Cheap VPS & Xen Server

Residential Proxy Network - Hourly & Monthly Packages

Virtual Users And Domains With Postfix, MailScanner, Mailwatch & MySQL On CentOS 5.1

This document describes how to customize Falko’s “Virtual Users And Domains” – setup for CentOS 5.1 so that it works with MailScanner and Mailwatch. The resulting system provides a web interface (Mailwatch) where you can manage quarantined emails, train SpamAssassin, edit the white- and blacklist, view configuration files and the detailed MySQL database status …

This howto is a practical guide without any warranty – it doesn’t cover the theoretical backgrounds. There are many ways to set up such a system – this is the way I chose.


1 Preparation Part I

Open and follow steps 1 – 10.


2 Preparation Part II

2.1 Install ClamAV

yum -y install clamav clamd unrar


2.2 Language Configuration

vi /etc/sysconfig/i18n






2.3 Get Mailscanner

Please have a look at to find out which is the latest version. When I was writing this howto, it was version 4.66.5-3.

cd /tmp/
tar xvf MailScanner-4.66.5-3.rpm.tar.gz


3 Install Mailscanner

cd /tmp/MailScanner-4.66.5-3

This will take a while…


4 Mailscanner Configuration

mv MailScanner.conf MailScanner.conf.orig
cat MailScanner.conf.orig | egrep ^[^#] > MailScanner.conf
vi /etc/MailScanner/MailScanner.conf

Change some parameters so that they look like this:

Run As User = postfix
Run As Group = postfix
Incoming Queue Dir = /var/spool/postfix/hold
Outgoing Queue Dir = /var/spool/postfix/incoming
MTA = postfix
Incoming Work Group = clamav
Incoming Work Permissions = 0640
Virus Scanners = clamd
Clamd Socket = /tmp/clamd.socket
Clamd Lock File = /var/lock/subsys/clamd
SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin
Quarantine User = root
Quarantine Group = apache
Quarantine Permissions = 0660
Quarantine Whole Message = yes
Quarantine Whole Message As Queue Files = no
Detailed Spam Report = yes
Include Scores In SpamAssassin Report = yes
Spam Actions = store
High Scoring Spam Actions = store
Always Looked Up Last = &MailWatchLogging
Is Definitely Not Spam = &SQLWhitelist
Is Definitely Spam = &SQLBlacklist
Filename Rules = %etc-dir%/filename.rules
Filetype Rules = %etc-dir%/filetype.rules
Dangerous Content Scanning = %rules-dir%/content.scanning.rules

mkdir /var/spool/MailScanner/spamassassin/
chown -R postfix:postfix /var/spool/MailScanner/


5 Install Spamassassin

The MailScanner manual recommends to install spamassassin from .tar.gz or via perl shell. Some users reported problems with the .rpm-version.

perl -MCPAN -e shell

Answer “no” when you’re asked if you are ready for manual configuration.

Enter the following within the perl shell:

o conf prerequisites_policy ask
install Net::DNS

Answer “no” when you’re asked if you want to enable the online tests.

install Mail::SpamAssassin


6 Postfix Configuration

touch /etc/postfix/header_checks
echo “/^Received:/ HOLD” > /etc/postfix/header_checks
vi /etc/postfix/

Add the following line:

header_checks = regexp:/etc/postfix/header_checks

Afterwards stop postfix & sendmail and start ClamAV.

chkconfig postfix off
/etc/init.d/postfix stop
chkconfig sendmail off
service sendmail stop
chkconfig clamd on
/etc/init.d/clamd start

7 Mailwatch

7.1 Needed Package

yum -y install php-gd


7.2 Get Mailwatch

Please have a look at to find out which is the latest version. When I was writing this howto, it was version 1.04.

cd /tmp/
tar xvzf mailwatch-1.0.4.tar.gz


7.3 Mailwatch Database

First we create and populate the mailwatch database.

mysql -p < /tmp/mailwatch-1.0.4/create.sql

Next open a MySQL shell.

mysql -u root -p

Create the MySQL user for the database.

