Postfix Spam Filter using Ubuntu Dapper, MailScanner, SpamAssassin, Razor, Pyzor, DCC and ClamAV


This is a similar version of the HOWTO that can be found here: If you're looking at this howto it is assumed that you have some level of experience with email servers, DNS, TCP/IP, Firewalls and Linux in general.

1 Setting up Ubuntu Server

Please see the documentation already online for details on setting up an Ubuntu server. HowToForge has a couple of HowTo's that are very detailed. However there are a couple of installation configurations outlined here that should be taken into account when setting up the server that might differ from other howto's.

NOTE: Ubuntu is installed as a setuid system by default. What that means is that the root account is disabled and you have to run everything with a 'sudo' in front of it to run it as root. The way around this is to run 'sudo su -' and you will no longer have to type 'sudo' in front of the command because you are in a bash session as root. For the rest of this document it is assumed that you have done this and are running a bash session as root so no sudo commands will be given. Moral of the story is, when you log into Ubuntu via SSH or console, remember to run 'sudo su -' before you start editing system files, moving/making directories or installing/uninstalling software and services.

1.1 Partitions

Partitioning the drive this way is not a requirement but it will keep your server from completely running out of space if something goes wrong in the /var directory. Also, partitioning the drive up this way will allow you to create some extra graphs with MailScannerMRTG that can look at /var, /var/log and /var/spool separately. MailScannerMRTG will not check drive space on directories, it can only calculate size by partitions.

Example of my partition table:
/boot		50MB		Boot Partition		EXT3 (PRIMARY)
Swap		2GB		Swap Partition (Size depends on your Memory, double your memory should be fine) (PRIMARY)
/		2GB		Root Partition		EXT3 (LOGICAL)
/var		1GB		Variable Data partition	EXT3 (LOGICAL)
/var/log	3GB		Variable Data partition	EXT3 (LOGICAL)
/var/spool	2GB		Variable Data partition Spool	EXT3 (LOGICAL)
/usr		4GB		User installed programs		EXT3 (LOGICAL)
/usr/local	2GB		User installed programs		EXT3 (LOGICAL)
/home		ANY		Home Directories (Good place to put any extra space, you can repartition if you run out of space and use this.)	EXT3 (LOGICAL)

1.2 Verify Network Settings

We need to make sure that the system is setup with a valid static IP, the correct DNS servers are in /etc/resolv.conf and your server is identified in the /etc/hosts file.

vi /etc/network/interfaces

The Network Interfaces file should look something like this:

auto lo eth0
iface lo inet loopback
# The primary network interface
iface eth0 inet static

Restart the network service to make these changes take effect:

/etc/init.d/networking restart

Edit the resolv.conf file to add DNS servers:

vi /etc/resolv.conf

Make sure your domain name is at the top of the resolv.conf, it should look look something like this:


vi /etc/hosts

The top of file should look something like this: localhost.localdomain localhost sfp

Since we are here, you might as well add any other hosts you would like our spamfilter to know about. Add any internal mail server(s) here. Simply append any other entries to the bottom of the list.

1.3 APT and Other Tweaks

Apt needs to be setup to search in the universe and multiverse repositories. Backup your current /etc/apt/sources.list:

cp /etc/apt/sources.list /etc/apt/sources.list.default

Replace it with the following sources.list file:

vi /etc/apt/sources.list

deb dapper main restricted
deb-src dapper main restricted
deb dapper-updates main restricted
deb-src dapper-updates main restricted
deb dapper universe multiverse
deb-src dapper universe multiverse
deb dapper-security main restricted
deb-src dapper-security main restricted
deb dapper-security universe multiverse
deb-src dapper-security universe multiverse

We need to update/refresh the apt cache and install some software. To update the cache run:

apt-get update

Note: This is a good time to change your kernel image to the correct one, most likely you will need the 'linux-image-i686'. If you don't know what that means, look it up. Run an apt-get upgrade and take a moment to troubleshoot any errors and or problems that you might be having. We want to eliminate anything that could cause problems in the future. Remember to reboot once everything is ready and run a quick dmesg | less, it can go a long way.

apt-get install ssh

Once ssh is installed you should connect to the server via ssh using PuTTY from your linux or windows desktop. This would make it easier to get the rest of this howto done because you will be able to copy/paste onto the terminal from the desktop. So go ahead, ssh this puppy.

