MS 4, Exim 4 on Debian 3 Install Notes
mark david mcCreary
mdm at INTERNET-TOOLS.COM
Tue Jan 7 17:25:31 GMT 2003
I have not found a Debian package for this combination, and have
included my notes on such an install.
I'm looking to compare notes with somebody else doing this.
I started out basing this on the Debian package for MailScanner 3,
although not sure where I am now.
The current gotcha is the file permissions error when executing
Sophos. I have gotten around this before, but have been unable to
duplicate the magic combination. Plus I thought that this 4.11
version was supposed to eliminate this problem.
Comments, suggestions and nitpicking welcome, either via the list or
private email.
Thanks
mark
Install Debian 3 (Woody) Machine
Install Perl Modules
Run as shell script
CNUM=1.63
echo Downloading CPAN $CNUM ...
lynx -source http://www.perl.com/CPAN/authors/id/ANDK/CPAN-$CNUM.tar.gz >
CPAN-$CNUM.tar.gz
gunzip -f CPAN-$CNUM.tar.gz
tar xvf CPAN-$CNUM.tar
echo Installing CPAN $CNUM
cd CPAN-$CNUM
perl Makefile.PL
make
make test
make install
Copy following config file to /usr/share/perl/5.6.1/CPAN/Config.pm
$CPAN::Config = {
'build_cache' => q[10],
'build_dir' => q[/root/.cpan/build],
'cache_metadata' => q[1],
'cpan_home' => q[/root/.cpan],
'ftp' => q[/usr/bin/ftp],
'ftp_proxy' => q[],
'getcwd' => q[cwd],
'gzip' => q[/bin/gzip],
'http_proxy' => q[],
'inactivity_timeout' => q[0],
'index_expire' => q[1],
'inhibit_startup_message' => q[0],
'keep_source_where' => q[/root/.cpan/sources],
'lynx' => q[/usr/bin/lynx],
'make' => q[/usr/bin/make],
'make_arg' => q[],
'make_install_arg' => q[],
'makepl_arg' => q[],
'ncftpget' => q[/usr/bin/ncftpget],
'no_proxy' => q[],
'pager' => q[/usr/bin/less],
'prerequisites_policy' => q[follow],
'scan_cache' => q[atstart],
'shell' => q[/bin/bash],
'tar' => q[/bin/tar],
'term_is_latin' => q[1],
'unzip' => q[/bin/gunzip],
'urllist' => [],
'wait_list' => [q[wait://ls6.informatik.uni-dortmund.de:1404]],
'wget' => q[/usr/bin/wget],
};
1;
__END__
Install Perl Modules via CPAN
Run as shell script
perl -MCPAN -e "install 'Net::FTP'"
perl -MCPAN -e "install 'Digest::MD5'"
perl -MCPAN -e "install 'Bundle::CPAN'"
perl -MCPAN -e "install 'Convert::TNEF'"
perl -MCPAN -e "install 'Data::Dumper'"
perl -MCPAN -e "install 'Date::Calc'"
perl -MCPAN -e "install 'Date::Format'"
perl -MCPAN -e "install 'Date::Manip'"
perl -MCPAN -e "install 'Digest::HMAC'"
perl -MCPAN -e "install 'Digest::Nilsimsa'"
perl -MCPAN -e "install 'Digest::SHA1'"
perl -MCPAN -e "install 'Email::Valid'"
perl -MCPAN -e "install 'File::Spec'"
perl -MCPAN -e "install 'File::Tail'"
perl -MCPAN -e "install 'File::Temp'"
perl -MCPAN -e "install 'HTML::Parser'"
perl -MCPAN -e "install 'HTML::Tagset'"
perl -MCPAN -e "install 'IO::Stringy'"
perl -MCPAN -e "install 'Mail::Address'"
perl -MCPAN -e "install 'Mail::Audit'"
perl -MCPAN -e "install 'Mail::Header'"
perl -MCPAN -e "install 'Mail::Internet'"
perl -MCPAN -e "install 'MIME::Base64'"
perl -MCPAN -e "install 'MIME::Tools'"
perl -MCPAN -e "install 'Net::DNS'"
perl -MCPAN -e "install 'Net::Ping'"
perl -MCPAN -e "install 'Pod::Usage'"
perl -MCPAN -e "install 'Term::ReadKey'"
perl -MCPAN -e "install 'Test::More'"
perl -MCPAN -e "install 'Time::HiRes'"
perl -MCPAN -e "install 'Mail::SpamAssassin'"
echo Done.
