| Antivirus and antispam
free mail server using Postfix, Mailscanner, Clamav, Spamassassin
and Greylisting |
| |
SPAM or Unsolicited Commercial Email (UCE) is alwasy hated by everybody.
It is nightmare for all the system administrator. There are lot of
talkings and solutions regarding SPAM. I have collect some of this
useful inforamtion and implement. These work miracle in my case. I
have wirte this tutorial (basically collect!) to help you out.
In this tutorial we will use Postfix as MTA. We will integrate MailScanner
and Clamav for Antivirus solution and SpamAssassin and GreyListing
for Antispam solution.
1. Postfix
2. Mailscanner
2. Clamav
4. SpamAssassin
5. GreyListing
|
| 1. Postfix |
Download the postfix from http://www.postfix.org/.
You can install both from tar.gz or rpm. Installation of postfix is
straight forward. For rpm:
rpm –ivh postfix.version.rpm
The configuration files of postfix are in /etc/postfix
folder. To make postfix work we mainly need to change two files. These
are: main.cf and transport. The main.cf contains all the major configuration
parameters.
The following is a sample postfix main.cf file:
| /etc/postfix/main.cf |
# Install Time Configuration
sendmail_path
= /usr/sbin/sendmail
newaliases_path = /usr/bin/newaliases
mailq_path = /usr/bin/mailq
setgid_group = postdrop
manpage_directory = /usr/local/man
sample_directory = /etc/postfix
readme_directory = no
html_directory = no
queue_directory = /var/spool/postfix
daemon_directory = /usr/libexec/postfix
command_directory = /usr/sbin
mail_owner = postfix
myhostname = hostname.domain.com
mydomain = domain.com
myorigin = $myhostname
mydestination= $myhostname, localhost.$mydomain, localhost
mynetworks = 10.0.0.0/8, 127.0.0.0/8
smtpd_banner = $myhostname ESMTP
header_checks = regexp:/etc/postfix/header_checks
smtpd_client_restrictions = hash:/etc/postfix/access
smtpd_sender_restrictions = reject_unknown_sender_domain, hash:/etc/postfix/access
smtpd_recipient_restrictions = hash:/etc/postfix/access, reject_rbl_client
bl.spamcop.net, reject_non_fqdn_recipient, reject_non_fqdn_sender,
reject_unknown_sender_domain, reject_unknown_recipient_domain,
permit_mynetworks, reject_unauth_destination, reject_multi_recipient_bounce
biff = no
smtpd_helo_required = yes
maximal_queue_lifetime = 2d
queue_run_delay = 3600s
ignore_mx_lookup_error = yes
smtp_always_send_ehlo = yes
default_destination_concurrency_limit = 10
default_destination_recipient_limit = 20
default_process_limit = 150
best_mx_transport = local
disable_vrfy_command = yes
alias_database = hash:/etc/postfix/aliases
mydestination = $myhostname, localhost.$mydomain, hash:/etc/postfix/transport
relay_domains = hash:/etc/postfix/transport
alias_database = hash:/etc/aliases
transport_maps = hash:/etc/postfix/transport
message_size_limit = 80000000
mailbox_size_limit = 1000000000 |
Explanation of the sample postfix main.cf
configuration settings:
| queue_directory |
Postfix's work directory. Where all the mail will
be temporarily stored until it is delivered. |
| daemon_directory |
Specifies the location of all the postfix programs. |
| command_directory |
Specifies the location of all post* commands. |
| mail_owner |
Specifies the user account that will own the mail queues. |
| myhostname |
The name of this computer including the domain part. This
is used when adding received by headers in email messages. |
| mydomain |
This name is added to locally originating email. So if you
sent yourself a message from root, it would appear to come from
root@mta1.domain.com. |
| mydestination |
This setting tells postfix what domains it is the final destination
for. This should be left at the default, and your domain should
instead be listed in the transport file. |
| mynetworks |
This setting tells postfix what networks it should consider
local. In other words, computers connecting from any of these
networks will be able to relay mail, etc. In our case, we put
127.0.0.0 (for localhost) and 10.0.0.0 (for any internal computer). |
| relay_domains |
This setting tells postfix which domains it should relay.
