Filtering emails using Spamassassin and Clamav for Exchange 2000 Server

Discussion in 'Server Operation' started by Rocky, Oct 5, 2005.

  1. Rocky

    Rocky New Member

    I need help to configure a linux distro, preferrably Mandriva, to filter emails and then forward them to my Exchange 2000 Server. Any other distro's would be fine also. I've heard about Spamassassin and Clamav and thought that I should use them. Any suggestions? :confused:
     
  2. falko

    falko Super Moderator Howtoforge Staff Moderator HowtoForge Supporter ISPConfig Developer

    I've just finished writing a tutorial that could be good for you: :D
    http://www.howtoforge.com/virtual_postfix_mysql_quota_courier

    But it's based on Debian, not Mandriva. But should not be difficult to switch over to Debian. :)
     
  3. Rocky

    Rocky New Member

    I'll give your tutorial a try.
     
  4. Rocky

    Rocky New Member

    Ok, so I've followed your tutorial thoroughly and had success. Now if I wanted to catch all mails going to domainA, and send them to smtp.domainA.com, what scenerio would i have to use? Would it be a transport: domainA.com --> smtp:mail.domainA.tld?

    Also, If I wanted to catch emails going to domainB, for specific users, and send them to domainA, would I have to use the forwardings example below?
    user@domainB.com --> user@domainA.tld. You have .tld in your examples, do I have to create the destination as user@domainA.tld? I'm a bit confuse as to why .com is not used.
     
  5. falko

    falko Super Moderator Howtoforge Staff Moderator HowtoForge Supporter ISPConfig Developer

    Yes! :)

    Yes.
    .tld is just a placeholder for .com, .net, .org, .de, ...
     
  6. Rocky

    Rocky New Member

    Well that explains a lot and thank you very much for all of your tutorials. I'm just waiting for DNS entries to update in order to check my new mail system and I wll post the results. :)
     
  7. Rocky

    Rocky New Member

    Virtual Users And Domains With Postfix, Courier And MySQL (+ SMTP-AUTH, Quota, SpamAs

    I think I have an issue with my setup. I have a domain, called mcrirents.com, and created the host and mx records for DNS. I've logged into phpmyadmin and created the domain --> mcrirents.com, user --> malli@mcrirents.com and forwardings --> malli@mcirents.com to malli@computerrents.com.
    When I send out a mail from comcast, gmail or hotmail, it seems like its going through, but I dont receive the mail at my computerrens accound. I've checked all the setting in phpmyadmin and everything looks correct.
    Am I doing something wrong.
    Also, should I be able to pop3 into malli@mcrirents.com because when I try to do it, it tells me that the password is incorrect.
    :confused:
     
  8. falko

    falko Super Moderator Howtoforge Staff Moderator HowtoForge Supporter ISPConfig Developer

    Can you have a look at the mail log /var/log/mail.log? What's in there when you send a mail to malli@computerrents.com?

    Does POP3 tell you that your password is incorrect, or does it tell you that the Maildir for that email address doesn't exist?
     
