This doc is rather old now, so check for newer versions here

# Maia Mailguard 1.0.3 installation on RHEL5 or CentOS 5 - kind of a quick and dirty HOWTO
# If you prefer to use CentOS 6, see http://www200.pair.com/mecham/spam/centos6-maia.html
# Absolutely no warranty, use entirely at your own risk
# Absolutely no support - however - let me know if something is very wrong
# mr88talent at yahoo dot com
# 20 FEB 2011
# If this document has been forged the downloads could destroy the entire planet
# Experience with Linux and Postfix is assumed
#
# Document assumes you are using copy and paste, if not then on some lines
# with 'sed' commands it would probably be easier to simply edit the file.
#
# The base directory is /var/amavisd so I don't have to edit a
# bunch of maia scripts. I do not install amavisd-new at all
# I also do not install clamav/clamd from an rpm

# Document assumes a fresh RHEL5 or CentOS 5 install with at least 'Editors' and 'Base'
# I do not install a GUI (like Gnome) and I use the PuTTY ssh client to access the command line
# For this test system, during installation, I chose to Customizre now and unchecked everything
# except 'Editors' and 'Base'.
# Use your favorite editor if you don't want to use vim
# A few commands in this document will wrap - be sure you place the entire command on one line

# This document does not cover a lot things like configuring the firewall (system-config-securitylevel-tui)
# or disabling unnecessary daemons. It's focus is getting you to the point
# you can log on to Maia
# This document is not a tutorial for any of the programs listed here

# You can edit this document to customize it. The host name I use is 'ahost'
# The domain name I used is 'example.com' and the administrator's email name is 'adminguy'
# Root's MySQL password is 'roots_password'
# Save this file, then do a search and replace on those four items. Only replace them once.

# This is a note to myself to register the machine. CentOS 5 will not use this.
rhn_register

# Optional (this is not a Red Hat tutorial - heck, I use Debian myself)
yum update

# I want to prevent 3rd party repositories from preferring themselves over Red Hat
yum install yum-protectbase

# For CentOS, Please read http://wiki.centos.org/PackageManagement/Yum/ProtectBase
# I don't think RHEL5 works the same way with yum-protectbase. I have not had good luck figuring this out
# but the Dag rpmforge repo we will add later is generally considered safe.

# a mail server should keep accurate time. If using a firewall, you will want to allow port 123 UDP in.
yum -y install ntp

ntpdate clock.fmt.he.net
ntpdate ntp1.tummy.com
chkconfig --level 235 ntpd on
hwclock --systohc
service ntpd start

# add the amavis user
adduser -r -d /var/amavisd -c "amavis user" -s /bin/sh amavis

# add yourself (as the maia administrator)
adduser adminguy
passwd adminguy

vi /etc/hosts
# in the /etc/hosts file I hate the way Red Hat does it.
# I do it more like this, adding the actual IP and moving our host name there
# (this assumes you are using a static IP address):
127.0.0.1			localhost.localdomain localhost
192.168.1.222		ahost.example.com ahost
# In this test setup, I don't have DNS MX records set up but I want to be able to
# locally send test mail to adminguy@example.com, so I am going to temporarily add
# the domain to the interface:
127.0.0.1			localhost.localdomain localhost
192.168.1.222		ahost.example.com ahost example.com
# If you currently have SELinux enforced, set it to permissive (or even disabled)
sed -i 's/SELINUX=enforcing/SELINUX=permissive/' /etc/selinux/config
cat /etc/selinux/config


# make sure SELINUX is not enforcing, then reboot:
reboot

# make the home directories for Maia
mkdir /var/virusmails
chown amavis:amavis /var/virusmails
mkdir /var/amavisd
mkdir /var/amavisd/db
mkdir /var/amavisd/var
mkdir /var/amavisd/tmp
mkdir /var/amavisd/maia
mkdir /var/amavisd/maia/scripts
chown -R amavis:amavis /var/amavisd
chmod -R 750 /var/amavisd

# Install the junk we need
yum -y install mysql mysql-server perl-DBD-MySQL perl-DBI subversion patch db4 db4-devel db4-utils
yum -y install perl-HTML-Parser perl-Compress-Zlib php php-pear php-mysql perl-libwww-perl curl

yum -y install perl-Digest-HMAC perl-Digest-SHA1 perl-Net-DNS perl-Net-IP perl-URI rsync mlocate
yum -y install perl-Archive-Zip perl-Archive-Tar perl-Digest-SHA1 perl-Digest-HMAC perl-Net-DNS perl-URI

yum -y install php-gd pax cpio tmpwatch bzip2 php-xml php-imap php-ldap php-pgsql php-mbstring
yum -y install binutils gzip spamassassin php-bcmath gcc bison zlib zlib-devel gmp-devel perl-LDAP

