Wednesday, 25 February 2015

PHP5 with IMAP and SSL support

Building your own PHP with IMAP support is not that hard, but i noticed a lot of people tend to have problems when they want SSL support in it.
You might run into stuff like this (when reconfiguring php f.e.):
configure: error: utf8_mime2text() has new signature, but U8T_CANONICAL is missing. This should not happen. Check config.log for additional information.


This exact same problem came up for me on Fedora when trying to compile PHP 5.5.0.
The problem is related to the '--with-imap' configuration parameter.
In order to solve this problem I compiled my own version of imap from the latest source (currently imap-2007f) and to do that I had to install some prerequisites. On fedora I did this...

yum install openssl openssl-devel pam-devel
wget ftp://ftp.cac.washington.edu/imap/imap-2007f.tar.gz
tar zxvf imap-2007f.tar.gz
 
Then I had to make a soft link so the compiler could find the libraries. In my case I did the following:

mkdir /usr/local/ssl
ln -s /usr/include /usr/local/ssl/include
 
and then compile:

cd imap-2007f
make lnp SSLTYPE=unix EXTRACFLAGS=-fPIC
 
Then I was able to compile PHP by adding the imap source path to the config param like so:

/path/to/php/src> ./configure ...other_params...  
              '--with-imap=/path/to/imap-2007f' '--with-imap-ssl' 
make
make install

Sunday, 1 February 2015

Installing ClamAV & SpamAssassin to CentOS 5 with Sendmail

Installing these Mail Server open-source software sets to CentOS 5 with Sendmail on a 64-bit CentOS 5.4 (or higher) Linux host.
1. Install RPMForge Repo to get access to more Software Packages for CentOS5
Install (using rpm -Uvh) http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.2-2.el5.rf.x86_64.rpm

2. Use yum to install from the previously installed RPMForge Repo the necessary software packages
yum -y install spamass-milter clamav-milter
yum -y install perl-Mail-SPF
yum -y install sendmail-cf


Restart spamd after installing the new SPF package with
/etc/init.d/spamassassin restart

Install DKIM for Message Signing with
yum -y install perl-Mail-DKIM

Check DKIM use by sending yourself an email from GMail and saving that message (headers and all) to a local text file, processing that file with
spamassassin -D < /tmp/gmail-msg.txt 2>&1 |grep -i dk

Install GeoIP for regional/geographic message filtering
yum -y install geoip

Check that all of ClamAV is installed with
yum -y install clamav clamav-db clamav-milter clamd

Check then on the settings in /etc/sysconfig/clamav-milter & then set/check on the following in /etc/clamav-milter.conf

MilterSocket unix:/var/clamav/clmilter.socket
User clamav
AllowSupplementaryGroups yes
ClamdSocket unix:/var/run/clamav/clamd.sock
LogFile /var/log/clamav/clamav-milter.log
LogFileMaxSize 0
LogTime yes
LogSyslog yes


Set/check the following in /etc/clamd.conf

LogFile /var/log/clamav/clamd.log
LogFileMaxSize 0
LogTime yes
LogSyslog yes
PidFile /var/run/clamav/clamd.pid
TemporaryDirectory /var/tmp
DatabaseDirectory /var/clamav
LocalSocket /var/run/clamav/clamd.sock
FixStaleSocket yes
TCPSocket 3310
TCPAddr 127.0.0.1
MaxConnectionQueueLength 30
MaxThreads 50
ReadTimeout 300
User clamav
AllowSupplementaryGroups yes
ScanPE yes
ScanELF yes
DetectBrokenExecutables yes
ScanOLE2 yes
ScanMail yes
ScanArchive yes
ArchiveBlockEncrypted no


Install SPF capabilities with
yum -y install smf-spf

3. Start Configuring main software servers

3a. Sendmail for ClamAV & SpamAssassin
Load the following to /etc/mail/sendmail.mc, placed above any MAILER definition and I place it after the line “FEATURE(use_ct_file)dnl”
dnl # LOCAL ADDITIONS before Mailers
dnl # clamav-milter - z README ... dnl
INPUT_MAIL_FILTER(`clamav-milter',`S=local:/var/clamav/clmilter.socket, F=,T=S:4m;R:4m;E:10m')dnl
dnl #
dnl # SPAMASSASSIN dnl
dnl **
dnl ** enable spamassassin-milter to scan for spam using spamassassin **
dnl **
INPUT_MAIL_FILTER(`spamassassin', `S=unix:/var/run/spamass.sock, F=, T=C:15m;S:4m;R:4m;E:10m')dnl
define(`confMILTER_MACROS_CONNECT',`t, b, j, _, {daemon_name}, {if_name}, {if_addr}')dnl
define(`confMILTER_MACROS_HELO',`s, {tls_version}, {cipher}, {cipher_bits}, {cert_subject}, {cert_issuer}')dnl
dnl # END LOCAL ADDITIONS
dnl #

You can test / check the newly installed & configured SpamAssassin with the command:
spamassassin -D < /usr/share/doc/spamassassin-3.2.5/sample-spam.txt 2>&1 |grep -i spf
Looking for lines like:
[1290] dbg: spf: using Mail::SPF for SPF checks
&
[1290] dbg: spf: def_spf_whitelist_from: already checked spf and didn’t get pass, skipping whitelist check
[1290] dbg: spf: whitelist_from_spf: already checked spf and didn’t get pass, skipping whitelist check

3b. Now rebuild the sendmail.cf from your updated sendmail.mc in /etc as root with
make

3c. Ensure all the dependent & requisite servers are running for Clam & SA with
chkconfig clamd on
chkconfig clamav-milter on
chkconfig spamass-milter on
chkconfig sendmail on
chkconfig dovecot on


3d. Then start everything in the same order as per their init.d files, with
service clamd start
service clamav-milter start
service spamass-milter start


3e. Then restart Sendmail with
service sendmail restart

3z. SPF config & enabling <- not="" optional="" p="" working="" yet=""> Configure for the SMF-SPF support in /etc/mail/sendmail.mc and remake sendmail.cf with
cd /etc/mail
cat >> sendmail.mc < END
dnl **
dnl ** enable smf-spf (Sender Policy Framework) **
dnl **
define(`confMILTER_MACROS_HELO', confMILTER_MACROS_HELO`, {verify}')dnl
INPUT_MAIL_FILTER(`smf-spf', `S=unix:/var/run/smfs/smf-spf.sock, T=S:30s;R:1m')dnl
END
make


In /etc/mail as root run make to generate the new sendmail.cf & submit.cf Sendmail config files.
Start SPF and restart Sendmail with
/etc/init.d/smf-spf restart
/etc/init.d/sendmail restart


4. Testing / Verifying Setup

4a. Check /var/log/maillog

4b. Test with a manual SMTP dialog using the telnet command to the server from another remote host on the Internet (ie: NOT from the server itself) to port 25 on your Sendmail host.