Installing Mail Filtering for Ubuntu 12.04
Traducciones al EspañolEstamos traduciendo nuestros guías y tutoriales al Español. Es posible que usted esté viendo una traducción generada automáticamente. Estamos trabajando con traductores profesionales para verificar las traducciones de nuestro sitio web. Este proyecto es un trabajo en curso.
DeprecatedThis guide has been deprecated and is no longer being maintained.
If you’re running a mail server, it’s a good idea to have spam and virus filtering. Spam can flood your users’ inboxes, and those running insecure local PCs are susceptible to virus infection. Protecting your email server protects your clients and you. This guide goes through the installation and configuration of virus and spam filtering, using Amavis-new, ClamAV, and SpamAssassin.
Prerequisites
This guide assumes you have already followed our Email with Postfix, Dovecot, and MySQL guides and are running Ubuntu 12.04 LTS. This guide is written for the root user, and all commands listed require root privileges.
Installation
Run the following commands to install all the necessary packages:
apt-get update
apt-get upgrade
apt-get install amavisd-new spamassassin clamav-daemon libnet-dns-perl libmail-spf-perl pyzor razor
Optional: Installing the following packages will allow your filters to better scan through various archive files. Unless you’re deploying on a small disk where storage is a concern, this step is recommended:
apt-get install arj bzip2 cabextract cpio file gzip lha nomarch pax rar unrar unzip zip zoo
Configuration
In this section, we’ll configure the newly installed software to work with our existing mail server.
ClamAV
Here, we’ll make sure ClamAV stays updated with the latest virus definitions.
We will configure ClamAV to update its database regularly, but it’s a good idea to perform a manual update after installation:
freshclam
The following commands add the ClamAV and Amavis users to each others’ groups, which prevents ownership issues from inhibiting scans:
adduser clamav amavis adduser amavis clamav
To make sure that virus definitions are updated regularly, we will add a cron job. Make sure you run this as root or with the
sudo
prefix. You may be asked to choose an editor. If you’re unsure, choosenano
:crontab -e
- File: crontab
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23
# Edit this file to introduce tasks to be run by cron. # # Each task to run has to be defined through a single line # indicating with different fields when the task will be run # and what command to run for the task # # To define the time you can provide concrete values for # minute (m), hour (h), day of month (dom), month (mon), # and day of week (dow) or use '*' in these fields (for 'any').# # Notice that tasks will be started based on the cron's system # daemon's notion of time and timezones. # # Output of the crontab jobs (including errors) is sent through # email to the user the crontab file belongs to (unless redirected). # # For example, you can run a backup of all your user accounts # at 5 a.m every week with: # 0 5 * * 1 tar -zcf /var/backups/home.tgz /home/ # # For more information see the manual pages of crontab(5) and cron(8) # # m h dom mon dow command 0 1 * * * /usr/bin/freshclam --quiet
SpamAssassin
Here, we’ll set various options and settings for SpamAssassin.
Before you can start SpamAssassin for the first time, you need to edit the
/etc/default/spamassassin
file by changing the value of theENABLED
variable to 1. Here, you can also edit theCRON
variable to make sure that SpamAssassin updates its rules regularly:- File: /etc/default/spamassassin
1 2 3 4 5 6 7 8 9 10 11
... # Change to one to enable spamd ENABLED=1 ... # Cronjob # Set to anything but 0 to enable the cron job to automatically update # spamassassin's rules on a nightly basis CRON=1
Make a copy of the default configuration file:
cp /etc/spamassassin/local.cf /etc/spamassassin/local.cf.orig
SpamAssassin scores incoming messages and assigns a score based on its spam characteristics. A score of 0 is considered safe, while a score of 10 or higher is usually spam. You need to adjust its configuration file to determine what score threshold will be allowed through the filter. We’re going to use 8, but this can be adjusted later. Locate and uncomment the line
# required_score 5.0
by removing the # symbol, and adjust the value to 8:- File: /etc/spamassassin/local.cf
1 2 3
# Set the threshold at which a message is considered spam (default: 5.0) # required_score 8
Once finished, save and exit the file. If you’re using Nano the command is Control + x.
Start the SpamAssassin daemon:
service spamassassin start
Amavis
On Debian-based systems like Ubuntu, Amavis splits its configuration among several files. Enable spam and antivirus filtering by opening the
/etc/amavis/conf.d/15-content_filter_mode
file and removing the comment symbols (#) from the two bypass blocks, as shown below:- File: /etc/amavis/conf.d/15-content\\_filter\\_mode
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27
use strict; # You can modify this file to re-enable SPAM checking through spamassassin # and to re-enable antivirus checking. # # Default antivirus checking mode # Please note, that anti-virus checking is DISABLED by # default. # If You wish to enable it, please uncomment the following lines: @bypass_virus_checks_maps = ( \%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re); # # Default SPAM checking mode # Please note, that anti-spam checking is DISABLED by # default. # If You wish to enable it, please uncomment the following lines: @bypass_spam_checks_maps = ( \%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re); 1; # ensure a defined return
Note Be sure to remove all four # symbols, as shown above.Once finished, save and exit the file.
