Postfix Spam Filter using Ubuntu Dapper, MailScanner, SpamAssassin, Razor, Pyzor, DCC and ClamAV

Want to support HowtoForge? Become a subscriber!
 
Submitted by fdalmoro (Contact Author) (Forums) on Tue, 2006-07-11 15:31. :: Anti-Spam/Virus | Postfix

Postfix Spam Filter using Ubuntu Dapper, MailScanner, SpamAssassin, Razor, Pyzor, DCC and ClamAV

Introduction

This is a similar version of the HOWTO that can be found here: http://www200.pair.com/mecham/spam/spamfilter20050628.html. If you're looking at this howto it is assumed that you have some level of experience with email servers, DNS, TCP/IP, Firewalls and Linux in general.

1 Setting up Ubuntu Server

Please see the documentation already online for details on setting up an Ubuntu server. HowToForge has a couple of HowTo's that are very detailed. However there are a couple of installation configurations outlined here that should be taken into account when setting up the server that might differ from other howto's.

NOTE: Ubuntu is installed as a setuid system by default. What that means is that the root account is disabled and you have to run everything with a 'sudo' in front of it to run it as root. The way around this is to run 'sudo su -' and you will no longer have to type 'sudo' in front of the command because you are in a bash session as root. For the rest of this document it is assumed that you have done this and are running a bash session as root so no sudo commands will be given. Moral of the story is, when you log into Ubuntu via SSH or console, remember to run 'sudo su -' before you start editing system files, moving/making directories or installing/uninstalling software and services.

1.1 Partitions

Partitioning the drive this way is not a requirement but it will keep your server from completely running out of space if something goes wrong in the /var directory. Also, partitioning the drive up this way will allow you to create some extra graphs with MailScannerMRTG that can look at /var, /var/log and /var/spool separately. MailScannerMRTG will not check drive space on directories, it can only calculate size by partitions.

Example of my partition table:
/boot		50MB		Boot Partition		EXT3 (PRIMARY)
Swap		2GB		Swap Partition (Size depends on your Memory, double your memory should be fine) (PRIMARY)
/		2GB		Root Partition		EXT3 (LOGICAL)
/var		1GB		Variable Data partition	EXT3 (LOGICAL)
/var/log	3GB		Variable Data partition	EXT3 (LOGICAL)
/var/spool	2GB		Variable Data partition Spool	EXT3 (LOGICAL)
/usr		4GB		User installed programs		EXT3 (LOGICAL)
/usr/local	2GB		User installed programs		EXT3 (LOGICAL)
/home		ANY		Home Directories (Good place to put any extra space, you can repartition if you run out of space and use this.)	EXT3 (LOGICAL)

1.2 Verify Network Settings

We need to make sure that the system is setup with a valid static IP, the correct DNS servers are in /etc/resolv.conf and your server is identified in the /etc/hosts file.

vi /etc/network/interfaces


The Network Interfaces file should look something like this:

auto lo eth0
iface lo inet loopback
# The primary network interface
iface eth0 inet static
        address  192.168.1.100
        netmask  255.255.255.0
        network  192.168.1.0
        broadcast 192.168.1.255
        gateway  192.168.1.1

Restart the network service to make these changes take effect:

/etc/init.d/networking restart


Edit the resolv.conf file to add DNS servers:

vi /etc/resolv.conf


Make sure your domain name is at the top of the resolv.conf, it should look look something like this:

search example.com
nameserver 192.168.0.1
nameserver 192.168.0.2

vi /etc/hosts


The top of file should look something like this:

127.0.0.1 localhost.localdomain localhost
192.168.0.100 sfp.example.com sfp

Since we are here, you might as well add any other hosts you would like our spamfilter to know about. Add any internal mail server(s) here. Simply append any other entries to the bottom of the list.

