Rocky Linux8.6 : Anti-Virus 、Mail Server

Install Clamav ( anti-virus software )

1.  Install

# dnf -y install clamav clamd clamav-update
2. Edit Clam AntiVirus configuration file

# vi /etc/clamd.d/scan.conf
# Line 14
# Default: disabled
LogFile /var/log/clamd.scan ← Uncomment
# Line 77
# Default: disabled
PidFile /run/clamd.scan/clamd.pid ← Uncomment
# Line 96
# Path to a local socket file the daemon will listen on.
# Default: disabled (must be specified by a user)
LocalSocket /run/clamd.scan/clamd.sock ← Uncomment
# Line 219
# Run as another user (clamd must be started by root for this option to work)
# Default: don't drop privileges
#User clamscan ← Add # at the beginning of the line and comment it out (to make it work with root privileges)

3.Virus definition file update settings

# vi /etc/freshclam.conf
# Line 75
#DatabaseMirror database.clamav.net  ← comment-out
DatabaseMirror db.jp.clamav.net  ← add
# Line 151
#NotifyClamd /path/to/clamd.conf
NotifyClamd /etc/clamd.d/scan.conf    ← add
4.Virus definition file update
# freshclam
ClamAV update process started at Wed Jun 8 17:09:20 2022
daily database available for download (remote version: 26565)
Time: 3.0s, ETA: 0.0s [========================>] 56.03MiB/56.03MiB
Testing database: '/var/lib/clamav/tmp.aca2d3f1fa/clamav-23517084062dbf640a1e7db5635d12b5.tmp-daily.cvd' ...
Database test passed.
daily.cvd updated (version: 26566, sigs: 1985565, f-level: 90, builder: raynman)
main database available for download (remote version: 62)
Time: 7.9s, ETA: 0.0s [========================>] 162.58MiB/162.58MiB
Testing database: '/var/lib/clamav/tmp.aca2d3f1fa/clamav-31ab0225aac64a6d935b73fa24c3b497.tmp-main.cvd' ...
Database test passed.
main.cvd updated (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)
bytecode database available for download (remote version: 333)
Time: 0.5s, ETA: 0.0s [========================>] 286.79KiB/286.79KiB
Testing database: '/var/lib/clamav/tmp.aca2d3f1fa/clamav-20ea46288aefc5e6fb938184abb83e92.tmp-bytecode.cvd' ...
Database test passed.
bytecode.cvd updated (version: 333, sigs: 92, f-level: 63, builder: awillia2)

5.Start Clam AntiVirus

# systemctl start clamd@scan
# systemctl enable clamd@scan
Created symlink /etc/systemd/system/multi-user.target.wants/clamd@scan.service → /usr/lib/systemd/system/clamd@.service.
# systemctl is-enabled clamd@scan
enabled
# systemctl status clamd@scan
clamd@scan.service - clamd scanner (scan) daemon
Loaded: loaded (/usr/lib/systemd/system/clamd@.service; enabled; vendor pres>
Active: active (running)since Wed 2022-06-08 17:14:43 JST; 46s ago
Docs: man:clamd(8)
man:clamd.conf(5)
https://www.clamav.net/documents/
Main PID: 23043 (clamd)
Tasks: 2 (limit: 11170)
Memory: 1.1G
CGroup: /system.slice/system-clamd.slice/clamd@scan.service
mq23043 /usr/sbin/clamd -c /etc/clamd.d/scan.conf6月 08 17:14:43 rocky clamd[23043]: ELF support enabled.
6月 08 17:14:43 rocky clamd[23043]: Mail files support enabled.
6月 08 17:14:43 rocky clamd[23043]: OLE2 support enabled.
6.Conducted virus scan
■Download a test virus and perform a virus scan
# wget http://www.eicar.org/download/eicar.com
# clamscan --infected --remove --recursive
/root/eicar.com: Win.Test.EICAR_HDB-1 FOUND ← Virus detection
/root/eicar.com: Removed. ← virus removal
----------- SCAN SUMMARY -----------
Known viruses: 8616037
Engine version: 0.103.5
Scanned directories: 1
Scanned files: 10
Infected files: 1
Data scanned: 0.02 MB
Data read: 0.01 MB (ratio 2.00:1)
Time: 35.383 sec (0 m 35 s)
Start Date: 2022:06:08 17:16:55
End Date: 2022:06:08 17:17:31
7.Deployment of virus scan auto-execution scripts
# mkdir -p /var/www/system
# cd /var/www/system

