Installing MIMEDefang on Solaris

The following are step-by-step instructions for installing MIMEDefang 2.54, ClamAV 0.87.1, and SpamAssassin 3.1.0 on a Solaris 8 system running Sendmail 8.13.5. Please read the MIMEDefang HOWTO for more information.

On my system, I had to install the following Perl module prerequisites before installing SpamAssassin and MIMEDefang.

Digest-SHA1-2.10.tar.gz
IO-stringy-2.110.tar.gz

MailTools-1.67.tar.gz
MIME-tools-5.419.tar.gz (from the mimedefang.org Web site)
Unix-Syslog-0.100.tar.gz (from the mimedefang.org Web site)
HTML-Tagset-3.10.tar.gz (prerequisite for HTML::Parser)
HTML-Parser-3.48.tar.gz (prerequisite for SpamAssassin, also needed for MIMEDefang if using append_html_boilerplate function)

Note: if you do not install Unix::Syslog, you may receive the following errors:

Apr 20 20:25:33 hostname mimedefang-multiplexor[28797]: [ID 980602 mail.info] Slave 1 stderr: no connection to syslog available at /usr/local/bin/mimedefang.pl line 529

I used the following procedure to install the Perl modules:

$ gzip -cd tarball | tar xf -
$ cd directory
$ /usr/local/bin/perl Makefile.PL (Note: On my system, Perl 5.8.5 is installed in /usr/local/bin; /usr/bin/perl is Perl 5.005_03)
$ make
$ make test
$ su root -c "PATH=$PATH:/usr/ccs/bin make install"


Before proceeding, create the MIMEDefang user.

# groupadd defang
# useradd -g defang -c "MIMEDefang user" defang
# passwd defang

ClamAV instructions

1. Install ClamAV.

$ gzip -cd clamav-0.87.1.tar.gz | tar xf -

$ cd clamav-0.87.1
$ ./configure --disable-clamav (We will be running ClamAV as the defang user, not clamav)
$ make
$ su root -c 'PATH=$PATH:/usr/ccs/bin make install'

2. Configure clamd.
# vi /usr/local/etc/clamd.conf

Change:
# Comment or remove the line below.
Example

To:
# Comment or remove the line below.
#Example

Change:
# Run as a selected user (clamd must be started by root).
# Default: disabled
#User clamav

To:
# Run as a selected user (clamd must be started by root).
# Default: disabled
User defang

Change:
# Path to a local socket file the daemon will listen on.
# Default: disabled
LocalSocket /tmp/clamd

To:
# Path to a local socket file the daemon will listen on.
# Default: disabled
LocalSocket /var/run/clamav/clamd.sock

Change:
# Use system logger (can work together with LogFile).
# Default: disabled
#LogSyslog


To:
# Use system logger (can work together with LogFile).
# Default: disabled

LogSyslog

Change:
# This option allows you to save a process identifier of the listening
# daemon (main thread).
# Default: disabled
#PidFile /var/run/clamd.pid

To:
# This option allows you to save a process identifier of the listening
# daemon (main thread).
# Default: disabled
PidFile /var/run/clamav/clamd.pid


3. Configure freshclam.
# vi /usr/local/etc/freshclam.conf

Change:
# Comment or remove the line below.
Example

To:
# Comment or remove the line below.
#Example

Change:
# Path to the log file (make sure it has proper permissions)
# Default: disabled
#UpdateLogFile /var/log/freshclam.log

To:
# Path to the log file (make sure it has proper permissions)
# Default: disabled
UpdateLogFile /var/log/freshclam.log

Change:
# Uncomment the following line and replace XY with your country
# code. See http://www.iana.org/cctld/cctld-whois.htm for the full list.
# Default: There is no default, which results in an error when running freshclam
#DatabaseMirror db.XY.clamav.net

To:
# Uncomment the following line and replace XY with your country
# code. See http://www.iana.org/cctld/cctld-whois.htm for the full list.
# Default: There is no default, which results in an error when running freshclam
DatabaseMirror db.us.clamav.net

