MailScanner Installation Guide — Quicksilver
MailScanner install instructions for quicksilver:
-------------------------------------------------
Background info: quicksilver is one of two identically specced MXs at
UKC running Exim v3.22 on Solaris 8 on a Sun Ultra5. This machine
indvidually ships approx 30,000 mails a day with load of around .1 .
Exim is installed under /usr/lib/exim with a symlink for the exim
binary back to /usr/lib/sendmail for anything that wants sendmail (!).
The exim mail queues are located in /var/spool/exim/input but this
directory is symblinked to /u1/mailspool. This is to keep the mailspools
on a separate disk and to ensure that a mail explosion wont take out the
entire machine... Also the 4.5gb disk should be enough to spool mail
for four days minimum (ie long weekend) should the central mail stores
be unavailable.
=====================================================================
STAGE 1: Install prerequisite binaries, perl modules, mailsanner, sophos
The machine is still running as an MX at this point with normal mail
actions taking place.
=====================================================================
0. Install lynx as the MailScanner autoupdate script uses this
to pull the virus definitions from www.sohos.com and you want
to install this now as it will save you from swearing later (as
I did).
Anyway lynx is a dog to compile on Solaris so I ripped all the files from
another host:
# rcp -p /usr/local/bin/lynx quicksilver:/usr/local/bin/lynx
# rcp -p /usr/local/lib/lynx.cfg quicksilver:/usr/local/lib/lynx.cfg
# rcp -pr /usr/local/lib/lynx_doc/ quicksilver:/usr/local/lib/lynx_doc/
# rcp -pr /usr/local/lib/lynx_help/ quicksilver:/usr/local/lib/lynx_help/
# rcp -p /usr/local/man/cat1/lynx.1 quicksilver:/usr/local/man/cat1/lynx.1
# rcp -p /usr/local/man/man1/lynx.1 quicksilver:/usr/local/man/man1/lynx.1
1. Install the following perl modules (in this order):-
IO-stringy
% cd IO-stringy-2.108
% perl Makefile.PL
% make
% make test
# make install
MIME-Base64
% cd ../MIME-Base64-2.12
% perl Makefile.PL
Then edit the Makefile so that:
Change the definition of CC to be gcc instead of cc
Change the definition of LD to be gcc instead of cc
Change the definition of CCCDLFLAGS to be -fPIC instead of -KPIC
Change the definition of OPTIMIZE to be -O2 instead of -xO3 -xdepend
% make
% make test (unicode test is skipped - dont worry)
# make install
LibNet (you need this as Solaris8 Perl version is old....)
% cd ../libnet-1.09
% perl Makefile.PL
(we only need the DNS stuff as MailTools.pm needs the DNS stuff
and will winge if its not installed, so let it do DNS lookups
and hit return for everything else)
% make
% make test
(this will fail parts of it ((see note above)), however the bit we
need is: t/hostname..........ok )
# make install
MailTools
% cd ../MailTools-1.13
% perl Makefile.PL
% make
% make test
# make install
File-Spec (I used version 0.82)
% cd ../File-Spec-0.82
% perl Makefile.PL
% make
% make test
# make install
MIME-tools
% cd ../MIME-tools-BETA-5.503 (its the only version I could find on CPAN)
% perl Makefile.PL
% make
% make test
# make install
2. Need to update perl/gcc slightly as Solaris has not got the perl
headers to the C include functions...(which is thougtfull of SMI :-)
# cd /usr/include
# /usr/perl5/bin/h2ph -r -l .
Then edit the file /usr/perl5/site_perl/5.005/sun4-solaris/_h2ph_pre.ph
and comment out line 2, which is the first line in the file starting with
the word unless.
#unless (defined &) { sub () { "" } }
3. Install MailScanner
Ideally this must be installed into the same file system as the mail queues....
So in ~pao/src:
# tar xvf MailScanner-3.03-1.tar
then we need to move the binaries etc round...
# cp -pr mailscanner /u1/mailscanner
# cp -pr sophos /u1/sophos
NOTE: the sophos directory does NOT include Sophos, merely the wrapper
scripts that MailScanner uses to update the real sophos virus definitions.
First though MailScanner doesn't come with an install script as such
so we fix the permissions:
# cd /u1
# chown -hR root:other mailscanner sophos
(dont forget the -h as the R tells chown to go recursive and it follows
symlinks by default which is potentialy quite embarassing but does give
you a good oppurtunity to improve your shell scripting skills... :-)
By default mailscanner thinks its directories are in /opt/mailscanner
so for neatness we symlink the stuff back to /opt:
# ln -s /u1/mailscanner /opt/mailscanner
# ln -s /u1/sophos /opt/sophos
4. Install Sophos
Bizarrely Mailscanner comes with a script to install sophos but not itself...
However ensure that you have the latest version of the sophos distribution,
as of Jan 2002 the vdl file and the sophos binaries are at version 3.53,
and there will only be downloads of vdls for this sophos version for three
months - at which point the autoupdate script will probably break.....
