OracleLinux8.10 ; Clamav(anti-virus) , Mail Server

Clamav(anti-virus)

1.Clam AntiVirus Install

2.Edit Clam AntiVirus configuration file

3.Virus definition file update settings

4.Virus definition file update

5.Start Clam AntiVirus

clamd start

clamd auto-startup configuration

operation check

6.Conduct virus scan

■Download a test virus and perform a virus scan

7.Virus scan auto-execute script

Create script storage directory

Create clamscan.sh under /var/www/system/

8.Virus scan exclusion directory settings

The sys and proc directories are excluded

9.Scheduled virus scan execution

10.Run a trial script and do a full scan (takes a while)

Mail Server Installation

1. Postfix

1.1 Install
Install Postfix and build an SMTP server

Make sure Postfix is installed

1.2 Register Postfix to the service

1.3 Backup postfix configuration files, main.cf and master.cf files

1.4 Edit postfix configuration file
To prevent unauthorized mail relay, configure Postfix to require authentication for outgoing mail as well, using Dovecot's SASL function.

Allow SMTP port (port 25)

1.5 Register Postfix as a service and start

2.Dovecot

2.1 dovecot Install

2.2 Edit dovecot.conf file

2.3 Edit 10-auth.conf file

2.4 Edit 10-mail.conf file

2.5 Edit 10-master.conf file

2.6 Edit 10-ssl.conf file

2.7 Register dovecot as a service and start

2.8 Allow port opening for POP/IMAP service with firewalld
POP is [110/TCP], IMAP is [143/TCP].

3.Create mail user and check operation

3.1 advance preparation
①Pretreatment for new users
When a new user is added, set up the system to automatically send and receive e-mail.

②Mail environment pre-processing for existing users
Configure the already created users to be able to send and receive e-mail.

3.2 User Account Creation

3.3 Operation check ①
Log in as an email user and send a test email.

Email Confirmation

3.4 Operation check ②
Set up and confirm your account in Mozilla Thunderbird. This time we will set it up with the general user "huong".
①Start Thunderbird, and click [Account Settings][Account Actions][Add Mail Account] in the [tools] menu.
Your full name : Any name
Email addtess : huong@korodes.com
Password : Password for huong
and click "Configure manually".

➁Set "INCOMMING SERVER" and "OUTGOING SERVER" as shown below and click "Re-test".

➂The following settings were found by probinfg the given server

After clicking "Done," the following "Warning" appears, but there is no problem, so click "Confirm"

④Click "Finish" when "Account syccessfuly created" is displayed.

Mail Server : Postfix + Clamav + clamav-milter+SpamAssassin

1.Real-time scanning of e-mails

①clamav-milter Install
Virus checks are performed on the mail server side using Clam AntiVirus.
The mail server and Clam AntiVirus are linked using clamav-milter.

clamav-milter configuration

clamav-milter startup and auto-startup settings

Postfix and clamav-milter integration settings
Edit Postfix configuration file

Add postfix user to clamilt group

Postfix Settings Reflected

Check with Thunderbird
I sent a blank email to myself in Thunderbird, and in the header display of the received email, I see the following
X-Virus-Scanned: clamav-milter 1.0.7 at Lepard

X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <xxxx@xxxxxx.com>
X-Original-To: xxxx@xxxxxx.com
Delivered-To: xxxx@xxxxxx.com
Received: from [192.168.11.100] (xxxxxxx.setup [192.168.11.1])
by mail.xxxxxxxxx (Postfix) with ESMTPA id 4AE22CBAAD
for <xxxx@xxxxxx.com>; Mon, 14 Oct 2024 13:11:52 +0900 (JST)
Message-ID: <a537729b-b5a0-4161-a53f-2dad8ede1be1@korodes.com>
Date: Mon, 14 Oct 2024 13:11:51 +0900
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Content-Language: en-US
To: xxxx@xxxxxx.com
From: huong <xxxx@xxxxxx.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: clamav-milter 1.0.7 at Lepard
X-Virus-Status: Clean

