I configured Virtualmin to use Spamassassin and ClamAV on a remote server (called Spamserver) which works very well.
Two minor problems are left though:
1) The Spam and Virus hits are now logged on Spamserver so I cant't see it using the "System Statistics" page on my Virtualmin hosting server (called Hostingserver). Even though I can setup Virtualmin on its own on Spamserver and collect statistics there I rather want to keep that server clean by not installing all the usual hosting software like Postfix, Apache, MySQL etc.
What is the best way to configure Hostingserver to get the log files from Spamserver and feeding the statictics system with it?
First thing that come to mind is configuring Hostingserver as syslog server. Spamserver has to be configured to use Hostingserver for logging, at least for Spam and Virus. I'm not knowing syslog very well: Can I make syslog to log remote data to the same /var/log/mail.log as the local system will log to? If not, how to configure the statistics system to use different log files for Spam and Virus information?
Second way may be is the usage of NFS to mount the Spamserver's /var/log on Hostingserver and get the information this way.
2) Since the user database on Hostingserver is not known on Spamserver and also the $HOME directories are not existing Spamassassin may not save user related data like auto white list or does not have access to user customized data in $HOME/.spamassassin. To solve this I can simply NFS mount the /home partition from Hostingserver on Spamserver. Also the user database must be populated from Hostingserver to Spamserver using some simple rsync mechanism. NIS probably is overhead here.
Do you have any ideas about this problems?
<div class='quote'>First thing that come to mind is configuring Hostingserver as syslog server. Spamserver has to be configured to use Hostingserver for logging, at least for Spam and Virus. I'm not knowing syslog very well: Can I make syslog to log remote data to the same /var/log/mail.log as the local system will log to?</div>
Heh, for someone who doesn't know Syslog well, that's actually a really good idea :-)
What I'd do is look in /etc/syslog.conf and "man syslog.conf" for some examples, but essentially, what you'd want is to add something like this to your syslog.conf on Spamserver:
mail.* @Hostingserver_addres
And then on Hostingserver, you'll need to make sure that:
1. Syslog is being started with the -r parameter (to enable remote logging), and
2. Make sure port 514 UDP is open if you're running firewall software on your machine, 514 UDP is what syslog listens on, and
3. Consider using firewall software to *only* allow Spamserver to submit messages to Hostingsoftware
<div class='quote'>To solve this I can simply NFS mount the /home partition from Hostingserver on Spamserver.</div>
ATM, I'm not sure what your best option is here -- I'd love to hear from other folks who have set this up.
But, I'll offer that NIS seems more complex that I think you'd need :-)
-Eric
<div class='quote'>Heh, for someone who doesn't know Syslog well, that's actually a really good idea :-)</div>
Well, I just asked myself: how would you do programm that. Good to see others have done it yet :)
I did enable syslogd -r on Hostingserver and I'm able to log something there from Spamserver using <i>nc -w1 -u Hostingserver 514 <<< "logging from Spamserver"</i>. It get logged to Hostingserver:/var/log/daemon.log
So far so good. I now added <i>mail.* @Hostingserver</i> to the mail section in Spamserver:/etc/syslogd.conf, restartet syslogd and spamassassin but nothing comes in at Hostingserver:/var/log/mail.log (or any other log file there).
Am I missing something?
Hm, looking again at Hostingserver:/var/log/mail.log it now works. Only thing I changed was to change the Hostingserver:/etc/hosts entry for Hostingserver from
<i>xx.xx.xx.xx hostingserver</i>
to
<i>xx.xx.xx.xx hostingserver.domain.tld hostingserver</i>
I also fiddled around with running syslogd with the -d flag to see what it does.
Don't like this kind of mystery :)
Configuring ClamAV to log remotely was also no big deal:
Added to Hostingserver:/etc/syslog.conf
<i>local6.* /var/log/clamav/clamav.log</i>
Note: The local ClamAV is not able to write to /var/log/clamav/clamav.log anymore because syslogd is changing the permissions to that file. So if you start ClamAV on Hostingserver again it may complain about that.
Added to Spamserver:/etc/syslog.conf
<i>local6.* @hosting
local6.* /var/log/clamav/clamav.log</i>
Changed Spamserver:/etc/clamav/clamd.conf
<i>#LogFile /var/log/clamav/clamav.log
LogSyslog true
LogFacility LOG_LOCAL6</i>
Restarted syslogd on Hostingserver and Spamserver, restarted clamav-daemon on Spamserver.
Regarding the question about how to access the remote user HOMEs: I solved it by NFS mounting the remote Hostingserver:/home on Spamserver and copying user entries only from the Hostingserver:/etc/passwd to Spamserver:/etc/passwd. If you want to set it up like I did follow this steps (on Ubuntu 8.04):
At Hostingserver:
* aptitude install nfs-kernel-server nfs-common portmap
* Add to /etc/exports:
/home Spamserver(rw,async,no_root_squash,no_subtree_check)
* /etc/init.d/nfs-kernel-server reload
At Spamserver:
* aptitude install portmap nfs-common
* Add to /etc/fstab:
Hostingserver:/home /home nfs rsize=8192,wsize=8192,timeo=14,intr,soft,bg
* mount /home
Skript for regularly copying user entries from Hostingserver to Spamserver. You may call it regularly using cron. I welcome your comments to this script!
[code:1]
#!/bin/sh
# This script rebuilds your /etc/passwd by merging local system users
# and standard users from a remote system. It will not copy entries
# from the /etc/shadow or /etc/master.passwd file.
#
# The remote system must be accessible by SSH using public key
# authentication.
#
# Modifying the /etc/passwd file sounds dangerous and it is dangerous.
# This script will take care of different error conditions and will
# stop immediately in such a case.
#
# The author takes no responsibilty for any damage caused by this
# script.
#
# (c) 2009, Bernhard Fuerst <bernhard.fuerst@fuerstnet.de>
# Define the remote user and host, divided by @ sign
REMOTE_USER_AND_HOST='root@Hostingserver'
# Define the first and last UID which your system uses for standard users
# Hard code the values here if your system does not know /etc/adduser.conf
#FIRST_UID=1000
#LAST_UID=29999
# On Linux we load /etc/adduser.conf to get the first and last UID
[ -f /etc/adduser.conf ] && . /etc/adduser.conf
# If your remote system is running a different UNIX/Linux flavour
# you may edit the limits here
REMOTE_FIRST_UID=${FIRST_UID}
REMOTE_LAST_UID=${LAST_UID}
# Save the local system users
awk -v FIRST_UID=${FIRST_UID} -v LAST_UID=${LAST_UID} -F: '($3<FIRST_UID) || ($3>LAST_UID)' /etc/passwd > /etc/passwd_new
[ $? -ne 0 ] && exit
# Get the remote standard users
ssh ${REMOTE_USER_AND_HOST} "awk -v FIRST_UID=${REMOTE_FIRST_UID} -v LAST_UID=${REMOTE_LAST_UID} -F: "\''($3>=FIRST_UID) && ($3<=LAST_UID)'\'' /etc/passwd' >> /etc/passwd_new
[ $? -ne 0 ] && exit
# Check if there is at least the root account set
[ `egrep -c '^root:.*?:0' /etc/passwd_new` -ne 1 ] && exit
# Move the created file
mv /etc/passwd_new /etc/passwd
[/code:1]