To secure Postfix mail server from spam and viruses, software like Amavisd, ClamAV and SpamAssassin can be a good solution.
The working concept is pretty easy: Amavisd accepts mail from Postfix (MTA), pass it to ClamAV and SpamAssassin to check for spam and viruses and then return the mail back to Postfix for delivery.
Prerequisites
- CentOS 6.x minimal
- RPMforge repository
- Postfix installed and configured
- Packages Amavisd, ClamAV, Spamassassin
Install packages
Once configured the RPMforge repository in the system, install all the necessary packages using the yum command.
# yum install amavisd-new clamav clamav-devel clamd spamassassin
Configure ClamAV
Edit the configuration file /etc/clamd.conf and set ClamAV to communicate with Amavisd-new using a local UNIX socket rather than TCPSocket by commenting the TCPSocket 3310 parameter.
# vi /etc/clamd.conf
Configure Amavisd-new
Edit the configuration file /etc/amavisd/amavisd.conf and remove, if needed, the comment (#) to disable spam or virus checking.
# COMMONLY ADJUSTED SETTINGS: # @bypass_virus_checks_maps = (1); # controls running of anti-virus code # @bypass_spam_checks_maps = (1); # controls running of anti-spam code # $bypass_decode_parts = 1; # controls running of decoders&dearchivers
Set the domain and hostname of the network environment.
$mydomain = 'domain.com';
$myhostname = 'mail.domain.com';
Configure Postfix
Edit the configuration file /etc/postfix/master.cf to tell Postfix to pass mail to Amasvid-new for filtering.
amavisfeed unix - - n - 2 lmtp
-o lmtp_data_done_timeout=1200
-o lmtp_send_xforward_command=yes
-o disable_dns_lookups=yes
-o max_use=20
127.0.0.1:10025 inet n - n - - smtpd
-o content_filter=
-o smtpd_delay_reject=no
-o smtpd_client_restrictions=permit_mynetworks,reject
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o smtpd_data_restrictions=reject_unauth_pipelining
-o smtpd_end_of_data_restrictions=
-o smtpd_restriction_classes=
-o mynetworks=127.0.0.0/8
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o smtpd_client_connection_count_limit=0
-o smtpd_client_connection_rate_limit=0
-o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,
no_milters,no_address_mappings
-o local_header_rewrite_clients=
-o smtpd_milters=
-o local_recipient_maps=
-o relay_recipient_maps=
# vi /etc/postfix/master.cf
Edit the file /etc/postfix/main.cf and enable message filtering in Postfix adding the line:
# use amavisd as filter on port 10024 content_filter=amavisfeed:[127.0.0.1]:10024
# vi /etc/postfix/main.cf
Reload Postfix to get new parameters.
# service postfix reload
Enable Amavisd and ClamAV services to start during system boot.
# chkconfig amavisd on
# chkconfig clamd on
Start ClamAV and Amavisd services. The SpamAssassinservice, which starts spamd, can be set to off as Amavisd-new doesn't actually use the SpamAssassin daemon (spamd) but rather loads SpamAssassin as a module.
# service clamd start
# service amavisd start
Because ClamAV database signature may be outdated, you can manually update by using the command freshclam.
# /usr/bin/freshclam
The mail server is now protected against spam and viruses.
