user.target.wants/spamassassin.service → /usr/lib/systemd/system/spamassassin.service.
②Configuring SpamAssassin
# vi /etc/mail/spamassassin/v310.pre
●Per line24   Remove # from the beginning of the line
loadplugin Mail::SpamAssassin::Plugin::DCC
③SpamAssassin Configuration File Update Script
# cd /var/www/system
# vi /var/www/system/spamassassin-update.sh

#!/bin/bash

cd /etc/mail/spamassassinwget -q https://github.com/kittyfreak/spamassassin_user_prefs/archive/refs/heads/main.zip
[ $? -ne 0 ] && exitunzip main.zip >/dev/null 2>&1
[ $? -ne 0 ] && exit
rm -f main.zipmv spamassassin_user_prefs-main/user_prefs .
rm -rf spamassassin_user_prefs-main
diff user_prefs user_prefs.org > /dev/null 2>&1
if [ $? -ne 0 ]; then
cp user_prefs local.cf
echo “report_safe 0” >> local.cf
echo “rewrite_header Subject ***SPAM***” >> local.cf
if [ -f /etc/rc.d/init.d/spamassassin ]; then
/etc/rc.d/init.d/spamassassin restart > /dev/null
else
systemctl restart spamassassin > /dev/null
fi
fi
cp user_prefs user_prefs.org

Grant execute permission to the spamassassin-update script and run it.

# chmod 700 /var/www/system/spamassassin-update.sh
# /var/www/system/spamassassin-update.sh
Confirm that the SpamAssassin configuration file has been created in the /etc/mail/spamassassin directory as of the current date.
# ls -l /etc/mail/spamassassin
合計 1520
drwxr-xr-x 2 root root 4096 1月 21 22:24 channel.d
-rw-r–r– 1 root root 985 12月 12 19:06 init.pre
-rw-r–r– 1 root root 499337 1月 21 23:20 local.cf
drwx—— 2 root root 4096 12月 12 19:06 sa-update-keys
-rw-r–r– 1 root root 62 12月 12 19:06 spamassassin-default.rc
-rwxr-xr-x 1 root root 35 12月 12 19:06 spamassassin-helper.sh
-rw-r–r– 1 root root 55 12月 12 19:06 spamassassin-spamc.rc
-rw-r–r– 1 root root 499289 12月 29 00:02 user_prefs
-rw-r–r– 1 root root 499289 1月 21 23:20 user_prefs.org
-rw-r–r– 1 root root 2523 1月 21 22:52 v310.pre
-rw-r–r– 1 root root 1194 12月 12 19:06 v312.pre
-rw-r–r– 1 root root 2416 12月 12 19:06 v320.pre
-rw-r–r– 1 root root 1237 12月 12 19:06 v330.pre
Set up cron to run automatically every day.
# crontab -e
0 2 * * * /var/www/system/spamassassin-update.sh > /dev/null 2>&1
④Incorporating SpamAssassin into Postfix

# vi /etc/postfix/master.cf
●Per line12
Add a “#” to the beginning of line 11 and add SpamAssassin settings on line 12
# smtp inet n – n – – smtpd
smtp inet n – n – – smtpd -o content_filter=spamassassin
●Add to last line
smtp-amavis unix – – n – 2 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes

127.0.0.1:10025 inet n – n – – smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000

spamassassin unix – n n – – pipe
user=nobody argv=/usr/bin/spamc -e /usr/sbin/sendmail.postfix -oi -f ${sender} ${recipient}

# vi /etc/postfix/main.cf
●Add the following to the last line
content_filter=smtp-amavis:[127.0.0.1]:10024

⑤Restart postfix. 

# systemctl restart postfix
タイトルとURLをコピーしました