This howto was written in order to help users of DirectAdmin install and correctly configure MailScanner with Exim.
It is based on several years experience working with MailScanner and has been used in the installation of production servers running a variety of rpm based linux distributions including:
RedHat 9
Fedora
Centos
WhiteBox
While every effort has been made to make this howto as comprehensive and easy to follow as possible the author welcomes feedback.
Before you start you should install vim.
On most Red Hat Enterprise clones, such as Centos, the following command should work:
yum install vim-enhanced
I would recommend creating a directory such as /home/installstuff or similar for any files / packages related to your MailScanner setup.
The next step is to install SpamAssassin.
There are a number of ways of doing this, however the developer of MailScanner has put together an easy to use package that will install all the required perl Modules for you. It can be downloaded here.
NB: As of SA 3.1 the licensing has changed for some of the plugins. You will need to enable razor etc., in the *.pre files in the /etc/mail/spamassassin directory
Now to install MailScanner.
First download the MailScanner rpm tarball from the website.
There are usually two versions available – stable and beta.
wget location of file
tar -zxvf MailScanner file
cd MailScanner directory
./install.sh
For example, to download and install the current beta version at time of writing the command would be:
wget http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/rpm/MailScanner-4.50.8-1.rpm.tar.gz
tar -zxvf MailScanner-4.50.8-1.rpm.tar.gz
cd MailScanner-4.50.8-1
./install.sh
Relax and have a cup of coffee.
Once the install is finished you can proceed with the setup of MailScanner to work with exim.
You need to change the permissions on the MailScanner spool directory:
chown -R mail.mail /var/spool/MailScanner
MailScanner works by running two processes of the MTA.
One listens for SMTP connections (inbound mail) while the other processes outbound mail.
If you think of it like this:
mail > exim > MailScanner > exim
Mail is passed from one exim process to the other via MailScanner, where all the content checks are conducted.
For this reason you need to have two .conf files for exim. One for each exim process.
Always create backups!
cp /etc/exim.conf /etc/exim.back
Make a copy to handle outbound mail:
cp /etc/exim.conf /etc/exim_send.conf
Edit the exim.conf file:
vim /etc/exim.conf
and add the following lines in the main part of the configuration:
#Added for MailScanner mail queues and logging
spool_directory = /var/spool/exim.in
queue_only = true
queue_only_override = false
log_file_path = /var/spool/exim/msglog/%slog
MailScanner comes with its own startup script, so you can safely get rid of the original one:
#cd /etc/init.d/
cp exim exim.orig;chmod -x exim.orig
rm exim
However, DirectAdmin will check for the exim file, so we create a symlink to fool it:
ln -s MailScanner exim
NB: You may need to do this again if a DirectAdmin update installs a new exim init script
Create the following directories:
mkdir /var/spool/exim.in
mkdir /var/spool/exim.in/input
mkdir /var/spool/exim.in/data
mkdir /var/spool/exim.in/db
then fix the ownership:
chown -R mail.mail /var/spool/exim.in/
Now you need to customise your MailScanner.conf both for your particular server and to let it know that it is running exim:
Open MailScanner.conf in vim as follows:
vim /etc/MailScanner/MailScanner.conf
The file is very well documented. Please read it!
You should edit the following settings:
%org-name% = servername
%org-long-name% = Your Company Name
.
%web-site% = www.yourwebaddress.tld
Now to tell it about your exim configuration.
Find the following lines in MailScanner.conf and edit as indicated:
#Run As User = mail
#Run As User = postfix
Run As User = mail
# Group to run as (not normally used for sendmail)
#Run As Group = mail
#Run As Group = postfix
Run As Group = mail
Incoming Queue Dir = /var/spool/exim.in/input
Outgoing Queue Dir = /var/spool/exim/input
Sendmail = /usr/sbin/exim -C /etc/exim.conf
Sendmail2 = /usr/sbin/exim -C /etc/exim_send.conf
MTA = exim (as opposed to sendmail)
You can further tweak your MailScanner settings later on.
Some more changes are needed to finalise your setup.
