This howto was written in order to help users of DirectAdmin install and correctly configure MailScanner with Exim.
It is based on several years experience working with MailScanner and has been used in the installation of production servers running a variety of rpm based linux distributions including:
RedHat 9
Fedora
Centos
WhiteBox
While every effort has been made to make this howto as comprehensive and easy to follow as possible the author welcomes feedback.
Before you start you should install vim.
On most Red Hat Enterprise clones, such as Centos, the following command should work:
yum install vim-enhanced
I would recommend creating a directory such as /home/installstuff or similar for any files / packages related to your MailScanner setup.
The next step is to install SpamAssassin.
There are a number of ways of doing this, however the developer of MailScanner has put together an easy to use package that will install all the required perl Modules for you. It can be downloaded here.
NB: As of SA 3.1 the licensing has changed for some of the plugins. You will need to enable razor etc., in the *.pre files in the /etc/mail/spamassassin directory
Now to install MailScanner.
First download the MailScanner rpm tarball from the website.
There are usually two versions available – stable and beta.
wget location of file
tar -zxvf MailScanner file
cd MailScanner directory
./install.sh
For example, to download and install the current beta version at time of writing the command would be:
wget http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/rpm/MailScanner-4.50.8-1.rpm.tar.gz
tar -zxvf MailScanner-4.50.8-1.rpm.tar.gz
cd MailScanner-4.50.8-1
./install.sh
Relax and have a cup of coffee.
Once the install is finished you can proceed with the setup of MailScanner to work with exim.
You need to change the permissions on the MailScanner spool directory:
chown -R mail.mail /var/spool/MailScanner
MailScanner works by running two processes of the MTA.
One listens for SMTP connections (inbound mail) while the other processes outbound mail.
If you think of it like this:
mail > exim > MailScanner > exim
Mail is passed from one exim process to the other via MailScanner, where all the content checks are conducted.
For this reason you need to have two .conf files for exim. One for each exim process.
Always create backups!
cp /etc/exim.conf /etc/exim.back
Make a copy to handle outbound mail:
cp /etc/exim.conf /etc/exim_send.conf
Edit the exim.conf file:
vim /etc/exim.conf
and add the following lines in the main part of the configuration:
#Added for MailScanner mail queues and logging
spool_directory = /var/spool/exim.in
queue_only = true
queue_only_override = false
log_file_path = /var/spool/exim/msglog/%slog
MailScanner comes with its own startup script, so you can safely get rid of the original one:
#cd /etc/init.d/
cp exim exim.orig;chmod -x exim.orig
rm exim
However, DirectAdmin will check for the exim file, so we create a symlink to fool it:
ln -s MailScanner exim
NB: You may need to do this again if a DirectAdmin update installs a new exim init script
Create the following directories:
mkdir /var/spool/exim.in
mkdir /var/spool/exim.in/input
mkdir /var/spool/exim.in/data
mkdir /var/spool/exim.in/db
then fix the ownership:
chown -R mail.mail /var/spool/exim.in/
Now you need to customise your MailScanner.conf both for your particular server and to let it know that it is running exim:
Open MailScanner.conf in vim as follows:
vim /etc/MailScanner/MailScanner.conf
The file is very well documented. Please read it!
You should edit the following settings:
%org-name% = servername
%org-long-name% = Your Company Name
.
%web-site% = www.yourwebaddress.tld
Now to tell it about your exim configuration.
Find the following lines in MailScanner.conf and edit as indicated:
#Run As User = mail
#Run As User = postfix
Run As User = mail
# Group to run as (not normally used for sendmail)
#Run As Group = mail
#Run As Group = postfix
Run As Group = mail
Incoming Queue Dir = /var/spool/exim.in/input
Outgoing Queue Dir = /var/spool/exim/input
Sendmail = /usr/sbin/exim -C /etc/exim.conf
Sendmail2 = /usr/sbin/exim -C /etc/exim_send.conf
MTA = exim (as opposed to sendmail)
You can further tweak your MailScanner settings later on.
Some more changes are needed to finalise your setup.
MailScanner should autodetect exim, but you need to make a number of changes to /etc/sysconfig/MailScanner
do the following:
mkdir /usr/local/exim/
mkdir /usr/local/exim/bin
make the following symlinks:
ln -s /etc/exim_send.conf /usr/local/exim/exim_send.conf
ln -s /etc/exim.conf /usr/local/exim/configure
ln -s /usr/sbin/exim /usr/local/exim/exim
ln -s /usr/sbin/exim /usr/local/exim/bin/exim
To test if it is working properly or not issue the following command:
/etc/init.d/MailScanner restart;tail -f /var/log/maillog
You should see something like the following:
Shutting down MailScanner daemons:
MailScanner: [ OK ]
incoming exim: [ OK ]
outgoing exim: [ OK ]
Starting MailScanner daemons:
incoming exim: [ OK ]
outgoing exim: [ OK ]
MailScanner: [ OK ]
Keep an eye on the logs for a few minutes.
