missing ms-init script in MailScanner 5.4.4

mailscanner at barendse.to mailscanner at barendse.to
Fri Sep 23 08:55:11 UTC 2022 

Attached is my install script. I never actually tested it as fully 
automated install but it will prepare a lot of the config files

If you find anything that doesn't work, is not correct or could be 
improved, please do let me know.

Thanks!!

On Tue, 20 Sep 2022, dean guenther wrote:

> I would be interested. I did get the clue from Shawn to use the debian 
> download which worked. Still cleaning up a few details so I would appreciate 
> the steps you took so I can compare to what I've done. thanks - Dean Guenther
>
> On 9/20/22 7:26 AM, mailscanner at barendse.to wrote:
>> I did the same migration. If you are interested, I copied / paste'd each 
>> and every command that was needed for the install into a script based on 
>> installations others on and off the list published. I wouldn't run it 
>> blindly as a script but it might save you a ton of time trying to find out 
>> where everything is. It took me several weeks to figure it all out.
>> 
>> On Mon, 5 Sep 2022, Dean guenther wrote:
>> 
>>> 
>>> I'm in the process of moving from my old MailScanner 4.85.2 installation 
>>> on CentOS
>>> 6.7 to a fresh install of MailScanner 5.4.4 on ubuntu 20.04. I've run the 
>>> MailScanner install.sh on ubuntu but the ms-init script is missing from
>>> /etc/init.d so I can't start MailScanner. At least thats where I was 
>>> presuming I should find ms-init.
>>> Being new to ubuntu, things may be different to what I'm used to with 
>>> CentOS.
>>> 
>>> I have already installed dovecot and ClamAV from the default ubuntu 
>>> repository. And
>>> the MailScanner 5.4.4 install.sh did put the MailScanner config files into
>>> /etc/MailScanner as expected. So I've modified the /etc/MailScanner 
>>> configs to
>>> pretty much match the options I had set under the old MailScanner 4.85.2.
>>> But now I can't start MailScanner because the /etc/init.d/ms-init is 
>>> missing. I
>>> considered copying ms-init out of the build directory
>>> usr/lib/MailScanner/init but I'm wondering even if I do that, are there 
>>> other things
>>> that did not get copied with the install.sh because ms-init is missing?
>>> 
>>> When I did the install-sh it went through filling dependencies just fine. 
>>> With one
>>> exception it was unable to build Mail::ClamAV. I posted at github and
>>> @shawniverson mentioned that Mail::ClamAV is no longer needed by 
>>> MailScanner so it may not
>>> be a concern.
>>> 
>>> After running install.sh I also did a /usr/sbin/ms-perl-check and there 
>>> were no missing
>>> dependencies that I could see other than Mail::ClamAV.
>>> 
>>> There was also a warning when I ran install.sh it said
>>> 
>>> cp: cannot stat './var': No such file or directory
>>> 
>>> But there is no var in the build directory. Perhaps its just a warning??
>>> 
>>> So, how do I safely copy ms-init to /etc/init.d and also, how do I know if 
>>> there are other things missing that the install.sh did
>>> not copy?
>>> 
>>> thanks - Dean Guenther
>>> 
>>> -- 
>>> This message has been scanned for viruses and
>>> dangerous content by MailScanner, and is
>>> believed to be clean.
>>> 
>> 
>> 
>
> -- 
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
>
>
> -- 
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>
>
-------------- next part --------------
#!/bin/sh
# Script to install and configure MailScanner + postfix on Ubuntu 20.04
# Remco Barendse Updated 22-SEP-2022 - Inspired on instructions from :
# https://vanderboon.net/2021/06/01/installing-mailscanner-5-4-with-postfix-on-ubuntu-20-04-lts/
# https://sites.google.com/site/wikirolanddelepper/mailscanner/configure-postfix-for-mailscanner
# https://serverfault.com/questions/280585/how-do-i-configure-postfix-to-deliver-mail-for-specified-domains-to-another-host
# http://www.postfix.org/ADDRESS_VERIFICATION_README.html
# Test with : mailx -r 'klaus.mustermann at example.com' -s 'Subject Line' -S 'smtp=<PUBLICIP>' 'validuser at myemailonexchange.com' < /dev/null
# To do : Install : postscreen,SPF, DKIM, DANE, DMARC, BIFI, CAA
# https://serverfault.com/questions/895242/dcc-plugin-to-spamassassin-does-not-get-loaded-on-debian-9
# https://kura.gg/2011/09/22/spamassassin-razor-pyzor/
# Dkim : https://github.com/thctlo/debian-scripts/blob/master/setup-opendkim-postfix.sh 
# Should still work, try reading the script a bit, it shows what it does. 
# https://www.sidn.nl/en/news-and-blogs/hands-on-implementing-dane-in-postfix

