Installing Qmailscanner 1.25 with qms-analog

Qmail-Scanner is an e-mail content scanner that enables a qmail server to scan all messages it receives for certain characteristics (normally viruses), and react accordingly. For more information see http://qmail-scanner.sourceforge.net/

When installing qmail-scanner it will install all dependancies for you. So lets go ahead and install it!


# cd /usr/ports/mail/qmail-scanner1/
# make extract

Configuring qms-analog

This is the second tarball we will need to copy to get reporting out of qmail-scanner so lets get started!


# cd work
# tar zxvf /downloads/qmailrocks/qms-analog-0.4.2.tar.gz
# cd qms-analog-0.4.2
# gmake all
# cp qmail-scanner-1.25-st-qms-YYYYMMDD.patch ../qmail-scanner-1.25

Now we need to change to the qmail-scanner source, patch it and then run the configure scripts:


# cd ../qmail-scanner-1.25
# patch -p1 < qmail-scanner-1.25-st-qms-YYYYMMDD.patch

You should get a pretty large output. When it is done it will say done at the bottom if it installed the patch correctly.

Installing qmail-scanner

We now need to change the qms-config to match your settings. Please remember the sections in bold need to be changed to your domain specific settings:


# vi qms-config

./configure    --domain yourdomain.com \
               --admin postmaster \
               --local-domains "yourdomain.com,yourotherdomain.com" \
               --add-dscr-hdrs yes \
               --dscr-hdrs-text "X-Antivirus-MYDOMAIN" \
               --ignore-eol-check yes \
               --sa-quarantine 0 \
               --sa-delete 0 \
               --sa-reject no \
               --sa-subject ":SPAM:" \
               --sa-alt yes \
               --sa-debug no \
               --notify admin \
               --redundant yes \
               --qms-monitor no \
               "$INSTALL"


One of the options is having the headers of your emails display which rules determined the scores. You can do this as an option if you like. If you get a message thats marked spam and it's actually a ham, you can see what rules set it to be spam. This is quite useful when determining problems. Add the following options after the --notify admin but before the "$INSTALL" line in the qms-config script above:

 --sa-alt yes \
--sa-debug yes \
--sa-report yes\

Now we need to chmod the qms-config and give it a test run:


# chmod 755 qms-config
# ./qms-config

When it asks you:


Continue? ([Y]/N)

go ahead and hit Y. It will ask you the same thing twice to verfy the installation.

If all goes well you will see this at the end:


Finished. Please read README(.html) and then go over the script to check paths/etc, and then install as you see fit.

Remember to copy quarantine-attachments.txt to /usr/local/qmailscan and then run "qmail-scanner-queue.pl -g" to generate DB version.
****** FINAL TEST ******

Please log into an unpriviledged account and run
/usr/local/bin/qmail-scanner-queue.pl -g


Please note: If you see an error saying "CANNOT EVEN RUN A SIMPLE SETUID SCRIPT" that means you did not enable Perl with Setuid when you updated FreeBSD to -STABLE. You need to make sure that ENABLE_SUIDPERL=true is in make.conf and then reinstall perl 5.8. Bad news: You will have to make deinstall SpamAssassin, Clamav and qmail-scanner and start those steps all over again. 

Now lets install it providing the above worked flawlessly:


# ./qms-config install

It should run through almost the exact same thing that qms-config ran through the time you ran it without the install flag only it will ask you if you want to install qmail-scanner-queue.pl in /var/qmail/bin. Go ahead and hit enter on the keyboard when it asks.

Updating the qmail-scanner version files

The first one is the command that updates your version files. It updates your headers when you upgrade ClamAV or SpamAssassin. It also helps keep the /var/spool/qmailscan folder clear when SMTP sessions are dropped. I would HIGHLY suggest putting this in cron and running it once a day. If you don't, you'll see this error pop up frequestly in /var/log/maillog if you don't:


# setuidgid qscand /var/qmail/bin/qmail-scanner-queue.pl -z

Anytime you update qmail-scanner, you should run this command also so lets run this now:


# setuidgid qscand /var/qmail/bin/qmail-scanner-queue.pl -g

You will get the following output:


perlscanner: generate new DB file from /var/spool/qmailscan/quarantine-attachments.txt
perlscanner: total of 81 entries.


Now one final ownership check: 


# chown -R qscand:qscand /var/spool/qmailscan

Testing qmail-scanner

Now before we tell qmail to use qmail-scanner, we want to give it a test. Run the following command:


# /usr/ports/mail/qmail-scanner1/work/qmail-scanner-1.25/contrib/test_installation.sh -doit

When you first run this script, You will probably see the following: 


QMAILQUEUE was not set, defaulting to /var/qmail/bin/qmail-scanner-queue.pl for this test...

When the original /var/qmail/supervise/qmail-smtpd/run was used, It used to call qmail-scanner via a QMAILQUEUE variable. This is no longer the case. This script has now been supersceded by John Simpsons new /var/qmail/supervise/qmail-smtpd/run script which does not include a QMAILQUEUE variable. It just exports the information to qmail-scanner in a different way. Thats why you see this error. 

When you run this, it is going to send 4 messages. 2 with viruses, 1 standard message and a piece of junk mail. So when this runs you should have 2 in your /var/spool/qmailscan/quarantine/new , 1 message in ~vpopmail/domains/domain.xxx/postmaster/Maildir/new and 1 in your ~vpopmail/domains/domain.xxx/postmaster/Maildir/.Spam/new folder.

If you get any errors like "451 qq temporary problem", you did something wrong. Here is a URL for Troubleshooting the 451 qq temporary problem

We basically don't need to do anything to qmail-smtpd/run to implement it. The qmail-scanner variable is automatically in the qmail-smtpd/run script as an if ... then statement. If you check your headers, you should now have qmail-scanner working on your system! Just to be safe, lets restart qmail:


# qmailctl restart 

Now we will want to clean up the qmail-scanner port. This is also an option. You can leave it the way it is just in the even you want to change something later with qmail-scanner.


# cd /usr/ports/mail/qmail-scanner1
# make clean && make distclean

You can now continue on to Setting up qmailstats or if you do not want that you can install Courier-Imap or you can skip them and go right to Maintaining your qmailrocks server