Contents
1. Clamav(anti-virus)
1.1 Clam AntiVirus Install
1 |
# dnf -y install clamav clamd clamav-update |
1.2 Edit Clam AntiVirus configuration file
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 |
# vi /etc/clamd.d/scan.conf Line 14 # Default: disabled LogFile /var/log/clamd.scan ← Uncomment Line 77 # Default: disabled PidFile /run/clamd.scan/clamd.pid ← Uncomment Line 96 # Path to a local socket file the daemon will listen on. # Default: disabled (must be specified by a user) LocalSocket /run/clamd.scan/clamd.sock ← Uncomment Line 219 # Run as another user (clamd must be started by root for this option to work) # Default: don't drop privileges #User clamscan ← Add # at the beginning of the line and comment it out (to make it work with root privileges) |
1.3 Virus definition file update settings
1 2 3 4 5 6 7 8 9 10 11 |
# vi /etc/freshclam.conf Line 75 Insert a "#" at the beginning of the line "DatabaseMirror database.clamav.net" and Add "DatabaseMirror db.jp.clamav.net" #DatabaseMirror database.clamav.net DatabaseMirror db.jp.clamav.net Per Line 151 Add "NotifyClamd /etc/clamd.d/scan.conf" #NotifyClamd /path/to/clamd.conf NotifyClamd /etc/clamd.d/scan.conf |
1.4 Virus definition file update
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 |
# freshclam ClamAV update process started at Wed Aug 9 15:27:16 2023 daily database available for download (remote version: 26994) Time: 1.3s, ETA: 0.0s [========================>] 58.82MiB/58.82MiB Testing database: '/var/lib/clamav/tmp.aab5f1004b/clamav-7d6dbe853cf7d769199009e8d0f70ca3.tmp-daily.cvd' ... Database test passed. daily.cvd updated (version: 26994, sigs: 2039812, f-level: 90, builder: raynman) main database available for download (remote version: 62) Time: 2.8s, ETA: 0.0s [========================>] 162.58MiB/162.58MiB Testing database: '/var/lib/clamav/tmp.aab5f1004b/clamav-5689b04d4cf704ce444fd99f66210516.tmp-main.cvd' ... Database test passed. main.cvd updated (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr) bytecode database available for download (remote version: 334) Time: 0.3s, ETA: 0.0s [========================>] 285.12KiB/285.12KiB Testing database: '/var/lib/clamav/tmp.aab5f1004b/clamav-55bc60cc992d3fb838262971a2eaf8fc.tmp-bytecode.cvd' ... Database test passed. bytecode.cvd updated (version: 334, sigs: 91, f-level: 90, builder: anvilleg) WARNING: Clamd was NOT notified: Can't connect to clamd through /run/clamd.scan/clamd.sock: No such file or directory |
1.5 Start Clam AntiVirus
clamd start
1 |
# systemctl start clamd@scan |
clamd auto-startup configuration
1 2 |
# systemctl enable clamd@scan Created symlink /etc/systemd/system/multi-user.target.wants/clamd@scan.service → /usr/lib/systemd/system/clamd@.service. |
operation check
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 |
# systemctl status clamd@scan ● clamd@scan.service - clamd scanner (scan) daemon Loaded: loaded (/usr/lib/systemd/system/clamd@.service; enabled; vendor pres> Active: active (running) since Fri 2023-08-18 11:06:28 JST; 21s ago Docs: man:clamd(8) man:clamd.conf(5) https://www.clamav.net/documents/ Main PID: 77380 (clamd) Tasks: 2 (limit: 22884) Memory: 1.2G CGroup: /system.slice/system-clamd.slice/clamd@scan.service mq77380 /usr/sbin/clamd -c /etc/clamd.d/scan.conf Aug 18 11:06:28 Lepard clamd[77380]: ELF support enabled. Aug 18 11:06:28 Lepard clamd[77380]: Mail files support enabled. Aug 18 11:06:28 Lepard clamd[77380]: OLE2 support enabled. Aug 18 11:06:28 Lepard clamd[77380]: PDF support enabled. Aug 18 11:06:28 Lepard clamd[77380]: SWF support enabled. Aug 18 11:06:28 Lepard systemd[1]: Started clamd scanner (scan) daemon. Aug 18 11:06:28 Lepard clamd[77380]: HTML support enabled. Aug 18 11:06:28 Lepard clamd[77380]: XMLDOCS support enabled. Aug 18 11:06:28 Lepard clamd[77380]: HWP3 support enabled. Aug 18 11:06:28 Lepard clamd[77380]: Self checking every 600 seconds. |
1.6 Conduct virus scan