MailScanner should autodetect exim, but you need to make a number of changes to /etc/sysconfig/MailScanner
do the following:
mkdir /usr/local/exim/
mkdir /usr/local/exim/bin
make the following symlinks:
ln -s /etc/exim_send.conf /usr/local/exim/exim_send.conf
ln -s /etc/exim.conf /usr/local/exim/configure
ln -s /usr/sbin/exim /usr/local/exim/exim
ln -s /usr/sbin/exim /usr/local/exim/bin/exim
To test if it is working properly or not issue the following command:
/etc/init.d/MailScanner restart;tail -f /var/log/maillog
You should see something like the following:
Shutting down MailScanner daemons:
MailScanner: [ OK ]
incoming exim: [ OK ]
outgoing exim: [ OK ]
Starting MailScanner daemons:
incoming exim: [ OK ]
outgoing exim: [ OK ]
MailScanner: [ OK ]
Keep an eye on the logs for a few minutes.
If anything is wrong you should see an error in them.
In order to increase your setup’s effectiveness against spam and viruses you can now tweak your settings.
As I already mentioned, the MailScanner.conf file is very well commented, so read what the configuration options are doing before you actually change them on a production system.
This method of setting up MailScanner has been tried and tested.
It works for us, however any feedback is always appreciated.
Hi Michele
When you say to edit the exim.conf file and add lines to the main part of the configuration, what section of the exim.conf file should I add the lines to?
Hi again
You say “MailScanner should autodetect exim, but you need to make a number of changes to /etc/sysconfig/MailScanner”. However, from what I can see, you don’t mention any changes to this file.
Paul – how are you?
Add the lines to the top of the exim.conf file.
Ignore the bit about making those changes – I’ll remove them from the howto, as they refer to an older version of this document
My problem now is that when I try to send mail to my server I get:
421 Unexpected failure, please try later
I have checked:
/var/spool/exim/msglog/mainlog
/var/spool/exim/msglog/paniclog
/var/log/maillog
/var/log/exim/mainlog
/var/log/exim/paniclog
but I can’t see much happening in any of them.
/var/log/maillog shows MailScanner starting but not exim.
/etc/rc.d/init.d/exim confirms this with just MailScanner showing as running OK.
/var/spool/exim/msglog/mainlog and paniclog just show:
2006-01-31 00:30:34 failed to open /etc/virtual/whitelist_domains for linear search: No such file or directory
/var/log/exim/mainlog shows lines like this:
2006-01-31 00:06:20 exim 4.60 daemon started: pid=22608, -q15m, not listening for SMTP
Any ideas?
Paul -did you get this sorted out?
Yes, it seems to be working OK now. Thanks.
/var/log/exim/mainlog
exim 4.62 daemon started: pid=10602, -q15m, not listening for SMTP
I cand send or received mail ?
Teco – how are you calling exim / Mailscanner?
More importantly, how did you install it?
Install MailScanner
chown -R mail:mail /var/spool/MailScanner
chown -R mail:mail /var/spool/MailScanner
cp /etc/exim.conf /etc/exim_outgoing.conf
pico -w /etc/exim.conf
and add the following lines in the main part of the configuration:
spool_directory = /var/spool/exim.in
queue_only = true
queue_only_override = false
log_file_path = /var/spool/exim/msglog/%slog
pico -w /etc/init.d/exim
Original:
QUEUE=
[ -f /etc/sysconfig/exim ] && . /etc/sysconfig/exim
[ “$DAEMON” = yes ] && EXIM_OPTS=”$EXIM_OPTS -bd”
[ -n “$QUEUE” ] && EXIM_OPTS=”$EXIM_OPTS -q$QUEUE”
Change this to:
QUEUE=”15m”
[ -f /etc/sysconfig/exim ] && . /etc/sysconfig/exim
[ “$DAEMON” = yes ] && EXIM_OPTS=”$EXIM_OPTS -bd”
[ -f /etc/sysconfig/exim ] && . /etc/sysconfig/exim
[ “$DAEMON” = yes ] && EXIM_OPTS=”$EXIM_OPTS -C /etc/exim_outgoing.conf”
[ -n “$QUEUE” ] && EXIM_OPTS=”$EXIM_OPTS -q$QUEUE”
Create the following directories: /var/spool/exim.in,
/var/spool/exim.in/input,
/var/spool/exim.in/data,
/var/spool/exim.in/db
mkdir /var/spool/exim.in
etc.
