Qmail, setting up a mail filter server
From FreeBSDwiki
Rough outline: sometimes you need a separate server to act as a transparent spam/virus filter, not a Mail toaster. This is how.
- install qmail from ports with -DWITH_QMAIL_QUEUE_PATCH.
- install tcp-ucspi from ports.
- install spamassassin from ports.
- install clamav from ports.
- install qmailscanner from ports.
config gotchas:
- edit /usr/local/etc/clamd.conf; make sure User is set to qscand. (Alternately, reconfigure qmailscanner to run as clamav. One way or the other, they need to run as the same user.)
- don't forget that the domains you're going to be receiving mail for need to be in /var/qmail/control/rcpthosts but NOT in /var/qmail/control/locals or /var/qmail/control/virtualdomains.
- tcpserver.sh should look like this:
#!/bin/sh
case "$1" in
start)
set QMAILQUEUE="$/usr/local/bin/qmail-scanner-queue.pl"
export QMAILQUEUE
/usr/local/bin/tcpserver -p -u 82 -g 81 0 smtp \
/usr/local/bin/rblsmtpd -b -r bl.spamcop.net -r dnsbl.njabl.org \
/var/qmail/bin/qmail-smtpd 2>&1 | /var/qmail/bin/splogger rblsmtpd &
## -H tells tcpserver not to do remote DNS lookup before accepting connections
## -l0 tells tcpserver not to look up local host name in DNS; instead use "0" as its name
## -R tells tcpserver not to ask the remote server for its DNS information
## -c 512 tells tcpserver not to attempt to process more than 512 simultaneous connections
## -x specifies a rules database to control connections with
## -u 82 runs tcpserver under the qmaild uid
## -g 81 runs tcpserver under the qmaild gid
## 0 indicates tcpserver is running on this machine
## smtp (...)qmail-smtpd specifies to pass SMTP connections to qmail-smtpd
## rblsmtpd checks for blacklisted IP addresses before accepting SMTP
## -b specifies an SMTP 553 error code to return to blacklisted servers
## -r is specified before each successive RBL source
## descriptor 2 is sent to splogger to create standard log entries attributed to rblsmtpd
## end the line with & or the process hangs the console that starts it!
##
echo "tcpserver-SMTP "
;;
stop)
exec killall tcpserver
echo "tcpserver-SMTP "
;;
*)
echo "Usage: `basename $0` {start|stop}" >&2
exit 64
;;
esac
- alternately, you can nerf the setting of QMAILQUEUE env variable in tcpserver.sh, and add an -x /etc/tcprules/tcp.smtp.cdb in the tcpserver line immediately before the -u and -g arguments; in this case do a cat tcp.smtp.rules | tcprules tcp.smtp.cdb tmp where /etc/tcp.smtp.rules looks like this:
# Use Qmail-Scanner with SpamAssassin on any mail from the rest of the world :allow,QMAILQUEUE="/usr/local/bin/qmail-scanner-queue.pl"
- you'll need to clean out the quarantine directory semi-regularly. try parking this in /etc/periodic/daily/900.purge-quarantine :
#!/bin/sh echo "Purging 30+ day old quarantined malware from /usr/local/qmailscan/quarantine: " find /usr/local/qmailscan/quarantine/cur -ctime +30 -delete find /usr/local/qmailscan/quarantine/tmp -ctime +30 -delete find /usr/local/qmailscan/quarantine/new -ctime +30 -delete
- there are any number of options you may want to play with, including turning antivirus bounce notification OFF, in /usr/local/bin/qmail-scan-queue.pl. Turning DEBUG to 1 in that file will cause it to create logs, which can be very useful.
