業務用エアコン関連の技術情報、エラーコード、環境問題対策に関する別サイト「エアコンの安全な修理・適切なフロン回収」

openSUSE Tumbleweed : Clamav , Mail Server

1. clamav ( anti-virus software )

1.1 Clamav Install

# zypper -n install clamav

1.2 virus definition file update

①Configuration File Editing

# vi /etc/freshclam.conf

Line 88 : comment out and add below
#DatabaseMirror database.clamav.net
DatabaseMirror db.jp.clamav.net

②virus definition file update

# freshclam

ClamAV update process started at Tue Jun 23 15:13:28 2026
daily database available for download (remote version: 28039)
Time:    0.3s, ETA:    0.0s [========================>]   22.33MiB/22.33MiB
Time:    0.8s, ETA:    0.0s [========================>]    8.87KiB/8.87KiB
Testing database: '/var/lib/clamav/tmp.ee8d9d1540/daily.cvd' ...
Database test passed.
daily.cvd updated (version: 28039, sigs: 355472, f-level: 90, builder: svc.clamav-publisher)
main database available for download (remote version: 63)
Time:    0.8s, ETA:    0.0s [========================>]   84.95MiB/84.95MiB
Time:    0.3s, ETA:    0.0s [========================>]    8.87KiB/8.87KiB
Testing database: '/var/lib/clamav/tmp.ee8d9d1540/main.cvd' ...
Database test passed.
main.cvd updated (version: 63, sigs: 3287027, f-level: 90, builder: tomjudge)
bytecode database available for download (remote version: 339)
Time:    0.2s, ETA:    0.0s [========================>]  275.10KiB/275.10KiB
Time:    0.5s, ETA:    0.0s [========================>]    8.87KiB/8.87KiB
Testing database: '/var/lib/clamav/tmp.ee8d9d1540/bytecode.cvd' ...
Database test passed.
bytecode.cvd updated (version: 339, sigs: 80, f-level: 90, builder: nrandolp)
WARNING: Clamd was NOT notified: Can't connect to clamd through /run/clamav/clamd.sock: No such file or directory

1.3 operation check

■Download a test virus and scan it

# cd /home
# wget https://secure.eicar.org/eicar.com.txt
# clamscan --infected --remove --recursive /home
/home/eicar.com.txt: Eicar-Test-Signature FOUND
/home/eicar.com.txt: Removed.

----------- SCAN SUMMARY -----------
Known viruses: 3627878
Engine version: 1.5.2
Scanned directories: 10
Scanned files: 10
Infected files: 1
Data scanned: 23.96 KiB
Data read: 12.15 KiB (ratio 1.97:1)
Time: 10.014 sec (0 m 10 s)
Start Date: 2026:06:23 15:18:38
End Date:   2026:06:23 15:18:49

1.4 Deployment of virus scan auto-execution scripts

①Create script storage directory

# mkdir -p /srv/www/system

②Creation of auto-execution scripts

# cd /srv/www/system

Create clamscan.sh in /srv/www/system with the following contents
# vi /srv/www/system/clamscan.sh

Describe the following
#!/bin/bash
PATH=/usr/bin:/bin
# excludeopt setup
excludelist=/srv/www/system/clamscan.exclude
if [ -s $excludelist ]; then
for i in `cat $excludelist`
do
if [ $(echo "$i"|grep \/$) ]; then
i=`echo $i|sed -e 's/^\([^ ]*\)\/$/\1/p' -e d`
excludeopt="${excludeopt} --exclude-dir=$i"
else
excludeopt="${excludeopt} --exclude=$i"
fi
done
fi
# signature update
freshclam
# virus scan
clamscan --recursive --remove ${excludeopt} /

Grant execute permissions to scripts

# chmod 700 clamscan.sh

The sys and proc directories are excluded from the scan because they cannot be scanned due to the specification.
OpenSUSE creates a large number of snapshots, so if necessary, set them in non-target directories.

