Installing ClamAV, Simscan and Spamdyke on Plesk HowTo

This HowTo assumes that you have Plesk and Qmail already installed, configured and working.

Mission

We want to modify a standard Plesk installation to protect some users/some domains (possibly all of them) with an anti-virus. Additionally we want to add greylisting for some (possibly all) domains.

To meet our goals, we are going to install two new software on our system, alongside with the libraries required by them:

WARNING: Spamdyke does NOT support pop3-before-smtp and the author has no intention to implement it ATM, so if you follow this HowTo you’ll lose the pop3-before-smtp functionality.


Although this HowTo only explains how to use ClamAV, it’s easy to adapt these instructions to use any anti-virus supported by simscan (e.g. Trophie)

Although this HowTo only describes how to enable greylisting using Spamdyke, there are many other effective anti-spam techniques available in Spamdyke, please refer to the official Spamdyke documentation to find out more about them.

Preparing Simscan

Simscan is a simple program by Inter7 that enables the qmail smtpd service to reject viruses, spam, and block attachments during the SMTP conversation. It requires the pcre library, which you can usually available as a package for your favourite distribution. Here is how to install the pcre library and the relative header files under:

Debian:

and RedHat/CentOS:

In order to do attachment blocking, Simscan also requires ripMIME, a library by PLDaniels Software.

Preparing ClamAV

Find clamd.conf, open it and change “User clamav” to “User simscan”

Determine the path to sigtool and clamdscan, by running:

Installing simscan

Download simscan source from http://www.inter7.com/?page=simscan, extract the archive and compile it with the following commands:

Replace CLAMPATH with the path to sigtool and clamdscan. If you installed ClamAV from sources and you chose the default PREFIX location, this would be /usr/local/bin/clamdscan and /usr/local/bin/sigtool.

Create the directory /var/qmail/quarantine and make it writable by simscan:

Create the file /var/qmail/control/simcontrol with the following line:

If you want to block attachments based on extension (e.g. .com, .bat, .exe) you can modify the line above like this:

If you want to virus scan only e-mail traffic of certain domains or accounts, you can put the following inside /var/qmail/control/simcontrol:

Or if you want to scan all e-mail traffic except the one for a certain domain or account, you can use:

After creating /var/qmail/control/simcontrol, remember to run:

You should run simscanmk -g on a regular basis, so that information about the anti-virus definition file in use is known to simscan.

Installing Spamdyke
Download the latest tarball from http://www.spamdyke.org/download.html and extract the sources:

Create the configuration file /etc/spamdyke.conf with the following content:

If you want to use spamdyke also on smtps (SMTP over SSL), create the configuration file /etc/spamdyke-smtps.conf with the following content:

Create the directories and configuration files required by spamdyke with the correct permissions, like this:

Whenever a new domain is added to Plesk, we must create a new directory for the domain in /var/qmail/spamdyke/greylist/ . Until such a directory is created, greylisting will be disabled for that domain.
We can tell Plesk to create this directory for us for every new domain by creating the file /usr/local/psa/bin/create_greylist_folder.sh with the following content:

Then log on Plesk as admin and go to Server –>Event Manager –> Add New Event Handler, choose the event “Domain Created”, select priority “Normal (50)”, select “root” user and write the following in the “Command” textarea:

Patching and compiling qmail

The qmail version shipped by Plesk (package: psa-qmail) is heavily patched and modified. If you try to install your own version of qmail, most likely you’ll break Plesk. Fortunately Parallels (the company behind the development of Plesk) makes available for download the whole set of patches from their Knowledge Base: http://kb.parallels.com/article_22_1161_en.html

In order to compile it, you’ll need to install the domainkeys package, available from http://domainkeys.sourceforge.net

Unfortunately simply applying these patches and trying to compile qmail doesn’t work. You’ll get lot of errors. Instructions on how to circumvent these problems are available at http://www.ridwan.net/plesk8.1+simscan.html#qmail or you can keep on reading if you want an easier solution.

simscan interacts with qmail to scan e-mail attachments and reject them if they are infected. By default the rejection message will be generic and identical for all malware. If you want to have the malware name in the rejection message you have to patch qmail additionally with the file qmail-queue-custom-error.patch available in the contrib/ directory inside simscan sources.

To make the process easier I’ve put together a big patch (more than 13k lines! ouch!) against qmail-1.03 that includes the patches for Plesk 8.6 and the custom error patch for simscan plus all the fixes to avoid compilation problems: qmail-1.03-with-plesk-8.6.diff
Refer to Plesk KB and simscan package for the copyright.of the code contained in this patch.
Here are the installation instructions:
First install domainkeys:

Then download, patch, and install qmail:

Finally configure xinetd to run simscan and spamdyke before calling qmail-smtpd. Modify the file /etc/xinetd.d/smtp_psa to look like this:

Also modify /etc/xinetd.d/smtps_psa to look like this:

Restart xinetd and you are done:

Feel free to contact me if any of the links in this document don’t work, or the patches don’t apply cleanly.


Thanks to:

Share

Leave a Reply