I guess I should use a "real" virus scanner - blocking win32 executables certainly won't stop a macro virus etc. I am impressed with clamAV - very speedy and easy to update virus signatures. Plus it has a nifty RPM that sets everything up for you in one command.
I have a question regarding the toaster instructions - is it normal for all courier processes to run as root? I deviated from the toaster instructions in places but not on the courier install. More specifically when I "ps -aux", I can see that authdaemond, couriertcpd, courierlogger all run as root and when I telnet to 143, I see this:
vpopmail 22550 0.0 0.0 1792 712 telnet localhost 143 root 22551 0.0 0.0 1404 380 /usr/lib/courier-imap/sbin/imaplogin
I have never run an IMAP server before - POP3 has been fine for the past six years. Now I have enough people asking for IMAP (granted a small minority) that I thought I would give it a try - seems like the protocol is a lot more complicated than POP3 but I can see why some situations call for it. In other words, please excuse by ignorance on the protocol and courier.
I changed these two files slightly (called by /etc/init.d/courier-imap):
/usr/lib/courier-imap/libexec/imapd-ssl.rc /usr/lib/courier-imap/libexec/imapd.rc
I added -user=vpopmail in both files under the "start)" section (the couriertcpd man page references this option). Now the processes run as the vpopmail user except for authdaemond. Is this a bad idea? You guys obviously know this stuff and I can't help but think I am missing something here. I have not tested it yet but plan to tomorrow (have other "emergency" work that has interrupted the mail server setup) - just wanted to make sure I wasn't doing anything stupid. Does courier need to write to any part of the filesystem that is not owned by vpopmail if I am only running IMAP for vpopmail users (besides courierlogger needing write access to logs)?
Mike
P.S. Does anyone have experience with http://bincimap.org/ (IMAP server with Maildir++ support) ? Looks relatively nifty. This mailing list post brought it to my attention: http://www.mail-archive.com/[EMAIL PROTECTED]/msg01013.html while I was searching for information on running courier.
Bill Shupp wrote:
Tom Collins wrote:
On Feb 12, 2004, at 9:45 AM, Bill Shupp wrote:
My recommendation is to use the qmail-scanner/clamav solution rather than this virus patch. Netqmail already comes with the qmailqueue patch, which is required for qmail-scanner to work. And clamav already had MyDoom added to its virus definitions before MyDoom had a name (that's why they called it WORM.SCO.A (meaning the clamav guys are very much on the ball). Since using this solution, I have not had a complaint of a single virus getting through.
And I highly recommend Qscanq, <http://budney.homeunix.net:8080/users/budney/software/qscanq/>, as a replacement for qmail-scanner. It's a C-based program that replaces qmail-queue and does virus scanning on inbound messages. If a message contains a virus, it's denied by qmail-smtpd. No bounces to forged senders, no virus warnings to annoy the recipient, no bounces for non-existent recipients, no spam scanning of viruses, no Perl overhead of qmail-scanner.
Tom, this is great, thanks for mentioning it. It doesn't appear to use TNEF for unpacking such encoded emails.. have you found this to be a detriment? Or have I missed something?
Also, qmail-scanner has a nice mechanism for specifying your own quarantine-attachments via the tab delimited text file. This is great for blocking all attachments with specific suffixes, like .vbs or .scr. Is there any equivalent for qscanq?
I use it in conjunction with qmail-spamc (in SpamAssassin's qmail directory) to scan all incoming messages for viruses and spam without invoking Perl. At some point, I will probably replace qmail-spamc with Ken Jones' patch for vpopmail that adds SpamAssassin scanning to vdelivermail.
And I assume qmail-spamc will also reject mail at the smtpd level?
Lastly, I could not quickly find Ken's patch. Do you have a link for it?
I personally stopped running spamassassin site-wide, and use maildrop to call spamc on a per-user basis (with the help of qmailadmin's "detect spam" feature. In conjunction with webuserprefs (php interface for configuring spamassassin prefs), this works pretty well. The biggest issue is having so many control panels for mail: SquirrelMail's prefs, QmailAdmin, WebUserPrefs. But at least everything is now covered that I need.
Thanks!
Bill Shupp