# It wouldn't hurt to run those installs again to make sure we got them all. Also install Pyzor:
cd /usr/local/src
wget ftp://ftp.pbone.net/mirror/download.fedora.redhat.com/pub/fedora/epel/5/x86_64/pyzor-0.4.0-11.el5.noarch.rpm
rpm -ivh pyzor-0.4.0-11.el5.noarch.rpm

# We are going to add Dag Wieers rpmforge repositores in order to get stuff we can't get from Red Hat:
# If you are using a 32-bit .i386 version of RHEL5/CentOS5:
rpm -Uhv http://apt.sw.be/redhat/el5/en/i386/rpmforge/RPMS/rpmforge-release-0.5.2-2.el5.rf.i386.rpm
# If you are using a 64-bit .x86_64 version of RHEL5/CentOS5:
rpm -Uhv http://apt.sw.be/redhat/el5/en/x86_64/rpmforge/RPMS//rpmforge-release-0.5.2-2.el5.rf.x86_64.rpm

# Now install addtional packages from Dag:
yum -y install perl-BerkeleyDB perl-Convert-TNEF perl-Convert-UUlib perl-Data-UUID perl-Mail-DKIM perl-MailTools
yum -y install perl-MIME-tools perl-MailTools perl-MIME-tools perl-Net-Server perl-Template-Toolkit perl-Unix-Syslog

yum -y install perl-Text-CSV nomarch cabextract lha lzop freeze re2c perl-Net-CIDR-Lite
yum -y install perl-Mail-DomainKeys perl-Mail-SPF-Query perl-Sys-Hostname-Long perl-IP-Country perl-IO-stringy

# Read the note before you run 'svn checkout'
mkdir /usr/local/src/maia
cd /usr/local/src/maia
svn -r 1518 checkout https://www.maiamailguard.com/svn/branches/1.0

# answer (p)ermanently?
# Due to major changes made after SVN 1518, the newest stable build I can recommend is 1518
# please make a note of the SVN revision that you get
# if you need to download again, first move or remove /usr/local/src/maia then start over

# If you picked a version less than 1184, you need to apply a security patch:
cd 1.0/php
cp xlogin.php xlogin.php~
cp login.php login.php~
cp internal-init.php internal-init.php~
wget http://www200.pair.com/mecham/spam/maiasecuritypatch1184.txt
patch -p0 < maiasecuritypatch1184.txt


# If the patch was applied successfully:
rm -f xlogin.php~
rm -f login.php~
rm -f internal-init.php~

# I don't use sendmail, I am assuming you will use Postfix as I do
yum -y install postfix cyrus-sasl
rpm -e sendmail
alternatives --config mta
# then select /usr/sbin/sendmail.postfix if needed

# For some reason, razor-agent executables are not included with the perl-Razor-Agent rpm
# so I will install from source
cd /usr/local/src
wget http://prdownloads.sourceforge.net/razor/razor-agents-2.84.tar.bz2
tar xjf razor-agents-2.84.tar.bz2
cd razor-agents-2.84
perl Makefile.PL && make && make install

# set up pyzor and razor
su amavis -c 'pyzor discover'
su amavis -c 'razor-admin -create'
su amavis -c 'razor-admin -create'
su amavis -c 'razor-admin -register'

# (may have to run that last one twice - if it gives an error the first time>
# test pyzor (a few times if needed)
su amavis -c 'pyzor ping'

# disable razor logging (debuglevel = 0)
sed -i 's/= 3/= 0/' /var/amavisd/.razor/razor-agent.conf
cat /var/amavisd/.razor/razor-agent.conf

# create initial bayes database
su amavis -c 'sa-learn --sync'
ls -l /var/amavisd/.spamassassin/

######################
# install DCC
cd /usr/local/src
wget http://www.dcc-servers.net/dcc/source/dcc-dccproc.tar.Z
tar xzf dcc-dccproc.tar.Z

# adjust for current version:
cd dcc-dccproc-1.3.138
./configure --with-uid=amavis && make && make install

chown -R amavis:amavis /var/dcc
ln -s /var/dcc/libexec/cron-dccd /usr/bin/cron-dccd

crontab -e
# and insert (at the top):
43 11 * * * /usr/bin/cron-dccd
######################

