[CentOS] Anti Virus and Anti Spam

Tue Sep 2 01:58:02 UTC 2008
Eucke <eucke at eucke.com>

horas simalango wrote:
> I am using sendmail as MTA, and I am looking for free anti virus.
> About the milter, where can I download it?
>
> Thank you
>
> Horasima

I don't think all of this is available via the the conventional centos 
mirrors but I'd bet they're on Dag's as well as a few others.  find one 
you trust. 

I am pasting the following from this website  
http://www.be4mind.com/?q=node/190
I gave it a once over and it looks fairly complete.  This write includes 
adding greylisting as well.


PLEASE COPY CONFIGURATION FILE OPTIONS FROM THE ATTACHED DOCUMENT 
(NEWLINES PROBLEMS IN HTML) OTHERWISE SOMETHING COULD GO WRONG 
(EXPECIALLY WITH SENDMAIL).

Follow these steps to try stopping sPaMmErs :)

1. CONFIGURING YUM REPOSITORIES
[root at mailserver ~]# wget http://centos.karan.org/kbsingh-CentOS-Extras.repo
[root at mailserver ~]# wget http://centos.karan.org/kbsingh-CentOS-Misc.repo
[root at mailserver ~]# mv *.repo /etc/yum.repos.d/
[root at mailserver ~]# rpm --import 
http://centos.karan.org/RPM-GPG-KEY-karan.org.txt
[root at mailserver ~]# wget 
http://dag.wieers.com/packages/rpmforge-release/rpmforge-release-0.3.6-1.el4.rf.i386.rpm
[root at mailserver ~]# rpm -ivh rpmforge-release-0.3.6-1.el4.rf.i386.rpm

2. INSTALLING REQUIRED PACKAGES
#FROM kbsingh
[root at mailserver ~]# yum install milter-greylist spamassassin 
spamass-milter pyzor

#FROM rpmforge
[root at omafoligno ~]# yum install clamd.i386
Installed: clamd.i386 0:0.90.3-1.el4.rf
Dependency Installed: clamav.i386 0:0.90.3-1.el4.rf clamav-db.i386 
0:0.90.3-1.el4.rf
Complete!
[root at omafoligno mail]# yum install clamav-milter.i386
Installed: clamav-milter.i386 0:0.90.3-1.el4.rf
Complete!

3. SENDMAIL CONFIGURATION
-Backup your sendmail config files and edit sendmail.mc:
[root at mailserver ~]# cd /etc/mail
[root at mailserver mail]# cp sendmail.mc sendmail.mc.orig
[root at mailserver mail]# mv sendmail.cf sendmail.cf.orig

-Add the following line just before the two MAILER lines:
[root at mailserver mail]# vi sendmail.mc

[...]
dnl #--------------------------------------------------------
dnl # ANTISPAM/VIRUS AND GREYLIST AND DNSBL
dnl #--------------------------------------------------------
FEATURE(`dnsbl',`relays.ordb.org')dnl
FEATURE(`dnsbl',`list.dsbl.org')dnl
FEATURE(`dnsbl',`sbl-xbl.spamhaus.org')dnl
INPUT_MAIL_FILTER(`greylist',`S=local:/var/lib/milter-greylist/run/milter-greylist.sock')
define(`confMILTER_MACROS_CONNECT', `j, {if_addr}')
define(`confMILTER_MACROS_HELO', `{verify}, {cert_subject}')
define(`confMILTER_MACROS_ENVFROM', `i, {auth_authen}')
INPUT_MAIL_FILTER(`spamassassin', 
`S=local:/var/run/spamass-milter/spamass-milter.sock, 
F=,T=C:15m;S:4m;R:4m;E:10m')dnl
INPUT_MAIL_FILTER(`clamav', `S=local:/var/clamav/clmilter.socket, F=T, 
T=S:4m;R:4m')
dnl #--------------------------------------------------------
MAILER(smtp)dnl
MAILER(procmail)dnl

