Installing qmail-scanner on linux / plesk

Posted by on Jan 18, 2009 in Mail, PLESK | 39 comments

Qmail-Scanner is a very versatile tool for linux which allows you to scan any email that passes your system with various brands of virus scanners, including the open source ClamAV. Alongside the more thorough scan and possibility to audit content, I find the archiving feature very useful.

One particularly useful bit of qmail-scanner is that you don’t need to recompile qmail for patching, which can be a mamoth task on PLESK run systems (specifically VPSes in Virtuozzo)

For this installation, I am on a fresh install of CentOS 5.2 on a PLESK 8.6 VPS server, and assumes that qmail is installed and working properly.

I’d love to hear how compatable this How-To is. I tried doing this on a Fedora 7 PLESK 8.2 (and upgraded to 8.6) dedicated but it didn’t work out due to conflict between courier and maildrop during installation. I gave up as F7 isn’t even supported by Fedora, so if you still use it, think of an upgrade first … a good hosting provider should give you the option to upgrade.

Installation Instructions

Firstly we must install the atomic yum repository. Run this command :

wget -q -O – http://www.atomicorp.com/installers/atomic.sh | sh

And it should install it for you. All this does is creat yum .repo files in your /etc/yum.repos.d/ directory for atomic and plesk (gives you the option during install). For manual installation instructions please visit http://www.atomicrocketturtle.com .

Firstly, it’s probably a good idea to shut down your mail server for a bit. Do it using plesk via command interface like so

/usr/local/psa/bin/service ––stop smtp
/usr/local/psa/bin/service ––stop mail
/usr/local/psa/bin/service ––stop spamassassin
/usr/local/psa/bin/service ––stop drweb

Firstly we erase drweb antivirus and the psa-spamassassin from the system. These will be replaced by clamav and the normal spamassassin. Sadly this will mean losing some interactivity in PLESK (8.6 downwards, but probably in later versions too) as you can’t configure regular spamassassin via the web interface. Fortunately, once you get that working well it’s probably something best left alone anyway…

yum erase drweb-qmail psa-spamassassin

Now we install the various packages needed for qmail-scanner and to operate. Some of the following packages may already be on your system (perl libraries were on the test CentOS VPS I used)

yum install daemontools perl-Archive-Tar perl-HTML-Parser perl-IO-Socket-INET6 perl-IO-Socket-SSL perl-IO-Zlib perl-Socket6

Next we install the virus and spam protection

yum install clamd spamassassin razor-agents dcc pyzor tnef

Then we finish with an install of qmail-scanner

yum install qmail-scanner

This is where I ran into problems with Fedora 7. You may run into problems here where maildrop confilcts with courrier… I didn’t see the point trying to fix a problem which may be due to an old unsupported OS… if anyone does run into this problem I’d be interested to know.

That’s the installation out of the way, now let’s continue with configuration…

Starting with clamav, we need to set some permissions up first.

chown -R qscand:qscand /var/log/clamav /var/run/clamav /var/clamav

You need to edit the file /etc/freshclam.conf so that the line “DatabaseOwner clamav” becomes “DatabaseOwner qscand”. This can be done using vi, or I prefer using WinSCP for file editing via shell.

Create the log file for freshclam and assign it appropriate permissions:

touch /var/log/clamav/freshclam.log
chown qscand:qscand /var/log/clamav/freshclam.log

Run

freshclam

Hopefully it shouldn’t give any errors. It might give errors the first time, but try running it twice and the errors should go. You should see something like this:

ClamAV update process started at Fri Jan 16 20:22:47 2009
main.cvd is up to date (version: 49, sigs: 437972, f-level: 35, builder: sven)
daily.cvd is up to date (version: 8872, sigs: 51302, f-level: 38, builder: ccordes)

If it doesn’t, the errors are usually fairly intuitive.

Also, if you have logrotate installed on your system, you may want to check the settings of the clamav entry, since it may create new logs under owner clamav, which will then create permission problems for you. Go to /etc/logrotate.d and verify the files starting with clamav and freshclam and make sure there is a line that looks like this:

create 644 qscand qscand

It may be you’ll find an entry like that but with clamav instead of qscand. Make sure you edit these so it looks like the line above.