Apply MIME-tools patches
Run as shell script
cp /usr/local/share/perl/5.6.1/MIME/Field/ParamVal.pm
/usr/local/share/perl/5.6.1/MIME/Field/ParamVal.pm.bak
cp /usr/local/share/perl/5.6.1/MIME/Parser.pm
/usr/local/share/perl/5.6.1/MIME/Parser.pm.bak
cp /usr/local/share/perl/5.6.1/MIME/Words.pm
/usr/local/share/perl/5.6.1/MIME/Words.pm.bak
perl -pe "s%MIME-tools-5.411-ORIG/lib%/usr/local/share/perl/5.6.1%ig;" \
</usr/local/MailScanner/docs/install/mime-tools-patch.txt
>/usr/local/bin/mime-tools-patch.txt
perl -pe "s%MIME-tools-5.411/lib%/usr/local/share/perl/5.6.1%ig;" \
</usr/local/MailScanner/docs/install/mime-tools-patch2.txt
>/usr/local/bin/mime-tools-patch2.txt
perl -pe "s%MIME-tools-5.411/lib%/usr/local/share/perl/5.6.1%ig;" \
</usr/local/MailScanner/docs/install/mime-tools-patch3.txt
>/usr/local/bin/mime-tools-patch3.txt
perl -pe "s%MIME-tools-5.411/lib%/usr/local/share/perl/5.6.1%ig;" \
</usr/local/MailScanner/docs/install/mime-tools-patch4.txt
>/usr/local/bin/mime-tools-patch4.txt
patch -p0 </usr/local/bin/mime-tools-patch.txt
patch -p0 </usr/local/bin/mime-tools-patch2.txt
patch -p0 </usr/local/bin/mime-tools-patch3.txt
patch -p0 </usr/local/bin/mime-tools-patch4.txt
Install Debian packages and MailScanner
Run as shell script
#!/bin/bash
#
apt-get update
apt-get -u dist-upgrade
apt-get --assume-yes install procmail
##apt-get --assume-yes install mailscanner
##apt-get --assume-yes install spamassassin
apt-get --assume-yes install libdb2-dbg
apt-get --assume-yes install apache
cd /usr/local/
tar -xvf MailScanner-4.11-1.tar
ln -sf MailScanner-4.11-1 MailScanner
cd /usr/local/MailScanner/bin
gunzip tnef-1.1.2+sizelimit.tar.gz
tar xf tnef-1.1.2+sizelimit.tar
cd tnef-1.1.2
./configure
make
cp src/tnef /usr/local/Mailscanner/bin/tnef
# get Sophos Package
rm -rf /usr/local/src/sav-install
rm -rf /usr/local/src/linux.intel.libc6.tar.Z
rm -rf /usr/local/Sophos/*
wget -c --http-user=xxxxx --http-passwd=xxxxxx
www.sophos.com/sophos/products/full/linux.intel.libc6.tar.Z -O
/usr/local/src/linux.intel.libc6.tar.Z
cd /usr/local/src
tar -zxvf linux.intel.libc6.tar.Z
# increase number of open files allowed
echo "fs.file-max = 32768" >>/etc/sysctl.conf
echo "fs.inode-max = 131072" >>/etc/sysctl.conf
echo "* soft nofile 8192" >>/etc/security/limits.conf
echo "* hard nofile 32768" >>/etc/security/limits.conf
perl -i.bak -pe "s#/opt#/usr/local#;" /usr/local/MailScanner/bin/MailScanner
Build Exim 4.12 or better
Overlay existing Exim 3 setup of Debian 3
Exim Makefile - Use something like this
##################################################
# The Exim mail transport agent #
##################################################
# This is the template for Exim's main build-time configuration file. It
# contains settings that are independent of any operating system. These are
# things that are mostly sysadmin choices. The items below are divided into
# those you must specify, those you probably want to specify, those you
might
# often want to specify, and those that you almost never need to mention.
# Edit this file and save the result to a file called Local/Makefile within
the
# Exim distribution directory before running the "make" command.
# Things that depend on the operating system have default settings in
# OS/Makefile-Default, but these are overridden for some OS by files called
# called OS/Makefile-<osname>. You can further override these by creating
files
# called Local/Makefile-<osname>, where "<osname>" stands for the name of
your
# operating system - look at the names in the OS directory to see which
names
# are recognized.
# However, if you are building Exim for a single OS only, you don't need to
# worry about setting up Local/Makefile-<osname>. Any build-time
configuration
# settings you require can in fact be placed in the one file called
# Local/Makefile. It is only if you are building for several OS from the
same
# source files that you need to worry about splitting off your own
OS-dependent
# settings into separate files. (There's more explanation about how this all
# works in the toplevel README file, under "Modifying the building process",
as
# well as in the Exim specification.)
# One OS-specific thing that may need to be changed is the command for
running
# the C compiler; the overall default is gcc, but some OS Makefiles specify
cc.
# You can override anything that is set by putting CC=whatever in your
# Local/Makefile.
# NOTE: You should never need to edit any of the distributed Makefiles; all
# overriding can be done in your Local/Makefile(s). This will make it easier
# for you when the next release comes along.
# The location of the X11 libraries is something else that is quite variable
# even between different versions of the same operating system (and indeed
# there are different versions of X11 as well, of course). The four settings
# concerned here are X11, XINCLUDE, XLFLAGS (linking flags) and X11_LD_LIB
# (dynamic run-time library). You need not worry about X11 unless you want
to
# compile the Exim monitor utility. Exim itself does not use X11.
# Another area of variability between systems is the type and location of
the
# DBM library package. Exim has support for ndbm, gdbm, tdb, and Berkeley
DB.
# By default the code assumes ndbm; this often works with gdbm or DB,
provided
# they are correctly installed, via their compatibility interfaces. However,
# Exim can also be configured to use the native calls for Berkeley DB
(obsolete
# versions 1.85 and 2.x, or the current 3.x version) and also for gdbm.
# For some operating systems, a default DBM library (other than ndbm) is
# selected by a setting in the OS-specific Makefile. Most modern OS now have
# a DBM library installed as standard, and in many cases this will be
selected
# for you by the OS-specific configuration. If Exim compiles without any
# problems, you probably do not have to worry about the DBM library. If you
# do want or need to change it, you should first read the discussion in the
# file doc/dbm.discuss.txt, which also contains instructions for testing
Exim's
# interface to the DBM library.
# In Local/Makefiles blank lines and lines starting with # are ignored. It
is
# also permitted to use the # character to add a comment to a setting, for
# example
#
# EXIM_GID=42 # the "mail" group
#
# However, with some versions of "make" this works only if there is no white
# space between the end of the setting and the #, so perhaps it is best
# avoided. A consequence of this facility is that it is not possible to have
# the # character present in any setting, but I can't think of any cases
where
# this would be wanted.
###############################################################################
###############################################################################
# THESE ARE THINGS YOU MUST SPECIFY
#
###############################################################################
# Exim will not build unless you specify BIN_DIRECTORY, CONFIGURE_FILE, and
# EXIM_USER. You also need EXIM_GROUP if EXIM_USER specifies a uid by
number.
