Mandriva 2005 Postfix Anti-Spam, Anti-Virus Relay Server for Exchange Server 2000/2003 - Page 2

STEP 3: Install Spamassassin, Razor, Pyzor, DCC and amavisd-new

a) At the console prompt or a putty window type the following command:

urpmi spamassassin

Say yes to the dependencies prompt. This will automatically install spamassassin and razor automatically. Configure spamassassin: If your mail server is behind a NAT firewall, you may consider setting up the trusted_networks and internal_networks in spamassassin’s local.cf file. This is a well known problem with spamassassin on a private IP. Here’s how to fix it. Edit the /etc/mail/spamassassin/local.cf file:

vi /etc/mail/spamassassin/local.cf

Add the trusted_networks and internal_networks line for every PUBLIC ip address your mail server is known for:
trusted_networks 123.456.789.123
trusted_networks 987.654.321.987
internal_networks 123.456.789.123
internal_networks 987.456.789.123
(Obviously substitute your own public IP address(es)) Add the following lines still in the /etc/mail/spamassassin/local.cf file to configure spamassassin to use razor, pyzor and dcc:
bayes_auto_learn 1
bayes_path /etc/mail/spamassassin/bayes
bayes_file_mode 0666
use_razor2 1
razor_config /root/.razor/razor-agent.conf
razor_timeout 10
use_pyzor 1
pyzor_timeout 10
pyzor_max 5
add_header all Pyzor _PYZOR_
use_dcc 1
dcc_timeout 10
dcc_home /var/lib/dcc
dcc_path /usr/bin/dccproc
Create a custom rule set for spamassassin by typing the following in the console:

