Note: The following is part of a series of steps to setup an email server using Exim 4.x, with imap and webmail access. It will use winbind to get user information from an NT server. If you found this page via a search engine it may not cover what you need or you may need to start at the beginning to understand everything I have done.
(Note: These instructions reference software that is now possibly much newer with many new or different configuration options. This page is being left up for reference.)
- Setup Exim and make sure it works. My steps are here.
- Setup AV and make sure it works. My steps for ClamAV are here.
- Download and install MailScanner.
- Edit the exim.conf file.
- Edit the /etc//MailScanner/MailScanner.conf file.
- Edit the /etc/MailScanner/virus.scanners.conf file.
- Edit the /etc/sysconfig/MailScanner file.
- Verify directories need and permissions.
- Restart Exim and start MailScanner.
- Setup cron job to clean up the retry database.
- Misc notes.
Here is everything the way I did it. (Currently running v4.23-11.)
Go to http://www.sng.ecs.soton.ac.uk/mailscanner/ and download. I used the RPM for RedHat.
Unpack the tar file:
tar xvzf MailScanner-version.rpm.tar.gz
Cd into the MailScanner directory and read the README and QuickInstall.txt files.
Run the install script:
If you have problems, follow what the install script outputs and/or see the README file. For instance I had to update a Perl module.
First, stop exim and possibly MailScanner (it will start because of a cron job that is run hourly):
service exim stop
service MailScanner stop
Mine is in /etc/exim/exim.conf. Per the MailScanner instructions copy it to a new file, which will be used for the second instance of exim.
cp exim.conf exim_scanned.conf
Now in exim.conf, place this in the "Main Configuration Settings" section at the top:
# Added for MailScanner spool_directory = /var/spool/exim_incoming queue_only = true
Then in the "Routers Configuration" add:
# Added for MailScanner defer_router: driver = manualroute route_list = * 127.0.0.1 byname self = defer verify = false
I placed this below the domain_literal and dnslookup routers, but before the local domain routers, such as the system_aliases router. It works for both incoming and outgoing here.
Another alternative, recommended to me by Michael using Exim v4.13, is this:
defer_director: driver = smartuser new_address = :defer: All deliveries are deferred verify = false
defer_router: driver = domainlist self = defer route_list = "* 127.0.0.1 byname" verify = false
Here are parts of my MailScanner.conf file that I changed from the default. Note that each version of MailScanner tends to add more features. Please use this only as an example that may be out of date.
# # System settings # --------------- # ... # Set location of incoming mail queue # .... # Incoming Queue Dir = /var/spool/exim_incoming/input/ # Set location of outgoing mail queue. # This can also be the filename of a ruleset. Outgoing Queue Dir = /var/spool/exim/input/ # ... # Set whether to use sendmail or exim (default is sendmail) MTA = exim # Set how to invoke MTA when sending created message # (e.g. to sender/recipient saying "found a virus in your message") Sendmail = /usr/sbin/exim # Sendmail2 is provided for Exim users. # ... Sendmail2 = /usr/sbin/exim -C /etc/exim/exim_scanned.conf # # ------------------------ # # ... # Pay attention to these sections. # Config as needed. #... # # Notices to System Administrators # -------------------------------- # # ... Notices Include Full Headers = yes # Where to send the notices. # This can also be the filename of a ruleset. Notices To = email@example.com # Address of the local Postmaster, which is used as the "From" address in # virus warnings sent to users. # This can also be the filename of a ruleset. Local Postmaster = firstname.lastname@example.org # ...
There are many more options you need to setup to your liking, such as HTML exploit protection, virus scanner to be used, and SpamAssasin options if applicable.
This is to make sure the path to your scanner is correct. Note that they currently point to wrapper files. If you scanner does not have a wrapper for it in /usr/lib/MailScanner, like inoculate did not in a previous version, then you place the path to the command line scanner executable. Such as:
If it does have a wrapper file, then you need to look though that for any options you may want to modify. For example, if you are using clamav, ala clamscan, and you get messages that say "File size limit exceeded" edit /usr/lib/MailScanner/clamav-wrapper. Uncomment the second "ExtraScanOptions" line, which can be dangerous, or define your own "ExtraScanOptions" below it like:
That would allow a file up to 30meg in size to be unzipped from a file an scanned without the warning.