Download a test virus and perform a virus scan
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 |
# wget http://www.eicar.org/download/eicar.com # clamscan --infected --remove --recursive /root/eicar.com: Win.Test.EICAR_HDB-1 FOUND /root/eicar.com: Removed. ----------- SCAN SUMMARY ----------- Known viruses: 8671786 Engine version: 0.103.8 Scanned directories: 1 Scanned files: 10 Infected files: 1 Data scanned: 0.02 MB Data read: 0.01 MB (ratio 2.00:1) Time: 14.699 sec (0 m 14 s) Start Date: 2023:08:18 11:07:33 End Date: 2023:08:18 11:07:48 |
1.7 Virus scan auto-execute script
Create script storage directory
1 2 |
# mkdir -p /var/www/system # cd /var/www/system |
Create clamscan.sh under /var/www/system/
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 |
# vi /var/www/system/clamscan.sh Describe the following #!/bin/bash PATH=/usr/bin:/bin # excludeopt setup excludelist=/var/www/system/clamscan.exclude if [ -s $excludelist ]; then for i in `cat $excludelist` do if [ $(echo "$i"|grep \/$) ]; then i=`echo $i|sed -e 's/^\([^ ]*\)\/$/\1/p' -e d` excludeopt="${excludeopt} --exclude-dir=$i" else excludeopt="${excludeopt} --exclude=$i" fi done fi # signature update freshclam # virus scan clamscan --recursive --remove ${excludeopt} / |
1 |
# chmod 700 clamscan.sh |
1.8 Virus scan exclusion directory settings
1 2 |
# echo "/sys/" >> /var/www/system/clamscan.exclude # echo "/proc/" >> /var/www/system/clamscan.exclude |
The sys and proc directories are excluded.
1.9 Scheduled virus scan execution
1 2 |
# crontab -e 0 1 * * * /var/www/system/clamscan.sh > /dev/null 2>&1 |
Run a trial script and do a full scan (takes a while)
1 |
# /var/www/system/clamscan.sh |
2. Mail Server Installation
2.1 Postfix
Install Postfix and build an SMTP server
1 |
# dnf -y install postfix |
Make sure Postfix is installed
1 2 3 4 |
# rpm -qa | grep postfix postfix-3.5.8-4.el8.x86_64 postfix-perl-scripts-3.5.8-4.el8.x86_64 pcp-pmda-postfix-5.3.7-17.0.1.el8_8.x86_64 |
2.2 Register Postfix to the service
1 2 3 4 |
# systemctl enable postfix.service Created symlink /etc/systemd/system/multi-user.target.wants/postfix.service → /usr/lib/systemd/system/postfix.service. # systemctl is-enabled postfix.service enabled |
2.3 Edit postfix configuration file
Backup postfix configuration files, main.cf and master.cf files
1 2 |
# cp -p /etc/postfix/main.cf `date '+/etc/postfix/main.cf.%Y%m%d'` # cp -p /etc/postfix/master.cf `date '+/etc/postfix/master.cf.%Y%m%d'` |
To prevent unauthorized mail relay, configure Postfix to require authentication for outgoing mail as well, using Dovecot's SASL function.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 |