1.3 APT and Other Tweaks

Apt needs to be setup to search in the universe and multiverse repositories. Backup your current /etc/apt/sources.list:

cp /etc/apt/sources.list /etc/apt/sources.list.default


Replace it with the following sources.list file:

vi /etc/apt/sources.list


deb http://us.archive.ubuntu.com/ubuntu dapper main restricted
deb-src http://us.archive.ubuntu.com/ubuntu dapper main restricted
deb http://us.archive.ubuntu.com/ubuntu dapper-updates main restricted
deb-src http://us.archive.ubuntu.com/ubuntu dapper-updates main restricted
deb http://us.archive.ubuntu.com/ubuntu dapper universe multiverse
deb-src http://us.archive.ubuntu.com/ubuntu dapper universe multiverse
deb http://security.ubuntu.com/ubuntu dapper-security main restricted
deb-src http://security.ubuntu.com/ubuntu dapper-security main restricted
deb http://security.ubuntu.com/ubuntu dapper-security universe multiverse
deb-src http://security.ubuntu.com/ubuntu dapper-security universe multiverse

We need to update/refresh the apt cache and install some software. To update the cache run:

apt-get update


Note: This is a good time to change your kernel image to the correct one, most likely you will need the 'linux-image-i686'. If you don't know what that means, look it up. Run an apt-get upgrade and take a moment to troubleshoot any errors and or problems that you might be having. We want to eliminate anything that could cause problems in the future. Remember to reboot once everything is ready and run a quick dmesg | less, it can go a long way.

apt-get install ssh


Once ssh is installed you should connect to the server via ssh using PuTTY from your linux or windows desktop. This would make it easier to get the rest of this howto done because you will be able to copy/paste onto the terminal from the desktop. So go ahead, ssh this puppy.

I usually just set the BIOS clock to local time then run the following to sync the clock.

apt-get install ntpdate

hwclock --systohc


Now we install most of the stuff we'll need. I split the list into 4 APT install runs. 5-15 installs at one time seems prudent, up to you:

apt-get install libc6-dev dpkg-dev db4.3-util libdb4.3-dev vim lynx bzip2 unzip perl-doc libwww-perl ntp-simple

apt-get install zlib1g-dev zip libdbi-perl libconvert-binhex-perl gcc make autoconf automake libtool libmail-spf-query-perl rblcheck libnet-ident-perl

apt-get install flex bison libcompress-zlib-perl pax libberkeleydb-perl ncftp unzoo arj lzop nomarch arc zoo

apt-get install postfix postfix-pcre postfix-mysql postfix-ldap cabextract lha unrar razor pyzor spamassassin


Select NO CONFIGURATION when Debconf for Postfix comes up.

Install unarj:

wget http://archive.ubuntu.com/ubuntu/pool/universe/a/arj/unarj_3.10.21-2_all.deb

dpkg -i unarj_3.10.21-2_all.deb


Now we also need to remove some programs, hopefully you don't need PCMCIA or printer support. This server will not need dial-up support either. You will not necessarily have all of these programs installed.

Uninstall the following software (All one line):

apt-get remove ipchains lpr nfs-common portmap pidentd pcmcia-cs pcmciautils pppoe pppoeconf ppp pppconfig uw-imapd qpopper mailagent


1.6 Cleaning up services

Some services might still linger even after uninstalling the daemons. First we need to backup inet.d:

cp -R /etc/init.d /etc/init.d.backup


Now we can stop all of the services that might be running which we don't need:

/etc/init.d/lpd stop
update-rc.d -f lpd remove

/etc/init.d/nfs-common stop
update-rc.d -f nfs-common remove

/etc/init.d/portmap stop
update-rc.d -f portmap remove

/etc/init.d/pcmcia stop
update-rc.d -f pcmcia remove

/etc/init.d/pcmciautils stop
update-rc.d -f pcmciautils remove

/etc/init.d/ppp stop
update-rc.d -f ppp remove

/etc/init.d/exim4 stop
update-rc.d -f exim4 remove

update-rc.d -f ntpdate remove


Disable all of the services we stopped:

update-inetd --disable time

update-inetd --disable daytime

update-inetd --disable echo

update-inetd --disable chargen

update-inetd --disable ident

update-inetd --disable discard


The last one may ask you a question regarding "multiple entries", answer yes (y).

