Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I am running redhat 7.1 and sendmail 8.11.9 with procmail and anomy sanitizer.
now i found that anomy sanitizer only able to scan incoming mails but not the outgoing mails.
This is the problem what i am facing now, because yesterday our email had been blocked by our vendor because they said we are sending virus to them and indeed we are sendiing the virus mail to them coz one of our computer here infected by worm32/mabutu.
Now i want to install the mailscanner which can scan all incoming and outgoing mail, so no matter it is incoming or outgoing, the mailscanner will scna the mail before give it to MTA ans so on.
I am want to know how to remove the anomy sanitizer and change it with mailscanner? i don't want to try because if i do something wrong, all the system will be in trouble and my users will start shouting at me.
Anybody know how to do this?the best way to remove sanitizer and install mailscanner on it.
If anomy is called directly by sendmail (needs a little modification to sendmail.cf) and not procmail, there is a possiblility to sanitize outgoing mail, too.
What you could do is: refer to the anomy documentation to see what changes you have to make to sendmail.cf to start anomy by sendmail; backup the original sendmail.cf; do the changes to a copy of it; replace sendmail.cf with the modified one; sighup sendmail and see if it works.
If it works you are done, if not, replace sendmail.cf with the original one, and sighup sendmail.
If you are paranoid, you can make two handy scripts:
one that creates the modified setup (replaces sendmail.cf, sighups sendmail and sends a test mail), and an other that recovers the original setup (replaces sendmail.cf with the backup copy and sighups sendmail)
If you do so, the server will be out of service only for some seconds.
However, I do not feel that you would be safe just because you scan outgoing mail: anomy (and MailScanner, that also uses anomy) use a virus scanner to find viruses. And you can bet the virus scanner will fail to find any new viruses regardless of whether incoming or outgoing.
So, I would rather advise you to keep the present setup, but configure anomy to impose much stricter rules on INCOMING mails: quarantine all executable attachments and everything that could not be sanitized (i.e. encrypted mails). Only release quarantined files after a week, when the virus scanner is ready to find even the viruses that were new in them.
Additionally, deny access to remote pop3 servers on the firewall (if users protest, tell them that this is the price of REAL safety or you can possibly install fetchmail to still allow them access to their mails from those remote pop3 servers, but this time filtered through you mail server).
As an addition, keep your eyes on the mail server: you can write a small script that alarms you (sends you a pop-up message) anytime mail traffic exceeds a pre-defined limit there.
I have been doing this for three years with success. Though we still had two infections in that time (I think its not that much with 70 users and in 3 years), but I could stop outgoing viral mails in a minute, due to the alarm pop-up message.
If you were interested, I could send you my alarm script. It needs bash, sendmail, and smbclient (for the pop-up).
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.