Wireless Net Connections
WINC and NCC
Our Products
Support
Services
Our Mission
Contact Us 956-380-3536
Maia install at http://www.purplehat.org

 

Find the original source here: http://www.purplehat.org/?page_id=16

Maia-Mailguard is by far the best open source spam/virus configuration utility I have ever used. It allows users to adjust their own settings for spam and viruses leaving the Mail Admin a little breathing room which makes it a great piece of software. You can read more about it at http://www.maiamailguard.com/.

This tutorial installs version 1.0.2a.

Install Maia-Mailguard via ports:

#cd /usr/ports/security/maia
#make all install
(Menu defaults will be fine. However, feel free to add more apps for the scanner. It can’t hurt)

Create and populate Maia-Mailguard database:

#mysql -u root -p mysql
(Enter MySQL root password)
>CREATE DATABASE maia;
>GRANT ALL PRIVILEGES ON maia.*
TO vscan@localhost IDENTIFIED BY ‘vscan_password‘;
>FLUSH PRIVILEGES;
>quit
#cd /usr/ports/security/maia/work/maia-1.0.2a
#mysql -u root -p maia < maia-mysql.sql

Edit /usr/local/etc/maia.conf file:
Find and edit the RED TEXT


# Your Maia database user’s login name
$username = “vscan“;

# Your Maia database user’s password
$password = “vscan_password“;

# The directory where Maia’s Perl scripts can be found.
$script_dir = “/var/amavisd/maia/scripts“;

# The directory where SpamAssassin’s local.cf file can be found.
$local_cf_dir = “/usr/local/etc/mail/spamassassin“; # default: let the script find it

# The directory where SpamAssassin’s core rules can be found.
$system_rules_dir = “/usr/local/share/spamassassin“; # default: let the script find it

# The directory where your amavis user’s user_prefs file can be found.
$user_rules_dir = “/var/amavisd/.spamassassin“; # default: let the script find it

# Location of your encryption key file, or undef to disable
$key_file = “/var/amavisd/maia.key“;

# Base URL to Maia’s PHP scripts
$base_url = “https://www.domain.tld/maia/“;

Run configtest.pl executable:

#/var/amavisd/maia/scripts/configtest.pl

Note:

There is a known issue with the ‘file()’ utility in the configtest check. Don’t worry about this as Maia will still find and use file() even if the configtest says it is not installed. This will be fixed in the next Maia release. Otherwise, PLEASE let me know if something in the port is not working correctly.

Allow ‘vscan’ access to Maia’s files:

#cd /usr/local/etc
#chgrp vscan maia.conf amavisd.conf

Load SpamAssassin rules:

#su - vscan
#/var/amavisd/maia/scripts/load-sa-rules.pl --debug
#exit

Install Smarty Engine Template via ports:

#cd /usr/ports/www/smarty
#make all install clean

Edit /usr/local/etc/php.ini file:

Find and edit the RED TEXT


;;;;;;;;;;;;;;;;;;;;;;;;;
; Paths and Directories ;
;;;;;;;;;;;;;;;;;;;;;;;;;

; UNIX: “/path1:/path2″
include_path = “.:/usr/local/share/pear:/usr/local/share/smarty
;
; Windows: “\path1;\path2″
;include_path = “.;c:\php\includes”

Reload Apache’s configuration files:

#apachectl graceful

Edit /usr/local/www/maia/config.php file:
Find and edit the RED TEXT.


$maia_sql_dsn = “mysql://vscan:vscan_password@unix(/tmp/mysql.sock)/maia“;

$address_rewriting_type = 4;

$auth_method = “sql“;

// Database connection string to use for authentication.
$auth_sql_dsn = “mysql://postfix:postfix_sql_password@unix(/tmp/mysql.sock)/postfix“;

// Name of the table that contains the user’s authentication info
$auth_sql_table = “mailbox“;

// Name of the column that contains the user’s name
$auth_sql_username_column = “username“;

// Name of the column that contains the user’s password
$auth_sql_password_column = “password“;

// Name of the column that contains the user’s e-mail address
$auth_sql_email_column = “username“;

// Password encryption type:
$auth_sql_password_type = “crypt“;

Create and edit /usr/local/etc/apache22/Includes/maia.conf file:

Alias /maia/ "/usr/local/www/maia/"
<Directory "/usr/local/www/maia/">
   AllowOverride None
   Options None
   Order allow,deny
   Allow from all
</Directory>

Reload Apache:

#apachectl graceful

Test:

Visit “https://domain.tld/maia/admin/configtest.php“.

