Tag Archives: Linux Tutorials

Linux Tutorials and Unix Similar multi-user operating systems based on the Linux kernel and essentially on GNU software. Like CentOS, Debian, Ubuntu Fedora.

UNBLOG Tutorials (EN)

Install Signal Desktop on Linux

Home
Leave a comment

How to Install Signal Desktop on Linux Mint and Ubuntu

Signal is a free messenger with encryption of the non-profit Signal Foundation. It is best known for its data economy and end-to-end encryption, and is often recommended by security experts and privacy organizations. The “zero-knowledge principle” serves as data protection, in which the provider has no access to user data.

Signal app is available for Android and iOS, a desktop version for Windows, macOS and Linux. The desktop version requires installation on a smartphone. The free signal protocol is used for encrypting messages, which security experts consider to be secure.

Signal desktop available for Linux

The Signal desktop package are available for Debian-based Distributions like Ubuntu or Linux Mint. Install from the original source signal.org repository, with perform the following commands in a terminal.

$ curl -fsSL https://updates.signal.org/desktop/apt/keys.asc | sudo gpg --dearmor -o signal-desktop-keyring.gpg

$ cat signal-desktop-keyring.gpg | sudo tee /usr/share/keyrings/signal-desktop-keyring.gpg > /dev/null

$ echo 'deb [arch=amd64 signed-by=/usr/share/keyrings/signal-desktop-keyring.gpg] https://updates.signal.org/desktop/apt xenial main' | sudo tee /etc/apt/sources.list.d/signal-xenial.list

$ sudo apt update && sudo apt install signal-desktop

The Signal app can now be found via Start on Internet, or by entering Signal into the Cinnamon search field.

Cinnamon Desktop with Signal desktop

The Signal desktop app can also be provided from the application management, to do this go to Start and open the application management, enter signal in the search field in the top right corner and click on Install.

Install Signal-Desktop for Linux out from Package Manager
UNBLOG Tutorials (EN)

How to Install AMAVIS-NEW Content filter on Postfix

Home
Leave a comment

Install and configuring Amavis-new on Postfix MTA

AMaViS stands for A MAil Virus Scanner and is a server-side open-source content filter for e-mails. For decoding and checking e-mails and can be considered as an interface between external content filters such as SpamAssassin, to provide protection against spam, viruses and other vulnerable malware e-mails. Amavis-new is implementet on Unixoid mail servers such as Mail Transfer Agent like Postfix.

  AMaViS was written in the Unix-Shell programming language. With the further development in 2000 it was converted to Perl, from then on as amavis-new the standard interface between Mail Transfer Agents (MTA) and content filters, compatible to Postfix and interacts with the Antivirus program ClamAV and some other virus scanner. The current amavisd-new is under the GPLv2 and BSD license and also offers the possibility of integrating SpamAssassin and other filters they call Milter.

Install Amavis-new

In this tutorial we describes the installation and configuration of amavis-new. As a prerequisite, Postfix should already be available. It is assumed that Postfix is ​​already setting up and basic skills for Postfix is ​​well.

First step is add EPEL repository in order to install components.

$ yum update
$ yum -y install epel-release

Now install the amavis-new and ClamAV utilities.

$ yum clean all
$ yum -y install amavisd-new clamav-scanner clamav-scanner-systemd

Amavis-new configuration

We modify the following lines in the amavisd configuration. With opening in the editor of your choice. Here I use vim. if you’r not familiar with vim you can of course use nano.

$ vi /etc/amavisd/amavisd.conf

Add the changes after the comment lines.

# at line 20 set your own domain
$mydomain = 'domain.org';
# line 152 the own hostname
$myhostname = 'mail.domain.org';
# line 50 add local domain and network
@local_domains_maps = ( [".$mydomain", '.domain.org', 'next.domain.org'] );  # list of all local domains

@mynetworks = qw( 127.0.0.0/8 [::1] [FE80::]/10 [FEC0::]/10
                  10.0.0.0/8 10.127.99.0/24 );
# line 58 enter the exendet ports
$inet_socket_port = 10024,10026;
# line 154 w/o uncomment
$notify_method = 'smtp:[127.0.0.1]:10025';
$forward_method = 'smtp:[127.0.0.1]:10025';
# line 157 change to D_PASS
$final_virus_destiny    = D_PASS;
$final_spam_destiny     = D_PASS;

If use SELinux Enforced then add the policy.

