DOCSLIB.ORG

Mailscanner.Conf Reference Manual Version 1.1 Table of Content

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Mailscanner.Conf Reference Manual Version 1.1 Table of Content Version 4.42.9 MailScanner.conf Reference Manual Version 1.1 Table of Content 1. Introduction................................................................................................................................. 8 2. Variables ..................................................................................................................................... 9 %report-dir%................................................................................................................................... 9 %etc-dir% ....................................................................................................................................... 9 %rules-dir% .................................................................................................................................... 9 %mcp-dir% ..................................................................................................................................... 9 %org-name%................................................................................................................................... 9 %org-long-name% ........................................................................................................................ 10 %web-site% .................................................................................................................................. 10 3. System settings.......................................................................................................................... 10 Max Children ................................................................................................................................ 10 Run As User.................................................................................................................................. 10 Run As Group ............................................................................................................................... 10 Queue Scan Interval...................................................................................................................... 11 Incoming Queue Dir ..................................................................................................................... 11 Outgoing Queue Dir...................................................................................................................... 11 Incoming Work Dir....................................................................................................................... 11 Quarantine Dir .............................................................................................................................. 11 PID file.......................................................................................................................................... 12 Restart Every................................................................................................................................. 12 MTA.............................................................................................................................................. 12 Sendmail ....................................................................................................................................... 12 Sendmail2 ..................................................................................................................................... 12 4. Incoming Work Dir Settings..................................................................................................... 13 Incoming Work User / Incoming Work Group............................................................................. 13 Incoming Work Permissions......................................................................................................... 13 5. Quarantine and Archive Settings .............................................................................................. 13 Quarantine User / Quarantine Group ............................................................................................ 13 Quarantine Permissions ................................................................................................................ 14 6. Processing Incoming Mail........................................................................................................ 14 Max Unscanned Bytes Per Scan / Max Unsafe Bytes Per Scan ................................................... 14 Max Unscanned Messages Per Scan / Max Unsafe Messages Per Scan ...................................... 14 Max Normal Queue Size............................................................................................................... 14 Maximum Attachments Per Message ........................................................................................... 14 Expand TNEF ............................................................................................................................... 15 Deliver Unparsable TNEF ............................................................................................................ 15 TNEF Expander ............................................................................................................................ 15 TNEF Timeout.............................................................................................................................. 15 File Command............................................................................................................................... 15 File Timeout.................................................................................................................................. 15 Unrar Command............................................................................................................................ 16 Unrar Timeout............................................................................................................................... 16 Maximum Message Size............................................................................................................... 16 Maximum Attachment Size .......................................................................................................... 16 Minimum Attachment Size........................................................................................................... 16 Maximum Archive Depth ............................................................................................................. 17 Find Archives By Content ............................................................................................................ 17 7. Virus Scanning and Vulnerability Testing................................................................................ 17 Virus Scanners .............................................................................................................................. 17 Virus Scanner Timeout ................................................................................................................. 18 Deliver Disinfected Files .............................................................................................................. 18 Silent Viruses................................................................................................................................ 19 Still Deliver Silent Viruses ........................................................................................................... 19 Non-Forging.................................................................................................................................. 20 Block Encrypted Messages........................................................................................................... 20 Block Unencrypted Messages....................................................................................................... 20 Allow Password-Protected Archives ............................................................................................ 20 Options specific to Sophos Anti-Virus ......................................................................................... 21 Allowed Sophos Error Messages.............................................................................................. 21 Sophos IDE Dir............................................................................................................................. 21 Sophos Lib Dir.............................................................................................................................. 21 Monitors For Sophos..................................................................................................................... 21 Options specific to ClamAV Anti-Virus....................................................................................... 21 ClamAVmodule Maximum Recursion Level / ClamAVmodule Maximum Files ................... 22 ClamAVmodule Maximum File Size / ClamAVmodule Maximum Compression Ratio ........ 22 8. Removing/Logging dangerous or potentially offensive content............................................... 22 Dangerous Content Scanning........................................................................................................ 22 Allow Partial Messages................................................................................................................. 22 Allow External Message............................................................................................................... 22 Find Phishing Fraud.....................................................................................................................
Load more

Recommended publications
  • Baruwa Documentation Release 1.1.2
    Baruwa Documentation Release 1.1.2 Andrew Colin Kissa June 27, 2016 Contents 1 Introduction 3 2 Features 5 3 Screenshots 7 4 Requirements 9 4.1 Baruwa requirements.........................................9 4.2 MailScanner requirements......................................9 5 Source Installation 11 5.1 Install Baruwa............................................ 11 5.2 Configure RabbitMQ......................................... 12 5.3 Configure Baruwa.......................................... 12 5.4 Configure MailScanner........................................ 14 5.5 Testing................................................ 15 5.6 Need help............................................... 16 5.7 Distribution / OS installation..................................... 16 6 Baruwa on RHEL/SL/Centos 17 6.1 Install EPEL............................................. 17 6.2 Baruwa installation.......................................... 17 6.3 Configure RabbitMQ......................................... 17 6.4 Configure Baruwa.......................................... 18 6.5 Configure MailScanner........................................ 19 6.6 Testing................................................ 20 6.7 Need help............................................... 20 7 Baruwa on Fedora 21 7.1 Baruwa Installation.......................................... 21 7.2 Configure RabbitMQ......................................... 21 7.3 Configure Baruwa.......................................... 22 7.4 Configure MailScanner........................................ 23 7.5 Testing...............................................
    [Show full text]
  • Macsysadmin 2009 Presentatio
    Slide 1 SpamAssassin Way more than the Mac OS X Server GUI shows Presented by: Kevin A. McGrail Project Management Committee Member of the Apache Software Foundation SpamAssassin Project & President, PCCC September 16, 2009 Good Afternoon, My name is Kevin A. McGrail. If you read my biographyi for this conference, you’ll know already that I hate Spam and enjoy greatly fighting spammers. You’ll also know that I love all types of computers and use a wide variety of machines & operating systems. But I’m definitely old-school in my love for the command line interface. This doesn’t mean I don’t think that Apple’s OS X is the most beautiful pairing of a rock-solid CLI with a beautifully polished GUI. But it does mean that while we are here to talk about Mac system administration, the configuration of SpamAssassin is largely not server specific and most of the heavy- handed configuration changes will be done behind the scenes using the CLI. So let’s get started by talking about the definition of Spam. Page 1 of 67 Slide 2 What is Spam? •Spam is NOT about content, its about CONSENT. – Consent: to give assent or approval : agree <consent to being tested> Merriam‐Webster Dictionary •What is SPAM vs. spam? September 16, 2009 Chris Santerre gave the best definition of Spam I’ve ever seen. He based the definition of Spam on CONSENT not content because consent is when you give approval to someone to send you e-mails. Many people try and use various legal definitions such as CAN-SPAM in the US.
