Exim 4.10 with integrated spam and virus controls
17 February 2003—Updated 19 February 2003
Part 3: The Holy Grail, integrated spam and virus controls
Now to pull everything together that we have covered into one comprehensive package that lets you sleep easy at night knowing your users are fully cared for.
To do this we are going to use Exim, either a version that you have already installed or use our Exim 4.12 package installer. Then we’ll use amavis, a handy perl utility, to pass the mail through both a virus scanner, in our case ClamAV, and then SpamAssassin. Amavis will control what gets allowed in and who gets notified when something is blocked.
The whole process shouldn’t take more than a few hours to get going. It isn’t very complicated but there are a lot of steps. It would be best to do this on a development system, but you could probably get away with setting it up on a live system with very little interruption since amavis is entirely separate from Exim. Although it is best if you aren’t that pressured.
The sticky part in this situation is that the whole process worked best for me after I upgraded to Perl 5.8 from the 5.6 version that Apple ships on the system. The upgrade is easy but it will break all previously installed perl modules on your system. If you’ve never set up perl modules before, or you know which ones you use it will be a very easy upgrade. Otherwise you can try this without upgrading and see how it goes.
To keep things simple and organized I would suggest you cd into a “src” or some sort of working directory before you do this. That way you won’t get your desktop all cluttered up.
Install Perl 5.8
We’ll keep things as simple as possible and download and install a Perl 5.8 package from Aaron Faby. He has two versions available, a threaded and a non-threaded. We’ll use the non-threaded since I had better luck with that one. However, this will break the mod_perl component of the Apple installed Apache 2.0 server. Note that Apache 1.3.x will be fine. Since the number of people affected by this is 10 or under this shouldn’t be a problem.
If this step gives you problems with Perl afterwords, Delete and/or remove the entire /Library/Perl folder and reinstall Perl 5.8 from the package installer. If you are still have problems remove /System/Library/Perl/darwin/CORE.
So off to the races and download the package:
curl -O http://www.aaronfaby.com/software/packages/jaguar/Perl-5.8.0-Jaguar-nothreads.tar.gz gnutar -xzvf Perl-5.8.0-Jaguar-nothreads.tar.gz cd Perl\ 5.8.0 sudo installer -pkg Perl.pkg -target / cd ..
Now you’ve download, uncompressed and installed Perl 5.8.0. Your prior version, 5.6, has been packed up and stored away in /Library/PerlBackup in case you need it later.
Install ClamAV
Amavis can use a number of different virus applications to scan mail. We’re going to use ClamAV because it works well, it’s free, and it has a way-cool name. You can find more info about it here, http://clamav.elektrapro.com/.
Before we install ClamAV we need a user and group for it to run as. You could do that by using Workgroup Manager or even System Preferences, but we’ll do this from the command line. This will keep it simpler. We will set it up as uid 26 which should not conflict with any other users on your system. If you have added system-level, or daemon, users I would suggest you check which uid’s you gave them. Otherwise you should be fine.
sudo niutil -create . /users/clamav sudo niutil -createprop . /users/clamav uid 26 sudo niutil -createprop . /users/clamav gid 26 sudo niutil -createprop . /users/clamav shell /bin/tcsh sudo niutil -createprop . /users/clamav home /tmp sudo niutil -createprop . /users/clamav passwd "*" sudo niutil -create . /groups/clamav sudo niutil -createprop . /groups/clamav gid 26
Now that you have the user and group set up you can download and install the software.
curl -O http://clamav.elektrapro.com/stable/clamav-0.54.tar.gz gnutar -xzvf clamav-0.54.tar.gz cd clamav-0.54 ./configure make sudo make install cd ..
This will compile ClamAV, but now we need to do some configuration for it. ClamAV keeps its config file at /usr/local/etc/clamav.conf. You’ll need to either log in as root and use TextEdit or a command line editor as the root user to edit this. Primarily all you’ll need to do is comment out the line that says “Example” to let the software know that you have at least looked at the config file. Additionally you may want to specify a log file for ClamAV. Feel free to take a look at the other options also. The file is well commented and you shouldn’t have any trouble figuring it out.
Now we can link the ClamAV applications to a location in our path.
sudo ln /usr/local/bin/clamscan /usr/bin/ sudo ln /usr/local/bin/freshclam /usr/bin/ rehash
Now for some testing to make sure it works. In the ClamAV folder that we downloaded there is a sample virus that we should now be able to detect.
clamscan -r -l scan.txt clamav-0.54
This should return a listing of every file in the folder and whether or not it is a virus. There will also be a report in the file scan.txt that should show it found one virus in the folder.
Now that that is working we can set up the automatic virus definition downloader, freshclam.
sudo touch /var/log/clam-update.log sudo chmod 644 /var/log/clam-update.log sudo chown clamav /var/log/clam-update.log sudo freshclam -d -c 2 -1 /var/log/clam-update.log
Now freshclam will check twice a day with the main server and download any virus updates it finds.
In addition to scanning e-mail you can also use ClamAV as a full-fledged virus scanner for files on your system, too. Just take a look at the man page for more info. Now you’re done with ClamAV and can move on to amavis and SpamAssassin.