In this setting, we specify the transport file (which we'll
create below). This simply lists domains each on separate lines. |
| biff |
This setting tells postfix not to use the biff program to
let local users know that they have new email. |
| message_size_limit |
This sets the maximum size of a message. Messages larger than
80 megs will be rejected. You can increase or decrease this
based on your own server requirements. |
| mailbox_size_limit |
This sets the maximum size of local mailbox files. We set
it to 100 megs, although it should never reach this high because
our only local mailboxes are spam and notspam |
| smtpd_banner |
This is the banner that is displayed to connecting computers.
It is a good security practice to give as little information
as possible. I've included just the essentials. |
| transport_maps |
This setting tells postfix where to find the transport information.
The transport file is where we tell Postfix where to route certain
mail. In our case, this file is where we tell Postfix that mail
for domain.com should be delivered to our exchange server. |
| local_transport |
This setting tells postfix that all local mail should be delivered
using the local delivery agent. |
| smtpd_helo_restrictions, smtpd_sender_restrictions,
smtpd_recipient_restrictions |
These settings are used to deny access to postfix based on
the HELO command, the sender, or the recipient. The recipient
restrictions settings are used to prevent our mail server from
being used as an open. You can get the details from http://www.postfix.org/uce.html |
| header_checks |
The header_checks parameter restricts what is allowed in message
headers. Patterns are applied to entire logical message headers,
even when a header spans multiple lines of text. |
|
Now change the transport file. The transport file contains the domain
which have the relay access. The sample transport look like this:
domain.com local:
.domain.com local:
Run the following command:
| Syntex |
Comment |
| cp /etc/postfix/aliases /etc/ |
#copy the aliases file to /etc |
| postalias /etc/postfix/aliases |
#create the aliases.db file |
| postalias /etc/ aliases |
#create the aliases.db file |
| postmap /etc/postfix/transport |
#create the transport.db file |
You can now start postfix using the postfix start command. Please
check from netstat –nat output that port 25 is opne. You should
test to make sure that you can connect to the SMTP interfaces on port
25. To do this use the command:
telnet localhost 25
The server should respond with:
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 mta1.domain.com ESMTP
press ctrl-], then type 'quit' to quit
For further troubleshoot please check the maillog from /var/log/maillog.
|
| 2. MailScanner, Clamav and SpamAssassin: |
| MailScanner:
Before installing MailScanner make sure that your postfix is working
properly. Download the MailScanner from http://www.mailscanner.info/downloads.html.
Untar the file. Rune ./configure to install the MailScanner.
In the Postfix configuration file /etc/postfix/main.cf
add this line:
header_checks = regexp:/etc/postfix/header_checks
In the file /etc/postfix/header_checks add this line:
/^Received:/ HOLD
The effect of this is to tell Postfix to move all messages to the
HOLD queue.
In your MailScanner.conf file (probably in /etc/MailScanner
or /opt/MailScanner/etc), there
are 5 settings you need to change. They are all really near the
top of the file. The settings are
Run As User = postfix
Run As Group = postfix
Incoming Queue Dir = /var/spool/postfix/hold
Outgoing Queue Dir = /var/spool/postfix/incoming
MTA = postfix
You will need to ensure that the user "postfix" can write
to /var/spool/MailScanner/incoming
and /var/spool/MailScanner/quarantine:
chown postfix.postfix /var/spool/MailScanner/incoming
chown postfix.postfix /var/spool/MailScanner/quarantine
Now run MailScanner, /etc/init.d/MailScanner
start
Do the following to start MailScanner at startup
chkconfig postfix off
chkconfig --level 2345 MailScanner on
Clamav:
Download the clamav from http://www.clamav.net/.
Untar the file. Add group clamav and user clamav under that group.
Install the clamav. We don’t have to change anything in clamav
configuration file. Make the following changes to the /etc/MailScanner/MailScanner.conf
file:
Virus Scanning = yes
Virus Scanners = clamav
Spamassain:
Download the spamassain from www.spamassassin.org.
We need some perl module.
perl -MCPAN -e shell
Whenever it asks about manual configuration, say no
cpan> o conf prerequisites_policy ask
cpan> install Time::HiRes
cpan> quit
tar xzf Mail-SpamAssassin-version-no.tar.gz
cd Mail-SpamAssassin-version-no
perl Makefile.PL
make
You may now get some errors about pod2text. If you do, then do this
command
ln -s /usr/bin/pod2man /usr/bin/pod2text
make
make test
This will fail horribly due to lack of Pod/Usage.pm, so now do this
(remember whenever it asks about manual configuration, say no)
perl -MCPAN -e shell
cpan> o conf prerequisites_policy ask
cpan> install Pod::Usage
cpan> quit
Now to try the tests again
make test
make install
You now have installed SpamAssassin. The next step is to configure
it and MailScanner.
vi /etc/MailScanner/MailScanner.conf
Change the setting for "Required SpamAssassin
Score" to more than 5 as that generates quite a few
false alarms.