and assign them to mail.
chown mail:mail /var/spool/exim.in
pico -w /etc/MailScanner/MailScanner.conf
and change theses settings:
Use you language for reports
%report-dir% = /etc/MailScanner/reports/fr
%org-name% = (Your org. name)
Run As User = mail
Run As Group = mail
Incoming Queue Dir = /var/spool/exim.in/input
Outgoing Queue Dir = /var/spool/exim/input
MTA = exim
Sendmail = /usr/sbin/exim -C /etc/exim.conf
Sendmail2 = /usr/sbin/exim -C /etc/exim_outgoing.conf
Virus Scanners = clamav
Use SpamAssassin = yes
Always Include SpamAssassin Report = yes
# pico -w /etc/sysconfig/MailScanner
MTA=exim
EXIM=/usr/sbin/exim
EXIMINCF=/etc/exim.conf # Incoming configuration file
EXIMSENDCF=/etc/exim_outgoing.conf # Outgoing configuration file
mkdir /usr/local/exim/
mkdir /usr/local/exim/bin
ln -s /etc/exim_send.conf /usr/local/exim/exim_send.conf
ln -s /etc/exim.conf /usr/local/exim/configure
ln -s /usr/sbin/exim /usr/local/exim/exim
ln -s /usr/sbin/exim /usr/local/exim/bin/exim
killall exim -9
killall MailScanner -9
service MailScanner start
Starting MailScanner daemons:
incoming exim: [ OK ]
outgoing exim: [ OK ]
MailScanner: [ OK ]
*****
service MailScanner restart & service exim restart , same
Shutting down MailScanner daemons:
MailScanner: [ OK ]
incoming exim: [ OK ]
outgoing exim: [ OK ]
Starting MailScanner daemons:
incoming exim: [ OK ]
outgoing exim: [ OK ]
MailScanner: [ OK ]
*****
/var/log/exim/mainlog
exim 4.62 daemon started: pid=10602, -q15m, not listening for SMTP
and in
/var/log/mainlog
un 2 05:51:33 server1 MailScanner[15079]: Spam Checks: Found 1 spam messages
Jun 2 05:51:33 server1 MailScanner[15079]: Virus and Content Scanning: Starting
Jun 2 05:51:34 server1 MailScanner[15079]: Uninfected: Delivered 1 messages
Jun 2 05:54:20 server1 MailScanner[15259]: New Batch: Scanning 1 messages, 1548 bytes
Jun 2 05:54:21 server1 MailScanner[15259]: Spam Checks: Found 1 spam messages
Jun 2 05:54:21 server1 MailScanner[15259]: Virus and Content Scanning: Starting
Jun 2 05:54:22 server1 MailScanner[15259]: Uninfected: Delivered 1 messages
Jun 2 05:58:33 server1 MailScanner[15251]: New Batch: Scanning 1 messages, 2912 bytes
Jun 2 05:58:33 server1 MailScanner[15251]: Expired 1 records from the SpamAssassin cache
Jun 2 05:58:34 server1 MailScanner[15251]: Spam Checks: Found 1 spam messages
Jun 2 05:58:34 server1 MailScanner[15251]: Virus and Content Scanning: Starting
Jun 2 05:58:36 server1 MailScanner[15251]: Uninfected: Delivered 1 messages
Jun 2 06:01:01 server1 update.virus.scanners: Delaying cron job up to 600 seconds
Jun 2 06:03:37 server1 update.virus.scanners: Found clamav installed
Jun 2 06:03:37 server1 update.virus.scanners: Running autoupdate for clamav
Jun 2 06:03:37 server1 ClamAV-autoupdate[21957]: ClamAV update warning: /usr/bin/freshclam: error while loading shared libraries: libkrb5support.so.0: cannot open shared object file: No such file or directory
Jun 2 06:03:37 server1 ClamAV-autoupdate[21957]: ClamAV updater failed
Jun 2 06:03:37 server1 update.virus.scanners: Found generic installed
Jun 2 06:03:37 server1 update.virus.scanners: Running autoupdate for generic
**** /usr/bin/freshclam: error while loading shared libraries: libkrb5support.so.0: cannot open shared object file: No such file or directory
how to fix it ?!
