Virtual Users And Domains With Postfix, Courier, MySQL And SquirrelMail (Debian Squeeze) - Page 3
This tutorial exists for these OS versions
- Debian 7 (Wheezy)
- Debian 6 (Squeeze)
- Debian 5 (Lenny)
- Debian 4 (Etch)
- Debian 3.1 (Sarge)
On this page
9 Install amavisd-new, SpamAssassin, And ClamAV
To install amavisd-new, spamassassin and clamav, run the following command:
apt-get install amavisd-new spamassassin clamav clamav-daemon zoo unzip bzip2 libnet-ph-perl libnet-snpp-perl libnet-telnet-perl nomarch lzop pax
Afterwards we must configure amavisd-new. The configuration is split up in various files which reside in the /etc/amavis/conf.d directory. Take a look at each of them to become familiar with the configuration. Most settings are fine, however we must modify three files:
First we must enable ClamAV and SpamAssassin in /etc/amavis/conf.d/15-content_filter_mode by uncommenting the @bypass_virus_checks_maps and the @bypass_spam_checks_maps lines:
vi /etc/amavis/conf.d/15-content_filter_mode
The file should look like this:
use strict; # You can modify this file to re-enable SPAM checking through spamassassin # and to re-enable antivirus checking. # # Default antivirus checking mode # Please note, that anti-virus checking is DISABLED by # default. # If You wish to enable it, please uncomment the following lines: @bypass_virus_checks_maps = ( \%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re); # # Default SPAM checking mode # Please note, that anti-spam checking is DISABLED by # default. # If You wish to enable it, please uncomment the following lines: @bypass_spam_checks_maps = ( \%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re); 1; # ensure a defined return |
And then you should take a look at the spam settings and the actions for spam-/virus-mails in /etc/amavis/conf.d/20-debian_defaults. There's no need to change anything if the default settings are ok for you. The file contains many explanations so there's no need to explain the settings here:
vi /etc/amavis/conf.d/20-debian_defaults
[...] $QUARANTINEDIR = "$MYHOME/virusmails"; $quarantine_subdir_levels = 1; # enable quarantine dir hashing $log_recip_templ = undef; # disable by-recipient level-0 log entries $DO_SYSLOG = 1; # log via syslogd (preferred) $syslog_ident = 'amavis'; # syslog ident tag, prepended to all messages $syslog_facility = 'mail'; $syslog_priority = 'debug'; # switch to info to drop debug output, etc $enable_db = 1; # enable use of BerkeleyDB/libdb (SNMP and nanny) $enable_global_cache = 1; # enable use of libdb-based cache if $enable_db=1 $inet_socket_port = 10024; # default listening socket $sa_spam_subject_tag = '***SPAM*** '; $sa_tag_level_deflt = 2.0; # add spam info headers if at, or above that level $sa_tag2_level_deflt = 6.31; # add 'spam detected' headers at that level $sa_kill_level_deflt = 6.31; # triggers spam evasive actions $sa_dsn_cutoff_level = 10; # spam level beyond which a DSN is not sent [...] $final_virus_destiny = D_DISCARD; # (data not lost, see virus quarantine) $final_banned_destiny = D_BOUNCE; # D_REJECT when front-end MTA $final_spam_destiny = D_BOUNCE; $final_bad_header_destiny = D_PASS; # False-positive prone (for spam) [...] |
Finally, edit /etc/amavis/conf.d/50-user and add the line $pax='pax'; in the middle:
vi /etc/amavis/conf.d/50-user
use strict; # # Place your configuration directives here. They will override those in # earlier files. # # See /usr/share/doc/amavisd-new/ for documentation and examples of # the directives you can use in this file # $pax='pax'; #------------ Do not modify anything below this line ------------- 1; # ensure a defined return |
Afterwards, run these commands to add the clamav user to the amavis group and to restart amavisd-new and ClamAV:
adduser clamav amavis
/etc/init.d/amavis restart
/etc/init.d/clamav-daemon restart
/etc/init.d/clamav-freshclam restart
Now we have to configure Postfix to pipe incoming email through amavisd-new:
postconf -e 'content_filter = amavis:[127.0.0.1]:10024'
postconf -e 'receive_override_options = no_address_mappings'