Restart Amavis:
service amavis restart
Open the Postfix main configuration file. If you followed our Email with Postfix Dovecot and MySQL guide, you should already have a backup. Add the following line to the bottom of the file:
- File: /etc/postfix/main.cf
1 2
# Additional option for filtering content_filter = smtp-amavis:[127.0.0.1]:10024
The next configuration file to edit is
/etc/postfix/master.cf
. On a new line below thepickup
directive, add the following options:- File: /etc/postfix/master.cf
1 2 3
pickup fifo n - - 60 1 pickup -o content_filter= -o receive_override_options=no_header_body_checks
Add the following lines to the bottom of the file, and be sure to include the indents on lines beginning with
-o
:- File: /etc/postfix/master.cf
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27
# Options for the filter smtp-amavis unix - - - - 2 smtp -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes -o max_use=20 # Listener for filtered mail 127.0.0.1:10025 inet n - - - - smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_delay_reject=no -o smtpd_client_restrictions=permit_mynetworks,reject -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_data_restrictions=reject_unauth_pipelining -o smtpd_end_of_data_restrictions= -o mynetworks=127.0.0.0/8 -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 -o smtpd_client_connection_count_limit=0 -o smtpd_client_connection_rate_limit=0 -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks
Load the new configuration into Postfix:
service postfix reload
Testing ClamAV
You’ll want to test that your email server is removing malicious emails from your users’ inboxes. The European Expert Group For IT-Security has files available for download that will be seen by ClamAV as a virus. You can download these test virus files here.
Important Note
section of the EICAR download page before you continue.You can send these files as attachments to an email address on your mail server. If ClamAV is working, the recipient shouldn’t see the email and your /var/log/mail.log
file should have lines similar to this:
mail amavis[18034]: (18034-02) Blocked INFECTED (Eicar-Test-Signature)
You can quickly search for these lines with the command:
cat /var/log/mail.log | grep INFECTED
Testing SpamAssassin
The string below is used for testing spam filters. By sending it in an email (without whitespace or extra lines), you can test that the SpamAssassin filter is active:
XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X
You can search for the relevant logfiles with cat /var/log/mail.log | grep SPAM
Enabling Notifications
Depending on the amount of users and activity on your mail server, you may wish to receive notifications when ClamAV identifies and removes an incoming virus, or SpamAssassin filters an email as spam. If you want to receive emails, open the file /etc/amavis/conf.d/21-ubuntu_defaults
. Add the desired email address to the $virus_admin and $spam_admin parameters, as shown below.
- File: /etc/amavis/conf.d/21-ubuntu\\_defaults
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19
use strict; # # These are Ubuntu specific defaults for amavisd-new configuration # # DOMAIN KEYS IDENTIFIED MAIL (DKIM) $enable_dkim_verification = 1; # Don't be verbose about sending mail: @whitelist_sender_acl = qw( .$mydomain ); $final_virus_destiny = D_DISCARD; # (defaults to D_BOUNCE) $final_banned_destiny = D_DISCARD; # (defaults to D_BOUNCE) $final_spam_destiny = D_DISCARD; # (defaults to D_REJECT) $final_bad_header_destiny = D_PASS; # (defaults to D_PASS), D_BOUNCE suggested $virus_admin = 'admin@example.com'; $spam_admin = 'admin@example.com'; #------------ Do not modify anything below this line ------------- 1; # insure a defined return
After changing this file, you will need to restart Amavis:
service amavis restart
Optional Settings
You can whitelist senders to ensure that their messages are never filtered. Likewise, you can blacklist senders that you feel should always be filtered. The lines to add to
/etc/amavis/conf.d/40-policy_banks
would look like this:@whitelist_sender_maps = (['docs@linode.com']); @blacklist_sender_maps = (['.gmail.com', 'scammer@junk.org']);
In the example above all email from
docs@linode.com
will be passed through regardless of its spam score. All emails from any Gmail address, as well asscammer@junk.org
, will be flagged as spam. Please note that spammers often spoof the sender address, so whitelisting an entire domain may or may not be a good idea in your situation. When you are done, save and exit this file.If you decide to modify these values, you will need to restart Amavis before they will take effect:
service amavis restart
More Information
You may wish to consult the following resources for additional information on this topic. While these are provided in the hope that they will be useful, please note that we cannot vouch for the accuracy or timeliness of externally hosted materials.
This page was originally published on