AWS Monster | Your Technical Partner

I am using MailScanner Email Security Gateway to scan emails for viruses, spam, phishing, malware, and other attacks against security vulnerabilities. Under the hood, MailScanner uses ClamAV(clamd) for virus scan, and uses Spamassassin to scan for spams. I am also using CWP7pro.admin where all packages are already installed and running smoothly. You just need prepare your ClamAV antivirus usable for MailScanner. 1. ClamAVInstallation (Install ClamAV): At first check the below packages are installed or not. If any packages is missing , run the below command to install # yum info clamav-server clamav-data clamav-update clamav-filesystem clamav clamav-scanner-systemd clamav-devel clamav-lib clamav-server-systemd # yum install clamav-server clamav-data clamav-update clamav-filesystem clamav clamav-scanner-systemd clamav-devel clamav-lib clamav-server-systemd Unrar RPM Sources: http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.3-1.el7.rf.x86_64.rpm  [ This link will

The Bayesian classifier in Spamassassin tries to identify spam by looking at what are called tokens; words or short character sequences that are commonly found in spam or ham. If I've handed 100 messages to sa-learn that have the phrase penis enlargement and told it that those are all spam, when the 101st message comes in with the words penis and enlargment, the Bayesian classifier will be pretty sure that the new message is spam and will increase the spam score of that message. In order for SpamAssassin to be accurate, you must train it on your specific mail patterns. SpamAssassin has a Bayesian classifier that can be used to help refine the classification of spam mail. The sa-learn interface allows you to train SpamAssassin to recognize good mail and junk mail. You need to train with both spam and ham mails. One type of mail alone will not have any effect. To filter for spam: Save spam into a new mail folder called Spam Save non-spam (ham) into a new folder called Ham. You m

Please do not try to use the ancient, modified versions of DCC software distributed by some Linux packagers. Those versions do not detect bulk mail as well as more recent versions. Installations using those old versions also have problems using the public DCC servers that often make it necessary to add their IP addresses to the blacklist that protects the public DCC servers. The DCC source is available at  dcc-servers.net  and  Rhyolite Software .  The license on the free source is in the source as well as  dcc-servers.net . The free license is intended to cover individuals and organizations including Internet service providers using DCC to filter their own mail. Organizations selling anti-spam appliances or managed mail services are not eligible for the free license. https://www.dcc-servers.net/dcc/FAQ.html   Distributed Checksum Clearinghouse (DCC) Installation: Open UDP_OUT port 6277 in firewall. DCC RPM Sources: 1. https://www.mirrorservice.org/sites/dl.atrpms.net/el7-x8

Vipul's Razor is a distributed, collaborative, spam detection and filtering network. The primary focus of the system is to identify and disable an email spam before its injection and processing is complete. Open the following port in your firewall: TCP 2703 Outgoing : Razor2 Razor Installation # yum install pyzor perl-Razor-Agent Create Razor Home Directory # mkdir /etc/mail/spamassassin/.razor Enable the Pyzor plugin # vi /etc/mail/spamassassin/v310.pre # Razor2 - perform Razor2 message checks. # loadplugin Mail::SpamAssassin::Plugin::Razor2 Add the following to /etc/mail/spamassassin/local.cf # razor use_razor2 1 razor_config /etc/mail/spamassassin/.razor/razor-agent.conf score RAZOR2_CHECK 3.000 Restart # systemctl restart spamassassin Discover the Razor  # razor-admin -home=/etc/mail/spamassassin/.razor -register # razor-admin -home=/etc/mail/spamassassin/.razor -create # razor-admin -home=/etc/mail/spamassassin/.razor -discover Define Home Directory, Edit /et

Pyzor is a collaborative, networked system to detect and block spam using digests of messages.Using Pyzor client a short digest is generated that is likely to uniquely identify the email message. This digest is thensent to a Pyzor server to: Check the number of times it has been reported as spam or whitelisted as not-spam Report the message as spam Whitelist the message as not-spam Since the entire system is released under the GPL, people are free to host their own independent servers. There is,however, a well-maintained and actively used public server available (courtesy of SpamExperts) at: public.pyzor.org:24441 Open the following port in your firewall: UDP 24441 Outgoing : Pyzor TCP 24441 Incoming : Pyzor Pyzor RPM Sources: 1.  ftp://mirror.switch.ch/pool/4/mirror/fedora/linux/releases/22/Everything/x86_64/os/Packages/p/pyzor-0.5.0-10.fc21.noarch.rpm [This will not work ] 2. http://209.132.181.8/pub/archive/fedora/linux/releases/22/Everything/x86_64/os/Packages/p/p

AppArmor is a kernel enhancement to confine programs to a limited set of resources. AppArmor's unique security model is to bind access control attributes to programs rather than to users. AppArmor confinement is provided via profiles loaded into the kernel via apparmor_parser, typically through the /etc/init.d/apparmor SysV initscript (on Ubuntu, Follow the below link for details), which is used like this: # /etc/init.d/apparmor start # /etc/init.d/apparmor stop # /etc/init.d/apparmor restart # sudo apparmor_status AppArmor can operate in two modes: enforcement, and complain or learning: enforcement - Profiles loaded in enforcement mode will result in enforcement of the policy defined in the profile as well as reporting policy violation attempts to syslogd. complain - Profiles loaded in "complain" mode will not enforce policy. Instead, it will report policy violation attempts. This mode is convenient for developing profiles. To manage complain mode for i

Since Ubuntu 16.04 timedatectl / timesyncd (which are part of systemd) replace most of ntpdate / ntp.  timesyncd is available by default and replaces not only ntpdate, but also the client portion of chrony (or formerly ntpd). So on top of the one-shot action that ntpdate provided on boot and network activation, now timesyncd by default regularly checks and keeps your local time in sync. It also stores time updates locally, so that after reboots monotonically advances if applicable. Accurate time keeping is important for a number of reasons in IT. This setup is the best practice that helps with problem diagnosis and informal server monitoring. I am living in Asia that's why i'm using this pool. Install Chrony and Configure The NTP server: # sudo apt install chrony # vi /etc/chrony/chrony.conf #pool 2.debian.pool.ntp.org offline iburst server 0.asia.pool.ntp.org iburst server 1.asia.pool.ntp.org iburst server 2.asia.pool.ntp.org iburst server 3.asia.pool.ntp.org iburst