# enable DCC in v310.pre (if you abide by the license)
# we also enable the AWL plugin (but personally I turn it off).
cp /etc/mail/spamassassin/v310.pre /etc/mail/spamassassin/v310.pre-mybackup
sed -i 's|#loadplugin Mail::SpamAssassin::Plugin::DCC|loadplugin Mail::SpamAssassin::Plugin::DCC|' /etc/mail/spamassassin/v310.pre
sed -i 's|#loadplugin Mail::SpamAssassin::Plugin::AWL|loadplugin Mail::SpamAssassin::Plugin::AWL|' /etc/mail/spamassassin/v310.pre
head -30 /etc/mail/spamassassin/v310.pre

# test - look for pyzor, razor, dcc
wget http://www200.pair.com/mecham/spam/sample-spam.txt
su amavis -c 'spamassassin -D <sample-spam.txt'

# Install needed pear modules
cd
pear channel-update pear.php.net

pear install DB-1.7.13
pear install Pager-2.4.8
pear install Mail_Mime-1.4.0
pear install Log-1.12.0

pear install Image_Color-1.0.3
pear install Image_Canvas-0.3.1
pear install Image_Graph-0.7.2
pear install Numbers_Roman-0.2.0
pear install Numbers_Words-0.16.1

pear install Net_Socket-1.0.9
pear install Net_SMTP-1.4.1
pear install Auth_SASL-1.0.4
pear install Net_IMAP-1.1.0
pear install Net_POP3-1.3.7

pear channel-discover htmlpurifier.org

pear install hp/HTMLPurifier


# May want to run those again to make sure you got them all
# There is a bug in Pie.php provided with Image_Graph-0.7.2. If you have installed this version
# of Image_Graph, install a patch to fix the bug:
cd /usr/share/pear/Image/Graph/Plot/
wget http://www200.pair.com/mecham/spam/Pie.php.patch.txt
patch Pie.php <Pie.php.patch.txt

# Copy some Maia files to the home directory
cd /var/amavisd/maia/scripts
cp /usr/local/src/maia/1.0/scripts/* .
cp /etc/maia.conf /etc/maia.conf-backup
cp /usr/local/src/maia/1.0/maia.conf.dist /etc/maia.conf
cp -r /usr/local/src/maia/1.0/templates /var/amavisd/maia/templates
chown -R amavis:amavis /var/amavisd
chmod -R 750 /var/amavisd
chmod 640 /var/amavisd/maia/templates/*.tpl

# Copy some custom spamassassin rules
cp /usr/local/src/maia/1.0/*.cf /etc/mail/spamassassin

vi /etc/maia.conf

# and edit the base_url - I use /mail - and this document assumes you will too
$base_url = "http://ahost.example.com/mail/";

# you will probably need to make an entry in the hosts file on any computer
# that you are going to use to browse the server unless a DNS record exists.

# See http://www.mysqlperformanceblog.com/2006/09/29/what-to-tune-in-mysql-server-after-installation/
# Out of the box, MySQL is poorly tuned for use with InnoDB. Assuming this is a
# fresh installation (with the default of innodb_fast_shutdown = 1), I am going to
# suggest some optimization. I set innodb_buffer_pool_size to 25% of physical RAM
# and innodb_log_file_size to 25% of innodb_buffer_pool_size. I set innodb_log_buffer_size
# to 8MB. Setting innodb_buffer_pool_size to at least 128M (assuming you have sufficient RAM)
# will greatly increase performance. When innodb_log_file_size is changed, the logs must be
# deleted and recreated. Make sure MySQL is not running when you do this.

service mysqld stop
vi /etc/my.cnf


# Under the [mysqld] section, add these entries:
innodb_buffer_pool_size = 128M
innodb_additional_mem_pool_size = 4M
innodb_log_file_size = 32M
innodb_log_buffer_size = 8M
max_allowed_packet = 20M


# Then rename the log files so they be recreated at a larger size.
# See http://dev.mysql.com/doc/refman/5.0/en/innodb-data-log-reconfiguration.html :
mv /var/lib/mysql/ib_logfile0 /var/lib/mysql/iblogfile0-old
mv /var/lib/mysql/ib_logfile1 /var/lib/mysql/iblogfile1-old

chkconfig --level 235 mysqld on
service mysqld start

# If you have not yet added a password:
# (substitute a real password for roots_password and notice the host name)
mysql

SET PASSWORD FOR 'root'@'localhost' = PASSWORD('roots_password');
SET PASSWORD FOR 'root'@'ahost.example.com' = PASSWORD('roots_password');