# If you don't specify SPOOL_DIRECTORY, Exim won't fail to build. However,
it
# really is a very good idea to specify it here rather than at run time.
This
# is particularly true if you let the logs go to their default location in
the
# spool directory, because it means that the location of the logs is known
# before Exim has read the run time configuration file.
#------------------------------------------------------------------------------
# BIN_DIRECTORY defines where the exim binary will be installed by "make
# install". The path is also used internally by Exim when it needs to
re-invoke
# itself, either to send an error message, or to recover root privilege.
Exim's
# utility binaries and scripts are also installed in this directory. There
is
# no "standard" place for the binary directory. Some people like to keep all
# the Exim files under one directory such as /usr/exim; others just let the
# Exim binaries go into an existing directory such as /usr/sbin or
# /usr/local/sbin. The installation script will try to create this
directory,
# and any superior directories, if they do not exist.
BIN_DIRECTORY=/usr/sbin
#------------------------------------------------------------------------------
# CONFIGURE_FILE defines where Exim's run time configuration file is to be
# found. The location of all other run time files and directories can be
# changed in the run time configuration file. There is a lot of variety in
the
# choice of location in different OS, and in the preferences of different
# sysadmins. Some common locations are in /etc or /etc/mail or
/usr/local/etc
# or /usr/local/etc/mail. Another possibility is to keep all the Exim files
# under a single directory such as /usr/exim. Whatever you choose, the
# installation script will try to make the directory and any superior
# directories if they don't exist. It will also install a default run time
# configuration if this file does not exist.
CONFIGURE_FILE=/etc/exim/exim.conf
#------------------------------------------------------------------------------
# The Exim binary must normally be setuid root, so that it starts executing
as
# root, but (depending on the options with which it is called) it does not
# always need to retain the root privilege. These settings define the user
and
# group that is used for Exim processes when they no longer need to be root.
In
# particular, this applies when receiving messages and when doing remote
# deliveries. (Local deliveries run as various non-root users, typically as
the
# owner of a local mailbox.) Specifying these values as root is very
strongly
# discouraged. These values are compiled into the binary.
EXIM_USER=mail
# If the setting of EXIM_USER is numeric (e.g. EXIM_USER=42), there must
# also be a setting of EXIM_GROUP. If, on the other hand, you use a name
# for EXIM_USER (e.g. EXIM_USER=exim), you don't need to set EXIM_GROUP
unless
# you want to use a group other than the default group for the given user.
EXIM_GROUP=adm
# Many sites define a user called "exim", with an appropriate default group,
# and use
#
# EXIM_USER=exim
#
# while leaving EXIM_GROUP unspecified (commented out).
#------------------------------------------------------------------------------
# SPOOL_DIRECTORY defines the directory where all the data for messages in
# transit is kept. It is strongly recommended that you define it here,
though
# it is possible to leave this till the run time configuration.
# Exim creates the spool directory if it does not exist. The owner and group
# will be those defined by EXIM_USER and EXIM_GROUP, and this also applies
to
# all the files and directories that are created in the spool directory.
# Almost all installations choose this:
SPOOL_DIRECTORY=/var/spool/exim
###############################################################################
# THESE ARE THINGS YOU PROBABLY WANT TO SPECIFY
#
###############################################################################
# You need to specify some routers and transports if you want the Exim that
you
# are building to be capable of delivering mail. You almost certainly need
at
# least one type of lookup. You should consider whether you want to build
# the Exim monitor or not.
#------------------------------------------------------------------------------
# These settings determine which individual router drivers are included in
the
# Exim binary. There are no defaults in the code; those routers that are
wanted
# must be defined here by setting the appropriate variables to the value
"yes".
# Including a router in the binary does not cause it to be used
automatically.
