TWiki Home TWiki . Protector . DocInstall101 (r1.1 vs. r1.2) TWiki webs:
Know?| Main | Protector | TWiki |
Protector . { Home | Changes | Index | Search | Go }
 <<O>>  Difference Topic DocInstall101 (r1.2 - 04 Oct 2002 - ChrisLowth)
Changed:
<
<

Installing Protector 1.01-beta releases

>
>

How to install protector %VERSION%

For 'protector' (at http://protector.sourceforge.net)
By Chris Lowth, (protector@lowth.com)
Date %RELDATE%

Compile and install the programs, scripts etc using the "GNU Make" program, thus.. 

         gmake deps
         gmake build
         gmake install

Now edit the file /etc/protector.conf and verify that all the configuration settings listed there are to you liking. For most installations, the default settings can be left unchanged.

Once the software has been compiled and installed, you should configure your mail server to invoke protector for local mail delivery. The following sections describe how to do this in a variety of situations.

Configuring SENDMAIL to invoke PROTECTOR for all users

In order to use protector to scan the emails of all user's of your system, you need to change the /etc/sendmail.cf file to replace the reference to program "procmail" with "protector" in the "Mlocal" mailer definition, and to remove the "n" option from the F=... field of the original mailer specifications.

If you generate your sendmail.cf file using a tool like linuxconf or the m4/sendmail.mc logic then you can either change that tool, or hack the sendmail.cf file after using the tool. Opinion seems to be strongly divided about which is the best route, so I present details of the options I am aware of - and leave it to you to choose. Obviously, the sendmail.cf hack will always work, no matter how you generate your config file - but it will get lost if you re-generate the file - so editting the tool you use (if you use one - not everybody does) may be a better bet.

Option 1 - Using sendmail.mc and m4

If you generate your sendmail.cf file from the sendmail.mc source, then you need to add or change the following lines to sendmail.mc.. 

   define(`LOCAL_MAILER_PATH', `/usr/bin/protector')
   define(`PROCMAIL_MAILER_PATH', `/usr/bin/protector')
   MODIFY_MAILER_FLAGS(`LOCAL',`-n')

And then regenerate the sendmail.cf file using the usual command.. 

   m4 sendmail.mc > sendmail.cf

Option 2 - Hacking linuxconf

If you use "linuxconf" and/or "mailconf" on Redhat systems, then you need to apply the changes described in "Hacking the sendmail.cf file" (below) to it's source file insteads. The file to edit is.. 

   /usr/lib/linuxconf/mailconf/localmailer.procmail.cf

Once you have made this edit, use mailconf (or linuxconf) to regenerate the sendmail.cf file. You should be aware that using this route has a danger - if you ever reinstall or update "linuxconf" (using up2date or similar) then you will loose this edit, and will have to reapply it.

Option 3 - Hacking the sendmail.cf file

The following changes need to be made on a redhat 6.x or 7.x system. 

 Mlocal,         P=/usr/bin/procmail, F=lsDFMAw5:/|@qSPfhn9, S=10/30, R=20/40,
                 T=DNS/RFC822/X-Unix,
                 A=procmail -Y -a $h -d $u

 -- change to -->

 Mlocal,         P=/usr/bin/protector, F=lsDFMAw5:/|@qSPfh9, S=10/30, R=20/40,
                 T=DNS/RFC822/X-Unix,
                 A=procmail -Y -a $h -d $u

Note that, in the above edit ..

  • not all occurrences of the string "procmail" are changed - only where the name is supplied as part of a P=string
  • the option "n" is only removed from F=.. entry.

Restarting sendmail

Now stop and re-start sendmail 

         cd /etc/init.d
         sh sendmail stop
         sh sendmail start

And that should be that.

Configuring SENDMAIL to invoke PROTECTOR for specified users

If you dont want to use protector to scan the e-mails of all your users, but only wish to enable for a few, then dont make the sendmail.cf edit described above, but create a ".forward" file in the home directories of those user's for whom protector is to be envoked. The file should contain a single line with the following text.. 

   "|/usr/bin/protector"

Note that the quotes and pipe bar ("|") are all significant, and should be entered exactly as shown.

The file should have its owner and group set to those of the user concerned (use chown and chgrp), and have an access mode no more open than "-rw-r--r--". If you also want to prevent the user tampering with his own file, you can change it to be "immutable" on Linux (provide it is on an ext2 or ext3 file system - which it usually is). Use the following command to do this.. 

   chattr +i .forward

Read the chattr man page for details of this very useful oft-neglected command.

Configuring POSTFIX to invoke PROTECTOR for all users.

(From a note provided by Dan Ross [thanks Dan!]) 

 # vi /etc/postfix/main.cf
         replace:        mailbox_command = /usr/bin/procmail
         with:           mailbox_command = /usr/bin/protector
 # postfix reload
Deleted:
<
<

This document has not been written yet - I'll do it soon!

Deleted:
<
<

-- ChrisLowth - 11 Jul 2002


 <<O>>  Difference Topic DocInstall101 (r1.1 - 11 Jul 2002 - ChrisLowth)
Added:
>
>

%META:TOPICINFO{author="chris.lowth" date="1026376986" format="1.0" version="1.1"}% %META:TOPICPARENT{name="DocGuide101"}%

Installing Protector 1.01-beta releases

This document has not been written yet - I'll do it soon!

-- ChrisLowth - 11 Jul 2002


Topic DocInstall101 . { View | Diffs | r1.2 | > | r1.1 | More }
Revision r1.1 - 11 Jul 2002 - 08:43 GMT - ChrisLowth
Revision r1.2 - 04 Oct 2002 - 09:30 GMT - ChrisLowth 		Copyright © 2001 by the contributing authors. All material on this collaboration tool is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback.