Mailserver with ldap tutorial – part 5: virus and spam protection

After I’ve described how to set up and test a mailserver with openldap, postfix and dovecot it still needs some basic filters for virus and spam protection.

This is a post from my old blog It has been moved here and slightly edited for better readability. It's also been adjusted to the new layout.
The content however is old and might be outdated.

This is step 5 of the 8 step tutorial for setting up a mailserver with openldap, postfix and dovecot using virtual users. You can find the overview here.

For filtering I use amavisd-new, as special filters for viruses I use clamav and for spam scanning spamassasin. At the moment this is a very basic and not a much elaborated setup.


aptitude install amavisd-new spamassassin clamav clamav-daemon

This will install quite a lot of dependencies.

Configure ClamAV

Add user clamav to group amavis to ensure correct permissions:

adduser clamav amavis

Enable virus scanning in /etc/amavis/conf.d/15-content_filter_mode by uncommenting the line

@bypass_virus_checks_maps = ( ...

Let virused mails pass:
in /etc/amavis/conf.d/50-user

$final_virus_destiny = D_PASS;

Configure Spamassasin

To enable spamassasin in /etc/defaults/spamassassin set


and in /etc/amavis/conf.d/15-content_filter_mode uncomment

@bypass_spam_checks_maps = (...

Some basic configuration (without auto-learning and another neat things spamassasin is capable of) in /etc/amavis/conf.d/50-user

#Always add spam flags in header, nice for debugging
$sa_tag_level_deflt = -99;
#add spam tag to subject for score > 5
$sa_tag2_level_deflt = 5.0;
$sa_spam_subject_tag = '[SPAM]';
#never discard any mails
$sa_kill_level_deflt = 99.0;
#let all mails pass, putting to spam dir in mailbox isttask of sieve
$final_spam_destiny = D_PASS;
$final_banned_destiny = D_PASS;
$final_bad_header_destiny = D_PASS;

Configure and enable amavis

Postfix has to be configured to filter mails by amavis. In /etc/postfix/

content_filter = smtp-amavis:[]:10024
receive_override_options = no_address_mappings

In /etc/postfix/ create a new service where postfix shall send the mails to amavis:

smtp-amavis     unix    -       -       -       -       2       smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
-o disable_dns_lookup=yes
-o max_use=20<

Postfix has to recieve the filtered nmails from amavis an another port. Else we create an infinite loop. In /etc/postfix/ create another service: inet    n       -       -       -       -       smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=

Restart amavis and postfix

/etc/init.d/amavis restart
/etc/init.d/postfix restart

Debug by watching /var/log/mail and test by sending test-spam (or wait for a typical spam mail 😉 )

Now our mailserver is ready for part 6: content filtering.

Edited on Jan 9th 2015 for better readability.
Edited on Aug 21st 2017 for better readability.


  1. Pingback: more features for roundcube webmail |

  2. Pingback: fighting spam -

Leave a Reply

Your email address will not be published.