After I’ve described how to set up and test a mailserver with
dovecot it still needs some basic filters for virus and spam protection.
The content however is old and might be outdated.
For filtering I use
amavisd-new, as special filters for viruses I use
clamav and for spam scanning
spamassasin. At the moment this is a very basic and not a much elaborated setup.
aptitude install amavisd-new spamassassin clamav clamav-daemon
This will install quite a lot of dependencies.
clamav to group
amavis to ensure correct permissions:
adduser clamav amavis
Enable virus scanning in
/etc/amavis/conf.d/15-content_filter_mode by uncommenting the line
@bypass_virus_checks_maps = ( ...
Let virused mails pass:
$final_virus_destiny = D_PASS;
To enable spamassasin in
@bypass_spam_checks_maps = (...
Some basic configuration (without auto-learning and another neat things spamassasin is capable of) in
#Always add spam flags in header, nice for debugging $sa_tag_level_deflt = -99; #add spam tag to subject for score > 5 $sa_tag2_level_deflt = 5.0; $sa_spam_subject_tag = '[SPAM]'; #never discard any mails $sa_kill_level_deflt = 99.0; #let all mails pass, putting to spam dir in mailbox isttask of sieve $final_spam_destiny = D_PASS; $final_banned_destiny = D_PASS; $final_bad_header_destiny = D_PASS;
Configure and enable
Postfix has to be configured to filter mails by
content_filter = smtp-amavis:[127.0.0.1]:10024 receive_override_options = no_address_mappings
/etc/postfix/master.cf create a new service where postfix shall send the mails to amavis:
smtp-amavis unix - - - - 2 smtp -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes -o disable_dns_lookup=yes -o max_use=20<
Postfix has to recieve the filtered nmails from
amavis an another port. Else we create an infinite loop. In
/etc/postfix/master.cf create another service:
127.0.0.1:10025 inet n - - - - smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_client_restrictions= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks=127.0.0.0/8
/etc/init.d/amavis restart /etc/init.d/postfix restart
Debug by watching
/var/log/mail and test by sending test-spam (or wait for a typical spam mail 😉 )
Now our mailserver is ready for part 6: content filtering.
Edited on Jan 9th 2015 for better readability.
Edited on Aug 21st 2017 for better readability.