Create clamscan.sh in /var/www/system with the following contents
# vi /var/www/system/clamscan.sh
#!/bin/bash
PATH=/usr/bin:/bin
# excludeopt setup
excludelist=/var/www/system/clamscan.exclude
if [ -s $excludelist ]; then
for i in `cat $excludelist`
do
if [ $(echo "$i"|grep \/$) ]; then
i=`echo $i|sed -e 's/^\([^ ]*\)\/$/\1/p' -e d`
excludeopt="${excludeopt} --exclude-dir=$i"
else
excludeopt="${excludeopt} --exclude=$i"
fi
done
fi
# signature update
freshclam
# virus scan
clamscan --recursive --remove ${excludeopt} /

8.Virus scan exclusion directory settings

# chmod 700 clamscan.sh
# echo "/sys/" >> /var/www/system/clamscan.exclude
# echo "/proc/" >> /var/www/system/clamscan.exclude
Exclude sys and proc directories.
9.Scheduled virus scan execution
# crontab -e
0 1 * * * /var/www/system/clamscan.sh > /dev/null 2>&1

Install Mail Server

1. Install Postfix

1.1 install
Install Postfix and build an SMTP server

# dnf -y install postfix
Make sure Postfix is installed
# rpm -qa | grep postfix
pcp-pmda-postfix-5.3.5-8.el8.x86_64
postfix-3.5.8-4.el8.x86_64
postfix-perl-scripts-3.5.8-4.el8.x86_64
1.2 Register Postfix to the service
# systemctl enable postfix.service
Created symlink /etc/systemd/system/multi-user.target.wants/postfix.service → /usr/lib/systemd/system/postfix.service.
# systemctl is-enabled postfix.service
enabled
1.3 Backup postfix configuration files, main.cf and master.cf files
# cp -p /etc/postfix/main.cf `date '+/etc/postfix/main.cf.%Y%m%d'`
# cp -p /etc/postfix/master.cf `date '+/etc/postfix/master.cf.%Y%m%d'`
1.4Edit postfix configuration file
To prevent unauthorized mail relay, configure Postfix to require authentication even for outgoing mail, using Dovecot's SASL function.
# vi /etc/postfix/main.cf
# Per line 96 : add
#myhostname = virtual.domain.tld
myhostname = mail.<domain name>
# Per line 103 : Add your domain name
#mydomain = domain.tld
mydomain = <domain name>
# Per line 118 : Comment Out Deleted
myorigin = $mydomain
# Per line 135 : change
inet_interfaces = all
# Per line 183 : add
Comment out around line 183 and add to line 184.
#mydestination = $myhostname, localhost.$mydomain, localhost
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
# Per line 287 : add
#mynetworks = 168.100.189.0/28, 127.0.0.0/8
#mynetworks = $config_directory/mynetworks
#mynetworks = hash:/etc/postfix/network_table
mynetworks = 192.168.11.0/24, 127.0.0.0/8 ←192.168.11.0/24 to suit your environment
# Per line 440 : Comment Out Deleted
Set the mail storage format.
#home_mailbox = Mailbox
home_mailbox = Maildir/ 
# Per line 447 : add
#mail_spool_directory = /var/mail
mail_spool_directory = /var/spool/mail 
# Per line 593 : add
#smtpd_banner = $myhostname ESMTP $mail_name
#smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
smtpd_banner = $myhostname ESMTP unknown
# Add the following to the last line
# Limit send/receive mail size to 10M
message_size_limit = 10485760
# Limit mailbox size to 1G
mailbox_size_limit = 1073741824
# SMTP-Auth Settings
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous

smtpd_sasl_local_domain = $mydomain
smtpd_recipient_restrictions = permit_mynetworks, permit_auth_destination, permit_sasl_authenticated, reject

