Overview:
In this report, I configured the Postfix mail server that support the Anti-Spam and Anti-Virus, using two methods, for sake of evaluation and realizing which method can be considered, to be the best,
· Method 1: With Postfix, SpamAssassin, ClamAV & Amavis-new
· Method 2: With Postfix, SpamAssassin, ClamAV & Procmail
The main conclusion realized from this work is that using Amavis-new method is better than using the Procmail method. And using the Procmail with clamassassin is better than using Procmail with trashscan for antivirus check. Although, I am still not sure that this is totally right, as it could be some problem I could not realize in my work.
This is a sample from what I gave in my book.
Method1: Using Postfix, Amavis-new, ClamAV, SpamAssassin
1- Configure the Postfix with general configuration options. I wrote a previous report in Postfix, so no need to repeat.
In /etc/postfix/main.cf
myhostname = linux1.localdomain.msft
mydomain = localdomain.msft
myorigin = $myhostnam
inet_interfaces = all
mydestination = $myhostname, localhost.$mydomain $mydomain
mynetworks_style = subnet
content_filter = smtp-amavis:[127.0.0.1]:10024
transport_maps = hash:/etc/postfix/transport
relay_domains = $transport_maps, $mydestination
In /etc/postfix/master.cf, add
smtp-amavis unix - - - - 2 smtp -o smtp_data_done_timeout=1200 -o disable_dns_lookups=yes
localhost:10025 inet n - - - - smtpd -o content_filter=
In /etc/postfix/transport
.localdomain.msft local:
2- Then, make
# postmap transport
# service postfix restart
# service postfix reload
3- Download amavis-new-2.4.0 from www.ijs.si/software/amavisd, and extract it
4- Fellow the installation requirements in the help files,
4.1- Install the following webmin modules using the webmin (go to Others, then Perl Modules)
Archive::Tar (Archive-Tar-x.xx)
Archive::Zip (Archive-Zip-x.xx) (1.14 or later should be used!)
Compress::Zlib (Compress-Zlib-x.xx) (1.35 or later)
Convert::TNEF (Convert-TNEF-x.xx)
Convert::UUlib (Convert-UUlib-x.xxx) (1.05 or later, stick to new versions!)
MIME::Base64 (MIME-Base64-x.xx)
MIME::Parser (MIME-Tools-x.xxxx) (latest version from CPAN - currently
5.417)
Mail::Internet (MailTools-1.58 or later have workarounds for Perl 5.8.0 bugs)
Net::Server (Net-Server-x.xx) (version 0.88 finally does setuid right)
Net::SMTP (libnet-x.xx, ports/net/p5-Net) (>= libnet-1.16 for performance)
Digest::MD5 (Digest-MD5-x.xx) (2.22 or later)
IO::Stringy (IO-stringy-x.xxx)
Time::HiRes (Time-HiRes-x.xx) (use 1.49 or later, older can cause problems)
Unix::Syslog (Unix-Syslog-x.xxx)
BerkeleyDB with bdb library 3.2 or later (4.2 or later preferred)
Optional Perl modules:
Mail::SpamAssassin for doing spam scanning (2.64 or 3.0.4 or >=3.1)
DBI with appropriate DBD::* if using SQL lookups
Net::LDAP if using LDAP lookups
Authen::SASL authenticating on mail forwarding and on submitting DSN
Mail::ClamAV Perl module interface to ClamAV library
SAVI Perl module interface to Sophos library (0.30 or later)
4.2- Create a user and group amavis, the home directory /var/amavis
Create its home directory, unless account creation procedure already did it:
# mkdir /var/amavis
Create the following subdirectories:
# mkdir /var/amavis/tmp /var/amavis/var /var/amavis/db /var/amavis/home
4.3- Do
# chown -R amavis:amavis /var/amavis
# chmod -R 750 /var/amavis
4.4- Do
# cp amavisd /usr/local/sbin/ (from the amavis directory)
# chown root /usr/local/sbin/amavisd
# chmod 755 /usr/local/sbin/amavisd
4.5- Copy file amavisd.conf to wherever you want it to reside such as /etc,
and make sure it is not writable by non-privileged users;
# cp amavisd.conf /etc/
# chown root /etc/amavisd.conf
# chmod 644 /etc/amavisd.conf
4.6- Create a directory (e.g. /var/virusmails) to be used by amavisd-new
as a quarantine area (if a virus or spam quarantine is desired).
