This patch makes mailwatch to release messages via mailfeeder re-injecting the actual message through the smtp server to make it appear like the original message that was sent as opposed to the default mailwatch release that sends the released mail as an attachment from the postmaster account.
# wget http://www.topdog-software.com/files/mailwatch_release.patch.gz # gunzip mailwatch_release.patch.gz # cd /var/www/html # patch -i /usr/local/src/mailwatch_release.patch
Since we are installing mailwatch into /var/www/html instead of /var/www/html/mailscanner we need to make modifications to the config conf.php to reflect this
define(MAILWATCH_HOME, '/var/www/html');
Set the following options in conf.php
define(DB_TYPE, 'mysql'); define(DB_USER, 'mailwatch'); define(DB_PASS, 'password'); define(DB_HOST, 'localhost:/var/lib/mysql/mysql.sock'); define(DB_NAME, 'mailscanner');
define(QUARANTINE_USE_FLAG, true); define(QUARANTINE_DAYS_TO_KEEP, 30);
# cp /usr/local/src/mailwatch-1.0.4/tools/quarantine_maint.php /usr/local/bin/ # chmod +x /usr/local/bin/quarantine_maint.php # ln -s /usr/local/bin/quarantine_maint.php /etc/cron.daily
Disable the mailscanner installed cron script /etc/cron.daily/clean.quarantine
$disabled = 1;
For mailwatch to work under enforcing mode we need to install a custom selinux policy module. The module source is below:
module mailwatch 1.0;
require {
class dir { getattr read search };
class file { getattr read execute execute_no_trans ioctl };
class lnk_file { read getattr };
class tcp_socket name_connect;
type spamc_exec_t;
type clamd_t;
type getty_t;
type hostname_exec_t;
type initrc_t;
type unconfined_t;
type var_spool_t;
type etc_mail_t;
type ls_exec_t;
type smtp_port_t;
type spamassassin_exec_t;
type httpd_sys_content_t;
type httpd_t;
type mysqld_t;
type lib_t;
};
allow httpd_t clamd_t:dir getattr;
allow httpd_t hostname_exec_t:file getattr;
allow httpd_t var_spool_t:dir read;
allow httpd_t var_spool_t:file { getattr ioctl read };
allow httpd_t spamc_exec_t:file { execute execute_no_trans getattr read ioctl };
allow httpd_t etc_mail_t:dir { search getattr read };
allow httpd_t etc_mail_t:file { getattr read ioctl };
allow httpd_t etc_mail_t:lnk_file { getattr read };
allow httpd_t hostname_exec_t:file { execute read execute_no_trans };
allow httpd_t unconfined_t:dir { getattr search read };
allow httpd_t unconfined_t:file { read };
allow httpd_t initrc_t:dir { getattr search read };
allow httpd_t initrc_t:file read;
allow httpd_t ls_exec_t:file { execute read getattr execute_no_trans };
allow httpd_t spamassassin_exec_t:file { execute getattr read execute_no_trans ioctl };
allow mysqld_t httpd_sys_content_t:dir { getattr read search };
allow mysqld_t httpd_sys_content_t:file { read getattr };
allow httpd_t smtp_port_t:tcp_socket name_connect;
allow httpd_t lib_t:file execute_no_trans;
The module source can be downloaded from http://www.topdog-software.com/files/mailwatch.te.gz
# wget http://www.topdog-software.com/files/mailwatch.te.gz # gunzip mailwatch.te.gz # checkmodule -M -m -o mailwatch.mod mailwatch.te # semodule_package -o mailwatch.pp -m mailwatch.mod # semodule -i mailwatch.pp
# cp /usr/local/src/mailwatch-1.0.4/mailq.php /usr/local/bin # chmod +x /usr/local/bin/mailq.php # crontab -e 0-59 * * * * /usr/local/bin/mailq.php
Edit for new directory layout
if(flock($fl, LOCK_EX + LOCK_NB)) {
require "/var/www/html/functions.php";