building a messaging server part six
Cleaning up Viruses and Spam
It's said that about 95% of email is junk. To have that amount of mail delivered to my inbox is ridiculous. Fortunately, Amavis provides a great way to filter most of it out.
Using Amavis is like setting up two email servers on one machine. The first server takes the incoming mail and passes it to Amavis. Amavis then checks it for viruses and spam and decides what to do with the message. If it's infected or spam, the message is dropped. If it's legit, it passes the message to the second mail server. The second mail server trusts anything that comes in and simply delivers it to the users mail box.
Please note that this process is very memory intensive. I mentioned earlier that this whole setup can run comfortably on 64 megabytes of ram. Well, it can, but your messages will probably be delayed in delivery until Amavis can allocate enough RAM to check the message. Personally, I use OS X, so I have no need to worry about viruses. Because of that, I've disabled the virus scanning portion of Amavis which has cut down on memory usage tremendously. I'll still describe how to enable it, though.
Installing Amavis and Utilities
For Amavis to detect viruses and spam, it needs two helper programs: clam-av and spamassassin. To install all three, simply do:
apt-get install amavisd-new spamassassin clamav-daemon
Configuring Postfix
The next step is to let Postfix know about Amavis. First, the /etc/postfix/master.cf file will need edited. This file can be thought of the inetd.conf file of Postfix. Two new entries will be added (right under bsmtp):
smtp-amavis unix - - n - 2 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
127.0.0.1:10025 inet n - n - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
The first one defines the smtp-amavis transport. More details about it will be given in the /etc/postfix/main.cf file.
The second entry defines the second instance of smtpd. This instance will be running on port 10025. All of the options underneath it are just nulling out any of the important options defined in /etc/postfix/main.cf to ensure nothing will block the message delivery.
Next, edit /etc/postfix/main.cf:
content_filter=smtp-amavis:[127.0.0.1]:10024
This tells Postfix to use a content filter defined in the smtp-amavis transport that's listening on port 10024 on localhost. The actual program listening here is the Amavis daemon.
You should be able to restart Postfix and not see any errors now.
Configuring Amavis
Older versions (including the version shipped with Debian Stable) use one huge configuration file. The version shipped with Debian Testing and up have it broken into smaller pieces -- which is really nice.
The first file to edit is /etc/amavisd/conf.d/05-domain.id. Comment out this line:
@local_domains_acl = ( ".$mydomain" );
And add this one:
read_hash(\%local_domains, '/etc/postfix/virtual/vdomains.txt');
This will tell Amavis that all the domains listed in /etc/postfix/virtual/vdomains.txt are local to this server.
Next, uncomment both entries for virus scanning and spam checking in /etc/amavis/conf.d/15-content_filter_mode. If you only want one or the other, leave the proper one commented out.
You can change spamassassin settings in the /etc/amavis/conf.d/20-debian_defaults file. I recommend playing with the scoring until you find a good fit.
Finally, make sure to add the clamav user to the amavis group in /etc/group.
Rules du Jour
Rules du Jour is a set of SpamAssassin rule files geared toward detecting common spam. I highly recommend setting this up. Instructions can be found here
After everything is configured you can start up the Amavis daemon. As mentioned before, Amavis is very memory intensive, so you might notice a performance hit on your server.