Release SMTP port (port 25)

# firewall-cmd --add-service=smtp --permanent
success
# firewall-cmd --reload
success
1.5 Start Postfix
# systemctl enable --now postfix
# systemctl start postfix

2.Install Dovecot

2.1 install
# dnf -y install dovecot
2.2 Edit dovecot.conf file
# cp -p /etc/dovecot/dovecot.conf `date '+ /etc/dovecot/dovecot.conf.%Y%m%d'`
# vi /etc/dovecot/dovecot.conf
# Per line 25 : add
# protocols = imap pop3 lmtp
protocols = imap pop3
# Per line 30 : Uncomment
# Remove [::] if listening for IPv4 only
listen = *, ::

2.3 Edit 10-auth.conf file

# vi /etc/dovecot/conf.d/10-auth.conf
# Line 10 : Uncomment change
If plain text authentication is also allowed
disable_plaintext_auth = no
# Line 100 : add
auth_mechanisms = plain login
2.3 Edit 10-mail.conf file
# vi /etc/dovecot/conf.d/10-mail.conf
# 31 : add
mail_location = maildir:~/Maildir
2.4 Edit 10-master.conf file
# vi /etc/dovecot/conf.d/10-master.conf
# Line 107-109 : Uncomment add
# Postfix smtp-auth
unix_listener /var/spool/postfix/private/auth {
mode = 0666
user = postfix
group = postfix
}
2.5 Edit 10-ssl.conf file
# vi /etc/dovecot/conf.d/10-ssl.conf
# Per line 8
Change "ssl = required" to "ssl = yes"
ssl = yes
2.6 Register dovecot as a service and start
# systemctl enable dovecot.service
Created symlink /etc/systemd/system/multi-user.target.wants/dovecot.service → /usr/lib/systemd/system/dovecot.service.
# systemctl is-enabled dovecot.service
Enabled
# systemctl start dovecot.service
2.7 Permission port opening for POP/IMAP service with firewalld
POP is [110/TCP], IMAP is [143/TCP].
# firewall-cmd --permanent --add-service=pop3
# firewall-cmd --permanent --add-service=imap
# firewall-cmd --reload

3.Create mail user and check operation

3.1 advance preparation
①Pretreatment for new users
When a new user is added, set up the system to automatically send and receive e-mail.

# mkdir -p /etc/skel/Maildir/{new,cur,tmp}
# chmod -R 700 /etc/skel/Maildir/
# echo "~/Maildir/"> /etc/skel/.forward
# chmod 600 /etc/skel/.forward

②Mail environment pre-processing for existing users
Configure the already created users to be able to send and receive e-mail.

# mkdir -p /home/huong/Maildir/{new,cur,tmp}
# chown -R huong:huong /home/huong/Maildir/
# chmod 700 /home/huong/Maildir
# chmod 700 /home/huong/Maildir/{new,cur,tmp}

3.2 User Account Creation

Mail client installation
# dnf -y install mailx
# echo 'export MAIL=$HOME/Maildir' >> /etc/profile.d/mail.sh

Add user [linux] # useradd linux
# passwd linux
Changing password for user linux.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.

3.3 operation check ①
①Log in as an email user and send a test email.
# su - linux
$ mail linux@localhost
Subject: Test Mail
mail test
.   ← To end the text, type ". "
EOT
$ mail
Heirloom Mail version 12.5 7/5/10. Type ? for help.
"/home/linux/Maildir": 1 message 1 new
>N 1 linux@korodes.com Sun Jun 12 19:52 17/510 "Test Mail"
& 1
Message 1:
From linux@korodes.com Sun Jun 12 19:52:28 2022
Return-Path: <linux@korodes.com>
X-Original-To: linux@localhost
Delivered-To: linux@localhost
Date: Sun, 12 Jun 2022 19:52:28 +0900
To: linux@localhost
Subject: Test Mail
User-Agent: Heirloom mailx 12.5 7/5/10
Content-Type: text/plain; charset=us-ascii
From: linux@korodes.com
Status: Rmail test&
3.4 operation check ②
Set up and confirm your account in Mozilla Thunderbird
This time we will set it up with the general user huong

①Start Thunderbird, and click "Tools", "Account Settings".

