MailScanner ANNOUNCEMENT: Your Software Needs You!

[Dhawal Doshy]

Chris Hammond wrote:
> Well, it you don't agree with me you can't use it. :)

Umm.. what's the license btw? there is gpl, freeware, shareware, 
commercial and finally there is beerware.. there also curryware for 
curry addicts..

> Seriously though, I look for ward to making it better.  As I said before,
> with this script and a base CentOS 4 install, I can build a ready to go
> box is less than 20 minutes and that beats the hell out of a couple of
> hours installing everything individually.
> 
> The initial script started was done in about 3 days and weighed in at
> about 500 lines and I have been adding to it since.  I know there are
> better ways of doing most everything I did in the script but I had to
> do alot of figuring of things out just to build the initial script.  I would
> like to make the script give users the choice of what they want to install.
> We should not dictate mta, db and anything else for that matter.  Plus
> the addition of error checking and other things that I just do not know
> how to do.  If this is useful to people at least I have given something 
> back to the community as so far it has been all take.  I really want
> to learn to be a decent programmer so I can give back but haven't
> really succeeded yet.  Hopefully working with you guys on this will
> rub off on me and make me a better bash scripter.
> 
> As for the choices, what are you talking about?  Settings or things I have
> installed or ways that I am doing things in the script?

Here is some feedback.

1. Settings for the virus scanning.. i *wouldn't* allow viruses from 
127.0.0.1.
2. clamd is not required for mailscanner, so why the extra overhead.
3. While you are changing the protocol for ssh to 2, you also ought to 
'PermitRootlogin no'
4. Allow SSH access in iptables only to your trusted IP/Segemnt, same 
for webmin
5. Have hosts.allow/deny configured for further tightening
6. Have some error logging in place and let the script die gracefully.. 
and also have a rollback option (some thing i need to learn as well)

rpm -ivh example.rpm >> /var/log/example.log 2>&1
if [ $? -ne 0 ] ; then echo -e "Error(s) Installing Example RPMs.\n 
Check /var/log/example.log\n Halting..." ; exit Error-Code ; fi

7. logwatch requires user\@domain (the extra \).. something that i 
recently learned.
8. Why configure an ntp daemon, simple set 'ntpdate -s clock.redhat.com' 
in your cron.
9. Install djbdns ;-)
10. Dag's clamav will require a small change to virus.scanners.conf, 
i.e. change the /usr/local to /usr
11. Mount a 100MB TMPFS partition for mailscanner
12. Install mailscanner-mrtg, rkhunter,
13. Setup nrpe/nagios-plugins for nagios users.

phew.. thats it for now :)

- dhawal

> Thanks
> Chris
>  
>>>> dhawal at netmagicsolutions.com 05/26/06 11:37 am >>> 
> Woooooooo!!! rocking stuff..
> 
> Though i don't agree with some of your choices in the script (let me not 
> mention them now), the rest is seriously awesome.
> 
> This can make a great mini- project (called mail- toasters in the qmail 
> world).
> 
> I have internally documented something quite similar (you'll be 
> surprised at the similarity), and will add it to this as soon as i get 
> the time.
> 
> -  dhawal
> 
> Chris Hammond wrote:
>> Here is the script that I promised.  I have removed some hard coded stuff and replaced with variables.
>> I have not tested it since making the changes so I do not know if I broke anything.
>>
>> I appreciate the desire to make the script better but I would like to ask that we try as much as possible
>> to work together for everyones benefit.
>>
>> Thanks
>> Chris
>>
>> Here is a tree view of the directory for the files it needs.
>>
>> mailscanner/
>> |--  BitDefender- Console- Antivirus- 7.1- 3.linux- gcc3x.i386.rpm
>> |--  MailScanner- perl- MIME- Base64- 3.05- 5.i386.rpm
>> |--  etc
>> |   `--  cron.daily
>> |       |--  bayes_cleanup
>> |       `--  db_cleanup
>> |--  http
>> |   |--  favicon.ico
>> |   `--  mailscanner
>> |       |--  do_message_ops.php
>> |       `--  geoip_update.php
>> |--  logwatch- 7.3- 1.noarch.rpm
>> |--  mailscanner- 4.52.2- 1.noarch.rpm
>> |--  mailwatch- 1.0.3.tar.gz
>> |--  asinst_script.sh
>> |--  perl- Razor- Agent- 2.81- 2.i386.rpm
>> |--  perl- Storable- 2.15- 1.rf.i386.rpm
>> |--  rules_du_jour
>> `--  usr
>>     `--  local
>>         `--  bin
>>             `--  db_clean.php
>>
>>  
>>>>> alex at nkpanama.com 05/22/06 2:24 pm >>> 
>> I could help with:
>>
>> Chris Hammond wrote:
>>> Script is run after a bare install of CentOS4
>>> Turns off un-  needed services and runs a yum update.
>>> Sets up hosts file
>>> Installs all needed RPMS;
>>> Postfix, spamassassin, clamav, caching nameserver, mysql, apache, php, webmin, ntp, snmp, mailscanner, mailwatch, logwatch 
>> I'd install sendmail, sendmail-  devel, spf-  milter, milter-  greylist, and 
>> perhaps another thing or two.
>>> and bitdefender are the major apps.
>>> Configures all apps based on variables set in the beginning of the script.
>>> Sets up iptables and allows only required ports.
>>> Sets up rules_du_jour
>>> Sets up Razor2
>>>   
>> I'd also set up pyzor and dcc if possible.
>>
>> Perhaps I could contribute to this effort...