# It has also to be configured in the run time configuration file. By
# commenting out those you know you don't want to use, you can make the
binary
# a bit smaller. If you are unsure, leave all of these included for now.
ROUTER_ACCEPT=yes
ROUTER_DNSLOOKUP=yes
ROUTER_IPLITERAL=yes
ROUTER_MANUALROUTE=yes
ROUTER_QUERYPROGRAM=yes
ROUTER_REDIRECT=yes
# This one is very special-purpose, so is not included by default.
# ROUTER_IPLOOKUP=yes
#------------------------------------------------------------------------------
# These settings determine which individual transport drivers are included
in
# the Exim binary. There are no defaults; those transports that are wanted
must
# be defined here by setting the appropriate variables to the value "yes".
# Including a transport in the binary does not cause it to be used
# automatically. It has also to be configured in the run time configuration
# file. By commenting out those you know you don't want to use, you can make
# the binary a bit smaller. If you are unsure, leave all of these included
for
# now.
TRANSPORT_APPENDFILE=yes
#TRANSPORT_AUTOREPLY=yes
TRANSPORT_PIPE=yes
TRANSPORT_SMTP=yes
# This one is special-purpose, and commonly not required, so it is not
# included by default.
# TRANSPORT_LMTP=yes
#------------------------------------------------------------------------------
# The appendfile transport can write messages to local mailboxes in a number
# of formats. The code for three specialist formats, maildir, mailstore, and
# MBX, is included only when requested. If you do not know what this is
about,
# leave these settings commented out.
# SUPPORT_MAILDIR=yes
# SUPPORT_MAILSTORE=yes
# SUPPORT_MBX=yes
#------------------------------------------------------------------------------
# These settings determine which file and database lookup methods are
included
# in the binary. See the manual chapter entitled "File and database lookups"
# for discussion. DBM and lsearch (linear search) are included by default.
If
# you are unsure about the others, leave them commented out for now.
# LOOKUP_DNSDB does *not* refer to general mail routing using the DNS. It is
# for the specialist case of using the DNS as a general database facility
(not
# common).
LOOKUP_DBM=yes
LOOKUP_LSEARCH=yes
LOOKUP_CDB=yes
# LOOKUP_DNSDB=yes
# LOOKUP_DSEARCH=yes
# LOOKUP_LDAP=yes
# LOOKUP_MYSQL=yes
# LOOKUP_NIS=yes
# LOOKUP_NISPLUS=yes
# LOOKUP_ORACLE=yes
# LOOKUP_PGSQL=yes
# LOOKUP_WHOSON=yes
#------------------------------------------------------------------------------
# If you have set LDAP=yes, you should set LDAP_LIB_TYPE to indicate which
LDAP
# library you have. Unfortunately, though most of their functions are the
# same, there are minor differences. Currently Exim knows about four LDAP
# libraries: the one from the University of Michigan (also known as OpenLDAP
1),
# OpenLDAP 2, the Netscape SDK library, and the library that comes with
Solaris
# 7 onwards. Uncomment whichever of these you are using.
# LDAP_LIB_TYPE=OPENLDAP1
# LDAP_LIB_TYPE=OPENLDAP2
# LDAP_LIB_TYPE=NETSCAPE
# LDAP_LIB_TYPE=SOLARIS
# If you don't set any of these, Exim assumes the original University of
# Michigan (OpenLDAP 1) library.
#------------------------------------------------------------------------------
# Additional libraries and include directories may be required for some
# lookup styles (e.g. LDAP, MYSQL or PGSQL). LOOKUP_LIBS is included only on
# the command for linking Exim itself, not on any auxiliary programs. You
# don't need to set LOOKUP_INCLUDE if the relevant directories are already
# specified in INCLUDE.
# LOOKUP_INCLUDE=-I /usr/local/ldap/include -I /usr/local/mysql/include -I
/usr/local/pgsql/include
# LOOKUP_LIBS=-L/usr/local/lib -lldap -llber -lmysqlclient -lpq
#------------------------------------------------------------------------------
# Compiling the Exim monitor: If you want to compile the Exim monitor, a
# program that requires an X11 display, then EXIM_MONITOR should be set to
the
# value "eximon.bin". Comment out this setting to disable compilation of the
# monitor. The locations of various X11 directories for libraries and
include
# files are defaulted in the OS/Makefile-Default file, but can be overridden
in
# local OS-specific make files.
#EXIM_MONITOR=eximon.bin
###############################################################################
# THESE ARE THINGS YOU MIGHT WANT TO SPECIFY
#
###############################################################################
# The items in this section are those that are commonly changed according to
# the sysadmin's preferences, but whose defaults are often acceptable.
#------------------------------------------------------------------------------
# Exim has support for the AUTH (authentication) extension of the SMTP
# protocol, as defined by RFC 2554. If you don't know what SMTP
authentication
# is, you probably won't want to include this code, so you should leave
these
# settings commented out. If you do want to make use of SMTP authentication,
# you must uncomment at least one of the following, so that appropriate code
is
# included in the Exim binary. You will then need to set up the run time
# configuration to make use of the mechanism(s) selected.
#AUTH_CRAM_MD5=yes
#AUTH_PLAINTEXT=yes
# AUTH_SPA=yes
#------------------------------------------------------------------------------
# Exim can be built to support the SMTP STARTTLS command, which implements
# Transport Layer Security using SSL (Secure Sockets Layer). To do this, you
# must install the OpenSSL library package. Exim contains no cryptographic
# code of its own. Uncomment the following lines if you want to build Exim
# with TLS support. If you don't know what this is all about, leave these
# settings commented out.
# SUPPORT_TLS=yes
# TLS_LIBS=-lssl -lcrypto
# If you are running Exim as a server, note that just building it with TLS
# support is not all you need to do. You also need to set up a suitable
# certificate, and tell Exim about it by means of the tls_certificate
# and tls_privatekey run time options. You also need to set
tls_advertise_hosts
# to specify the hosts to which Exim advertises TLS support. On the other
hand,
# if you are running Exim only as a client, building it with TLS support
# is all you need to do.
# Additional libraries and include files are required for OpenSSL. The
TLS_LIBS
# setting above assumes that the libraries are installed with all your other
# libraries. If they are in a special directory, you may need something like
# TLS_LIBS=-L/usr/local/openssl/lib -lssl -lcrypto
# TLS_LIBS is included only on the command for linking Exim itself, not on
any
# auxiliary programs. If the include files are not in a standard place, you
can
# set TLS_INCLUDE to specify where they are:
# TLS_INCLUDE=-I/usr/local/openssl/include/
# You don't need to set TLS_INCLUDE if the relevant directories are already
# specified in INCLUDE.
#------------------------------------------------------------------------------
# The default distribution of Exim contains only the plain text form of the
# documentation. Other forms are available separately. If you want to
install
# the documentation in "info" format, first fetch the Texinfo documentation
# sources from the ftp directory and unpack them, which should create files
# with the extension "texinfo" in the doc directory. You may find that the
# version number of the texinfo files is different to your Exim version
number,
# because the main documentation isn't updated as often as the code. For
# example, if you have Exim version 4.03, the source tarball upacks into a
# directory called exim-4.03, but the texinfo tarball unpacks into
exim-4.00.
# In this case, move the contents of exim-4.00/doc into exim-4.03/doc after
you
# have unpacked them. Then set INFO_DIRECTORY to the location of your info
# directory. This varies from system to system, but is often
/usr/share/info.
# Once you have done this, "make install" will build the info files and
# install them in the directory you have defined.
# INFO_DIRECTORY=/usr/share/info
#------------------------------------------------------------------------------
# Exim log directory and files: Exim creates several log files inside a
# single log directory. You can define the directory and the form of the
# log file name here. If you do not set anything, Exim creates a directory
# called "log" inside its spool directory (see SPOOL_DIRECTORY above) and
uses
# the filenames "mainlog", "paniclog", and "rejectlog". If you want to
change
# this, you can set LOG_FILE_PATH to a path name containing one occurrence
of
# %s. This will be replaced by one of the strings "main", "panic", or
"reject"
# to form the final file names. Some installations may want something like
this:
LOG_FILE_PATH=/var/log/exim/%slog
# which results in files with names /var/log/exim_mainlog, etc. The
directory
# in which the log files are placed must exist; Exim does not try to create
# it for itself. It is also your responsibility to ensure that Exim is
capable
# of writing files using this path name. The Exim user (see EXIM_USER above)
# must be able to create and update files in the directory you have
specified.
# You can also configure Exim to use syslog, instead of or as well as log
# files, by settings such as these
# LOG_FILE_PATH=syslog
# LOG_FILE_PATH=syslog:/var/log/exim_%slog
# The first of these uses only syslog; the second uses syslog and also
writes
# to log files. Do not include white space in such a setting as it messes up
# the building process.
#------------------------------------------------------------------------------
# Cycling log files: this variable specifies the maximum number of old
# log files that are kept by the exicyclog log-cycling script. You don't
have
# to use exicyclog. If your operating system has other ways of cycling log
# files, you can use them instead. The exicyclog script isn't run by
default;
# you have to set up a cron job for it if you want it.
EXICYCLOG_MAX=10
#------------------------------------------------------------------------------
# The compress command is used by the exicyclog script to compress old log
# files. Both the name of the command and the suffix that it adds to files
# need to be defined here. See also the EXICYCLOG_MAX configuration.
COMPRESS_COMMAND=/bin/gzip
COMPRESS_SUFFIX=gz
#------------------------------------------------------------------------------
# If the exigrep utility is fed compressed log files, it tries to uncompress
# them using this command.
ZCAT_COMMAND=/bin/zcat
#------------------------------------------------------------------------------
# Compiling in support for embedded Perl: If you want to be able to
# use Perl code in Exim's string manipulation language and you have Perl
# (version 5.004 or later) installed, set EXIM_PERL to perl.o. Using
embedded
# Perl costs quite a lot of resources. Only do this if you really need it.
# EXIM_PERL=perl.o
#------------------------------------------------------------------------------
# Exim has support for PAM (Pluggable Authentication Modules), a facility
# which is available in the latest releases of Solaris and in some GNU/Linux
# distributions (see http://ftp.kernel.org/pub/linux/libs/pam/). The Exim
# support, which is intended for use in conjunction with the SMTP AUTH
# facilities, is included only when requested by the following setting:
# SUPPORT_PAM=yes
# You probably need to add -lpam to EXTRALIBS, and in some releases of
# GNU/Linux -ldl is also needed.
#------------------------------------------------------------------------------
# Support for authentication via Radius is also available. The Exim support,
# which is intended for use in conjunction with the SMTP AUTH facilities,
# is included only when requested by setting the following parameter to the
# location of your Radius configuration file:
# RADIUS_CONFIG_FILE=/etc/radiusclient/radiusclient.conf
#------------------------------------------------------------------------------
# Support for authentication via the Cyrus SASL pwcheck daemon is available.
# The Exim support, which is intented for use in conjunction with the SMTP
AUTH
# facilities, is included only when requested by setting the following
# parameter to the location of the pwcheck daemon's socket directory.
#
# There is no need to install all of SASL on your system. You just need to
run
# ./configure --with-pwcheck, cd to the pwcheck directory with sources, make
# and make install. You must create the socket directory (default
/var/pwcheck)
# and chown it to exim's user and group. Once you have installed pwcheck,
you
# should arrange for it to be started by root at boot time.
# CYRUS_PWCHECK_SOCKET=/var/pwcheck/pwcheck
#------------------------------------------------------------------------------
# TCP wrappers: If you want to use tcpwrappers from within Exim, uncomment
# this setting. See the manual section entitled "Use of tcpwrappers" in the
# chapter on building and installing Exim.
# USE_TCP_WRAPPERS=yes
# You may well also have to specify a local "include" file and an additional
# library for TCP wrappers, so you probably need something like this:
# USE_TCP_WRAPPERS=yes
# CFLAGS=-O -I/usr/local/include
# EXTRALIBS_EXIM=-L/usr/local/lib -lwrap
# but of course there may need to be other things in CFLAGS and
EXTRALIBS_EXIM
# as well.
#------------------------------------------------------------------------------
# The default action of the exim_install script is to install the Exim
binary
# with a unique name such as exim-4.00-1, and then set up a symbolic link
# called "exim" to reference it, moving the symbolic link from any previous
# version. If you define NO_SYMLINK (the value doesn't matter), the symbolic
# link is not created or moved. You will then have to "turn Exim on" by
setting
# up the link manually.
# NO_SYMLINK=yes
###############################################################################
# THINGS YOU ALMOST NEVER NEED TO MENTION
#
###############################################################################
# The settings in this section are available for use in special
circumstances.
# In the vast majority of installations you need not change anything below.
#------------------------------------------------------------------------------
# The following commands live in different places in some OS. Either the
# ultimate default settings, or the OS-specific files should already point
to
# the right place, but they can be overridden here if necessary. These
settings
# are used when building various scripts to ensure that the correct paths
are
# used when the scripts are run. They are not used in the Makefile itself.
Perl
# is not necessary for running Exim unless you set EXIM_PERL (see above) to
get
# it embedded, but there are some utilities that are Perl scripts. If you
# haven't got Perl, Exim will still build and run; you just won't be able to
# use those utilities.
CHOWN_COMMAND=/bin/chown
CHGRP_COMMAND=/bin/chgrp
# MV_COMMAND=/bin/mv
# RM_COMMAND=/bin/rm
# PERL_COMMAND=/usr/bin/perl
#------------------------------------------------------------------------------
# The following macro can be used to change the command for building a
library
# of functions. By default the "ar" command is used, with options "cq".
# Only in rare circumstances should you need to change this.
# AR=ar cq
#------------------------------------------------------------------------------
# The following macros can be used to change the default modes that are used
# by the appendfile transport. In most installations the defaults are just
# fine, and in any case, you can change particular instances of the
transport
# at run time if you want.
# APPENDFILE_MODE=0600
# APPENDFILE_DIRECTORY_MODE=0700
# APPENDFILE_LOCKFILE_MODE=0600
#------------------------------------------------------------------------------
# In some installations there may be multiple machines sharing file systems,
# where a different configuration file is required for Exim on the different
# machines. If CONFIGURE_FILE_USE_NODE is defined, then Exim will first look
# for a configuration file whose name is that defined by CONFIGURE_FILE,
# with the node name obtained by uname() tacked on the end, separated by a
# period (for example, /usr/exim/configure.host.in.some.domain). If this
file
# does not exist, then the bare configuration file name is tried.
# CONFIGURE_FILE_USE_NODE=yes
#------------------------------------------------------------------------------
# In some esoteric configurations two different versions of Exim are run,
# with different setuid values, and different configuration files are
required
# to handle the different cases. If CONFIGURE_FILE_USE_EUID is defined, then
# Exim will first look for a configuration file whose name is that defined
# by CONFIGURE_FILE, with the effective uid tacked on the end, separated by
# a period (for eximple, /usr/exim/configure.0). If this file does not
exist,
# then the bare configuration file name is tried. In the case when both
# CONFIGURE_FILE_USE_EUID and CONFIGURE_FILE_USE_NODE are set, four files
# are tried: <name>.<euid>.<node>, <name>.<node>, <name>.<euid>, and <name>.
# CONFIGURE_FILE_USE_EUID=yes
#------------------------------------------------------------------------------
# The size of the delivery buffer: This specifies the size (in bytes) of
# the buffer which is used when copying a message from the spool to a
# destination. The default value built into the source is 8192 and there is
# rarely any need to change this.
# DELIVER_BUFFER_SIZE=8192
#------------------------------------------------------------------------------
# The mode of the database directory: Exim creates a directory called "db"
# in its spool directory, to hold its databases of hints. This variable
# determines the mode of the created directory. The default value in the
# source is 0750.
# EXIMDB_DIRECTORY_MODE=0750
#------------------------------------------------------------------------------
# Database file mode: The mode of files created in the "db" directory
defaults
# to 0640 in the source, and can be changed here.
# EXIMDB_MODE=0640
#------------------------------------------------------------------------------
# Database lock file mode: The mode of zero-length files created in the "db"
# directory to use for locking purposes defaults to 0640 in the source, and
# can be changed here.
# EXIMDB_LOCKFILE_MODE=0640
#------------------------------------------------------------------------------
# This parameter sets the maximum length of the header portion of a message
# that Exim is prepared to process. The default setting is one megabyte. The
# limit exists in order to catch rogue mailers that might connect to your
SMTP
# port, start off a header line, and then just pump junk at it for ever. The
# message_size_limit option would also catch this, but it may not be set.
# HEADER_MAXSIZE="(1024*1024)"
#------------------------------------------------------------------------------
# The mode of the input directory: The input directory is where messages are
# kept while awaiting delivery. Exim creates it if necessary, using a mode
# which can be defined here (default 0750).
# INPUT_DIRECTORY_MODE=0750
#------------------------------------------------------------------------------
# The mode of Exim's log directory, when it is created by Exim inside the
spool
# directory, defaults to 0750 but can be changed here.
# LOG_DIRECTORY_MODE=0750
#------------------------------------------------------------------------------
# The log files themselves are created as required, with a mode that
defaults
# to 0640, but which can be changed here.
# LOG_MODE=0640
#------------------------------------------------------------------------------
# The TESTDB lookup is for performing tests on the handling of lookup
results,
# and is not useful for general running. It should be included only when
# debugging the code of Exim.
# LOOKUP_TESTDB=yes
#------------------------------------------------------------------------------
# /bin/sh is used by default as the shell in which to run commands that are
# defined in the makefiles. This can be changed if necessary, by
uncommenting
# this line and specifying another shell, but note that a Bourne-compatible
# shell is expected.
# MAKE_SHELL=/bin/sh
#------------------------------------------------------------------------------
# The maximum number of named lists of each type (address, domain, host, and
# local part) can be increased by changing this value. It should be set to
# a multiple of 16.
# MAX_NAMED_LIST=16
#------------------------------------------------------------------------------
# Network interfaces: Unless you set the local_interfaces option in the
runtime
# configuration file to restrict Exim to certain interfaces only, it will
run
# code to find all the interfaces there are on your host. Unfortunately,
# the call to the OS that does this requires a buffer large enough to hold
# data for all the interfaces - it was designed in the days when a host
rarely
# had more than three or four interfaces. Nowadays hosts can have very many
# virtual interfaces running on the same hardware. If you have more than 250
# virtual interfaces, you will need to uncomment this setting and increase
the
# value.
# MAXINTERFACES=250
#------------------------------------------------------------------------------
# Per-message logs: While a message is in the process of being delivered,
# comments on its progress are written to a message log, for the benefit of
# human administrators. These logs are held in a directory called "msglog"
# in the spool directory. Its mode defaults to 0750, but can be changed
here.