If anything is wrong you should see an error in them.
In order to increase your setup’s effectiveness against spam and viruses you can now tweak your settings.
As I already mentioned, the MailScanner.conf file is very well commented, so read what the configuration options are doing before you actually change them on a production system.
This method of setting up MailScanner has been tried and tested.
It works for us, however any feedback is always appreciated.
From Paul Welsh:
Hi Michele
When you say to edit the exim.conf file and add lines to the main part of the configuration, what section of the exim.conf file should I add the lines to?
From Paul Welsh:
Hi again
You say “MailScanner should autodetect exim, but you need to make a number of changes to /etc/sysconfig/MailScanner”. However, from what I can see, you don’t mention any changes to this file.
From michele:
Paul – how are you?
Add the lines to the top of the exim.conf file.
Ignore the bit about making those changes – I’ll remove them from the howto, as they refer to an older version of this document
From Paul Welsh:
My problem now is that when I try to send mail to my server I get:
421 Unexpected failure, please try later
I have checked:
/var/spool/exim/msglog/mainlog
/var/spool/exim/msglog/paniclog
/var/log/maillog
/var/log/exim/mainlog
/var/log/exim/paniclog
but I can’t see much happening in any of them.
/var/log/maillog shows MailScanner starting but not exim.
/etc/rc.d/init.d/exim confirms this with just MailScanner showing as running OK.
/var/spool/exim/msglog/mainlog and paniclog just show:
2006-01-31 00:30:34 failed to open /etc/virtual/whitelist_domains for linear search: No such file or directory
/var/log/exim/mainlog shows lines like this:
2006-01-31 00:06:20 exim 4.60 daemon started: pid=22608, -q15m, not listening for SMTP
Any ideas?
From michele:
Paul -did you get this sorted out?
From Paul Welsh:
Yes, it seems to be working OK now. Thanks.
From Teco:
/var/log/exim/mainlog
exim 4.62 daemon started: pid=10602, -q15m, not listening for SMTP
I cand send or received mail ?
From michele:
Teco – how are you calling exim / Mailscanner?
More importantly, how did you install it?
From Teco:
Install MailScanner
chown -R mail:mail /var/spool/MailScanner
chown -R mail:mail /var/spool/MailScanner
cp /etc/exim.conf /etc/exim_outgoing.conf
pico -w /etc/exim.conf
and add the following lines in the main part of the configuration:
spool_directory = /var/spool/exim.in
queue_only = true
queue_only_override = false
log_file_path = /var/spool/exim/msglog/%slog
pico -w /etc/init.d/exim
Original:
QUEUE=
[ -f /etc/sysconfig/exim ] && . /etc/sysconfig/exim
[ "$DAEMON" = yes ] && EXIM_OPTS=”$EXIM_OPTS -bd”
[ -n "$QUEUE" ] && EXIM_OPTS=”$EXIM_OPTS -q$QUEUE”
Change this to:
QUEUE=”15m”
[ -f /etc/sysconfig/exim ] && . /etc/sysconfig/exim
[ "$DAEMON" = yes ] && EXIM_OPTS=”$EXIM_OPTS -bd”
[ -f /etc/sysconfig/exim ] && . /etc/sysconfig/exim
[ "$DAEMON" = yes ] && EXIM_OPTS=”$EXIM_OPTS -C /etc/exim_outgoing.conf”
[ -n "$QUEUE" ] && EXIM_OPTS=”$EXIM_OPTS -q$QUEUE”
Create the following directories: /var/spool/exim.in,
/var/spool/exim.in/input,
/var/spool/exim.in/data,
/var/spool/exim.in/db
mkdir /var/spool/exim.in
etc.
and assign them to mail.
