Guide On How To Install Qmail Scanner On FreeBSD

Guide On How To Install Qmail Scanner On FreeBSD 2017-08-07T12:38:11+00:00

A Step By Step Guide On How To Install Qmail Scanner On FreeBSD
Qmail-Scanner is an application that scans mail received from Qmail and then performs some simple task’s accordingly. This could be reacting to a certain spam threshold set in Spamassassin. Or do other mail manipulation when a virus is detected.

Preflight checklist

Make sure your perl location is adequate. qmail-scanner, is assuming perl to be located in /usr/bin

cd /usr/bin
mv perl perl.old
ln -s /usr/local/bin/perl perl

If you plan on using qmail-scanner you will need to replace unzip shipped with FreeBSD with a newer version like this.

cd /usr/ports/archivers/unzip && make install clean BATCH=yes
cd /usr/bin
mv unzip unzip.old
ln -s /usr/local/bin/unzip unzip

Download Qmail-Scanner

Download qmail-scanner and extract it. We are extracting it to ports where I think it belongs. The location does not really matter though.

cd /usr/ports/mail
fetch http://www.xfiles.dk/content/files/freebsd-qmail/qmail-scanner1.tar.gz
tar zxvf qmail-scanner1.tar.gz
rm qmail-scanner1.tar.gz

Now I allready made an extract, but if you want to run a clean install you can clean up the build first like this.

cd /usr/ports/mail/qmail-scanner1
make clean
make extract

Patching Qmail-Scanner

cd /usr/ports/mail/qmail-scanner1/work/qmail-scanner-1.25
fetch http://www.xfiles.dk/content/files/freebsd-qmail/qmailscanner.patch
patch configure < qmailscanner.patch

You should get a small output similar to this one. What really is important is whether it succeeded or not.

Hmm… Looks like a normal diff to me…
Patching file configure using Plan A…
Hunk #1 succeeded at 1115.
done

Time to apply the second and last patch.

cd /usr/ports/mail/qmail-scanner1/work
fetch http://www.xfiles.dk/content/files/freebsd-qmail/qms-analog-0.4.4.tar.gz
tar zxvf qms-analog-0.4.4.tar.gz
cd qms-analog-0.4.4
gmake all
cp qmail-scanner-1.25-st-qms-20050618.patch ../qmail-scanner-1.25
cd ../qmail-scanner-1.25
patch -p1 < qmail-scanner-1.25-st-qms-20050618.patch

You will get a rather large output ending with the following lines. Once again the only important thing is whether it succeeded or not.

Patching file testingreject.html.orig using Plan A...
Empty context always matches.
Hunk #1 succeeded at 1.
done

Now lets install Qmail-Scanner. Note when you run the command below it may yield an error or two which can safely be ignored.

cd /usr/ports/mail/qmail-scanner1/work/qmail-scanner-1.25/contrib
make install

Lets get the newest Qmail-Scanner Config file.

cd /usr/ports/mail/qmail-scanner1/work/qmail-scanner-1.25
fetch http://www.xfiles.dk/content/files/freebsd-qmail/qms-config-cwrapper

We need to add the primary domain this qmail server is using. That is the domain you added when you ran the "./config-fast hostname" if you followined my qmail guide. If you cant remember the domain you entered you can find it like this.

cat /var/qmail/control/me 

Right now that we know the name let’s add it to the qms-config-cwrapper file. The file we need to edit it this one qms-config-cwrapper

Find the following line.

--domain yourdomain.com \ 

And replace “yourdomain.com” with the domain found in the /var/qmail/control/me file.

Now add all the other domains handled by the server as well as comma separated line "with no spaces". The primary domain for the server should be included on this line as well.

--domain yourdomain.com \ 

Replace domain1.com with the domain found in the /var/qmail/control/me file. Also replace domain2.com,domain3.com with the additional domains this qmail server is mailserver for.

Next find the following line.

--dscr-hdrs-text "X-Antivirus-MYDOMAIN" \

Replace the MYDOMAIN with the short form i.e your domain without .com, .net, org etc. of your primary domain.

Addition Paramters

You can add some additional options in the “qms-config” before proceeding, but you should not really touch anything else than the lines listed below unless you really know what you are doing.

--sa-quarantine 0 \

Whether to quarantine email’s containing spam or virus default is no i.e. 0

--sa-delete 1 \

Wether to delete messages containing spam according to the threshold you set in Spamassassin 1=delete 0=Just rewrite header and dont delete. 1 works fine for me I haven’t had any false positives so far. But if you are paranoid and afraid some mail you should have received is getting deleted you should probably set this to 0.

