1.Anti-virus software Clamav installed
1.1 Install
|
1 |
# apt install clamav clamav-daemon |
The clamav-related configuration files are installed in the "/etc/clamav/" folder.
1.2 Virus definition updates
|
1 2 |
# systemctl stop clamav-freshclam # freshclam |
|
1 2 3 4 5 6 7 |
Tue Oct 3 16:04:23 2023 -> ClamAV update process started at Tue Oct 3 16:04:23 2023 Tue Oct 3 16:04:23 2023 -> ^Your ClamAV installation is OUTDATED! Tue Oct 3 16:04:23 2023 -> ^Local version: 0.103.9 Recommended version: 0.103.10 Tue Oct 3 16:04:23 2023 -> DON'T PANIC! Read https://docs.clamav.net/manual/Installing.html Tue Oct 3 16:04:23 2023 -> daily.cvd database is up-to-date (version: 27049, sigs: 2041893, f-level: 90, builder: raynman) Tue Oct 3 16:04:23 2023 -> main.cvd database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr) Tue Oct 3 16:04:23 2023 -> bytecode.cvd database is up-to-date (version: 334, sigs: 91, f-level: 90, builder: anvilleg) |
|
1 |
# systemctl start clamav-freshclam |
Change configuration file
|
1 2 3 4 5 6 |
# vi /etc/logrotate.d/clamav-freshclam Line 7 create 640 clamav adm ↓ create 640 clamav clamav |
1.3 Virus Check Confirmation
①Running manual virus checks
|
1 2 3 4 5 6 7 8 9 10 11 12 13 |
# clamscan --infected --remove --recursive /home ----------- SCAN SUMMARY ----------- Known viruses: 8673709 Engine version: 0.103.9 Scanned directories: 5 Scanned files: 7 Infected files: 0 Data scanned: 0.00 MB Data read: 0.00 MB (ratio 0.00:1) Time: 26.991 sec (0 m 26 s) Start Date: 2023:10:03 16:06:41 End Date: 2023:10:03 16:07:08 |
Infected files: 0, so no virus
②Download a test virus to detect viruses
Download a trial harmless virus to test detection
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 |
# wget http://www.eicar.org/download/eicar.com # clamscan --infected --remove --recursive /root/eicar.com: Win.Test.EICAR_HDB-1 FOUND /root/eicar.com: Removed. ----------- SCAN SUMMARY ----------- Known viruses: 8673709 Engine version: 0.103.9 Scanned directories: 7 Scanned files: 7 Infected files: 1 Data scanned: 0.02 MB Data read: 0.01 MB (ratio 2.00:1) Time: 20.622 sec (0 m 20 s) Start Date: 2023:10:03 16:13:24 End Date: 2023:10:03 16:13:45 |
The virus is notified with the message "FOUND" and "Infected files: 1". Also, since the "--remove" option is attached, the test virus has been removed.
1.4 Create a script file to do a full scan
|
1 2 3 |
# mkdir /opt/script (if /opt/script is missing) # cd /opt/script # vi clam-full.sh |
①Contents of clam-full.sh (new)
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 |
#!/bin/sh echo ========================================= date hostname clamscan / \ --infected \ --recursive \ --log=/var/log/clamav/clamscan.log \ --move=/var/log/clamav/virus \ --exclude-dir=^/boot \ --exclude-dir=^/sys \ --exclude-dir=^/proc \ --exclude-dir=^/dev \ --exclude-dir=^/var/log/clamav/virus if [ $? = 0 ]; then echo "virus undetected." else echo "virus detection!!" fi |
②grant execution authority
|
1 |
# chmod +x /opt/script/clam-full.sh |
③Create a folder for virus quarantine (if it already exists, it is OK, but if it does not, a runtime error will occur because it is specified as an excluded directory in the above script).
|
1 |
# mkdir /var/log/clamav/virus |
④I'll give it a try and run it.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 |
# /opt/script/clam-full.sh ========================================= Wed Oct 4 03:06:02 PM JST 2023 lepard LibClamAV Warning: cli_scanxz: decompress file size exceeds limits - only scanning 27262976 bytes ----------- SCAN SUMMARY ----------- Known viruses: 8673973 Engine version: 0.103.9 Scanned directories: 11418 Scanned files: 73563 Infected files: 0 Data scanned: 4246.76 MB Data read: 6302.87 MB (ratio 0.67:1) Time: 703.081 sec (11 m 43 s) Start Date: 2023:10:04 15:06:02 End Date: 2023:10:04 15:17:45 Virus not detected. |
LibClamAV Warning: cli_scanxz: decompress file size exceeds limits - only scanning 27262976 bytes
If the above message is displayed, run with the "--max-filesize=200M" and "--max-scansize=200M" options.
