ClamAV (including some required packages):
apt-get install amavisd-new spamassassin clamav-daemon apt-get install opendkim postfix-policyd-spf-python apt-get install pyzor razor apt-get install arj cabextract cpio lha nomarch pax rar unrar unzip zip
Configuration of ClamAv
The default behaviour of
ClamAV will fit our needs. The configuration files are found in
/etc/clamav/ if you want to customize some settings.
clamav user to the
amavis group in order for
Amavisd-new to have the appropriate access to scan files:
adduser clamav amavis adduser amavis clamav
Configuration of SpamAssassin
SpamAssassin automatically detects optional components and will use them if they are present. This means that there is no need to configure
Edit the config file:
Now start the daemon:
service spamassassin start
Configuration of Amavisd-new
To activate spam and antivirus detection in
Amavisd-new we need to edit the following file:
use strict; # You can modify this file to re-enable SPAM checking through spamassassin # and to re-enable antivirus checking. # # Default antivirus checking mode # Uncomment the two lines below to enable it # @bypass_virus_checks_maps = ( %bypass_virus_checks, @bypass_virus_checks_acl, $bypass_virus_checks_re); # # Default SPAM checking mode # Uncomment the two lines below to enable it # @bypass_spam_checks_maps = ( %bypass_spam_checks, @bypass_spam_checks_acl, $bypass_spam_checks_re); 1; # insure a defined return
By default a message that is identified as spam will be bounced back to the return address. However, since these addresses are often faked, this is not a good idea. We’re going to change that, spam just will be discarded:
$final_spam_destiny = D_DISCARD;
Additionally, you may want to adjust the following options to flag more messages as spam:
$sa_tag_level_deflt = -999; # add spam info headers if at, or above that level $sa_tag2_level_deflt = 6.0; # add 'spam detected' headers at that level $sa_kill_level_deflt = 21.0; # triggers spam evasive actions $sa_dsn_cutoff_level = 4; # spam level beyond which a DSN is not sent
If the server’s hostname is different from the domain’s MX record you may need to manually set the
$myhostname option. Also, if the server receives mail for multiple domains the
@local_domains_acl option will need to be customized.
and change the following lines:
$myhostname = 'mail.example.com'; @local_domains_acl = ( "example.com", "example.org" );
If you want to cover multiple domains you can use the following:
@local_domains_acl = qw(.);
Amavisd-new needs to be restarted:
service amavis restart
Amavisd-new can be configured to automatically whitelist addresses from domains with valid Domain Keys. There are some pre-configured domains:
There are multiple ways to configure the whitelist for a domain:
'example.com' => 'WHITELIST', # will whitelist any address from the "example.com" domain. '.example.com' => 'WHITELIST', #will whitelist any address from any subdomains of "example.com" that have a valid signature. '.email@example.com' => 'WHITELIST', # will whitelist subdomains of "example.com" that use the signature of example.com the parent domain. './@example.com' => 'WHITELIST', # adds addresses that have a valid signature from "example.com". This is usually used for discussion groups that sign their messages.
A domain can also have multiple whitelist configurations. After editing the file, restart
service amavis restart
Once a domain has been added to the whitelist the message will not be checked for viruses or spam.
Integration with Postfix
We still need to tell
postfix to make use of
postconf -e 'content_filter = smtp-amavis:[127.0.0.1]:10024'
Next edit the master config:
and add the following to the end of the file:
smtp-amavis unix - - - - 2 smtp -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes -o max_use=20 127.0.0.1:10025 inet n - - - - smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_delay_reject=no -o smtpd_client_restrictions=permit_mynetworks,reject -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_data_restrictions=reject_unauth_pipelining -o smtpd_end_of_data_restrictions= -o mynetworks=127.0.0.0/8 -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 -o smtpd_client_connection_count_limit=0 -o smtpd_client_connection_rate_limit=0 -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks
Also add the following two lines immediately below the “pickup” transport service:
-o content_filter= -o receive_override_options=no_header_body_checks
This will prevent messages that are generated to report on spam from being classified as spam.
Now restart Postfix:
service postfix restart
Content filtering with spam and virus detection is now enabled.
Everything is now set up, so it is time to test if it all works. Lets check if
Amavisd-new SMTP is listening on port 10024:
telnet localhost 10024
You should get a response like this:
Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. 220 [127.0.0.1] ESMTP amavisd-new service ready
In the header of messages that go through the content filter you should see:
X-Spam-Level: X-Virus-Scanned: Debian amavisd-new at example.com X-Spam-Status: No, hits=-2.3 tagged_above=-1000.0 required=5.0 tests=AWL, BAYES_00 X-Spam-Level:
Of course, the output depends on your settings, but the important thing is that there are
To check the
Send a fake spam message
To see if the spam filter is working, you can wait for the first spam message, or you can send one yourself with the GTUBE fake spam message:
Create an email with the following text:
The message should be identified correctly as spam and put in quarantine.
A similar feature exists for sending a fake virus message. To test the virus filter you can use the test virus from Eicar or use the online service from Aleph-tec.
It is self-evident that the spam rulesets must be up to date to be of any use. To update the sets:
sa-update --no-gpg -v
or add the following lines to the
# Update the SpamAssassin rulesets. 23 4 */2 * * /usr/bin/sa-update --no-gpg &> /dev/null
This will get the new rules every other day at 4:23 in the morning.
Spam and virus messages will be quarantined in this directory:
No virus definitions
When you start
ClamAV and you see the following error, it means that there are no virus definitions yet:
Setting up clamav-daemon (0.97.5+dfsg-1ubuntu0.12.04.2) ... * Clamav signatures not found in /var/lib/clamav * Please retrieve them using freshclam or install the clamav-data package * Then run '/etc/init.d/clamav-daemon start'
Get the new definitions by running:
This should result in something like this:
ClamAV update process started Downloading main.cvd [100%] main.cvd updated (version: 54, sigs: 1044387, f-level: 60, builder: sven) Downloading daily.cvd [100%] daily.cvd updated (version: 15107, sigs: 224953, f-level: 63, builder: guitar) Downloading bytecode.cvd [100%] bytecode.cvd updated (version: 185, sigs: 39, f-level: 63, builder: neo) Database updated (1269379 signatures) from db.local.clamav.net (IP: 18.104.22.168)
When the definitions are downloaded you can start
service clamav-daemon start
The hostname of the mailserver should return a valid FQDN.
Starting amavisd: The value of variable $myhostname is "example", but should have been a fully qualified domain name; perhaps uname(3) did not provide such. You must explicitly assign a FQDN of this host to variable $myhostname in /etc/amavis/conf.d/05-node_id, or fix what uname(3) provides as a host's network name! (failed). invoke-rc.d: initscript amavis, action "start" failed. WARNING: Starting amavisd-new failed. Please check your configuration.
If the server’s hostname is not set correctly (and can’t be changed) you can tell
Amavisd-new which hostname it should use:
Just add the following line:
$myhostname = 'mail.example.com';
and start the service
service amavis start