So you do this entire stage every three months (I think).
So untar sophos:
# cd ~pao/src
# tar xf solaris.sparc.tar
Which should decompress sophos into sav-install under the current directory.
NOTE that version: 3.03-1 17th Jan 2002 the Sophos.install.solaris
script was the Linux version I dont think Julian did this on purpose, but
if you are using that version of MailScanner edit the file:
/opt/mailscanner/bin/Sophos.install.solaris as follows:
#SOPHOS=/usr/local/Sophos
#DISTRIB=linux.intel.libc6.tar.Z
SOPHOS=/opt/sophos
DISTRIB=solaris.sparc.tar.Z
Having fixed the file (assuming you needed to):
# cd ~pao/src/sav-install
# /opt/mailscanner/bin/Sophos.install.solaris
=========================================================
At this point all of the binaries should be installed.
=========================================================
=========================================================
STAGE2: Configure mailscanner, set paths etc etc
BUT DO NOT START mailscanner as the MX is still
running and Exim itself needs a reconfigure.
=========================================================
At this point we edit: /opt/mailscanner/etc/mailscanner.conf
I have just included the lines changed from the default:
Host name = quicksilver.ukc.ac.uk
Clean Header = No virus detected
Infected Header = Virus detected
(these were changed for politcal reasons :-)
Incoming Work Dir = /opt/mailscanner/var/incoming
Quarantine Dir = /opt/mailscanner/var/quarantine
(These two are really linked back to /u1 where the mail spool is held)
Incoming Queue Dir = /var/spool/exim/incoming/input
Outgoing Queue Dir = /var/spool/exim/input
(again the /var/spool/exim/incoming is linked bak to /u1)
MTA = exim
Sendmail = /usr/lib/exim/bin/exim
Sendmail2 = /usr/lib/exim/bin/exim -C /usr/lib/exim/configure.outgoing
Expand TNEF = no
(this is handled by sophos automagically :-)
Deliver In Background = yes
The policy currently in place at UKC is as follows:
+ Reject specific file names - as in current Exim system filter:
ie happy99.exe *.pif.scr etc etc
but not *.exe :-(
+ virus check email as follows:
- message to sender
- deliver the clean bits to recipient
- quarantine bad bits
Virus Scanning = yes
Virus Scanner = sophos
Sweep = /opt/sophos/bin/sophoswrapper
Deliver To Recipients = yes
Notify Senders = yes
quicksilver# mkdir /u1/incoming
quicksilver# ln -s /u1/incoming /var/spool/exim/incoming
=====================================================================
STAGE 3: Configure Exim
=====================================================================
First stop Exim running:
/etc/init.d/sendmail stop
Flush the mail queues, delete frozen messages etc etc
Backup the configure file and copy it to two new ones for adjusting:
quicksilver# cp configure configure.pre-mailscanner
quicksilver# cp configure configure.incoming
quicksilver# cp configure configure.outgoing
We now edit the incoming configuration file so that it *only* queues
email and defers delivery.
The changes are:
# specify the spool directory for incoming mail...
spool_directory = /var/spool/exim/incoming
# force mail to queue - this can be bypassed so a router/driver pair
# have also been added
queue_only = true
# director to force queuing...
defer_director:
driver = smartuser
new_address= :defer: All deliveries are deferred
# router to deal with forced queuing director
defer_router:
driver = domainlist
self = defer
route_list = "* 127.0.0.1 byname"
Next edit the outgoing configuration file, so that it doesn't
place mail in a queue prior to processing - as MailScanner calls
it directly (I think).
#spool_directory = /var/spool/exim/outgoing
Now edit the startup script for exim: /etc/rc2.d/S88sendmail so
it starts with:
/usr/lib/exim/bin/exim -C /usr/lib/exim/configure.incoming -bd
/usr/lib/exim/bin/exim -C /usr/lib/exim/configure.outgoing -q30m
/opt/mailscanner/bin/check_mailscanner
That will then start both copies of exim with appropriate config files
as well as a copy of mailscanner
Next we edit roots crontab entries:
# mailscanner stop and restart
0,20,40 * * * * [ -x /opt/mailscanner/bin/check_mailscanner ] --->add following line
&& /opt/mailscanner/bin/check_mailscanner >/dev/null 2>&1
# Automatically fetch updates to Sophos just after midnight
13 0 * * * [ -x /opt/sophos/bin/autoupdate ] && /opt/sophos/bin/autoupdate >/dev/null 2>&1
The first kicks mailscanner every 20 mins and is an anti embarrassment
measure - just in case it does die - at which point mail gets queued
locally and nowt else happens.
The second update the virus definition files - which is generally a good idea...
Finally syslog needs configuring to log somewhere sane,
so adjusted /etc/syslog.conf to include:
mail.debug /opt/mailscanner/var/log
Don't forget to send syslogd a HUP:
# pkill -HUP syslogd
#########################################################
At this point everything should be in place.
So starting up the mail system out of the sendmail script
in /etc/rc2.d should get things going.....
|
