[TUTORIAL] Advancing Proxmox Mail Gateway (especially Spam and Virus Detection)
- Thread starter heutger
- Start date
Thanks, though you don't have to CPAN this anymore to get the proper modules on 6.0 - `apt-get install libgeoip2-perl` was sufficient to get the Perl modules required in. Also, this configuration works as stated it seems for 6.0 as well, I'm applying changes here to the 6.0 environment I'm going to be moving to in the near future. Thread post 70 though for autoupdating is superseded by Maxmind's GeoIP Update tool which does what thread post 70 does, though I made a few tweaks to the config since I dump all my GeoIP databases to /opt/GeoIP when using that tool. Which SpamAssassin doesn't seem to mind.
Also, post 69 says to put everything into the custom.in bits, however you can just throw the RelayCountry config options into the /etc/pmg/templates/init.pre.in at the bottom like so:
Code:
loadplugin Mail::SpamAssassin::Plugin::RelayCountry
country_db_type GeoIP2
country_db_path /opt/GeoIP/GeoLite2-Country.mmdbThis seemed to work fine thus far, AND gets applied when you do
pmgconfig sync --restart 1Not my recommendation to purchase there. I believe, I posted https://www.antivirusedition.com/details_produit.php?p=avast_core_security_linux&lang=DE which was the cheapest pricing, I was able to find.
A small update, I'm currently playing around with is https://forum.proxmox.com/threads/kam-cf.60114/ (however, adjusted it a bit, final setup will be posted, once I'm done).
Thanks to @KatyComputer
Short update on my plans BTW: PMG 6.1 has been released now with expected before-queue option. As it's experimental, I will wait I while, until it's settled (as well as I'm currently very rare of time because of giving training for ISO 27001 and similar topics like "BSI IT Grundschutz Kompendium" weekly (being on any training each week)). Then I will create new explanations with two adjustments:
Before-Queue-Adjustments can be removed and will no longer be in my explanations, as it's rolled out with PMG itself (very happy to hear that).
ClamAV-Adjustments will be removed as they had no profit, ClamAV is still bad, I prefer and recommend Avast (as long as other scanners fail good pricing, daemonization and integration, just Dr.Web looked like to be an option, but there isn't anyone doing a first integration).
Thanks to @KatyComputer
Short update on my plans BTW: PMG 6.1 has been released now with expected before-queue option. As it's experimental, I will wait I while, until it's settled (as well as I'm currently very rare of time because of giving training for ISO 27001 and similar topics like "BSI IT Grundschutz Kompendium" weekly (being on any training each week)). Then I will create new explanations with two adjustments:
Before-Queue-Adjustments can be removed and will no longer be in my explanations, as it's rolled out with PMG itself (very happy to hear that).
ClamAV-Adjustments will be removed as they had no profit, ClamAV is still bad, I prefer and recommend Avast (as long as other scanners fail good pricing, daemonization and integration, just Dr.Web looked like to be an option, but there isn't anyone doing a first integration).
Same question here. I just selected one URL from phishtank and openphish feeds and includes it in e-mail sent through PMG. There's nothing in the log, no score increasing.
Is this a correct way for testing?
#edit: Phishing module is working after rebooted once. but there's a problem with postgresql after. Its config and also template was back to version 9.6 instead of 11 and cannot start the daemon. It works fine before rebooting. Don't know why but I have to rewrite version number to 11 then 'pmgconfig sync' again to solve this issue.
Last edited:
After any changes on SpamAssassin handling you need to restart pmg-smtp-filter, to get them live, if you also also use my milter-reject you also need to restart spamassassin service. Rebooting is not required (but for sure also will restart the services). However, if you encounter any problems here, it looks like they already raised some time ago and just now got "live".
Also please check, if you want to try out the module, if the URL is not only listed on the website (as without subscription you may not have up to date data) but also be in your local files you downloaded from them.
Thanks Heutger. Yes I see your earlier replies that have to restart SA and pmg-smtp-filter services after changing configuration to make them live. I do, but have no idea why its not come up with the result so I have no chance without reboot. But everything is good now. Very thanks for your help.
out of curiosity 6.1 came out with dkim which is awesome, my question is does the clamav unofficial still would work?
Thank you
Thank you
It should as it’s independent from DKIM. However, I don’t support it anymore as I won’t use it anymore. Too much effort for too less profit, ClamAV is worse, additional rules may get it a bit better but also introduce too much false positives. Avast is affordable and much better, where may still be better options than Avast, but they fail either in licensing, daemonizing or price.
As mentioned in post #225 I just added a script to update KAM.cf and add nonKAMrules.cf as KAM.cf isn't updated really often by PMG and nonKAMrules.cf isn't included at all. Hopefully, this updates would also be adopted to PMG itself. Steps performed are just easy:
And the content of /etc/cron.daily/KAM-update (daily updating is enough) is as followed (adopted from sa-update from before):
Code:
vi /etc/cron.daily/KAM-update
/etc/cron.daily/KAM-updateAnd the content of /etc/cron.daily/KAM-update (daily updating is enough) is as followed (adopted from sa-update from before):
Code:
#!/bin/sh
# KatyComputer
#
# Simple script to update KAM rules
SYSLOG_TAG=KAM-update
compile=0
logger -d -t $SYSLOG_TAG "Start KAM-Update"
md5_old=$( md5sum /usr/share/spamassassin-extra/KAM.cf )
wget -q -N -P /usr/share/spamassassin-extra http://www.mcgrail.com/downloads/KAM.cf
md5_new=$( md5sum /usr/share/spamassassin-extra/KAM.cf )
if [ "$md5_old" != "$md5_new" ]; then compile=1; fi
md5_old=$( md5sum /usr/share/spamassassin-extra/nonKAMrules.cf )
wget -q -N -P /usr/share/spamassassin-extra http://www.mcgrail.com/downloads/nonKAMrules.cf
md5_new=$( md5sum /usr/share/spamassassin-extra/nonKAMrules.cf )
if [ "$md5_old" != "$md5_new" ]; then compile=1; fi
if [ $compile -eq 1 ]; then
logger -d -t $SYSLOG_TAG "KAM-Update found"
sa-compile --quiet 2>/dev/null
systemctl restart pmg-smtp-filter
systemctl restart spamassassin
else
logger -d -t $SYSLOG_TAG "No KAM-Update found"
fiHi,
oh, does the error also occur on second run? If so, you need to download the nonKAMrules first, I adjusted the script after running once and first download of nonKAMrules.
The service restart fail because you don’t use my milter adjustments, which aren’t required anymore with PMG 6.1. Once logging is available there also, I will do and describe a new setup with PMG 6.1. Currently I don’t see too much advantage and be still lack of time.
@heutger thanks for the link to avast offer. Just bought 2 licenses for 3 years each. I did find it the cheapest options when you have it for 3 years.
Installed on PMG 6.1-3 and it get 70% viruses now. ClamAV 30%. Looks good but human firewall works better if available
You’re welcome. My recommendation is to have a multi-layered antivirus approach: Use as much different solutions on different points, e.g. Mailserver, Gateway, Computers, e.g. Sophos SG on the Gateway, Avast on PMG, Avira on the computers. In addition, use filters for typical viruses, disable macros, if you don’t use them in your company via group policies, at least have a human firewall by training the users and their awareness.
@heutger I 100% agree with you that approach should be multiple. We have now PMG (avast+clamav mailpatrol) + computers with windows defender along with webroot + not always bulletproof user firewall
PS: also found easy to read and understand article from webroot. they do provide free utility to disable scripts.
PS: also found easy to read and understand article from webroot. they do provide free utility to disable scripts.