--sa-reject no \

Whether to reject mails containing spam or virus. Default is no i.e. 0. And you should keep it that way no need to notify spam robots that there is a mailbox here.

--sa-subject “:SPAM:” \

Should be pretty obvious it determines how the subject line should look like when receiving spam.

--sa-debug no \

Will write all information gathered by Qmail-Scanner and append it to the header quite annoying actually. Default is 0 meaning disabled.

Preflight Test

Let’s do a test. That way we can see what options are enabled and if things are working.

chmod 755 qms-config-cwrapper
./qms-config-cwrapper

It will ask you to continue just select “Y” to proceed remember this is only a test run. this will take a bit. When done and it looks ok just select “Y” again to end the test. If everything looks the way we want it to we can proceed.

Right let’s install the qms-config file for real. It will go through the same process as the test suite only this time it’s for real.

./qms-config-cwrapper install

This will prompt you with a question like this.

Hit RETURN to create initial directory structure under /var/spool/qmailscan,
and install qmail-scanner-queue.pl under /var/qmail/bin:

Press "Y" when asked to. And then finally when it ask you to install the qmail-scanner-queue.pl shown below press "Enter" to that one.

Hit RETURN to create initial directory structure under /var/spool/qmailscan,
and install qmail-scanner-queue.pl under /var/qmail/bin:

Once you pressed "Enter" the following output will be generated.

perlscanner: generate new DB file from /var/spool/qmailscan/quarantine-attachments.txt
perlscanner: total of 87 entries.

Finished installation of initial directory structure for Qmail-Scanner
under /var/spool/qmailscan and qmail-scanner-queue.pl under /var/qmail/bin.

Next we will change how Perl is running the qmail-scanner-que. The file we need to edit is this /var/qmail/bin/qmail-scanner-queue.pl

Find the very first line.

#!/usr/local/bin/perl -T

Remove the "-T" so it looks like this.

#!/usr/local/bin/perl

Now set the right permissions on the qmail-scanner-queue.pl file.

chmod 0755 /var/qmail/bin/qmail-scanner-queue.pl

We need update some qmail-scanner files you should do this whenever you update Spamassassin i.e. sa-update. So I would suggest putting this in cron. Running the command below will not generate any output.

setuidgid qscand /var/qmail/bin/qmail-scanner-queue.pl -z

We need to run 1 more initial command. I would suggest putting this in cron as well.

setuidgid qscand /var/qmail/bin/qmail-scanner-queue.pl -g

You will get the following output.

perlscanner: generate new DB file from /var/spool/qmailscan/quarantine-attachments.txt
perlscanner: total of 87 entries.

Set the right ownership on qmailscanner.

chown -R qscand:qscand /var/spool/qmailscan

Edit the qmail-smtp run file to use the right qmail-scanner-queue. The file we need to edit is this. /var/qmail/supervise/qmail-smtpd/run

Find the following line.

#QMAILQUEUE="$VQ/bin/qmail-scanner-queue"

And remove the # mark in front of it like this.

QMAILQUEUE="$VQ/bin/qmail-scanner-queue"

Allmost there. In order for the changes to take effect we need to restart qmail.

qmailctl stop
qmailctl start

Finally let’s test if things are working as intended.

cd /usr/ports/mail/qmail-scanner1/work/qmail-scanner-1.25/contrib
chmod 755 test_installation.sh
setuidgid qscand ./test_installation.sh -doit

This will send a couple of test mails to postmaster at the primary domain you added in the qms-config file. The output will look like below where domain.com is replaced by the domain you added in the qms-config file earlier.

Sending standard test message – no viruses…

done!

Sending eicar test virus – should be caught by perlscanner module…

done!

Sending eicar test virus with altered filename – should only be caught by commercial anti-virus modules (if you have any)…

Sending bad spam message for anti-spam testing – In case you are using SpamAssassin…

Done!

Finished test. Now go and check Email for [email protected]

If this runs without errors we are done. And we can restart qmail a last time.

qmailctl restart

Check if all qmail related services are running.

qmailctl stat

Adding A Domain To Qmail-Scanner

Qmail-scanner is not "self aware" in that sense that when you add a new domain to qmail it will not know about this, and hence not perform any actions on mails coming in to the newly added domain. The guide on how to do this is located here [here]

And we are done here.

Spell checkers don’t – Grammar checkers don’t either.