Tags
antismap, antivirus, Clamav, greylisting, mailqueue, mailscanner, postfix, postgrey
SPAM or Unsolicited Commercial Email (UCE) is always hated by everybody. It is nightmare for all the system administrator. There are lot of talking and solutions regarding SPAM. I have collect some of this useful inforamtion and implement. These work miracle in my case. I have write this tutorial (basically collect!) to help you out. In this tutorial we will use Postfix as MTA. We will integrate MailScanner and Clamav for Antivirus solution and SpamAssassin and GreyListing for Antispam solution.
1. Postfix
2. Mailscanner
2. Clamav
4. SpamAssassin
5. GreyListing
Before installing MailScanner make sure that your postfix is working properly. Download the MailScanner from http://www.mailscanner.info/downloads.html. Untar the file. Rune ./configure to install the MailScanner.
In the Postfix configuration file /etc/postfix/main.cf add this line:
header_checks = regexp:/etc/postfix/header_checks
In the file /etc/postfix/header_checks add this line:
/^Received:/ HOLD
The effect of this is to tell Postfix to move all messages to the HOLD queue.
In your MailScanner.conf file (probably in /etc/MailScanner or /opt/MailScanner/etc), there are 5 settings you need to change. They are all really near the top of the file. The settings are
Run As User = postfix
Run As Group = postfix
Incoming Queue Dir = /var/spool/postfix/hold
Outgoing Queue Dir = /var/spool/postfix/incoming
MTA = postfix
You will need to ensure that the user “postfix” can write to /var/spool/MailScanner/incoming and /var/spool/MailScanner/quarantine:
chown postfix.postfix /var/spool/MailScanner/incoming
chown postfix.postfix /var/spool/MailScanner/quarantine
Now run MailScanner, /etc/init.d/MailScanner start
Do the following to start MailScanner at startup
chkconfig postfix off
chkconfig —level 2345 MailScanner on
Clamav:
Download the clamav from http://www.clamav.net/. Untar the file. Add group clamav and user clamav under that group. Install the clamav. We don’t have to change anything in clamav configuration file. Make the following changes to the /etc/MailScanner/MailScanner.conf file:
Virus Scanning = yes
Virus Scanners = clamav
Spamassain:
Download the spamassain from www.spamassassin.org. We need some perl module.
perl -MCPAN -e shell
Whenever it asks about manual configuration, say no
cpan> o conf prerequisites_policy ask
cpan> install Time::HiRes
cpan> quit
tar xzf Mail-SpamAssassin-version-no.tar.gz
cd Mail-SpamAssassin-version-no
perl Makefile.PL
make
You may now get some errors about pod2text. If you do, then do this command
ln -s /usr/bin/pod2man /usr/bin/pod2text
make
make test
This will fail horribly due to lack of Pod/Usage.pm, so now do this (remember whenever it asks about manual configuration, say no)
perl -MCPAN -e shell
cpan> o conf prerequisites_policy ask
cpan> install Pod::Usage
cpan> quit
Now to try the tests again
make test
make install
You now have installed SpamAssassin. The next step is to configure it and MailScanner.
vi /etc/MailScanner/MailScanner.conf
Change the setting for “Required SpamAssassin Score” to more than 5 as that generates quite a few false alarms.
It’s advised to set “Log Spam = yes” to start with.
You will of course need “Use SpamAssassin = yes”.
You are almost done! Just restart the MailScanner again. Send some test mail and check the maillog that if you are receiving mail or not.
SpamAssassin mainly tagged the mail as spam or not. If you check the mail header you will get something like this:
X-Spam-Status: Yes
or
X-Spam-Status: No
If mail is tagged as spam than the spam status will be yes otherwise it will be no. Now we will send the spam tagged mail in user spam folder. For this we need procmail. Install procmail from www.procmail.org. Let say our user name is info and home folder in /home/info. Info user mail are stored in /home/info/mail folder. Create a file named “spam” in /home/info/mail folder.
touch /home/info/mail/spam
chown info:info /home/info/mail/spam
Now create the following file in /home/info/ folder:
|
.procmailrc
|
|
# My variables
HOME=/home/info
MAILDIR=$HOME/mail
# neccessary variables
PATH=/usr/local/bin:/usr/bin
VERBOSE=no
LOGABSTRACT=yes
COMSAT=no
LOGFILE=$HOME/procmail.log
:0
* ^X-Spam-Status: Yes
$HOME/mail/spam
# spamassassin rule ends here
|
Here ^X-Spam-Status: Yes is the main part. If the mail is tagged as spam than the spam mail will be send to user spam folder.
create the following file in /home/info folder
|
.forward
|
|
”|/usr/bin/procmail -t #info”
|
From now the spam tagged mail for info user will go it’s spam folder.
|
GreyListing:
|
GreyListing is the comparatively new technique to fight against spam. This technique work in following ways:
“When a request for delivery of a mail is received by Postfix via SMTP, the triplet CLIENT_IP / SENDER / RECIPIENT is built. If it is the first time that this triplet is seen, or if the triplet was first seen, less than 5 minutes ago, then the mail gets rejected with a temporary error. Hopefully spammers or viruses will not try again later, as it is however required per RFC.” [http://isg.ee.ethz.ch/tools/postgrey/]
With postfix we use PostGrey. Download PostGrey from http://isg.ee.ethz.ch/tools/postgrey/
For PostGrey we need the following perl module:
Net::Server
IO::Multiplex
BerkeleyDB (Perl module)
Berkeley DB (Library, version = 4.1)
|
tar -zxvf postgrey-1.27.tar.gz
cd postgrey-1.27
cp postgrey_whitelist_* /etc/postfix/
cp postgrey /usr/local/bin
cp postgrey /usr/local/sbin
groupadd nogroup
adduser postgrey
mkdir /var/spool/postfix/postgrey/
chown postgrey:nogroup /var/spool/postfix/postgrey/
|
And make the following change to the postfix main.cf file:
|
main.cf
|
|
smtpd_recipient_restrictions = check_policy_service inet:127.0.0.1:10023
|
Run the following command:
/usr/local/sbin/postgrey —inet=10023 -d —delay=50 —greylist-text=”Policy restrictions; try later”
If everything is ok, postgrey will start. If anything does wrong you will get the output in /var/log/maillog.
Check netstat –nat for the port 10023. Try to send some test mail.
To start the postgrey at startup add the following lines in /etc/rc.local file:
# Start Postgrey
echo -n ‘Postgrey’; /usr/local/sbin/postgrey —inet=10023 -d —delay=50 —greylist-text=”Policy restrictions; try later”
# To /etc/rc.local before the start postfix line.
That’s all you need. Happy spam free mail.