Disable the virus checks temporarily, so you can get mail etc., and Mailscanner will do most checks without it. I’d then check your ClamAV install – try the clam av and spamassassin installer from the Mailscanner downloads:
downloads
and install it all manually from there
Your error sounds like a missing rpm or library of some kind, but you haven’t specified your OS
Thanks Michele, My OS CentOS 4.3
I have setup 6 servers with DirectAdmin/MailScanner following your instructions. Four of the servers use Exim 4.31 and have not had an ounce of trouble with them since installation 12 to 24 months ago. Just recently, 2 other servers, one converted 10 months ago with Exim 4.50 and a new server last week with Exim 4.60 I am having really big problems.
The server with 4.50 I have re-installed the instructions twice, once 6 months ago and last week. The mail queue justs freezes up and in the /var/log/exim/mainlog it says exim 4.xx daemon started: pid=xxxxx, -q15m, not listening for SMTP. then when I revert back to the original Exim.config it frees up and works again.
The same applies to the Exim 4.60 and after looking at the configs of the servers that have not given any problems I noted that the problem is where to place the queue and logging instructions on these later servers.
With the Exim 4.31, the q &l was placed near the top, but within the the config file. With the 4.50 and 4.60 versions of Exim I first placed it before the the ACL data and then moved it to the top of each config file before the start. By placing it before the ACL you do not get any readout through the maillogs file. If its placed at the top you do get readouts but you get not listening on port 25 message in the mainlog file.
MailScanner I find is a great programme for viruses and spam when used with exim. All servers handle between 10 to 20 thousand emails per day. All except one run Redhat 9, the exception runs Centos 3.8.
Would you have any ideas on the solution to this problem? Your help would be appreciated.
John
If you are having issues you’ll find me and others on #mailscanner on freenode.
It’s probably the best place to debug your issues 🙂
Michele
Fixed the problem on both servers. It was a matter of finding the right position for the G & L instructions. The message in the /var/log/exim/mainlog saying that exim was not looking for smtp on port 25 is really telling you that MailScanner is in control of the Exim Mail Programme. It means nothing, it does not stop or hinder the mail delivery system.
John
Are you still using the exim init script or have you replaced it with the MailScanner one?
Michele
No I replaced the exim file with a simlink from MailScanner as per your instructions above. Your instuctions are perfect. It just was a matter of placing the Q & L instruction in the right place midway between the reference to listening on ports 25 and 587 and the first mention of ACL’s. If you place it before,in or after the ACL section you won’t get MailScanner logs in the /var/log/maillog directory. This concerns DirectAdmin exim.conf’s in versions 4.5x and 4.6x.
My srv is Running Sendmail , Mailscanner and Spammassassin over 1 year, http://xxxxx/mailscanner stopped , I restart the MailScanner the case not fix.
Can U Help me.
Raymond
If you can supply more information about your setup I can try to assist you
Michele
Hello Michele,
I installed mailscanner as in you’re instructions. I think it was succesfull. I am watching the log file for a few minutes.
Then I tried to send a test virus in a text file and attacthed id to a message: $CEliacmaTrESTuScikgsn$FREE-TEST-SIGNATURE$EEEEE$
In the log I see the virus is caputered and it says: Notices: Warned about 1 messages. But the message never gets it to sender or receiver. I never recieved any warning about the virus in a mail message.
Is something wrong or is this the way mailscanner/ClamAV works. I would like to see that the message is deliverd without the virus text file and with a warning message.