I usually just set the BIOS clock to local time then run the following to sync the clock.

apt-get install ntpdate

hwclock --systohc

Now we install most of the stuff we'll need. I split the list into 4 APT install runs. 5-15 installs at one time seems prudent, up to you:

apt-get install libc6-dev dpkg-dev db4.3-util libdb4.3-dev vim lynx bzip2 unzip perl-doc libwww-perl ntp-simple

apt-get install zlib1g-dev zip libdbi-perl libconvert-binhex-perl gcc make autoconf automake libtool libmail-spf-query-perl rblcheck libnet-ident-perl

apt-get install flex bison libcompress-zlib-perl pax libberkeleydb-perl ncftp unzoo arj lzop nomarch arc zoo

apt-get install postfix postfix-pcre postfix-mysql postfix-ldap cabextract lha unrar razor pyzor spamassassin

Select NO CONFIGURATION when Debconf for Postfix comes up.

Install unarj:


dpkg -i unarj_3.10.21-2_all.deb

Now we also need to remove some programs, hopefully you don't need PCMCIA or printer support. This server will not need dial-up support either. You will not necessarily have all of these programs installed.

Uninstall the following software (All one line):

apt-get remove ipchains lpr nfs-common portmap pidentd pcmcia-cs pcmciautils pppoe pppoeconf ppp pppconfig uw-imapd qpopper mailagent

1.6 Cleaning up services

Some services might still linger even after uninstalling the daemons. First we need to backup inet.d:

cp -R /etc/init.d /etc/init.d.backup

Now we can stop all of the services that might be running which we don't need:

/etc/init.d/lpd stop
update-rc.d -f lpd remove

/etc/init.d/nfs-common stop
update-rc.d -f nfs-common remove

/etc/init.d/portmap stop
update-rc.d -f portmap remove

/etc/init.d/pcmcia stop
update-rc.d -f pcmcia remove

/etc/init.d/pcmciautils stop
update-rc.d -f pcmciautils remove

/etc/init.d/ppp stop
update-rc.d -f ppp remove

/etc/init.d/exim4 stop
update-rc.d -f exim4 remove

update-rc.d -f ntpdate remove

Disable all of the services we stopped:

update-inetd --disable time

update-inetd --disable daytime

update-inetd --disable echo

update-inetd --disable chargen

update-inetd --disable ident

update-inetd --disable discard

The last one may ask you a question regarding "multiple entries", answer yes (y).

Check that we got everything:

lsof -i | grep LISTEN

The only daemon you should see at this point is *:ssh. You may have to run this again:

update-inetd --disable discard

If there are other programs shown, try rebooting and test again.

Share this page:

18 Comment(s)

Add comment


From: Anonymous at: 2006-07-27 20:16:09

Just working my way through this great looking howto and have run into the following issues on page 1. 

1.) Your sources.list references breezy repeatedly despite this being a dapper howto.  I assumed I could just uncomment my dapper repos and install away.

 2.) When running the big apt-get install the following packages could not be found: unarj, unrar, and lha.  I just skipped them so hopefully it does not matter too much.

3.) There is no pcmcia under init.d in my install but there is a pcmciautils.  Should I be shutting down and removing that instead?

4.) There is no inetd in /etc/init.d on my system for me to restart.

Everything seems to be working ok so far though so I am forging ahead with the install.

From: Anonymous at: 2006-08-14 22:06:43

Ok thanks. Any help is appreciated, when I have a chance I will update.

