Reliable Penguin

Some notes on setting up a Postfix server to use ClamAv and SpamAssassin. Follow the steps below to set this up on a normal Redhat box with a default Postfix setup. See step 8 for a bonus trick with header_checks to enable spam deletion.

1) Create two service accounts (set shell to /bin/false):

clamav
spamfilter


2) Install the latest ClamAV. Configure it to run as the "clamav" user (which is the default I think). Add "/usr/local/sbin/clamd" to rc.local. Find the clamd.conf (defaults to /usr/local/etc or /etc), and make the following settings:


#Example (you have to add the # sign to comment this out, or clamd won't start)
LocalSocket /tmp/clamd.socket
TCPSocket 3310
TCPAddr 127.0.0.1


Also update freshclam.conf (the Example line has to be commented out in it as well), run freshclam and add a cron job to run freshclam on a regular basis. Start clamd before proceeding to step 3.

3) Download and install a package called clamsmtp (http://memberwebs.com/stef/software/clamsmtp/). No configure options needed. After doing the make install, create /usr/local/etc/clamsmtpd.conf with the following contents:


OutAddress: 127.0.0.1:10026
Listen: 127.0.0.1:10025
ClamAddress: 127.0.0.1:3310
Header: X-Virus-Scanned: ClamAV using ClamSMTP
Action: drop
Quarantine: off
User: clamav


In the package source, copy the file scripts/clamsmtpd.sh to /etc/init.d/, and add "/etc/init.d/clamsmtpd.sh start" to rc.local. Go ahead and start clamsmtpd.

4) Create a file, /usr/local/bin/spamfilter.sh with the following contents:


#!/bin/bash
/usr/bin/spamc | /usr/sbin/sendmail -G -i "$@"
exit $?


Chmod 755 the script, and chown it to spamfilter.spamfilter

5) Make sure SpamAssassin is installed, and configured to start up on boot (chkconfig spamassassin on). Start /etc/init.d/spamassassin if it isn't already running. Configure /etc/mail/spamassassin/local.cf as desired.

6) Edit the file /etc/postfix/master.cf. Find the first "smtp" line at the top. It will look like this:


smtp inet n - n - - smtpd


Add the following options to the end of that line:


-o content_filter=clamscan:127.0.0.1:10025 -o receive_override_options=no_address_mappings


Next go to the bottom of the file, and add all of the following lines (everything between the --snip--'s):


#------------snip------------snip----------

clamscan unix - - n - 16 smtp -o smtp_send_xforward_command=yes

127.0.0.1:10026 inet n - n - 16 smtpd
-o content_filter=spamfilter:dummy
-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
-o smtpd_helo_restrictions=
-o smtpd_client_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks_style=host
-o smtpd_authorized_xforward_hosts=127.0.0.0/8
spamfilter unix - n n - - pipe
flags=Rq user=spamfilter argv=/usr/local/bin/spamfilter.sh -f ${sender} -- ${recipient}

#--------------snip----------------snip-----------


Save out master.cf, and restart Postfix (/etc/init.d/postfix restart).

7) If the gods favour you, and if I haven't forgotten something, then you'll now have ClamAV and SpamAssassin filtering in effect.

8) One additional step that may be desired is to have Postfix drop messages that score above some threshold in SpamAssassin. In /etc/mail/spamassassin/local.cf you specify the required score for a message to be flagged as spam, but SpamAssassin itself can't delete the message, only modify it. So set local.cf with a "low" score to modify the subject line, and do this next step to set a "high" score which will result in deletion:

Edit /etc/postfix/main.cf, and add this line (check to make sure it doesn't already exist):


header_checks = regexp:/etc/postfix/header_checks


Save out main.cf, and then edit /etc/postfix/header_checks, and add the following line to the bottom:


/^X-Spam-Level: \*\*\*\*\*\*\*\*\*\*.*/ DISCARD Message exceeded SpamAssassin score limit of 10


This check looks at the X-Spam-Level header that SpamAssassin inserts. Each * in the header represents a score level. So 10 stars means the message scored a 10 (or at least, the rounded off score is 10). This check will match the header if it has 10 or more stars, and will discard it and log the optional text after DISCARD. You can use "REDIRECT blah@blah.com" instead of DISCARD if you want to send the spam somewhere instead of deleting it.