pavement

Qmail, setting up a mail filter server

From FreeBSDwiki
(Redirected from Mail Filter Server)
Jump to: navigation, search

Rough outline: sometimes you need a separate server to act as a transparent spam/virus filter, not a Mail toaster. This is how.

  • install qmail from ports with -DWITH_QMAIL_QUEUE_PATCH.
  • install tcp-ucspi from ports.
  • install spamassassin from ports.
  • install clamav from ports.
  • install qmailscanner from ports.

config gotchas:

  • edit /usr/local/etc/clamd.conf; make sure User is set to qscand. (Alternately, reconfigure qmailscanner to run as clamav. One way or the other, they need to run as the same user.)
  • don't forget that the domains you're going to be receiving mail for need to be in /var/qmail/control/rcpthosts but NOT in /var/qmail/control/locals or /var/qmail/control/virtualdomains.
  • tcpserver.sh should look like this:
#!/bin/sh

case "$1" in
start)

set QMAILQUEUE="$/usr/local/bin/qmail-scanner-queue.pl"
export QMAILQUEUE

  /usr/local/bin/tcpserver -p -u 82 -g 81 0 smtp \
  /usr/local/bin/rblsmtpd -b -r bl.spamcop.net -r dnsbl.njabl.org \
  /var/qmail/bin/qmail-smtpd 2>&1 | /var/qmail/bin/splogger rblsmtpd &

     ## -H tells tcpserver not to do remote DNS lookup before accepting connections
     ## -l0 tells tcpserver not to look up local host name in DNS; instead use "0" as its name
     ## -R tells tcpserver not to ask the remote server for its DNS information
     ## -c 512 tells tcpserver not to attempt to process more than 512 simultaneous connections
     ## -x specifies a rules database to control connections with
     ## -u 82 runs tcpserver under the qmaild uid
     ## -g 81 runs tcpserver under the qmaild gid
     ## 0 indicates tcpserver is running on this machine
     ## smtp (...)qmail-smtpd specifies to pass SMTP connections to qmail-smtpd
     ## rblsmtpd checks for blacklisted IP addresses before accepting SMTP
     ## -b specifies an SMTP 553 error code to return to blacklisted servers
     ## -r is specified before each successive RBL source
     ## descriptor 2 is sent to splogger to create standard log entries attributed to rblsmtpd
     ## end the line with & or the process hangs the console that starts it!
     ##

     echo "tcpserver-SMTP "
     ;;

stop)
        exec killall tcpserver
        echo "tcpserver-SMTP "
        ;;
*)
        echo "Usage: `basename $0` {start|stop}" >&2
        exit 64
        ;;
esac

  • alternately, you can nerf the setting of QMAILQUEUE env variable in tcpserver.sh, and add an -x /etc/tcprules/tcp.smtp.cdb in the tcpserver line immediately before the -u and -g arguments; in this case do a cat tcp.smtp.rules | tcprules tcp.smtp.cdb tmp where /etc/tcp.smtp.rules looks like this:
# Use Qmail-Scanner with SpamAssassin on any mail from the rest of the world
:allow,QMAILQUEUE="/usr/local/bin/qmail-scanner-queue.pl"
  • you'll need to clean out the quarantine directory semi-regularly. try parking this in /etc/periodic/daily/900.purge-quarantine :
#!/bin/sh

echo "Purging 30+ day old quarantined malware from /usr/local/qmailscan/quarantine: "
find /usr/local/qmailscan/quarantine/cur -ctime +30 -delete
find /usr/local/qmailscan/quarantine/tmp -ctime +30 -delete
find /usr/local/qmailscan/quarantine/new -ctime +30 -delete
  • there are any number of options you may want to play with, including turning antivirus bounce notification OFF, in /usr/local/bin/qmail-scan-queue.pl. Turning DEBUG to 1 in that file will cause it to create logs, which can be very useful.
Personal tools