[TUTORIAL] Advancing Proxmox Mail Gateway (especially Spam and Virus Detection)

FGRO

New Member
Jan 23, 2019
4
0
1
40
Current pricing is something about US$150 (original pricing is in €) per server per year, with good discounts on multiple years and multiple servers. Core Security for Linux is enough and best fitting license. Via partners there are additional discounts possible. You can PM me for details.
Hello Christian,

avast increased the license for core linux up to 214,19 €/y, :(

1574789480734.png
 

teward

New Member
Feb 12, 2019
14
0
1
30
Pittsburgh, PA
See Post 69 and 70 in this thread.
Thanks, though you don't have to CPAN this anymore to get the proper modules on 6.0 - `apt-get install libgeoip2-perl` was sufficient to get the Perl modules required in. Also, this configuration works as stated it seems for 6.0 as well, I'm applying changes here to the 6.0 environment I'm going to be moving to in the near future. Thread post 70 though for autoupdating is superseded by Maxmind's GeoIP Update tool which does what thread post 70 does, though I made a few tweaks to the config since I dump all my GeoIP databases to /opt/GeoIP when using that tool. Which SpamAssassin doesn't seem to mind.

Also, post 69 says to put everything into the custom.in bits, however you can just throw the RelayCountry config options into the /etc/pmg/templates/init.pre.in at the bottom like so:

Code:
loadplugin Mail::SpamAssassin::Plugin::RelayCountry
country_db_type GeoIP2
country_db_path /opt/GeoIP/GeoLite2-Country.mmdb
This seemed to work fine thus far, AND gets applied when you do pmgconfig sync --restart 1
 

heutger

Well-Known Member
Apr 25, 2018
842
221
48
Fulda, Hessen, Germany
www.heutger.net
Thanks, though you don't have to CPAN this anymore to get the proper modules on 6.0 - `apt-get install libgeoip2-perl` was sufficient to get the Perl modules required in. Also, this configuration works as stated it seems for 6.0 as well, I'm applying changes here to the 6.0 environment I'm going to be moving to in the near future. Thread post 70 though for autoupdating is superseded by Maxmind's GeoIP Update tool which does what thread post 70 does, though I made a few tweaks to the config since I dump all my GeoIP databases to /opt/GeoIP when using that tool. Which SpamAssassin doesn't seem to mind.

Also, post 69 says to put everything into the custom.in bits, however you can just throw the RelayCountry config options into the /etc/pmg/templates/init.pre.in at the bottom like so:

Code:
loadplugin Mail::SpamAssassin::Plugin::RelayCountry
country_db_type GeoIP2
country_db_path /opt/GeoIP/GeoLite2-Country.mmdb
This seemed to work fine thus far, AND gets applied when you do pmgconfig sync --restart 1
Many thanks for your input/update. ;-)
 

heutger

Well-Known Member
Apr 25, 2018
842
221
48
Fulda, Hessen, Germany
www.heutger.net
A small update, I'm currently playing around with is https://forum.proxmox.com/threads/kam-cf.60114/ (however, adjusted it a bit, final setup will be posted, once I'm done).

Thanks to @KatyComputer

Short update on my plans BTW: PMG 6.1 has been released now with expected before-queue option. As it's experimental, I will wait I while, until it's settled (as well as I'm currently very rare of time because of giving training for ISO 27001 and similar topics like "BSI IT Grundschutz Kompendium" weekly (being on any training each week)). Then I will create new explanations with two adjustments:

Before-Queue-Adjustments can be removed and will no longer be in my explanations, as it's rolled out with PMG itself (very happy to hear that).
ClamAV-Adjustments will be removed as they had no profit, ClamAV is still bad, I prefer and recommend Avast (as long as other scanners fail good pricing, daemonization and integration, just Dr.Web looked like to be an option, but there isn't anyone doing a first integration).
 

karnz

Active Member
Nov 23, 2015
51
2
28
I mean any URL from https://www.phishtank.com, which you're sure, it is in your local database.
Same question here. I just selected one URL from phishtank and openphish feeds and includes it in e-mail sent through PMG. There's nothing in the log, no score increasing.
Is this a correct way for testing?

#edit: Phishing module is working after rebooted once. but there's a problem with postgresql after. Its config and also template was back to version 9.6 instead of 11 and cannot start the daemon. It works fine before rebooting. Don't know why but I have to rewrite version number to 11 then 'pmgconfig sync' again to solve this issue.
 
Last edited:

heutger

Well-Known Member
Apr 25, 2018
842
221
48
Fulda, Hessen, Germany
www.heutger.net
Same question here. I just selected one URL from phishtank and openphish feeds and includes it in e-mail sent through PMG. There's nothing in the log, no score increasing.
Is this a correct way for testing?

#edit: Phishing module is working after rebooted once. but there's a problem with postgresql after. Its config and also template was back to version 9.6 instead of 11 and cannot start the daemon. It works fine before rebooting. Don't know why but I have to rewrite version number to 11 then 'pmgconfig sync' again to solve this issue.
After any changes on SpamAssassin handling you need to restart pmg-smtp-filter, to get them live, if you also also use my milter-reject you also need to restart spamassassin service. Rebooting is not required (but for sure also will restart the services). However, if you encounter any problems here, it looks like they already raised some time ago and just now got "live".

Also please check, if you want to try out the module, if the URL is not only listed on the website (as without subscription you may not have up to date data) but also be in your local files you downloaded from them.
 

karnz

Active Member
Nov 23, 2015
51
2
28
After any changes on SpamAssassin handling you need to restart pmg-smtp-filter, to get them live, if you also also use my milter-reject you also need to restart spamassassin service. Rebooting is not required (but for sure also will restart the services). However, if you encounter any problems here, it looks like they already raised some time ago and just now got "live".

