Cyber Resistance

Information Security Blog

PfSense: MailScanner Installation and Configuration

Hello everybody,

Today a post about the mailscanner package that is developed for PfSense. I will talk you trough the installation and configuration.

MailScanner is an e-mail security and anti-spam package for e-mail gateway systems. It is not designed to be run on Microsoft Windows desktop PCs. Instead, it is designed to be run on mail servers operated by companies and ISPs so that all their users and customers can be protected from one place. This avoids the need for any software to be installed on individual desktop PCs at all. The software works with any Unix-based system and is compatible with a wide range of mail transports, and comes with support for any combination of 25 different virus scanner packages, including the free ClamAV scanner.

MailScanner is implemented in around 50,000 lines of Perl. It links with other software packages in order to perform its functions:
E-mail server (e.g. sendmail)
Anti-virus software (e.g. ClamAV)
Anti-spam software (SpamAssassin)


MailScanner Installation

To install MailScanner under pfSense, navigate to System -> Packages, and scroll down to “Mailscanner” in the package list. Press the “plus” button to the right of the listing, and on the next page, press the “Confirm” button to confirm installation. It will take a few minutes for the Package Installer to extract and install MailScanner.

Once MailScanner is installed, there will be a new entry on the “Services” menu called “MailScanner”. If you navigate to it, you will be able to modify several settings. There are 9 tabs: “General”, “Attachments”, “Antivirus”, “Content”, “AntiSpam”, “Alerts”, “Reporting”, “XMLRPc Sync”, and “Help”. Under the “General” tab, the first heading is “System Settings”. The “Enable Mailscanner” check box will enable the mailscanner daemon if checked. “Max Children” allows you to choose how many MailScanner processes you want to run at a time (the default is 50. “Processing Incoming email” allows you to either scan messages or reject messages.

In the “Logging” secion, “Syslog Facility” allows you to specify what type of program is logging the message. The default is “mail”, and that is probably what you want to leave it at, but there may be circumstances when you may want to specifiy a different Syslog facility. See the Syslog entry on Wikipedia for a list of facility levels, or read RFC 1164 for more information. The “Logging” list box allows you to choose which messages to log.

“Advanced Settings” has some additional options. “Advanced features” allows you to select several options. By default, only “Deliver in Background” is selected. “Deliver Method” allows MailScanner to attempt immediate delivery of messages, or just place them in the outgoing queue for the MTA to deliver when it wants. “Minimum Code Status” lets you set the minimum acceptable code status; if MailScanner comes across a code that is not at least as stable as what it set here, it will stop running.

Now we will look at some of the other configuration options.

If we navigate to Services -> MailScanner, there are nine tabs. The second tab is “Attachments“. Under the “Attachments” heading, there are several settings. The “Attachments features” list box controls how attachments are handled. “Expand TNEF” causes MailScanner to expand TNEF (Transport Neutral Encapsulation Format) attachments. TNEF is a proprietary e-mail attachment format used by Microsoft Outlook and Microsoft Exchange Server. “Deliver Unparsable TNEF” will do the opposite, and leave TNEF attachments unexpanded. “Find Archive By Content” will enable searching archives. “Unpack Microsoft Documents” will expand non-TNEF Microsoft attachments, and “Zip Attachments” will allow zip attachments through.

“TNEF Contents” specifies what to do when TNEF attachments are expanded. If this is set to “no”, a TNEF attachment will be listed as an attachment, but not the attachments contained therein. If however, this is set to “add” or “replace”, then the attachments contained in the archive will be added to the list of attachments in the message, and recipients of messages sent in this format will be able to read the attachments even if they are not using Microsoft Outlook.

“Maximum Attachment Size” specifies the maximum size (in bytes) of any attachment in a message. If this is set to zero, no attachments will be allowed. If this is set to less than zero, then no size checking will be done. The default value is -1.

Scrolling down, you will see edit boxes containing two separate config files: filename.rules.conf and filetypes.rules.conf. filename.rules.conf allows or denies certain files based on the file’s extension, while filetypes.rules.conf allows or denies certain file types based on their MIME (Multipurpose Internet Mail Extensions) type.

The next tab is “Antivirus“. under the “Antivirus” heading, there are several settings. The first is “Virus scanner features“. “Virus Scanning” is enabled by default, as is “Check Filenames In Password-Protected Archives“. In addition, you can enable such features as “Deliver Disinfected Files” (deliver files after they have been disinfected by the antivirus engine), “Still Deliver Silent Viruses“, “Block Encrypted Messages“, “Block Unencrypted Messages“, and “Allow Password Protected Archives“. The next setting is “Virus scanner“, which controls which virus scanner to use. Possible settings are “auto” (let MailScanner decide what to use), “clamav” (Clam AV), “clamd” (the Clam daemon), or “none” for no e-mail scanning. “Virus Scanner Timeout” controls the maximum length of time the commercial virus scanner is allowed to run for one batch of messages. The default is 300 seconds. The next heading, “Custom antivirus options“, allows you to add any custom parameters you need to specify.

The next tab is “Content“. The first heading is “Removing/Logging dangerous or potentially offensive content“. The first setting is the “Contents” list box, which determines what content for which MailScanner will scan. The default settings are “Dangerous content Scanning“, “Find Phishing Fraud“, “Also Find Numeric Phishing“, “Use stricter Phishing Net“, and “Highlight Phishing Fraud“. Other settings include “Allow Partial Messages“, “Allow External Message Bodies“, “Convert Dangerous HTML To Text“, “Convert HTML To Text“.

1 Comment

Add a Comment
  1. I have SG2240 Netgate PFSense there is no package Mail Scanner , how can I install and customize in packages

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Cyber Resistance © 2017 Frontier Theme