Installing MIMEDefang on Solaris
The following are step-by-step instructions for installing MIMEDefang
2.54, ClamAV 0.87.1, and SpamAssassin 3.1.0 on a Solaris 8 system
running Sendmail 8.13.5. Please read the MIMEDefang HOWTO
for more information.
On my system, I had to install the following Perl module prerequisites
before installing SpamAssassin and MIMEDefang.
Digest-SHA1-2.10.tar.gz
IO-stringy-2.110.tar.gz
MailTools-1.67.tar.gz
MIME-tools-5.419.tar.gz (from the mimedefang.org Web site)
Unix-Syslog-0.100.tar.gz (from the mimedefang.org Web site)
HTML-Tagset-3.10.tar.gz (prerequisite for HTML::Parser)
HTML-Parser-3.48.tar.gz (prerequisite for SpamAssassin, also needed for
MIMEDefang if using append_html_boilerplate
function)
Note: if you do not install Unix::Syslog, you may receive the following
errors:
Apr 20 20:25:33 hostname mimedefang-multiplexor[28797]: [ID
980602 mail.info] Slave 1 stderr: no
connection to syslog available at /usr/local/bin/mimedefang.pl
line 529
I used the following procedure to install the Perl modules:
$ gzip -cd tarball | tar xf -
$ cd directory
$ /usr/local/bin/perl Makefile.PL
(Note: On my system, Perl 5.8.5 is installed in /usr/local/bin; /usr/bin/perl is Perl 5.005_03)
$ make
$ make test
$ su root -c "PATH=$PATH:/usr/ccs/bin
make install"
Before proceeding, create the MIMEDefang user.
# groupadd defang
# useradd -g defang -c "MIMEDefang user" defang
# passwd defang
ClamAV instructions
1. Install ClamAV.
$ gzip -cd clamav-0.87.1.tar.gz | tar
xf -
$ cd clamav-0.87.1
$ ./configure --disable-clamav (We will be running ClamAV as the defang user, not clamav)
$ make
$ su root -c 'PATH=$PATH:/usr/ccs/bin
make install'
2. Configure clamd.
# vi /usr/local/etc/clamd.conf
Change:
# Comment or remove the line
below.
Example
To:
# Comment or remove the line
below.
#Example
Change:
# Run as a selected user (clamd
must be started by root).
# Default: disabled
#User clamav
To:
# Run as a selected user (clamd
must be started by root).
# Default: disabled
User defang
Change:
# Path to a local socket file the
daemon will listen on.
# Default: disabled
LocalSocket /tmp/clamd
To:
# Path to a local socket file the
daemon will listen on.
# Default: disabled
LocalSocket
/var/run/clamav/clamd.sock
Change:
# Use system logger (can
work together with LogFile).
# Default: disabled
#LogSyslog
To:
# Use system logger (can
work together with LogFile).
# Default: disabled
LogSyslog
Change:
# This option allows you to save a process identifier of the listening
# daemon (main thread).
# Default: disabled
#PidFile /var/run/clamd.pid
To:
# This option allows you to save a process identifier of the listening
# daemon (main thread).
# Default: disabled
PidFile /var/run/clamav/clamd.pid
3. Configure freshclam.
# vi /usr/local/etc/freshclam.conf
Change:
# Comment or remove the line
below.
Example
To:
# Comment or remove the line
below.
#Example
Change:
# Path to the log file (make sure
it has proper permissions)
# Default: disabled
#UpdateLogFile
/var/log/freshclam.log
To:
# Path to the log file (make sure
it has proper permissions)
# Default: disabled
UpdateLogFile
/var/log/freshclam.log
Change:
# Uncomment the following line and
replace XY with your country
# code. See
http://www.iana.org/cctld/cctld-whois.htm for the full list.
# Default: There is no default,
which results in an error when running freshclam
#DatabaseMirror db.XY.clamav.net
To:
# Uncomment the following line
and replace XY with your country
# code. See
http://www.iana.org/cctld/cctld-whois.htm for the full list.
# Default: There is no default,
which results in an error when running freshclam
DatabaseMirror
db.us.clamav.net
4. Create the freshclam.log
log file.
