The Perfect SpamSnake - Ubuntu 8.04 LTS

Want to support HowtoForge? Become a subscriber!
 
Submitted by Rocky (Contact Author) (Forums) on Thu, 2008-05-01 17:45. :: Anti-Spam/Virus | Ubuntu | Postfix

The Perfect SpamSnake - Ubuntu 8.04 LTS

Postfix w/Bayesian Filtering and Anti-Backscatter (Relay Recipients), Apache, Mysql, Bind, MailScanner (Spamassassin, ClamAV, Pyzor, Razor, DCC-Client), MailWatch, SPF Checks, FuzzyOcr, PDF/XLS/Phishing Sanesecurity Signatures, Postfix-GLD (Greylisting Optional), Logwatch Statistical Reporting (Optional), Outgoing Disclaimer with alterMIME (Optional), FireHOL (Iptables Firewall)

Version 2.0
Author: Mohammed Alli

This tutorial shows how to set up an Ubuntu Hardy Heron (8.04 LTS) based server as a spamfilter in Gateway mode. In the end, you will have a SpamSnake Gateway which will relay clean emails to your MTA. You will also be able to view your incoming queue, train your SpamSnake and carry out a few more advanced operations via MailWatch.

I cannot offer any guarantees that this will work for you, the same way it’s working for me.

I will use the following software:

  • Web Server: Apache 2.2 with PHP 5.2.4 and Ruby
  • Database Server: MySQL 5.0
  • Mail Server: Postfix
  • DNS Server: BIND9
  • PHP: PHP5
  • MailScanner: MailScanner v4.68.8
  • MailWatch: MailWatch v1.0.4

Credit goes to the guys at HowToForge and the developers of MailScanner and MailWatch.

 

1 Requirements

To install such a system you will need the following:

 

1.1 Preliminary Note

In this tutorial I use the hostname server1.example.com with the IP address 192.168.0.100 and the gateway 192.168.0.1. These settings might differ for you, so you have to replace them where appropriate.

 

1.2 The Base System

1. Insert your Ubuntu install CD into your system and boot from it. Select your language:

2. Select Install to the hard disk:

3. The installation starts, choose your language again:

4. Then select your location:

Choose a keyboard layout (you will be asked to press a few keys, and the installer will try to detect your keyboard layout based on the keys you pressed):

5. The installer checks the installation CD, your hardware, and configures the network with DHCP if there is a DHCP server in the network:

Enter the hostname. In this example, my system is called server1.example.com, so I enter server1:

6. Now you have to partition your hard disk. For simplicity's sake I will create one big partition (with the mount point /) and a little swap partition so I select Guided - use entire disk (of course, the partitioning is totally up to you - if you like, you can create more than just one big partition, and you can also use LVM):

Select the disk that you want to partition:

When you're finished, hit Yes when you're asked Write the changes to disks?:

Afterwards, your new partitions are being created and formatted.

7. Create a user, for example the user Administrator with the user name administrator (don't use the user name admin as it is a reserved name on Ubuntu 8.04):

8. The only item I select here is OpenSSH server so that I can immediately connect to the system with an SSH client such as PuTTY after the installation has finished:

9. The GRUB boot loader gets installed:

10. The base system installation is now finished. Remove the installation CD from the CD drive and hit Continue to reboot the system:


Please do not use the comment function to ask for help! If you need help, please use our forum.
Comments will be published after administrator approval.
Submitted by Rob (not registered) on Thu, 2010-01-21 12:42.
I installed this. Tested it and now it is running for all our domains and it works perfect! thanks :)
Submitted by ctrl (not registered) on Sat, 2010-01-09 10:30.
Hello,
Large a thank you for your tutorial! I have used SpamSnake for 6 months and I am magic.

This morning, SpamSnake informs me of a very high number of message containing the Virus (Exploit.PDF-9669). Information taken, it acts of a bug in Clamav which I decide to update by a “apt-get install clamav clamav-demon clamav-fresclam” then I launch “freshclam” to recover the update of the database.

However, and in a more total way, I wishes knowledge if I could, without risk for the configuration of SpamSnake, throw a “apt-get upgrade”.

Better greetings,
Submitted by cougard (registered user) on Wed, 2008-09-17 16:07.

Can I implement this solution on a machine running as a firewall with 2 network interfaces? One for the Internet and one for the internal network?

 Thanks.

Submitted by Anonymous (not registered) on Mon, 2008-10-06 19:12.

In theory I don't see why not, but it probably isn't a good idea.  Doing that way makes the spamsnake a bridge between the two networks that isn't protected by the firewall.  The only way to make it secure is to have the firewall accept mail on the external interface, with the appropriate firewall blocking, pass it to the spamsnake on the internal interface for processing and then forward it to a mail server for distribution.  If the spamsnake accepts mail on the external interface directly, it will bypass the firewall.

The more secure option is to have the spamsnake be a separate external machine, accept and process all mail there and only pass the legitimate mail to the internal network via the external interface of the firewall.  The other benefit of this method is it reduces the load on the firewall since all the spam, and the associated connections, has been dumped before it reaches the firewall.

Submitted by sjuerges (registered user) on Tue, 2008-08-05 12:00.
Hello ! Any specific reason for using MailScanner and not AMaViS ? Just out of curiosity. Regards, Sebastian M Juergse
Submitted by Rocky (registered user) on Tue, 2008-10-14 17:04.

I tried this setup with Amavis but thought MailScanner was a bit faster.

Submitted by linch_y (registered user) on Sat, 2008-05-10 14:27.
I've been using file based Greylisting for more than an year and I would say it is faster than the DB based ones. I am using tumgreyspf.
Submitted by Rocky (registered user) on Tue, 2008-05-13 13:35.

When it comes to the addons, it's really your choice which one you want to use.  I've been quite lucky with the db setup so that's why I use it. 

Thanks for your recommendation though.  If I have any problems with my current setup, I would be more than happy to give your recommendation a shot.