Posh Security

View Original

MailScanner on Centos

This is a simple guide to building an email gateway which will perform anti-spam and anti-virus filtering prior to delievering email to its intended destination.

I also make use of a sendmail milter to verify the recpients of email messages are valid, and drop the messages if the recpient is found to be invalid. Recipient filtering not only reduces the amount of work that the gateway has to do (as it doesn't perform any anti-spam analyasis etc on the message) but reduces the load on the destination server(s) and protects them.

The milter works by simply connecting to the destination server and testing if it accepts the recipient address prior to accepting the rest of the email body from the machine which is connected to it. If you use Exchange as your destination server, make sure it doesn't accept invalid recipients and returns an NDR which is the default. If the recipient isn't valid, the miltor returns to the SMTP server which is attempting to send email to it that the mail box is full or invalid.

 

Installation Steps
  1. Install Centos
    Just follow normal install
  2. Install Updates
    yum update
  3. Install Webmin
    If you like to install and update Webmin via RPM, create the /etc/yum.repos.d/webmin.repo file containing:
    [Webmin]
    name=Webmin Distribution Neutral
    baseurl=http://download.webmin.com/download/yum
    enabled=1
  4. You should also fetch and install my GPG key with which the packages are signed, with the command:
    rpm --import http://www.webmin.com/jcameron-key.asc
    You will now be able to install with the command :
    yum install webmin
    All dependencies should be resolved automatically.
  5. Install Mailscanner
    export MAILSCANNER_CREATE_TMPFS=1
    wget http://yum.fslupdate.com/fsl-beta/fsl-beta.repo -O /etc/yum.repos.d/fsl-beta.repo
    yum -y groupinstall MailScannerGold
    export PERL5LIB=/opt/fsl/lib/perl5
    chkconfig MailScanner on
    yum update
  6. Configure Mailscanner
    vi /etc/MailScanner/MailScanner.conf
  7. Install Sender/Recipient verification sendmail milter
    yum install sendmail-devel
    yum install sendmail-cf
    yum install libmilter
    tar xzvf smf-sav-1.4.0.tar.gz
    cd smf-sav-1.4.0
    make
    make install
  8. Configire address verification milter
  9. Configure Sendmail
    Do what ever forwarding and routing you need to configure.

    Add the following lines to sendmail.mc above the MAILER(smtp)dnl like
    INPUT_MAIL_FILTER(`smf-sav', `S=unix:/var/run/smfs/smf-sav.sock, T=S:30s;R:4m')dnl
  10. Configure Startup scripts to include milter
    We need to modify the MailScanner init script at \etc\inif.d\MailScanner to ensure that the process that performs the address verification is started before sendmail and mailscanner.
    start)
    ...
        daemon /usr/local/sbin/smf-sav
    ...
    stop)
        if test "x`pidof smf-sav`" != x; then
        echo -n $"Stopping $prog: "
        killproc smf-sav
        echo
    ...