Install qmail-scanner

qmail-scanner is an alternate queuing system for qmail.

Qmail-scanner is going to allow us to integrate Clam Antivirus and SpamAssassin into our qmail server's mail queue. Once qmail-scanner is installed, there will be a master script that is filled with configuration options that help you to tailor the functionality of Clam Antivirus and SpamAssassin to your needs.

We have patched qmail source to support it on step 2 and we have implemented it on step 10. It's now time to install it ;-)

cd /downloads/
tar zxvf q-s-2.10st-20111118.tgz
cd /downloads/qmail-scanner-2.10st

./configure --admin postmaster --domain your_domain --local-domains "your_domain" --sa-quarantine 5 --ignore-eol-check yes --add-dscr-hdrs yes --notify psender,admin --sa-report yes --fix-mime 1 --unzip 1 --archive 0 --silent-viruses auto --redundant no --log-crypto 0

./configure --admin postmaster --domain your_domain --local-domains "your_domain" --sa-quarantine 5 --ignore-eol-check yes --add-dscr-hdrs yes --notify psender,admin --sa-report yes --fix-mime 1 --unzip 1 --archive 0 --silent-viruses auto --redundant no --log-crypto 0 --install 1

ln -s /var/spool/qscan /var/log/qmail/qscan

Let's test it ... First swich to a non-privilegied user account

su - non-privilegied_user_account
/var/qmail/bin/qmail-scanner-queue.pl -g

You should have an answer like this:

perlscanner: generate new DB file from /var/spool/qscan/quarantine-events.txt
perlscanner: total of 35 entries.

Switch back to root account:

exit

Add it in the logrotation system

cp /downloads/qmail-scanner-2.10st/contrib/logrotate.qmail-scanner /etc/logrotate.d/qmail-scanner
chmod 644 /etc/logrotate.d/qmail-scanner

Launch qmail

qmailctl restart
qmailctl stat

You should see something like that:

/service/qmail-send: up (pid 17762) 63 seconds
/service/qmail-send/log: up (pid 17763) 63 seconds
/service/qmail-smtpd: up (pid 18500) 63 seconds
/service/qmail-smtpd/log: up (pid 17767) 63 seconds
/service/qmail-smtpdssl: up (pid 18496) 63 seconds
/service/qmail-smtpdssl/log: up (pid 17773) 63 seconds
messages in queue: 0
messages in queue but not yet preprocessed: 0

If you notice than some service stays at 1 second, check the corresponding log to debug it

tail /var/log/qmail/qmail-send/current
tail /var/log/qmail/qmail-smtpd/current
tail /var/log/qmail/qmail-smtpdssl/current

Test combinaison of qmail-scanner, spamassassin and clamav

cd /downloads/qmail-scanner-2.10st/contrib
chmod 755 test_installation.sh
./test_installation.sh -doit

You should have an answer like this

Sending standard test message - no viruses... 1/4
done!

Sending eicar test virus - should be caught by perlscanner module... 2/4
done!

Sending eicar test virus with altered filename - should only be caught by commercial anti-virus modules (if you have any)... 3/4
done!

Sending bad spam message for anti-spam testing - In case you are using SpamAssassin... 4/4

If you have enabled $sa_quarantine, $sa_delete or $sa_reject the
spam-message wont't arrive to the recipients. But if you have enabled
(good idea!) 'minidebug' or 'debug' you should check
/var/spool/qscan/qmail-queue.log (or where ever you have the log).

Done!

Finished test. Now go and check Email sent to postmaster@domain.tld and/or the log..

Check the first statistics

/var/spool/qscan/log-report.sh /var/spool/qscan/qmail-queue.log

You should have an answer like this

5 Messages processed
1 Virus Eicar-Test-Signature
1 Spam quarantined
1 Policy blocked

OPTIONAL : You can receive daily statistics

echo '/var/spool/qscan/log-report.sh /var/spool/qscan/qmail-queue.log |mail YOUR E-MAIL ADDRESS' > /etc/cron.daily/qmailscanner-report
chmod 755 /etc/cron.daily/qmailscanner-report

Test Qmail

Users comments

Thibs - 25/01/2012 11:13

@Tokie :

Try dpkg-reconfigure locales

Choose the locales you want to install. Choose at least it_IT ISO-8859-1

Then select it_IT ISO-8859-1 as default

Note that I'm not sur of this solution ... but as the author of the patch is italian, I suppose he has an italian translation ;-)

Tokie - 20/01/2012 10:43

Hi to all,

i'm an italian user and I had the following matter:

root@debian:/downloads/qmail-scanner-2.10st# ./configure --admin postmaster --domain wivagroup.com --local-domains "wivagroup.com" --sa-quarantine 5 --ignore-eol-check yes --add-dscr-hdrs yes --notify psender,admin --sa-report yes --fix-mime 1 --unzip 1 --archive 0 --silent-viruses auto --redundant no --log-crypto 0

Building Qmail-Scanner 2.10st-20111118...

***** NOTE ******

Qmail-Scanner doesn't have language translations for it_IT.UTF-8

root@debian:/downloads/qmail-scanner-2.10st#

I don't have found a solution on internet, so I modify the file configure replacing the en-GB with it_IT.

configure it's too big to past here; if anyone needs the files contact me by email.

Bye

Jevgenijus - 19/01/2012 21:20

I've done this task in another way, I've cutted off the patch bit with antivirus and antispam part.