⑤Scheduled virus scan execution with cron
|
1 2 |
# crontab -e 0 2 * * mon /opt/script/clam-full.sh >> /var/log/clamav/clamascan.log |
2. Email software installation
2.1 Postfix : Installation/Configuration
Install Postfix and build an SMTP server. 25/TCP is used for SMTP.
To prevent unauthorized mail relay, use the SASL function of Dovecot (see below), and configure Postfix so that authentication is required even for outgoing mail.
①Install
|
1 |
# apt -y install postfix sasl2-bin |
Installation Status Screen
You will be asked to select a general configuration setting, select "No Configuration" to set it manually later.
②Configuration File Edit
|
1 2 |
# cp /usr/share/postfix/main.cf.dist /etc/postfix/main.cf # vi /etc/postfix/main.cf |
Editing Contents
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 |
# Line 82:Uncomment mail_owner = postfix # Line 100:Add hostname specification myhostname = mail.[domain name] # Line 107:Add domain name specification mydomain = [domain name] # Line127:Uncomment myorigin = $mydomain # Line 141:Uncomment inet_interfaces = all # Line 189:Uncomment mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain # Line 232:Uncomment local_recipient_maps = unix:passwd.byname $alias_maps # Line 277:Uncomment mynetworks_style = subnet # Line 294:self-networking addition mynetworks = 127.0.0.0/8, 192.168.11.0/24 # Line 416:Uncomment alias_maps = hash:/etc/aliases # Line 427:Uncomment alias_database = hash:/etc/aliases # Line 449:Uncomment home_mailbox = Maildir/ # Line 585:Make it a comment and add below it #smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu) smtpd_banner = $myhostname ESMTP # Line 659:add sendmail_path = /usr/sbin/postfix # Line 664:add newaliases_path = /usr/bin/newaliases # Line 669:add mailq_path = /usr/bin/mailq # Line 675:add setgid_group = postdrop # Line 679:comment #html_directory = # Line 683:comment #manpage_directory = # Line 688:comment #sample_directory = # Line 692:comment #readme_directory = # Add to last line: message_size_limit = 10485760 # Limit mailbox size to 1G mailbox_size_limit = 1073741824 # SMTP-Auth Settings smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous smtpd_sasl_local_domain = $myhostname smtpd_recipient_restrictions = permit_mynetworks, permit_auth_destination, permit_sasl_authenticated, reject |
③master.cf edit
|
1 |
# vi /etc/postfix/master.cf |
Editing Contents
|
1 2 3 4 5 6 7 8 9 10 11 12 |
smtp inet n - y - - smtpd Line 19,22 Uncomment #smtp inet n - y - 1 postscreen #smtpd pass - - y - - smtpd #dnsblog unix - - y - 0 dnsblog #tlsproxy unix - - y - 0 tlsproxy submission inet n - y - - smtpd # -o syslog_name=postfix/submission # -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes # -o smtpd_tls_auth_only=yes |
④Reflecting settings
|
1 2 |
# newaliases # systemctl restart postfix |
2.2 Dovecot : Installation/Configuration
Install Dovecot and build a POP/IMAP server, using 110/TCP for POP and 143/TCP for IMAP
|
1 |
# apt -y install dovecot-core dovecot-pop3d dovecot-imapd |
①Configure Dovecot to provide SASL functionality for Postfix
|
1 2 3 4 |
# vi /etc/dovecot/dovecot.conf Line 30:Uncomment listen = *, :: |
|
1 2 3 4 5 6 7 |
# vi /etc/dovecot/conf.d/10-auth.conf Line 10:Uncomment and change (also allow plain text authentication) disable_plaintext_auth = no Line 100:add auth_mechanisms = plain login |
|
1 2 3 4 |
# vi /etc/dovecot/conf.d/10-mail.conf Line 30:Change to Maildir format mail_location = maildir:~/Maildir |
|
1 2 3 4 5 6 7 8 9 |
# vi /etc/dovecot/conf.d/10-master.conf Line 107-109:Uncommented and added # Postfix smtp-authi unix_listener /var/spool/postfix/private/auth { mode = 0666 user = postfix group = postfix } |
②Configuration Reflection
|
1 |
# systemctl restart dovecot |
2.3 Port Open
|
1 2 3 4 |
# ufw allow pop3 # ufw allow imap # ufw allow smtp # ufw reload |
2.4 Email User Account Registration
Register a user account for e-mail.