# The message log directory is also used for storing files that are used by
# transports for returning data to a message's sender (see the
"return_output"
# option for transports).
# MSGLOG_DIRECTORY_MODE=0750
#------------------------------------------------------------------------------
# There are three options which are used when compiling the Perl interface
and
# when linking with Perl. The default values for these are placed
automatically
# at the head of the Makefile by the script which builds it. However, if you
# want to override them, you can do so here.
# PERL_CC=
# PERL_CCOPTS=
# PERL_LIBS=
#------------------------------------------------------------------------------
# Identifying the daemon: When an Exim daemon starts up, it writes its pid
# (process id) to a file so that it can easily be identified. The path of
the
# file can be specified here. Some installations may want something like
this:
# PID_FILE_PATH=/var/lock/exim.pid
# If PID_FILE_PATH is not defined, Exim writes a file in its spool directory
# using the name "exim-daemon.pid".
# If you start up a daemon without the -bd option (for example, with just
# the -q15m option), a pid file is not written. Also, if you override the
# configuration file with the -oX option, no pid file is written. In other
# words, the pid file is written only for a "standard" daemon.
#------------------------------------------------------------------------------
# If Exim creates the spool directory, it is given this mode, defaulting in
the
# source to 0750.
# SPOOL_DIRECTORY_MODE=0750
#------------------------------------------------------------------------------
# The mode of files on the input spool which hold the contents of messages
can
# be changed here. The default is 0640 so that information from the spool is
# available to anyone who is a member of the Exim group.
# SPOOL_MODE=0640
#------------------------------------------------------------------------------
# Moving frozen messages: If the following is uncommented, Exim is compiled
# with support for automatically moving frozen messages out of the main
spool
# directory, a facility that is found useful by some large installations. A
# run time option is required to cause the moving actually to occur. Such
# messages become "invisible" to the normal management tools.
# SUPPORT_MOVE_FROZEN_MESSAGES=yes
# End of EDITME for Exim 4.
Exim OS Makefile
# Exim: OS-specific make file for Linux. This is for modern Linuxes,
# which use libc6.
BASENAME_COMMAND=look_for_it
CFLAGS=-O
DBMLIB = -ldb
USE_DB = yes
LIBS = -lnsl -lcrypt
LIBRESOLV = -lresolv
X11=/usr/X11R6
XINCLUDE=-I$(X11)/include
XLFLAGS=-L$(X11)/lib
X11_LD_LIB=$(X11)/lib
EXIWHAT_PS_ARG=ax
EXIWHAT_EGREP_ARG='/exim( |$$)'
EXIWHAT_KILL_ARG=-USR1
# End
Use something like this Exim 4 Configuration file to accept incoming email
Name file as /etc/exim/exim.conf
acl_smtp_rcpt = check_recipient
acl_smtp_data = check_message
domainlist local_domains = @ : @[]
accept_8bitmime
allow_domain_literals
allow_mx_to_ip
auto_thaw = 3h
check_log_inodes = 100
check_log_space = 10M
check_spool_inodes = 100
check_spool_space = 10M
delay_warning = 0s
queue_only_load = 4
deliver_queue_load_max = 5
delivery_date_remove
host_lookup = *
ignore_bounce_errors_after = 0s
log_selector = +address_rewrite \
+arguments \
-delay_delivery \
+delivery_size \
+lost_incoming_connection \
-queue_run \
+received_recipients \
+received_sender \
-retry_defer \
+sender_on_delivery \
+size_reject \
-skip_delivery \
+smtp_confirmation \
+smtp_connection \
+smtp_syntax_error \
+subject
lookup_open_max = 199
message_body_visible = 2500
message_id_header_text = "${tod_log}"
message_size_limit = 16384000
never_users = root
prod_requires_admin = false
queue_list_requires_admin = false
queue_run_max = 15
queue_only
queue_run_in_order = true
receive_timeout = 60s
received_headers_max = 30
remote_max_parallel = 5
retry_interval_max = 12h
retry_data_expire = 2d
return_path_remove
return_size_limit = 2500
smtp_accept_max = 60
smtp_accept_max_per_host = 15
smtp_accept_queue = 15
smtp_accept_queue_per_connection = 15
smtp_accept_reserve = 5
smtp_banner = "ESMTP Exim ${version_number} #${compile_number} ${tod_full}"
no_smtp_check_spool_space
smtp_connect_backlog = 50
smtp_load_reserve = 5
smtp_receive_timeout = 2m
smtp_reserve_hosts = 127.0.0.0/24
spool_directory = /var/spool/exim_incoming
strip_excess_angle_brackets
strip_trailing_dot
trusted_users = "mail"
begin acl
check_recipient:
warn message = X-Spam-RBL: $sender_host_address is listed at
$dnslist_domain
log_message = found in $dnslist_domain
dnslists = rbl-plus.mail-abuse.org
accept local_parts = postmaster : hostmaster
domains = +local_domains
require verify = sender
accept domains = +local_domains
deny message = relay not permitted
check_message:
warn !verify = header_syntax
warn !verify = header_sender
accept
begin routers
lookuphost:
driver = dnslookup
ignore_target_hosts = 0.0.0.0 : 10.0.0.0/8 : 127.0.0.0/8 :\
172.16.0.0/12 : 192.168.0.0/16
verify_only
transport = smtp
literal:
driver = ipliteral
verify_only
transport = smtp
defer_router:
driver = manualroute
route_list = * 127.0.0.1 byname
self = defer
begin transports
smtp:
driver = smtp
begin retry
* * F,8h,10m; G, 2d,1h,1.5; F,10d,4h
# End of Exim 4 configuration
Use something like this Exim 4 configuration file to process your mail after
MailScanner has run
Name file /etc/exim/exim.conf.outgoing
#
# Email has already been accepted, and moved to this queue by MailScanner
#
# This version of Exim merely needs to deliver the email
#
acl_smtp_rcpt = check_recipient
domainlist local_domains = @ : @[]
accept_8bitmime
allow_domain_literals
allow_mx_to_ip
auto_thaw = 3h
bounce_return_message = true
check_log_inodes = 100
check_log_space = 10M
check_spool_inodes = 100
check_spool_space = 10M
delay_warning = 0s
queue_only_load = 4
deliver_queue_load_max = 18
delivery_date_remove
no_envelope_to_remove
host_lookup = *
ignore_bounce_errors_after = 0s
log_selector = +address_rewrite \
+arguments \
-delay_delivery \
+delivery_size \
+lost_incoming_connection \
-queue_run \
+received_recipients \
+received_sender \
-retry_defer \
+sender_on_delivery \
+size_reject \
-skip_delivery \
+smtp_confirmation \
+smtp_connection \
+smtp_syntax_error \
+subject
lookup_open_max = 499
message_body_visible = 1000
message_id_header_text = ${tod_log}
message_size_limit = 16384000
never_users = root
prod_requires_admin = false
queue_list_requires_admin = false
queue_only
queue_run_in_order
queue_run_max = 15
queue_smtp_domains = *
receive_timeout = 60s
received_headers_max = 30
remote_max_parallel = 1
retry_interval_max = 8h
retry_data_expire = 2d
return_path_remove
return_size_limit = 2000
no_smtp_check_spool_space
smtp_accept_max = 80
smtp_accept_max_per_host = 15
smtp_accept_queue = 15
smtp_accept_queue_per_connection = 15
smtp_accept_reserve = 5
smtp_banner = "ESMTP Exim ${version_number} #${compile_number} ${tod_full}"
smtp_connect_backlog = 50
smtp_load_reserve = 5
smtp_receive_timeout = 2m
smtp_reserve_hosts = 127.0.0.0/24
spool_directory = /var/spool/exim
strip_excess_angle_brackets
strip_trailing_dot
timezone = UTC
trusted_users = "mail"
begin acl
check_recipient:
accept hosts = :
begin routers
localuser:
driver = accept
domains = +local_domains
check_local_user
transport = local_delivery
lookuphost:
driver = dnslookup
domains = ! +local_domains
ignore_target_hosts = 0.0.0.0 : 10.0.0.0/8 : 127.0.0.0/8 :\
172.16.0.0/12 : 192.168.0.0/16
self = defer
transport = smtp
literal:
driver = ipliteral
domains = ! +local_domains
self = defer
transport = smtp
begin transports
address_pipe:
driver = pipe
envelope_to_add
ignore_status
address_file:
driver = appendfile
local_delivery:
driver = appendfile
envelope_to_add
return_path_add
group = mail
file = /var/mail/${local_part}/Mailbox
smtp:
driver = smtp
connection_max_messages = 500
hosts_max_try = 5
size_addition = -1
max_rcpt = 1
begin retry
* * F,8h,10m; G, 2d,1h,1.5; F,10d,4h
# End of Exim 4 configuration
Get rid of mailq program
mv /usr/bin/mailq /usr/bin/orig-mailq
Send over special version of mailq to /usr/local/bin/mailq
#!/bin/bash
#
#
# Replace Exim mailq with this version that handles the two spool areas
#
echo "mail queue for incoming email"
exim -bpu
echo ""
echo ""
echo ""
echo "mail queue for outgoing email"