  9. Rocky

    Rocky New Member

    Below is what my mail.log file looks like as of Oct 7, 05 at 8:37am


    Oct 7 08:37:10 mail postfix/smtpd[4721]: connect from localhost.localdomain[127.0.0.1]
    Oct 7 08:42:17 mail postfix/smtpd[4721]: timeout after EHLO from localhost.localdomain[127.0.0.1]
    Oct 7 08:42:17 mail postfix/smtpd[4721]: disconnect from localhost.localdomain[127.0.0.1]
    Oct 7 08:44:52 mail postfix/smtpd[4732]: connect from localhost.localdomain[127.0.0.1]
    Oct 7 08:45:55 mail postfix/smtpd[4732]: D4FAFD033F: client=localhost.localdomain[127.0.0.1]
    Oct 7 08:46:53 mail postfix/cleanup[4739]: D4FAFD033F: message-id=<20051007134529.D4FAFD033F@mail.mcrirents.com>
    Oct 7 08:46:53 mail postfix/qmgr[3444]: D4FAFD033F: from=<malli@mcrirents.com>, size=385, nrcpt=1 (queue active)
    Oct 7 08:46:53 mail postfix/smtp[4740]: fatal: valid hostname or network address required in SMTP server description: {127.0.
    0.1}:10024
    Oct 7 08:46:54 mail postfix/qmgr[3444]: warning: premature end-of-input on private/amavis socket while reading input attribut
    e name
    Oct 7 08:46:54 mail postfix/qmgr[3444]: warning: private/amavis socket: malformed response
    Oct 7 08:46:54 mail postfix/qmgr[3444]: warning: transport amavis failure -- see a previous warning/fatal/panic logfile recor
    d for the problem description
    Oct 7 08:46:54 mail postfix/master[3442]: warning: process /usr/lib/postfix/smtp pid 4740 exit status 1
    Oct 7 08:46:54 mail postfix/master[3442]: warning: /usr/lib/postfix/smtp: bad command startup -- throttling
    Oct 7 08:47:04 mail postfix/smtpd[4732]: disconnect from localhost.localdomain[127.0.0.1]
    Oct 7 08:48:01 mail postfix/pickup[4664]: 3DECCD0341: uid=0 from=<root>
    Oct 7 08:48:01 mail postfix/cleanup[4739]: 3DECCD0341: message-id=<20051007134800.3DECCD0341@mail.mcrirents.com>
    Oct 7 08:48:01 mail postfix/qmgr[3444]: 3DECCD0341: from=<root@mail.mcrirents.com>, size=581, nrcpt=7 (queue active)
    Oct 7 08:48:01 mail postfix/smtp[4774]: fatal: valid hostname or network address required in SMTP server description: {127.0.
    0.1}:10024
    Oct 7 08:48:02 mail postfix/qmgr[3444]: warning: premature end-of-input on private/amavis socket while reading input attribut
    e name
    Oct 7 08:48:02 mail postfix/qmgr[3444]: warning: private/amavis socket: malformed response
    Oct 7 08:48:02 mail postfix/qmgr[3444]: warning: transport amavis failure -- see a previous warning/fatal/panic logfile recor
    d for the problem description
    Oct 7 08:48:02 mail postfix/master[3442]: warning: process /usr/lib/postfix/smtp pid 4774 exit status 1
    Oct 7 08:48:02 mail postfix/master[3442]: warning: /usr/lib/postfix/smtp: bad command startup -- throttling
    Oct 7 08:50:50 mail postfix/pickup[4782]: AAE16D0345: uid=0 from=<root>
    Oct 7 08:50:50 mail postfix/cleanup[4783]: AAE16D0345: message-id=<20051007135050.AAE16D0345@mail.mcrirents.com>
    Oct 7 08:50:50 mail postfix/qmgr[3444]: AAE16D0345: from=<root@mail.mcrirents.com>, size=744, nrcpt=1 (queue active)
    Oct 7 08:50:50 mail postfix/smtp[4785]: fatal: valid hostname or network address required in SMTP server description: {127.0.
    0.1}:10024
    Oct 7 08:50:51 mail postfix/qmgr[3444]: warning: premature end-of-input on private/amavis socket while reading input attribut
    e name
    Oct 7 08:50:51 mail postfix/qmgr[3444]: warning: private/amavis socket: malformed response
    Oct 7 08:50:51 mail postfix/qmgr[3444]: warning: transport amavis failure -- see a previous warning/fatal/panic logfile recor
    d for the problem description