Install amavis
Amavis is the brains behind this whole operation. It facilitates the e-mail coming from Exim going through the spam and virus scans. Amavis communicates with Exim via SMTP and then writes the e-mail to a temp file so it can be scanned by the other applications. If amavis decides the mail is clean it passes it back to Exim. Otherwise it will quarantine the e-mail and take appropriate action.
So download and install amavis.
curl -O http://www.ijs.si/software/amavisd/amavisd-new-20021227-p2.tar.gz gnutar -xzvf amavisd-new-20021227-p2.tar.gz cd amavisd-new-20021227-p2
Before we get started with amavis we need to make one tiny change in the application itself since it makes a reference to an option of the file command that isn’t necessary in Mac OS X. This isn’t a deal killer, but it will allow you to block e-mails based on file type. For instance you can block all attached .scr and other files that are most likely viruses. We’ll do this with sed and then swap the new file for the old.
sed 's/$file -b $filename/$file $filename \| \[hit Enter] sed -n “s\/\^\[[:alnum:]]\*:\/\/p” /' amavisd > amavisd.new mv amavisd.new amavisd
Now we have to edit the amavisd config file, amavisd.conf. There are a lot of options here. This is where you can configure exactly how spam and viruses are treated as they come through your machine. Before you can even play around with those you’ll need to change the user and the group that amavis runs as. We could go ahead and create a new user and group, but instead we’ll use the clamav user and group that we have already set up. After changing this feel free to investigate your other options and change them accordingly. While amavis will work without much further configuration, you’ll want to specify the e-mail addresses that bounced mail should go. If you have set up SpamAssassin using our previous article, you can stop amavis from doing any spam checking. However, I think you’ll find all of the options that you need with amavis and so you can probably ditch the previous SpamAssassin setup in favor of this one.
After you have edited the file you’ll need to move it. You can change this later if you need to. We’ll also go ahead and setup some log files.
sudo cp amavisd.conf /etc/ sudo chown root /etc/amavisd.conf sudo chmod 644 /etc/amavisd.conf sudo cp amavisd /usr/bin/ sudo chown root /usr/bin/amavisd sudo chmod 755 /usr/bin/amavisd sudo mkdir /var/amavis sudo chown clamav:clamav /var/amavis sudo chmod 750 /var/amavis sudo mkdir /var/virusmails sudo chown clamav:clamav /var/virusmails sudo chmod 750 /var/virusmails sudo touch /var/amavis/whitelist_sender
Now amavis should be good to go, but you’ll need some new Perl modules installed before all of this works. So we’re going to use CPAN to do all of this for us. When you first invoke the CPAN shell you may be asked if you want to do a manual configuration of Perl. You can go ahead and do this if you want, or just continue using the defaults and say “no". As the modules get installed there are a few questions you may be asked. They should all be easy to answer, but if you don’t know just hit return and the default answer will be used.
sudo perl -MCPAN -e shell install Unix::Syslog Time::HiRes MIME::Words Convert::TNEF \ Convert::UUlib Compress::Zlib Archive::Zip Net::Server \ Mail::SpamAssassin Net::Cmd quit
Now we’re almost done. We want to test amavisd to make sure it can run without issue. Amavis has to run as the clamav user, or whatever user you set in the config file, so we’ll su to that user and then see what happens.
sudo su clamav amavisd debug
If all went well you should see amavis start up and log a few items to the screen but not complain about anything. You can exit out of this with control-c. Finally get out of the clamav user:
exit
Exim config
Finally we are ready to edit the Exim config to get all of this working. We need to get Exim to listen on port 1025, to get mail returned from amavis, and then put in a router and a transport for amavis.
In the first section of the Exim config file, /usr/exim/configure, you’ll need to put in this line:
local_interfaces = 0.0.0.0.25 : 127.0.0.1.10025
Next add this router in wherever you want the spam and virus checking to occur. If you want to scan everything put this in front of your dnslookup router. Otherwise put it where you want it.
amavis:
driver = manualroute
# Do NOT run if received via 10025/tcp or if already spam-scanned
# or if bounce message ($sender_address="")
condition = “${if or {{eq {$interface_port}{10025}} \
{eq {$received_protocol}{spam-scanned}} \
{eq {$sender_address}{}} \
}{0}{1}}"
transport = amavis
route_list = “* localhost byname"
self = send
Now we can add the transport. This goes in the transports section of the Exim config file. As with all transports, order does not matter here.
amavis:
driver = smtp
port = 10024
allow_localhost
Put it all together
Now for the moment of truth. You’ll need to restart Exim, either by calling it directly or by using SystemStarter, and then start amavis up and see if it works.
su clamav -c amavisd
Now send an e-mail through. If all is successful you will see a “X-Virus-Scanned: by amavisd-new” header on your mail. Now that things are working you can continue to tweak the amavisd.conf file until you get the behavior that you want.
If you’ve gotten this far you should give yourself a very large pat on the back and at least one favorite beverage of your choice. This is not a simple procedure that you just went through. If you didn’t get this all the first time don’t worry. It took me a few times to get it running.
To get all of this to work at startup you can modify the /Library/Startup/Exim/Exim script to include
su clamav -c amavisd freshclam -d -c 2 -1 /var/log/clam-update.log