# literally use the password of 'passwd' here
CREATE DATABASE maia;
USE maia;
SOURCE /usr/local/src/maia/1.0/maia-mysql.sql;
GRANT CREATE, DROP, ALTER, SELECT, INSERT, UPDATE, DELETE ON maia.* TO amavis@localhost IDENTIFIED BY 'passwd';
FLUSH PRIVILEGES;

quit

# We are going to alter the database. Some changes are for SA 3.3.0, and some are so we can keep
# awl and bayes_seen clean (otherwise they grow forever). Supply root's password when prompted.
cd
wget http://www200.pair.com/mecham/spam/330_and_gary.sql
mysql -u root -p maia --force < 330_and_gary.sql


# Now grab a script that runs weekly that does the cleaning
cd /etc
wget http://www200.pair.com/mecham/spam/trim.awl.sql
cd /etc/cron.weekly
wget http://www200.pair.com/mecham/maia/trim-sql-awl-weekly
chmod +x trim-sql-awl-weekly
cd /usr/sbin
wget http://www200.pair.com/mecham/maia/trim-awl
chmod 0750 trim-awl

# We need to set the amavis sql password in /usr/sbin/trim-awl
sed -i 's/PASSWD/passwd/' /usr/sbin/trim-awl

# Then run the script (no news is probably good news):
/etc/cron.weekly/trim-sql-awl-weekly

# You don't have to have every possible program, but make sure nothing is broken here:
cd /var/amavisd/maia/scripts/
./configtest.pl

# setup and run sa-update to get the latest spamassassin rules (make sure there are no error messages here)
# you should run sa-update on occasion (and then run a Maia 'load-sa-rules.pl' script to load them into Maia)
sa-update
sa-update


# Make sure we lint Ok
su amavis -c 'spamassassin --lint'

# Load SpamAssassin rules into the Maia database:
cd /var/amavisd/maia/scripts
./load-sa-rules.pl

# Copy files to apache
mkdir /var/www/html/mail
cp -r /usr/local/src/maia/1.0/php/* /var/www/html/mail
cp /var/www/html/mail/config.php.dist /var/www/html/mail/config.php
chgrp amavis /var/www/html/mail/themes/*/compiled
chmod 775 /var/www/html/mail/themes/*/compiled

# Add apache to the amavis group
gpasswd -a apache amavis

# Install and configure Smarty;
cd /usr/local/src
wget ftp://fr2.rpmfind.net/linux/epel/5/i386/php-Smarty-2.6.26-1.el5.noarch.rpm

rpm -ivh php-Smarty-2.6.26-1.el5.noarch.rpm
ln -s /usr/share/php/Smarty /var/www/html/mail/libs/Smarty

# Create a cache directory for HTMLPurifier
mkdir -p /var/cache/HTMLPurifier
chown apache /var/cache/HTMLPurifier
chmod o-rwx /var/cache/HTMLPurifier

# Configure maia so it can find the HTMLPurifier cache
sed -i 's|$purifier_cache = null|$purifier_cache = "/var/cache/HTMLPurifier"|' /var/www/html/mail/config.php
grep purifier_cache /var/www/html/mail/config.php

# (start or restart)
chkconfig --level 235 httpd on
service httpd start

# You may have to configure the firewall to allow HTTP, HTTPS and SMTP connections if you have not already done so:
system-config-securitylevel-tui

# (from a client) test out the install:
http://ahost.example.com/mail/admin/configtest.php
# remember to restart httpd if you make changes - service httpd restart. Don't worry about the Image_Graph message
# and don't worry about the MCrypt library Failure either. It's a bad idea to encrypt quarantined messages.