    Oct 7 08:50:51 mail postfix/master[3442]: warning: process /usr/lib/postfix/smtp pid 4785 exit status 1
    Oct 7 08:50:51 mail postfix/master[3442]: warning: /usr/lib/postfix/smtp: bad command startup -- throttling
    Oct 7 08:53:25 mail postfix/qmgr[3444]: DD45CD02DE: from=<root@mail.mcrirents.com>, size=781, nrcpt=1 (queue active)
    Oct 7 08:53:25 mail postfix/qmgr[3444]: A4E55D02E1: from=<root@mail.mcrirents.com>, size=806, nrcpt=1 (queue active)
    Oct 7 08:53:25 mail postfix/qmgr[3444]: A8349D0324: from=<roc1479@hotmail.com>, size=1067, nrcpt=1 (queue active)
    Oct 7 08:53:25 mail postfix/qmgr[3444]: A8349D0324: from=<roc1479@hotmail.com>, size=1067, nrcpt=1 (queue active)
    Oct 7 08:53:25 mail postfix/qmgr[3444]: B3C26D02DD: from=<root@mail.mcrirents.com>, size=781, nrcpt=1 (queue active)
    Oct 7 08:53:25 mail postfix/qmgr[3444]: BBC66D0235: from=<nobody@mail.mcrirents.com>, size=785, nrcpt=1 (queue active)
    Oct 7 08:53:25 mail postfix/qmgr[3444]: 80FBED0234: from=<nobody@mail.mcrirents.com>, size=785, nrcpt=1 (queue active)
    Oct 7 08:53:25 mail postfix/qmgr[3444]: 22F20D033C: from=<root@mail.mcrirents.com>, size=482, nrcpt=1 (queue active)
    Oct 7 08:53:25 mail postfix/smtp[4787]: fatal: valid hostname or network address required in SMTP server description: {127.0.
    0.1}:10024
    Oct 7 08:53:25 mail postfix/smtp[4786]: fatal: valid hostname or network address required in SMTP server description: {127.0.
    0.1}:10024
    Oct 7 08:53:26 mail postfix/qmgr[3444]: warning: premature end-of-input on private/amavis socket while reading input attribut
    e name
    Oct 7 08:53:26 mail postfix/qmgr[3444]: warning: private/amavis socket: malformed response
    Oct 7 08:53:26 mail postfix/qmgr[3444]: warning: transport amavis failure -- see a previous warning/fatal/panic logfile recor
    d for the problem description
    Oct 7 08:53:26 mail postfix/master[3442]: warning: process /usr/lib/postfix/smtp pid 4786 exit status 1
    Oct 7 08:53:26 mail postfix/master[3442]: warning: /usr/lib/postfix/smtp: bad command startup -- throttling
    Oct 7 08:53:26 mail postfix/master[3442]: warning: process /usr/lib/postfix/smtp pid 4787 exit status 1
    Oct 7 08:53:26 mail postfix/qmgr[3444]: A8349D0324: to=<malli@mcrirents.com>, relay=none, delay=65724, status=deferred (deliv
    ery temporarily suspended: unknown mail transport error)
    Oct 7 08:53:26 mail postfix/qmgr[3444]: B3C26D02DD: to=<root@mail.mcrirents.com>, orig_to=<root>, relay=none, delay=85724, st
    atus=deferred (delivery temporarily suspended: unknown mail transport error)
    Oct 7 08:53:26 mail postfix/qmgr[3444]: BBC66D0235: to=<root@mail.mcrirents.com>, orig_to=<root>, relay=none, delay=72737, st
    atus=deferred (delivery temporarily suspended: unknown mail transport error)
    Oct 7 08:53:26 mail postfix/qmgr[3444]: 80FBED0234: to=<root@mail.mcrirents.com>, orig_to=<root>, relay=none, delay=72737, st
    atus=deferred (delivery temporarily suspended: unknown mail transport error)
    Oct 7 08:53:26 mail postfix/qmgr[3444]: 22F20D033C: to=<postmaster@isp.tld>, relay=none, delay=32004, status=deferred (delive
    ry temporarily suspended: unknown mail transport error)
    Oct 7 08:53:26 mail postfix/qmgr[3444]: warning: premature end-of-input on private/amavis socket while reading input attribut
    e name
    Oct 7 08:53:26 mail postfix/qmgr[3444]: warning: private/amavis socket: malformed response
    Oct 7 08:53:26 mail postfix/qmgr[3444]: warning: transport amavis failure -- see a previous warning/fatal/panic logfile recor
    d for the problem description