Also please check, if you want to try out the module, if the URL is not only listed on the website (as without subscription you may not have up to date data) but also be in your local files you downloaded from them.
Thanks Heutger. Yes I see your earlier replies that have to restart SA and pmg-smtp-filter services after changing configuration to make them live. I do, but have no idea why its not come up with the result so I have no chance without reboot. But everything is good now. Very thanks for your help. :)
 
  • Like
Reactions: heutger

killmasta93

Active Member
Aug 13, 2017
708
37
33
26
out of curiosity 6.1 came out with dkim which is awesome, my question is does the clamav unofficial still would work?
Thank you
 

heutger

Well-Known Member
Apr 25, 2018
842
221
48
Fulda, Hessen, Germany
www.heutger.net
out of curiosity 6.1 came out with dkim which is awesome, my question is does the clamav unofficial still would work?
Thank you
It should as it’s independent from DKIM. However, I don’t support it anymore as I won’t use it anymore. Too much effort for too less profit, ClamAV is worse, additional rules may get it a bit better but also introduce too much false positives. Avast is affordable and much better, where may still be better options than Avast, but they fail either in licensing, daemonizing or price.
 

killmasta93

Active Member
Aug 13, 2017
708
37
33
26
good point so far clamav has worked well as i also have GDATA on the computers so its been good. Going to try around next week to see how it goes with the new version
 
  • Like
Reactions: heutger

heutger

Well-Known Member
Apr 25, 2018
842
221
48
Fulda, Hessen, Germany
www.heutger.net
As mentioned in post #225 I just added a script to update KAM.cf and add nonKAMrules.cf as KAM.cf isn't updated really often by PMG and nonKAMrules.cf isn't included at all. Hopefully, this updates would also be adopted to PMG itself. Steps performed are just easy:

Code:
vi /etc/cron.daily/KAM-update
/etc/cron.daily/KAM-update
And the content of /etc/cron.daily/KAM-update (daily updating is enough) is as followed (adopted from sa-update from before):

Code:
#!/bin/sh

# KatyComputer
#
# Simple script to update KAM rules

SYSLOG_TAG=KAM-update

compile=0

logger -d -t $SYSLOG_TAG "Start KAM-Update"

md5_old=$( md5sum /usr/share/spamassassin-extra/KAM.cf )
wget -q -N -P /usr/share/spamassassin-extra http://www.mcgrail.com/downloads/KAM.cf
md5_new=$( md5sum /usr/share/spamassassin-extra/KAM.cf )
if [ "$md5_old" != "$md5_new" ]; then compile=1; fi

md5_old=$( md5sum /usr/share/spamassassin-extra/nonKAMrules.cf )
wget -q -N -P /usr/share/spamassassin-extra http://www.mcgrail.com/downloads/nonKAMrules.cf
md5_new=$( md5sum /usr/share/spamassassin-extra/nonKAMrules.cf )
if [ "$md5_old" != "$md5_new" ]; then compile=1; fi

if [ $compile -eq 1 ]; then
    logger -d -t $SYSLOG_TAG "KAM-Update found"
    sa-compile --quiet 2>/dev/null
    systemctl restart pmg-smtp-filter
    systemctl restart spamassassin
else
    logger -d -t $SYSLOG_TAG "No KAM-Update found"
fi
 
  • Like
Reactions: killmasta93

thiagotgc

Member
Dec 17, 2019
117
8
18
33
When I add and execute it appears

PMG 6.1 (Latest Version)

md5sum: /usr/share/spamassassin-extra/nonKAMrules.cf: No such file or directory

Failed to restart spamassassin.service: Unit spamassassin.service not found.
 

heutger

Well-Known Member
Apr 25, 2018
842
221
48
Fulda, Hessen, Germany
www.heutger.net
When I add and execute it appears

PMG 6.1 (Latest Version)
Hi,

oh, does the error also occur on second run? If so, you need to download the nonKAMrules first, I adjusted the script after running once and first download of nonKAMrules.

The service restart fail because you don’t use my milter adjustments, which aren’t required anymore with PMG 6.1. Once logging is available there also, I will do and describe a new setup with PMG 6.1. Currently I don’t see too much advantage and be still lack of time.
 

radiogen

New Member
Sep 18, 2019
2
1
3
41
@heutger thanks for the link to avast offer. Just bought 2 licenses for 3 years each. I did find it the cheapest options when you have it for 3 years.
Installed on PMG 6.1-3 and it get 70% viruses now. ClamAV 30%. Looks good but human firewall works better if available :)
 

heutger

Well-Known Member
Apr 25, 2018
842
221
48
Fulda, Hessen, Germany
www.heutger.net
@heutger thanks for the link to avast offer. Just bought 2 licenses for 3 years each. I did find it the cheapest options when you have it for 3 years.
Installed on PMG 6.1-3 and it get 70% viruses now. ClamAV 30%. Looks good but human firewall works better if available :)
You’re welcome. My recommendation is to have a multi-layered antivirus approach: Use as much different solutions on different points, e.g. Mailserver, Gateway, Computers, e.g. Sophos SG on the Gateway, Avast on PMG, Avira on the computers. In addition, use filters for typical viruses, disable macros, if you don’t use them in your company via group policies, at least have a human firewall by training the users and their awareness.
 

radiogen

New Member
Sep 18, 2019
2
1
3
41
@heutger I 100% agree with you that approach should be multiple. We have now PMG (avast+clamav mailpatrol) + computers with windows defender along with webroot + not always bulletproof user firewall :)
PS: also found easy to read and understand article from webroot. they do provide free utility to disable scripts.
 
  • Like
Reactions: heutger

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE and Proxmox Mail Gateway. We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get your own in 60 seconds.

Buy now!