# echo "/sys/" >> /srv/www/system/clamscan.exclude
# echo "/proc/" >> /srv/www/system/clamscan.exclude
# echo "/.snapshots/" >> /srv/www/system/clamscan.exclude

Set up periodic virus scan

# crontab -e
0 1 * * * /srv/www/system/clamscan.sh > /dev/null 2>&

Execute "/srv/www/system/clamscan.sh" to scan the entire system

# /srv/www/system/clamscan.sh

2.  Mail server Install

2.1 Postfix Install

Install Postfix and build an SMTP server

# zypper -n install postfix

Postfix Settings
To prevent unauthorized mail relay, use the SASL function of Dovecot, described below, and configure Postfix to require authentication for sending as well.

# vi /etc/postfix/main.cf

Line 100:Hostname specification
myhostname = mail.[domain]

Line 107:Domain Name Specification
mydomain = [domain]

Line 122:Uncomment
myorigin = $mydomain

Line 136:Uncomment
inet_interfaces = all

Line 184: Uncomment
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain

Line 286:Unlock comments and add to your own network
mynetworks = 127.0.0.0/8, 192.168.11.0/24

Line 443:Unlock comments and switch to Maildir format
home_mailbox = Maildir/

# Add to the last line
# Limit mailbox size as needed (example below: 1 GB)
mailbox_size_limit = 1073741824
# Limit the size of sent and received emails as needed (example below: 10MB)
message_size_limit = 10485760
smtpd_sasl_auth_enable = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
smtpd_recipient_restrictions = permit_mynetworks, permit_auth_destination, permit_sasl_authenticated, reject
# systemctl start postfix
# systemctl enable postfix

SMTP service permission is required if Firewalld is enabled; SMTP uses 25/TCP

# firewall-cmd --add-service=smtp --permanent
success
# firewall-cmd --reload
success

2.3 Dovecot

①Install

# zypper -n install dovecot

Dovecot Settings
Configure Dovecot to provide SASL functionality for Postfix.

# vi /etc/dovecot/dovecot.conf

Per Line 25 : Additional (if not listening on IPv6)
listen = *

Per Line 46 : Comment
#  mail_inbox_path = ~/Maildir/.INBOX

# Add to the last line
service auth {
  unix_listener /var/spool/postfix/private/auth {
    mode = 0666
    user = postfix
    group = postfix
  }
}

Dovecot startup and automatic execution

# systemctl start dovecot
# systemctl enable dovecot
Created symlink /etc/systemd/system/multi-user.target.wants/dovecot.service → /usr/lib/systemd/system/dovecot.service.

④POP/IMAP service permission required if Firewalld is enabled
POP uses 110/TCP, IMAP uses 143/TCP

# firewall-cmd --add-service={pop3,imap} --permanent
success
# firewall-cmd --reload
success

2.4 User Account Registration

①Preprocessing for new users
When a new user is added, set up the system to automatically send and receive mail.

# mkdir -p /etc/skel/Maildir/{new,cur,tmp}
# chmod -R 700 /etc/skel/Maildir/
# echo "~/Maildir/"> /etc/skel/.forward
# chmod 600 /etc/skel/.forward

②Mail environment pre-processing for existing users
Configure already created users(huong) to be able to send and receive mail.

# mkdir -p /home/huong/Maildir/{new,cur,tmp}
# chown -R huong:huong /home/huong/Maildir/
# chmod 700 /home/huong/Maildir
# chmod 700 /home/huong/Maildir/{new,cur,tmp}

➂Mail client installation

# zypper -n install mailx

④Mailboxes are set to refer to Maildir

# echo 'export MAIL=$HOME/Maildir' >> /etc/profile.d/mail.sh

2.5 Confirmation of operation

Set up an account in Thunderbird, a free email client, to check its operation.
However, depending on your provider, port 587 may be used for the outgoing server.
Please free up port 587 in your firewall settings.

# firewall-cmd --add-port=587/tcp --permanent
# firewall-cmd --reload

Set up and confirm your account in Mozilla Thunderbird (for OS user huong as mail user)
Start Thunderbird and click [New Account][Email] in the [Three] menu in the upper right corner.

Full name : Arbitrary name
Email address : huong@<domain-name>
Enter each and click "Continue".

Click on "EDIT CONFIGURATION"

Incoming Server Settings
Set [Connection security] to [None] and click [Continue].

Configure the outgoing server
Set [Connection security] to [None] and click [Test].

Click "Continue"

Enter the user's password in the "Password" field and click "Continue"

Click "Continue"

Click "Finish" when the email account has been successfully created.