②「Account Actions」「Add Mail Account」

③Your full name : Any name
Email addtess : huong@korodes.com
Password : Password for user huong
Click on "Configure manually"

④Set "INCOMMING SERVER" and "OUTGOING SERVER" as shown below and click "Re-test".

⑤Server found is displayed.(The following settings were found by probinfg the given server)

After clicking "Done," the following "Warning" appears, but there is no problem, so click "Confirm."

⑥Click "Finish" when "Account syccessfuly created" is displayed.(Account syccessfuly created)

Postfix + Clamav + Amavisd+SpamAssassin

1.Real-time scanning of email

①Install Amavisd , Clamav Server
# dnf --enablerepo=epel,powertools -y install amavisd-new clamd perl-Digest-SHA1 perl-IO-stringy
➁Configuration File Edit
# vi /etc/clamd.d/scan.conf
# Line 77:change
PidFile /var/run/clamd.scan/clamd.pid
# Line 81:uncomment
TemporaryDirectory /var/tmp
# Line 96:change
LocalSocket /var/run/clamd.scan/clamd.sock
# touch /var/log/clamd.scan
# chown clamscan. /var/log/clamd.scan
# systemctl enable clamd@scan
➂Setup and start Amavisd

# vi /etc/amavisd/amavisd.conf
# Per line 13 : Delete # at the beginning of the line
@bypass_spam_checks_maps = (1); # controls running of anti-spam code 
# Line  23:Change to your domain name
$mydomain = 'domain name';
# Per line 28 : comment-out
#$QUARANTINEDIR = undef; # -Q
# Per line 125 : comment-out
# $virus_admin = undef; # notifications recip
# Line 158:Uncomment and change to own host name
$myhostname = 'mail.domain name';

# systemctl start amavisd
# systemctl enable amavisd 

Created symlink /etc/systemd/system/multi-user.target.wants/amavisd.service → /usr/lib/systemd/system/amavisd.service.

④Postfix Configuration

# vi /etc/postfix/main.cf
# Add to the last line
content_filter=smtp-amavis:[127.0.0.1]:10024
# vi /etc/postfix/master.cf
# Add to the last line 
smtp-amavis unix - - n - 2 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
127.0.0.1:10025 inet n - n - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
# systemctl restart postfix
⑤ Sent a test email to myself in Thunderbird, and in the header display part of the received email, I see the following
X-Virus-Scanned: amavisd-new at korodes.

2.Email spam protection

 ①SpamAssassin installed to prevent spam
# dnf -y install spamassassin spamass-milter-postfix
# systemctl start spamassassin
# systemctl enable spamassassin
Created symlink /etc/systemd/system/multi-user.target.wants/spamassassin.service → /usr/lib/systemd/system/spamassassin.service.
②SpamAssassin Settings
# vi /etc/mail/spamassassin/v310.pre
# Per line 24 : Remove # at the beginning of the line
loadplugin Mail::SpamAssassin::Plugin::DCC
③SpamAssassin configuration file modernization script
# cd /var/www/system
# vi /var/www/system/spamassassin-update.sh

#!/bin/bash

cd /etc/mail/spamassassin
wget -q https://github.com/kittyfreak/spamassassin_user_prefs/archive/refs/heads/main.zip
[ $? -ne 0 ] && exit
unzip main.zip >/dev/null 2>&1
[ $? -ne 0 ] && exit
rm -f main.zip
mv spamassassin_user_prefs-main/user_prefs .
rm -rf spamassassin_user_prefs-main
diff user_prefs user_prefs.org > /dev/null 2>&1
if [ $? -ne 0 ]; then
cp user_prefs local.cf
echo "report_safe 0" >> local.cf
echo "rewrite_header Subject ***SPAM***" >> local.cf

if [ -f /etc/rc.d/init.d/spamassassin ]; then
/etc/rc.d/init.d/spamassassin restart > /dev/null
else
systemctl restart spamassassin > /dev/null
fi
fi
cp user_prefs user_prefs.org