    [Show full text]
  • Security Recommendation for an Ubuntu Server-Based System
    Security Recommendation for an Ubuntu Server-based System Best Practice Document Produced by the MREN-led Campus Networking working group Authors: Milan Čabak (MREN), Vladimir Gazivoda (MREN), Božo Krstajić (MREN) March 2016 © MREN, 2016 © GÉANT, 2016. All rights reserved. Document No: GN4P1-NA3-T2-MREN003 Version / date: June 2015 Original language : Montenegrin Original title: “Sigurnosne preporuke za Ubuntu server” Original version / date: Version 1 / 21 June 2015 Contact: Milan Čabak, [email protected]; Vladimir Gazivoda, [email protected]; Božo Krstajić, [email protected] MREN is responsible for the contents of this document. The document was developed by the MREN-led working group on security with the purpose of implementing joint activities on the development and dissemination of documents encompassing technical guidelines and recommendations for network services in higher education and research institutions in Montenegro. Parts of the report may be freely copied, unaltered, provided that the original source is acknowledged and copyright preserved. The research leading to these results has received funding from the European Union’s Horizon 2020 research and innovation programme under Grant Agreement No. 691567 (GN4-1). NREN LOGO Best Practice Document: 1 Security recommendation for Ubuntu server based systems Table of Contents Summary 4 1 Introduction 5 2 Increasing security when installing Ubuntu Server 6 3 Increasing security after installing Ubuntu Server 8 3.1 Shared memory 8 3.2 Setting the security of SSH protocol 8 3.3 The limitation of su
    [Show full text]
  • Clam Antivirus 0.88.2 User Manual Contents 1
    Clam AntiVirus 0.88.2 User Manual Contents 1 Contents 1 Introduction 6 1.1 Features.................................. 6 1.2 Mailinglists................................ 7 1.3 Virussubmitting.............................. 7 2 Base package 7 2.1 Supportedplatforms............................ 7 2.2 Binarypackages.............................. 8 2.3 Dailybuiltsnapshots ........................... 10 3 Installation 11 3.1 Requirements ............................... 11 3.2 Installingonashellaccount . 11 3.3 Addingnewsystemuserandgroup. 12 3.4 Compilationofbasepackage . 12 3.5 Compilationwithclamav-milterenabled . .... 12 4 Configuration 13 4.1 clamd ................................... 13 4.1.1 On-accessscanning. 13 4.2 clamav-milter ............................... 14 4.3 Testing................................... 14 4.4 Settingupauto-updating . 15 4.5 Closestmirrors .............................. 16 5 Usage 16 5.1 Clamdaemon ............................... 16 5.2 Clamdscan ................................ 17 5.3 Clamuko.................................. 17 5.4 Outputformat............................... 18 5.4.1 clamscan ............................. 18 5.4.2 clamd............................... 19 6 LibClamAV 20 6.1 Licence .................................. 20 6.2 Features.................................. 20 6.2.1 Archivesandcompressedfiles . 20 6.2.2 Mailfiles ............................. 21 Contents 2 6.3 API .................................... 21 6.3.1 Headerfile ............................ 21 6.3.2 Databaseloading . .. .. .. .. .. .
    [Show full text]
  • Wazuh Ruleset
    [email protected] https://wazuh.com Wazuh Ruleset Rule Description Source Updated by Wazuh apache Apache is the world's most used web server software. Out of the box ✔ AppArmor is a Linux kernel security module that allows the system administrator to restrict programs's capabilities with per -program apparmor Out of the box ✔ profiles. arpwatch ARPWatch is a computer software tool for monitoring Address Resolution Protocol traffic on a computer network. Out of the box ✔ asterisk Asterisk is a software implementation of a telephone private branch exchange (PBX). Out of the box ✔ attack_rules.xml Signatures of different attacks detected by Wazuh Out of the box ✔ cimserver Compaq Insight Manager Server Out of the box ✔ cisco-ios Cisco IOS is a software used on most Cisco Systems routers and current Cisco network switches. Out of the box ✔ Clam AntiVirus (ClamAV) is a free and open-source, cross-platform antivirus software tool-kit able to detect many types of malicious clam_av software. Out of the box ✔ courier IMAP/POP3 server Out of the box ✔ dovecot Dovecot is an open-source IMAP and POP3 server for Linux/UNIX-like systems, written primarily with security in mind. Out of the box ✔ Dropbear is a software package that provides a Secure Shell-compatible server and client. It is designed as a replacement for standard dropbear OpenSSH for environments with low memory and processor resources, such as embedded systems. Out of the box ✔ FirewallD provides a dynamically managed firewall with support for network/firewall zones to define the trust level of networ k firewalld connections or interfaces.