3. Mail Server : Postfix + Clamav + clamav-milter+SpamAssassin

Set up Postfix and Clamav to work together to scan incoming and outgoing mail in real time.

3.1 clamav-milter Install

# zypper install https://www.rpmfind.net/linux/opensuse/tumbleweed/repo/oss/x86_64/clamav-milter-1.5.2-2.2.x86_64.rpm
# systemctl start clamd
# systemctl enable clamd
Created symlink '/etc/systemd/system/multi-user.target.wants/clamd.service' → '/usr/lib/systemd/system/clamd.service'.

3.2 Configure clamav-milter

Configuration File Editing

# vi /etc/clamav-milter.conf

Line 19 : Add
MilterSocketMode 660


Line 37 : Add as a comment below
#User vscan
User postfix

Per Line 167 : Add
OnInfected Blackhole

Per Line 189 : Add
AddHeader Yes

Startup and Auto-Run Settings

# systemctl start clamav-milter
 
# systemctl enable clamav-milter
Created symlink /etc/systemd/system/multi-user.target.wants/clamav-milter.service → /usr/lib/systemd/system/clamav-milter.service.

3.3  Postfix and clamav-milter integration settings

# vi /etc/postfix/main.cf

Add the following at the end
milter_default_action = tempfail
smtpd_milters = unix:/run/clamav/clamav-milter.sock
non_smtpd_milters = unix:/run/clamav/clamav-milter.sock

3.4  Add postfix user to clamilt group

# groupadd clamilt
# usermod -G clamilt -a postfix
# systemctl restart postfix

3.5 Check with Thunderbird

Send a blank email to yourself in Thunderbird and the following
"X-Virus-Scanned: clamav-milter 1.5.2 at Lepard" appears in the header display section of the received email.

X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: xxxxx@xxxxxxx.com
X-Original-To:xxxxx@xxxxxxx.com
Delivered-To: xxxxx@xxxxxxx.com
Received: from [192.168.11.6] (buffalo.setup [192.168.11.1])
  by mail.xxxxxxx.com (Postfix) with ESMTPA id 213AA61AD
  for xxxxx@xxxxxxx.com; Tue, 23 Jun 2026 16:07:57 +0900 (JST)
Message-ID: 7c308509-66ec-4641-81fc-2f4777c010ec@xxxxxxx.com
Date: Tue, 23 Jun 2026 16:07:57 +0900
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
From: xxxxx xxxxx@xxxxxxx.com
Content-Language: en-US
To: xxxxx xxxxx@xxxxxxx.com
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: clamav-milter 1.5.2 at Lepard
X-Virus-Status: Clean

4.virus scan script substitution

Set up a notification to a specified e-mail address after virus check scan.

Create virus scan exclusion directory list

# cd /srv/www/system/
# vi clamscan.exclude
/sys/
/proc/
/.snapshots ← openSUSE is configured to take a large number of snapshots, so if you don't need them, set

Disable existing script and create new virus scan script

# cd /srv/www/system/
# mv clamscan.sh clamscan.sh_bak
# vi clamscan.sh

Contents of new "clamscan.sh"

#!/bin/bash

PATH=/usr/bin:/bin

MAILTO="<Any email address>"

# excludeopt setup
excludelist=/srv/www/system/clamscan.exclude
if [ -s $excludelist ]; then
for i in `cat $excludelist`
do
if [ $(echo "$i"|grep \/$) ]; then
i=`echo $i|sed -e 's/^\([^ ]*\)\/$/\1/p' -e d`
excludeopt="${excludeopt} --exclude-dir=^$i"
else
excludeopt="${excludeopt} --exclude=^$i"
fi
done
fi

# signature update
freshclam 2>&1 > /dev/null

# virus scan
CLAMSCANTMP=`mktemp`
#clamscan --recursive --remove ${excludeopt} / > $CLAMSCANTMP 2>&1
clamscan --recursive ${excludeopt} / > $CLAMSCANTMP 2>&1
[ ! -z "$(grep FOUND$ $CLAMSCANTMP)" ] && \

# report mail send
grep FOUND$ $CLAMSCANTMP | mail -s "Virus Found in `hostname`" $MAILTO
rm -f $CLAMSCANTMP
# chmod 700 clamscan.sh

You will now be notified by email if there is a virus. If there is no virus, you will not be notified.

