Postfix Spam Filter using Ubuntu Dapper, MailScanner, SpamAssassin, Razor, Pyzor, DCC and ClamAV
This is a similar version of the HOWTO that can be found here: http://www200.pair.com/mecham/spam/spamfilter20050628.html. If you're looking at this howto it is assumed that you have some level of experience with email servers, DNS, TCP/IP, Firewalls and Linux in general.
1 Setting up Ubuntu Server
Please see the documentation already online for details on setting up an Ubuntu server. HowToForge has a couple of HowTo's that are very detailed. However there are a couple of installation configurations outlined here that should be taken into account when setting up the server that might differ from other howto's.
NOTE: Ubuntu is installed as a setuid system by default. What that means is that the root account is disabled and you have to run everything with a 'sudo' in front of it to run it as root. The way around this is to run 'sudo su -' and you will no longer have to type 'sudo' in front of the command because you are in a bash session as root. For the rest of this document it is assumed that you have done this and are running a bash session as root so no sudo commands will be given. Moral of the story is, when you log into Ubuntu via SSH or console, remember to run 'sudo su -' before you start editing system files, moving/making directories or installing/uninstalling software and services.
Partitioning the drive this way is not a requirement but it will keep your server from completely running out of space if something goes wrong in the /var directory. Also, partitioning the drive up this way will allow you to create some extra graphs with MailScannerMRTG that can look at /var, /var/log and /var/spool separately. MailScannerMRTG will not check drive space on directories, it can only calculate size by partitions.
Example of my partition table: /boot 50MB Boot Partition EXT3 (PRIMARY) Swap 2GB Swap Partition (Size depends on your Memory, double your memory should be fine) (PRIMARY) / 2GB Root Partition EXT3 (LOGICAL) /var 1GB Variable Data partition EXT3 (LOGICAL) /var/log 3GB Variable Data partition EXT3 (LOGICAL) /var/spool 2GB Variable Data partition Spool EXT3 (LOGICAL) /usr 4GB User installed programs EXT3 (LOGICAL) /usr/local 2GB User installed programs EXT3 (LOGICAL) /home ANY Home Directories (Good place to put any extra space, you can repartition if you run out of space and use this.) EXT3 (LOGICAL)
1.2 Verify Network Settings
We need to make sure that the system is setup with a valid static IP, the correct DNS servers are in /etc/resolv.conf and your server is identified in the /etc/hosts file.
The Network Interfaces file should look something like this:
auto lo eth0 iface lo inet loopback # The primary network interface iface eth0 inet static address 192.168.1.100 netmask 255.255.255.0 network 192.168.1.0 broadcast 192.168.1.255 gateway 192.168.1.1
Restart the network service to make these changes take effect:
Edit the resolv.conf file to add DNS servers:
Make sure your domain name is at the top of the resolv.conf, it should look look something like this:
search example.com nameserver 192.168.0.1 nameserver 192.168.0.2
The top of file should look something like this:
127.0.0.1 localhost.localdomain localhost 192.168.0.100 sfp.example.com sfp
Since we are here, you might as well add any other hosts you would like our spamfilter to know about. Add any internal mail server(s) here. Simply append any other entries to the bottom of the list.
1.3 APT and Other Tweaks
Apt needs to be setup to search in the universe and multiverse repositories. Backup your current /etc/apt/sources.list:
cp /etc/apt/sources.list /etc/apt/sources.list.default
Replace it with the following sources.list file:
deb http://us.archive.ubuntu.com/ubuntu dapper main restricted deb-src http://us.archive.ubuntu.com/ubuntu dapper main restricted deb http://us.archive.ubuntu.com/ubuntu dapper-updates main restricted deb-src http://us.archive.ubuntu.com/ubuntu dapper-updates main restricted deb http://us.archive.ubuntu.com/ubuntu dapper universe multiverse deb-src http://us.archive.ubuntu.com/ubuntu dapper universe multiverse deb http://security.ubuntu.com/ubuntu dapper-security main restricted deb-src http://security.ubuntu.com/ubuntu dapper-security main restricted deb http://security.ubuntu.com/ubuntu dapper-security universe multiverse deb-src http://security.ubuntu.com/ubuntu dapper-security universe multiverse
We need to update/refresh the apt cache and install some software. To update the cache run:
Note: This is a good time to change your kernel image to the correct one, most likely you will need the 'linux-image-i686'. If you don't know what that means, look it up. Run an apt-get upgrade and take a moment to troubleshoot any errors and or problems that you might be having. We want to eliminate anything that could cause problems in the future. Remember to reboot once everything is ready and run a quick dmesg | less, it can go a long way.
apt-get install ssh
Once ssh is installed you should connect to the server via ssh using PuTTY from your linux or windows desktop. This would make it easier to get the rest of this howto done because you will be able to copy/paste onto the terminal from the desktop. So go ahead, ssh this puppy.
I usually just set the BIOS clock to local time then run the following to sync the clock.
apt-get install ntpdate
Now we install most of the stuff we'll need. I split the list into 4 APT install runs. 5-15 installs at one time seems prudent, up to you:
apt-get install libc6-dev dpkg-dev db4.3-util libdb4.3-dev vim lynx bzip2 unzip perl-doc libwww-perl ntp-simple
apt-get install zlib1g-dev zip libdbi-perl libconvert-binhex-perl gcc make autoconf automake libtool libmail-spf-query-perl rblcheck libnet-ident-perl
apt-get install flex bison libcompress-zlib-perl pax libberkeleydb-perl ncftp unzoo arj lzop nomarch arc zoo
apt-get install postfix postfix-pcre postfix-mysql postfix-ldap cabextract lha unrar razor pyzor spamassassin
Select NO CONFIGURATION when Debconf for Postfix comes up.
dpkg -i unarj_3.10.21-2_all.deb
Now we also need to remove some programs, hopefully you don't need PCMCIA or printer support. This server will not need dial-up support either. You will not necessarily have all of these programs installed.
Uninstall the following software (All one line):
apt-get remove ipchains lpr nfs-common portmap pidentd pcmcia-cs pcmciautils pppoe pppoeconf ppp pppconfig uw-imapd qpopper mailagent
1.6 Cleaning up services
Some services might still linger even after uninstalling the daemons. First we need to backup inet.d:
cp -R /etc/init.d /etc/init.d.backup
Now we can stop all of the services that might be running which we don't need:
update-rc.d -f lpd remove
update-rc.d -f nfs-common remove
update-rc.d -f portmap remove
update-rc.d -f pcmcia remove
update-rc.d -f pcmciautils remove
update-rc.d -f ppp remove
update-rc.d -f exim4 remove
update-rc.d -f ntpdate remove
Disable all of the services we stopped:
update-inetd --disable time
update-inetd --disable daytime
update-inetd --disable echo
update-inetd --disable chargen
update-inetd --disable ident
update-inetd --disable discard
The last one may ask you a question regarding "multiple entries", answer yes (y).
Check that we got everything:
lsof -i | grep LISTEN
The only daemon you should see at this point is *:ssh. You may have to run this again:
update-inetd --disable discard
If there are other programs shown, try rebooting and test again.