This setting is for when a user account on the OS is also used for e-mail.
If you want to use mail with a user account on the OS, you do not need to make any additional settings, only register an OS user.
①Mail Client Install
|
1 |
# apt -y install mailutils |
②Mailboxes are set to refer to Maildir
|
1 |
# echo 'export MAIL=$HOME/Maildir/' >> /etc/profile.d/mail.sh |
2.5 operation check ①
①Test sending mail
Send test mail to yourself [mail (user name)@(host name)].
|
1 2 3 4 5 6 7 |
# su - [user name] $ mail [user name]@localhost Cc: # subject Subject: Test Mail # body This is the first mail. |
Ctrl + D key to exit the main text
➁Check incoming mail
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 |
$ mail "/home/[user name]/Maildir/": 1 message 1 new >N 1 [user name] Wed Oct 4 01:24 13/425 Test Mail ? 1 Return-Path: <user name@lepard> X-Original-To:[user name]g@localhost Delivered-To: [user name]@localhost Received: by mail.korodes.com (Postfix, from userid 1000) id 41F6CB326; Wed, 4 Oct 2023 10:24:07 +0900 (JST) To: <user name@localhost> Subject: Test Mail User-Agent: mail (GNU Mailutils 3.15) Date: Wed, 4 Oct 2023 10:24:07 +0900 Message-Id: <20231004012407.41F6CB326@mail.korodes.com> From: [user name] <user name@lepard> This is the first mail. |
2.6 operation check ②
Set up and confirm your account in Mozilla Thunderbird
①Start Thunderbird, and click "Tools", "Account Settings".
②「Account Actions」「Add Mail Account」
③Your full name : any name
Email addtess : huong@korodes.com" that I just added.
Password : Password for user huong
Click on "Configure manually"
④Set "INCOMMING SERVER" and "OUTGOING SERVER" as shown below and click "Re-test".
⑤"The following settings were found by probinfg the given server" Displayed
After clicking "Done," the following "Warning" appears, but there is no problem, so click "Confirm.
⑥Click "Finish" when "Account syccessfuly created" is displayed.
2.7 Applied ClamAV to mail server Postfix
Set up Postfix and Clamav to work together to scan incoming and outgoing mail in real time.
①Install Amavisd and Clamav Daemon and start Clamav Daemon
|
1 2 3 |
$ su - Password: # apt -y install clamav-daemon amavisd-new |
If the server is not using a fully qualified domain name (FQDN) as the hostname, Amavis may fail to start.
Also, since the OS hostname may change, set a valid hostname directly in the Amavis configuration file
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 |
# vi /etc/amavis/conf.d/05-node_id Line 11 : Uncomment and change use strict; # $myhostname is used by amavisd-new for node identification, and it is # important to get it right (e.g. for ESMTP EHLO, loop detection, and so on). chomp($myhostname = `hostname --fqdn`); # To manually set $myhostname, edit the following line with the correct Fully # Qualified Domain Name (FQDN) and remove the # at the beginning of the line. # $myhostname = "mail.[domain name]"; 1; # ensure a defined return |
②"15-content_filter_mode" editing
|
1 2 3 4 |
# vi /etc/amavis/conf.d/15-content_filter_mode Uncomment and enable virus scan @bypass_virus_checks_maps = ( \%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re); |
③Register your own domain name
|
1 |
# echo '<yourDomain>' > /etc/mailname |
④"main.cf" editing
|
1 2 3 4 |
# vi /etc/postfix/main.cf Add to last line content_filter=smtp-amavis:[127.0.0.1]:10024 |
⑤"master.cf" editing
|
1 |
# vi /etc/postfix/master.cf |
Editing Contents
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 |
# Add all the following lines to the last line smtp-amavis unix - - n - 2 smtp -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes 127.0.0.1:10025 inet n - n - - smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_client_restrictions= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks=127.0.0.0/8 -o strict_rfc821_envelopes=yes -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 |
⑥Configuration Reflection
|
1 2 3 |
# usermod -G clamav amavis # usermod -G amavis clamav # systemctl restart clamav-daemon amavis postfix |
⑦When you send an e-mail to yourself on Thuderbird, etc., it is successful if you see the following message in the header of the incoming e-mail.
