Installation and Configuration of Mailwatch for MailScanner

MailWatch for MailScanner is a web-based front-end to MailScanner and features include displays of inbound/outbound mail queue size, load Average and today’s totals for messages, spam, viruses and blocked content on each page header, Quarantine management allows you to release, delete or run sa-learn across any quarantined messages etc.

Tested on CentOS 4.4, MailScanner ver. 4.57.6, Sendmail-8.13

Requirements:

a.    Working MailScanner setup
b.    MySQL
c.    Apache
d.    PHP (w/ MySQL and GD Support)
e.    Perl
f.    DBD
g.    DBD-MySQL

PHP configuration (php.ini) as follows:
•    short_open_tag = On
•    safe_mode = Off
•    register_globals = Off
•    magic_quotes_gpc = On
•    magic_quotes_runtime = Off
•    session.auto_start = 0
Install also PHP-GD, PHP-MySQL
#yum install php-gd
#yum install php-mysql

1.    Download the source tarball in http://mailwatch.sourceforge.net , latest stable version is 1.0.3.

2.    Uncompress the tarball file in /usr/local/src
#tar zxvf mailwatch-1.0.3.tar.gz
#cd mailwatch

3.    Create the database
#mysql –p < create.sql

4.    Create a MySQL user/password and setup MailScanner for SQL Logging
#mysql –u root –p
mysql> GRANT ALL ON mailscanner.* TO mailwatch@localhost IDENTIFIED BY ‘<password>’;

5.    Edit and Copy Mailwatch.pm
Change the $db_user and $db_pass values accordingly and move MailWatch.pm to /usr/lib/MailScanner/MailScanner/CustomFunctions
#vi Mailwatch.pm
#mv Mailwatch.pm /usr/lib/MailScanner/MailScanner/CustomFunctions

6.    Create a Mailwatch web user
# mysql mailscanner -u mailwatch -p
Enter password: ******
mysql> INSERT INTO users VALUES (‘username’,md5(‘password’),’name’,’A’,’0′,’0′,’0′,’0′,’0′);

7.    Install and Configure Mailwatch
Move the mailscanner directory “mailscanner” to web server’s root directory
# cd /usr/local/src/mailwatch
#mv mailscanner /var/www/html

8.    Change the permission of /var/www/html/mailscanner/images and var/www/html/mailscanner/images/cache
# chown root:apache images
# chmod ug+rwx images
# chown root:apache images/cache
# chmod ug+rwx images/cache

9.    Create conf.php by copying conf.php.example and edit the values to suit, you will need to set DB_USER and DB_PASS to the MySQL user and password that you created earlier
#cp conf.php.example conf.php
#vi conf.php

For MailScanner verions 4.43 or later, you can activate the new functionality by setting QUARANTINE_USE_FLAG to true in conf.php – if you do this, you must disable the clean.quarantine script supplied by MailScanner and use the new quarantine_maint.php script in the tools directory instead

To disable the clean.quarantine script edit /pathtomailmailscanner/bin/cron/clean.quarantine.cron and change from $disabled = 0; to $disabled = 1;
#vi /etc/cron.daily/clean.quarantine

To clean the quarantine, set ‘QUARANTINE_DAYS_TO_KEEP’ in conf.php and run ‘./quarantine_maint –clean’.
This should then be run daily from cron: you can do this by running

#echo “/usr/local/src/mailwatch/tools/quarantine_maint.php –clean” > /etc/cron.daily/mailwatch_quarantine_maint.sh
#chmod +x /etc/cron.daily/mailwatch_quarantine_maint.sh

then execute:
#/etc/cron.daily/mailwatch_quarantine_maint.sh

10.    Setup MailScanner
Stop MailScanner first
#service sendmail stop
#service MailScanner stop

11.    Edit /etc/MailScanner/MailScanner.conf  and make sure the following options are set:
•    Quarantine User = root
•    Quarantine Group = apache (this should be the same group as your web server)
•    Quarantine Permissions = 0660
•    Quarantine Whole Message = yes
•    Quarantine Whole Message As Queue Files = no
•    Detailed Spam Report = yes
•    Include Scores In SpamAssassin Report = yes
•    Always Looked Up Last = &MailWatchLogging
Spam Actions and High Scoring Spam Actions should also have ‘store’

12.    Start MailScanner up again and monitor the logs
#service MailScanner start
#tail –f /var/log/maillog

You should see something like:
Jan 1 12:18:23 hoshi MailScanner[26388]: MailScanner E-Mail Virus Scanner version 4.20-3 starting…
Jan 1 12:18:24 hoshi MailScanner[26388]: Config: calling custom init function MailWatchLogging
Jan 1 12:18:24 hoshi MailScanner[26388]: Initialising database connection
Jan 1 12:18:24 hoshi MailScanner[26388]: Finished initialising database connection

13.    Test  Mailwatch interface
Access using browser: http://hostname/mailscanner, then enter username and password (MailWatch web user that you created earlier) when prompted.

Procedures when messages quarantined again when release in Mailwatch

You need to bypass certain checks for messages from 127.0.0.1 to allow the released messages to pass through MailScanner without being quarantined again.

1. Set the following in /etc/Mailscanner/Mailscanner.conf:

Filename Rules = %etc-dir%/filename.rules
Filetype Rules = %etc-dir%/filetype.rules
Dangerous Content Scanning = %rules-dir%/content.scanning.rules
Is Definitely Not Spam = %rules-dir%/spam.whitelist.rules

2.    Create the files needed:

a.#vi /etc/MailScanner/rules/filename.rules
then set as follows:
From:          127.0.0.1       /etc/MailScanner/filename.rules.allowall.conf
FromOrTo:      default         /etc/MailScanner/filename.rules.conf

b.#vi /etc/MailScanner/rules/filetype.rules
then set as follows:
From:          127.0.0.1       /etc/MailScanner/filetype.rules.allowall.conf
FromOrTo:      default         /etc/MailScanner/filetype.rules.conf

c. #vi /etc/MailScanner/filename.rules.allowall.conf
then set as follows:
allow   .*      –       –

d. #vi /etc/MailScanner/filetype.rules.allowall.conf
then set as follows:
allow   .*      –       –

e. #vi /etc/MailScanner/rules/content.scanning.rules
From:           127.0.0.1      no
FromOrTo:       default        yes

f. Append to the spam.whitelist.rules
#vi /etc/Mailscanner/rules/spam.whitelist.rules
From:           127.0.0.1      yes
FromOrTo:       default        no

Share

About the author

tux

View all posts

3 Comments

  • Quarantine Report mails are marked as spam and delivered as empty reports.
    Any solution for this?

  • This is just a copy and paste from the original tutorial. Why should I read this?

  • Hello admin, i must say you have high quality posts here.

    Your page should go viral. You need initial traffic boost only.
    How to get it? Search for; Mertiso’s tips go viral

Leave a Reply