Extremely Serious

Month: January 2020

MailScanner with Postfix

Prerequisite

Resolving MailScanner Dependencies

  1. Run the following cpan commands one at a time (i.e. to see if they are successfully installed):
    sudo cpan -i Filesys::Df
    sudo cpan -i IO::Stringy
    sudo cpan -i DBI
    sudo cpan -i Net::CID
    sudo cpan -i Sys::SigAction
    sudo cpan -i MIME::Parser
    sudo cpan -i Archive::Zip
    sudo cpan -i OLE::Storage_Lite
    sudo cpan -i DBD::SQLite
  2. Install the following packages:
    sudo apt-get install unrar
    sudo apt-get install sqlite

Installing Clamav Antivirus

Run the following command:

sudo apt-get install clamav clamav-daemon

Integrating Clamav to MailScanner

  1. Update the /etc/MailScanner/MailScanner.conf to have the fields Virus Scanner and Clamd Socket to become as follows:
    Virus Scanner = clamd
    Clamd Socket = /var/run/clamav/clamd.ctl
  2. Restart the mailscanner service with the following command:
    sudo service mailscanner restart
  3. Update the file /etc/apparmor.d/usr.sbin.clamd to have the following entries:
      /var/spool/MailScanner/** rw,
      /var/spool/MailScanner/incoming/** rw,
  4. Restart the apparmor service with the following command:
    sudo systemctl restart apparmor.service

Installing and Updating Spamassassin

Run the following commands:

sudo apt-get install spamassassin
sudo sa-update
sudo service spamassassin start

Integrating MailScanner to Postfix

  1. Open the file /etc/postfix/main.cf for editing and add the following line and save:
    header_checks = regexp:/etc/postfix/header_checks
  2. Create the file /etc/postfix/header_checks with the following:
    /^Received:/ HOLD
  3. Open the file /etc/MailScanner/MailScanner.conf for editing and update with the following if necessary:
    Run As User = postfix
    Run As Group = postfix
    Incoming Queue Dir = /var/spool/postfix/hold
    Outgoing Queue Dir = /var/spool/postfix/incoming
    MTA = postfix
  4. Open the file /etc/MailScanner/defaults for editing and update with the following if necessary:
    run_mailscanner=1
  5. Update the group of /var/spool/MailScanner to mtagroup and allow the it write permission as follows:
    sudo chown :mtagroup /var/spool/MailScanner
    sudo chmod 775 MailScanner
  6. Prepare spamassassin's directory using the following commands:
    sudo mkdir /var/spool/MailScanner/spamassassin
    sudo chown postfix /var/spool/MailScanner/spamassassin
  7. Update the permission of the MailScanner's incoming and quarantine folders with the following commands:
    sudo chown postfix.mtagroup /var/spool/MailScanner/incoming
    sudo chmod 770 /var/spool/MailScanner/incoming
    sudo chown postfix.mtagroup /var/spool/MailScanner/quarantine
  8. Restart the mailscanner service with the following command:
    sudo service mailscanner restart

Related Post
Configuring Email Server with Postfix and Dovecot:

Configuring Email Server with Postfix and Dovecot

Prerequisite

  • privkey.pem file
  • fullchain.pem file

Installing Postfix

Run the following commands:

sudo apt-get update
sudo apt-get install postfix

Configuring Postfix

  1. Run the following command:
    sudo dpkg-reconfigure postfix

    Configuration questions:

    1. Select OK to proceed.
    2. Choose Internet Site.
    3. System Mail Name: <EMAIL_DOMAIN>
    4. Other destinations for mail: <EMAIL_DOMAIN>, localhost.<EMAIL_DOMAIN>, localhost
    5. Force synchronous updates on mail queue?: No
    6. Local networks: 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
    7. Use procmail for local delivery?: No
    8. Mailbox size limit (bytes): 0
    9. Local address extension character: +
    10. Internet protocols to use: all

    Feel free to answer the preceding questions based on your setup. Just replace the EMAIL_DOMAIN (i.e. example.com) with a valid value.

