Intro
This system is based on Debian testing as at 26-Oct-2004 and utilises postfix,amavis-new, clamav and spamassassin to create a smtp server that accepts mail for a specific fomain from the internet filters and virus checks the mail and passes it on to *some other* server inside a network.
The server has a static ip address of 192.168.0.2 and can see the internet via a netgear router that is configured to forward any smtp traffic into 192.168.0.2. The internal mail server is 192.168.0.20 for user pop3 accessPostfix
apt-get install postfix
was all that was required to install postifx on the box then some minor configuration changes were necessary to get postfix doing exactly what i wanted. /etc/postfix/main.cf
# See /usr/share/postfix/main.cf.dist for a commented, more complete version smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) biff = no # appending .domain is the MUA's job. append_dot_mydomain = no # Uncomment the next line to generate "delayed mail" warnings #delay_warning_time = 4h myhostname = mail.mydomain.com alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases myorigin = /etc/mailname relay_domains = mydomain.com, localhost.localdomain, localhost relayhost = 192.168.0.20 mynetworks = 127.0.0.0/8 mailbox_command = mailbox_size_limit = 0 recipient_delimiter = + content_filter = smtp-amavis:[127.0.0.1]:10024 For the relay setup it i important to get the relay_domains correct or the server will refuse to accept incomming email. It is also important that mydestination is not set or the server will collect mail itself and not forward it on. The content_filter entry is part of the amavis-new setup next. This should at this stage (with out the content_filter line) funtion as a relay server and can be tested in this state.
/etc/postfix/master.cf should have these lines added :-
amavisd-new
To install :-
apt-get install amavisd-newThe configuration of amavisd is more complex and requires adjustments to postfix as well. Firstly it is necessary to add in the content_filter line to /etc/postfix/main.cf. Then the /etc/postfix/master.cf should be configured to call amavisd.
/etc/postfix/master.cf should have these lines added :-
smtp-amavis unix - - - - 2 smtp
-o smtp_data_done_timeout=1200
-o disable_dns_looks=yes
127.0.0.1:10025 inet n - - - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restrictions_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetwork=127.0.0.0/8
-o strict_rfc821_envelopes=yes
ClamAV
ClamAV is my prefered (open source) antivirus option and i installed the clamd version (daemon)
apt-get install clamav-daemonIn the questions i selected to use the daemon mode of freshclam as well to keep the virus definitions upto date. The amavisd config file seemed to have clamav options already enabled so it was (almost) ready to use out of the box for me:-) this is what i found in /etc/amavis/amavisd.conf:- (i did have to adjust the path for clamd.ctl, it is shown below)
### http://www.clamav.net/
['Clam Antivirus-clamd',
\&ask_daemon, ["CONTSCAN \n", "/var/run/amavis/clamd.ctl"],
qr/\bOK$/, qr/\bFOUND$/,
qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
# NOTE: run clamd under the same user as amavisd; match the socket
# name (LocalSocket) in clamav.conf to the socket name in this entry
# When running chrooted one may prefer: ["CONTSCAN \n","$MYHOME/clamd"],
There was one issue with access to ClamAV from amavis, to solve this I made clamav run as user amavis and had the contrl file inside alavis' home directory by changing the following two options in /etc/clamav/clamav.conf
LocalSocket /var/run/amavis/clamd.ctl
User amavis
Spamassassin
Spamassassin support is also native to amavisd-new but you still need the spamassassin packages
apt-get spamassassinshould do it. can't remember exatly what i did left notes at work!, tomorrow maybe :-)
Previous page: X509-Cert-Generation
Next page: IPSEC-VPN-Server-HowTo