Mail server_Spamfilter configuration - SomethingWithHorizons/mailserver GitHub Wiki

Have AMaViS check for malicious software in e-mails and have it mark e-mail with spam-scores.

Procedure

1. Install required packages:

   # required packages
   apt install amavisd-new spamassassin clamav-daemon
   
   # optional packages for better spam detection 
   apt install libnet-dns-perl libmail-spf-perl pyzor razor
   
   # optional packages to enable better scanning of attached archive files
   apt install arj bzip2 cabextract cpio file gzip nomarch pax unrar-free unzip zip
   

2. Add the clamav user to the amavis group and vice versa to provide both with the user permissions required to scan files on disk:

   adduser clamav amavis
   adduser amavis clamav
   

   :information_source: The default behavior of Clamav fits our needs. A daemon is launched (clamd) and signatures are fetched every day.

3. Create a "razor-agent.conf" file in AMaViS' homdir to store Razor configuration settings and register an identity of the locally running Razor instance to the Razor servers to have it retrieve distributed spam detection data:

   su - amavis -c 'razor-admin -create'
   su - amavis -c 'razor-admin -register'
   

4. Edit /etc/amavis/conf.d/15-content_filter_mode to have AMaViS activate antivirus detection and spam scoring:

     #
     # Default antivirus checking mode
     # Please note, that anti-virus checking is DISABLED by
     # default.
     # If You wish to enable it, please uncomment the following lines:
   
   - #@bypass_virus_checks_maps = (
   - #   \%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re);
   + @bypass_virus_checks_maps = (
   +    \%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re);
   
     #
     # Default SPAM checking mode
     # Please note, that anti-spam checking is DISABLED by
     # default.
     # If You wish to enable it, please uncomment the following lines:
   
   - #@bypass_spam_checks_maps = (
   - #   \%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re);
   + @bypass_spam_checks_maps = (
   +    \%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re);
   

5. Edit /etc/amavis/conf.d/50-user to accept mails marked as spam for future (Sieve) processing instead of "bouncing" them and to have AMaViS accept all domains for its processing:

   # See /usr/share/doc/amavisd-new/ for documentation and examples of
   # the directives you can use in this file
   #
   + $final_banned_destiny     = D_PASS;
   + $final_spam_destiny       = D_PASS;
   + @local_domains_acl = ( "." );
   

   ( "." ) is technically an empty domain; tricking AMaViS to implicitly accept every domain for its processing. Normally there would be an explicit comma separated list of domains defined there. However, that would be inconvenient as it would mean that when a domain is added to MariaDB it will additionally have to be added here too in order to receive spam scores (in short: This trick has AMaViS accept all, to prevent having to keep a double administration of domains).

   :information_source: note that the user file_ is edited and not the defaults file. This allows keeping for keeping the default configuration clean / unaffected by these settings that are super imposed onto the defaults. This is not necessarily required but is good practice acknowledging a multi-user environment.

6. Restart the services to effectuate the changes:

   service clamav-daemon restart
   service clamav-freshclam restart
   service amavis restart
   

   :warning: WARNING: clamav-freshclam is likely to start updating after the restart. During the update, ClamAV might respond in a seemingly erroneous manner!

7. Configure Postfix to send the e-mails to AMaViS for content filtering:

   postconf -e "content_filter = smtp-amavis:[127.0.0.1]:10024"
   

8. Edit /etc/postfix/master.cf to enable Postfix' callback-interface for AMaViS to return the processed e-mail on:

   1. Find the pickup transport service add the following two lines immediately below it to prevent generated spam-report messages from being marked as spam themselves:

      pickup    unix  n       -       y       60      1       pickup
      +  -o content_filter=
      +  -o receive_override_options=no_header_body_checks
      cleanup   unix  n       -       y       -       0       cleanup
      

   2. Append the following to the end of the file to declare the communication protocol (the first part) and to declare the return address to receive AMaViS' answers on (the second part):

      + smtp-amavis     unix    -       -       -       -       2       smtp
      +   -o smtp_data_done_timeout=1200
      +   -o smtp_send_xforward_command=yes
      +   -o disable_dns_lookups=yes
      +   -o max_use=20
      + 
      + 127.0.0.1:10025 inet    n       -       -       -       -       smtpd
      +   -o content_filter=
      +   -o local_recipient_maps=
      +   -o relay_recipient_maps=
      +   -o smtpd_restriction_classes=
      +   -o smtpd_delay_reject=no
      +   -o smtpd_client_restrictions=permit_mynetworks,reject
      +   -o smtpd_helo_restrictions=
      +   -o smtpd_sender_restrictions=
      +   -o smtpd_recipient_restrictions=permit_mynetworks,reject
      +   -o smtpd_data_restrictions=reject_unauth_pipelining
      +   -o smtpd_end_of_data_restrictions=
      +   -o mynetworks=127.0.0.0/8
      +   -o smtpd_error_sleep_time=0
      +   -o smtpd_soft_error_limit=1001
      +   -o smtpd_hard_error_limit=1000
      +   -o smtpd_client_connection_count_limit=0
      +   -o smtpd_client_connection_rate_limit=0
      +   -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks
      

9. Restart Postfix to effectuate changes:

service postfix restart

References

Adapted from the Ubuntu documentation (Community Help Wiki): PostfixAmavisNew