Here’s the path I took to install http://www.qmailrocks.org/ on fedora core 5 x86_64 running on an Athlon 64.
- pre-install
- yum install php-imap
- yum install php-mysql
- cpan Digest::SHA1
- cpan Digest::HMAC
- cpan Net::DNS
- cpan Time::HiRes
- cpan HTML::Tagset
- cpan HTML::Parser
- downloaded, compiled, etc. according to the qmailrocks redhat howto with the following exceptions:
- skipped installing the autoresponder – we don’t want any autoresponder functionality.
- installed vpopmail WITH mysql integration.
- mysql integration failed with some compilation errors. It looks like this is a 64-bit compatibility issue – it seems to be trying to link against 32-bit libraries and the ld line is failing. I don’t have time to troubleshoot this now.
- went back and installed autoresponder because it was required for another install. Sigh.
- skipped vqadmin because it gave us inscrutable compile errors and wouldn’t install.
- tested SMTP with no problems
- Post-install add-ons
- Clam Antivirus
- Clam is not installing properly due to dependency conflicts. Upon further investigation, certain perl modules were missing. ran:
- cpan Time::HiRes — for some reason this did an install when i ran it this time, although earlier it had said it was UTD.
- cpan The Pod::Usage
- cpan Parse::Syslog
- cpan Statistics::Distributions
- Clam is now not able to install because the qmailrocks RPMs won’t work on the 64-bit processor, so i’m yumming them.
- yum install perl-suidperl
- yum install clamav clamav-milter clamav-server clamav-update
- ClamReadMe
- [root@leikata etc]# mv /etc/clamd.conf /etc/clamd.d/softpixel.conf
- [root@leikata etc]# ln -s /etc/clamd.d/softpixel.conf /etc/clamd.conf
- replaced all “<SERVICE>” tags with “softpixel” (also removing brackets) in the clamd.conf file.
- [root@leikata template]# mv clamd.logrotate /etc/logrotate.d
- replaced all “<SERVICE>” tags with “softpixel” (also removing brackets) in the clamd.logrotate
- [root@leikata clamd.d]# mkdir /var/log/clamav/
- [root@leikata clamd.d]# touch /var/log/clamav/clamd.softpixel
- [root@leikata clamd.d]# chgrp qscand /var/log/clamav/clamd.softpixel
- [root@leikata clamd.d]# chmod 0620 /var/log/clamav/clamd.softpixel
- Setting the updater:
- [root@leikata clamav]# touch /var/log/clamav/clam-update.log
- [root@leikata clamav]# chmod 775 /var/log/clamav/clam-update.log
- [root@leikata clamav]# chown qscand:qscand /var/log/clamav/clam-update.log
- [root@leikata log]# chown qscand:qscand -R /var/lib/clamav
- [root@leikata log]# /usr/bin/freshclam -l /var/log/clamav/clam-update.log
- it updated.
- Clam is not installing properly due to dependency conflicts. Upon further investigation, certain perl modules were missing. ran:
- SpamAssasin
- cpan Mail::SpamAssassin
- /var/log/maillog qmail-scanner error and troubleshooting
- Qmail Scanner
- [root@leikata qlogtools-3.1]# vi /usr/local/qmailanalog/bin/zfailures <— replaced the “sort +2” pipe with “sort -n -r -k 2” – the version of sort included with fedora doesn’t support the “+2” syntax.
- [root@leikata qlogtools-3.1]# vi /usr/local/qmailanalog/bin/zdeferrals <— replaced the “sort +2” pipe with “sort -n -r -k 2”
- Clam Antivirus
After this, we discovered clamd wasn’t starting properly at boot-time. SELinux was bitching:
kernel: audit(1161390036.976:4): avc: denied { search } for pid=2356 comm="clamd.softpixel" scontext=system_u:system_r:clamd_t:s0 tcontext=system_u:object_r:sysctl_kernel_t:s0 tclass=dir
kernel: audit(1161390036.976:5): avc: denied { search } for pid=2356 comm="clamd.softpixel" name="sys" dev=proc ino=4026531867 scontext=system_u:system_r:clamd_t:s0 tcontext=system_u:object_r:sysctl_t:s0 tclass=dir
kernel: audit(1161390037.268:6): avc: denied { append } for pid=2356 comm="clamd.softpixel" name="clamd.softpixel" dev=dm-0 ino=2851961 scontext=system_u:system_r:clamd_t:s0 tcontext=root:object_r:var_log_t:s0 tclass=file
kernel: audit(1161390037.272:7): avc: denied { sys_tty_config } for pid=2356 comm="clamd.softpixel" capability=26 scontext=system_u:system_r:clamd_t:s0 tcontext=system_u:system_r:clamd_t:s0 tclass=capability
Clamd started happily when we disabled SELinux protection for it:
- in system-config-securitylevel, under SELinux / Modify SELinux Policy, I checked:
- Other / clamscan_disable_trans
- SELinux Service Protection / Disable SELinux protection for clamd daemon
Of course, I first tried to create a new policy allowing exactly what clamd was needing (which would be way preferable to disabling SELinux), but I got the following error…
# audit2allow -M local -l -i aud
[root@leikata ~]# semodule -i local.pp
libsepol.permission_copy_callback: Module local depends on permission search in class file, not satisfied
libsemanage.semanage_link_sandbox: Link packages failed
semodule: Failed!
… and haven’t been able to figure this out yet.