Grant execute permission to the spamassassin-update script and run it

# chmod 700 /var/www/system/spamassassin-update.sh
# /var/www/system/spamassassin-update.sh
Check that the SpamAssassin configuration file is created in the /etc/mail/spamassassin directory with the date of the day.
SpamAssassin configuration file is created as of the current date.
# ls -l /etc/mail/spamassassin
total 1636
drwxr-xr-x 2 root root 40 Jun 12 21:55 channel.d
-rw-r--r-- 1 root root 985 Apr 13 10:34 init.pre
-rw-r--r-- 1 root root 499337 Jun 12 22:36 local.cf
-rw-r--r-- 1 root root 126639 Jun 12 22:36 main.zip.1
drwx------ 2 root root 6 Apr 13 10:34 sa-update-keys
-rw-r--r-- 1 root root 62 Apr 13 10:34 spamassassin-default.rc
-rwxr-xr-x 1 root root 35 Apr 13 10:34 spamassassin-helper.sh
-rw-r--r-- 1 root root 55 Apr 13 10:34 spamassassin-spamc.rc
-rw-r--r-- 1 root root 499289 Dec 29 00:02 user_prefs
-rw-r--r-- 1 root root 499289 Jun 12 22:36 user_prefs.org
-rw-r--r-- 1 root root 2523 Jun 12 22:15 v310.pre
-rw-r--r-- 1 root root 1194 Apr 13 10:34 v312.pre
-rw-r--r-- 1 root root 2416 Apr 13 10:34 v320.pre
-rw-r--r-- 1 root root 1237 Apr 13 10:34 v330.pre
-rw-r--r-- 1 root root 1020 Apr 13 10:34 v340.pre
-rw-r--r-- 1 root root 1114 Apr 13 10:34 v341.pre
-rw-r--r-- 1 root root 1313 Apr 13 10:34 v342.pre
-rw-r--r-- 1 root root 1264 Apr 13 10:34 v343.pre
Set up cron to automatically run a script daily that updates the SpamAssassin configuration file
# crontab -e
0 2 * * * /var/www/system/spamassassin-update.sh > /dev/null 2>&1
④Integrate SpamAssassin into Postfix

# vi /etc/postfix/master.cf
# Per line 12
Add "#" to the beginning of line 12 and add SpamAssassin setting to line 13
# smtp inet n - n - - smtpd
smtp inet   n   -   n   -   -   smtpd
-o content_filter=spamassassin
# Add to last line
smtp-amavis unix - - n - 2 smtp
       -o smtp_data_done_timeout=1200
       -o smtp_send_xforward_command=yes
       -o disable_dns_lookups=yes

127.0.0.1:10025 inet n - n - - smtpd
       -o content_filter=
       -o local_recipient_maps=
       -o relay_recipient_maps=
       -o smtpd_restriction_classes=
       -o smtpd_client_restrictions=
       -o smtpd_helo_restrictions=
       -o smtpd_sender_restrictions=
       -o smtpd_recipient_restrictions=permit_mynetworks,reject
       -o mynetworks=127.0.0.0/8
       -o strict_rfc821_envelopes=yes
       -o smtpd_error_sleep_time=0
       -o smtpd_soft_error_limit=1001
       -o smtpd_hard_error_limit=1000

spamassassin unix - n n - - pipe
        user=nobody argv=/usr/bin/spamc -e /usr/sbin/sendmail.postfix -oi -f ${sender} ${recipient}

⑤Restart postfix

# systemctl restart postfix
⑥When you send a blank email to yourself in Thunderbird, you will see the following in the header
タイトルとURLをコピーしました