Afterwards append the following lines to /etc/postfix/master.cf:
vi /etc/postfix/master.cf
[...] amavis unix - - - - 2 smtp -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes 127.0.0.1:10025 inet n - - - - smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_client_restrictions= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks=127.0.0.0/8 -o strict_rfc821_envelopes=yes -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks -o smtpd_bind_address=127.0.0.1 |
Then restart Postfix:
/etc/init.d/postfix restart
Now run
netstat -tap
and you should see Postfix (master) listening on port 25 (smtp) and 10025, and amavisd-new on port 10024:
root@server1:/etc/courier# netstat -tap
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 *:sunrpc *:* LISTEN 605/portmap
tcp 0 0 *:ssh *:* LISTEN 1110/sshd
tcp 0 0 *:55384 *:* LISTEN 617/rpc.statd
tcp 0 0 *:smtp *:* LISTEN 23615/master
tcp 0 0 localhost.localdo:10024 *:* LISTEN 22454/amavisd (mast
tcp 0 0 localhost.localdo:10025 *:* LISTEN 23615/master
tcp 0 0 localhost.localdo:mysql *:* LISTEN 3838/mysqld
tcp 0 52 server1.example.com:ssh 192.168.0.199:3809 ESTABLISHED 1136/0
tcp6 0 0 [::]:pop3 [::]:* LISTEN 19519/couriertcpd
tcp6 0 0 [::]:imap2 [::]:* LISTEN 19476/couriertcpd
tcp6 0 0 [::]:www [::]:* LISTEN 4429/apache2
tcp6 0 0 [::]:ssh [::]:* LISTEN 1110/sshd
tcp6 0 0 [::]:imaps [::]:* LISTEN 19503/couriertcpd
tcp6 0 0 [::]:pop3s [::]:* LISTEN 19536/couriertcpd
root@server1:/etc/courier#
10 Install Razor, Pyzor And DCC And Configure SpamAssassin
Razor, Pyzor and DCC are spamfilters that use a collaborative filtering network. To install Razor and Pyzor, run
apt-get install razor pyzor
DCC isn't available in the Debian Squeeze repositories, so we install it as follows:
cd /tmp
wget http://www.dcc-servers.net/dcc/source/dcc-dccproc.tar.Z
tar xzvf dcc-dccproc.tar.Z
cd dcc-dccproc-1.3.138
./configure --with-uid=amavis
make
make install
chown -R amavis:amavis /var/dcc
ln -s /var/dcc/libexec/dccifd /usr/local/bin/dccifd
Now we have to tell SpamAssassin to use these three programs. Edit /etc/spamassassin/local.cf and add the following lines to it:
vi /etc/spamassassin/local.cf
[...] #dcc use_dcc 1 dcc_path /usr/local/bin/dccproc #pyzor use_pyzor 1 pyzor_path /usr/bin/pyzor #razor use_razor2 1 razor_config /etc/razor/razor-agent.conf #bayes use_bayes 1 use_bayes_rules 1 bayes_auto_learn 1 |
Then we must enable the DCC plugin in SpamAssassin. Open /etc/spamassassin/v310.pre and uncomment the loadplugin Mail::SpamAssassin::Plugin::DCC line:
vi /etc/spamassassin/v310.pre
[...] # DCC - perform DCC message checks. # # DCC is disabled here because it is not open source. See the DCC # license for more details. # loadplugin Mail::SpamAssassin::Plugin::DCC [...] |
You can check your SpamAssassin configuration by executing:
spamassassin --lint
It shouldn't show any errors.
Restart amavisd-new afterwards:
/etc/init.d/amavis restart
Now we update our SpamAssassin rulesets as follows:
sa-update --no-gpg
(Next we are going to create a cron job. By default, the crontab -e command launches the nano editor on Debian Squeeze. If you are used to vi, you might want to change this:
update-alternatives --config editor
Select your favourite editor:
root@server1:/tmp/dcc-dccproc-1.3.138# update-alternatives --config editor
There are 3 choices for the alternative editor (providing /usr/bin/editor).
Selection Path Priority Status
------------------------------------------------------------
* 0 /bin/nano 40 auto mode
1 /bin/nano 40 manual mode
2 /usr/bin/vim.nox 40 manual mode
3 /usr/bin/vim.tiny 10 manual mode
Press enter to keep the current choice[*], or type selection number: <-- 2
update-alternatives: using /usr/bin/vim.nox to provide /usr/bin/editor (editor) in manual mode.
root@server1:/tmp/dcc-dccproc-1.3.138#
)
We create a cron job so that the rulesets will be updated regularly. Run
crontab -e
to open the cron job editor. Create the following cron job:
23 4 */2 * * /usr/bin/sa-update --no-gpg &> /dev/null |
This will update the rulesets every second day at 4.23h.
11 Quota Exceedance Notifications
If you want to get notifications about all the email accounts that are over quota, then create the file /usr/local/sbin/quota_notify:
cd /usr/local/sbin/
vi quota_notify
#!/usr/bin/perl -w # Author <[email protected]> # # This script assumes that virtual_mailbox_base in defined # in postfix's main.cf file. This directory is assumed to contain # directories which themselves contain your virtual user's maildirs. # For example: # # -----------/ # | # | # home/vmail/domains/ # | | # | | # example.com/ foo.com/ # | # | # ----------------- # | | | # | | | # user1/ user2/ user3/ # | # | # maildirsize # use strict; my $POSTFIX_CF = "/etc/postfix/main.cf"; my $MAILPROG = "/usr/sbin/sendmail -t"; my $WARNPERCENT = 80; my @POSTMASTERS = ('[email protected]'); my $CONAME = 'My Company'; my $COADDR = '[email protected]'; my $SUADDR = '[email protected]'; my $MAIL_REPORT = 1; my $MAIL_WARNING = 1; #get virtual mailbox base from postfix config open(PCF, "< $POSTFIX_CF") or die $!; my $mboxBase; while (<PCF>) { next unless /virtual_mailbox_base\s*=\s*(.*)\s*/; $mboxBase = $1; } close(PCF); #assume one level of subdirectories for domain names my @domains; opendir(DIR, $mboxBase) or die $!; while (defined(my $name = readdir(DIR))) { next if $name =~ /^\.\.?$/; #skip '.' and '..' next unless (-d "$mboxBase/$name"); push(@domains, $name); } closedir(DIR); #iterate through domains for username/maildirsize files my @users; chdir($mboxBase); foreach my $domain (@domains) { opendir(DIR, $domain) or die $!; while (defined(my $name = readdir(DIR))) { next if $name =~ /^\.\.?$/; #skip '.' and '..' next unless (-d "$domain/$name"); push(@users, {"$name\@$domain" => "$mboxBase/$domain/$name"}); } } closedir(DIR); #get user quotas and percent used my (%lusers, $report); foreach my $href (@users) { foreach my $user (keys %$href) { my $quotafile = "$href->{$user}/maildirsize"; next unless (-f $quotafile); open(QF, "< $quotafile") or die $!; my ($firstln, $quota, $used); while (<QF>) { my $line = $_; if (! $firstln) { $firstln = 1; die "Error: corrupt quotafile $quotafile" unless ($line =~ /^(\d+)S/); $quota = $1; last if (! $quota); next; } die "Error: corrupt quotafile $quotafile" unless ($line =~ /\s*(-?\d+)/); $used += $1; } close(QF); next if (! $used); my $percent = int($used / $quota * 100); $lusers{$user} = $percent unless not $percent; } } #send a report to the postmasters if ($MAIL_REPORT) { open(MAIL, "| $MAILPROG"); select(MAIL); map {print "To: $_\n"} @POSTMASTERS; print "From: $COADDR\n"; print "Subject: Daily Quota Report.\n"; print "DAILY QUOTA REPORT:\n\n"; print "----------------------------------------------\n"; print "| % USAGE | ACCOUNT NAME |\n"; print "----------------------------------------------\n"; foreach my $luser ( sort { $lusers{$b} <=> $lusers{$a} } keys %lusers ) { printf("| %3d | %32s |\n", $lusers{$luser}, $luser); print "---------------------------------------------\n"; } print "\n--\n"; print "$CONAME\n"; close(MAIL); } #email a warning to people over quota if ($MAIL_WARNING) { foreach my $luser (keys (%lusers)) { next unless $lusers{$luser} >= $WARNPERCENT; # skip those under quota open(MAIL, "| $MAILPROG"); select(MAIL); print "To: $luser\n"; map {print "BCC: $_\n"} @POSTMASTERS; print "From: $SUADDR\n"; print "Subject: WARNING: Your mailbox is $lusers{$luser}% full.\n"; print "Reply-to: $SUADDR\n"; print "Your mailbox: $luser is $lusers{$luser}% full.\n\n"; print "Once your e-mail box has exceeded your monthly storage quota\n"; print "your monthly billing will be automatically adjusted.\n"; print "Please consider deleting e-mail and emptying your trash folder to clear some space.\n\n"; print "Contact <$SUADDR> for further assistance.\n\n"; print "Thank You.\n\n"; print "--\n"; print "$CONAME\n"; close(MAIL); } } |
Make sure that you adjust the variables at the top (especially the [email protected] email address).
We must make the file executable:
chmod 755 quota_notify
Run
crontab -e
to create a cron job for that script:
0 0 * * * /usr/local/sbin/quota_notify &> /dev/null |