Installing ASSP (Anti-Spam SMTP Proxy) On Ubuntu Server 10.04 / Debian 5.0
This How-To document guides you through installing ASSP (Anti-Spam SMTP Proxy) on an Ubuntu 10.04 (LTS) Server or Debian 5.0 in the simplest way possible. It *may* work on later versions but I have no way of knowing how these instructions will work for you. Installing Ubuntu/Debian is beyond the scope of this document and it is assumed you already have the core Ubuntu/Debian OS with no predefined software collections installed.
Even though these instructions will work on any server/computer, since I am working on VMware virtual machine installations myself, I wanted to focus this How-To with side notes of any extra steps you need to take if you're using an Ubuntu Minimal Virtual Machine installation. These will be marked "Minimal Virtual Machines Only". I've included notes on installing VMware tools if you're using VMware.
*** Note: I do not use sudo in this document. Remember to use sudo where appropriate if your account is not a superuser. ***
Install A Minimal Virtual Machine (Optional)
Ubuntu Server's Minimal Virtual machine installation option is a very small installation of core Ubuntu software that installs only the absolutely necessary packages for it to run on a virtual machine. It is highly recommended to choose this option for an ASSP server since ASSP uses so little resources and disk space. My production ASSP server is installed on a VM with one processor core, 512 MB of RAM, and 4 GB of disk space; it is usually using about 6-11% CPU, half the RAM, and about half the disk space. It is merely a blip on the radar in virtual environment terms but it's FAST and its spam-stopping capabilities are excellent! This may or may not be your situation but it's definitely worth to give it a try since I have not found a single disadvantage, just a bunch of advantages.
Just in case you're wondering how to install an Ubuntu Minimal Virtual Machine... when you boot the install CD, on the first install screen: press F4, select Install a minimal virtual machine, then select Install Ubuntu Server.
If you're using VMware, you should always install VMware Tools. This is not a guide on how to install Ubuntu or configure it for VMware so I'm not going to go into much detail, but here's a quick run-down of how to install them:
- Install VMware Tools dependencies:
- Mount the VMware Tools volume by going into the VM menu and selecting Install/Upgrade VMware Tools
- Copy the VMware Tools package to your home directory: * Version numbers used here are for example purposes only.
- Install VMware Tools:
- Accept all defaults. If the install script is unable to locate the killall program, tell it that you want to specify its location and enter /sbin/killall5 when it asks.
apt-get install build-essential linux-headers-$(uname -r)
mount /dev/cdrom /cdrom
cp /cdrom/VMwareTools-3.5.0-238493.tar.gz ~
umount /dev/cdrom
tar -xf VMwareTools-3.5.0-238493.tar.gz
cd vmware-tools-distrib
./vmware-install.pl
Install General Dependencies
To get things started, we need a few packages installed that we will be using throughout the set up process and beyond. We will need ssh since this should be the way you connect to your server. We need the telnet client to perform a few tests. And we need wget and unzip to be able to download and uncompress ASSP and other programs.
apt-get install ssh unzip
Minimal Virtual Machines Only:
apt-get install telnet wget
Install NTP
- Make sure your time zone is set correctly. If it isn't, run this command and select the correct one:
- When you're sure your time zone is correct, install the ntp package:
dpkg-reconfigure tzdata
apt-get install ntp
Install Postfix
- Install the postfix package:
- Select the default "Internet Site" configuration.
- Back up the Postfix master config file /etc/postfix/master.cf :
- Edit the Postfix master config file /etc/postfix/master.cf :
- Reload the Postfix configuration:
- Secure your Postfix server (optional but highly recommended): Since we want all mail to pass through ASSP before going to Postfix, we need to make sure that the Postfix server cannot be accessed from anywhere else other than the local host. Of course, we could achieve the same with a firewall (and you should!) but this is a double-check in case of an internal network spam-bot, virus, or worm infection that tries to use your server to relay.
- First, edit your main.cf file:
- Locate the line that begins with mynetworks and add the ip address of the local server with a mask of /32:
- Add these few lines to the end of the file:
- Create a new file called transport ...
- Run the postmap command on the transport file to map the file into a lookup table that Postfix can use (this will create a file called transport.db):
- Reload the Postfix configuration:
- Now, test it out. Telnet to the Postfix port (i.e. 125) from the local host and then telnet it from anywhere else. The connections from the local host should be permitted but the others should be immediately rejected with 554 5.7.1 Client host rejected: Access denied.
apt-get install postfix
cp /etc/postfix/master.cf /etc/postfix/master.cf.orig
vi /etc/postfix/master.cfLook for this line near the beginning of the file...
smtp inet n - - - - smtpd...and replace "smtp" with "125" so it looks like this:
125 inet n - - - - smtpd
postfix reload
cd /etc/postfix
vi main.cf
mynetworks = 127.0.0.0/8 ###.###.###.###/32 [::ffff:127.0.0.0]/104 [::1]/128
smtpd_client_restrictions = permit_mynetworks, reject
smtpd_delay_reject = no
transport_maps = hash:/etc/postfix/transport
cd /etc/postfix
vi transport
mydomain.tld smtp:###.###.###.###
cd /etc/postfix
postmap transport
postfix reload
Install Clam AntiVirus
- Install ClamAV and the ClamAV Daemon:
- Run freshclam to update all ClamAV definitions.
apt-get install clamav clamav-daemon
freshclam
Don't worry if freshclam reports that ClamAV is outdated. What's important is that the definition files say 'up to date'.
REBOOT
- You must reboot now to make sure all the newly installed Ubuntu/Debian software packages boot up cleanly.