chown mail:mail /var/spool/exim.in
pico -w /etc/MailScanner/MailScanner.conf
and change theses settings:
Use you language for reports
%report-dir% = /etc/MailScanner/reports/fr
%org-name% = (Your org. name)
Run As User = mail
Run As Group = mail
Incoming Queue Dir = /var/spool/exim.in/input
Outgoing Queue Dir = /var/spool/exim/input
MTA = exim
Sendmail = /usr/sbin/exim -C /etc/exim.conf
Sendmail2 = /usr/sbin/exim -C /etc/exim_outgoing.conf
Virus Scanners = clamav
Use SpamAssassin = yes
Always Include SpamAssassin Report = yes
# pico -w /etc/sysconfig/MailScanner
MTA=exim
EXIM=/usr/sbin/exim
EXIMINCF=/etc/exim.conf # Incoming configuration file
EXIMSENDCF=/etc/exim_outgoing.conf # Outgoing configuration file
mkdir /usr/local/exim/
mkdir /usr/local/exim/bin
ln -s /etc/exim_send.conf /usr/local/exim/exim_send.conf
ln -s /etc/exim.conf /usr/local/exim/configure
ln -s /usr/sbin/exim /usr/local/exim/exim
ln -s /usr/sbin/exim /usr/local/exim/bin/exim
killall exim -9
killall MailScanner -9
service MailScanner start
Starting MailScanner daemons:
incoming exim: [ OK ]
outgoing exim: [ OK ]
MailScanner: [ OK ]
*****
service MailScanner restart & service exim restart , same
Shutting down MailScanner daemons:
MailScanner: [ OK ]
incoming exim: [ OK ]
outgoing exim: [ OK ]
Starting MailScanner daemons:
incoming exim: [ OK ]
outgoing exim: [ OK ]
MailScanner: [ OK ]
*****
/var/log/exim/mainlog
exim 4.62 daemon started: pid=10602, -q15m, not listening for SMTP
and in
/var/log/mainlog
un 2 05:51:33 server1 MailScanner[15079]: Spam Checks: Found 1 spam messages
Jun 2 05:51:33 server1 MailScanner[15079]: Virus and Content Scanning: Starting
Jun 2 05:51:34 server1 MailScanner[15079]: Uninfected: Delivered 1 messages
Jun 2 05:54:20 server1 MailScanner[15259]: New Batch: Scanning 1 messages, 1548 bytes
Jun 2 05:54:21 server1 MailScanner[15259]: Spam Checks: Found 1 spam messages
Jun 2 05:54:21 server1 MailScanner[15259]: Virus and Content Scanning: Starting
Jun 2 05:54:22 server1 MailScanner[15259]: Uninfected: Delivered 1 messages
Jun 2 05:58:33 server1 MailScanner[15251]: New Batch: Scanning 1 messages, 2912 bytes
Jun 2 05:58:33 server1 MailScanner[15251]: Expired 1 records from the SpamAssassin cache
Jun 2 05:58:34 server1 MailScanner[15251]: Spam Checks: Found 1 spam messages
Jun 2 05:58:34 server1 MailScanner[15251]: Virus and Content Scanning: Starting
Jun 2 05:58:36 server1 MailScanner[15251]: Uninfected: Delivered 1 messages
Jun 2 06:01:01 server1 update.virus.scanners: Delaying cron job up to 600 seconds
Jun 2 06:03:37 server1 update.virus.scanners: Found clamav installed
Jun 2 06:03:37 server1 update.virus.scanners: Running autoupdate for clamav
Jun 2 06:03:37 server1 ClamAV-autoupdate[21957]: ClamAV update warning: /usr/bin/freshclam: error while loading shared libraries: libkrb5support.so.0: cannot open shared object file: No such file or directory
Jun 2 06:03:37 server1 ClamAV-autoupdate[21957]: ClamAV updater failed
Jun 2 06:03:37 server1 update.virus.scanners: Found generic installed
Jun 2 06:03:37 server1 update.virus.scanners: Running autoupdate for generic
**** /usr/bin/freshclam: error while loading shared libraries: libkrb5support.so.0: cannot open shared object file: No such file or directory
how to fix it ?!
From michele:
Disable the virus checks temporarily, so you can get mail etc., and Mailscanner will do most checks without it. I’d then check your ClamAV install – try the clam av and spamassassin installer from the Mailscanner downloads:
downloads
and install it all manually from there
Your error sounds like a missing rpm or library of some kind, but you haven’t specified your OS
From Teco:
Thanks Michele, My OS CentOS 4.3
From John Fox:
I have setup 6 servers with DirectAdmin/MailScanner following your instructions. Four of the servers use Exim 4.31 and have not had an ounce of trouble with them since installation 12 to 24 months ago. Just recently, 2 other servers, one converted 10 months ago with Exim 4.50 and a new server last week with Exim 4.60 I am having really big problems.
The server with 4.50 I have re-installed the instructions twice, once 6 months ago and last week. The mail queue justs freezes up and in the /var/log/exim/mainlog it says exim 4.xx daemon started: pid=xxxxx, -q15m, not listening for SMTP. then when I revert back to the original Exim.config it frees up and works again.
The same applies to the Exim 4.60 and after looking at the configs of the servers that have not given any problems I noted that the problem is where to place the queue and logging instructions on these later servers.
With the Exim 4.31, the q &l was placed near the top, but within the the config file. With the 4.50 and 4.60 versions of Exim I first placed it before the the ACL data and then moved it to the top of each config file before the start. By placing it before the ACL you do not get any readout through the maillogs file. If its placed at the top you do get readouts but you get not listening on port 25 message in the mainlog file.
