Adding SpamAssassin and ClamAV to Postfix

Installation is easy enough with the package system, but further tweaks are required to get it up and running. Once its running, more tweaks are required to have it running at its best.

First task is to have an up to date version of postfix running. TIP – My system utilises a hosted server which is unconnected to the servers we have on site. Admittedly, not part of the original plan, but it was noticed that spamassassin and other protection methods were reducing the number of EMails getting through by about 70%. I decided that it would be best to keep this traffic external and therefore designated that server as the primary and tertiary MX. So the external hosted server was set up as a relay to our internal server.

DNS settings

# DNS settings for example.com
# Set A records (I know 270 is invalid, this is an example without using real IPs)
@ dave A 120.270.120.120
@ brian A 120.260.120.120
@ terry A 120.270.120.120
@ mail A 120.260.120.120
# Set MX records
@ MX 10 dave.example.com.
@ MX 20 brian.example.com.
@ MX 30 terry.example.com.

This setup makes my external server (120.270.120.120) the primary and tertiary mail server. This will result in 95% of the traffic going to the external server. The tertiary is there as some mail servers, especially spammers, work backwards through the priorities.

/etc/postfix/main.cf

myhostname = dave.example.com
relay_domains = example.com
transport_maps = hash:/etc/postfix/transport

relay_domains specify which domains this server will accept and forward onto the appropriate server. Where the relayed Emails go depends on transport_maps

#transport file
example.com smtp:mail.example.com

Remember to postmap the file after editing. The result is that any emails for the example.com domain will be collected and relayed to mail.example.com

Allow time for DNS propagation, then test. An Email sent to example.com should first appear on the relay server and then the internal server.

Install ClamAV

We start with the easier one, ClamAV the anti virus.

apt-get install clamav clamsmtp

Dont ask me why, but the next step was to change the listen ports from their package default. The configuration file is /etc/clamsmtpd.conf This is my final configuration……

OutAddress: 10026
Listen: 127.0.0.1:10025

Add the following to the end of /etc/postfix/main.cf

content_filter = scan:127.0.0.1:10025
receive_override_options = no_address_mappings

Add the following to the end of /etc/postfix/master.cf

# AV scan filter (used by content_filter)
scan      unix  -       -       n       -       16      smtp
        -o smtp_send_xforward_command=yes
        -o smtp_enforce_tls=no
# For injecting mail back into postfix from the filter
127.0.0.1:10026 inet  n -       n       -       16      smtpd
        -o content_filter=
        -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
        -o smtpd_helo_restrictions=
        -o smtpd_client_restrictions=
        -o smtpd_sender_restrictions=
        -o smtpd_recipient_restrictions=permit_mynetworks,reject
        -o mynetworks_style=host
        -o smtpd_authorized_xforward_hosts=127.0.0.0/8

ClamAV uses the filter facility with postfix. Basically, once Postfix has received the Email, it passes the file to the filter. The filter can perform whatever function it needs, in this case scanning for a virus. Once complete, it can either lose the file, or resnd it back to Postfix.

Restart the postfix and spamav service to pick up the new configuration. Personally, I like to reboot as experience has shown you may miss a reloading an obscure named service and spend hours working out why it has not worked. Next step, send a test Email. You should see clamsmtp mentioned in /var/log/mail.log

Spamassassin

apt-get install spamassassin

Get the updates. If you load them manually, you have to change permissions afterwards.

sa-update
cd /var/lib/spamassassin
chown -R debian.spamd debian.spamd *

Edit the spamassassin configuration, basically uncomment all the options

rewrite_header Subject **S*SPAM**
lock_method flock
required_score 5.0
use_bayes 1
bayes_path              /home/spamd/bayes/bayes
bayes_file_mode         0666
bayes_auto_learn 1
bayes_ignore_header X-Bogosity
bayes_ignore_header X-Spam-Flag
bayes_ignore_header X-Spam-Status

Edit /etc/postfix/master.cf

# Edit smtp entry
smtp      inet  n       -       -       -       -       smtpd
       -o content_filter=spamchk:dummy

#Add to end of file
spamchk   unix  -       n       n       -       10      pipe
  flags=Rq user=debian-spamd argv=/usr/local/bin/spamchk -f ${sender} -- ${recipient}

And then we create the spamchk script. This can be made bespoke to your requirements. Basically it sends the Email through spamc, the output is copied to a temp file. The temp file is scanned for the result and appropriate action is taken – Passed Email is resent with sendmail.

#!/bin/sh
SENDMAIL="/usr/sbin/sendmail -i"
EGREP=/bin/egrep
EX_UNAVAILABLE=69
SPAMLIMIT=6

# Cleanup the temporary working folder in case of error or cancellation
trap "rm -f /home/debian-spamd/tempfs/out.$$" 0 1 2 3 15

# Pipe the email to spamc
cat | /usr/bin/spamc -u debian-spamd | sed 's/^\.$/../' > /home/debian-spamd/tempfs/out.$$

# Are there more than $SPAMLIMIT stars in X-Spam-Level header? :
if $EGREP -q "^X-Spam-Level: \*{$SPAMLIMIT,}" < /home/debian-spamd/tempfs/out.$$
then
  rm -f /home/debian-spamd/tempfs/out.$$
else
  $SENDMAIL "[email protected]" < /home/debian-spamd/tempfs/out.$$
fi

# Remove temporary files
rm -f /home/debian-spamd/tempfs/out.$$

# Return an exit status
exit $?

Once Spamassassin is running, we can install some additional plugins.

apt-get install razor pyzor
pyzor discover

These should just start working

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.