4. Create the freshclam.log log file.
# touch /var/log/freshclam.log

5. Run freshclam hourly by adding the following entry in the root user's crontab.
7 * * * * /usr/local/bin/freshclam --quiet

6. Create the directory for the clamd socket and configure permissions.
# mkdir /var/run/clamav
# chown defang:defang /var/run/clamav

7. Create clamd startup and shutdown script, configure permissions, and create symbolic links.

# vi /etc/init.d/clamd

Add:

#!/bin/sh

case $1 in
   'start' )
      if [ ! -d /var/run/clamav ] ; then
         mkdir /var/run/clamav
         chown defang:defang /var/run/clamav
      fi
      /usr/local/sbin/clamd
      ;;
   'stop' )
      kill `ps -ef | awk '$NF ~ /clamd/ { print $2 }'` > /dev/null 2>&1
      ;;
   'reload' )
      # Reload virus databases
      kill -USR2 `ps -ef | awk '$NF ~ /clamd/ { print $2 }'` > /dev/null 2>&1
      ;;
   *)
      echo "usage: $0 {start|stop|reload}"
esac

# chmod 755 /etc/init.d/clamd
# chown root:root /etc/init.d/clamd

# ln -s /etc/init.d/clamd /etc/rc2.d/S87clamd

8. Start clamd.
# /etc/init.d/clamd start


SpamAssassin instructions

I used the following steps to build and install SpamAssassin.

$ gzip -cd Mail-SpamAssassin-3.1.0.tar.gz | tar xf -
$ cd Mail-SpamAssassin-3.1.0
$ /usr/local/bin/perl Makefile.PL (Note: On my system, Perl 5.8.5 is installed in /usr/local/bin; /usr/bin/perl is Perl 5.005_03)
$ make
$ su root -c "PATH=$PATH:/usr/ccs/bin make install"

MIMEDefang instructions

1. Build MIMEDefang.
$ gzip -cd mimedefang-2.54.tar.gz | tar xf -
$ cd mimedefang-2.54
$ PERL=/usr/local/bin/perl ./configure

If you receive the following error, install the Sendmail libmilter library and include files.

configure: WARNING: Oops.. I couldn't find libmilter/mfapi.h.  Please install Sendmail 8.12
configure: WARNING: and its header files.

$ cd $SENDMAIL_source_tree/libmilter
$ ./Build
$ su root -c "PATH=$PATH:/usr/ccs/bin ./Build install"

2. Install MIMEDefang.
$ make
$ su root -c "PATH=$PATH:/usr/ccs/bin make install"

4. Copy the example MIMEDefang startup and shutdown script to /etc/init.d, and configure it as appropriate.
$ su root -c "cp examples/init-script /etc/init.d/mimedefang"
# vi /etc/init.d/mimedefang

Change 1

I use the syslog facility local7 to separate mimedefang messages from the rest of mail syslog messages.

# Syslog facility
# SYSLOG_FACILITY=mail
SYSLOG_FACILITY=local7

Make sure you have a line similar to the following in /etc/syslog.conf:
local7.debug                    /var/log/mimedefang

Create the file with touch /var/log/mimedefang and send the syslog daemon a SIGHUP with kill -HUP `cat /var/run/syslog.pid` to begin using the new facility.

Change 2

I use the filter_sender function to check SPF records, so mimedefang must be run with the -s flag.

# "yes" turns on the multiplexor sender checking function
# MX_SENDER_CHECK=no
MX_SENDER_CHECK=yes

Change 3

I use an embedded Perl interpreter, as it appears to be much more efficient than the default interpreter.

# Set to yes if you want to use an embedded Perl interpreter
# MX_EMBED_PERL=yes
MX_EMBED_PERL=yes

Change 4

I increase the mimedefang-multiplexor backlog value as I experienced many of the following errors:

Apr 27 08:31:06 hostname mimedefang[24889]: [ID 758488 local7.warning] mfconnect: Error communicating with multiplexor
Apr 27 08:31:06 hostname mimedefang[24889]: [ID 655476 local7.error] MXCommand: connect: Connection refused: Is multiplexor running?

