systemadmin.es > Correo > Instalación de qmail con vpopmail, qmail-scanner, ClamAV y SpamAssassin (II)

Instalación de qmail con vpopmail, qmail-scanner, ClamAV y SpamAssassin (II)

Ayer vimos como realizar una instalación básica de qmail, hoy seguiremos con la instalación de vpopmail y spamassassin.

El listado de la serie completa es Instalación de un servidor de correo con qmail/vpopmail/qmail-scanner/ClamAV/SpamAssassin:

Instalación vpopmail

Una vez instalado la primera versión de qmail vamos a instalar vpopmail:

groupadd -g 89 vchkpw
useradd -g vchkpw -u 89 -d /home/vpopmail vpopmail
cd /usr/local/src
wget 'http://downloads.sourceforge.net/project/vpopmail/vpopmail-stable/5.4.32/vpopmail-5.4.32.tar.gz?r=http%3A%2F%2Fsourceforge.net%2Fprojects%2Fvpopmail%2Ffiles%2Fvpopmail-stable%2F5.4.32%2F&ts=1304929974&use_mirror=ovh'
tar xzf vpopmail-5.4.32.tar.gz
cd vpopmail-5.4.32

Nos conectamos al MySQL para crear la base de datos y el usuario vpopmail:

# mysql
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 2
Server version: 5.1.32 Source distribution

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql> CREATE DATABASE vpopmail;
Query OK, 1 row affected (0.00 sec)

mysql> GRANT select,insert,update,delete,create,drop ON vpopmail.* TO vpopmail@localhost IDENTIFIED BY 'vp0pm91lp4ssw0rd';
Query OK, 0 rows affected (0.00 sec)

mysql> ^DBye

Seguimos haciendo el configure y el install:

echo "/usr/local/lib" > /etc/ld.so.conf.d/local.conf
ldconfig
cd /usr/local/src
wget http://dist.schmorp.de/libev/libev-4.04.tar.gz
tar xzf libev-4.04.tar.gz
cd libev-4.04
./configure
make && make install
cd /usr/local/src/vpopmail-5.4.32
./configure --disable-roaming-users --enable-logging=p --disable-passwd --enable-clear-passwd --enable-auth-module=mysql --enable-auth-logging --enable-sql-logging --enable-valias --disable-mysql-limits

Obtendremos el siguiente resumen:

           vpopmail 5.4.32
            Current settings
---------------------------------------

vpopmail directory = /home/vpopmail
 domains directory = /home/vpopmail/domains
               uid = 89
               gid = 89
     roaming users = OFF --disable-roaming-users (default)
 password learning = OFF --disable-learn-passwords (default)
     md5 passwords = ON  --enable-md5-passwords (default)
      file locking = ON  --enable-file-locking (default)
vdelivermail fsync = OFF --disable-file-sync (default)
     make seekable = ON  --enable-make-seekable (default)
      clear passwd = ON  --enable-clear-passwd (default)
 user dir hashing  = ON  --enable-users-big-dir (default)
address extensions = OFF --disable-qmail-ext (default)
          ip alias = OFF --disable-ip-alias-domains (default)
   onchange script = OFF --disable-onchange-script (default)
     domain quotas = OFF --disable-domainquotas (default)
       auth module = mysql --enable-auth-module=mysql
 mysql replication = OFF --disable-mysql-replication (default)
       sql logging = ON  --enable-sql-logging
      mysql limits = OFF --disable-mysql-limits (default)
  SQL valias table = ON  --enable-valias
          auth inc = -I/usr/local/mysql/include/mysql
          auth lib = -Xlinker -R -Xlinker /usr/local/mysql/lib/mysql -L/usr/local/mysql/lib/mysql  -lmysqlclient -lz -lm
  system passwords = OFF --disable-passwd (default)
        pop syslog = show failed attempts with clear text password --enable-logging=p
      auth logging = ON  --enable-auth-logging (default)
all domains in one SQL table = --enable-many-domains (default)
      spamassassin = OFF --disable-spamassassin (default)
          maildrop = OFF --disable-maildrop (default)

Seguimos compilando e instalando:

make && make install-strip
echo "export PATH=\$PATH:$(echo ~vpopmail)/bin" >> /etc/profile
. /etc/profile
mkdir -p ~vpopmail/etc
chown vpopmail.vchkpw ~vpopmail/etc
echo "localhost|0|vpopmail|vp0pm91lp4ssw0rd|vpopmail" > ~vpopmail/etc/vpopmail.mysql
chown vpopmail.vchkpw ~vpopmail/etc/vpopmail.mysql
chmod 640 ~vpopmail/etc/vpopmail.mysql

Instalación de ucspi-tcp

Seguimos con una primera versión (sin SSL) de las utilidades ucspi-tcp:

cd /usr/local/src/ucspi-tcp-0.88
patch < /usr/local/src/netqmail-1.06/other-patches/ucspi-tcp-0.88.errno.patch
make
make setup check

Instalación de SpamAssassin

A continuación instalaremos el SpamAssassin como sistema anti-spam.