2.Email spam protection

2.1 SpamAssassin・spamass-milter・postfix setting

SpamAssassin・spamass-milter Install

# zypper -n install spamassassin spamass-milter

Launch SpamAssassin

# systemctl start spamd

SpamAssassin Settings

# vi /etc/mail/spamassassin/v310.pre

Delete # at the beginning of the line per line 24
loadplugin Mail::SpamAssassin::Plugin::DCC

Create script to update SpamAssassin configuration file

# cd /srv/www/system/

# vi spamassassin-update.sh
Describe the following
#!/bin/bash

cd /etc/mail/spamassassin
wget -q https://github.com/kittyfreak/spamassassin_user_prefs/archive/refs/heads/main.zip
[ $? -ne 0 ] && exit
unzip main.zip >/dev/null 2>&1
[ $? -ne 0 ] && exit
rm -f main.zip
mv spamassassin_user_prefs-main/user_prefs .
rm -rf spamassassin_user_prefs-main
diff user_prefs user_prefs.org > /dev/null 2>&1
if [ $? -ne 0 ]; then
cp user_prefs local.cf
echo "report_safe 0" >> local.cf
echo "rewrite_header Subject ***SPAM***" >> local.cf
# SpamAssassin restart
if [ -f /usr/bin/spamassassin ]; then
/usr/bin/spamassassin restart > /dev/null
else
systemctl restart spamd > /dev/null
fi
fi
cp user_prefs user_prefs.org

Grant execute permission to the spamassassin-update script and run it

# chmod 700 /srv/www/system/spamassassin-update.sh
# /srv/www/system/spamassassin-update.sh

Confirm that the SpamAssassin configuration file (local.cf) is created in the /etc/mail/spamassassin directory with the date of the day

# ls -l /etc/mail/spamassassin

total 1520
-rw-r--r-- 1 root root   1649 Jan 20  2025 init.pre
-rw-r--r-- 1 root root 500636 Jun 23 16:16 local.cf
-rw-r--r-- 1 root root 500588 Apr 30  2023 user_prefs
-rw-r--r-- 1 root root 500588 Jun 23 16:16 user_prefs.org
-rw-r--r-- 1 root root   2262 Jun 23 16:15 v310.pre
-rw-r--r-- 1 root root   1168 Jan 20  2025 v312.pre
-rw-r--r-- 1 root root   2416 Jan 20  2025 v320.pre
-rw-r--r-- 1 root root   1237 Jan 20  2025 v330.pre
-rw-r--r-- 1 root root   1020 Jan 20  2025 v340.pre
-rw-r--r-- 1 root root   1315 Jan 20  2025 v341.pre
-rw-r--r-- 1 root root   1519 Jan 20  2025 v342.pre
-rw-r--r-- 1 root root   1266 Jan 20  2025 v343.pre
-rw-r--r-- 1 root root   1482 Jan 20  2025 v400.pre
-rw-r--r-- 1 root root   1118 Jan 20  2025 v401.pre

Set up cron to automatically run a script daily that updates the SpamAssassin configuration file

# crontab -e
0 2 * * * /var/www/system/spamassassin-update.sh > /dev/null 2>&1

spamass-milter startup and automatic startup settings

# systemctl start spamass-milter

# systemctl enable spamass-milter
Created symlink /etc/systemd/system/multi-user.target.wants/spamass-milter.service → /usr/lib/systemd/system/spamass-milter.service.

Postfix and spamass-milter integration settings

# vi /etc/postfix/main.cf

Add the following
milter_default_action = tempfail
smtpd_milters = unix:/var/run/clamav-milter/clamav-milter.socket,unix:/run/spamass-milter/socket  ※If clamav-milter is already defined
non_smtpd_milters = unix:/var/run/clamav-milter/clamav-milter.socket,unix:/run/spamass-milter/socket  ※If clamav-milter is already defined

postfix restart

# systemctl restart postfix

⑧Procmail configuration
procmail configuration file creation

# vi /etc/procmailrc

Describe the following
SHELL=/bin/bash
PATH=/usr/bin:/bin
DROPPRIVS=yes
MAILDIR=$HOME/Maildir
DEFAULT=$MAILDIR/
LOGFILE=$HOME/.procmail.log # Log Output Destination
VERBOSE=ON # Detailed Log Output