MailScanner I find is a great programme for viruses and spam when used with exim. All servers handle between 10 to 20 thousand emails per day. All except one run Redhat 9, the exception runs Centos 3.8.
Would you have any ideas on the solution to this problem? Your help would be appreciated.
From michele:
John
If you are having issues you’ll find me and others on #mailscanner on freenode.
It’s probably the best place to debug your issues
Michele
From John Fox:
Fixed the problem on both servers. It was a matter of finding the right position for the G & L instructions. The message in the /var/log/exim/mainlog saying that exim was not looking for smtp on port 25 is really telling you that MailScanner is in control of the Exim Mail Programme. It means nothing, it does not stop or hinder the mail delivery system.
From michele:
John
Are you still using the exim init script or have you replaced it with the MailScanner one?
Michele
From John Fox:
No I replaced the exim file with a simlink from MailScanner as per your instructions above. Your instuctions are perfect. It just was a matter of placing the Q & L instruction in the right place midway between the reference to listening on ports 25 and 587 and the first mention of ACL’s. If you place it before,in or after the ACL section you won’t get MailScanner logs in the /var/log/maillog directory. This concerns DirectAdmin exim.conf’s in versions 4.5x and 4.6x.
From RaYMonD:
My srv is Running Sendmail , Mailscanner and Spammassassin over 1 year, http://xxxxx/mailscanner stopped , I restart the MailScanner the case not fix.
Can U Help me.
From michele:
Raymond
If you can supply more information about your setup I can try to assist you
Michele
From Igor:
Hello Michele,
I installed mailscanner as in you’re instructions. I think it was succesfull. I am watching the log file for a few minutes.
Then I tried to send a test virus in a text file and attacthed id to a message: $CEliacmaTrESTuScikgsn$FREE-TEST-SIGNATURE$EEEEE$
In the log I see the virus is caputered and it says: Notices: Warned about 1 messages. But the message never gets it to sender or receiver. I never recieved any warning about the virus in a mail message.
Is something wrong or is this the way mailscanner/ClamAV works. I would like to see that the message is deliverd without the virus text file and with a warning message.
I hope this is possible
Igor
From michele:
Igor
Have a look at the settings in MailScanner.conf. It sounds like you are using the default actions for viruses.
Michele
From Igor:
Thanks for replying so fast. I took a look in MailScanner.conf and changed these lines:
Deliver Disinfected Files = yes (was no)
Still Deliver Silent Viruses = yes (was no)
But still there is getting no mail message to the reveiver. Can you point me to the right direction?
Igor
From Igor:
After invoking the command: /etc/init.d/MailScanner restart
I mailed the message again and the fake virus mail is recieved by the receiving party with a message in the replaced virus.txt.
That is working like I want it. The question is this safe to do it this way? And are ther other settings I should be aware of?
Thanks in advance
Igor
From michele:
Igor
You need to do a restart after any changes you make to the configuration.
If you are handling a lot of mail for a lot of users you probably won’t want to deliver the .txt with the warning about viruses that they cannot do anything with.
The main things to ensure you change are the hostnames and other details towards the top of MailScanner.conf (though I think you are forced to do that by the installer script in recent versions)
From murat:
I have installed one to one mailscanner from here. It’s worked wonderful. But how can update it ?
Can anyone explain it in this way how can i mailscanner make update.
Fedora5
exim4.61
DA 1.29.7
Thanks…
From michele:
Murat
Upgrading MailScanner isn’t complicated.
On an rpm based system you would simply download the latest installer. Extract it and run the install script. As it’s an upgrade you would then have to follow the upgrade section at the end which means running upgrade_MailScanner_conf and upgrade_languages_conf.
If you run either command without any parameters you will see their usage:
“RPM
===
If you are using the RPM distributions then try this:
cd /etc/MailScanner
upgrade_MailScanner_conf MailScanner.conf MailScanner.conf.rpmnew > MailScanner.new
mv -f MailScanner.conf MailScanner.old
mv -f MailScanner.new MailScanner.conf
TAR
===
If you are using the tar distribution so that the old version is in
/opt/MailScanner and the new one is in /opt/MailScanner.new then:
cd /opt/MailScanner.new/etc
../bin/upgrade_MailScanner_conf /opt/MailScanner/etc/MailScanner.conf /opt/MailScanner.new/etc/MailScanner.conf > MailScanner.new
mv -f MailScanner.conf MailScanner.old
mv -f MailScanner.new MailScanner.conf
NOTE
====
To keep your old comments in your original file, add “–keep-comments”
to the command line. Note that this will mean you don’t get to find
out any extra new values you might be able to use in existing “improved”
configuration options.
”
I’ve also posted on upgrades separately on this site, so have a look in the MailScanner category archives
Regards
Michele