    [Show full text]
  • The Perfect Spamsnake - Ubuntu 8.04 LTS
    The Perfect SpamSnake - Ubuntu 8.04 LTS By Rocky (Contact Author) (Forums) Published: 2008-05-01 18:45 The Perfect SpamSnake - Ubuntu 8.04 LTS Postfix w/Bayesian Filtering and Anti-Backscatter (Relay Recipients), Apache, Mysql, Bind, MailScanner (Spamassassin, ClamAV, Pyzor, Razor, DCC-Client), MailWatch, SPF Checks, FuzzyOcr, PDF/XLS/Phishing Sanesecurity Signatures, Postfix-GLD (Greylisting Optional), Logwatch Statistical Reporting (Optional), Outgoing Disclaimer with alterMIME (Optional), FireHOL (Iptables Firewall) Version 2.0 Author: Mohammed Alli This tutorial shows how to set up an Ubuntu Hardy Heron (8.04 LTS) based server as a spamfilter in Gateway mode. In the end, you will have a SpamSnake Gateway which will relay clean emails to your MTA. You will also be able to view your incoming queue, train your SpamSnake and carry out a few more advanced operations via MailWatch. I cannot offer any guarantees that this will work for you, the same way it(TM)s working for me. I will use the following software: - Web Server: Apache 2.2 with PHP 5.2.4 and Ruby - Database Server: MySQL 5.0 - Mail Server: Postfix - DNS Server: BIND9 - PHP: PHP5 - MailScanner: MailScanner v4.68.8 - MailWatch: MailWatch v1.0.4 Credit goes to the guys at HowToForge and the developers of MailScanner and MailWatch. 1 Requirements Copyright © 2008 Rocky (Contact Author) (Forums) All Rights Reserved. HowtoForge Page 1 of 104 The Perfect SpamSnake - Ubuntu 8.04 LTS http://www.howtoforge.com/ To install such a system you will need the following: - The Ubuntu 8.04 LTS server CD, available here: ftp://releases.ubuntu.com/releases/hardy/ubuntu-8.04-server-i386.iso - A fast internet connection.
    [Show full text]
  • The Mailscanner Book
    Changes from Version 1.1 December 2004 To Version 1.2 August 2005 1 2 Message Transport Agent rnet Mail Incoming Queue Inte Sendmail /var/spool/mqueue.in Exim Postfix RBL Tests Subject Tests * Header Tests Body Tests URI Tests Spam Tests Misc. Tests MailScanner External Processes SpamAssassin Calculate Score MailScanner Message Content Protection Checks MCP Virus Tests Third Party Command Line Virus ScannersVirus Attachment test Virus HTML test file names / types Virus Actions * Store Delete Message Quarantine Delete Processing /var/spool/ Trash MailScanner/ (Header / Subject quarantine line Modifications) Clean & Deliver Delete Store Clean Messages Spam Actions Notification Sender / Postmaster Deliver, Bounce, Outgoing Queue /var/spool/mqueue Forward, Striphtml, Attachment Safe - Release from Quarantine Safe - Clean & Deliver MTA Sendmail, To Mail Server Postfix or Exim 3 Scan Messages = yes This setting is used to completely enable or disable all the processing done by MailScanner, except for the “Archive Mail” setting described in the next section. It is intended for use with a ruleset, so that your customers who either do not want their mail processed in any way, or who have not paid you for the service, can have their mail delivered without any processing done to it. No MailScanner headers or modifications of any sort will be applied to the messages, and it is impossible to see from the contents of the message that they have passed through MailScanner. The “Archive Mail” option is still used so that you can take copies of their mail, possibly without their knowledge if your operation or organisation requires it. This can be the filename of a ruleset, and this is how this setting would normally be used unless it is just set to “yes”.