It's advised to set "Log Spam = yes"
to start with.
You will of course need "Use SpamAssassin
= yes".
You are almost done! Just restart the MailScanner again. Send some
test mail and check the maillog that if you are receiving mail or
not.
SpamAssassin mainly tagged the mail as spam or not. If you check
the mail header you will get something like this:
X-Spam-Status: Yes
or
X-Spam-Status: No
If mail is tagged as spam than the spam status will be yes otherwise
it will be no. Now we will send the spam tagged mail in user spam
folder. For this we need procmail. Install procmail from www.procmail.org.
Let say our user name is info and home folder in /home/info.
Info user mail are stored in /home/info/mail
folder. Create a file named “spam”
in /home/info/mail folder.
touch /home/info/mail/spam
chown info:info /home/info/mail/spam
Now create the following file in /home/info/
folder:
| .procmailrc |
# My variables
HOME=/home/info
MAILDIR=$HOME/mail
# neccessary variables
PATH=/usr/local/bin:/usr/bin
VERBOSE=no
LOGABSTRACT=yes
COMSAT=no
LOGFILE=$HOME/procmail.log
:0
* ^X-Spam-Status: Yes
$HOME/mail/spam
# spamassassin rule ends here |
Here ^X-Spam-Status: Yes is the
main part. If the mail is tagged as spam than the spam mail will
be send to user spam folder.
create the following file in /home/info
folder
.forward
"|/usr/bin/procmail -t #info"
From now the spam tagged mail for info user will go it’s spam
folder.
|
| |
| 3. GreyListing: |
GreyListing is the comparatively new technique to fight against
spam. This technique work in following ways:
“When a request for delivery of a mail is received by Postfix
via SMTP, the triplet CLIENT_IP / SENDER / RECIPIENT is built. If
it is the first time that this triplet is seen, or if the triplet
was first seen, less than 5 minutes ago, then the mail gets rejected
with a temporary error. Hopefully spammers or viruses will not try
again later, as it is however required per RFC.” [http://isg.ee.ethz.ch/tools/postgrey/]
With postfix we use PostGrey. Download PostGrey from http://isg.ee.ethz.ch/tools/postgrey/
For PostGrey we need the following perl module:
Net::Server
IO::Multiplex
BerkeleyDB (Perl module)
Berkeley DB (Library, version = 4.1)
wget http://isg.ee.ethz.ch/tools/postgrey/pub/postgrey-1.27.tar.gz
tar -zxvf postgrey-1.27.tar.gz
cd postgrey-1.27
cp postgrey_whitelist_* /etc/postfix/
cp postgrey /usr/local/bin
cp postgrey /usr/local/sbin
groupadd nogroup
adduser postgrey
mkdir /var/spool/postfix/postgrey/
chown postgrey:nogroup /var/spool/postfix/postgrey/ |
|
And make the following change to the postfix
main.cf file:
smtpd_recipient_restrictions = check_policy_service
inet:127.0.0.1:10023
Run the following command:
/usr/local/sbin/postgrey --inet=10023 -d
--delay=50 --greylist-text="Policy restrictions; try later"
If everything is ok, postgrey will start. If anything does wrong you
will get the output in /var/log/maillog.
Check netstat –nat for the port
10023. Try to send some test mail.
To start the postgrey at startup add the following lines in /etc/rc.local
file:
# Start Postgrey
echo -n 'Postgrey'; /usr/local/sbin/postgrey --inet=10023 -d --delay=50
--greylist-text="Policy restrictions; try later"
# End Postgrey.
That’s all you need. Happy spam free mail.
|
Reference:
|
http://www.postfix.org/BASIC_CONFIGURATION_README.html
http://www.mailscanner.info/postfix.html
http://www.qitc.net/support/mailscanner/
http://www.clamav.net/doc/0.88.5/html/
http://isg.ee.ethz.ch/tools/postgrey/ |
|