    When I try to do pop3, it tells me that the password is incorrent.
     
  10. falko

    falko Super Moderator Howtoforge Staff Moderator HowtoForge Supporter ISPConfig Developer

    I quote from http://www.howtoforge.com/virtual_postfix_mysql_quota_courier_p2: :D

    Put a valid address into /etc/postfix/main.cf and restart Postfix.
     
  11. Rocky

    Rocky New Member

    Below is what my main.cf looks like.

    # See /usr/share/postfix/main.cf.dist for a commented, more complete version

    smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
    biff = no

    # appending .domain is the MUA's job.
    append_dot_mydomain = no

    # Uncomment the next line to generate "delayed mail" warnings
    #delay_warning_time = 4h

    myhostname = mail.mcrirents.com
    alias_maps = hash:/etc/aliases
    alias_database = hash:/etc/aliases
    myorigin = /etc/mailname
    mydestination = mail.mcrirents.com, localhost, localhost.localdomain
    relayhost =
    mynetworks = 127.0.0.0/8
    mailbox_command = procmail -a "$EXTENSION"
    mailbox_size_limit = 0
    recipient_delimiter = +
    inet_interfaces = all
    virtual_alias_domains =
    virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, mysql:/etc/postfix/mysql-virtual_email2email.cf
    virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
    virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
    virtual_mailbox_base = /home/vmail
    virtual_uid_maps = static:5000
    virtual_gid_maps = static:5000
    smtpd_sasl_auth_enable = yes
    broken_sasl_auth_clients = yes
    smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
    smtpd_use_tlc = yes
    smtpd_use_tls = yes
    smtpd_tls_cert_file = /etc/postfix/smtpd.cert
    smtpd_tls_key_file = /etc/postfix/smtpd.key
    transport_maps = proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
    virtual_create_maildirsize = yes
    virtual_mailbox_extended = yes
    virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailbox_limit_maps.cf
    virtual_mailbox_limit_override = yes
    virtual_maildir_limit_message = "The user you are trying to reach is over quota."
    virtual_overquota_bounce = yes
    proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtu
    al_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relo
    cated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps
    content_filter = amavis:{127.0.0.1}:10024
    receive_override_options = no_address_mappings
    ~

    I had my host create the DNS entries for me. They created the host and mx records as follows:
    mail.mcrirents.com -->> 141.150.xx.xxx
    10 mail.mcrirents.com

    Do I need to create any other hosts? :confused:
     
  12. falko

    falko Super Moderator Howtoforge Staff Moderator HowtoForge Supporter ISPConfig Developer

    When did they create the DNS records? It might take up to 72 hours until all name servers know about the new entries.
     
  13. Rocky

    Rocky New Member

    About 3 days now.

    I have configure Debian with private settings:

    Ip: 192.168.0.xxx
    Netmask: 255.255.255.0
    Gateway: 192.168.0.x
    Dns: 192.168.0.xx

    I'm Natting through the router and have 141.150.xx.xxx going to 192.168.0.xxx. I've opened ports 80, 25 and 110 on this ip. Is this correct?

    Also, when setting up the network, I gave Debian a hostname of mail.mcrirents.com. I also have the same host name in the postfix configuration. Is that correct?
     
    Last edited: Oct 7, 2005
  14. falko

    falko Super Moderator Howtoforge Staff Moderator HowtoForge Supporter ISPConfig Developer

    Yes.

    Yes.