exim -bpu -C /etc/exim/exim.conf.outgoing
Send over special startup init of Exim for MailScanner
#! /bin/sh
# /etc/init.d/exim
#
# Written by Miquel van Smoorenburg <miquels at drinkel.ow.org>.
# Modified for Debian GNU/Linux by Ian Murdock <imurdock at gnu.ai.mit.edu>.
# Modified for exim by Tim Cutts <timc at chiark.greenend.org.uk>
#
set -e
# Exit if exim runs from /etc/inetd.conf
if grep -q "^ *smtp" /etc/inetd.conf; then
exit 0
fi
DAEMON=/usr/sbin/exim
NAME=exim
test -x $DAEMON || exit 0
case "$1" in
start)
update-inetd --disable smtp
echo -n "Starting MTA: "
start-stop-daemon --start --exec $DAEMON -- -bd
/usr/sbin/exim -C /etc/exim/exim.conf.outgoing -q1m
echo "exim."
;;
stop)
echo -n "Stopping MTA: "
start-stop-daemon --stop --oknodo --exec $DAEMON
echo "exim."
;;
restart)
echo "Restarting MTA: "
start-stop-daemon --stop --oknodo --exec $DAEMON
start-stop-daemon --start --exec $DAEMON -- -bd -q1m
echo "exim."
;;
reload|force-reload)
echo "Reloading $NAME configuration files"
start-stop-daemon --stop --signal 1 --exec $DAEMON
;;
*)
echo "Usage: /etc/init.d/$NAME {start|stop|reload}"
exit 1
;;
esac
exit 0
Send over special version of sophos-autoupdate to
/etc/MailScanner/wrapper/sophos-autoupdate
#!/usr/bin/perl
use Sys::Syslog;
$SophosRoot = "/usr/local/Sophos";
$IDELink = "$SophosRoot/ide";
$VDLDir = "../lib";
#$Lynx = "/usr/local/bin/lynx -dump";
$Lynx = "/usr/bin/wget -q -O-"; # On Linux use this
$Unzip = "/bin/gunzip -qq";
$rm = "/bin/rm";
$LockFile = "/tmp/SophosBusy.lock";
$LOCK_SH = 1;
$LOCK_EX = 2;
$LOCK_NB = 4;
$LOCK_UN = 8;
Sys::Syslog::openlog("Sophos-autoupdate", 'pid, nowait', 'mail');
# Work out the current VDL (and hence Sophos Sweep) version number
chdir "$SophosRoot/bin/$VDLDir";
opendir(LIBDIR, ".") || &BailOut("Cannot open Sophos/lib directory");
foreach $vdlname (sort readdir(LIBDIR)) {
next unless $vdlname =~ /^vdl-(\d+)\.(\d+)([a-z]?)\.dat$/;
$MajorVer = $1;
$MinorVer = $2;
$NSVFlag = $3;
}
closedir(LIBDIR);
&BailOut("Could not calculate Sophos version number")
unless defined($MajorVer) && defined($MinorVer);
$SophosVersion = "$MajorVer$MinorVer";
$VDLVersion = "$MajorVer.$MinorVer";
# Derive other variables, filenames and URLs from the version numbers
$ZipName = $SophosVersion . "_ides.zip";
$URL = "http://www.sophos.com/downloads/ide/$ZipName";
($min,$hour,$date,$month,$year) = (localtime)[1,2,3,4,5];
$month++;
$year+=1900;
$IDEDir = "$SophosRoot/$SophosVersion." . sprintf("%04d%02d%02d%02d%02d",
$year, $month, $date, $hour, $min);