# Set to yes if you want to use an embedded Perl interpreter
# MX_EMBED_PERL=yes
MX_EMBED_PERL=yes

# Backlog value for mimedefang-multiplexor
MX_BACKLOG=200

...

    $PROGDIR/$prog-multiplexor -p $MXPID \
        $EMBEDFLAG \
        `[ -n "$MX_BACKLOG" ] && echo "-I $MX_BACKLOG"` \
        `
[ -n "$SPOOLDIR"] && echo "-z $SPOOLDIR"` \       

Change 5

I added the following bold line to prevent "Too many open files" errors.

start_it() {
    ulimit -Sn 1024

Example error:

Apr 22 21:10:05 hostname mimedefang[1942]: [ID 149102 mail.error] MXCommand: socket: Too many open files

Change 6

I changed MX_MINIMUM and MX_MAXIMUM to values more appropriate for my system. You will be able to determine appropriate values by monitoring /var/log/mimedefang as it is running.

MX_MINIMUM=10
MX_MAXIMUM=50

Change 7

I log the MIMEDefang slave status every 60 seconds.

# Uncomment to log slave status; it will be logged every
# MX_LOG_SLAVE_STATUS_INTERVAL seconds
# MX_LOG_SLAVE_STATUS_INTERVAL=30
MX_LOG_SLAVE_STATUS_INTERVAL=60

Change 8

I do not want the X-Scanned-By: header added to each message.

# Extra sendmail macros to pass.  Actually, you can add any extra
# mimedefang options here...
# MD_EXTRA="-a auth_author"
MD_EXTRA="-X"

Change 9

If all MIMEDefang slaves are busy when a new connection is initiated, I would up to 10 new connections queued instead of immediately TEMPfailed.

# Multiplexor queue size -- default is 0 (no queueing)
# MX_QUEUE_SIZE=10
MX_QUEUE_SIZE=10

Change 10

The following variable must be set to yes to enable queueing of new connections.
# Needed to allow new connections to queue
ALLOW_NEW_CONNECTIONS_TO_QUEUE=yes

5. Create a RAM-based file system for /var/spool/MIMEDefang.

From the MIMEDefang author in a mailing list post:

First of all, on Solaris, it is mandatory to put /var/spool/MIMEDefang
on a tmpfs file system; otherwise, your machine will buckle under the
load.

In this example, I create a 256M TMPFS file system. Please read Size recommendations for a RAM-based sool directory.

/etc/vfstab entry (so the file system will be mounted after a reboot):
swap    -       /var/spool/MIMEDefang   tmpfs   -       yes     size=256m

Run mount /var/spool/MIMEDefang to immediately make the TMPFS file system available.

6. Configure sendmail to use MIMEDefang.
$ cd $SENDMAIL_source_tree/cf/cf

Add the following to sendmail.mc:
INPUT_MAIL_FILTER(`mimedefang', `S=unix:/var/spool/MIMEDefang/mimedefang.sock, F=T, T=C:30m;S:30m;R:30m;E:30m')

Note: I chose higher "milter" timeout values than those listed in the MIMEDefang HOWTO, as I received too many "Please try again later" errors with those values.

Install sendmail.cf:
$ su root -c "PATH=$PATH:/usr/ccs/bin ./Build install-cf"

7. Configure MIMEDefang as appropriate in /etc/mail/mimedefang-filter. Run /usr/local/bin/mimedefang.pl -test to check the file for syntax errors.

8. Start MIMEDefang.
$ su root -c "/etc/init.d/mimedefang start"

Note: if you receive "Cannot find ELF" messages when starting mimedefang-multiplexor, rebuild MIMEDefang with the following command:

$ make clean
$ PATH=/usr/ccs/bin:$PATH make
$ su root -c "PATH=$PATH:/usr/ccs/bin make install"

More information:
http://lists.roaringpenguin.com/pipermail/mimedefang/2003-September/016989.html

9. Send the sendmail daemon a SIGHUP to begin using MIMEDefang.
# kill -HUP `head -n1 /var/run/sendmail.pid`

Back to brandonhutchinson.com.
Last modified: 2006/06/27