  2. Create the following folder:
    /etc/postfix/ssl
  3. Copy the your privkey.pem and fullchain.pem to /etc/postfix/ssl.
  4. Do additional configurations by executing the following commands:
    sudo postconf -e 'smtpd_sasl_local_domain ='
    sudo postconf -e 'smtpd_sasl_auth_enable = yes'
    sudo postconf -e 'smtpd_sasl_security_options = noanonymous'
    sudo postconf -e 'broken_sasl_auth_clients = yes'
    sudo postconf -e 'smtpd_recipient_restrictions =  permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination'
    sudo postconf -e 'inet_interfaces = all'
    sudo postconf -e 'smtp_tls_security_level = may'
    sudo postconf -e 'smtpd_tls_security_level = may'
    sudo postconf -e 'smtpd_tls_auth_only = no'
    sudo postconf -e 'smtp_tls_note_starttls_offer = yes'
    sudo postconf -e 'smtpd_tls_loglevel = 1'
    sudo postconf -e 'smtpd_tls_received_header = yes'
    sudo postconf -e 'smtpd_tls_session_cache_timeout = 3600s'
    sudo postconf -e 'tls_random_source = dev:/dev/urandom'	
    sudo postconf -e 'mua_client_restrictions = permit_sasl_authenticated,reject'
    sudo postconf -e 'mua_helo_restrictions = permit_mynetworks, permit_sasl_authenticated'
    sudo postconf -e 'mua_sender_restrictions = permit_sasl_authenticated'
    sudo postconf -e 'smtpd_tls_key_file = /etc/postfix/ssl/privkey.pem'
    sudo postconf -e 'smtpd_tls_cert_file = /etc/postfix/ssl/fullchain.pem'
    sudo postconf -e 'myhostname = ronella.xyz'
  5. Create or update the /etc/postfix/sasl/smtpd.conf with the following:
    pwcheck_method: saslauthd
    mech_list: plain login
  6. In the /etc/postfix/master.cf file, uncomment the submission section and must be like the following entries:
    submission inet n       -       y       -       -       smtpd
      -o syslog_name=postfix/submission
      -o smtpd_tls_security_level=encrypt
      -o smtpd_sasl_auth_enable=yes
      -o smtpd_reject_unlisted_recipient=no
      -o smtpd_client_restrictions=$mua_client_restrictions
      -o smtpd_helo_restrictions=$mua_helo_restrictions
      -o smtpd_sender_restrictions=$mua_sender_restrictions
      -o smtpd_recipient_restrictions=
      -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
      -o milter_macro_daemon_name=ORIGINATING
  7. Also in the same file, uncomment the smtps section and must be like the following entries:
    smtps     inet  n       -       y       -       -       smtpd
      -o syslog_name=postfix/smtps
      -o smtpd_tls_wrappermode=yes
      -o smtpd_sasl_auth_enable=yes
      -o smtpd_reject_unlisted_recipient=no
      -o smtpd_client_restrictions=$mua_client_restrictions
      -o smtpd_helo_restrictions=$mua_helo_restrictions
      -o smtpd_sender_restrictions=$mua_sender_restrictions
      -o smtpd_recipient_restrictions=
      -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
      -o milter_macro_daemon_name=ORIGINATING
  8. Update the owner and group of /var/spool/postfix directory to become postfix as follows:
    sudo chown postfix:postfix /var/spool/postfix
  9. Restart the postfix service with the following command:
    sudo systemctl restart postfix

Installing SASL

Run the following command:

sudo apt-get install libsasl2-2 sasl2-bin libsasl2-modules

Configuring SASL

  1. Open the /etc/default/saslauthd file for editing.
  2. Search for START=no and change it like the following:
    START=yes
  3. Add the following entries just after preceding entry:
    PWDIR="/var/spool/postfix/var/run/saslauthd"
    PARAMS="-m ${PWDIR}"
    PIDFILE="${PWDIR}/saslauthd.pid"
  4. Search for OPTIONS="-c -m /var/run/saslauthd" and change it like the following:
    OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd"
  5. Update the dpkg state using the following command:
    sudo dpkg-statoverride --force --update --add root sasl 755 /var/spool/postfix/var/run/saslauthd
  6. Create a symbolic link using the following command:
    sudo ln -s /etc/default/saslauthd /etc/saslauthd
  7. Restart the sasl service using the following command:
    sudo service saslauthd restart

Installing Dovecot

Run the following command:

sudo apt-get install dovecot-core dovecot-imapd dovecot-pop3d

The default location of the mail directory is /var/mail.

Configuring Dovecot

  1. Update the certificate location in the file /etc/dovecot/conf.d/10-ssl.conf to be as follows:
    ssl_cert = </etc/postfix/ssl/fullchain.pem
    ssl_key = </etc/postfix/ssl/privkey.pem
  2. Restart the dovecot service using the following command:
    sudo service dovecot restart

Related Posts
Basic Postfix Management
Creating an Email Alias
MailScanner with Postfix

Basic Postfix Management

CommandDescription
postqueue -pDisplay the queue
postcat -vq <QUEUE_ID>View the content of the email
postsuper -d ALLRemove all emails
postsuper -d <QUEUE_ID>Remove a particular email
postqueue -i <QUEUE_ID>Attempt to send one particular email
Token Description
QUEUE_ID Can be identified by displaying the queue.

Using Rsync to Sync a Local Directory to Another Local Directory

Syntax

To sync some of your local directories to another local directory, you can use the following syntax:

rsync -av -L --delete <DIR1>[[ <DIR2>] <DIRn>] <DESTINATION_DIR>
Token Description
DIR1, DIR2, DIRn These are the local directories you've wanted to be synced. Only DIR1 is required and the rest are optional.
DESTINATION_DIR The destination directory on the remote machine.

Example

rsync -av -L --delete /var/log/ /data/log/

Useful Environment Variable for Git Troubleshooting

VariableDescriptionPossible Values
GIT_CURL_VERBOSETells Git to emit all the messages generated by that library. This is similar to doing curl -v on the command line.1
GIT_SSL_NO_VERIFYTells Git not to verify SSL certificates.true
GIT_TRACEControls general traces1, 2 or true
GIT_TRACE_PACKETEnables packet-level tracing for network operations.true