# Simple test on how your server is setup : https://www.internet.nl/mail/
# This uses the recommended settings by dutch government.

tput reset

if [ $# -ne 3 ] ; then
	echo ' '
        echo 'Usage: $0 <HOSTNAME> <mydomain.com> <ExchangeIP>'
	echo ' '
        echo 'Example : ./mailscanner-postfix.sh gw1 mynicedomain.com 10.1.0.22'
	echo ' '
        exit 1
fi

HOSTNAME=$1
MYDN=$2
EXCHANGEIP=$3

FQDN=$HOSTNAME.$MYDN
MSHOSTNAME=$( echo ${FQDN} | tr -d '.' )

# If needed add disk to store MailScanner archive : sudo mkfs.ext4 /dev/vdb -L /archive

tput reset

echo "Installing $FQDN with MailScanner name : $MSHOSTNAME"

echo 'Install postfix - When asked choose ?No configuration'
echo 'Add additional domains to receive mail for to relay_domains=' ; sleep 5
sudo apt -y install postfix postfix-pcre
# Example postfix (main.cf) : /usr/share/postfix/main.cf.debian
# To view Postfix configuration values, see postconf(1).

sudo touch /etc/postfix/header_checks
sudo echo "/^Received:/ HOLD" > /etc/postfix/header_checks
sudo touch /etc/postfix/access
sudo touch /etc/postfix/relay_recipients
sudo touch /etc/postfix/transport
sudo touch /etc/postfix/virtual
sudo touch /etc/postfix/helo_access
sudo mkdir -p /var/spool/MailScanner/incoming
sudo mkdir /var/spool/MailScanner/quarantine
sudo chown postfix. /var/spool/postfix/hold
sudo chown postfix. /var/spool/postfix/incoming
sudo chown postfix. /var/spool/MailScanner/incoming
sudo chown postfix. /var/spool/MailScanner/quarantine
sudo cat main.cf > /etc/postfix/main.cf
#echo "$FQDN" > /etc/mailname
sudo sed -i "s/mail.yourdomain.com/$FQDN/g" /etc/postfix/main.cf
sudo sed -i "s/10.0.0.0\/24/10.0.0.0\/8/g" /etc/postfix/main.cf
#sudo sed -i "s/mydestination = $myhostname, localhost.$mydomain, localhost/mydestination = $$HOSTNAME, localhost.$$MYDN, localhost/g" /etc/postfix/main.cf
sudo sed -i "s/relay_domains = yourdomain.com yourotherdomain.com yourveryfantasticdomain.com/relay_domains = $MYDN/g" /etc/postfix/main.cf
echo "$MYDN        smtp:[$EXCHANGEIP]" >> /etc/postfix/transport