# You should ensure the database schema is up to date:
http://ahost.example.com/mail/admin/upgrade.php


# grab an init script from me
cd /etc/init.d
wget http://www200.pair.com/mecham/redhat/amavisd_init.sh
mv amavisd_init.sh amavis
chmod +x amavis
chkconfig --add amavis

# copy amavisd into place, make backups of current ones if you have them
test -e /usr/local/sbin/amavisd && cp /usr/local/sbin/amavisd /usr/local/sbin/amavisd-mybackup
test -e /usr/sbin/amavisd && cp /usr/sbin/amavisd /usr/sbin/amavisd-mybackup
cp /usr/local/src/maia/1.0/amavisd-maia /usr/sbin/amavisd
hash -r

# May need a small fix to prevent SpamAssassin 3.3.0 from crashing
sed -i 's/$spamassassin_obj->{bayes_scanner/#$spamassassin_obj->{bayes_scanner/' /usr/sbin/amavisd

# Customize amavisd.conf - or at least use many of these settings in yours
# also get the 2.2.1 amavisd.conf-sample
cd /etc
test -e amavisd.conf && cp amavisd.conf amavisd.conf-myoriginal

wget http://www200.pair.com/mecham/spam/2.2.1/amavisd.conf-sample
cp /usr/local/src/maia/1.0/amavisd.conf.dist /etc/amavisd.conf

sed -i 's/yourdomain.tld/example.com/' /etc/amavisd.conf
sed -i 's/DO_SYSLOG = 0/DO_SYSLOG = 1/' /etc/amavisd.conf
sed -i 's/password/passwd/' /etc/amavisd.conf
sed -i 's/virusalert/postmaster/' /etc/amavisd.conf
sed -i 's/spam.police/postmaster/' /etc/amavisd.conf
sed -i 's/host.domain.tld/ahost.example.com/' /etc/amavisd.conf
sed -i "s/# qr'\^MAIL/ qr'\^MAIL/" /etc/amavisd.conf
sed -i 's|/var/amavisd/clamd.sock|/var/run/clamav/clamd.sock|' /etc/amavisd.conf

# edit amavisd.conf and set at least $mydomain
# include all your domains in @local_domains_maps. e.g.:
# @local_domains_maps = ( [".$mydomain", '.example.com', '.example.org'] );
# Make a comment noting your revision number, e.g.: # SVN revision 1504
# I change $DO_SYSLOG = 1; so amavisd logs to /var/log/maillog
# insure:
# @lookup_sql_dsn = ( ['DBI:mysql:maia:localhost', 'amavis', 'passwd'] );
vi /etc/amavisd.conf

######################
# clamd
adduser -r -d /var/lib/clamav -c "clamav user" -s /sbin/nologin clamav

gpasswd -a clamav amavis

# install clamav from source
cd /usr/local/src

# Download location and version are examples only (but valid when I wrote this), always use latest version of ClamAV
# see http://sourceforge.net/project/showfiles.php?group_id=86638
wget http://cdnetworks-us-1.dl.sourceforge.net/project/clamav/clamav/0.97/clamav-0.97.tar.gz

tar xzf clamav-0.97.tar.gz
cd clamav-0.97
./configure && make && make install

# Grab an init script for clamd
cd /etc/init.d
wget http://www200.pair.com/mecham/clamav95/clamd.init.txt
mv clamd.init.txt clamd
chmod +x clamd
chkconfig --add clamd

# Make directories clamd will need
mkdir /var/log/clamav/
chown -R clamav:clamav /var/log/clamav/
mkdir /var/run/clamav/
chown -R clamav:clamav /var/run/clamav/
mkdir /var/lib/clamav/
chown -R clamav:clamav /var/lib/clamav/

# cheat and use my conf files for this particular setup (if you want this stuff to work):
cd /usr/local/etc/
mv clamd.conf clamd.conf.old
mv freshclam.conf freshclam.conf.old
wget http://www200.pair.com/mecham/clamav9/clamd.conf
wget http://www200.pair.com/mecham/clamav9/freshclam.conf

freshclam

# It's OK that you got "WARNING: Clamd was NOT notified:" because we have not started clamd.
# So, start clamd:
service clamd start

# check for errors:
cat /var/log/clamav/clamav.log

#########
# For freshclam updates you can either use this script:
cd /etc/init.d
wget http://www200.pair.com/mecham/redhat/freshclam
chmod +x freshclam
chkconfig --add freshclam
service freshclam start

# (or) make a crontab entry:
crontab -e

# and make the following entry.
# change NN here to a number between 1 and 59 (three minutes from now)
NN * * * * /usr/local/bin/freshclam --quiet

#########

# keep an eye on the freshclam.log to make sure updates are happening
# if there is no freshclam.log we are in trouble
cat /var/log/clamav/freshclam.log