Try sending yourself an email with the body of the email "X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*" and confirm that the email is discarded and never received

2.Email spam protection

2.1 SpamAssassin, spamass-milter, and postfix settings

SpamAssassin・spamass-milter Install

SpamAssassin start

SpamAssassin Settings

SpamAssassin configuration file modernization script

Grant execute permission to the spamassassin-update script and run it

Confirm that the SpamAssassin configuration file (local.cf) has been created in the /etc/mail/spamassassin directory with the date of the day

Set up cron to automatically run a script daily that updates the SpamAssassin configuration file

spamass-milter startup and automatic startup settings

Postfix and spamass-milter integration settings

Restart postfix

Procmail Settings
Create procmail configuration file

Create procmail log rotation configuration file

Postfix and Procmail integration settings

Postfix Settings Reflected

2.2 Spam mail sorting settings

Mail marked as spam in the mail header by SpamAssassin will be delivered to a spam-only mailbox, while other mail will be delivered to a normal mailbox.

Create a dedicated spam mailbox
For existing users, add a spam-only mailbox to their mailboxes.
For new users, a spam-only mailbox will be automatically created when a user is added.
Created script to create spam-only mailboxes

Run script to create spam-only mailboxes

Measures against new users
Automatic spam-only mailbox creation when adding new users

spam mail sorting
Emails identified as spam by SpamAssassin are delivered to a spam-only mailbox.

spamass-milter confirmation
When you send a blank email to yourself, the following message is appended to the header of the received email
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on Lepard

X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <xxxx@kxxxxx.xx>
X-Original-To: xxxx@kxxxxx.xx
Delivered-To: xxxx@kxxxxx.xx
Received: from [192.168.11.100] (buffalo.setup [192.168.11.1])
by mail.xxxxx.xx (Postfix) with ESMTPA id B8F9E314793
for <xxxx@kxxxxx.xx>; Mon, 14 Oct 2024 18:52:59 +0900 (JST)
Message-ID: <8ea971bf-62e7-44a1-8ae6-bde0072e4b6e@korodes.com>
Date: Mon, 14 Oct 2024 18:52:59 +0900
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Content-Language: en-US
To: xxxx@kxxxxx.xx
From: xxxxx <xxxx@kxxxxx.xx>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: clamav-milter 1.0.7 at Lepard
X-Virus-Status: Clean
X-Spam-Status: No, score=2.3 required=13.0 tests=ALL_TRUSTED,
CONTENT_TYPE_PRESENT,EMPTY_MESSAGE autolearn=no autolearn_force=no
version=3.4.6
X-Spam-Level: **
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on Lepard

Spam check confirmation
Send yourself an email with the body of the email "XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X" and make sure the email is not delivered and is sorted into the Spam folder
The header states

X-Spam-Flag: YES
X-Spam-Status: Yes, score=1001.9 required=13.0 tests=ALL_TRUSTED,
CONTENT_TYPE_PRESENT,GTUBE,HTML_MESSAGE,HTML_OBFUSCATE_05_10,
MPART_ALT_DIFF,MULTIPART_ALTERNATIVE autolearn=no autolearn_force=no
version=3.4.6
X-Spam-Report:
* 0.1 ALL_TRUSTED Passed through trusted hosts only via SMTP
* 0.1 MULTIPART_ALTERNATIVE Multipart/alternative
* -0.1 CONTENT_TYPE_PRESENT exists:Content-Type
* 1000 GTUBE BODY: Generic Test for Unsolicited Bulk Email
* 0.7 MPART_ALT_DIFF BODY: HTML and text parts are different
* 0.1 HTML_OBFUSCATE_05_10 BODY: Message is 5% to 10% HTML
* obfuscation
* 1.0 HTML_MESSAGE BODY: HTML included in message
X-Spam-Level: **********************************************************************************
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on Lepard

Copied title and URL