Check that we got everything:

lsof -i | grep LISTEN


The only daemon you should see at this point is *:ssh. You may have to run this again:

update-inetd --disable discard


If there are other programs shown, try rebooting and test again.


Please do not use the comment function to ask for help! If you need help, please use our forum.
Comments will be published after administrator approval.
Submitted by Anonymous (not registered) on Tue, 2011-06-21 15:20.

I just tried to install on Ubuntu 11.04 and the installation fails on the line:

apt-get install libc6-dev dpkg-dev db4.3-util libdb4.3-dev vim lynx bzip2 unzip perl-doc libwww-perl ntp-simple

Result:

The following packages have unmet dependencies:
 libc6-dev : Depends: libc6 (= 2.3.6-0ubuntu20.6) but 2.13-0ubuntu13 is to be installed
E: Broken packages

Submitted by Anonymous (not registered) on Sun, 2011-09-04 05:39.

same here. : (

 e: unable to locate package link.

Submitted by Some_Bored_Dude (registered user) on Mon, 2006-11-06 12:33.
I've set this up on dapper and now on eft. I've found on both that unrar, and lha are no longer on the reps for download. As alternatives, I have used unp & unrar-free which seem to work fine.
Submitted by till (registered user) on Wed, 2006-09-13 09:11.
The title mentions that this howto installs ClamAV, in which step is it installed or is this part missing yet?
Submitted by fdalmoro (registered user) on Tue, 2006-09-26 19:22.
Page 4 has it.
Submitted by jtkooch (registered user) on Thu, 2006-09-07 16:04.

Excellent guide for the most part but there are some things that have me confused. You mention this will use mailscanner instead of Amavis, but page 4 references the amavis user accounts.

Also, there doesn't seem to be anypoint where either of those programs actually get installed.

Am I missing it?

Submitted by fdalmoro (registered user) on Mon, 2006-09-18 17:27.
Been busy, have not finished this howto. I should have posted it when it was finished sorry.
Submitted by ggouts (registered user) on Fri, 2006-08-25 21:44.

For those that are trying the install... I will be updating the documentation next week. I finally got all of the kinks worked out of my system and it's working fine. I have seen many posts regarding MailScanner+Postfix comments that say it is not recommended. I have not had any problems but like some posts say, updating either MailScanner or Postfix could be risky affair so fair warning. I'm willing to take the gamble because Postfix + MailScanner are the best in their respective fields I think (especially once MailScanner-MRTG is working). The graphs make it all worth it.

 

In any case if anyone runs into any snags just let me know through here or the forums and I will try to help out the best I can. Speaking of forums I'll have to hit those today just in case. Have not looked at them yet.

Submitted by Anonymous (not registered) on Fri, 2006-08-18 16:06.
When trying to install the long list of software packages in section 1.5, if there's a problem with one package, none will install.  I found that it was easier to install 4 or 5 packages at a time.
Submitted by ggouts (registered user) on Fri, 2006-08-25 21:36.

Good point. I need to do some more testing because I know some of the packages don't install with the repositories. That's why I made sure to put 'BETA' in the title :) ...

Submitted by Anonymous (not registered) on Thu, 2006-07-27 21:16.

Just working my way through this great looking howto and have run into the following issues on page 1. 

1.) Your sources.list references breezy repeatedly despite this being a dapper howto.  I assumed I could just uncomment my dapper repos and install away.

 2.) When running the big apt-get install the following packages could not be found: unarj, unrar, and lha.  I just skipped them so hopefully it does not matter too much.

3.) There is no pcmcia under init.d in my install but there is a pcmciautils.  Should I be shutting down and removing that instead?

4.) There is no inetd in /etc/init.d on my system for me to restart.

Everything seems to be working ok so far though so I am forging ahead with the install.

Submitted by Anonymous (not registered) on Mon, 2006-08-14 23:06.
Ok thanks. Any help is appreciated, when I have a chance I will update.