2.8Applied spamassassin to mail server Postfix
2.5.1 spamassassin install
①Install
|
1 2 3 |
# apt update # apt upgrade # apt install spamassassin |
②SpamAssassin Settings
The configuration file is "/etc/mail/spamassassin/local.cf".
Use by default with no additional configuration
Creating a Maildir for storing spam mail
Create a directory for storing spam mails in Maildir format
Create a directory ".Spam" for storing spam mails in Maildir format
Creation must be done by the target user.
|
1 2 3 4 5 6 7 |
# su – <user name> $ cd ~ Create a directory named ".Spam" $ cd Maildir $ /usr/bin/maildirmake.dovecot .Spam $ su – Password: |
2.5.2 Procmail Preparation
①Procmail Install
|
1 |
# apt install procmail |
If installed, the following results are returned
|
1 2 |
# which procmail /usr/bin/procmail |
②Procmail Settings
If you put the filter in "/etc/procmailrc", which is in charge of the entire mail filter, the filter will be applied to all users.
If you put it in "/home/username/.procmailrc", which is the mail filter file for each user, the filter will be applied only to that user.
In this case, to apply the filter to all users, we will put it in "/etc/procmailrc".
|
1 |
# vi /etc/procmailrc |
procmailrc description (newly created)
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 |
# Set path PATH=/bin:/usr/bin:/usr/local/bin # Mailbox Settings MAILDIR=$HOME/Maildir DEFAULT=$MAILDIR/ # Specify log file output destination for Procmail LOGFILE=$MAILDIR/procmaillog # Specify lock file path LOCKFILE=$HOME/.lockmail # If there is no "X-Spam-***" in the mail header, spamassassassin will be started. :0fw *!^X-Spam.* |spamassassin # If the mail header contains "X-Spam-Status: Yes", the mail will be stored in the ".Spam" directory. :0 * ^X-Spam-Status: Yes $MAILDIR/.Spam/ |
2.5.3 Postfix Configuration
① "main.cf" editing
|
1 2 3 4 |
# vi /etc/postfix/main.cf Add to the last line mailbox_command = /usr/bin/procmail |
②Reflecting and activating settings
|
1 2 |
# systemctl start spamd # systemctl restart postfix |
2.5.4Spam Email Learning
Learning all the contents of all users' ".Spam" directories as spam mail
①Learning of spam mail
|
1 2 |
# /usr/bin/sa-learn --spam /home/*/Maildir/.Spam/cur Learned tokens from 0 message(s) (0 message(s) examined). <-- Learned 0 emails as spam mails |
②Normal mail learning
|
1 2 |
# /usr/bin/sa-learn --ham /home/*/Maildir/cur Learned tokens from 4 message(s) (4 message(s) examined). <-- Learned 4 emails as normal emails |
③Create a script and register it with Cron
Name the file "spam-learns.sh" and place it under /opt/script/.
After saving the script, give it executable access as "chmod 750 spam-learns.sh".
|
1 |
# vi /opt/script/spam-learns.sh |
spam-learns.sh Contents
|
1 2 3 4 5 6 7 |
#! /bin/sh # Spam Email Learning /usr/bin/sa-learn --spam /home/*/Maildir/.Spam/cur # Learning normal mail /usr/bin/sa-learn --ham /home/*/Maildir/cur # If you want to force the deletion of the contents of the spam mail storage directory, add the following statement /bin/rm -f /home/*/Maildir/.Spam/cur |
|
1 |
# chmod 750 /opt/script/spam-learns.sh |
After spam-learns.sh is created, create a definition file directly under /lib/systemd/system.
The name should end in .service, like spam-learns.service.
Define the Type as simple.
|
1 2 |
# cd /lib/systemd/system # vi spam-learns.service |
Contents of spam-learns.service
|
1 2 3 4 5 6 7 8 9 10 |
[Unit] Description=demo sample node.js program [Service] Type=simple ExecStart= /opt/script/spam-learns.sh Restart=always [Install] WantedBy=multi-user.target |
|
1 2 |
# crontab -e 0 4 * * * /opt/script/spam-learns.sh |
|
1 2 |
# systemctl enable spam-learns Created symlink /etc/systemd/system/multi-user.target.wants/spam-learns.service → /lib/systemd/system/spam-learns.service. |
④Send a blank email to yourself in Thunderbird, etc., and if you see the following message in the header of the received email, you have succeeded.