Now we add fresclam to the crontab so that you get regularly updated and protected against the latest viruses. You can do this on the PLESK scheduler, or run this:

crontab -e

Add the following to it:

25 1 * * * /usr/bin/freshclam –quiet -l /var/log/clamav/freshclam.log

Finally, start clamav, check that it runs, and set it so that it runs on system startup. I tell it to restart as some OSes may already have it on, but if it’s not don’t worry, stopping the service will fail but it will start up properly.

service clamd restart
service clamd status
chkconfig clamd on

Spamassassin is farily easy. Just restart it like with clamav and verify it’s running and will start on start up.

service spamassassin restart

service spamassassin status
chkconfig spamassassin on

Qmail-scanner will take care of itself, so just run the following two commands :

qmail-scanner-reconfigure
chmod u+s /var/qmail/bin/qmail-scanner-queue.pl

The second command gives permissions to a file which sometimes chucks a wobbly if not set.

This bit is purely optional. I do it for convenience, because it really annoys me having remember loads of folder locations for logs. All I do here is add some shortcuts to the /var/log folder, which just makes plain sense to keep logs there ( logs in a log folder… genius :| why didn’t anyone else think of that sooner!? )

ln -s /usr/local/psa/var/log/maillog /var/log/qmail
ln -s /var/spool/qscan/qmail-queue.log /var/log/qmail-scanner

All we need to do now is start qmail, courrier and we’re good to go!

/usr/local/psa/bin/service ––start smtp
/usr/local/psa/bin/service ––start mail

That’s it! Send yourself a test mail and see how it goes! More posts with tips on customising your new email server installation coming soon!

DISCLAIMER : Please note that this information comes with no guarantees, and it’s recommended you test your installations somewhere first, or at least back your data up if you’re feeling brave!

39 Comments

  1. I’ve notice that the clamd service sometimes stalls on logrotates, and so the easiest solution I’ve found is to add the following script made by Bill Landry from SaneSecurity to the /etc/cron.hourly folder and let it revive clamd that way. You may want to add this file into the the /etc/logrotate.d folder too.

  2. This may not be revelant but i figured i’d post this anyway. If you’re using ubuntu 8.10 you may be in for some issues with the network manager. For some unknown reason it stops functioning. You will need to manually set you’re resolv.conf with your ISP’s DNS servers. That file is located in /etc/network/resolv.conf

  3. I have a VPS just like the one you wrote this article for. Your instructions worked flawlessly. I don’t think I could have done this without these directions. Thank you so very much!

    I either wasn’t able to identify the Plesk scheduler. If the page I found was the scheduler, I couldn’t figure out how to add a crontab to it. But your “crontab -e” worked just fine, except that I had to start vimtutor to get a refresher on vim.

    There are still some spam emails getting through to my email client (Thunderbird). I’m going to have to find ways to configure spamassassin, but your job here is done and I’m very grateful!

  4. Glad it helped Alan!

    One thing you can do is lower the Spam score to 4, and wait a few weeks for sa-learn to teach itself better spam detection.

  5. I’m not a linux expert but this with this tutorial very easy to install
    working well ……….

    Two questions , where can i change the spamlevel and the subject header ?

    With regards

  6. You can find this in the configuration file, /etc/mail/spamassassin/local.cf

    I’m not sure if it’s necessary to reflect the changes, but then restart your spamassassin by using the command “service spamd restart”

  7. Great tutorial,

    Can Someone tell how to updated to the latest version.
    I’m getting “Your ClamAV installation is OUTDATED”
    I’m using Centos , ive tried “yum update Clamd” and “yum update Clamav” but still gettiing
    “Your ClamAV installation is OUTDATED”

    Please help

    • I am getting this problem too. The reason is because a new version is out, but there is no RPM packages on the CentOS repositories. I’ll have to check around for an update too, but chances are an update will be around pretty soon given the popularity of the AV for linux.

  8. Can you please publish a tutorial “to uninstall qmail-scanner on linux / plesk”

    My server is very slow after installing qmail-scanner….

    Thanx in advance.

  9. We’d only be able to do that if we wanted to remove qmail-scanner from any systems we added them to, and currently that’s not something we need to do at the moment!

    Since Qmail-Scanner scans every incoming mail, it does have take a performance hit, so servers with lots of incoming mail do require reasonable specs.

    However, I can tell you with some certainty that you should be doing something like the following.