# Remove Sensitive Data and Internal Network Information from Postfix Headers from outgoing mail
sudo echo " "  >> /etc/postfix/main.cf
sudo echo "# Remove Sensitive Data and Internal Network Information from Postfix Headers from outgoing mail"  >> /etc/postfix/main.cf
sudo echo "smtp_header_checks = regexp:/etc/postfix/smtp_header_checks" >> /etc/postfix/main.cf
touch /etc/postfix/smtp_header_checks
sudo echo "/^X-Mailer:/            IGNORE" >> /etc/postfix/smtp_header_checks
sudo echo "/^Received:/            IGNORE" >> /etc/postfix/smtp_header_checks
sudo echo "/^X-Original-IP:/       IGNORE" >> /etc/postfix/smtp_header_checks
sudo echo "/^User-Agent:/          IGNORE" >> /etc/postfix/smtp_header_checks
sudo echo "/^X-Mailer-Type:/       IGNORE" >> /etc/postfix/smtp_header_checks
# For external clients that submit mail : https://serverfault.com/a/998993
# https://serverfault.com/questions/413533/remove-hide-client-sender-ip-from-postfix

# Regularly postmap
sudo echo '#!/bin/sh' >  /etc/cron.hourly/postfix-db
sudo echo 'cd /etc/postfix' >>  /etc/cron.hourly/postfix-db
sudo echo 'newaliases' >>  /etc/cron.hourly/postfix-db
sudo echo '/usr/sbin/postmap /etc/postfix/virtual' >>  /etc/cron.hourly/postfix-db
sudo echo '/usr/sbin/postmap /etc/postfix/transport' >>  /etc/cron.hourly/postfix-db
sudo echo '/usr/sbin/postmap /etc/postfix/access' >>  /etc/cron.hourly/postfix-db
sudo echo '/usr/sbin/postmap /etc/postfix/relay_recipients' >>  /etc/cron.hourly/postfix-db
sudo echo '/usr/sbin/postmap /etc/postfix/helo_access' >>  /etc/cron.hourly/postfix-db
sudo chmod a+x  /etc/cron.hourly/postfix-db

echo 'Install ClamAV' ; sleep 5
sudo apt install -y clamav clamav-daemon
sudo systemctl enable clamav-daemon
sudo systemctl enable clamav-freshclam
sudo systemctl stop clamav-daemon
sudo sed -i 's/LocalSocketGroup clamav/LocalSocketGroup mtagroup/g' /etc/clamav/clamd.conf

# Optional: Extra ClamAV signatures
# It does not cost much and gives you a load of extra protection: the 4.000.000 virus/malware signatures of securiteinfo.com.
# https://www.securiteinfo.com/services/anti-spam-anti-virus/improve-detection-rate-of-zero-day-malwares-for-clamav.shtml

# SpamAssassin
# Debug with : spamassassin -D --lint 2>&1 | less
echo 'SpamAssassin install' ; sleep 5
sudo apt -y install spamassassin

apt-get -y install s-nail libyaml-perl libtest-manifest-perl libbusiness-isbn-data-perl libbusiness-isbn-perl libtest-pod-perl libmodule-build-perl libinline-perl libencode-detect-perl libnet-ldap-perl libnet-cidr-lite-perl libio-string-perl libnet-dns-resolver-programmable-perl libmail-spf-perl
# antiword libmail-imapclient-perl p7zip p7zip-full geoip-database libgeo-ip-perl libgeoip1 libnet-patricia-perl arj lhasa liblhasa0 cabextract nomarch pax rar zip  libmail-milter-perl libdb-dev libdb5.3-dev libtest-deep-perl libdigest-sha-perl

#Extra rulesets for SpamAssassin
sudo wget -O /etc/mail/spamassassin/KAM.cf https://www.pccc.com/downloads/SpamAssassin/contrib/KAM.cf
sudo wget -O /etc/mail/spamassassin/nonKAMrules.cf https://mcgrail.com/downloads/nonKAMrules.cf
sudo wget -O /etc/cron.hourly/KAM.cf.sh https://dutchspamassassinrules.nl/DSR/contrib/KAM.cf.sh
sudo chmod a+x  /etc/cron.hourly/KAM.cf.sh
sudo wget -O /etc/mail/spamassassin/DSR.cf https://dutchspamassassinrules.nl/DSR/DSR.cf
sudo wget -O /etc/cron.hourly/DSR.cf.sh https://dutchspamassassinrules.nl/DSR/DSR.cf.sh
sudo chmod a+x  /etc/cron.hourly/DSR.cf.sh

