Postfix/tutorials

From Segfault
Jump to: navigation, search

http://www.xtarutaru.com/2009/04/16/spamassassin-clamav-postfix-without-amavis-debian/

Spamassassin + ClamAV + Postfix WITHOUT Amavis (Debian)
April 16, 2009, 8:31 PM

Amavis is known to be a huge memory hog, and those of us leasing sub-30$ VPS servers just can’t afford it. Even as small as 10MB’s of RAM can have a huge impact on performance.

So in order to run with the least impact on memory I decided to drop amavis. The problem with this: I couldn’t find any howto’s that described how to run spamassassin and clamav with postfix WITHOUT amavis. So with a little of trial and error I figured it out on my own.

First you need to make sure spamd and clamd are already running, and that spamc is installed. There are plenty of howto’s on the ‘net to do this, so I won’t go into detail there. So to start off add the following lines to the end of your /etc/postfix/master.cf file

spamassassin unix - n   n   -   -   pipe
    user=vmail argv=/usr/bin/spamc -f -e
    /usr/sbin/sendmail -oi -f ${sender} ${recipient}

# AV scan filter (used by content_filter)
scan      unix  -       -       n       -       16      smtp
        -o smtp_send_xforward_command=yes

# For injecting mail back into postfix from the filter
127.0.0.1:10026 inet  n -       n       -       16      smtpd
        -o content_filter=spamassassin
        -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
        -o smtpd_helo_restrictions=
        -o smtpd_client_restrictions=
        -o smtpd_sender_restrictions=
        -o smtpd_recipient_restrictions=permit_mynetworks,reject
        -o mynetworks_style=host
        -o smtpd_authorized_xforward_hosts=127.0.0.0/8

(Remove/change user=vmail if you don’t use/use virtual mailboxes)

And in the same file look for the below line (Hint: It’s usually near the top)

smtp      inet  n       -       -       -       -       smtpd

And add the following line underneath it

-o content_filter=scan:127.0.0.1:10025

Now you need to install clamsmtp, a small program that will handle connections to clamd for us

apt-get install clamsmtp

In /etc/clamsmtp.conf change OutAddress and Listen to read

OutAddress: 10026
Listen: 127.0.0.1:10025

While your at it, check all the other parameters to make sure clamsmtp can connect to clamd. You may also be interested in changing the header added to scanned mail so you know which server scanned it.

After all of this is done restart the daemons

/etc/init.d/postfix restart
/etc/init.d/clamsmtp restart

And send yourself test mail. If it fails to work go back and make sure you followed the instructions properly, else congrats! You now have a great spamfiltering setup without amavis! You may now want to look at some basic SMTP-level scanning with RBL’s just to minimise load on your server caused by spamassassin and clamav.


http://www.xs4all.nl/~jaspersl/howto/

Index
Tutorial: An alternative to amavis
Jasper Slits

Layout copyright � 2002,2003,2004 Christoph Haas

Copyright � 2005 Jasper Slits
Revision History
$Rev: 16 $	$Date$

Abstract
This tutorial provides an alternative to amavisd-new based set ups for anti-virus and spam filtering.

I wanted to have a light-weight set up and avoid amavis because I do not like it, too much settings etc.

After looking at Freshmeat I noticed clamsmtp which was at version 0.4 at the time I started using it. From the homepage: "ClamSMTP aims to be lightweight, reliable, and simple rather than have a myriad of options. It's written in C without major dependencies."

The current version in the Debian repository is the latest release of clamsmtp: 1.4.1

Table of Contents

Getting started
Step 1: Installing maildrop
Step 2: Configuration of Postfix
Step 3: Configuration of clamsmtp
Step 4: Populating the whitelist
Step 5: Modifying maildroprc
References
Thanks


Getting started
The tutorial is based on the work by Chris Haas and I strongly recommend you have a working Postfix set up before you start here.
The tutorial for installing up maildrop from source can be found here.

Packages you really need:

    * clamsmtp
    * clamav
    * clamav-freshclam
    * maildrop
    * courier-authlib

[Important]	
As of now (June 25th 2005), the current package of 'maildrop' in Debian Sid is 1.5.3, which is outdated. A recent maildrop can be found in experimental but you need other packages too. It might break your current set up, if you're using courier-imap and/or courier-pop.
Step 1: Installing maildrop

Installing the dependencies first...

wget http://debian.concepts.nl/debian/pool/main/c/courier/courier-base_0.50.0-0.1_i386.deb
wget http://debian.concepts.nl/debian/pool/main/c/courier-authlib/courier-authlib_0.56-0.5_i386.deb
wget http://debian.concepts.nl/debian/pool/main/c/courier-authlib/courier-authlib-mysql_0.56-0.5_i386.de
wget http://debian.concepts.nl/debian/pool/main/m/maildrop/maildrop_1.8.1-2_i386.deb

Install the packages in the same order as you downloaded them. Beware of dependency problems (all solvable).

