INSTALLING ANTIVIRUS & ANTISPAM ON POSTFIX

Posted on

  Installing SpamAssassinBefore getting to the specifics of installing the supporting software for each MTA, we first cover the installation of SpamAssassin. If SpamAssassin is installed first, several of the packages will automatically determine that SpamAssassin has been installed and adjust their configuration.The first step is to download the sources, which are available from the SpamAssassin site: http://useast.spamassassin.org/released/Mail-SpamAssassin-2.63.tar.gz . After you have downloaded them to a location such as /usr/local/src, uncompress and extract the files as follows:

bash$ gzip -d Mail-SpamAssassin-2.63.tar.gz bash$ tar xf Mail-SpamAssassin-2.63.tar.gz bash$ cd Mail-SpamAssassin-2.63

To install SpamAssassin, perform the following:

bash$ perl ./Makefile.PL What email address or URL should be used in the suspected-spam report text for users who want more information on your filter installation? (In particular, ISPs should change this to a local Postmaster contact) default text: [the administrator of that system] user@mydomain.com   Checking if your kit is complete... Looks good Writing Makefile for Mail::SpamAssassin Makefile written by ExtUtils::MakeMaker 6.03   bash$ make bash$ sudo su # make install

SpamAssassin is now installed  

SpamAssassin and Postfix

The flow of mail under Postfix integrated with SpamAssassin is diagrammed in Figure 3.4 for a system-wide basis setup.Figure 3.4 SpamAssassin and Postfix.SpamAssassin is activated under Postfix by using the amavisd-new package. More information is available online for amavisd-new at http://www.ijs.si/software/amavisd/ . amavisd-new calls the SpamAssassin libraries directly, making the installation a bit simpler than qmail and Sendmail, which both require additional pieces of software to activate SpamAssassin. Calling the SpamAssassin libraries directly also saves some overhead because additional system resources are not required if spamc and/or spamd are not invoked.

Installing amavisd-new

amavisd-new requires a number of Perl modules to be installed on the target. The INSTALL file notes regarding prerequisites from amavisd-new are as follows:

Archive::Tar   (Archive-Tar-x.xx) Archive::Zip   (Archive-Zip-x.xx) (1.09 or later is recommended!) Compress::Zlib (Compress-Zlib-x.xx) Convert::TNEF  (Convert-TNEF-x.xx) Convert::UUlib (Convert-UUlib-x.xxx) MIME::Base64   (MIME-Base64-x.xx) MIME::Parser   (MIME-Tools-x.xxxx) (the patched MIME-tools by David F. Skoll is recommended over 5.411,   as it better handles broken/bad MIME syntax:     http://www.mimedefang.org/ -> Download section.   The new 6.2xx from http://search.cpan.org/dist/MIME-tools/   also includes these patches, and more. Mail::Internet (MailTools-1.58 or later have workarounds for Perl 5.8.0 bugs) Net::Server    (Net-Server-x.xx) Net::SMTP      (libnet-x.xx)     (use libnet-1.16 or later for performance) Digest::MD5    (Digest-MD5-x.xx) IO::Stringy    (IO-stringy-x.xxx) Time::HiRes    (Time-HiRes-x.xx) (use 1.49 or later; some older cause problems) Unix::Syslog   (Unix-Syslog-x.xxx)

Make sure all of these Perl modules are installed on the target system. If any are missing, download and install them from http://www.cpan.org .Unfortunately, there is no install script, so the software must be installed and configured manually. To begin, download the amavisd-new sources from http://www.ijs.si/software/amavisd/amavisd-new-20030616-p6.tar.gz in a directory, such as /usr/local/src. Extract it and change directory into the directory by running:

# gzip -d amavisd-new-20030615-p6.tar.gz # tar xvf amavisd-new-20030615-p6.tar.gz # cd amavisd-new-20030616

Then create a directory under /var called amavis as the amavisd home directory:

# mkdir /var/amavis

Create the group amavis and user amavis:

# groupadd amavis # useradd -c 'Amavis Daemon' -d /var/amavis -g amavis -s /bin/false amavis

Make the permissions and ownership correct on the directory /var/amavis:

# chown amavis:amavis /var/amavis # chmod 750 /var/amavis

Copy the amavisd executable to /usr/local/sbin and change the permissions appropriately:

# cp amavisd /usr/local/sbin/ # chown root /usr/local/sbin/amavisd # chmod 755  /usr/local/sbin/amavisd

Copy the amavisd.conf configuration file to its default location, /etc, and make the permissions correct:

# cp amavisd.conf /etc/ # chown root /etc/amavisd.conf # chmod 644  /etc/amavisd.conf

(If you change the location, you must start up amavisd with the -c option to tell it where to read its configuration from.)Next, you must create the quarantine directory (where amavisd stores viruses that are caught) and set the permissions and ownership:

# mkdir /var/quarantine # chown amavis:amavis /var/quarantine # chmod 750 /var/quarantine

Finally, you need to adjust the amavisd.conf configuration file to reflect the appropriate settings. If you followed the preceding recommendations, then set the following values as follows:

$mydomain = 'example.com'; $daemon_user  = 'amavis'; $daemon_group = 'amavis'; $TEMPBASE = "$MYHOME/tmp"; $forward_method = 'smtp:127.0.0.1:10025'; # for postfix $notify_method = $forward_method;         # for postfix $inet_socket_bind = '127.0.0.1';          # improves security $QUARANTINEDIR = '/var/quarantine';

You will want to change example.com to the name of the domain you are receiving email for. $daemon_user and $daemon_group are set to the name of the amavisd-new user—in our case, amavis. $TEMPBASE is set to the amavisd-new variable $MYHOME appended with /tmp. You may want to set this to /var/tmp or /tmp, depending upon your setup. The $forward_method setting tells amavisd-new what to do with the message after processing it. In our case, Postfix expects to receive the message on port 10025 of the local machine. $notify_method tells amavisd what to do with notify messages—in our case, treat them the same as the $forward_method. $inet_socket_bind is set to loopback in order to restrict the IP addresses that are allowed to connect to amavisd. Finally, the $QUARANTINEDIR keyword tells amavisd-new what to do with messages if they are identified as a problem and need to be set aside.If you are not running virus checks, you will want to enable this line:

@bypass_virus_checks_acl = qw( . );

This will disable virus checking, if necessary. The log level can be set anywhere from 0 (no logging) to 5 (everything is logged). For debugging purposes, start with 5 and then reduce it down to 2 after everything is running smoothly.

$log_level = 2;

After all of the settings have been changed, start amavisd with the debug option to check for any missing Perl libraries or other misconfigurations:

bash$ sudo su # /usr/local/sbin/amavisd debug Installing perl modules to satisfy dependencies $ perl –eshell -MCPAN  

After it starts cleanly, enable amavisd-new to start on bootup by executing the following, assuming you are running a recent version of Linux:

# cp amavisd_init.sh /etc/init.d/ # ln -s /etc/rc.d/init.d/amavisd_init.sh /etc/rc.d/init.d/rc2.d/amavisd

Configuring Postfix

The Postfix configuration required to activate SpamAssassin and amavisd-new is relatively straightforward. Only a few lines need to be added to your main.cf and master.cf located by default in /etc/postfix.In main.cf, add the following line:

content_filter = smtp-amavis:[127.0.0.1]:10024

or edit the master.cf, add the following line to thesmtp      inet  n              n                     smtpd

and become:

smtp      inet  n              n                     smtpd -o content_filter=smtp-amavis:[127.0.0.1]:10024 The above line tells Postfix to invoke the amavisd-new content filter by connecting to the loopback interface on port 10024. In master.cf, add the following lines:

# # The amavis interface # smtp-amavis unix - - y - 2 smtp       -o smtp_data_done_timeout=1200       -o disable_dns_lookups=yes   127.0.0.1:10025 inet n - y - - smtpd       -o content_filter=       -o local_recipient_maps=       -o relay_recipient_maps=       -o smtpd_restriction_classes=       -o smtpd_client_restrictions=       -o smtpd_helo_restrictions=       -o smtpd_sender_restrictions=       -o smtpd_recipient_restrictions=permit_mynetworks,reject       -o mynetworks=127.0.0.0/8,192.168.0.0/24

The first configuration entry beginning with smtp-amavis here tells smtp (Postfix’s delivery agent) to run in a chroot‘ed environment with a maximum of two instances. It invokes smtpd, sets the smtp done timeout to 1200 seconds, and disables DNS lookups to improve performance. The second configuration entry starting with 127.0.0.1 tells amavisd-new to reinject the filtered results into a chroot‘ed instance of Postfix’s smtpd on port 10025 configured with the listed restrictions.The next step is to tell Postfix to re-read its configuration files:

bash$ sudo postfix reload

You should now be up and running with SpamAssassin/amavisd-new support in Postfix. You may skip ahead to the “Verifying SpamAssassin Operation” section now. Installing CalmAv

  1. $ tar xvfz ClamAv-no-test.tar.gz
  2. $ grouadd clamav
  3. $ useradd clamav –g clamav –d /usr/local/clamav
  4. $ ./configure –prefix=/usr/local/clamav
  5. $ make
  6. $ make install
  7. $ cd /usr/local/clamav/etc
  8. edit the configuration file clamd.conf. make sure that the user’s that run clamd  is the same as user run amavis. So here we put :

User amavis

LocalSocket

And add the socket file to amavis directory: /var/amavis/clamd.

  1. edit the amavis.conf to point to the /var/amavis/clamd file:

       # ### http://www.clamav.net/ [‘ClamAV-clamd’,   \&ask_daemon, [“CONTSCAN {}\n”, “$MYHOME/clamd”],   qr/\bOK$/, qr/\bFOUND$/,   qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ], 

One thought on “INSTALLING ANTIVIRUS & ANTISPAM ON POSTFIX

    Jude Morgan said:
    April 18, 2008 at 2:14 am

    inomyoma ineffectiveness ephemerid firehouse splenoblast brachiation purblindness annamitic
    Introduction to the System of Logic
    http://www.staffordhouse.ca/

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s