The default setup tries to start sendmail. Here is mine:
# Are you running Postfix, sendmail, Exim or ZMailer? # #MTA=sendmail #MTA=postfix MTA=exim #MTA=zmailer # ... # Exim settings # EXIM=/usr/bin/exim EXIMINCF=/etc/exim/exim.conf # Incoming configuration file EXIMSENDCF=/etc/exim/exim_scanned.conf # Outgoing configuration file
chkconfig exim off
Remember in the exim.config you specified a spool directory. Make sure it is created and that the Exim user and group have rights to it. Example:cd /var/spool
chown -R mail.mail exim_incoming
Also make sure the MailScanner directories are setup as called in the mailscanner.conf file. As to rights, see "Misc Notes" below.
Check your exim config files for errors first by running:
exim -bV -C /etc/exim/exim_scanned.conf
service MailScanner start
With the older versions and if you did not want to use the MailScanner init.d script remember to also:
service exim start
Do not do these tests on unsuspecting users. If nothing else, add an email in the /etc/aliases that loops back to your address.
Send an email with nothing but text. Does it get delivered? If not, check the exim logs. It may be the queue runner has not passed by yet. Does it have the header "X-[ID]-MailScanner: Found to be clean"?
Send an email with an attached file that is known to be infected. If you don't have one, try the test signature eicar at http://www.eicar.org/anti_virus_test_file.htm. Is the virus detected? If not, does it have the header "X-[ID]-MailScanner: Found to be clean"?
Send the same email with infected file to an outside address that is yours or someone that has agreed to be a test subject. Is the virus detected? If not, does it have the header "X-[ID]-MailScanner: Found to be clean"?
When you get the header but the virus was not detected, that means your virus scanner is obviously not working. If you don't get the header, then MailScanner is not working. See if there are any files in the /var/spool/exim_incoming/input directory. If so, Exim is fine and it is MailScanner. If not, Exim is not working so check it's logs.
Once you are done testing, don't forget to edit the files in /etc/MailScanner/reports to suit. And also see the other config files /etc/MailScanner/.
Most of this depends on how your cron is setup and how often you want it to run. I wanted mine to run daily and with RH I have an /etc/cron.daily directory. So I added a file called eximretrytidy which has:
#!/bin/bash [ -x /usr/bin/exim_tidydb ] || exit 0 /usr/bin/exim_tidydb -t 1m /var/spool/exim_incoming retry exit 0
Then I made it executable:
chmod 0755 eximretrytidy
And tested it:
I could have done this in the /etc/crontab file or using Webmin. This RedHat document has some good information on how their cron works: http://www.redhat.com/support/resources/tips/cron/cron.html
- One problem with InoculateIT v6 is that inocmd32 must run as root. However,
mailscanner.conf has the lines:
Which the install guide says is provided for Exim. If you set this then inocmd32 is run as that user and group. I found that not setting them works fine. Inocmd32 runs properly and Exim delivers the mail.
# User to run as (not normally used for sendmail) #Run As User = mail # Group to run as (not normally used for sendmail) #Run As Group = mail
- If you set MailScanner to run as another user, make sure to chown its spool directory.
- If you do not want your virus signatures updated hourly, but instead what them updated daily, weekly, or monthly instead and want to use this script, do something like:
mv update_virus_scanners /etc/cron.daily
If you have your own virus updater scripts and prefer them, read the MailScanner documentation first.
- Also, if you are using winbind and have Exim set to use a Windows group name, you will want to edit /etc/init.d/MailScanner so it starts after winbind. For example:
chkconfig: 2345 95 30
- What I don't like about Mailscanner is that two Exim processes must be run along with Mailscanner, which uses the most memory all my processes. If you are using one of the scanners that can run with exiscan, which InoculateIT currently can't, I would suggest it if you are tight on memory. However, MailScanner does have the ability to disinfect (if your virus scanner can) and send the cleaned attachment onward. Not to mention email reports and the ability to send the parts of the message not infected onward.
- Note: There was a bug with 4.10 clipping a few characters off an email if it modifies it. It was fixed in 4.11.