######################

# We are going to use Bill Landry's script (version 3.7) that downloads clamav unofficial signatures (like sanesecurity)
# http://sourceforge.net/projects/unofficial-sigs/"
cd /usr/local/src
wget http://www200.pair.com/mecham/spam/clamav-unofficial-sigs-3.7.tar.gz
tar xzf clamav-unofficial-sigs-3.7.tar.gz
cd clamav-unofficial-sigs-3.7
cp -u clamav-unofficial-sigs-logrotate /etc/logrotate.d/
cp -u clamav-unofficial-sigs.sh /usr/sbin
cp -u clamd-status.sh /usr/sbin
cp -u clamav-unofficial-sigs.conf /etc
gzip clamav-unofficial-sigs.8
cp -u clamav-unofficial-sigs.8.gz /usr/share/man/man8

sed -i 's|user_configuration_complete="no"|user_configuration_complete="yes"|' /usr/sbin/clamd-status.sh
sed -i 's|clamd_pid="/var/run/clamd.pid"|clamd_pid="/var/run/clamav/clamd.pid"|' /etc/clamav-unofficial-sigs.conf
sed -i 's|reload_dbs="no"|reload_dbs="yes"|' /etc/clamav-unofficial-sigs.conf
sed -i 's|#clamd_socket="/var/run/clamd.socket"|clamd_socket="/var/run/clamav/clamd.sock"|' /etc/clamav-unofficial-sigs.conf
sed -i 's|#clamd_lock="/var/lock/subsys/clamd"|clamd_lock="/var/lock/subsys/clamd"|' /etc/clamav-unofficial-sigs.conf
sed -i 's|#start_clamd="service clamd start"|start_clamd="service clamd start"|' /etc/clamav-unofficial-sigs.conf
sed -i 's|min_sleep_time="60"|min_sleep_time="3"|' /etc/clamav-unofficial-sigs.conf
sed -i 's|max_sleep_time="600"|max_sleep_time="30"|' /etc/clamav-unofficial-sigs.conf
sed -i 's|work_dir="/usr/unofficial-dbs"|work_dir="/var/lib/clamav-unofficial-sigs"|' /etc/clamav-unofficial-sigs.conf
sed -i 's|curl_silence="no"|curl_silence="yes"|' /etc/clamav-unofficial-sigs.conf
sed -i 's|rsync_silence="no"|rsync_silence="yes"|' /etc/clamav-unofficial-sigs.conf
sed -i 's|gpg_silence="no"|gpg_silence="yes"|' /etc/clamav-unofficial-sigs.conf
sed -i 's|comment_silence="no"|comment_silence="yes"|' /etc/clamav-unofficial-sigs.conf
sed -i 's|enable_logging="no"|enable_logging="yes"|' /etc/clamav-unofficial-sigs.conf
sed -i 's|user_configuration_complete="no"|user_configuration_complete="yes"|' /etc/clamav-unofficial-sigs.conf

# Now run the sripts and check for errors:
clamd-status.sh

clamav-unofficial-sigs.sh

service clamd restart


ls -l /var/lib/clamav should look similar to this:
-rw-r--r-- 1 clamav clamav   104690 Feb 27 04:37 bytecode.cvd
-rw-r--r-- 1 clamav clamav  1438230 Feb 27 04:37 daily.cvd
-rw-r--r-- 1 clamav clamav    52824 Feb 27 04:40 honeynet.hdb
-rw-r--r-- 1 clamav clamav  5041859 Feb 25 04:51 junk.ndb
-rw-r--r-- 1 clamav clamav   501212 Feb 27 03:50 jurlbl.ndb
-rw-r--r-- 1 clamav clamav 26224310 Feb 27 04:37 main.cvd
-rw-r--r-- 1 clamav clamav   213539 Feb 27 04:40 mbl.ndb
-rw-r--r-- 1 clamav clamav       52 Feb 27 04:38 mirrors.dat
-rw-r--r-- 1 clamav clamav  2557590 Feb 25 04:51 phish.ndb
-rw-r--r-- 1 clamav clamav   117050 Feb 24 11:50 rogue.hdb
-rw-r--r-- 1 clamav clamav     8502 Jan 21 01:50 sanesecurity.ftm
-rw-r--r-- 1 clamav clamav  1753797 Feb 25 03:49 scam.ndb
-rw-r--r-- 1 clamav clamav  9669520 Feb 27 04:40 securiteinfo.hdb
-rw-r--r-- 1 clamav clamav    56529 Feb 24 03:51 spamimg.hdb
-rw-r--r-- 1 clamav clamav   724108 Feb 27 04:40 vx.hdb
-rw-r--r-- 1 clamav clamav  1144084 Feb 27 03:45 winnow_malware.hdb
-rw-r--r-- 1 clamav clamav   707283 Feb 27 03:45 winnow_malware_links.ndb
# You should stop clamd, and then run the clamd-status.sh script to see if it works.
# Now we add a crontab entry with download attempts performed every 6th hour:
crontab -e