Thibs - 18/01/2012 01:30

@Jevgenijus : If you want to avoid it, you just have to comment QMAILQUEUE variable in /etc/service/qmail-smtpd/run

Jevgenijus - 17/01/2012 22:00

Like an option it could be nice have a choice to make installation without antivirus ant antispam filtering, cause where are sistems who goes after Antispam/antivirus gateways, so nothing to check, all emails are already checked or tagged with some spam flags:)

Thibs - 28/11/2011 16:02

@Dbrandib : Check page removemta.php for complete procedure on how to remove installed MTA

Dbrandib - 24/11/2011 23:01

Solved!!! I have a sendmail running on 25 port. I did not remove it properly. After check processes by netstat -anp |grep LIST I found that process running. I killed it, remove package, restart qmail and now everything is fine.

Regards

Dbrandib - 24/11/2011 18:26

Dear all,

after follow all guide I have an error on qmail-smtpd. The error is:

" tcpserver: fatal: unable to bind: address already used"

Any idea?

Regards

Thibs - 18/11/2011 00:12

@lawrence : I'm currently testing simscan and I plan to make a page about it. My only fear is about the last release date (4 years ago).

I plan to describe dovecot too. As far as I know, the standard Debian package is compiled with the option "--without-vpopmail". I have to decide if I'll described how to recompile the package with vpopmail or if I'll describe with MySQL authentication

Lawrence - 17/11/2011 20:26

I would actually suggest dumping qmail-scanner, and using simscan.

Its a lot faster, and less resource heavy.

Also slots in quite nicely with qmailrocks/jms with minimal changes.

Similar for courier - I use dovecot - again, much easier to install, and use.

Thibs - 24/10/2011 23:17

@Lawmanlkm

Those links should interrest you :

https://www.antagonism.org/mail/tnefclean-maildrop.shtml

https://www.antagonism.org/mail/policy-qms.shtml

Thibs - 20/10/2011 16:42

@Lawmanlkm

aptitude install tnef

Lawmanlkm - 11/10/2011 09:22

How to integrate tnef decoder with qmail-scanner in order to prevent winmail.dat?

Hip0 - 02/08/2011 21:43

One step before testing with qmailscan, that is missed is:

/etc/init.d/clamav-daemon restart

/etc/init.d/clamav-freshclam restart

If this two commands are missed:

root@debian:/downloads/qmail-scanner-2.08st/contrib# ./test_installation.sh -doit

Sending standard test message - no viruses... 1/4

qmail-inject: fatal: qq temporary problem (#4.3.0)

Bad error. qmail-inject died

Kfcs - 06/02/2011 15:05

It seems that I needed to restart the system after installing demontools in order for svscan to be started. Alternatively svscan could be startde manually.

This fixed it.

Thibs - 16/01/2011 22:11

@KFCS It seems you've missed something at this step

Kfcs - 09/01/2011 03:32

On Lucid. When trying to atart/stat qmail, I got:

root@kfcs:/downloads/qmail-scanner-2.08st# qmailctl start
Starting qmail

qmail-send supervise not running
qmail-smtpd supervise not running
qmail-smtpd supervise not running
root@kfcs:/downloads/qmail-scanner-2.08st# qmailctl stat
/service/qmail-send: unable to open supervise/ok: file does not exist
/service/qmail-send/log: unable to open supervise/ok: file does not exist
/service/qmail-smtpd: unable to open supervise/ok: file does not exist
/service/qmail-smtpd/log: unable to open supervise/ok: file does not exist
/service/qmail-smtpdssl: unable to open supervise/ok: file does not exist
/service/qmail-smtpdssl/log: unable to open supervise/ok: file does not exist
messages in queue: 0
messages in queue but not yet preprocessed: 0
root@kfcs:/downloads/qmail-scanner-2.08st#

Goofy - 15/08/2010 21:13

Hmm, while doing this on LUCID got stuck here for a while...

Complaining when executing ./test_installation.sh -doit about:
qmail-inject: fatal: qq temporary problem (#4.3.0)
Bad error. qmail-inject died

Errors in /var/log/clamav/clamav.log ->
WARNING: lstat() failed on: /var/spool/qscan/tmp/mail<numbers>

Errors in /var/log/qmail/qscan/qmail-queue.log ->
subj='Qmail-Scanner test (1/4): inoffensive message', via local process <number> <data> error_condition: X-Qmail-Scanner-2.08st: clamdscan: corrupt or unknown clamd scanner error or memory/resource/perms problem - exit status 512/2

Errors in /var/log/kern/log ->
type=1503 audit(<number>): operation="open" pid=<number> parent=1 profile="/usr/sbin/clamd" requested_mask="r::" denied_mask="r::" fsuid=168 ouid=168 name="/var/spool/qscan/tmp/mail<number>/"

It turns out that the APP-ARMOR profile for clamav is not correct....

By executing "aa-complain /usr/sbin/clamd" the profile is put in complain mode and the command "./test_installation.sh -doit" is doing it's job :-)

Color Coded Qmail Installation Key
	Regular Black Text	Qmail installation notes and summaries by the author.
	Bold Black Text	Commands to be run by you, the installer.
	Bold/Regular Red Text	Vital and/or critical information.
	Regular Blue text	Denotes helpful tips and hints or hyperlinks.
	Regular Orange Text	Command line output.
	Bold/Regular green text	Denotes the contents of a file or script.