Primero de todo debemos instalar el paquete db4-devel, el openssl-devel y preparar el cpan:

yum install db4-devel -y
yum install openssl-devel -y
perl -MCPAN -e 'install Bundle::CPAN'

Entramos al CPAN para instalar modulos de perl mediante el comando cpan:

cpan
Terminal does not support AddHistory.

cpan shell -- CPAN exploration and modules installation (v1.7602)
ReadLine support available (try 'install Bundle::CPAN')

cpan>

Dentro del CPAN executamos:

o conf prerequisites_policy follow
install NetAddr::IP Net::DNS::Resolver::Programmable Digest::SHA1 HTML::Parser Storable MIME::Base64 DB_File Net::DNS Net::SMTP  IP::Country::Fast BerkeleyDB LWP::UserAgent Archive::Tar Mail::DKIM DBI
force install DBD::mysql
force install Mail::SPF::Query
install Error
install Mail::SPF
exit

Seguimos instalando los binarios de SpamAssassin:

cd /usr/local/src
wget http://www.sharethecoupon.com/apache/spamassassin/source/Mail-SpamAssassin-3.3.1.tar.gz
tar xzf Mail-SpamAssassin-3.3.1.tar.gz 
cd Mail-SpamAssassin-3.3.1
perl Makefile.PL
make && make install
groupadd spamd
useradd -g spamd spamd

Actualizaciones automáticas de SpamAssassin

Vamos a automatizar la actualización de reglas desde updates.spamassassin:

mkdir -p /etc/mail/spamassassin/sa-update-keys
chown spamd. /etc/mail/spamassassin/ -R
echo "updates.spamassassin.org" > /etc/mail/spamassassin/sa-update-keys/updates.spamassassin.txt
wget http://spamassassin.apache.org/updates/GPG.KEY -O /tmp/GPG.KEY.updates
chmod g-rwx /etc/mail/spamassassin/sa-update-keys/
chmod o-rwx /etc/mail/spamassassin/sa-update-keys/
su - spamd -c 'sa-update --import /tmp/GPG.KEY.updates'
su - spamd -c '/usr/bin/sa-update --channelfile /etc/mail/spamassassin/sa-update-keys/updates.spamassassin.txt --updatedir /etc/mail/spamassassin'

Actualizaciones automáticas de SARE

A continuación hacemos lo mismo para las reglas de SARE:

wget http://daryl.dostech.ca/sa-update/sare/GPG.KEY -O /tmp/SARE.GPG.KEY
su - spamd -c 'sa-update --import /tmp/SARE.GPG.KEY'
echo "70_sare_adult.cf.sare.sa-update.dostech.net" >> /etc/mail/spamassassin/sa-update-keys/sare-sa-update-channels.txt
echo "70_sare_bayes_poison_nxm.cf.sare.sa-update.dostech.net" >> /etc/mail/spamassassin/sa-update-keys/sare-sa-update-channels.txt
echo "70_sare_evilnum0.cf.sare.sa-update.dostech.net" >> /etc/mail/spamassassin/sa-update-keys/sare-sa-update-channels.txt
echo "70_sare_evilnum1.cf.sare.sa-update.dostech.net" >> /etc/mail/spamassassin/sa-update-keys/sare-sa-update-channels.txt
echo "70_sare_evilnum2.cf.sare.sa-update.dostech.net" >> /etc/mail/spamassassin/sa-update-keys/sare-sa-update-channels.txt
echo "70_sare_genlsubj0.cf.sare.sa-update.dostech.net" >> /etc/mail/spamassassin/sa-update-keys/sare-sa-update-channels.txt
echo "70_sare_genlsubj1.cf.sare.sa-update.dostech.net" >> /etc/mail/spamassassin/sa-update-keys/sare-sa-update-channels.txt
echo "70_sare_genlsubj2.cf.sare.sa-update.dostech.net" >> /etc/mail/spamassassin/sa-update-keys/sare-sa-update-channels.txt
echo "70_sare_genlsubj3.cf.sare.sa-update.dostech.net" >> /etc/mail/spamassassin/sa-update-keys/sare-sa-update-channels.txt
echo "70_sare_genlsubj.cf.sare.sa-update.dostech.net" >> /etc/mail/spamassassin/sa-update-keys/sare-sa-update-channels.txt
echo "70_sare_genlsubj_x30.cf.sare.sa-update.dostech.net" >> /etc/mail/spamassassin/sa-update-keys/sare-sa-update-channels.txt
echo "70_sare_header0.cf.sare.sa-update.dostech.net" >> /etc/mail/spamassassin/sa-update-keys/sare-sa-update-channels.txt
echo "70_sare_header1.cf.sare.sa-update.dostech.net" >> /etc/mail/spamassassin/sa-update-keys/sare-sa-update-channels.txt
echo "70_sare_header2.cf.sare.sa-update.dostech.net" >> /etc/mail/spamassassin/sa-update-keys/sare-sa-update-channels.txt
echo "70_sare_header3.cf.sare.sa-update.dostech.net" >> /etc/mail/spamassassin/sa-update-keys/sare-sa-update-channels.txt
echo "70_sare_header.cf.sare.sa-update.dostech.net" >> /etc/mail/spamassassin/sa-update-keys/sare-sa-update-channels.txt
echo "70_sare_highrisk.cf.sare.sa-update.dostech.net" >> /etc/mail/spamassassin/sa-update-keys/sare-sa-update-channels.txt
echo "70_sare_html0.cf.sare.sa-update.dostech.net" >> /etc/mail/spamassassin/sa-update-keys/sare-sa-update-channels.txt
echo "70_sare_html1.cf.sare.sa-update.dostech.net" >> /etc/mail/spamassassin/sa-update-keys/sare-sa-update-channels.txt
echo "70_sare_html2.cf.sare.sa-update.dostech.net" >> /etc/mail/spamassassin/sa-update-keys/sare-sa-update-channels.txt
echo "70_sare_html3.cf.sare.sa-update.dostech.net" >> /etc/mail/spamassassin/sa-update-keys/sare-sa-update-channels.txt
echo "70_sare_html4.cf.sare.sa-update.dostech.net" >> /etc/mail/spamassassin/sa-update-keys/sare-sa-update-channels.txt
echo "70_sare_html.cf.sare.sa-update.dostech.net" >> /etc/mail/spamassassin/sa-update-keys/sare-sa-update-channels.txt
echo "70_sare_obfu0.cf.sare.sa-update.dostech.net" >> /etc/mail/spamassassin/sa-update-keys/sare-sa-update-channels.txt
echo "70_sare_obfu1.cf.sare.sa-update.dostech.net" >> /etc/mail/spamassassin/sa-update-keys/sare-sa-update-channels.txt
echo "70_sare_obfu2.cf.sare.sa-update.dostech.net" >> /etc/mail/spamassassin/sa-update-keys/sare-sa-update-channels.txt
echo "70_sare_obfu3.cf.sare.sa-update.dostech.net" >> /etc/mail/spamassassin/sa-update-keys/sare-sa-update-channels.txt
echo "70_sare_obfu.cf.sare.sa-update.dostech.net" >> /etc/mail/spamassassin/sa-update-keys/sare-sa-update-channels.txt
echo "70_sare_oem.cf.sare.sa-update.dostech.net" >> /etc/mail/spamassassin/sa-update-keys/sare-sa-update-channels.txt
echo "70_sare_random.cf.sare.sa-update.dostech.net" >> /etc/mail/spamassassin/sa-update-keys/sare-sa-update-channels.txt
echo "70_sare_specific.cf.sare.sa-update.dostech.net" >> /etc/mail/spamassassin/sa-update-keys/sare-sa-update-channels.txt
echo "70_sare_spoof.cf.sare.sa-update.dostech.net" >> /etc/mail/spamassassin/sa-update-keys/sare-sa-update-channels.txt
echo "70_sare_stocks.cf.sare.sa-update.dostech.net" >> /etc/mail/spamassassin/sa-update-keys/sare-sa-update-channels.txt
echo "70_sare_unsub.cf.sare.sa-update.dostech.net" >> /etc/mail/spamassassin/sa-update-keys/sare-sa-update-channels.txt
echo "70_sare_uri0.cf.sare.sa-update.dostech.net" >> /etc/mail/spamassassin/sa-update-keys/sare-sa-update-channels.txt
echo "70_sare_uri1.cf.sare.sa-update.dostech.net" >> /etc/mail/spamassassin/sa-update-keys/sare-sa-update-channels.txt
echo "70_sare_uri3.cf.sare.sa-update.dostech.net" >> /etc/mail/spamassassin/sa-update-keys/sare-sa-update-channels.txt
echo "70_sare_whitelist.cf.sare.sa-update.dostech.net" >> /etc/mail/spamassassin/sa-update-keys/sare-sa-update-channels.txt
echo "70_sare_whitelist_rcvd.cf.sare.sa-update.dostech.net" >> /etc/mail/spamassassin/sa-update-keys/sare-sa-update-channels.txt
echo "70_sare_whitelist_spf.cf.sare.sa-update.dostech.net" >> /etc/mail/spamassassin/sa-update-keys/sare-sa-update-channels.txt
echo "72_sare_bml_post25x.cf.sare.sa-update.dostech.net" >> /etc/mail/spamassassin/sa-update-keys/sare-sa-update-channels.txt
echo "72_sare_redirect_post3.0.0.cf.sare.sa-update.dostech.net" >> /etc/mail/spamassassin/sa-update-keys/sare-sa-update-channels.txt
echo "99_sare_fraud_post25x.cf.sare.sa-update.dostech.net" >> /etc/mail/spamassassin/sa-update-keys/sare-sa-update-channels.txt
su - spamd -c '/usr/bin/sa-update --channelfile /etc/mail/spamassassin/sa-update-keys/sare-sa-update-channels.txt --gpgkey 856AA88A --updatedir /etc/mail/spamassassin'
mkdir -p /usr/local/supervise/spamd/
mkdir /home/spamd/.spamassassin
chown -R spamd.spamd /home/spamd/.spamassassin
mkdir -p /etc/mail/spamassassin/zz_local
echo "include zz_local/local.cf" > zz_local.cf