You’ll see we’re still missing plenty of PEAR modules. So, let’s go a head and install those. Of course, all “optional” modules are your decision.

Install PEAR::Mail_Mime via ports:

#cd /usr/ports/mail/pear-Mail_Mime
#make all install clean

Install PEAR::Mail_mimeDecode via ports:

#cd /usr/ports/mail/pear-Mail_mimeDecode
#make all install clean

Install PEAR::DB via ports:

#cd /usr/ports/databases/pear-DB
#make all install clean

Install PEAR::Pager via ports:

#cd /usr/ports/devel/pear-Pager
#make all install clean

Install PEAR::Net_Socket via ports:

#cd /usr/ports/net/pear-Net_Socket
#make all install clean

Install PEAR::Net_SMTP via ports:

#cd /usr/ports/net/pear-Net_SMTP
#make all install clean
(Be sure “PEAR_AUTH_SASL” is selected from the menu)

Install PEAR::Log via ports:

#cd /usr/ports/sysutils/pear-Log
#make all install clean
(Be sure “Pear_DB” is selected from the menu)

NOTE:

If you would like to have the image graph utilities available in Maia, you can find all the modules you need in /usr/ports/graphics and /usr/ports/textproc.

(As of this writing):
PEAR::Image_Color
PEAR::Image_Canvas
PEAR::Image_Graph
PEAR::Numbers_Roman
PEAR::Numbers_Words

So, go for it if you want to. These, however, are in no way required.

Patch pear-Net_IMAP:

NOTE: This is only for those of you who chose to install the graphical imaging software with PEAR. IF YOU DID NOT INSTALL GRAPHS, SKIP THIS STEP.

#cd /usr/local/share/pear
#fetch http://www.purplehat.org/downloads/postfix_guide/Pie.php.diff
#patch -p0 < Pie.php.diff

Reload Apache Configuration:

#apachectl graceful

Generate Maia’s encryption key and secure it:

#/var/amavisd/maia/scripts/generate-key.pl > /var/amavisd/maia.key

#chown vscan:www /var/amavisd/maia.key
#chmod 640 /var/amavisd/maia.key

Important Note:

Be sure to keep a backup/copy of the maia.key. If, for some reason, you happen to lose this key, you’ll need a backup/copy of it to continue reading the encrypted mail
that Maia-Mailguard has already processed.

Edit /usr/local/etc/amavisd.conf file:
Find and edit the RED TEXT.

…
$max_servers = 2;             # number of pre-forked children (2..15 is common)
…
$mydomain = 'domain.tld'

…
$DO_SYSLOG = 1;
…
@lookup_sql_dsn = ( [’DBI:mysql:maia:localhost’, ‘vscan’, ‘vscan_password’] );
…
$unrar = [’rar’, ‘unrar’];
…
$myhostname = ‘host.domain.tld’;

…
$X_HEADER_LINE = “Maia Mailguard”;
…
### http://www.clamav.net/
['ClamAV-clamd',
   \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd"],
   qr/\bOK$/, qr/\bFOUND$/,
   qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
…

Set Maia-Mailguard to start at boot and start it now:

#echo 'maia_enable="YES'" >> /etc/rc.conf
#/usr/local/etc/rc.d/maia start

Test:

Visit “https://domain.tld/maia/“. You should be greeted with a login screen. If so, great! Let’s log in and acquire admin privileges…

Instead of “https://domain.tld/maia/login.php” (The default), visit “https://domain.tld/maia/login.php?super=register” and log in with any currently existing virtual user (Most likely the user you added with Postfixadmin earlier). Be sure to use a full email address to log into Maia-Mailguard. IE: username@domain.tld. That user will now have admin privs via Maia (So, be careful which user you choose).