# MailScanner install
# Debug with MailScanner --debug
# Kill all mailscanner processes : killall -I -r mailscanner
echo 'MailScanner install' ; sleep 5
sudo wget -O /tmp/MailScanner.noarch.deb https://github.com/MailScanner/v5/releases/download/5.4.4-1/MailScanner-5.4.4-1.noarch.deb
sudo apt -y install /tmp/MailScanner.noarch.deb
sudo sed -i "s/yoursite/$MSHOSTNAME/g" /etc/MailScanner/MailScanner.conf
sudo sed -i "s/YOURDOMAIN-COM/$MSHOSTNAME/g" /etc/MailScanner/spamassassin.conf
sudo sed -i "s/yoursite/$MSHOSTNAME/g" /etc/MailScanner/spamassassin.conf

sudo echo "Run As User = postfix" > /etc/MailScanner/conf.d/10-postfix.conf
sudo echo "Run As Group = postfix" >> /etc/MailScanner/conf.d/10-postfix.conf
sudo echo "Incoming Queue Dir = /var/spool/postfix/hold" >> /etc/MailScanner/conf.d/10-postfix.conf
sudo echo "Outgoing Queue Dir = /var/spool/postfix/incoming" >> /etc/MailScanner/conf.d/10-postfix.conf
sudo echo "MTA = postfix" >> /etc/MailScanner/conf.d/10-postfix.conf
sudo echo "Clamd Socket = /var/run/clamav/clamd.ctl" >> /etc/MailScanner/conf.d/10-postfix.conf
sudo echo "SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin" >> /etc/MailScanner/conf.d/10-postfix.conf

sudo chown -R postfix.mtagroup  /etc/clamav
sudo usermod -a -G mtagroup postfix
sudo usermod -a -G mtagroup clamav
sudo systemctl restart clamav-daemon

#Complete config of PostFix + MailScanner, then 
sudo mkdir -p /var/spool/MailScanner/spamassassin
sudo chown postfix.mtagroup /var/spool/MailScanner/spamassassin
sudo mkdir -p /var/spool/MailScanner/archive
sudo chown postfix:mtagroup /var/spool/MailScanner/archive

ms-configure

sudo /etc/cron.hourly/postfix-db
sudo systemctl enable postfix
sudo systemctl restart postfix

# Get path for SpamAssassin (credits L.P.H. van Belle) : getent passwd |grep spamd|awk -F: '{ print $6 }
# Usually /var/lib/spamassassin
# razor http://razor.sourceforge.net/docs/install.php
#sudo apt -y install razor
sudo mkdir /var/lib/spamassassin/.razor
sudo razor-admin -home=/var/lib/spamassassin/.razor -register
sudo razor-admin -home=/var/lib/spamassassin/.razor -create
sudo razor-admin -home=/var/lib/spamassassin/.razor -discover
#chown -R debian-spamd:debian-spamd /var/lib/spamassassin/.razor
sudo chown -R postfix:mtagroup /var/lib/spamassassin/.razor
sudo chmod 775 /var/lib/spamassassin/.razor
sudo echo 'razor_config /var/lib/spamassassin/.razor/razor-agent.conf' >> /etc/spamassassin/local.cf
sudo echo 'use_razor2 1' >> /etc/spamassassin/local.cf