# Insert these two entries. Replace MM (minutes) below with a number between 1 and 59:
MM */6 * * * /usr/sbin/clamav-unofficial-sigs.sh
*/6 * * * * /usr/sbin/clamd-status.sh


# Save and exit the file. The first cron job should run every 6 hours, and the second, every 6 minutes.
# The clamav-status.sh script will restart clamd after a crash.
# There is a log file at /var/log/clamav-unofficial-sigs.log and you can read the man page at 'man clamav-unofficial-sigs'.

# Start amavisd in debug mode and check for severe errors. "INFO: no optional modules:" is not a problem, Use [Ctrl]+c to cancel:
# Note that there will be modules we are not using. This is not a problem either. Hopefully you get: "Net::Server: Parent ready for children."
service amavis stop
amavisd debug

# If everything looks Ok, cancel debug mode (Ctrl+C) and start amavisd-maia
service amavis start

######################
# Minimal Postfix configuration:- you are on your own here, this is not a Postfix HOWTO
# this delivers locally to one domain (using mbox format)
# If you already have a working Postfix, keep your eyes open here #
# If you are relaying mail instead of storing it locally, you may wish to read my Debian document
# http://www200.pair.com/mecham/spam/spamfilter20090215.html#maincf
# Also, you would not want to have the bare domain in the hosts file, which I placed there for this test.
# This first part enables the content_filter and adds the smtp-amavis transport to master.cf:
cd /etc/postfix
cp main.cf main.cf-myoriginal
postconf -e "content_filter = smtp-amavis:[127.0.0.1]:10024"
wget http://www200.pair.com/mecham/spam/amavisd-master.txt
cp master.cf master.cf-backup
cp master.cf master.cf-myoriginal
grep 'smtp-amavis' master.cf || cat master.cf-myoriginal amavisd-master.txt > master.cf
cat master.cf

# If you already have a working Postfix, you will not want to run these
postconf -e "alias_maps = hash:/etc/aliases"
newaliases
postconf -e "myorigin = example.com"
postconf -e "mydomain = example.com"
postconf -e "myhostname = ahost.example.com"
postconf -e "inet_interfaces = all"
postconf -e "mynetworks = 127.0.0.0/8, 192.168.0.0/16, 10.0.0.0/8, 172.16.0.0/12"
chkconfig postfix on

# system dependent, default is $myhostname, localhost.$mydomain, localhost
# this is for local mail delivery
# If you already have a working Postfix, you will not want to run this
postconf -e "mydestination = \$myhostname, localhost.\$mydomain, localhost, \$mydomain"

# note that we escaped the $ sign when using postconf - the backslash does not actually go in main.cf
service postfix stop
service postfix start
postfix flush

# did Postfix die? Is so, why?:
tail -30 /var/log/maillog | grep postfix

######################
reboot

# When the system comes back up, make sure clamd and amavis (and freshclam?) are running
ps aux | egrep '(clam|amavis)' | grep -v grep

# send a simple test message
echo "test" | sendmail adminguy@example.com

# the result should be in:
tail -30 /var/spool/mail/adminguy

# I got (notice the processing by amavisd):
######################
From root@example.com  Fri Feb 19 18:08:12 2010
Return-Path: <root@example.com>
X-Original-To: adminguy@example.com
Delivered-To: adminguy@example.com
Received: from localhost (localhost [127.0.0.1])
        by ahost.example.com (Postfix) with ESMTP id BBEF91D72
        for <adminguy@example.com>; Fri, 19 Feb 2010 18:08:11 -0700 (MST)
Received: from ahost.example.com ([127.0.0.1])
 by localhost (ahost.example.com [127.0.0.1]) (amavisd-maia, port 10024)
 with ESMTP id 01671-01 for <adminguy@example.com>;
 Fri, 19 Feb 2010 18:08:11 -0700 (MST)
Received: by ahost.example.com (Postfix, from userid 0)
        id 36FC11D70; Fri, 19 Feb 2010 18:08:11 -0700 (MST)
Message-Id: <20100220010811.36FC11D70@ahost.example.com>
Date: Fri, 19 Feb 2010 18:08:11 -0700 (MST)
From: root@example.com (root)
To: undisclosed-recipients:;

