Install mailscanner 5.0.3 CentOS 7 with postfix in chroot
Lets look at setting up current version of mailscanner with postfix running in chrooted environment.
Lets first setup hostname
hostnamectl set-hostname mygateway.local
We also will need open firewall ports
firewall-cmd --zone=public --add-port=25/tcp --permanent firewall-cmd --zone=public --add-port=2703/tcp --permanent firewall-cmd --zone=public --add-port=7/tcp --permanent firewall-cmd --zone=public --add-port=49100/tcp --permanent firewall-cmd --zone=public --add-port=6277/udp --permanent firewall-cmd --zone=public --add-port=24441/udp --permanent firewall-cmd --reload
Edit postfix file /etc/postfix/main.cf
This is just working example and your may look different
queue_directory = /var/spool/postfix command_directory = /usr/sbin daemon_directory = /usr/libexec/postfix data_directory = /var/lib/postfix mail_owner = postfix inet_interfaces = all inet_protocols = all mydestination = $myhostname, localhost.$mydomain, localhost unknown_local_recipient_reject_code = 550 mynetworks = 192.168.0.0/24, 192.168.2.2 ######################################## # RELAY DOMAINS # ######################################## relay_domains = aaa.com,bbb.com,ccc.com debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5 sendmail_path = /usr/sbin/sendmail.postfix newaliases_path = /usr/bin/newaliases.postfix mailq_path = /usr/bin/mailq.postfix setgid_group = postdrop manpage_directory = /usr/share/man sample_directory = /usr/share/doc/postfix-2.10.1/samples message_size_limit = 40960000 readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES transport_maps = hash:/etc/postfix/transport
Edit transport file
website1.com smtp:[gateway1] website2.com smtp:[gateway2]
Edit /etc/postfix/master.cf to enable postfix to run chrooted
Change chroot to y
# ========================================================================== # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (yes) (never) (100) # ========================================================================== smtp inet n - y - - smtpd #smtp inet n - n - 1 postscreen #smtpd pass - - n - - smtpd
Execute the following script by copying in in a file and making sure its execitable
copy below to file /usr/local/bin/postfixCHroot.sh
#! /bin/sh # LINUX2 - shell script to set up a Postfix chroot jail for Linux # Tested on SuSE Linux 5.3 (libc5) and 7.0 (glibc2.1): # Other testers reported as working: # # 2001-01-15 Debian sid (unstable) # Christian Kurz # Copyright (c) 2000 - 2001 by Matthias Andree # Redistributable unter the MIT-style license that follows: # Abstract: "do whatever you want except hold somebody liable or change # the copyright information". # Permission is hereby granted, free of charge, to any person obtaining a copy # of this software and associated documentation files (the "Software"), to # deal in the Software without restriction, including without limitation the # rights to use, copy, modify, merge, publish, distribute, sublicense, and/or # sell copies of the Software, and to permit persons to whom the Software is # furnished to do so, subject to the following conditions: # # The above copyright notice and this permission notice shall be included in # all copies or substantial portions of the Software. # # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE # AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING # FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS # IN THE SOFTWARE. # 2000-09-29 # v0.1: initial release # 2000-12-05 # v0.2: copy libdb.* for libnss_db.so # remove /etc/localtime in case it's a broken symlink # restrict find to maxdepth 1 (faster) # Revision 1.4 2001/01/15 09:36:35 emma # add note it was successfully tested on Debian sid # # 20060101 /lib64 support by Keith Owens. # CP="cp -p" cond_copy() { # find files as per pattern in $1 # if any, copy to directory $2 dir=`dirname "$1"` pat=`basename "$1"` lr=`find "$dir" -maxdepth 1 -name "$pat"` if test ! -d "$2" ; then exit 1 ; fi if test "x$lr" != "x" ; then $CP $1 "$2" ; fi } set -e umask 022 POSTFIX_DIR=${POSTFIX_DIR-/var/spool/postfix} cd ${POSTFIX_DIR} mkdir -p etc lib usr/lib/zoneinfo test -d /lib64 && mkdir -p lib64 # find localtime (SuSE 5.3 does not have /etc/localtime) lt=/etc/localtime if test ! -f $lt ; then lt=/usr/lib/zoneinfo/localtime ; fi if test ! -f $lt ; then lt=/usr/share/zoneinfo/localtime ; fi if test ! -f $lt ; then echo "cannot find localtime" ; exit 1 ; fi rm -f etc/localtime # copy localtime and some other system files into the chroot's etc $CP -f $lt /etc/services /etc/resolv.conf /etc/nsswitch.conf etc $CP -f /etc/host.conf /etc/hosts /etc/passwd etc ln -s -f /etc/localtime usr/lib/zoneinfo # copy required libraries into the chroot cond_copy '/lib/libnss_*.so*' lib cond_copy '/lib/libresolv.so*' lib cond_copy '/lib/libdb.so*' lib if test -d /lib64; then cond_copy '/lib64/libnss_*.so*' lib64 cond_copy '/lib64/libresolv.so*' lib64 cond_copy '/lib64/libdb.so*' lib64 fi postfix reload
Execute the file
chmod +x /usr/local/bin/postfixCHroot.sh /usr/local/bin/./postfixCHroot.sh
Download MailScanner MailScanner-5.0.3-7.rhel.tar.gz
tar -xvzf MailScanner-5.0.3-7.rhel.tar.gz cd MailScanner-5.0.3-7 ./install.sh
Make sure you choose postfix duirng install.
Ones install is done you need to edit /etc/MailScanner/Mailscanner.conf
Run As User = postfix Run As Group = postfix Incoming Queue Dir = /var/spool/postfix/hold Outgoing Queue Dir = /var/spool/postfix/incoming MTA = postfix chown postfix.postfix /var/spool/MailScanner/incoming chown postfix.postfix /var/spool/MailScanner/quarantine
There will be few final steps
mkdir /var/spool/MailScanner/spamassassin chown postfix.postfix /var/spool/MailScanner/spamassassin cd /var/spool chown postfix.postfix /var/spool/MailScanner/incoming chown postfix.postfix /var/spool/MailScanner/quarantine
Edit /etc/MailScanner/defaults and enable mailscanner to run
# Change this to 1 to allow the MailScanner daemon to run. # 0 = off, 1 = on # run_mailscanner=1
In the Postfix configuration file /etc/postfix/main.cf add this line at the end of file
header_checks = regexp:/etc/postfix/header_checks
In the file /etc/postfix/header_checks add this line
This will tell Postfix to move all messages to the HOLD queue
/^Received:/ HOLD
Now finally let start mailscananer
chkconfig mailscanner on systemctl restart mailscanner