# touch /var/log/freshclam.log
5. Run freshclam hourly by
adding the following entry in the root
user's crontab.
7 * * * * /usr/local/bin/freshclam
--quiet
6. Create the directory for the clamd socket and configure
permissions.
# mkdir /var/run/clamav
# chown defang:defang /var/run/clamav
7. Create clamd startup and shutdown
script, configure permissions, and create symbolic links.
# vi /etc/init.d/clamd
Add:
#!/bin/sh
case $1 in
'start' )
if [ ! -d /var/run/clamav ] ; then
mkdir /var/run/clamav
chown defang:defang
/var/run/clamav
fi
/usr/local/sbin/clamd
;;
'stop' )
kill `ps -ef | awk '$NF ~ /clamd/ { print $2 }'` > /dev/null
2>&1
;;
'reload' )
# Reload virus databases
kill -USR2 `ps -ef | awk '$NF ~ /clamd/ { print $2 }'` > /dev/null 2>&1
;;
*)
echo "usage: $0 {start|stop|reload}"
esac
# chmod 755 /etc/init.d/clamd
# chown root:root /etc/init.d/clamd
# ln -s /etc/init.d/clamd /etc/rc2.d/S87clamd
8. Start clamd.
# /etc/init.d/clamd start
SpamAssassin instructions
I used the following steps to build and install SpamAssassin.
$ gzip -cd
Mail-SpamAssassin-3.1.0.tar.gz | tar xf -
$ cd Mail-SpamAssassin-3.1.0
$ /usr/local/bin/perl Makefile.PL
(Note: On my system, Perl 5.8.5 is installed in /usr/local/bin; /usr/bin/perl is Perl 5.005_03)
$ make
$ su root -c "PATH=$PATH:/usr/ccs/bin
make install"
MIMEDefang instructions
1. Build MIMEDefang.
$ gzip -cd mimedefang-2.54.tar.gz | tar
xf -
$ cd mimedefang-2.54
$ PERL=/usr/local/bin/perl
./configure
If you receive the following error, install the Sendmail libmilter library and include files.
configure: WARNING: Oops..
I couldn't find libmilter/mfapi.h. Please install Sendmail 8.12
configure: WARNING: and its
header files.
$ cd $SENDMAIL_source_tree/libmilter
$ ./Build
$ su root -c "PATH=$PATH:/usr/ccs/bin ./Build install"
2. Install MIMEDefang.
$ make
$ su root -c "PATH=$PATH:/usr/ccs/bin
make install"
4. Copy the example MIMEDefang startup and shutdown script to /etc/init.d, and configure it as
appropriate.
$ su root -c "cp examples/init-script
/etc/init.d/mimedefang"
# vi /etc/init.d/mimedefang
Change 1
I use the syslog facility local7 to separate mimedefang messages from the rest
of mail syslog messages.
# Syslog facility
# SYSLOG_FACILITY=mail
SYSLOG_FACILITY=local7
Make sure you have a line similar to the following in /etc/syslog.conf:
local7.debug
/var/log/mimedefang
Create the file with touch
/var/log/mimedefang and send the syslog daemon a SIGHUP with kill -HUP `cat /var/run/syslog.pid` to
begin using the new facility.
Change 2
I use the filter_sender
function to check SPF records, so mimedefang
must be run with the -s flag.
# "yes" turns on the multiplexor
sender checking function
# MX_SENDER_CHECK=no
MX_SENDER_CHECK=yes
Change 3
I use an embedded Perl interpreter, as it appears to be much more
efficient than the default interpreter.
# Set to yes if you want to use
an embedded Perl interpreter
# MX_EMBED_PERL=yes
MX_EMBED_PERL=yes
Change 4
I increase the mimedefang-multiplexor
backlog value as I experienced many of the following errors:
Apr 27 08:31:06 hostname mimedefang[24889]: [ID 758488
local7.warning] mfconnect: Error
communicating with multiplexor
Apr 27 08:31:06 hostname mimedefang[24889]: [ID 655476
local7.error] MXCommand: connect:
Connection refused: Is multiplexor running?