    [Show full text]
  • Clam Antivirus 0.70 User Manual by Tomasz Kojm Contents 1
    Clam AntiVirus 0.70 User Manual by Tomasz Kojm Contents 1 Contents 1 Introduction 4 1.1 Features . 4 1.2 Mailing lists . 4 1.3 Virus submitting . 5 2 Installation 5 2.1 Supported platforms . 5 2.2 Binary packages - stable versions . 6 2.3 Binary packages - snapshots . 7 2.4 Requirements . 7 2.5 New system user and group . 8 2.6 Compilation . 8 2.7 Configuration . 9 2.8 Testing . 10 2.9 freshclam: Setting up auto-updating . 10 2.10 Database mirrors . 11 3 Usage 13 3.1 Clam daemon . 13 3.2 Clamdscan . 14 3.3 Clamuko . 15 3.4 Archives and compressed files . 16 3.5 Mail files . 17 3.6 Output format . 17 3.7 Signature Tool . 19 4 Problem solving 21 4.1 Return codes . 21 5 ClamAV-certified software 22 5.1 clamav-milter . 22 5.2 IVS Milter . 23 5.3 smtp-vilter . 23 5.4 mod clamav . 23 5.5 TrashScan . 23 5.6 AMaViS - ”Next Generation” . 24 5.7 amavisd-new . 24 5.8 Qmail-Scanner . 24 Contents 2 5.9 Sagator . 24 5.10 ClamdMail . 25 5.11 BlackHole . 25 5.12 MailScanner . 25 5.13 MIMEDefang . 25 5.14 exiscan . 25 5.15 scanexi . 26 5.16 Mail::ClamAV . 26 5.17 OpenAntiVirus samba-vscan . 26 5.18 Sylpheed Claws . 26 5.19 nclamd . 26 5.20 cgpav . 27 5.21 j-chkmail . 27 5.22 qscanq . 27 5.23 clamavr . 27 5.24 DansGuardian Anti-Virus Plugin . 27 5.25 ClamAssassin . 27 5.26 Gadoyanvirus .
    [Show full text]
  • Extending Use of Sendmail and Procmail for Virtual Mail Hosting
    Extending Use of Sendmail and Procmail for Virtual Mail Hosting Randolph Langley [email protected] April 2, 2007 Postfix [Ven] natively handles virtual domains and users better than Sendmail does. Perhaps the most needling problem with Sendmail’s handling of virtual users and domains is the problem of “name folding”: Sendmail doesn’t prop- erly allow for the same username in two different domains. If Sendmail tries to handle a single mail that has an envelope with both user [email protected] and [email protected], it will just deliver the message to one of the users. Also, although Sendmail lets you use an LDAP database, it doesn’t allow you to directly store domain and user configuration in a relational database. One way to get around that is by using a relational database as a back-end for OpenLDAP, creating the metadata for that takes a good bit of effort and in practice it is not very fast. I suggest in the final section a different means to access to a database via send- mail’s new socket map feature. That will allow you to keep all user and domain information in a database. With some caching and failover capabilities, it also allows a good bit of redundancy to be introduced. The Sendmail Consortium’s website has a very good introduction to using sendmail to host virtual domains at http://www.sendmail.org/virtual-host- ing.html. The approach outlined here extends that approach in making a mail- hub: 1. It uses two cooperating sendmail processes, an “incoming” and an “out- going” sendmail to solve the name “folding” problem.
    [Show full text]
  • Mailscanner 5.1.3-3 Milter Configuration Guide 1.5 March 3Rd
    MailScanner 5.1.3-3 Milter Configuration Guide 1.5 March 3rd, 2019 Shawn Iverson [email protected] 1 Copyright © 2018-2019 MailScanner Project This guide is based on the implementation of MailScanner as of Version 5.1.3. 2 I would like to gratefully acknowledge all the support and assistance provided by the following organizations: 3 This guide is dedicated to the continuing persistence and dedication of all people who fight bad email day in and day out worldwide. 4 Introduction How the MailScanner Milter Works Unlike previous versions of MailScanner, MailScanner 5.1.3+ introduces a milter daemon for postfix. MailScanner still functions normally for all Message Transfer Agents (MTAs) and can run as it always has prior to this version. This optional functionality for MailScanner provides a Postfix compatible interface with MailScanner to process and scan email, and it will likely evolve with additional functionality in the future. Use of the milter decouples MailScanner from Postfix, so the Postfix queues are untouched, and MailScanner can operate independently with its own milter queues. This is MailScanner Milter version 1.5, fifth release. The MailScanner Milter has reached maturity and is considered to be stable as of this release. Additional features will likely be added in the future. This documentation will be updated to reflect the current status of the MailScanner Milter. On the next page you will find a diagram that demonstrates the mail flow in the MailScanner Milter in conjunction with MailScanner itself. 5 MailScanner Milter Process Diagram Fig. 1. 6 The milter interfaces with Postfix to capture the incoming email conversation and either REJECT, DISCARD, TMPFAIL, or ACCEPT.