vi /etc/mail/spamassassin/sa_rules_update.sh

Copy and paste the following into the file:
#!/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
cd /etc/mail/spamassassin/ &> /dev/null && /usr/bin/wget http://www.rulesemporium.com/rules/71_sare_redirect_pre3.0.0.cf -O 71_sare_redirect_pre3.0.0.cf &> /dev/null
cd /etc/mail/spamassassin/ &> /dev/null && /usr/bin/wget http://www.rulesemporium.com/rules/70_sare_bayes_poison_nxm.cf -O 70_sare_bayes_poison_nxm.cf &> /dev/null
cd /etc/mail/spamassassin/ &> /dev/null && /usr/bin/wget http://www.rulesemporium.com/rules/70_sare_html.cf -O 70_sare_html.cf &> /dev/null
cd /etc/mail/spamassassin/ &> /dev/null && /usr/bin/wget http://www.rulesemporium.com/rules/70_sare_html4.cf -O 70_sare_html4.cf &> /dev/null
cd /etc/mail/spamassassin/ &> /dev/null && /usr/bin/wget http://www.rulesemporium.com/rules/70_sare_html_x30.cf -O 70_sare_html_x30.cf &> /dev/null
cd /etc/mail/spamassassin/ &> /dev/null && /usr/bin/wget http://www.rulesemporium.com/rules/70_sare_header0.cf -O 70_sare_header0.cf &> /dev/null
cd /etc/mail/spamassassin/ &> /dev/null && /usr/bin/wget http://www.rulesemporium.com/rules/70_sare_header3.cf -O 70_sare_header3.cf &> /dev/null
cd /etc/mail/spamassassin/ &> /dev/null && /usr/bin/wget http://www.rulesemporium.com/rules/70_sare_header_x30.cf -O 70_sare_header_x30.cf &> /dev/null
cd /etc/mail/spamassassin/ &> /dev/null && /usr/bin/wget http://www.rulesemporium.com/rules/70_sare_specific.cf -O 70_sare_specific.cf &> /dev/null
cd /etc/mail/spamassassin/ &> /dev/null && /usr/bin/wget http://www.rulesemporium.com/rules/70_sare_adult.cf -O 70_sare_adult.cf &> /dev/null
cd /etc/mail/spamassassin/ &> /dev/null && /usr/bin/wget http://www.rulesemporium.com/rules/72_sare_bml_post25x.cf -O 72_sare_bml_post25x.cf &> /dev/null
cd /etc/mail/spamassassin/ &> /dev/null && /usr/bin/wget http://www.rulesemporium.com/rules/99_sare_fraud_post25x.cf -O 99_sare_fraud_post25x.cf &> /dev/null
cd /etc/mail/spamassassin/ &> /dev/null && /usr/bin/wget http://www.rulesemporium.com/rules/70_sare_spoof.cf -O 70_sare_spoof.cf &> /dev/null
cd /etc/mail/spamassassin/ &> /dev/null && /usr/bin/wget http://www.rulesemporium.com/rules/70_sare_random.cf -O 70_sare_random.cf &> /dev/null
cd /etc/mail/spamassassin/ &> /dev/null && /usr/bin/wget http://www.rulesemporium.com/rules/70_sare_oem.cf -O 70_sare_oem.cf &> /dev/null
cd /etc/mail/spamassassin/ &> /dev/null && /usr/bin/wget http://www.rulesemporium.com/rules/70_sare_genlsubj0.cf -O 70_sare_genlsubj0.cf &> /dev/null
cd /etc/mail/spamassassin/ &> /dev/null && /usr/bin/wget http://www.rulesemporium.com/rules/70_sare_genlsubj3.cf -O 70_sare_genlsubj3.cf &> /dev/null
cd /etc/mail/spamassassin/ &> /dev/null && /usr/bin/wget http://www.rulesemporium.com/rules/70_sare_genlsubj_x30.cf -O 70_sare_genlsubj_x30.cf &> /dev/null
cd /etc/mail/spamassassin/ &> /dev/null && /usr/bin/wget http://www.rulesemporium.com/rules/70_sare_unsub.cf -O 70_sare_unsub.cf &> /dev/null
cd /etc/mail/spamassassin/ &> /dev/null && /usr/bin/wget http://www.rulesemporium.com/rules/70_sare_uri.cf -O 70_sare_uri.cf &> /dev/null
cd /etc/mail/spamassassin/ &> /dev/null && /usr/bin/wget http://mywebpages.comcast.net/mkettler/sa/antidrug.cf -O antidrug.cf &> /dev/null
cd /etc/mail/spamassassin/ &> /dev/null && /usr/bin/wget http://www.timj.co.uk/linux/bogus-virus-warnings.cf -O bogus-virus-warnings.cf &> /dev/nullcd /etc/mail/spamassassin/ &> /dev/null && /usr/bin/wget http://www.yackley.org/sa-rules/evilnumbers.cf -O evilnumbers.cf &> /dev/null
cd /etc/mail/spamassassin/ &> /dev/null && /usr/bin/wget http://www.stearns.org/sa-blacklist/random.current.cf -O random.current.cf &> /dev/null
cd /etc/mail/spamassassin/ &> /dev/null && /usr/bin/wget http://www.rulesemporium.com/rules/88_FVGT_body.cf -O 88_FVGT_body.cf &> /dev/null
cd /etc/mail/spamassassin/ &> /dev/null && /usr/bin/wget http://www.rulesemporium.com/rules/88_FVGT_rawbody.cf -O 88_FVGT_rawbody.cf &> /dev/null
cd /etc/mail/spamassassin/ &> /dev/null && /usr/bin/wget http://www.rulesemporium.com/rules/88_FVGT_subject.cf -O 88_FVGT_subject.cf &> /dev/nullcd /etc/mail/spamassassin/ &> /dev/null && /usr/bin/wget http://www.rulesemporium.com/rules/88_FVGT_headers.cf -O 88_FVGT_headers.cf &> /dev/null
cd /etc/mail/spamassassin/ &> /dev/null && /usr/bin/wget http://www.rulesemporium.com/rules/88_FVGT_uri.cf -O 88_FVGT_uri.cf &> /dev/null
cd /etc/mail/spamassassin/ &> /dev/null && /usr/bin/wget http://www.rulesemporium.com/rules/99_FVGT_DomainDigits.cf -O 99_FVGT_DomainDigits.cf &> /dev/null
cd /etc/mail/spamassassin/ &> /dev/null && /usr/bin/wget http://www.rulesemporium.com/rules/99_FVGT_Tripwire.cf -O 99_FVGT_Tripwire.cf &> /dev/null
cd /etc/mail/spamassassin/ &> /dev/null && /usr/bin/wget http://www.rulesemporium.com/rules/99_FVGT_meta.cf -O 99_FVGT_meta.cf &> /dev/null
cd /etc/mail/spamassassin/ &> /dev/null && /usr/bin/wget http://www.nospamtoday.com/download/mime_validate.cf -O mime_validate.cf &> /dev/null
/etc/init.d/amavisd restart &> /dev/null
exit 0 
Save the file and change the permissions to executable: Shift ZZ

chmod 755 /etc/mail/spamassassin/sa_rules_update.sh

Run the file and ensure there are no errors. On the console or putty windowtype:

/etc/mail/spamassassin/sa_rules_update.sh

Under the /etc/mail/spamassassin directory you should see a bunch of files ending in .cf. Examples are: bogus_virus_warnings.cf, etc. That means the rules have been updated for spamassassin. Now, you must schedule this script to run on a regular basis. On the console or putty window type the following to schedule a cron job:

crontab -e

Paste the following in your putty window:
23 4 */2 * * /etc/mail/spamassassin/sa_rules_update.sh &> /dev/null  
(This will schedule the script to run every two days on 4:23. Obviously, don't copy mine verbatim but adjust to your liking. I used 4:23 to show you the hours/minutes.) Save the file: Shift ZZ b) At the console prompt or a putty window type the following command:

urpmi razor

(accept all dependencies)

urpmi pyzor

(accept all dependencies)

urpmi dcc

(accept all dependencies)

urpmi amavisd-new

Say yes to the dependencies prompt. This will automatically install amavisd-new. c) Configure amavisd by editing the /etc/amavisd/amavisd.conf:

vi /etc/amavisd/amavisd.conf

Hit "i" to start editing. Ensure the lines below are set as follows. Add them if they don't exist: This bypasses all virus checks. Not needed in this particular situation since we will be installing clamav further down. If you are having problems with clamav and cannot get it to work, it could potentially stop your mail server from operating. In that case, remove the # from in front of the line and it will bypass all virus checks.
#@bypass_virus_checks_acl = qw( . ); 
Ensure you enter the domain your mailserver belongs to. This setting is VERY important and without this setting messages WILL NOT be tagged as spam in the subject line.
$mydomain = 'yourdomain.tld'; 
This line ensures that ALL domains this server delivers mail for will be processed through the spam filter. Without this line, only the domain appearing in the $mydomain = line above will be processed through the spam filter.
@local_domains_acl = qw( . );  
Ensure this line is commented out with the ‘#’ symbol just like it looks here.
#@local_domains_maps = ( [".$mydomain"] );  
Email tagged as spam is passed but, subject is modified.
$sa_spam_modifies_subj = 1; 
Add spam info headers. I suggest you set as high as possible. Setting to undef is highly recommended so that all mail headers are modified no matter what.
$sa_tag_level_deflt = undef;  
Add 'spam detected' headers at that level. This is the minimum score the system will need to add spam headers to a message. It’s pretty low. Start out low and increase the value as you see fit. If you start to get a lot of false positives, you should increase this value.
$sa_tag2_level_deflt = 3;
Triggers spam evasive actions
$sa_kill_level_deflt = 15; 
Spam level beyond which a DSN is not sent
$sa_dsn_cutoff_level = 9; 
The word appended to the subject line of spam emails before passed to the end user
$sa_spam_subject_tag = '***SPAM*** '; 
Ensures spam is passed to the end user tagged as such. We never want the spam filter to kill messages. We want the end user to decide whether it's spam or not.
$final_spam_destiny = D_PASS; 
Ensures emails with bad headers is passed to the end user tagged as such.
$final_bad_header_destiny = D_PASS;  
HIT "ESC" and then "SHIFT ZZ" to save your amavisd.conf file. Edit your /etc/postfix/master.cf file and add the following entry to it as follows or amavisd will simply not work:

vi /etc/postfix/master.cf

Add the following entry at the very bottom of your master.cf file right before the line ##### END OF CONTENT FILTER CUSTOMIZATIONS #####:
smtp-amavis unix - - y - 2 smtp
  -o smtp_data_done_timeout=1200
  -o disable_dns_lookups=yes 
Now issue the following command for changes to take effect:

/usr/bin/amavisd reload

Share this page:

5 Comment(s)

Add comment

Comments

From: Anonymous at: 2006-07-07 20:50:43

This is an excelent guide step by step to build a mail gateway with antivirus and antispam funcionalities. I've used it to build a mail gateway to help to us domino's server to process email. I've build it with Mandriva 2006 and there's not problem, all works fine. As I didn't have Exchange, I had to look for information to build the file of valid recipients manually.

Omar Rojas García

omarrojasg (at) gmail.com 

 

 

From: Anonymous at: 2010-01-13 18:34:59

Superb blog post. I thought your blog post is extremely fascinating. Thanks!

From: Anonymous at: 2006-06-29 15:59:46

Postfix can directly query Active directory and the setup is much simpler.  In addition, your postfix setup is now always up-to-date on active users.  In main.cf add:

relay_recipient_maps = ldap:/etc/postfix/ldap.cf

in ldap.cf:

server_host = ldap://dc1.example.com:389
search_base = cn=Users,dc=example,dc=com
timeout = 5
bind = yes
version = 3
bind_dn = ADuser@example.com
bind_pw = ADusersPW
query_filter = (proxyAddresses=smtp:%s)
result_attribute = extensionAttribute1
domain = hash:/etc/postfix/transport

in transport:

example.com smtp:exchange.example.com:25

Lastly in the Active Domain user management you need to put "OK" (no quotes) in the extensionAtribute1 for each user you wish to allow to receive external email.  This is required because Postfix looks for OK in the lookup response, anything else is a negative response.

Enjoy,

Woody (woody at linif dot org)

From: at: 2007-11-29 20:13:13

imap2mbox.exe --config="c:\imap2mbox\ham.cfg" --path="Pubic Folders/" --folder="HAM/" --server=YourExchangeServer --delete --username="YOURDOMAIN/username" --mbox="c:\imap2mbox\ham.mbox" --pass=yourpassword

 Watch out for the "Pubic" folders ;-)

 Also the username/password should be a user that has read/right to "all" in those folders or this will not work. Off of the top of my head, I think the role is "Publisher" for the folder. (I'm not near exchange at the moment).

 One other thing, someone previously posted a way of doing this ldap: style. Worked beutifuly for me, this should be added as an alternate. Maybe with an explanation of advantages and disadvantages. This walk through work great with debian, most of the stuff is very apt-get'able. Only a few configs were different, not much though.

 Thank you very much for your work.

 

dan 

From: Pawel at: 2010-02-16 12:07:49

Great tutorial! Thanks!