I hope this is possible
Igor
Igor
Have a look at the settings in MailScanner.conf. It sounds like you are using the default actions for viruses.
Michele
Thanks for replying so fast. I took a look in MailScanner.conf and changed these lines:
Deliver Disinfected Files = yes (was no)
Still Deliver Silent Viruses = yes (was no)
But still there is getting no mail message to the reveiver. Can you point me to the right direction?
Igor
After invoking the command: /etc/init.d/MailScanner restart
I mailed the message again and the fake virus mail is recieved by the receiving party with a message in the replaced virus.txt.
That is working like I want it. The question is this safe to do it this way? And are ther other settings I should be aware of?
Thanks in advance
Igor
Igor
You need to do a restart after any changes you make to the configuration.
If you are handling a lot of mail for a lot of users you probably won’t want to deliver the .txt with the warning about viruses that they cannot do anything with.
The main things to ensure you change are the hostnames and other details towards the top of MailScanner.conf (though I think you are forced to do that by the installer script in recent versions)
I have installed one to one mailscanner from here. It’s worked wonderful. But how can update it ?
Can anyone explain it in this way how can i mailscanner make update.
Fedora5
exim4.61
DA 1.29.7
Thanks…
Murat
Upgrading MailScanner isn’t complicated.
On an rpm based system you would simply download the latest installer. Extract it and run the install script. As it’s an upgrade you would then have to follow the upgrade section at the end which means running upgrade_MailScanner_conf and upgrade_languages_conf.
If you run either command without any parameters you will see their usage:
“RPM
===
If you are using the RPM distributions then try this:
cd /etc/MailScanner
upgrade_MailScanner_conf MailScanner.conf MailScanner.conf.rpmnew > MailScanner.new
mv -f MailScanner.conf MailScanner.old
mv -f MailScanner.new MailScanner.conf
TAR
===
If you are using the tar distribution so that the old version is in
/opt/MailScanner and the new one is in /opt/MailScanner.new then:
cd /opt/MailScanner.new/etc
../bin/upgrade_MailScanner_conf /opt/MailScanner/etc/MailScanner.conf /opt/MailScanner.new/etc/MailScanner.conf > MailScanner.new
mv -f MailScanner.conf MailScanner.old
mv -f MailScanner.new MailScanner.conf
NOTE
====
To keep your old comments in your original file, add “–keep-comments”
to the command line. Note that this will mean you don’t get to find
out any extra new values you might be able to use in existing “improved”
configuration options.
”
I’ve also posted on upgrades separately on this site, so have a look in the MailScanner category archives
Regards
Michele
I’m in the process of configuring centos 6.1 x64, exim 4.76 and mailscanner 4.84.3 on DirectAdmin 1.41.1 and have run into the issue whereby specifying a config file with the -C switch no longer runs exim as root unless a TRUSTED_CONFIG_LIST file is defined in Local/Makefile.
Problem is, I don’t know whether a TRUSTED_CONFIG_LIST file was defined in Local/Makefile because Exim was installed from da_exim-4.76-1.x86_64.rpm.
Anyone else managed to sort this out?
I’ve spent many hours on this and so thought I’d share my findings in case it proves helpful to anyone else.
I used this article as the basis for setting up my old server and am now setting up a new one running much newer versions of CentOS, Exim, etc.