    [Show full text]
  • Unified Anti-Spam Analyser Specialized to Protect from Russian Spam
    Aleksey Valov UNIFIED ANTI-SPAM ANALYSER SPECIALIZED TO PROTECT FROM RUSSIAN SPAM UNIFIED ANTI-SPAM ANALYSER SPECIALIZED TO PROTECT FROM RUSSIAN SPAM Aleksey Valov Bachelor’s Thesis Spring 2013 Business Information Technologies Oulu University of Applied Science ABSTRACT Oulu University of Applied Sciences Business Information Technology ______________________________________________________________________ Author: Aleksey Valov Title of Bachelor’s thesis: Unified anti-spam analyser specialized to protect from Russian spam. Supervisor: Matti Viitala Term and year of completion: Spring 2013 Number of pages: 34 ______________________________________________________________________ The objective of the research is to analyse currently used techniques for email protection from spam and to come up with new solutions that will help to reduce the amount of Russian spam as well as the pressure on servers. The research has been performed in cooperation with Koodiviidakko in Oulu. Descriptive research was the main methodology used during the work. Statistical analysis has been used for supporting the fight against spam as well as to increase the understanding of spam problems and commercial e-mails. Furthermore, there were clarifications of current strategies and technologies used inside the company. The result of this research and practical implementation brought in more innovative ideas and approaches for fighting spam and increasing the amount of legitimate e-mails. The approach for anti-spam does not depend on any hardware or software. Keywords:
    [Show full text]
  • NIST SP 800-45 Version 2, Guidelines on Electronic Mail Security
    Special Publication 800-45 Version 2 Guidelines on Electronic Mail Security Recommendations of the National Institute of Standards and Technology Miles Tracy Wayne Jansen Karen Scarfone Jason Butterfield NIST Special Publication 800-45 Guidelines on Electronic Mail Security Version 2 Recommendations of the National Institute of Standards and Technology Miles Tracy, Wayne Jansen, Karen Scarfone, and Jason Butterfield C O M P U T E R S E C U R I T Y Computer Security Division Information Technology Laboratory National Institute of Standards and Technology Gaithersburg, MD 20899-8930 February 2007 U .S. Department of Commerce Carlos M. Gutierrez, Secretary Technology Administration Robert C. Cresanti, Under Secretary of Commerce for Technology National Institute of Standards and Technology William Jeffrey, Director Reports on Computer Systems Technology The Information Technology Laboratory (ITL) at the National Institute of Standards and Technology (NIST) promotes the U.S. economy and public welfare by providing technical leadership for the Nation’s measurement and standards infrastructure. ITL develops tests, test methods, reference data, proof of concept implementations, and technical analysis to advance the development and productive use of information technology. ITL’s responsibilities include the development of technical, physical, administrative, and management standards and guidelines for the cost-effective security and privacy of sensitive unclassified information in Federal computer systems. This Special Publication 800-series reports on ITL’s research, guidance, and outreach efforts in computer security, and its collaborative activities with industry, government, and academic organizations. National Institute of Standards and Technology Special Publication 800-45 Version 2 Natl. Inst. Stand. Technol. Spec. Publ. 800-45 Version 2, 139 pages (Feb.
    [Show full text]