# Set to yes if you want to use
an embedded Perl interpreter
# MX_EMBED_PERL=yes
MX_EMBED_PERL=yes
# Backlog
value for mimedefang-multiplexor
MX_BACKLOG=200
...
$PROGDIR/$prog-multiplexor -p $MXPID \
$EMBEDFLAG \
`[ -n "$MX_BACKLOG" ] && echo "-I $MX_BACKLOG"` \
`[ -n "$SPOOLDIR"] && echo "-z $SPOOLDIR"` \
Change 5
I added the following bold line to
prevent "Too many open files" errors.
start_it() {
ulimit -Sn 1024
Example error:
Apr 22 21:10:05 hostname mimedefang[1942]: [ID 149102
mail.error] MXCommand: socket: Too many open files
Change 6
I changed MX_MINIMUM and MX_MAXIMUM to values more appropriate for my
system. You will be able to determine appropriate values by monitoring /var/log/mimedefang as it is
running.
MX_MINIMUM=10
MX_MAXIMUM=50
Change 7
I log the MIMEDefang slave status every 60 seconds.
# Uncomment to log slave status;
it will be logged every
# MX_LOG_SLAVE_STATUS_INTERVAL
seconds
# MX_LOG_SLAVE_STATUS_INTERVAL=30
MX_LOG_SLAVE_STATUS_INTERVAL=60
Change 8
I do not want the X-Scanned-By:
header added to each message.
# Extra sendmail macros to
pass. Actually, you can add any extra
# mimedefang options here...
# MD_EXTRA="-a auth_author"
MD_EXTRA="-X"
Change 9
If all MIMEDefang slaves are busy when a new connection is initiated, I
would up to 10 new connections queued instead of immediately TEMPfailed.
# Multiplexor queue size -- default is 0 (no queueing)
# MX_QUEUE_SIZE=10
MX_QUEUE_SIZE=10
Change 10
The following variable must be set to yes to enable queueing of new connections.
# Needed to allow new connections to queue
ALLOW_NEW_CONNECTIONS_TO_QUEUE=yes
5. Create a RAM-based file system for /var/spool/MIMEDefang.
From the MIMEDefang author in a mailing
list post:
First of all, on Solaris, it is
mandatory to put /var/spool/MIMEDefang
on a tmpfs file system;
otherwise, your machine will buckle under the
load.
In this example, I create a 256M TMPFS file system. Please read Size recommendations
for a RAM-based sool directory.
/etc/vfstab entry (so the
file system will be mounted after a reboot):
swap
- /var/spool/MIMEDefang
tmpfs -
yes size=256m
Run mount /var/spool/MIMEDefang
to immediately make the TMPFS file system available.
6. Configure sendmail to use MIMEDefang.
$ cd $SENDMAIL_source_tree/cf/cf
Add the following to sendmail.mc:
INPUT_MAIL_FILTER(`mimedefang',
`S=unix:/var/spool/MIMEDefang/mimedefang.sock, F=T,
T=C:30m;S:30m;R:30m;E:30m')
Note: I chose higher "milter" timeout values than those listed
in the MIMEDefang HOWTO, as I received too many "Please try again
later" errors with those values.
Install sendmail.cf:
$ su root -c "PATH=$PATH:/usr/ccs/bin
./Build install-cf"
7. Configure MIMEDefang as
appropriate in /etc/mail/mimedefang-filter.
Run /usr/local/bin/mimedefang.pl -test
to check the file for syntax errors.
8. Start MIMEDefang.
$ su root -c "/etc/init.d/mimedefang
start"
Note: if you receive "Cannot find ELF" messages when starting mimedefang-multiplexor, rebuild
MIMEDefang with the following command:
$ make clean
$ PATH=/usr/ccs/bin:$PATH make
$ su root -c "PATH=$PATH:/usr/ccs/bin
make install"
More information:
http://lists.roaringpenguin.com/pipermail/mimedefang/2003-September/016989.html
9. Send the sendmail daemon a SIGHUP to begin using MIMEDefang.
# kill -HUP `head -n1
/var/run/sendmail.pid`
Back to brandonhutchinson.com.
Last modified: 2006/06/27