    I think the problem is the DNS server you're using on your Debian box (192.168.0.xx). Can you try and put other nameservers into /etc/resolv.conf? E.g. 193.174.32.18 and 145.253.2.11.
     
  15. Rocky

    Rocky New Member

    Well Falko, I have some good news. After doing a complete re-installation and using your guide, paying very close attention, I was able to sucessfully set up the Debain Sarge Postfix mail system.
    I am now able to pop3 into my account with success. The emails are scanned for spam, as well as viruses, before they are received. However, I have one little issue. When I try to send emails out of the pop account, it gives me the following error:

    The message could not be sent because one of the recipients was rejected by the server. The rejected e-mail address was 'malli@computerrents.com'. Subject 'test', Account: 'mail.mcrirents.com', Server: 'mail.mcrirents.com', Protocol: SMTP, Server Response: '554 <malli@computerrents.com>: Relay access denied', Port: 25, Secure(SSL): No, Server Error: 554, Error Number: 0x800CCC79

    I had my isp(Verizon) create a PTR record for me today assuming that is the problem. Also, I didn't put any public DNS into the resolve.cf file. Do you think I should? If so, should I use my ISP's DNS servers?

    This is how I have it set up using the phpmyadmin interface:
    domain --> mcrirents.com
    user --> malli@mcrirents.com
     
  16. falko

    falko Super Moderator Howtoforge Staff Moderator HowtoForge Supporter ISPConfig Developer

    You have to activate something like "Server needs authentication" in your email client for that account!

    Yes, use public DNS servers. You can use your ISP's DNS servers or any others (e.g. the ones from my post above).
     
  17. Rocky

    Rocky New Member

    Ok Falko, I have success. I had a mistake in one of the configuration files. So now that I can send and receive mails, I have a few questions.
    Would I be able to train spamassassin? If I needed to allow certain mails that are being blocked as spam, how would I do that?
    Also, are file attachments allowed to pass through or are certain exts blocked? How would I be able to allow/disallow them?
    And last, is there an interface that I could use to access mails through the web? If yes, can you walk me through setting it up?

    I really do appreciate the help and I must add that this tutorial was one of the easiest for me to use so far. :)

    Thanks Falko!!
     
    Last edited: Oct 10, 2005
  18. falko

    falko Super Moderator Howtoforge Staff Moderator HowtoForge Supporter ISPConfig Developer

    Yes, there's a program called sa-learn that you can run per cron job. See
    Code:
    man sa-learn
    to find out how to use it.

    You can create a whitelist. Have a look at the original file /etc/amavis/amavisd.conf, I think it is described there.

    Have a look at the Anomy-Sanitizer: http://mailtools.anomy.net/

    There are 3 good ones I know of: Squirrelmail (http://www.squirrelmail.org/), Uebimiau (http://www.uebimiau.org/) and Horde/IMP (http://www.horde.org/imp/).
     
  19. povilas

    povilas New Member

    had the same problem.

    check
    hostname -f

    and in case add by
    hostname -F /etc/hostname

    Also, you should properly configure your dns server.
     
  20. Contivity

    Contivity New Member

    I'm wondering if it's possible to create virtual maps so that people inside the Exchange environment can use it to. For example I have domain.com and I want sales@domain.com to go to john@domain.com, doe@domain.com, and jane@domain.com.

    I have successfully create a virtual map to map these users and external email addresses can send to sales@domain.com and get forwarded to these 3 people. However if john@domain.com sends to sales@domain.com, it gets NDR saying that sales@domain.com is not accessible.

    How can I force Exchange (I'm on Exchange 2003) to send the e-mails to the postfix server under the following condition:
    1. No contacts needs to be created on Exchange server pointing to alternate domain name that points to the postfix server
    2. MAPI connection still used instead of SMTP
    3. No distribution group needs to be created on the Exchange server making redundant entry of the virtual map

    In other words is it possible to force a transport from the MAPI connection to send everything to postfix if no local user is available? if yes, how?
     

Share This Page