My MailScanner.conf contains the lines:
Sendmail = /usr/sbin/exim -C /etc/exim.conf
Sendmail2 = /usr/sbin/exim -C /etc/exim_send.conf
/etc/exim.conf and /etc/exim_send.conf are both symlinks:
# ll /usr/local/exim/configure /usr/local/exim/exim_send.conf
lrwxrwxrwx 1 root root 14 Aug 19 23:07 /usr/local/exim/configure ->
/etc/exim.conf
lrwxrwxrwx 1 root root 19 Aug 19 23:07 /usr/local/exim/exim_send.conf
-> /etc/exim_send.conf
The problem I found was that both exim instances failed to start from
/etc/init.d/MailScanner with entries like this in /var/log/exim/mainlog:
exim user lost privilege for using -C option
I realised this was due to the security changes in exim so recompiled
exim from source using the instructions at http://help.directadmin.com/item.php?id=125 because the version I was running wasn’t built with the new TRUSTED_CONFIG_LIST functionality. I added it and left everything else alone:
# grep trusted_configs /root/exim-4.76/Local/Makefile# grep mail
/root/exim-4.76/Local/Makefile
EXIM_USER=mail
TRUSTED_CONFIG_LIST=/usr/local/exim/trusted_configs
# grep exim.conf /root/exim-4.76/Local/Makefile
CONFIGURE_FILE=/etc/exim.conf
However, this still didn’t solve my problem.
After much messing about I checked the values being used by the /etc/init.d/MailScanner script and found that although it contains the following at the top of the file:
EXIM=/usr/sbin/exim
EXIMINCF=/etc/exim.conf
EXIMSENDCF=/etc/exim_send.conf
It actually uses the values in /etc/sysconfig/MailScanner which were:
EXIM=/usr/local/exim/bin/exim
EXIMINCF=/usr/local/exim/configure # Incoming configuration file
EXIMSENDCF=/usr/local/exim/exim_send.conf # Outgoing configuration file
So I updated /etc/sysconfig/MailScanner to read:
EXIMINCF=/etc/exim.conf # Incoming configuration file
EXIMSENDCF=/etc/exim_send.conf # Outgoing configuration file
The trusted_configs file had only one line:
# cat /usr/local/exim/trusted_configs
/etc/exim_send.conf
After this, exim and MailScanner started OK.
Note that I didn’t need to have /etc/exim.conf in /usr/local/exim/trusted_configs because it was set as the CONFIGURE_FILE in the exim Makefile.
Hi,
Is it also possible to run this on an external box so that all other servers send the e-mail to that box and then to the reciever ?
Kind regards
@D Baars
Yes – you can put a server in front of your other mail servers and have it setup as a filtering / scanning box. Doing that would mean that you wouldn’t be restricted to your configuration ie. you could use a much simpler setup.
We’ve done this in the past. We’ve also done setups where we put a machine in front of a mail cluster that just did DNSBL checks on inbound mail before handing off the remaining mail to internal servers for standard scanning and delivery etc.,
Michele
@D Baars – also .. if you’re going to setup a server to handle the scanning only before passing the mail along you’d need to configure it to do this ie. scan the mail and pass on to the next machine and NOT try to deliver the email locally.
Depending on your choice of Linux distribution and mail server how you do this will vary
HTH
Michele
@Michele im currenlty setting up a test box with centos 6 x64 and exim just basic server and gona play a little with it and seen how far i get.
Thanks for the response
@D Baars – no problem.
If you haven’t done so already I’d recommend checking out the MailScanner mailing list – it’s a very good resource
I follow the instruction step by step.
When issuing command /etc/init.d/MailScanner restart;tail -f /var/log/maillog everything is fine
But in DirectAdmin in service monitor Exim is Stop
and thru squirrelmail cannot send email
Hi rizal,
What does /etc/init.d/exim status give you as output ?
If is says runnen then most likely the second exim That should be runing isnt runing and therefor direct admin says its not runing.
with mailscanner you run 2 exims and directadmin Only knows of 1.
you can try debuging both exims and See why the second One isnt runing.
Kind regards
Hi rizal,
What does /etc/init.d/exim status give you as output ?
If is says runnen then most likely the second exim That should be runing isnt runing and therefor direct admin says its not runing.
with mailscanner you run 2 exims and directadmin Only knows of 1.
you can try debuging both exims and See why the second One isnt runing.
Kind regards,
@Michele i have set up a box and want to let all other server to relay the email true this box with mailscanner i got it all working but i think that the emails that are relayed from other servers aren’t beeing scanned by mailscanner becouse the emails that are send from local have the mailscanner footer added to the emails but the relayed emails do not have it.
What can this be ? it looks like the emails are send out right away without beeing procesed