How to Setup MailWatch on CentOS 6.3


Share this Article :

mailwatch logoMailWatch for MailScanner is a open source or free web-based front-end to Mailscanner that use to displays the inbound/outbound mail queue, spam, viruses and blocked content on each page header. MailWatch has been written in PHP, MySQL and JpGraph. By using Mailwatch, it allows you to delete, release or run sa-learn across any messages that was quarantined. This post describes how to setup MailWatch on CentOS 6.3 and assumed that you already installed MailScanner and postfix.

1. Install required php and mysql :

[[email protected] ~]# yum install php mysql-server mysql php-gd php-mysql -y

2. Modify the php.ini :

[[email protected] ~]# vim /etc/php.ini

PHP should have the following set in php.ini

 short_open_tag = On
 safe_mode = Off
 register_globals = Off
 magic_quotes_gpc = On
 magic_quotes_runtime = Off
 session.auto_start = 0

3. Download the latest version from mailwatch.sourceforge.net :

[[email protected] ~]# wget http://sourceforge.net/projects/mailwatch/files/mailwatch/1.1.5.1/mailwatch-1.1.5.1.tar.gz

4. Extract downloaded mailwatch package :

[[email protected] ~]# tar xzvf mailwatch-1.1.5.1.tar.gz

5. Start mysql service :

[[email protected] ~]# service mysqld start
Initializing MySQL database:  WARNING: The host 'mx1.ehowstuff.local' could not be looked up with resolveip.
This probably means that your libc libraries are not 100 % compatible
with this binary MySQL version. The MySQL daemon, mysqld, should work
normally with the exception that host name resolving will not work.
This means that you should use IP addresses instead of hostnames
when specifying MySQL privileges !
Installing MySQL system tables...
OK
Filling help tables...
OK

To start mysqld at boot time you have to copy
support-files/mysql.server to the right place for your system

PLEASE REMEMBER TO SET A PASSWORD FOR THE MySQL root USER !
To do so, start the server, then issue the following commands:

/usr/bin/mysqladmin -u root password 'new-password'
/usr/bin/mysqladmin -u root -h mx1.ehowstuff.local password 'new-password'

Alternatively you can run:
/usr/bin/mysql_secure_installation

which will also give you the option of removing the test
databases and anonymous user created by default.  This is
strongly recommended for production servers.

See the manual for more instructions.

You can start the MySQL daemon with:
cd /usr ; /usr/bin/mysqld_safe &

You can test the MySQL daemon with mysql-test-run.pl
cd /usr/mysql-test ; perl mysql-test-run.pl

Please report any problems with the /usr/bin/mysqlbug script!

                                                           [  OK  ]
Starting mysqld:                                           [  OK  ]

6. Enter extracted mailwatch-x.x directory :

[[email protected] mailwatch-1.1.5.1]# ls
CHANGELOG   fix_quarantine_permissions  LICENSE  mailscanner               Remote_DB.txt  upgrade.php  USER_FILTERS
create.sql  INSTALL                     luser    MailScanner_perl_scripts  tools          UPGRADING
[[email protected] mailwatch-1.1.5.1]# mysql -p < create.sql

7. Create the database and import create.sql. The following commands below should be run as the ‘root’ :

[[email protected] mailwatch-1.1.5.1]# mysql -p < create.sql
Enter password:

8. Login to mysql as a root :

[[email protected] mailwatch-1.1.5.1]# mysql -u root -p
Enter password:
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 3
Server version: 5.1.67 Source distribution

Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql>

9. Proceed to create a MySQL user and then set password and configure MailScanner for SQL logging :

mysql> GRANT ALL ON mailscanner.* TO [email protected] IDENTIFIED BY 'password';
Query OK, 0 rows affected (0.00 sec)

mysql> GRANT FILE ON *.* TO [email protected] IDENTIFIED BY 'password';
Query OK, 0 rows affected (0.00 sec)

mysql> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.00 sec)

mysql> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| mailscanner        |
| mysql              |
| test               |
+--------------------+
4 rows in set (0.00 sec)

10. Edit MailWatch.pm and change the database values accordingly :

a. Enter to the perl_scripts’s folder :

[[email protected] mailwatch-1.1.5.1]# cd MailScanner_perl_scripts
[[email protected] MailScanner_perl_scripts]# pwd
/root/mailwatch-1.1.5.1/MailScanner_perl_scripts

b. Edit MailWatch.pm :

[[email protected] MailScanner_perl_scripts]# vim MailWatch.pm

c.Modify this as necessary for your configuration

my($db_name) = 'mailscanner';
my($db_host) = 'localhost';
my($db_user) = 'mailwatch';
my($db_pass) = 'password';

11. Move MailWatch.pm to /usr/lib/MailScanner/MailScanner/CustomFunctions :

[[email protected] MailScanner_perl_scripts]# cp MailWatch.pm /usr/lib/MailScanner/MailScanner/CustomFunctions

12. Create a MailWatch web user. This user will able to monitor the mailscanner through MailWatch web interface.

[[email protected] ~]# mysql mailscanner -u mailwatch -p
Enter password:
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 8
Server version: 5.1.67 Source distribution

Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> INSERT INTO users SET username = 'admin', password = md5('password'), fullname = 'MAilwatch Administrator', type ='A';
Query OK, 1 row affected (0.00 sec)

