SPAM or Unsolicited Commercial Email (UCE) is always hated by everybody. It is nightmare for all the system administrator. There are lot of talking and solutions regarding SPAM. I have collect some of this useful inforamtion and implement. These work miracle in my case. I have write this tutorial (basically collect!) to help you out. In this tutorial we will use Postfix as MTA. We will integrate MailScanner and Clamav for Antivirus solution and SpamAssassin and GreyListing for Antispam solution.
Before installing MailScanner make sure that your postfix is working properly. Download the MailScanner from http://www.mailscanner.info/downloads.html. Untar the file. Rune ./configure to install the MailScanner.
In the Postfix configuration file /etc/postfix/main.cf add this line:
header_checks = regexp:/etc/postfix/header_checks
In the file /etc/postfix/header_checks add this line:
The effect of this is to tell Postfix to move all messages to the HOLD queue.
In your MailScanner.conf file (probably in /etc/MailScanner or /opt/MailScanner/etc), there are 5 settings you need to change. They are all really near the top of the file. The settings are
Run As Group = postfix
Incoming Queue Dir = /var/spool/postfix/hold
Outgoing Queue Dir = /var/spool/postfix/incoming
You will need to ensure that the user “postfix” can write to /var/spool/MailScanner/incoming and /var/spool/MailScanner/quarantine:
chown postfix.postfix /var/spool/MailScanner/incoming
chown postfix.postfix /var/spool/MailScanner/quarantine
Now run MailScanner, /etc/init.d/MailScanner start
Do the following to start MailScanner at startup
chkconfig —level 2345 MailScanner on
Download the clamav from http://www.clamav.net/. Untar the file. Add group clamav and user clamav under that group. Install the clamav. We don’t have to change anything in clamav configuration file. Make the following changes to the /etc/MailScanner/MailScanner.conf file:
Virus Scanners = clamav
Whenever it asks about manual configuration, say no
cpan> o conf prerequisites_policy ask
cpan> install Time::HiRes
tar xzf Mail-SpamAssassin-version-no.tar.gz
You may now get some errors about pod2text. If you do, then do this command
ln -s /usr/bin/pod2man /usr/bin/pod2text
This will fail horribly due to lack of Pod/Usage.pm, so now do this (remember whenever it asks about manual configuration, say no)
cpan> o conf prerequisites_policy ask
Now to try the tests again
You now have installed SpamAssassin. The next step is to configure it and MailScanner.
Change the setting for “Required SpamAssassin Score” to more than 5 as that generates quite a few false alarms.
It’s advised to set “Log Spam = yes” to start with.
You will of course need “Use SpamAssassin = yes”.
You are almost done! Just restart the MailScanner again. Send some test mail and check the maillog that if you are receiving mail or not.
SpamAssassin mainly tagged the mail as spam or not. If you check the mail header you will get something like this:
If mail is tagged as spam than the spam status will be yes otherwise it will be no. Now we will send the spam tagged mail in user spam folder. For this we need procmail. Install procmail from www.procmail.org. Let say our user name is info and home folder in /home/info. Info user mail are stored in /home/info/mail folder. Create a file named “spam” in /home/info/mail folder.
chown info:info /home/info/mail/spam
Now create the following file in /home/info/ folder:
# neccessary variables
# spamassassin rule ends here
Here ^X-Spam-Status: Yes is the main part. If the mail is tagged as spam than the spam mail will be send to user spam folder.
create the following file in /home/info folder
|”|/usr/bin/procmail -t #info”
From now the spam tagged mail for info user will go it’s spam folder.
GreyListing is the comparatively new technique to fight against spam. This technique work in following ways:
“When a request for delivery of a mail is received by Postfix via SMTP, the triplet CLIENT_IP / SENDER / RECIPIENT is built. If it is the first time that this triplet is seen, or if the triplet was first seen, less than 5 minutes ago, then the mail gets rejected with a temporary error. Hopefully spammers or viruses will not try again later, as it is however required per RFC.” [http://isg.ee.ethz.ch/tools/postgrey/]
For PostGrey we need the following perl module:
BerkeleyDB (Perl module)
Berkeley DB (Library, version = 4.1)
|tar -zxvf postgrey-1.27.tar.gz
cp postgrey_whitelist_* /etc/postfix/
cp postgrey /usr/local/bin
cp postgrey /usr/local/sbin
chown postgrey:nogroup /var/spool/postfix/postgrey/
And make the following change to the postfix main.cf file:
smtpd_recipient_restrictions = check_policy_service inet:127.0.0.1:10023
Run the following command:
/usr/local/sbin/postgrey —inet=10023 -d —delay=50 —greylist-text=”Policy restrictions; try later”
If everything is ok, postgrey will start. If anything does wrong you will get the output in /var/log/maillog.
Check netstat –nat for the port 10023. Try to send some test mail.
To start the postgrey at startup add the following lines in /etc/rc.local file:
# Start Postgrey
echo -n ‘Postgrey’; /usr/local/sbin/postgrey —inet=10023 -d —delay=50 —greylist-text=”Policy restrictions; try later”
# To /etc/rc.local before the start postfix line.
That’s all you need. Happy spam free mail.