Spam Filter for Postfix

From NeilDocs

Jump to: navigation, search

This document is still under construction. Most of this document is a shorter version of [1] written by Patrick Ben Koetter <patrick.koetter@state-of-mind.de> Mark Martinec <Mark.Martinec+amavis@ijs.si>

  1. Install Software:
    1. Spamassasin
    2. amavisd-new
    3. clamav
    4. clamav-update
  2. Edit /etc/sysconfig/freshclam to allow clamav to update
  3. Edit /etc/freshclam.conf (also to allow clamav to update)
  4. Create clamd.conf (it doesn't need to have anything in it)
  5. Edit amavisd.conf, edit or add the following lines: 
$inet_socket_port = 10024;   # listen on this local TCP port(s)
$virus_admin	= 'admin@example.com';                    # notifications recip

$mailfrom_notify_admin = 'admin@example.com';                    # notifications sender
$mailfrom_notify_recip = 'admin@example.com';                    # notifications sender
$mailfrom_notify_spamadmin = 'admin@example.com';                    # notifications sender
$final_virus_destiny      = D_DISCARD;
$final_banned_destiny     = D_BOUNCE;
$final_spam_destiny       = D_DISCARD;
$final_bad_header_destiny = D_BOUNCE;
  1. Start services 
service amavisd start
service clamd.amavisd start
service spamassassin start
  1. Edit master.cf, Add the following lines: 
amavisfeed	unix	-	-	n	-	2	smtp
    -o smtp_data_done_timeout=1200
    -o smtp_send_xforward_command=yes
    -o disable_dns_lookups=yes
    -o max_use=20

127.0.0.1:10025	inet	n	-	n	-	-	smtpd
    -o content_filter=
    -o smtpd_delay_reject=no
    -o smtpd_client_restrictions=permit_mynetworks,reject
    -o smtpd_helo_restrictions=
    -o smtpd_sender_restrictions=
    -o smtpd_recipient_restrictions=permit_mynetworks,reject
    -o smtpd_data_restrictions=reject_unauth_pipelining
    -o smtpd_end_of_data_restrictions=
    -o smtpd_restriction_classes=
    -o mynetworks=127.0.0.0/8
    -o smtpd_error_sleep_time=0
    -o smtpd_soft_error_limit=1001
    -o smtpd_hard_error_limit=1000
    -o smtpd_client_connection_count_limit=0
    -o smtpd_client_connection_rate_limit=0
    -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters
    -o local_header_rewrite_clients=
  1. To check for configuration errors type in 
postfix reload && tail -f /var/log/maillog
  1. Test the connection to amavisd that Postfix will use once configured 
$ telnet localhost 10024
220 [127.0.0.1] ESMTP amavisd-new service ready
EHLO localhost
250-[127.0.0.1]
250-VRFY
250-PIPELINING
250-SIZE
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-DSN
250 XFORWARD NAME ADDR PROTO HELO
QUIT
221 2.0.0 [127.0.0.1] amavisd-new closing transmission channel
  1. Test the connection to Postfix that amavisd will use to reinsert messages into the flow of email 
$ telnet 127.0.0.1 10025
220 mail.example.com ESMTP Postfix (2.3.2)
EHLO localhost
250-mail.example.com
250-PIPELINING
250-SIZE 40960000
250-ETRN
250-STARTTLS
250-AUTH PLAIN CRAM-MD5 LOGIN DIGEST-MD5
250-AUTH=PLAIN CRAM-MD5 LOGIN DIGEST-MD5
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
QUIT
221 2.0.0 Bye
  1. Test the entire chain: 
$ telnet localhost 10024
220 [127.0.0.1] ESMTP amavisd-new service ready
HELO localhost
250 [127.0.0.1]
MAIL FROM: <>
250 2.1.0 Sender  OK
RCPT TO: <postmaster>
250 2.1.5 Recipient postmaster OK
DATA
354 End data with <CR><LF>.<CR><LF>
From: virus-tester
To: undisclosed-recipients:;
Subject: amavisd test - simple - no spam test pattern 

This is a simple test message from the amavisd-new test-messages.
.
250 2.6.0 Ok, id=30897-02, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 079474CE44
QUIT
221 2.0.0 [127.0.0.1] amavisd-new closing transmission channel
  1. Edit main.cf adding the following line: 
content_filter=amavisfeed:[127.0.0.1]:10024
  1. Reload the postfix configuration yet again 
postfix reload
  1. Use the test messages at /usr/share/doc/amavisd-new-2.5.2/test-messages/ to test configuration
    1. Unzip test messages (you have to use crazy methods because they packaged files that include viruses and they wanted it to be able to passed through firewalls 
perl -pe 's/./chr(ord($&)^255)/sge' <sample.tar.gz.compl | zcat | tar xvf -
    1. Send a valid message 
sendmail -i your-address@example.com <sample-nonspam.txt
    1. Send a spam message 
sendmail -i your-address@example.com <sample-spam-GTUBE-junk.txt
    1. Send a virus message 
sendmail -i your-address@example.com <sample-virus-simple.txt
    1. Verify that the maillog shows valid messages being passed and Spam and Viruses being rejected.
Retrieved from "http://www.happystoddards.com/neildocs/index.php/Spam_Filter_for_Postfix"
Personal tools