This forum uses cookies
This forum makes use of cookies to store your login information if you are registered, and your last visit if you are not. Cookies are small text documents stored on your computer; the cookies set by this forum can only be used on this website and pose no security risk. Cookies on this forum also track the specific topics you have read and when you last read them. Please confirm whether you accept or reject these cookies being set.

A cookie will be stored in your browser regardless of choice to prevent you being asked this question again. You will be able to change your cookie settings at any time using the link in the footer.

Centos 7 | Postfix + Amavisd-new + ClamAV + Spamassassin
#1
Centos 7 | Postfix + Amavisd-new + ClamAV + Spamassassin
Install Amavisd-new


Ok. Here we go…
Code:
yum install amavisd-new
This will install amavisd-new and a bunch of dependencies (30Mb)
It will also install Spamassassin by default

Install ClamAV
Code:
yum install clamav clamav-update

edit the following file
Code:
vi /etc/freshclam.conf
and comment the line “Example” like this
Code:
# Example

update the ClamAV database
Code:
freshclam

auto update is already set up, but to work properly, we need to edit the following file:
Code:
vi /etc/sysconfig/freshclam
and remove this 4 lines:
Code:
### !!!!! REMOVE ME !!!!!!
### REMOVE ME: By default, the freshclam update is disabled to avoid
### REMOVE ME: network access without prior activation
FRESHCLAM_DELAY=disabled-warn   # REMOVE ME

edit the cron file just to make sure that the line is not commented
Code:
vi /etc/cron.d/clamav-update

OK. Packages are installed. Here comes the configuration part

Configuration

We need to edit amavisd.conf file
Code:
vi /etc/amavisd/amavisd.conf

Change the following lines like this…
Code:
$mydomain = ‘domain.com’;   # a convenient default for other settings
$myhostname = 'mail.domain.com’;  # must be a fully-qualified domain name and same as reverse DNS lookup

Now we need to check if everything is set in postfix master.cf
Code:
vi /etc/postfix/master.cf

On top you should have lines…
Code:
smtp      inet  n       -       n       -       -       smtpd
 -o smtpd_sasl_auth_enable=yes
 -o receive_override_options=no_address_mappings
 -o content_filter=smtp-amavis:127.0.0.1:10024
…and on the bottom of the file…
Code:
#
# spam/virus section
#
smtp-amavis  unix  -    -       y       -       2       smtp
 -o smtp_data_done_timeout=1200
 -o disable_dns_lookups=yes
 -o smtp_send_xforward_command=yes
127.0.0.1:10025 inet n  -       y       -       -       smtpd
 -o content_filter=
 -o smtpd_helo_restrictions=
 -o smtpd_sender_restrictions=
 -o smtpd_recipient_restrictions=permit_mynetworks,reject
 -o mynetworks=127.0.0.0/8
 -o smtpd_error_sleep_time=0
 -o smtpd_soft_error_limit=1001
 -o smtpd_hard_error_limit=1000
 -o receive_override_options=no_header_body_checks
 -o smtpd_helo_required=no
 -o smtpd_client_restrictions=
 -o smtpd_restriction_classes=
 -o disable_vrfy_command=no
 -o strict_rfc821_envelopes=yes

Stop the postfix daemon
Code:
systemctl stop postfix

First we need to make sure that Spamassassin, Amavisd-new and ClamAV daemons are running
Code:
systemctl start spamassassin
systemctl start amavisd # This will also run ClamAV

Then make sure that after reboot all daemons are automatically started:
Code:
systemctl enable spamassassin
systemctl enable amavisd

Now start the postfix daemon:
Code:
systemctl start postfix

If all is well, we should have a basic spam and virus protection up and running!
Let's do some testing:

Test Amavisd…

Code:
telnet localhost 10024
Trying ::1...
Connected to localhost.
Escape character is '^]'.
220 [::1] ESMTP amavisd-new service ready
ehlo localhost
250-[::1]
250-VRFY
250-PIPELINING
250-SIZE
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-DSN
250 XFORWARD NAME ADDR PORT PROTO HELO IDENT SOURCE
OK. 

Test the SMTP daemon on port 10025

Code:
telnet localhost 10025
Trying ::1...
telnet: connect to address ::1: Connection refused
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 mail.domain.com ESMTP
ehlo localhost
250-mail.domain.com
250-PIPELINING
250-SIZE 20480000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
OK.

Daemons are up and running. It's time to send some viruses and spam to test our server.

Keep an eye on maillog file while receiving virus and spam
Code:
tail -f /var/log/maillog

Send an email from external account (gmail) to account hosted on this server with the following content (Eicar virus) :
Code:
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

You should see something like this in your maillog file…
Code:
Feb 00 00:00:00 host amavis[32426]: (032426-01) Blocked INFECTED (Eicar-Test-Signature) {DiscardedOpenRelay,Quarantined}
Woohoo, Amavis, ClamAV and Postfix are working together nicely!

What about SPAM? Send the following string from external account:
Code:
XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X

Check the maillog…
Code:
Feb 00 00:00:00 host amavis[32425]: (032425-02) Blocked SPAM {DiscardedOpenRelay,Quarantined}
Blocked!

One last thing to do… Spamassassin already added a cron job. Just make sure that the line is not commented!
Code:
vi /etc/cron.d/sa-update

Thats it! Job well done.
Reply
Thanks given by: kellenw , SidedTech , kmlreverser , wormsunited


Messages In This Thread
Centos 7 | Postfix + Amavisd-new + ClamAV + Spamassassin - by paknet - 02-24-2015, 11:16 AM

Possibly Related Threads…
Thread Author Replies Views Last Post
Fail2ban for Sentora (Centos 7) bbspike 14 44 ,483 01-14-2020, 07:32 AM
Last Post: Vedran B
[How To] Update from PHP v5.4.16 to v5.6.31 (Includes suhosin patch) [CentOS] betatester3.0 5 16 ,786 03-18-2019, 01:23 AM
Last Post: BigBang
Ubuntu: How to setup TLS on postfix and dovecot Diablo925 28 107 ,071 02-15-2018, 08:46 PM
Last Post: duane

Forum Jump:


Users browsing this thread: 1 Guest(s)