From: Anonymous at: 2006-08-18 15:06:35

When trying to install the long list of software packages in section 1.5, if there's a problem with one package, none will install.  I found that it was easier to install 4 or 5 packages at a time.

From: fdalmoro at: 2006-08-25 20:36:41

Good point. I need to do some more testing because I know some of the packages don't install with the repositories. That's why I made sure to put 'BETA' in the title :) ...

From: fdalmoro at: 2006-08-25 20:44:00

For those that are trying the install... I will be updating the documentation next week. I finally got all of the kinks worked out of my system and it's working fine. I have seen many posts regarding MailScanner+Postfix comments that say it is not recommended. I have not had any problems but like some posts say, updating either MailScanner or Postfix could be risky affair so fair warning. I'm willing to take the gamble because Postfix + MailScanner are the best in their respective fields I think (especially once MailScanner-MRTG is working). The graphs make it all worth it.


In any case if anyone runs into any snags just let me know through here or the forums and I will try to help out the best I can. Speaking of forums I'll have to hit those today just in case. Have not looked at them yet.

From: jtkooch at: 2006-09-07 15:04:55

Excellent guide for the most part but there are some things that have me confused. You mention this will use mailscanner instead of Amavis, but page 4 references the amavis user accounts.

Also, there doesn't seem to be anypoint where either of those programs actually get installed.

Am I missing it?

From: fdalmoro at: 2006-09-18 16:27:59

Been busy, have not finished this howto. I should have posted it when it was finished sorry.

From: till at: 2006-09-13 08:11:19

The title mentions that this howto installs ClamAV, in which step is it installed or is this part missing yet?

From: fdalmoro at: 2006-09-26 18:22:15

Page 4 has it.

From: at: 2006-11-06 11:33:30

I've set this up on dapper and now on eft. I've found on both that unrar, and lha are no longer on the reps for download. As alternatives, I have used unp & unrar-free which seem to work fine.

From: Anonymous at: 2011-06-21 14:20:25

I just tried to install on Ubuntu 11.04 and the installation fails on the line:

apt-get install libc6-dev dpkg-dev db4.3-util libdb4.3-dev vim lynx bzip2 unzip perl-doc libwww-perl ntp-simple


The following packages have unmet dependencies:
 libc6-dev : Depends: libc6 (= 2.3.6-0ubuntu20.6) but 2.13-0ubuntu13 is to be installed
E: Broken packages

From: Anonymous at: 2011-09-04 04:39:52

same here. : (

 e: unable to locate package link.

From: Anonymous at: 2006-08-18 15:02:38

If you're trying to use the "" script to grab valid email addresses from exchange, as mentioned in section 2.2.11, you may have to do something extra.  It told me "permission denied" when I tried to execute the script.  The trick was to run "chmod +x" before trying to execute the script.  More experienced users might scoff, but being new to Linux, it was a real head-scratcher for me.  Hope it helps someone!

From: at: 2008-03-30 10:39:46

the error traced back to problem in /etc/postfix/

line for local loopback was like this

"smtp      unix  -       -       n       -       -       smtp"

when cahnged to

"smtp      unix  -       -       y       -       -       smtp"

problem resolved.


From: Anonymous at: 2006-08-30 06:24:13


postfix start


/etc/init.d/postfix start ?

From: fdalmoro at: 2006-09-26 18:26:06

just 'postfix start' works fine too without having to put in the /etc/init.d/postfix in it.

From: at: 2008-03-16 13:15:58

when regisrering with razor you can recieve a

Error 202 while performing register, aborting.

Turns-out you need to run the razor-admin with a -discover first if you come across this error. In general it’s some sort of network error.

razor-admin -discover
razor-admin -create
razor-admin -register

thanks to

for the solution

From: Damien at: 2009-11-24 11:22:45

Thanks for this very usefull HowTo.

I used it, technicaly, it works (the linux box relay the messages to the exchange server), but every message received by the exchange server is recognized as SPAM :(

Does anybody get this kind of troubles?