# mkdir /var/virusmails
# chown amavis:amavis /var/virusmails
# chmod 750 /var/virusmails
4.7- Make the following
# chown root /var/amavis
# chown -R amavis:amavis /var/amavis/var
# chmod 750 /var/amavis /var/amavis/var
4.8- Make the following inside the amaisd-new directory to restart the amavisd service at boot time.
# cp amavisd_init.sh /etc/rc.d/init.d/amavisd
# chmod 755 /etc/rc.d/init.d/amavisd
# chkconfig --level 2345 amavisd on
and change the amavisd_init.sh , so
prog="/usr/local/sbin/amavisd"
4.9- Edit file /etc/amavisd.conf , you need to go through the help for proper configuration of the file, as an example:
$max_servers = 2;
$daemon_user = 'amavis';
$daemon_group = 'amavis';
$mydomain = 'localdomain.msft';
$MYHOME = '/var/amavis';
$TEMPBASE = "$MYHOME/tmp";
$ENV{TMPDIR} = $TEMPBASE;
$QUARANTINEDIR = '/var/virusmails';
$db_home = "$MYHOME/db";
$helpers_home = "$MYHOME/var";
$pid_file = "$MYHOME/var/amavisd.pid";
$lock_file = "$MYHOME/var/amavisd.lock";
$myhostname = 'linux1.localdomain.msft'; # must be a fully-qualified domain name!
$notify_method = 'smtp:[127.0.0.1]:10025';
$forward_method = 'smtp:[127.0.0.1]:10025'; # set to undef with milter!
$inet_socket_port = 10024;
$final_virus_destiny = D_BOUNCE;
$final_banned_destiny = D_BOUNCE;
$final_spam_destiny = D_BOUNCE;
$final_bad_header_destiny = D_PASS;
$inet_socket_bind = '127.0.0.1'; # limit socket bind to loopback interface
# (default is '127.0.0.1')
@inet_acl = qw(127.0.0.1 [::1]); # allow SMTP access only from localhost IP
# (default is qw(127.0.0.1 [::1]) )
$DO_SYSLOG = 0;
$LOGFILE = "$MYHOME/amavis.log";
@bypass_virus_checks_maps=0;
@bypass_spam_checks_maps=0;
@bypass_banned_checks_maps=0;
@bypass_header_checks_maps=0;
$warnvirusrecip = 1;
$virus_admin = "hedaya\@$mydomain";
$spam_admin = "hedaya\@$mydomain";
$mailfrom_notify_admin = "virusalert\@$mydomain";
$mailfrom_notify_recip = "virusalert\@$mydomain";
$mailfrom_notify_spamadmin = "spam.police\@$mydomain";
read_hash(\%whitelist_sender, '/var/amavisd/whitelist');
read_hash(\%blacklist_sender, '/var/amavisd/blacklist');
read_hash(\%spam_lovers, '/var/amavisd/spam_lovers');
# Other configurations for spamassassin and clamav
# ClamAV settings
['ClamAV-clamd',
\&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd"],
qr/\bOK$/, qr/\bFOUND$/,
qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
@av_scanners_backup = (
### http://www.clamav.net/ - backs up clamd or Mail::ClamAV
['ClamAV-clamscan', 'clamscan',
"--stdout --disable-summary -r --tempdir=$TEMPBASE {}",
[0], qr/:.*\sFOUND$/, qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
4.10- Note the configuration related to spamassassin will modify the /etc/mail/spamassassin/local.cf file. Also we can modify the SpamAssassin from the SpamAssassin Webmin module.
5- Restart the services
service amavisd start
service postfix restart
6- Test the proper Anti-Spam configuration by sending the following email to
[email protected] XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X
We note that the email will not reach
7- Test the proper Anti-Virus configuration by sending an email with file attachment from /root/clamav/tests/test1. Or with the file attachment that has
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
We note that the email will not reach
You can find my whole book published in http://www.lulu.com/content/347211
Email Address: [email protected] 