Now, that you’re logged into Maia-Mailguard as an administrator, click the “Admin” link at the top of the page (Key-shaped icon). From the “Administration Menu” click “System Configuration“. Each mail server will want different settings for their setup. However, there are some things you should be aware of:

1. Make sure that *ANY* file name (With the exception of the logo image)
listed for any option is listed with it’s *FULL PATH*. (IE: In “Paths
& Ports“, be sure “maia.key” is listed as “/var/amavisd/maia.key“.

2. The “Mail size limit” setting should not be higher than what you set
your MySQL’s max_allowed_packet to (10M in my example) in /var/db/mysql/my.cnf. Remember that this setting is in bytes. So, 10*1024*1024 would give you 1048576 (10M).

IMPORTANT:

For each domain you create using Postfixadmin or any other way you may create it, Maia needs to know about it in order to create users. This might seem like a redundant issue, but it really makes a difference and here’s why… When Maia recieves mail for a user that doesn’t exist, it uses the default domain’s (@.) settings. This is fine. However, if it considers that mail to be spam when it is not, the user cannot retrieve that message later being as the default settings don’t house mail for a non-existant user. So, be sure to add any domain you add via PostfixAdmin to Maia-Mailguard as well.

Edit /usr/local/etc/postfix/main.cf file:
Find and edit the RED TEXT.


# Maia-Mailguard
#
content_filter=smtp-amavis:[127.0.0.1]:10024

# LOCAL PATHNAME INFORMATION
#
# The queue_directory specifies the location of the Postfix queue.
# This is also the root directory of Postfix daemons that run chrooted.
# See the files in examples/chroot-setup for setting up Postfix chroot
# environments on different UNIX systems.
#
queue_directory = /var/spool/postfix

Edit /usr/local/etc/postfix/master.cf file:
Add RED TEXT to bottom of file.

smtp-amavis unix - - n - 2 smtp
  -o smtp_data_done_timeout=2400
  -o smtp_send_xforward_command=yes
  -o disable_dns_lookups=yes
  -o max_use=20
127.0.0.1:10025 inet n - n - - smtpd
  -o content_filter=
  -o local_recipient_maps=
  -o relay_recipient_maps=
  -o smtpd_restriction_classes=
  -o smtpd_delay_reject=no
  -o smtpd_client_restrictions=permit_mynetworks,reject
  -o smtpd_helo_restrictions=
  -o smtpd_sender_restrictions=
  -o smtpd_recipient_restrictions=permit_mynetworks,reject
  -o mynetworks_style=host
  -o mynetworks=127.0.0.0/8
  -o strict_rfc821_envelopes=yes
  -o smtpd_error_sleep_time=0
  -o smtpd_soft_error_limit=1001
  -o smtpd_hard_error_limit=1000
  -o smtpd_client_connection_count_limit=0
  -o smtpd_client_connection_rate_limit=0
  -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_address_mappings

Reload Postfix:

#postfix reload

Edit the “vscan” user’s cron jobs:

#crontab -u vscan -e

Copy and paste into user vscan’s crontab.

#Load new rules and store into Maia database.
30 4 * * * /var/amavisd/maia/scripts/load-sa-rules.pl > /dev/null

#Train Spam Assassin.
0 * * * * /var/amavisd/maia/scripts/process-quarantine.pl --learn --report > /dev/null

#Take a snapshot of the stats at the start of every hour.
0 * * * * /var/amavisd/maia/scripts/stats-snapshot.pl > /dev/null

#Purge mail that has not been confirmed.
0 23 * * * /var/amavisd/maia/scripts/expire-quarantine-cache.pl > /dev/null

#Send quarantine reminders.
0 15 * * * /var/amavisd/maia/scripts/send-quarantine-reminders.pl > /dev/null

#Send quarantine digests.
0 15 * * * /var/amavisd/maia/scripts/send-quarantine-digests.pl > /dev/null

#Force bayesian auto-expiry during off-peak hours.
25 2 * * * /usr/local/bin/sa-learn --sync --force-expire > /dev/null


Copyright © 2001-2008 WINC All rights reserved
Web-site created by Cristina's Web Design