Create procmail log rotation configuration file

# vi /etc/logrotate.d/procmail

Describe the following
/home/*/.procmail.log {
    missingok
    nocreate
    notifempty
}

Postfix and Procmail integration settings

# vi /etc/postfix/main.cf

Per line 473 : addition
#mailbox_command = /some/where/procmail
#mailbox_command = /some/where/procmail -a "$EXTENSION"
mailbox_command = /usr/bin/procmail ← Addition (to be linked to Procmail)

Postfix Settings Reflected

# systemctl restart postfix

2.2 Spam mail sorting settings

Mail marked as spam in the mail header by SpamAssassin will be delivered to a spam-only mailbox, while other mail will be delivered to a normal mailbox.

Create a dedicated spam mailbox
For existing users, a dedicated spam mailbox will be added to the mailbox.
For new users, a spam-only mailbox should be automatically created when a user is added.
①Created script to create spam-only mailboxes

# vi spamfolder-create

Describe the following
#!/bin/bash

for user in `ls /home`
do
    id -u $user > /dev/null 2>&1
    if [ $? -eq 0 ] && [ ! -d /home/$user/Maildir/.Spam/new ]; then
        mkdir -p /home/$user/Maildir/.Spam/new
        mkdir -p /home/$user/Maildir/.Spam/cur
        mkdir -p /home/$user/Maildir/.Spam/tmp
        chmod -R 700 /home/$user/Maildir/.Spam
        chown -R $user. /home/$user/Maildir/.Spam
        echo $user
    fi
done

Run script to create spam-only mailboxes

# bash spamfolder-create
huong

Measures for new users
Automatic spam-only mailbox creation when adding new users

# mkdir -p /etc/skel/Maildir/.Spam/{new,cur,tmp}
# chmod -R 700 /etc/skel/Maildir/.Spam

➁spam mail sorting
Emails identified as spam by SpamAssassin are delivered to a spam-only mailbox.

# vi /etc/procmailrc

Add the following to the end
# Emails identified as spam by SpamAssassin are delivered to a spam-only mailbox
:0
*^X-Spam-Flag: YES
$HOME/Maildir/.Spam/

➂spamass-milter confirmation
When you send a blank email to yourself, the following message is appended to the header of the received email
X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-26) on Lepard

X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: xxxxx@xxxxxxx.com
X-Original-To: xxxxx@xxxxxxx.com
Delivered-To: xxxxx@xxxxxxx.com
Received: from [192.168.11.6] (buffalo.setup [192.168.11.1])
  by mail.xxxxxxx.com (Postfix) with ESMTPA id ADE4062AD
  for xxxxx@xxxxxxx.com; Tue, 23 Jun 2026 16:26:58 +0900 (JST)
Message-ID: 85766b9c-2924-42bd-aa8d-980df4e1a18e@korodes.com
Date: Tue, 23 Jun 2026 16:26:58 +0900
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
From: xxxxx xxxxx@xxxxxxx.com
Content-Language: en-US
To: xxxxx xxxxx@xxxxxxx.com
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: clamav-milter 1.5.2 at Lepard
X-Virus-Status: Clean
X-Spam-Status: No, score=1.2 required=5.0 tests=ALL_TRUSTED,EMPTY_MESSAGE,
  MISSING_SUBJECT autolearn=no autolearn_force=no version=4.0.1
X-Spam-Level: *
X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-26) on Lepard

④Spam check confirmation
Send yourself an email with the body of the email "XJSC4JDBQADN1.NSBN32IDNENGTUBE-STANDARD-ANTI-UBE-TEST-EMAILC.34X" and make sure the email is not delivered and is sorted into the Spam folder
The header states
Check the contents of /home/huong/Maildir/.Spam/new

X-Spam-Flag: YES
X-Spam-Status: Yes, score=1001.2 required=5.0 tests=ALL_TRUSTED,GTUBE,
     HTML_MESSAGE,MPART_ALT_DIFF autolearn=no autolearn_force=no
     version=4.0.1
X-Spam-Level: ********************************************
X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-26) on Lepard