# If the directory already exists, then we have already done the update
# for today, so quietly exit.
Sys::Syslog::syslog('info', "Sophos already up-to-date"),exit 0 if -d
$IDEDir;
# Create the IDE files directory
umask 0022;
mkdir $IDEDir, 0755;
chdir $IDEDir or &BailOut("Cannot cd $IDEDir, $!");
# Fetch and unpack the IDE zip file from Sophos
$result = system("$Lynx $URL > $ZipName");
&BailOut("Lynx failed with error return " . ($result>>8) . "\n") if
$result>>8;
$result = system("$Unzip $ZipName");
&BailOut("Unzip failed with error return " . ($result>>8) . "\n") if
$result>>8;
symlink("$VDLDir/vdl-$VDLVersion$NSVFlag.dat", "vdl.dat");
# Add the new vdl*.vdb files if they are there
foreach $number (1..99) {
$string = "vdl" . sprintf("%02d", $number) . ".vdb";
symlink("$VDLDir/$string", $string) if -f "$VDLDir/$string";
}
# Link in this new directory to Sophos
chdir $SophosRoot or &BailOut("Cannot cd $SophosRoot, $!");
$OldLinkTarget = readlink $IDELink;
&LockSophos();
unlink $IDELink if -l $IDELink;
symlink $IDEDir, $IDELink;
&UnlockSophos();
system("$rm -rf $OldLinkTarget") if defined $OldLinkTarget && -e
$OldLinkTarget;
Sys::Syslog::syslog('info', "Sophos successfully updated in $IDEDir");
Sys::Syslog::closelog();
exit 0;
sub BailOut {
Sys::Syslog::syslog('err', @_);
Sys::Syslog::closelog();
warn "@_, $!";
chdir $SophosRoot or die "Cannot cd $SophosRoot, $!";
system("$rm -rf $IDEDir") if -d $IDEDir;
exit 1;
}
sub LockSophos {
open(LOCK, ">$LockFile") or return;
flock(LOCK, $LOCK_EX);
print LOCK "Locked for updating Sophos IDE files by $$\n";
}
sub UnlockSophos {
print LOCK "Unlocked after updating Sophos IDE files by $$\n";
flock(LOCK, $LOCK_UN);
close LOCK;
}
Send over special version of sophos-wrapper to
/etc/MailScanner/wrapper/sophos-wrapper
#!/bin/sh
# MailScanner - SMTP E-Mail Virus Scanner
# Copyright (C) 2001 Julian Field
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
USA
#
# The author, Julian Field, can be contacted by email at
# Jules at JulianField.net
# or by paper mail at
# Julian Field
# Dept of Electronics & Computer Science
# University of Southampton
# Southampton
# SO17 1BJ
# United Kingdom
#
# JKF Wrapper Sophos programs with the correct LD_LIBRARY_PATH
# Modified for solaris by CJG
# Then tweaked for heron by JKF again
PackageDir=/usr/local/Sophos
prog=sweep # `basename $0`
SAV_IDE=$PackageDir/ide
LD_LIBRARY_PATH=$PackageDir/lib
export SAV_IDE
export LD_LIBRARY_PATH
if [ "x$1" = "x-IsItInstalled" ]; then
[ -x ${PackageDir}/bin/$prog ] && exit 0
exit 1
fi
exec ${PackageDir}/bin/$prog "$@"
Get Sophos Anti-Virus Package installed
Send over special version of Sophos.Install to
/usr/local/src/sav-install/Sophos.Install
#!/bin/bash
#
# $Id: Sophos.install.linux,v 1.1 2002/11/10 14:54:52 jkf Exp $
#
# Run this script to install Sophos in the right place, with the right
# options for the MailScanner.
# Run this script from inside the directory in which you have copied
# and unpacked the Sophos distribution.
# Tweaked for Solaris.
SOPHOS=/usr/local/Sophos
SCRIPTS=/etc/MailScanner/wrapper
COMPD=linux.intel.libc6.tar.Z
DISTRIB=linux.intel.libc6.tar
mkdir -p ${SOPHOS}
chown -R root ${SOPHOS}
chmod -R go+rX ${SOPHOS}
# Clear out any old libs from /usr/local/lib which is where
# a default SAVI installation will have left them
echo Clearing out old default Sophos installation libraries
#mdm#rm -f /usr/local/lib/libsavi.so*
# Have we got to uncompress the distribution for them?
if [ -f $COMPD ]; then
echo Uncompressing Sophos distribution
uncompress $COMPD
fi
# Have we got to unpack the distribution for them?
if [ -f $DISTRIB ]; then
# Is there an old unpacked distribution here too??
if [ -d sav-install ]; then
echo Clearing out unpacked distribution
rm -rf sav-install
fi
# Unpack the distribution
echo Unpacking distribution
tar xBf $DISTRIB
fi
# JKF 31/08/2001 Remove any existing vdl.dat files
if [ -f ${SOPHOS}/lib/vdl.dat ]; then
rm -f ${SOPHOS}/lib/vdl*
fi
if [ -f ${SOPHOS}/lib/vdln.dat ]; then
rm -f ${SOPHOS}/lib/vdl*
fi
if [ -f ${SOPHOS}/lib/vdl01.vdb ]; then
rm -f ${SOPHOS}/lib/vdl*
fi
# Are we in the right directory, or one above it?
if [ -d sav-install ]; then
cd sav-install
fi
# Check we have found the install.sh script
if [ \! -f install.sh ]; then
echo Please cd into the directory containing the Sophos install.sh
echo script and run this command again.
exit 1
fi
echo Installing Sophos for MailScanner
./install.sh -v -d ${SOPHOS} -s lib -ni
echo
#mdm#echo Fetching latest IDE virus identities from www.sophos.com
#mdm#${SCRIPTS}/sophos-autoupdate
if [ -f ${SCRIPTS}/sophos-wrapper ]; then
chmod a=rx ${SCRIPTS}/sophos-wrapper
echo Done.
else
echo Something has gone wrong. There should be a copy of the
echo script sophos-wrapper in the directory ${SCRIPTS}.
echo Please re-install the MailScanner or fetch another copy of
echo sophoswrapper from the distribution web site.
fi
exit 0
Run as shell script
cd /usr/local/src/sav-install
/usr/local/src/sav-install/Sophos.Install
/etc/MailScanner/wrapper/sophos-autoupdate
chmod 755 /etc/MailScanner/wrapper
chown mail.adm -R /etc/MailScanner/wrapper
chmod 755 /etc/MailScanner/wrapper/sophos-autoupdate
chmod 755 /etc/MailScanner/wrapper/sophos-wrapper
chmod 755 /etc/MailScanner/wrapper/update_virus_scanners
update-rc.d -f spamassassin remove
update-rc.d MailScanner start 22 2 3 4 5 . stop 22 0 1 6 .
chmod +x /etc/init.d/MailScanner
chmod 666 /etc/MailScanner/*
mkdir /var/spool/MailScanner
mkdir /var/spool/MailScanner/incoming
mkdir /var/spool/MailScanner/quarantine
mkdir /var/spool/MailScanner/archive
chown -R mail.adm /var/spool/MailScanner
mkdir -p /var/lock/subsys/MailScanner
chown -R mail.adm /var/lock/subsys
Copy following data to /etc/sav.conf
SAV virus data directory = /usr/local/Sophos/ide
SAV temp directory = /var/tmp
Exim and Debian aspects of /etc/MailScanner/MailScanner.conf
# User to run as (provided for Exim users)
Run As User = mail
# Group to run as (provided for Exim users)
Run As Group = adm
Incoming Queue Dir = /var/spool/exim_incoming/input
# Set location of outgoing mail queue.
# This can also be the filename of a ruleset.
Outgoing Queue Dir = /var/spool/exim/input
# Set where to unpack incoming messages before scanning them
Incoming Work Dir = /var/spool/MailScanner/incoming
# Set where to store infected and message attachments (if they are kept)
# This can also be the filename of a ruleset.
Quarantine Dir = /var/spool/MailScanner/quarantine
# Set where to store all the process id numbers so you can stop MailScanner
PID file = /var/run/MailScanner/MailScanner.pid
# Set whether to use sendmail or exim
MTA = exim
# Set how to invoke MTA when sending messages MailScanner has created
Sendmail = /usr/sbin/exim
Sendmail2 = /usr/sbin/exim -C /etc/exim/exim.conf.outgoing
Language Strings = /etc/MailScanner/languages.conf
# Set where to find the message text sent to users when one of their
# attachments has been deleted from a message.
# These can also be the filenames of rulesets.
Deleted Bad Filename Message Report =
/etc/MailScanner/deleted.filename.message.txt
Deleted Virus Message Report = /etc/MailScanner/deleted.virus.message.txt
More information about the MailScanner
mailing list