test
# If you look in  /var/log/httpd/error_log  you may or may not see a number of errors like this:
[Sat Feb 20 16:56:44 2010] [error] [client 192.168.1.41] PHP Warning:
strftime(): It is not safe to rely on the system's timezone settings.
You are *required* to use the date.timezone setting or the
date_default_timezone_set() function. In case you used any of those
methods and you are still getting this warning, you most likely
misspelled the timezone identifier. We selected 'America/Denver' for
'MST/-7.0/no DST' instead in
/usr/share/php/Smarty/plugins/modifier.date_format.php on line 53,
referer: http://ahost.example.com/mail/settings.php?


# So, you want to vi /etc/php.ini and uncomment and configure the date.timezone setting.
# Here is page to refer to as to the wording of the time zones: http://us.php.net/manual/en/timezones.php

# You may also get errors suh as: PHP Notice: Use of undefined constant PEAR_LOG_DEBUG - assumed
'PEAR_LOG_DEBUG' in /var/www/html/mail/config.php on line 79
# then I suggest changing error_reporting = E_ALL to error_reporting = E_ALL & ~E_NOTICE
# Then restart apache2:
service httpd restart

######################

# Note that the administrator you create here (by running internal-init.php and login.php?super=register) must be your real
# address because you will get an email at that address with your password. I hope the mail system is functioning enough
# to actually deliver mail to that user.
# I am going to use internal authentication, so first:
# here is a sample of what we are after next:
http://www200.pair.com/mecham/spam/authentication4.htm

http://ahost.example.com/mail/internal-init.php

# If all goes well, you will get a "250 Ok" response on the screen when you submit this page
# and your password in a message in your inbox:
tail -30 /var/spool/mail/adminguy

# Then log in with your email address and password
# The first person to log in (hopefully you) to this script will be the super user.
http://ahost.example.com/mail/login.php?super=register

# You will want to change your password.
# Send eicar.com.txt virus as an attachment in order to test clamd once
# you have enabled virus scanning in Maia.
#
# The SQL based Bayes and AWL tables have been created for you.
# You can enable them by placing this in /etc/mail/spamassassin/local.cf:
vi /etc/mail/spamassassin/local.cf
bayes_store_module              Mail::SpamAssassin::BayesStore::MySQL
bayes_sql_dsn                   DBI:mysql:maia:localhost
bayes_sql_username              amavis
bayes_sql_password              passwd

bayes_sql_override_username         amavis

auto_whitelist_factory          Mail::SpamAssassin::SQLBasedAddrList
user_awl_dsn                    DBI:mysql:maia:localhost
user_awl_sql_username           amavis
user_awl_sql_password           passwd
# You will need to reload amavisd - amavisd reload - after making that change. We also need to initialize
# the Bayes Database (and we always want to lint SA after making changes):
cd
su amavis -c 'spamassassin --lint'

wget http://spamassassin.apache.org/gtube/gtube.txt
sa-learn --spam gtube.txt
sa-learn --dump magic

http://ahost.example.com/mail

# This is just the beginning.
# Please read the Maia documentation to continue. Make sure you set up
# maintenance scripts and move the admin directory out of http
# http://www.maiamailguard.com/maia/wiki/MaintenanceScripts
# Note: in System Configuration, please provide the full pathname to "E-mail reminder template file:"
# /var/amavisd/maia/templates/reminder.tpl

######################
# I would test again with 'amavisd debug'. Now, read the documentation:
http://www.maiamailguard.com/docs.php

Here is a sample of what root's crontab may look like for tha Maia scripts:
# Minute   Hour   Day of Month       Month          Day of Week        Command    
# (0-59)  (0-23)     (1-31)    (1-12 or Jan-Dec)  (0-6 or Sun-Sat)
30 * * * * /bin/su amavis -c '/var/amavisd/maia/scripts/process-quarantine.pl --learn --report --quiet'
10 1 * * * /bin/su amavis -c '/var/amavisd/maia/scripts/expire-quarantine-cache.pl --quiet'
10 2 * * 3 /bin/su amavis -c '/var/amavisd/maia/scripts/send-quarantine-reminders.pl'
*/5 * * * * /bin/su amavis -c '/var/amavisd/maia/scripts/send-quarantine-digests.pl'
0 * * * * /bin/su amavis -c '/var/amavisd/maia/scripts/stats-snapshot.pl' >/null