# vi /etc/postfix/main.cf Added around line 96 #myhostname = virtual.domain.tld myhostname = mail.<Domain name> Add your domain name around line 103 #mydomain = domain.tld mydomain = <Domain name> Uncomment out per line 118 myorigin = $mydomain Change per line 135 inet_interfaces = all Comment out around line 183 and add to line 184. #mydestination = $myhostname, localhost.$mydomain, localhost mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain Added around line 287 #mynetworks = 168.100.189.0/28, 127.0.0.0/8 #mynetworks = $config_directory/mynetworks #mynetworks = hash:/etc/postfix/network_table mynetworks = 192.168.11.0/24, 127.0.0.0/8 ←192.168.11.0/24 to suit your environment Uncomment per line 440 Set the mail storage format. #home_mailbox = Mailbox home_mailbox = Maildir/ Added around line 447 #mail_spool_directory = /var/mail mail_spool_directory = /var/spool/mail Added around line 593 #smtpd_banner = $myhostname ESMTP $mail_name #smtpd_banner = $myhostname ESMTP $mail_name ($mail_version) smtpd_banner = $myhostname ESMTP unknown Add the following to the last line # Limit send/receive mail size to 10M message_size_limit = 10485760 # Limit mailbox size to 1G mailbox_size_limit = 1073741824 #SMTP-Auth Settings smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous smtpd_sasl_local_domain = $mydomain smtpd_recipient_restrictions = permit_mynetworks, permit_auth_destination, permit_sasl_authenticated, reject |
2.4 Release SMTP port (port 25)
1 2 3 4 |
# firewall-cmd --add-service=smtp --permanent success # firewall-cmd --reload success |
2.5 Start Postfix
1 2 |
# systemctl enable --now postfix # systemctl start postfix |
3. Dovecot
3.1 dovecot Install
1 |
# dnf -y install dovecot |
3.2 Edit dovecot.conf file
1 2 3 4 5 6 7 8 9 10 11 |
# cp -p /etc/dovecot/dovecot.conf `date '+ /etc/dovecot/dovecot.conf.%Y%m%d'` # vi /etc/dovecot/dovecot.conf Add around line 25 # protocols = imap pop3 lmtp protocols = imap pop3 Line 30 : Uncomment # Remove [::] if listening for IPv4 only listen = *, :: |
3.3 Edit 10-auth.conf file
1 2 3 4 5 6 7 8 |
# vi /etc/dovecot/conf.d/10-auth.conf Line 10 : Uncomment and change If plain text authentication is also allowed disable_plaintext_auth = no Line 100 : Add auth_mechanisms = plain login |
3.4 Edit 10-mail.conf file
1 2 3 4 |
# vi /etc/dovecot/conf.d/10-mail.conf Line 31 : Add mail_location = maildir:~/Maildir |
3.5 Edit 10-master.conf file
1 2 3 4 5 6 7 8 9 |
# vi /etc/dovecot/conf.d/10-master.conf Lines 107-109 : Uncomment and add # Postfix smtp-auth unix_listener /var/spool/postfix/private/auth { mode = 0666 user = postfix group = postfix } |
3.6 Edit 10-ssl.conf file
1 2 3 4 5 |
# vi /etc/dovecot/conf.d/10-ssl.conf Per line 8 Change "ssl = required" to "ssl = yes" ssl = yes |
3.7 Register dovecot as a service and start
1 2 3 4 5 |
# systemctl enable dovecot.service Created symlink /etc/systemd/system/multi-user.target.wants/dovecot.service → /usr/lib/systemd/system/dovecot.service. # systemctl is-enabled dovecot.service Enabled # systemctl start dovecot.service |
3.8 Permission port opening for POP/IMAP service with firewalld
POP is [110/TCP], IMAP is [143/TCP].
1 2 3 |
# firewall-cmd --permanent --add-service=pop3 # firewall-cmd --permanent --add-service=imap # firewall-cmd --reload |
4.Create mail user and check operation
4.1 事前準備
①Pretreatment for new users
When a new user is added, set up the system to automatically send and receive e-mail.
1 2 3 4 |
# mkdir -p /etc/skel/Maildir/{new,cur,tmp} # chmod -R 700 /etc/skel/Maildir/ # echo "~/Maildir/"> /etc/skel/.forward # chmod 600 /etc/skel/.forward |
②Mail environment pre-processing for existing users
Configure the already created users to be able to send and receive e-mail.