Creamos el fichero /etc/mail/spamassassin/zz_local/local.cf:

cat > /etc/mail/spamassassin/zz_local/local.cf <<EOF
required_score 4.0
rewrite_header Subject [SPAM]
report_safe 0
use_pyzor 0
skip_rbl_checks 0
rbl_timeout 5
use_bayes 1
use_bayes_rules 1
bayes_auto_learn 1
bayes_path /home/spamd/.spamassassin/bayes
bayes_auto_learn_threshold_spam 10.0
use_auto_whitelist 1
ok_languages es en de ca
EOF

A continuación creamos el fichero /etc/mail/spamassassin/sa-update-keys/actualitzacio.regles.sa.sh:

cat <<"EOF" > /etc/mail/spamassassin/sa-update-keys/actualitzacio.regles.sa.sh
#!/bin/bash
su - spamd -c '/usr/bin/sa-update --channelfile /etc/mail/spamassassin/sa-update-keys/sare-sa-update-channels.txt --gpgkey 856AA88A --updatedir /etc/mail/spamassassin'
su - spamd -c '/usr/bin/sa-update --channelfile /etc/mail/spamassassin/sa-update-keys/updates.spamassassin.txt --gpgkey 856AA88A --updatedir /etc/mail/spamassassin'

/usr/bin/spamassassin --lint

if [ $? -eq 0 ];
then
 pkill spamd;
else
 echo "Se ha detectado un problema con las reglas del SpamAssassin." | mail -s "Problema reglas spamassassin" soporte@24x7.systemadmin.es
fi
EOF
chmod +x /etc/mail/spamassassin/sa-update-keys/actualitzacio.regles.sa.sh

A continuación lo podemos establezer para que se ejecute de forma periódica mediante el cron. Por ejemplo, a las cinco de la mañana:

0 5 * * * /etc/mail/spamassassin/sa-update-keys/actualitzacio.regles.sa.sh

A continuación vamos a levantar el daemon de spamassassin mediante daemontools. Creamos el fichero /usr/local/supervise/spamd/run:

cat > /usr/local/supervise/spamd/run <<EOF
#!/bin/bash
exec /usr/bin/spamd -x -u spamd -H /home/spamd -r /var/run/spamd.pid
EOF

Damos permisos de ejecución y levantamos el daemon:

sa-update
chmod +x /usr/local/supervise/spamd/run
ln -s /usr/local/supervise/spamd /service/

Mañana seguiremos instalando ClamAV como motor antivirus y qmail-scan-queue.

Deja un comentario:

XHTML - Tags permitidos:<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>