GRANT ALL ON mailscanner.* TO mailwatch@localhost IDENTIFIED BY ‘%sql_user_password%’;

After that we have to insert the account data from above into some files.

vi /tmp/mailwatch-1.0.4/

my($db_user) = ‘mailwatch’;
my($db_pass) = ‘%sql_user_password%’;

mv /tmp/mailwatch-1.0.4/ /usr/lib/MailScanner/MailScanner/CustomFunctions/

vi /var/www/html/mailscanner/conf.php.example

define(DB_USER, ‘mailwatch’);
define(DB_PASS, ‘%sql_user_password%’);
define(QUARANTINE_USE_FLAG, true);

mv /var/www/html/mailscanner/conf.php.example /var/www/html/mailscanner/conf.php

vi /tmp/mailwatch-1.0.4/

my($db_user) = ‘mailwatch’;
my($db_pass) = ‘%sql_user_password%’;

mv /tmp/mailwatch-1.0.4/ /usr/lib/MailScanner/MailScanner/CustomFunctions/


7.4 Mailwatch Web Administrator

Now open a MySQL shell with the mailwatch MySQL user.

mysql mailscanner -u mailwatch -p

Create the web admin account.

INSERT INTO users VALUES (‘%web_user_username%’,md5(‘%web_user_password%’),’%web_user_name%’,’A’,’0′,’0′,’0′,’0′,’0′);


7.5 Mailwatch VHost

Create a vhost like this:

    DocumentRoot /var/www/html/mailscanner/
    php_admin_flag short_open_tag On
    php_admin_flag safe_mode Off
    php_admin_flag register_globals Off
    php_admin_flag magic_quotes_gpc On
    php_admin_flag magic_quotes_runtime Off
    php_admin_flag session.auto_start 0
    php_admin_flag allow_url_fopen On
    LogLevel warn
    ErrorLog logs/mailwatch-error_log
    CustomLog logs/mailwatch-access_log combined

Afterwards move the needed files for the webinterface to the right place …

mv mailwatch-1.0.4/mailscanner/ /var/www/html/
mkdir /var/www/html/mailscanner/temp/

… and change the ownership.

chown -R apache:apache /var/www/html/mailscanner/
chown root:apache /var/www/html/mailscanner/images/ /var/www/html/mailscanner/images/cache/
chmod ug+rwx /var/www/html/mailscanner/images/ /var/www/html/mailscanner/images/cache/
chmod ug+rw /var/www/html/mailscanner/temp/
7.6 Spamassassin Configuration

vi /etc/MailScanner/spam.assassin.prefs.conf


#bayes_path /etc/MailScanner/bayes/bayes
# bayes_file_mode 0770


bayes_path /var/spool/MailScanner/spamassassin/bayes
bayes_file_mode 0660

And modify the directory permissions:

chown postfix:apache /var/spool/MailScanner/spamassassin/ /var/spool/MailScanner/spamassassin/bayes_*
chmod g+rws /var/spool/MailScanner/spamassassin/
chmod g+rw /var/spool/MailScanner/spamassassin/bayes_*

Test the spamassassin configuration.

spamassassin -D -p /etc/MailScanner/spam.assassin.prefs.conf –lint

You should see lines like the following in the output:

dbg: config: using “/etc/MailScanner/spam.assassin.prefs.conf” for user prefs file
dbg: bayes: tie-ing to DB file R/O /var/spool/MailScanner/spamassassin/bayes_toks
dbg: bayes: tie-ing to DB file R/O /var/spool/MailScanner/spamassassin/bayes_seen
dbg: bayes: found bayes db version 3
dbg: config: score set 0 chosen.
7.7 GeoIP Bugfix

In order that the geoip database update in the Mailwatch webinterface will work we have to fix a little bug.

vi /var/www/html/mailscanner/geoip_update.php


dbquery(“LOAD DATA INFILE ‘”.$base.’/’.$file2.”‘ INTO TABLE geoip_country FIELDS TERMINATED BY ‘,’ ENCLOSED BY ‘\”‘”);


dbquery(“LOAD DATA LOCAL INFILE ‘”.$base.’/’.$file2.”‘ INTO TABLE geoip_country FIELDS TERMINATED BY ‘,’ ENCLOSED BY ‘\”‘”);