1 2 3 4 |
# mkdir -p /home/huong/Maildir/{new,cur,tmp} # chown -R huong:huong /home/huong/Maildir/ # chmod 700 /home/huong/Maildir # chmod 700 /home/huong/Maildir/{new,cur,tmp} |
4.2 User Account Creation
Mail client installation
1 2 |
# dnf -y install mailx # echo 'export MAIL=$HOME/Maildir' >> /etc/profile.d/mail.sh |
Add user [linux]
1 2 3 4 5 6 |
# useradd linux # passwd linux Changing password for user linux. New password: Retype new password: passwd: all authentication tokens updated successfully. |
4.3 Operation check ①
Log in as an email user and send a test email.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 |
# su - linux $ mail linux@localhost Subject: Test Mail test mail . EOT $ mail Heirloom Mail version 12.5 7/5/10. Type ? for help. "/home/linux/Maildir": 1 message 1 new >N 1 linux@korodes.com Fri Aug 18 11:39 17/511 "Test Mail" & 1 Message 1: From linux@korodes.com Fri Aug 18 11:39:00 2023 Return-Path: <linux@korodes.com> X-Original-To: linux@localhost Delivered-To: linux@localhost Date: Fri, 18 Aug 2023 11:39:00 +0900 To: linux@localhost Subject: Test Mail User-Agent: Heirloom mailx 12.5 7/5/10 Content-Type: text/plain; charset=utf-8 From: linux@korodes.com Status: R test mail & Enter "q" to exit |
4.4 Operation check ②
Set up and confirm your account in Mozilla Thunderbird. This time we will set it up with the general user "huong".
①Start Thunderbird 「Tools」「Account Settings」
②「Account Actions」「Add Mail Account」
③「Your full name」は任意の名称
Your full name : Any name
Email addtess : huong@korodes.com
Password : Password for huong
and click "Configure manually".
④Set "INCOMMING SERVER" and "OUTGOING SERVER" as shown below and click "Re-test".
⑤The following settings were found by probinfg the given server
「After clicking "Done," the following "Warning" appears, but there is no problem, so click "Confirm"
⑥Click "Finish" when "Account syccessfuly created" is displayed.
Mail server : Postfix + Clamav + Amavisd+SpamAssassin
1.Real-time scanning of e-mails
①Install Amavisd and Clamav Server
1 2 3 4 |
# dnf config-manager --set-enabled ol8_codeready_builder # dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm # dnf config-manager --set-enabled epel # dnf -y install amavisd-new clamd perl-Digest-SHA1 perl-IO-stringy |
➁Configuration File Editing
1 2 3 4 5 6 7 8 9 10 |
# vi /etc/clamd.d/scan.conf Line 77: Change PidFile /var/run/clamd.scan/clamd.pid Line 81: Uncomment TemporaryDirectory /var/tmp Line 96: Change LocalSocket /var/run/clamd.scan/clamd.sock |
1 2 3 |
# touch /var/log/clamd.scan # chown clamscan. /var/log/clamd.scan # systemctl enable clamd@scan |
➂Setup and start Amavisd
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 |
# vi /etc/amavisd/amavisd.conf Delete # at the beginning of the line per line 13 @bypass_spam_checks_maps = (1); # controls running of anti-spam code Line 23:Change to own domain name $mydomain = 'Domain name'; Comment out per line 28 #$QUARANTINEDIR = undef; # -Q Comment out per line 125 # $virus_admin = undef; # notifications recip Line 158:Uncomment and change to own host name $myhostname = 'mail.Domain name'; # systemctl start amavisd # systemctl enable amavisd Created symlink /etc/systemd/system/multi-user.target.wants/amavisd.service → /usr/lib/systemd/system/amavisd.service. |
④Postfix Configuration
1 2 3 |
# vi /etc/postfix/main.cf # Add to the last line content_filter=smtp-amavis:[127.0.0.1]:10024 |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 |
# vi /etc/postfix/master.cf # Add to the last line smtp-amavis unix - - n - 2 smtp -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes 127.0.0.1:10025 inet n - n - - smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_client_restrictions= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks=127.0.0.0/8 -o strict_rfc821_envelopes=yes -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 |
1 |
# systemctl restart postfix |
⑤Check with Thunderbird
I sent a test email to myself in Thunderbird, and in the header display part of the received email, I see the following
"X-Virus-Scanned: amavisd-new at korodes."
2.Email spam protection
①SpamAssassin Settings
1 2 3 4 |
# vi /etc/mail/spamassassin/v310.pre Delete # at the beginning of the line per line 24 loadplugin Mail::SpamAssassin::Plugin::DCC |
➁SpamAssassin configuration file modernization script
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 |
# cd /var/www/system # vi spamassassin-update.sh Describe the following #!/bin/bash cd /etc/mail/spamassassin wget -q https://github.com/kittyfreak/spamassassin_user_prefs/archive/refs/heads/main.zip [ $? -ne 0 ] && exit unzip main.zip >/dev/null 2>&1 [ $? -ne 0 ] && exit rm -f main.zip mv spamassassin_user_prefs-main/user_prefs . rm -rf spamassassin_user_prefs-main diff user_prefs user_prefs.org > /dev/null 2>&1 if [ $? -ne 0 ]; then cp user_prefs local.cf echo "report_safe 0" >> local.cf echo "rewrite_header Subject ***SPAM***" >> local.cf # SpamAssassin restart if [ -f /etc/rc.d/init.d/spamassassin ]; then /etc/rc.d/init.d/spamassassin restart > /dev/null else systemctl restart spamassassin > /dev/null fi fi cp user_prefs user_prefs.org |
Grant execute permission to the spamassassin-update script and run it
1 2 |
# chmod 700 /var/www/system/spamassassin-update.sh # /var/www/system/spamassassin-update.sh |
Check that the SpamAssassin configuration file is created in the /etc/mail/spamassassin directory with the date of the day.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 |
# ls -l /etc/mail/spamassassin total 1632 drwxr-xr-x 2 root root 40 Aug 14 10:19 channel.d -rw-r--r-- 1 root root 1194 May 6 2022 init.pre -rw-r--r-- 1 root root 500636 Aug 14 10:35 local.cf drwx------ 2 root root 6 May 6 2022 sa-update-keys -rw-r--r-- 1 root root 62 May 6 2022 spamassassin-default.rc -rwxr-xr-x 1 root root 39 May 6 2022 spamassassin-helper.sh -rw-r--r-- 1 root root 55 May 6 2022 spamassassin-spamc.rc -rw-r--r-- 1 root root 500588 Apr 30 10:24 user_prefs -rw-r--r-- 1 root root 500588 Aug 14 10:35 user_prefs.org -rw-r--r-- 1 root root 2523 Aug 14 10:34 v310.pre -rw-r--r-- 1 root root 1194 May 6 2022 v312.pre -rw-r--r-- 1 root root 2416 May 6 2022 v320.pre -rw-r--r-- 1 root root 1237 May 6 2022 v330.pre -rw-r--r-- 1 root root 1020 May 6 2022 v340.pre -rw-r--r-- 1 root root 1309 May 6 2022 v341.pre -rw-r--r-- 1 root root 1469 May 6 2022 v342.pre -rw-r--r-- 1 root root 1264 May 6 2022 v343.pre |
Set up cron to automatically run a script daily that updates the SpamAssassin configuration file
1 2 |
# crontab -e 0 2 * * * /var/www/system/spamassassin-update.sh > /dev/null 2>&1 |
➂Integrate SpamAssassin into Postfix
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 |
# vi /etc/postfix/master.cf Add "#" to the beginning of line 12 and add SpamAssassin setting to line 13 # smtp inet n - n - - smtpd smtp inet n - n - - smtpd -o content_filter=spamassassin Add to last line smtp-amavis unix - - n - 2 smtp -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes 127.0.0.1:10025 inet n - n - - smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_client_restrictions= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks=127.0.0.0/8 -o strict_rfc821_envelopes=yes -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 spamassassin unix - n n - - pipe user=nobody argv=/usr/bin/spamc -e /usr/sbin/sendmail.postfix -oi -f ${sender} ${recipient} |
④Restart postfix
1 |
# systemctl restart postfix |
⑤If you send an e-mail to yourself in Thunderbird with the following information in the body, the following will appear in the header.
「XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X」