13. Install & Configure MailWatch :
a. Enter to mailwatch directory :

[[email protected] ~]# cd mailwatch-1.1.5.1

b. Move mailscanner folder for web root folder. For apache, default root folder is /var/www/html :

[[email protected] mailwatch-1.1.5.1]# mv mailscanner /var/www/html/

c. Enter to mailscanner folder in web root directory :

[[email protected] ~]# cd /var/www/html/mailscanner

d. Verify and check the permissions of /var/www/html/mailscanner/images and /var/www/html/images/cache. The permissions and ownerships should be as below :

[[email protected] mailscanner]# chown root:apache images
[[email protected] mailscanner]# chmod ug+rwx images
[[email protected] mailscanner]# chown root:apache images/cache
[[email protected] mailscanner]# chmod ug+rwx images/cache

14. Create conf.php by copying conf.php.example. Edit the values to any details as you created earlier :

a. Copy the conf.php :

[[email protected] mailscanner]# cp conf.php.example conf.php

b. Open conf.php :

[[email protected] mailscanner]# vim conf.php

c. Edit the details as below :

define('DB_TYPE', 'mysql');
define('DB_USER', 'mailwatch');
define('DB_PASS', 'password');
define('DB_HOST', 'localhost');
define('DB_NAME', 'mailscanner');

15. Before setup the mailscanner, make sure it’s Stopped. Run 3 to 4 times to ensure the mailscanner completely stop. The status will FAILED if mailscanner completely stop.

[[email protected] ~]# service MailScanner stop
Shutting down MailScanner daemons:
         MailScanner:                                      [  OK  ]
         incoming postfix:                                 [  OK  ]
         outgoing postfix:                                 [  OK  ]
[[email protected] ~]# service MailScanner stop
Shutting down MailScanner daemons:
         MailScanner:                                      [  OK  ]
         incoming postfix:                                 [  OK  ]
         outgoing postfix:                                 [  OK  ]
[[email protected] ~]# service MailScanner stop
Shutting down MailScanner daemons:
         MailScanner:                                      [  OK  ]
         incoming postfix:                                 [  OK  ]
         outgoing postfix:                                 [  OK  ]
[[email protected] ~]# service MailScanner stop
Shutting down MailScanner daemons:
         MailScanner:                                      [  OK  ]
         incoming postfix:                                 [  OK  ]
         outgoing postfix:                                 [  OK  ]
[[email protected] ~]# service MailScanner stop
Shutting down MailScanner daemons:
         MailScanner:                                      [FAILED]
         incoming postfix:                                 [  OK  ]
         outgoing postfix:                                 [  OK  ]

16. Edit /etc/MailScanner/MailScanner.conf.

[[email protected] ~]# vim /etc/MailScanner/MailScanner.conf

Make sure that the following options are set:

 Always Looked Up Last = &MailWatchLogging
 Detailed Spam Report = yes
 Quarantine Whole Message = yes
 Quarantine Whole Message As Queue Files = no
 Include Scores In SpamAssassin Report = yes
 Quarantine User = root
 Quarantine Group = apache (this should be the same group as your web server)
 Quarantine Permissions = 0660

17. Start MailScanner :

[[email protected] ~]# service MailScanner start
Starting MailScanner daemons:
         incoming postfix:                                 [  OK  ]
         outgoing postfix:                                 [  OK  ]
         MailScanner:                                      [  OK  ]

18. Restart httpd service :

[[email protected] ~]# service httpd restart

19. Make sure all the related service such as httpd, mysql and MailScanner configured to start at boot :

[[email protected] ~]# chkconfig mysqld on
[[email protected] ~]# chkconfig httpd on
[[email protected] ~]# chkconfig MailScanner on
[[email protected] ~]# chkconfig spamassassin on
[[email protected] ~]# chkconfig postfix on

20. Check the mail log.

[[email protected] ~]# tail -f /var/log/maillog

You should see something as below :

Mar  5 22:14:42 mx1 MailScanner[1718]: Using locktype = flock
Mar  5 22:14:43 mx1 MailScanner[1697]: Requeue: C297BA1C3F.AA850 to E7373A1DD6
Mar  5 22:14:43 mx1 postfix/qmgr[1687]: E7373A1DD6: from=<[email protected]>, size=609, nrcpt=1 (queue active)
Mar  5 22:14:43 mx1 MailScanner[1697]: Uninfected: Delivered 1 messages
Mar  5 22:14:43 mx1 MailScanner[1697]: Deleted 1 messages from processing-database
Mar  5 22:14:43 mx1 MailScanner[1697]: Logging message C297BA1C3F.AA850 to SQL
Mar  5 22:14:43 mx1 postfix/local[1768]: E7373A1DD6: to=<[email protected]>, orig_to=, relay=local, delay=166894, delays=166894/0.13/0/0.02, dsn=2.0.0, status=sent (delivered to mailbox)
Mar  5 22:14:43 mx1 postfix/qmgr[1687]: E7373A1DD6: removed
Mar  5 22:56:25 mx1 postfix/postfix-script[1869]: fatal: the Postfix mail system is already running
Mar  5 23:01:08 mx1 update.bad.phishing.sites: Delaying cron job up to 600 seconds

21. Login to mailwatch web interface :
1

2

Like this Article? Subscribe to Our Feed!

One Response

  1. Ihsan Khan

Leave a Reply

Your email address will not be published. Required fields are marked *