# # # How to set your FreeBSD box up to be a spam/antivirus server side scan. # # Tested on FreeBSD-4.7,4.8 both release and stable branches # # Rooted Networks # sigterm # 8-25-2003 # # One thing about this howto: GO IN ORDER! or you will pay for it..... # # Lets get started. 1.) Verify you have a working sendmail daemon (that'd be nice) Once you have done that, its time to install procmail. cd /usr/ports/mail/procmail make make install Read anything that is in the installation process this port automagically puts the procmail lines in your /etc/mail/sendmail.cf file. Also you now have a file called /usr/local/etc/procmailrc 2.) Spamassassin time. cd /usr/ports/mail/p5-Mail-SpamAssassin make make install This creates a directory in /etc/mail called spamassassin. cd /etc/mail/spamassassin copy the local.cf.sample file to local.cf cp local.cf.sample local.cf edit local.cf (vi local.cf) Before you go further, there is an autoconf generator located at: http://www.yrex.com/spam/spamconfig.php it kicks butt! Once your done, lets move on to the next step. 3.) Next we have to install clam antivirus cd /usr/ports/security/clamav make make install We will get back to this later.... 4.) Now to install mimedefang cd /usr/ports/mail/mimedefang make make install Now we have to edit your sendmail.cf file to add the values in to make this work right. open up /etc/mail/sendmail.cf a) Search the file for: # Input mail filters #O InputMailFilters Now add this on the next line: O InputMailFilters=mimedefang b) once done with that, search for: MAILER DEFINITIONS you should see a procmail entry there. Below that enter this in: Xmimedefang, S=unix:/var/spool/MIMEDefang/mimedefang.sock, F=T, T=S:1m;R:1m save the file, your done with sendmail. mimedefang creates the directory /usr/local/etc/mimedefang In that directory there will be a file called: mimedefang-filter.example, copy this file to: mimedefang-filter Now time to edit it.... Follow the instructions in there, its pretty simple. Example) $AdminAddress = 'sadmin@spamfree.net'; $AdminName = "spam person"; $DaemonAddress = 'mimedefang@spamfree.net'; Ok you can do the rest i take it, heres one thing that might speed things up tho: remove the rest of the antivirus scanners that are not installed: # Scan for a virus using the first supported virus scanner we find. sub message_contains_virus () { # return message_contains_virus_clamd() if ($Features{'Virus:CLAMD'}); return message_contains_virus_clamav() if ($Features{'Virus:CLAMAV'}); return (wantarray ? (0, 'ok', 'ok') : 0); } # Scan for a virus using the first supported virus scanner we find. sub entity_contains_virus ($) { my($e) = @_; # return entity_contains_virus_clamd($e) if ($Features{'Virus:CLAMD'}); return entity_contains_virus_clamav($e) if ($Features{'Virus:CLAMAV'}); return (wantarray ? (0, 'ok', 'ok') : 0); Ok your done with that, save it. 5) Ok now were going to edit the /usr/local/etc/procmailrc just a little bit. open it up and enter this: DROPPRIVS=yes :0fw | /usr/local/bin/spamc save it. This will tell procmail to filter the message through the spamassassin. 6) Almost done, simple right? Now you have: Procmail installed and configured. Sendmail config file edited for filter use. Spamassassin configured for use. MimeDefang configured for use. Lets crank it up and see what happens. 7) goto your /usr/local/etc/rc.d directory. make a startup file for the spamd server thats going to have to run. anything will do, create the file spamd.sh and enter: #!/bin/sh # # Startup / shutdown script for Spamd daemon case "$1" in start) /usr/local/bin/spamd -d -C /etc/mail/spamassassin echo -n ' spamd' ;; stop) /usr/bin/killall spamd > /dev/null 2>&1 \ && echo -n ' spamd' ;; *) echo "" echo "Usage: `basename $0` { start | stop }" echo "" exit 64 ;; esac ################################## Now you should chmod 500 /usr/local/etc/rc.d/spamd.sh (good to go) Next there should be a mimedefang.sh-dist script in the /usr/local/etc/rc.d directory. How nice they made it for you already. copy it over to: mimedefang.sh Next we need to make a script for the clam antivirus update service We need to have fresh virus definitions. create the file: /usr/local/etc/rc.d/freshclam.sh enter the following: #!/bin/sh # # Startup / shutdown script for Clam Antivirus case "$1" in start) /usr/local/bin/freshclam -d -c 2 -l /var/log/freshclam.log echo -n ' freshclam' ;; stop) /usr/bin/killall freshclam > /dev/null 2>&1 \ && echo -n ' freshclam' ;; *) echo "" echo "Usage: `basename $0` { start | stop }" echo "" exit 64 ;; esac ################################### chmod this file: chmod 500 /usr/local/etc/rc.d/freshclam.sh create the logfile: touch /var/log/freshclam.log now when you installed the clamav, it created a user/group for you. make sure to chown the logfile to that: chown clamav:clamav /var/log/freshclam.log Now we can restart syslogd: killall -HUP syslogd Ok now we are ready to give it a shot and see what happens. open up another console as root: tail -f /var/log/all.log and now were going to: a) restart sendmail killall -HUP sendmail And if its not running: /usr/sbin/sendmail -L sm-mta -bd -q30m /usr/sbin/sendmail -L sm-msp-queue -Ac -q30m WATCH FOR ERRORS and fix immediately. b) startup spamd daemon sh /usr/local/etc/rc.d/spamd.sh start c) startup the freshclam update service sh /usr/local/etc/rc.d/freshclam.sh start d) startup the mimedefang program sh /usr/local/etc/rc.d/mimedefang.sh start NOW WATCH FOR ERRORS IN YOUR LOGFILE if all goes well, send some mail and watch the filters rip it to shreds.... Toodles Sigterm Rooted Networks sigterm@rootednetworks.com