Mailserver with ldap tutorial – part 5: virus and spam protection

After I’ve described how to set up and test a mailserver with openldap, postfix and dovecot it still needs some basic filters for virus and spam protection.

This is a post from my old blog http://tech.cbjck.de. It has been moved here and slightly edited for better readability. It's also been adjusted to the new layout.
The content however is old and might be outdated.


This is step 5 of the 8 step tutorial for setting up a mailserver with openldap, postfix and dovecot using virtual users. You can find the overview here.

For filtering I use amavisd-new, as special filters for viruses I use clamav and for spam scanning spamassasin. At the moment this is a very basic and not a much elaborated setup.

Installation

aptitude install amavisd-new spamassassin clamav clamav-daemon

This will install quite a lot of dependencies.

Configure ClamAV

Add user clamav to group amavis to ensure correct permissions:

adduser clamav amavis

Enable virus scanning in /etc/amavis/conf.d/15-content_filter_mode by uncommenting the line

@bypass_virus_checks_maps = ( ...

Let virused mails pass:
in /etc/amavis/conf.d/50-user

$final_virus_destiny = D_PASS;

Configure Spamassasin

To enable spamassasin in /etc/defaults/spamassassin set

ENABLED=1

and in /etc/amavis/conf.d/15-content_filter_mode uncomment

@bypass_spam_checks_maps = (...

Some basic configuration (without auto-learning and another neat things spamassasin is capable of) in /etc/amavis/conf.d/50-user

#Always add spam flags in header, nice for debugging
$sa_tag_level_deflt = -99;
#add spam tag to subject for score > 5
$sa_tag2_level_deflt = 5.0;
$sa_spam_subject_tag = '[SPAM]';
#never discard any mails
$sa_kill_level_deflt = 99.0;
#let all mails pass, putting to spam dir in mailbox isttask of sieve
$final_spam_destiny = D_PASS;
$final_banned_destiny = D_PASS;
$final_bad_header_destiny = D_PASS;

Configure and enable amavis

Postfix has to be configured to filter mails by amavis. In /etc/postfix/main.cf

content_filter = smtp-amavis:[127.0.0.1]:10024
receive_override_options = no_address_mappings

In /etc/postfix/master.cf create a new service where postfix shall send the mails to amavis:

smtp-amavis     unix    -       -       -       -       2       smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
-o disable_dns_lookup=yes
-o max_use=20<

Postfix has to recieve the filtered nmails from amavis an another port. Else we create an infinite loop. In /etc/postfix/master.cf create another service:

127.0.0.1:10025 inet    n       -       -       -       -       smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8

Restart amavis and postfix

/etc/init.d/amavis restart
/etc/init.d/postfix restart

Debug by watching /var/log/mail and test by sending test-spam (or wait for a typical spam mail 😉 )

Now our mailserver is ready for part 6: content filtering.


Edited on Jan 9th 2015 for better readability.
Edited on Aug 21st 2017 for better readability.

2 Comments

  1. Pingback: more features for roundcube webmail | cbjck.de

  2. Pingback: fighting spam - tech.cbjck.de

Leave a Reply

Your email address will not be published. Required fields are marked *