#sudo apt -y install pyzor
sudo mkdir /var/lib/spamassassin/.pyzor
# The pyzor discover command has been removed in version 0.6, back in 2010 (commit 50f2bf5aa47ed863de78c413ff7114f5e54f5a9b), and pyzor works out of the box now.
#echo "chown -R $(getent passwd |grep spamd|awk -F: '{ print $3":"$4 }') /var/lib/spamassassin/.pyzor/"
# or 
#echo "chown -R $(getent passwd |grep spamd|awk -F: '{ print $1":"$1 }') /var/lib/spamassassin/.pyzor/"
#sudo chown -R debian-spamd:debian-spamd /var/lib/spamassassin/.pyzor/
sudo chown -R postfix:mtagroup /var/lib/spamassassin/.pyzor
sudo chmod 775 /var/lib/spamassassin/.pyzor
sudo echo 'pyzor_options --homedir /var/lib/spamassassin' >> /etc/spamassassin/local.cf
sudo echo 'use_pyzor 1' >> /etc/spamassassin/local.cf

# Install DCC
sudo wget -O /tmp/dcc.tar.Z 'https://www.dcc-servers.net/src/dcc/dcc.tar.Z'
cd /tmp
tar xvzf dcc.tar.Z
cd dcc-*
sudo ./configure && sudo make && sudo make install
sudo echo 'use_dcc 1' >> /etc/spamassassin/local.cf
sudo echo 'dcc_timeout 8' >> /etc/spamassassin/local.cf
sudo echo 'dcc_home /var/dcc/' >> /etc/spamassassin/local.cf
sudo echo 'dcc_path /usr/local/bin/dccproc' >> /etc/spamassassin/local.cf
sudo echo 'add_header all DCC _DCCB_: _DCCR_' >> /etc/spamassassin/local.cf
sed -i '/::DCC/s/^#//g' /etc/spamassassin/v310.pre

sudo echo ' ' >> /etc/fail2ban/jail.local
sudo echo '[postfix]' >> /etc/fail2ban/jail.local
sudo echo 'enabled   = true' >> /etc/fail2ban/jail.local
sudo echo 'maxretry  = 3' >> /etc/fail2ban/jail.local
sudo echo 'bantime   = 1h' >> /etc/fail2ban/jail.local
sudo echo 'filter    = postfix[mode=aggressive]' >> /etc/fail2ban/jail.local
sudo echo 'logpath   = /var/log/mail.log' >> /etc/fail2ban/jail.local
sudo systemctl restart fail2ban

sudo sed -i 's/run_mailscanner=0/run_mailscanner=1/g' /etc/MailScanner/defaults
sudo systemctl enable mailscanner
sudo systemctl start mailscanner

sudo ufw allow smtp
sudo ufw allow submission
sudo ufw allow submissions

useradd -u 960 -g postfix -s /sbin/nologin spam
useradd -u 961 -g postfix -s /sbin/nologin spam
sudo echo 'verkoop: spam' >> /etc/aliases
sudo echo '01 *	* * *	root	/usr/local/bin/learn-spam.sh' >> /etc/crontab
# Check mtagroup !!!!
# 
# find / -group 1001 -exec chgrp -h mtagroup {} \;

# dovecot https://www.linuxbabe.com/mail-server/secure-email-server-ubuntu-postfix-dovecot
#sudo ufw allow 80,443,465,587,993/tcp
#sudo apt install -y certbot python3-certbot-apache
#sudo nano /etc/apache2/sites-available/$FQDN.conf
#sudo a2ensite $FQDN.conf
#sudo a2dissite 000-default
#sudo systemctl reload apache2
#sudo certbot certonly -a apache --agree-tos --no-eff-email --staple-ocsp --email myemal at somewhere.com -d $FQDN
# crontab @daily certbot renew --quiet && systemctl reload postfix dovecot apache2
# sudo apt install dovecot-core dovecot-imapd
# sudo adduser dovecot mail
# chmod 02775 /var/mail ; chown root:mail /var/spool/mail

# Install additional utilities
# Extract attachments out of MIME encoded emails
#apt install ripmime

#MS Exchange user lookup (to be completed)
#sudo apt install -y ldap-utils

More information about the MailScanner mailing list