    /usr/local/psa/bin/service ––stop smtp
    /usr/local/psa/bin/service ––stop mail
    yum uninstall clamd spamassassin
    yum uninstall qmail-scanner
    yum install drweb-qmail psa-spamassassin
    /usr/local/psa/bin/service ––start smtp
    /usr/local/psa/bin/service ––start mail
    /usr/local/psa/bin/service ––start spamassassin
    /usr/local/psa/bin/service ––start drweb

    And then you may want to work backwards from this tutorial to remove/reset any changes you made to individual files and crontab. However, the above should get you going.

  10. A new package is available on the atomic repository for a newer clamav version.

    However, upon install you may get a problem which is solved here.

  11. ik have centos 5.2 but plesk 9.2.1 will this article work also on the new plesk versions?

  12. I can’t guarantee it will work but there is no reason why it should not. We are not really adding any programs to PLESK, just taking the AV and SA off.

  13. Excellent tutorial! Very well done. I only ran into one problem with my setup, and that was the step that requires you to type qmail-scanner-reconfigure. I had to run qmail-scanner-reconfigure.psa in order for mine to get setup properly. Once I figured this out, everything just magically started working flawlessly! I now have a great secure setup. Thank-you!

  14. A couple of things. On Plesk 9.2 and CentOS 5, we still ran into “Unable to open pipe to /var/qmail/bin/qmail-queue.orig” errors. Following all of the steps in all of the posts by anwarpp at the following page seemed to clear it up:

    https://atomicrocketturtle.com/forum/viewtopic.php?f=4&t=2683&start=30

    We also saw some errors related to:

    Unable to stat entry ‘/usr/local/psa/handlers/info/20-drweb-j718YV/executable’ or it is not link: No such file or directory

    Who knows how much extra processing time these failures were using up (probably not a lot but it makes my log file grow!). But, we discovered that some email users had previously turned on Dr. Web. Since Dr. Web is now turned off and “yum remove”d, we couldn’t go into the Plesk UI and unconfigure this handler. So, we manually fixed it by deleting all the files matching the pattern:

    /usr/local/psa/handlers/before-queue/recipient/user@domain.name/XX-drweb-XXXXXX
    (where user@domain.name is a valid email address and XX is replaced with characters unique to each account and Plesk installation)

    Thanks for the great writeup, NetWebLogic!

  15. One more thing… We also deleted any files matching the pattern:

    /usr/local/psa/handlers/before-remote/recipient/user@domain.name/XX-drweb-XXXXXX

    This is because some domains had set Anti-Virus scanning to scan both inbound and outbound email.

    • Yes, dr.web doesn’t uninstall very cleanly by the looks of it. I’ll look into amalgating the two tips there into the tutorial and save people a headache.

      Thanks for the information, and great stuff confirming that you could get this to work on PLESK 9.2!

  16. I’ve been having problems subscribing to this feed. It lets me subscribe and it loads in the rss reader program I use (which is netnewswire for mac) but it’s not showing new posts. A few duplicates too. Am I using the wrong url perhaps?

  17. Hi Larry,

    Very happy to hear you’re interested in the feed… The links at the bottom of the page work for me, which point to :

    http://feeds2.feedburner.com/netweblogic
    http://feeds2.feedburner.com/netweblogic_comments

    If you go directly to these pages you should see my feed with no problems.

  18. I have to say I’m really impressed with your posts and blog overall. I stumbled on your site accidentally but am now happy I did. I’ll be stopping in to read more often now. Thanks again !
    Thanks,
    Lou

  19. Great tutorial!
    It worked for me.
    Thank you !

  20. Very good, but all mail from local domains are scanned and most of them are detected as SPAM.
    How can I disable the spam filter for outgoing mails from local domains?

    • I've had this problem before, unfortunately there is no way (that I know of) to stop outgoing spam filtering. You can do two things:

      1. Set up whitelisting for your domain, but then you have to make sure you've got good rules for incoming mail, like checking agains BMS lists etc.
      2. Try sending a GTUBE message from your mailbox, it can help reset the detection of spam for your domain (There was an article explaining this somewhere but I can't find it anymore)

      Also, make sure your spam threshold is not too low, I use around 4 on most installs.

  21. Hey there,

    Just found this. I tried the first few steps but when I tried:

    yum install clamd spamassassin razor-agents dcc pyzor tnef

    yum responded saying it could not find any of the packages except spamassasin. I also cannot reinstall psa-spamassassin or drweb because it cannot find those.

    Any idea what I should do to help yum find all these packages?

    I have CentOS 5.2 as well.

    • Did you install the atomic repo as described above? Also, during installation you should say yes to the PLESK repo too.