The big difference with previous maildrops is the integration of a shared authentication backend. Courier-authlib eliminates the need for a maildropmysqlconfig.cf file.
Also this version of maildrop supports quota in a nice way:

[root@malochia:~]# mailq
-Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient-------
43D82783B734     9090 Sun Jun 26 08:47:39  sender@domain.org
            (temporary failure. Command output: maildrop: maildir over quota.)
                                         info@somedomain.org

Prior to 1.8.0 overquota mails were bounced rather than queued up.

To test maildrop delivery use:

echo "some random data" > /tmp/randomfile
su - vmail
maildrop -d valid@user.tld -V 10 < /tmp/randomfile

In case of problems: Use courierauthtest or 'strace' and look for 'Permission denied' and alike messages.
Step 2: Configuration of Postfix

Required changes to /etc/postfix/master.cf:


# AV scan filter (used by content_filter) clamsmtp
scan      unix  -       -       n       -       16      smtp
        -o smtp_send_xforward_command=yes
            
# For injecting mail back into postfix from the filter
127.0.0.1:10026 inet  n -       n       -       16      smtpd
        -o content_filter=
        -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
        -o smtpd_helo_restrictions=
        -o smtpd_client_restrictions=
        -o smtpd_sender_restrictions=
        -o smtpd_recipient_restrictions=permit_mynetworks,reject
         -o mynetworks=127.0.0.0/8
        -o smtpd_authorized_xforward_hosts=127.0.0.0/8
            
maildrop  unix  -       n       n       -       -       pipe 
  flags=DRhu user=vmail:vmail argv=/usr/bin/maildrop -d ${recipient}



In /etc/postfix/main.cf:

# Use the scan transport as defined in master.cf as a content-filter
content_filter = scan:127.0.0.1:10024

# Deliver all mail to the maildrop transport as defined in master.cf
virtual_transport = maildrop
local_transport = maildrop

maildrop_destination_recipient_limit = 1 


Step 3: Configuration of clamsmtp

In /etc/clamsmtpd.conf:

OutAddress: 10026
Listen: 127.0.0.1:10024
ClamAddress: /var/run/clamav/clamd.ctl
TempDirectory: /var/spool/clamsmtp

The OutAddress must match the setting in master.cf and the Listen address must match the setting in main.cf

After clamsmtp is started you see in /var/log/mail.log lines like this in case of a virus-free message:

Mar 28 19:10:49 servername clamsmtpd: 1000EA: from=sender@domain.tld,to=recipient@domain.tld, status=CLEAN


Infected mail will be discarded and the recipient will not be notified:

Mar 25 17:42:32 servername clamsmtpd: 108501: from=support_ref_0236020@regions.com, to=recipient@domain.tld,status=VIRUS:HTML.Phishing.Bank-1
Mar 25 17:42:32 servername postfix/smtp[9602]: 564757853969: to=, relay=127.0.0.1[127.0.0.1], delay=32, status=sent (250 Virus Detected; Discarded Email)

Step 4: Populating the whitelist
There are several ways to use Spamassassin, but as a maildrop advocate I prefer the use of maildrop with spamc/spamd and a whitelist. First, the whitelist is implemented in maildrop to avoid invoking spamassassin and is based on the sender. The file /etc/maildrop/from_whitelist.dat contains regular expressions with e-mail addresses:

.*@(ebay|microsoft|webshots|hallmark|novell|mundo-perdido|localhost|dell).com
email@adres.tld

The same can be done for recipient based whitelisting. It's not possible to have per-user whitelists. You can whitelist here all domains you receive mail for. Might be good to make it dynamic though it'll probably kill the effiency
Step 5: Modifying maildroprc

The /etc/maildroprc is the global filter file and it will be read for each delivery.
As maildrop is invoked each time using the pipe command from Postfix, changes to maildroprc come into effect instantly.

Relevant section from /etc/maildroprc

# Do not call SA when the sender is in the whitelist.
if (/^From: *!.*/ && lookup(getaddr($MATCH2),"/etc/maildrop/from_whitelist.dat"))
{
   log "Spam: sender found in whitelist"
   to $HOME
}

# Avoid scanning of large emails
if ( $SIZE < 50000 )
{
            # -f -> do not bail out when spamd is down
            # -u amavis unprivileged account
        exception {
                xfilter "/usr/bin/spamc -f -u amavis"
        }
}

# Count amount of * to determine where to deliver mail
if (/^X-Spam-Status: Yes, score=*!.* !.*/)
{
        if ( $MATCH2 > 5 )
         {
         # Log original recipient in /var/vmail/maildrop.log 
         log "To  : $LOGNAME"
         to /var/vmail/spambox
         }
         else
        {
            # Tagged as spam but not exceed the treshhold value of 5
         to $HOME
         }
}
else
{
   # Not whitelisted and no spam
to $HOME
}

References

More information about the software discussed can be found here:

    * Postfix MAILDROP_README by Wietse Venema
    * ClamSMTP by Nate Nielsen
    * Workaround tutorial by Chris Haas
    * Maildrop by Sam Varshavchikk

Thanks

Credits where credits are due:

    * Chris Haas


Last change: $Id: howto.html 16 2005-06-26 14:04:02Z jasper $