8 Cronjobs

8.1 MailScanner Quarantine

vi /etc/cron.daily/clean.quarantine

Make sure that it’s disabled – the corresponding line should look like this:

$disabled = 1;


8.2 Mailwatch Quarantine

vi /tmp/mailwatch-1.0.4/tools/db_clean.php

Change the first line that it looks like this:

#!/usr/bin/php -q

cp /tmp/mailwatch-1.0.4/tools/quarantine_maint.php /usr/local/bin/
cp /tmp/mailwatch-1.0.4/tools/db_clean.php /usr/local/bin/
chmod +x /usr/local/bin/quarantine_maint.php /usr/local/bin/db_clean.php
echo “/usr/local/bin/quarantine_maint.php –clean” > /etc/cron.daily/
echo “/usr/local/bin/db_clean.php” > /etc/cron.daily/
chmod +x /etc/cron.daily/mailwatch*

8.3 Mail Queue Watcher

First copy the mail queue watcher script.

cp /tmp/mailwatch-1.0.4/mailq.php /usr/local/bin/

Afterwards we create a new cronjob.

crontab -e

Add the following line:

0-59 * * * * /usr/local/bin/mailq.php


9 Quarantine Release Fix

In order that a released email is not checked again (it would be quarantined again) we have to add/modify some rules.


9.1 WhiteList SQL Database

Connect to phpmyadmin (%server_ip%/phpmyadmin) and log in as mailwatch. Afterwards select the database “mailscanner” and then the table “whitelist“. Create a new record:

to_address = default
to_domain = default
from_address =



9.2 MailScanner Rules

Note that the entries in all lines of the following files have to be separated with tabs!

cd /etc/MailScanner/
touch filename.rules filetype.rules filename.rules.allowall.conf filetype.rules.allowall.conf rules/content.scanning.rules

vi filename.rules

From:       /etc/MailScanner/filename.rules.allowall.conf
FromOrTo:      default         /etc/MailScanner/filename.rules.conf

vi filetype.rules

From:       /etc/MailScanner/filetype.rules.allowall.conf
FromOrTo:      default         /etc/MailScanner/filetype.rules.conf

vi filename.rules.allowall.conf

allow   .*      -       -

vi filetype.rules.allowall.conf

allow   .*      -       -

vi rules/content.scanning.rules

From:       no
FromOrTo:       default        yes

Now adjust the permissions for the quarantine directory.

chown -R postfix:apache /var/spool/MailScanner/quarantine/
chmod g+rws /var/spool/MailScanner/quarantine/

Note: The needed MailScanner settings were already included in step 4.


10 Start

chkconfig –level 2345 MailScanner on
service MailScanner start && tail -f /var/log/maillog

You should see lines like the following in the output:

Mar 6 07:33:21 server1 MailScanner[8594]: Config: calling custom init function SQLBlacklist
Mar 6 07:33:21 server1 MailScanner[8594]: Starting up SQL Blacklist
Mar 6 07:33:21 server1 MailScanner[8594]: Read 0 blacklist entries
Mar 6 07:33:21 server1 MailScanner[8594]: Config: calling custom init function MailWatchLogging
Mar 6 07:33:21 server1 MailScanner[8594]: Started SQL Logging child
Mar 6 07:33:21 server1 MailScanner[8594]: Config: calling custom init function SQLWhitelist
Mar 6 07:33:21 server1 MailScanner[8594]: Starting up SQL Whitelist
Mar 6 07:33:21 server1 MailScanner[8594]: Read 1 whitelist entries

11 Remaining Configuration from step 14 till the end.

Keep in mind that the commands to start, stop or restart postfix have changed!

To start MailScanner & Postfix:

service MailScanner start

To restart MailScanner & Postfix:

service MailScanner restart

To stop MailScanner & Postfix:

service MailScanner stop


12 Mailwatch Webinterface

Now you can access the mailwatch webinterface via Log in with the username & password that you created in step 7.4 .


First you should update the SpamAssassin rule descriptions and the GeoIP database. You’ll find both options when you click on the “Tools/Links” button.


  • CentOS:
  • MailScanner:
  • Mailwatch:



The attached VM is configured as follows.

  • IP:
  • Gateway:
  • All passwords: Kreationnext
  • Mailwatch web admin: olli