    • Good lord. Because of the background I couldn't read it and I think I jumped past it. :-)

      Thanks.

    • Check out below for installing the atomic yum repo.
      http://www.atomicorp.com/channels/

      waedo, is the background of the text on this article not white for you? if not, what browser are you using?

  22. Sorry to be a bother, but I ran that and all it did was download an RPM. Should I then run that?

  23. Hi there,

    I wanted to let you know that I've run through it all and it seemed to install flawlessly. I'm going to look into configuring spamassasin now.

    As for the background, no – the top has a dark blue with ink splotches. I'm using IE6. The article is then on a light blue for the rest of it.

    • Good to hear.

      Thanks for letting us know about the IE6 bug. That'll be fixed soon.

  24. Thank you, just were looking for the way to shut down spamd before nightly tasks.

  25. Copy from other comment screen:

    Hi there! First of all — This solution is absolutely AWESOME!!! For anyone who is interested you can utilize this solution to actually by as much as 1 TERABYTE of storage for ONLY $259 per YEAR!!!

    See this page for more info: https://www.google.com/accounts/PurchaseStorage

    NetWebLogic (or anyone who knows a solution): I could REALLY use a bit of help here so I appreciate anyone providing me with some insight or a solution.

    Here is a brief background… I have a client of mine in the financial service industry who requires full email archiving to meet compliance standards.

    OK… so now to my issue.

    What I have found out is that federal regulations mandate that all these sent/received emails are NOT to be altered in any way shape or form. After reviewing this in detail I found out that what I actually need to do is include the full original email message as an attachment.

    So… What I an I am assuming anyone is my situation needs is a way to modify this script in some way by which each and every email that is archived actually includes the COMPLETE ORIGINAL sent or received email as an attachment.

    In an ideal situation I would actually like to have each archived email include the complete original email as an attachment, ensure this archived email shows the original “from” email address and “to” (as well as cc and bccs) and the original subject line prefaced by “ARCHIVE –”… Aside from actually attaching the original email message I think the email message body should show summary information of that email with the qmail scanner summary information on top, along with the first maybe 500 characters of the message body and thereafter the full email header.

    Does anyone here have the ability to help me modify this system to accomplish this. I would assume this would actually be fairly simple to modify but I unfortunately just don't have the experience needed to modify this script to efficiently create a new email message, attach the original one and include specific info from the original message.

    Thank you guys so much in advance for your help!

    Chris

  26. I have done all that …but most importantly I want to know how i can implement spamassassin rules that i get to download from http://www.rulesemporium.com/rules.htm

    Please assist instructions.

  27. How can I implement these very configurations using Postfix on Plesk?

    • You can't use this solution with postfix, as far as I know, postfix has a feature to archive outgoing mail by default, but not incoming.

  28. Hi very helpful guide, just run into a problem though, everything installed fine, but no mail is getting delivered and i'm getting the following error in the qmail log

    X-Qmail-Scanner-2.08st: [xxxxxxx] clamdscan: corrupt or unknown clamd scanner error or memory/resource/perms problem – exit status 512/2

  29. Thanks for this, just used this process after attempting it myself with only partial success. I ended up with qmail running the old psa-spamassassin process which was causing all sorts of errors in the log even though it seemed to be still successfully rejecting spam.

    Following this process I’ve now got spamassassin running completely independently of Plesk, which is what I needed not having the full Plesk licence.

  30. Thanks for this, just used this process after attempting it myself with only partial success. I ended up with qmail running the old psa-spamassassin process which was causing all sorts of errors in the log even though it seemed to be still successfully rejecting spam.

    Following this process I’ve now got spamassassin running completely independently of Plesk, which is what I needed not having the full Plesk licence.

  31. Thanks for this, just used this process after attempting it myself with only partial success. I ended up with qmail running the old psa-spamassassin process which was causing all sorts of errors in the log even though it seemed to be still successfully rejecting spam.

    Following this process I’ve now got spamassassin running completely independently of Plesk, which is what I needed not having the full Plesk licence.

Trackbacks/Pingbacks

  1. Email archive, Google style! | NetWebLogic - [...] NetWebLogic Anything Web « Installing qmail-scanner on linux / plesk [...]
  2. How to Set Up a Backup MX Mail Server on PLESK | NetWebLogic - [...] This is optional, but recommended. Make sure your backup server is using a decent spam detection, because it’s commonplace …