Spamfilter and Antivirus
The description in  may be sufficient (for German speaking people of course). Nevertheless, I try to translate it to English and adapt some steps (because of some compatibility issues with new versions).
Install all packages which are at least necessary
apt-get install clamav clamav-daemon amavisd-new spamassassin
If you want to increase the spam detection, you have to install these packages too.
apt-get install arj bzip2 cabextract cpio file gzip nomarch pax unzip zoo zip zoo
Activate ClamAV in AMaViS
In the file /etc/amavis/conf.d/15-content_filter_mode enable the following lines (delete the “#”)
@bypass_virus_checks_maps = ( \%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re);
Configure Postfix to redirect mails to AMaViS
We have to create a new sub-daemon for amavis checks, so we have to add the following lines to the /etc/postfix/master.cf file:
smtp-amavis unix - - n - 2 smtp -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes
To redirect the mails to the amavis-daemon (listen to port 10024), add the following lines in the /etc/postfix/main.cf file:
#ContentFilter: content_filter = smtp-amavis:[127.0.0.1]:10024 receive_override_options = no_address_mappings
Add a second postfix-instance
Per default, the amavis-daemon forwards the checked mails to a smtp server, running local on port 10025. Create this daemon in the /etc/postfix/master.cf file:
127.0.0.1:10025 inet n - n - - smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks=127.0.0.0/8 -o strict_rfc821_envelopes=yes -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 -o receive_override_options=no_header_body_checks
Restart Postfix and test the second daemon
Restart postfix per service postfix restart and test the second postfix daemon per telnet.
telnet localhost 10025 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. 220 smtp.example1.net ESMTP Postfix (Debian/GNU)
Activate SpamAssassin in AMaViS
Like activating ClamAV, open the file /etc/amavis/conf.d/15-content_filter_mode and enable the following lines (by removing the “#”)
@bypass_spam_checks_maps = ( \%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re);
Restart and prove the configuration
Restart both, postfix and amavis
service postfix restart service amavis restart
In the mail logfile, you should see at least the following lines:
amavis: ANTI-VIRUS code loaded amavis: ANTI-SPAM code loaded amavis: ANTI-SPAM-SA code loaded
Train the bayes-database of SpamAssassin
Because SpamAssassin starts with an empty bayes-database, the spam filtering isn’t that good. You have to train the bayes-database with spam and “ham” (good) mails.
If you don’t have a source of already known mails, there is a public spam-database for the initial training available under http://spamassassin.apache.org/publiccorpus/. I’m switching from one spamfilter-system to another, so I already have a big database of spam and ham-mails.
Create a new directory for the spam/ham mails and download either your or the public spam-database.
mkdir -p /home/amavis; cd /home/amavis wget http://spamassassin.apache.org/publiccorpus/20050311_spam_2.tar.bz2
Unzip the archive
tar xzvf 20050311_spam_2.tar.bz2
Now, train the bayes-database with the following command
su amavis -c 'sa-learn --spam /home/amavis/spam/'
If you already have a database with good emails, unzip them under /home/amavis/ham/ and train the bayes-database with the following command
su amavis -c 'sa-learn --spam /home/amavis/ham/'
If you have to update the rules, execute sa-update -D.
You can also update the rules per cronjob. Just enable CRON=1 in /etc/default/spamassassin
If you want to check the current status of the bayes-database, execute:
su amavis -c 'sa-learn --dump magic'
You should see something similar like this:
0.000 0 3 0 non-token data: bayes db version 0.000 0 6034 0 non-token data: nspam 0.000 0 10899 0 non-token data: nham 0.000 0 369618 0 non-token data: ntokens 0.000 0 993467899 0 non-token data: oldest atime 0.000 0 1483084655 0 non-token data: newest atime 0.000 0 0 0 non-token data: last journal sync atime 0.000 0 1483061044 0 non-token data: last expiry atime 0.000 0 86400 0 non-token data: last expire atime delta 0.000 0 180353 0 non-token data: last expire reduction count
The “nspam” counts the number of imported spam-messages while “nham” counts the number of imported ham-messages. You should import about 1-2.000 spam and ham-messages to increase the efficiency of the filter.
Spamfilter with Razor and Pyzor
“Razor” and the python version “Pyzor” are community-based spam-database. We can use this database to increase the recognition-time of new spam-mail-types. But be careful to use this database with your own bayes-database, because different scores with pyzor/razor and with your local bayes-database will maybe lead to wrong results.
Nevertheless, I activated both and had no significant drawbacks so far.
Install both spamfilters with this command:
apt-get install pyzor razor
No you have to register yourself at a razor database with the following commands:
su - amavis -s /bin/bash razor-admin -create razor-admin -register
Normally, you have to initialize a server-list at pyzor too, but since the new updates, the command pyzor discover doesn’t exist anymore. But with my settings, pyzor nevertheless worked.
That’s it. Try the checks with the following command:
spamassassin -D -t < /usr/share/doc/spamassassin/examples/sample-spam.txt 2>&1 | tee sa.out
If pyzor and razor is working, you will find both checks, razor and pyzor, in the output-file:
... check_spf: 23 (1.1%), check_razor2: 218 (10.5%), check_pyzor: 92 (4.4%), ...