-Compile sendmail.mc:
[root at mailserver mail]# m4 sendmail.mc > sendmail.cf

4. CONFIGURE SPAMASSASIN
-There's a nice spamassasin configurator at:
http://www.yrex.com/spam/spamconfig.php

-Create your config file and put it in /etc/mail/spamassassin/local.cf
[root at mailserver mail]# cp /etc/mail/spamassassin/local.cf 
/etc/mail/spamassassin/local.cf.orig
[root at mailserver mail]# vi /etc/mail/spamassassin/local.cf
---------------------------------------------------------------------------------
# SpamAssassin config file for version 3.x
# NOTE: NOT COMPATIBLE WITH VERSIONS 2.5 or 2.6
# See http://www.yrex.com/spam/spamconfig25.php for earlier versions
# Generated by http://www.yrex.com/spam/spamconfig.php (version 1.50)

# How many hits before a message is considered spam.
required_score 3.0

# Change the subject of suspected spam
rewrite_header subject *****SPAM*****

# Encapsulate spam in an attachment (0=no, 1=yes, 2=safe)
report_safe 1

# Enable the Bayes system
use_bayes 1

# Enable Bayes auto-learning
bayes_auto_learn 1

# Enable or disable network checks
skip_rbl_checks 0
use_razor2 1
use_pyzor 1

# Mail using locales used in these country codes will not be marked
# as being possibly spam in a foreign language.
ok_locales en

## General Whitelist
## Be careful using "whitelist_from" can be easly forged by spammers, use
## trusted_networks combined with whitelist_from_rcvd instead
#internal_networks 127.0.0.1 192.168.1.0/24
#trusted_networks 127.0.0.1 192.168.1.0/24 64.233.0.0/16
#whitelist_from_rcvd *@gmail.com *gmail.com,*google.com
#whitelist_from matte at somedomain.com
---------------------------------------------------------------------------------

5. CONFIGURE CLAMAV:
Make sure config files are enabled by editing them as follows:
[root at mailserver mail]# vi /etc/freshclam.conf
Comment or remove the line below.
#Example

[root at mailserver mail]# vi /etc/clamd.conf
Comment or remove the line below.
#Example

Edit freshclam config file and remove or comment last line with 
FRESHCLAM_DELAY
directive. Optionally run freshclam from the root console to check that 
everything
works.

Use the cron daemon to run freshclam.
You have to add the following line to the crontab of root or clamav user:

N * * * * /usr/local/bin/freshclam --quiet

to check for a new database every hour. N should be a number between 3 
and 57 of your choice.
Don't choose any multiple of 10, because there are already too many 
clients using those time slots.

6. GREYLIST CONFIGURATION:
Edit /etc/mail/greylist.conf and add your WAN/LAN address to the whitelist:
addr 192.168.0.0/24 # (for example)

Check new version of the servers which brake grey-list functionality for 
some reasons at:
http://cvs.puremagic.com/viewcvs/greylisting/schema/whitelist_ip.txt

Add GMail Servers to the whitelist:
addr 64.233.0.0/16 # GMAIL

Infact, it seems that GMail tries to resend the same email with multiple 
different ip addresses
causing a large delay.

You can change the `greylist` directive (default 30m which stands for 30 
minutes of delay) and `dumpfreq` directive (interval for dumping the db 
file, 0 means at dump at every change) for your needs.

7. ENABLE SERVICES
[root at mailserver mail]# chkconfig clamav-milter on
[root at mailserver mail]# chkconfig clamd on
[root at mailserver mail]# chkconfig milter-greylist on
[root at mailserver mail]# chkconfig spamassassin on
[root at mailserver mail]# chkconfig spamass-milter on
[root at mailserver mail]# service clamd start
Starting clamd: [ OK ]
[root at mailserver mail]# service clamav-milter start
Starting clamav-milter: [ OK ]
[root at mailserver mail]# service milter-greylist start
Starting Milter-Greylist: [ OK ]
[root at mailserver mail]# service spamassassin start
Starting spamd: [ OK ]
[root at mailserver mail]# service spamass-milter start
Starting SpamAssassin milter (spamass-milter): [ OK ]
[root at mailserver mail]# /etc/init.d/sendmail restart
Shutting down sendmail: [ OK ]
Shutting down sm-client: [ OK ]
Starting sendmail: [ OK ]
Starting sm-client: [ OK ]