Inbound and Outbound Spam/AntiVirus Mail Gateway

Because I had to change my antivirus and spamfilter strategy, I configured a postfix as a gateway from and to my mailserver (= Exchange 2013).

So what was the goal:

  • E-Mail gateway inbound (= SMTP Proxy)
  • E-Mail gateway outbound (= SMTP Proxy or SmartHost )
  • Spam-filtering
  • AntiVirus

That’s my setting now:

  • Debian stretch (kernel 4.8.0-1-amd64)
  • postfix (3.1.3-6)
  • amavisd-new (2.10.1-4)
  • ClamAV (0.99.2)
  • SpamAssassin (3.4.1-6)



At first, we install the postfix per apt install postfix postfix-cdb. (CDB of “postfix-cdb” is a map-format for postfix, which I’m using for).

Common Configuration

With dpkg-reconfigure postfix, we’re able to do configure postfix as gateway and to disable the mailbox functions.

Disable local delivery

Because it’s just a mail gateway, we disabled any local transport functions[1] in the /etc/postfix/ file.

In the /etc/postfix/ file, we have to disable the local delivery with adding “#” as prefix:

Configure outbound mail relay[1]

We already added the networks which are allowed to send mails through this gateway in the /etc/postfix/ file.

Configure Inbound mail relay[2]

Just a couple of mail-addresses should get relayed to the internal mailserver. Postfix has to deny the rest of it.

To ensure this, enable the configuration for the allowed domains and recipients in the /etc/postfix/ file.

Now we have to create the necessary relay maps in /etc/postfix/relay_recipient_maps

Map the file in postifx-format (cdb) per postmap /etc/postfix/relay_recipient_maps

For the transport lookup, we have to create /etc/postfix/transport_maps. I don’t need any sophisticated logic. If you need transport-mappings for different mailservers, you are able to fine-tune every recipient mailbox and/or domain to specific smtp-servers (see [2] for complex examples).

For this configuration, the following mappings are enough

Map the file in postfix-format per postmap /etc/postfix/transport_maps

Now we have a working postfix-configuration for inbound and outbound relaying – Congratulations ;-). Just restart postfix per service postfix restart and test it with the telnet-command:

Just to be sure, the /etc/postfix/ should look similar to:

On the next page, we’re going to install and configure the spamfilter and the antivirus.

4 thoughts on “Inbound and Outbound Spam/AntiVirus Mail Gateway”

  1. Hello,
    Thank you for your tutorial, it is clear and simple.
    I installed this on Debian 8.7 and I had to setup the instances in /etc/postfix/ and not in .
    Hope that help

    1. Hi,

      You’re right. I updated it for the second postfix-instance (amavis-instance).
      Thanks for your help

      kind regards,

  2. You made a mistake here :
    This is not in the file but in who need to write this:

    smtp-amavis unix – – n – 2 smtp
    -o smtp_data_done_timeout=1200
    -o smtp_send_xforward_command=yes
    -o disable_dns_lookups=yes

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.