ESVA customization
June 9th, 2009ESVA is a pre-built and easily configured email scanning Virtual Appliance (ESVA) that runs on VMware ESX Server. http://www.global-domination.org/ESVA.php
The central components are Clam antivirus and spam assassin.
After the basic setup you might want to customize some thing that cannot changed in the wizard or GUI.
Change the amount of cashed mails:
- $days_to_keep = 180; in /etc/cron.daily/clean.quarantine
- define(QUARANTINE_DAYS_TO_KEEP, 180); in /var/www/html/conf.php
- INTERVAL 180 DAY in /usr/local/bin/mailwatch/tools/db_clean.php
/etc/cron.daily/clean.quarantine
$disabled = 0;
$days_to_keep = 14;
The default signature:
/etc/MailScanner/rules
- sig.html.rules
- sig.text.rules
Blocked filetypes:
/etc/MailScanner/filename.rules.conf
Change the max message size:
In webmin – postfix - ”General resource control”.
An example is to add a zero.
Max size of a message: 102400000
Max size of a mailbox: 512000000
Remove the “notify for SPAM”.
In the file: /etc/MailScanner/MailScanner.conf
Remove notify in the line: Spam Actions = store notify
Remove the “MailScanner has detected a possible fraud attempt from…”:
Highlight Phishing Fraud = no
Remove the opportunity to read the emails in the Webinterface:
Edit /var/www/html/detail.php
Go the end and change the “view email” link.
// echo “ <TD><A HREF=\”viewmail.php……………..”</A></TD>\n”;
echo ” <TD>…</TD>\n”;
Default SPAM score:
/etc/MailScanner/MailScanner.conf
Required SpamAssassin Score = 5
Remove Inline HTML Signature
In the file: /etc/MailScanner/MailScanner.conf
# Add the “Inline HTML Signature” or “Inline Text Signature” to the end
# of uninfected messages?
# This can also be the filename of a ruleset.
Sign Clean Messages = no
Auto Reply – Out of office
Treat Invalid Watermarks With No Sender as Spam = 2
Script in the email
Allow Script Tags = disarm
Or yes/no
Office 2010 Fileformats:
Microsoft Office 2007/2010 documents (.docx, .xlsx etc) seem to be archived XML documents and MailScanner does not like that by default.
The solution is to put this in filename.rules.conf
allow \.xml\.rel$ - -
allow \.rel$ - -
allow \.docx$ - -
allow \.xlsx$ - -
allow \.xml\d*\.rel$ - -
allow \.x\d+\.rel$ - -
allow \.bin$ - -
allow \.wmf$ - -
allow \.dat$ - -
Put this just above the “# Deny all other double file extensions..” line
allow .doc$ - -
allow .xls$ - -
And in MailScanner.conf change Maximum Archive Depth to 3
Maximum Archive Depth = 3
This makes MailScanner recognize the Office 2007/2010.
Disable Fuzzyocr:
Rename /etc/mail/spamassassin/FuzzyOcr.cf to something else.
Restart Mailscanner
Disable SPAM and or AV scan
/etc/MailScanner/MailScanner.conf
Spam Checks = no
Use SpamAssassin = no
Virus Scanning = no
Enable Remote ssh login
/etc/ssh/sshd_config
PermitRootLogin yes
Restart sshd
If running virtual, ESVA might loose time
Make a file in: /etc/cron.daily
–
#!/bin/sh
#
/usr/sbin/ntpdate 195.184.96.2
date +”%D %r `echo Cron completed`” >> /var/log/cron_job.log
–
chmod +x ntp.cron
Remember RAM!
Do you see this error in the maillog:
“too big for available disk space in /var/spool/MailScanner/incoming, skipping it”
Mailscanner is using this directory temporality to unpack files before scanning.
By default ESVA have 1024 MB of RAM. Half of that size is used to the RAM-based filesystem.
Maybe 512 MB for unpacking is to small.
See FSTAB and change the size here
tmpfs /dev/shm tmpfs defaults,size=1024m
The easy way (if you have RAM enough), is to just give ESVA more RAM.
Allow EXE in zipped attachments
/etc/MailScanner/archives.filename.rules.conf
allow \.exe$ Windows/DOS Executable
/etc/MailScanner/archives.filetype.rules.conf
#deny executable No executables