Inbound and Outbound Spam/AntiVirus Mail Gateway

Spamfilter and Antivirus[3]

The description in [3] may be sufficient (for German speaking people of course). Nevertheless, I try to translate it to English and adapt some steps (because of some compatibility issues with new versions).

Installation

Install all packages which are at least necessary

If you want to increase the spam detection, you have to install these packages too.

AntiVirus

Activate ClamAV in AMaViS

In the file /etc/amavis/conf.d/15-content_filter_mode enable the following lines (delete the “#”)

Configure Postfix to redirect mails to AMaViS

We have to create a new sub-daemon for amavis checks, so we have to add the following lines to the /etc/postfix/master.cf file:

To redirect the mails to the amavis-daemon (listen to port 10024), add the following lines in the /etc/postfix/main.cf file:

Add a second postfix-instance

Per default, the amavis-daemon forwards the checked mails to a smtp server, running local on port 10025. Create this daemon in the /etc/postfix/master.cf file:

Restart Postfix and test the second daemon

Restart postfix per service postfix restart and test the second postfix daemon per telnet.

Spamfilter

Activate SpamAssassin in AMaViS

Like activating ClamAV, open the file /etc/amavis/conf.d/15-content_filter_mode and enable the following lines (by removing the “#”)

Restart and prove the configuration

Restart both, postfix and amavis

In the mail logfile, you should see at least the following lines:

Train the bayes-database of SpamAssassin

Because SpamAssassin starts with an empty bayes-database, the spam filtering isn’t that good. You have to train the bayes-database with spam and “ham” (good) mails.

If you don’t have a source of already known mails, there is a public spam-database for the initial training available under http://spamassassin.apache.org/publiccorpus/. I’m switching from one spamfilter-system to another, so I already have a big database of spam and ham-mails.

Create a new directory for the spam/ham mails and download either your or the public spam-database.

Unzip the archive

Now, train the bayes-database with the following command

If you already have a database with good emails, unzip them under /home/amavis/ham/ and train the bayes-database with the following command

If you have to update the rules, execute sa-update -D.

You can also update the rules per cronjob. Just enable CRON=1 in /etc/default/spamassassin

If you want to check the current status of the bayes-database, execute:

You should see something similar like this:

The “nspam” counts the number of imported spam-messages while “nham” counts the number of imported ham-messages. You should import about 1-2.000 spam and ham-messages to increase the efficiency of the filter.

Spamfilter with Razor and Pyzor

“Razor” and the python version “Pyzor” are community-based spam-database. We can use this database to increase the recognition-time of new spam-mail-types. But be careful to use this database with your own bayes-database, because different scores with pyzor/razor and with your local bayes-database will maybe lead to wrong results.

Nevertheless, I activated both and had no significant drawbacks so far.

Install both spamfilters with this command:

No you have to register yourself at a razor database with the following commands:

Normally, you have to initialize a server-list at pyzor too, but since the new updates, the command pyzor discover doesn’t exist anymore. But with my settings, pyzor nevertheless worked.

That’s it. Try the checks with the following command:

If pyzor and razor is working, you will find both checks, razor and pyzor, in the output-file:

4 thoughts on “Inbound and Outbound Spam/AntiVirus Mail Gateway”

  1. Hello,
    Thank you for your tutorial, it is clear and simple.
    I installed this on Debian 8.7 and I had to setup the instances in /etc/postfix/master.cf and not in main.cf .
    Hope that help
    mterrasson

    1. Hi,

      You’re right. I updated it for the second postfix-instance (amavis-instance).
      Thanks for your help

      kind regards,
      Philipp

  2. You made a mistake here :
    This is not in the main.cf file but in master.cf who need to write this:

    smtp-amavis unix – – n – 2 smtp
    -o smtp_data_done_timeout=1200
    -o smtp_send_xforward_command=yes
    -o disable_dns_lookups=yes

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.