$ setsebool -P antivirus_can_scan_system 1
$ setsebool -P clamd_use_jit 1

The Clamd virus scanner can be modified by using the sed stream editor. Insert and run the following command lines in a terminal:

$ sed -i -e "s/^Example/#Example/" /etc/clamd.d/scan.conf
$ sed -i -e "s/^Example/#Example/" /etc/freshclam.conf

Configure the Clamd configuration file /etc/clamd.d/scan.conf as follows: 

# line 8 w/o uncomment
#Example
# line 14 w/o uncomment
LogFile /var/log/clamd.scan
# line 44 w/o uncomment
LogSyslog yes
# line 66 w/o uncomment
PidFile /var/run/clamd.scan/clamd.pid
# line 70 w/o uncomment
TemporaryDirectory /var/tmp
# line 85 w/o uncomment
LocalSocket /var/run/clamd.scan/clamd.sock
# line 97 w/o uncomment
FixStaleSocket yes
# line 101 w/o uncomment
TCPSocket 3310
# line 195 insert uid
User clamscan

Create the log file for Clamd and assign the UserID:

$ touch /var/log/clamd.scan
$ chown clamscan:clamscan /var/log/clamd.scan

Now download and update the antivirus detection database.

$ freshclam

Now amavis-new configuration has been completed.

Amavis-new integrating Postfix

Let’s go ahead with the integration of Postfix. The content filter can be added at any place in the Postfix file main.cf by edit using nano or vi /etc/postfix/main.cf

content_filter=smtp-amavis:[127.0.0.1]:10024

To do this, with add the interface for amavis-new at the end of the file /etc/postfix/master.cf.

smtp-amavis unix  -     -     n     -    2   smtp
 -o smtp_data_done_timeout=1200
 -o smtp_send_xforward_command=yes
 -o disable_dns_lookups=yes
 -o max_use=20

127.0.0.1:10025  inet  n  -    n    -     -   smtpd
 -o content_filter=
 -o local_recipient_maps=
 -o relay_recipient_maps=
 -o smtpd_restriction_classes=
 -o smtpd_client_restrictions=
 -o smtpd_helo_restrictions=
 -o smtpd_sender_restrictions=
 -o smtpd_recipient_restrictions=permit_mynetworks,reject
 -o mynetworks=127.0.0.0/8
 -o strict_rfc821_envelopes=yes
 -o smtpd_error_sleep_time=0
 -o smtpd_soft_error_limit=1001
 -o smtpd_hard_error_limit=1000

Now restart Postfix so that the configuration takes effect.

$ systemctl restart postfix

Start amavis-new and let it start automatically at the next boot.

$ systemctl start clamd@scan
$ systemctl start amavisd.service
$ systemctl enable clamd@scan
$ systemctl enable amavisd.service

Testing Amavisd EICAR signature

Finally you can test amavisd. Note. that during download and installing amavis-new, with the use of an UTM firewall able to detect and blocking them. The conclusion arise the download are prevented because of contains the virus test signature, because the EICAR test signature should not by capsulated.

To do this, will go to the path /usr/share/doc/amavisd-new-*/test-messages and execute the following line in terminal shell, so that the EICAR test files are decapsulated and unpacked:

$ cd /usr/share/doc/amavisd-new-*/test-messages
$ perl -pe 's/./chr(ord($&)^255)/sge'

Now send the EICAR test signature to yourself by using sendmail in a terminal shell.

$ sendmail -i your_email@domain.ch < sample-virus-simple.txt

The following entry should then be shown in the log file /var/log/maillog.

mail amavis[11855]: (11855-01) Passed INFECTED (Eicar-Test-Signature {RelayedTaggedInbound,Quarantine d}, [127.0.0.1] <root@mail.domain.ch>-> <meine_email@domain.ch>, Message-ID: <20190305170628.630A7C5428@mail.domain.ch>, mail_id: SSDU53BXGSVK, Hits: 2.547, size: 789, queued_as: A808AC5425, 1207 ms

  If get error: reject: header To: undisclosed-recipients when trying to send the test mail with sendmail, the file sample-virus-simple.txt must be modify with a valid email entered at From: and To :.

Amavis-new Troubleshoting

To checking the functionality of amavis-new can provide along with the following procedure, first check the status of the daemon, with the parameter -l displaying the last lines of the log:

$ systemctl status postfix clamd@amavisd -l

It should also be ensured that ports 10024 and 10025 are active LISTEN:

$ ss -tuln4
Netid  State      Recv-Q Send-Q      Local Address:Port      Peer Address:Port
tcp    LISTEN     0      128             127.0.0.1:10024                *:*
tcp    LISTEN     0      100             127.0.0.1:10025                *:*
tcp    LISTEN     0      100                     *:587                  *:*
tcp    LISTEN     0      100                     *:465                  *:*
tcp    LISTEN     0      128                     *:22                   *:*
tcp    LISTEN     0      100                     *:25                   *:*

  telnet must first be installed, the function of the amavisd and Postfix daemon can be checked interactively:

$ telnet localhost 10024
Trying ::1...
Connected to localhost.
Escape character is '^]'.
220 [::1] ESMTP amavisd-new service ready
quit
221 2.0.0 [::1] amavisd-new closing transmission channel
Connection closed by foreign host.
$ telnet localhost 10025
Trying ::1...
telnet: connect to address ::1: Connection refused
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 mail.domain.ch ESMTP
quit
221 2.0.0 Bye
Connection closed by foreign host.