Centos 7 | Postfix + Amavisd-new + ClamAV + Spamassassin

[paknet]

Install Amavisd-new


Ok. Here we go…

Code:

yum install amavisd-new

This will install amavisd-new and a bunch of dependencies (30Mb)
It will also install Spamassassin by default

Install ClamAV

Code:

yum install clamav clamav-update

edit the following file

Code:

vi /etc/freshclam.conf

and comment the line “Example” like this

Code:

# Example

update the ClamAV database

Code:

freshclam

auto update is already set up, but to work properly, we need to edit the following file:

Code:

vi /etc/sysconfig/freshclam

and remove this 4 lines:

Code:

### !!!!! REMOVE ME !!!!!!
### REMOVE ME: By default, the freshclam update is disabled to avoid
### REMOVE ME: network access without prior activation
FRESHCLAM_DELAY=disabled-warn   # REMOVE ME

edit the cron file just to make sure that the line is not commented

Code:

vi /etc/cron.d/clamav-update

OK. Packages are installed. Here comes the configuration part

Configuration

We need to edit amavisd.conf file

Code:

vi /etc/amavisd/amavisd.conf

Change the following lines like this…

Code:

$mydomain = ‘domain.com’;   # a convenient default for other settings
$myhostname = 'mail.domain.com’;  # must be a fully-qualified domain name and same as reverse DNS lookup

Now we need to check if everything is set in postfix master.cf

Code:

vi /etc/postfix/master.cf

On top you should have lines…

Code:

smtp      inet  n       -       n       -       -       smtpd
 -o smtpd_sasl_auth_enable=yes
 -o receive_override_options=no_address_mappings
 -o content_filter=smtp-amavis:127.0.0.1:10024

…and on the bottom of the file…

Code:

#
# spam/virus section
#
smtp-amavis  unix  -    -       y       -       2       smtp
 -o smtp_data_done_timeout=1200
 -o disable_dns_lookups=yes
 -o smtp_send_xforward_command=yes
127.0.0.1:10025 inet n  -       y       -       -       smtpd
 -o content_filter=
 -o smtpd_helo_restrictions=
 -o smtpd_sender_restrictions=
 -o smtpd_recipient_restrictions=permit_mynetworks,reject
 -o mynetworks=127.0.0.0/8
 -o smtpd_error_sleep_time=0
 -o smtpd_soft_error_limit=1001
 -o smtpd_hard_error_limit=1000
 -o receive_override_options=no_header_body_checks
 -o smtpd_helo_required=no
 -o smtpd_client_restrictions=
 -o smtpd_restriction_classes=
 -o disable_vrfy_command=no
 -o strict_rfc821_envelopes=yes

Stop the postfix daemon

Code:

systemctl stop postfix

First we need to make sure that Spamassassin, Amavisd-new and ClamAV daemons are running

Code:

systemctl start spamassassin
systemctl start amavisd # This will also run ClamAV

Then make sure that after reboot all daemons are automatically started:

Code:

systemctl enable spamassassin
systemctl enable amavisd

Now start the postfix daemon:

Code:

systemctl start postfix

If all is well, we should have a basic spam and virus protection up and running!
Let's do some testing:

Test Amavisd…

Code:

telnet localhost 10024
Trying ::1...
Connected to localhost.
Escape character is '^]'.
220 [::1] ESMTP amavisd-new service ready
ehlo localhost
250-[::1]
250-VRFY
250-PIPELINING
250-SIZE
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-DSN
250 XFORWARD NAME ADDR PORT PROTO HELO IDENT SOURCE

OK. 

Test the SMTP daemon on port 10025

Code:

telnet localhost 10025
Trying ::1...
telnet: connect to address ::1: Connection refused
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 mail.domain.com ESMTP
ehlo localhost
250-mail.domain.com
250-PIPELINING
250-SIZE 20480000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN

OK.

Daemons are up and running. It's time to send some viruses and spam to test our server.

Keep an eye on maillog file while receiving virus and spam

Code:

tail -f /var/log/maillog

Send an email from external account (gmail) to account hosted on this server with the following content (Eicar virus) :

Code:

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

You should see something like this in your maillog file…

Code:

Feb 00 00:00:00 host amavis[32426]: (032426-01) Blocked INFECTED (Eicar-Test-Signature) {DiscardedOpenRelay,Quarantined}

Woohoo, Amavis, ClamAV and Postfix are working together nicely!

What about SPAM? Send the following string from external account:

Code:

XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X

Check the maillog…

Code:

Feb 00 00:00:00 host amavis[32425]: (032425-02) Blocked SPAM {DiscardedOpenRelay,Quarantined}

Blocked!

One last thing to do… Spamassassin already added a cron job. Just make sure that the line is not commented!

Code:

vi /etc/cron.d/sa-update

Thats it! Job well done.

[Me.B]

Great thanks for sharing.

Notice for those who plan to use the above you will need more ram for this setup usually above 1GB and best at 2GB.

M B

[kellenw]

Any chance someone would be willing to put together a similar how-to for Ubuntu 14.04? I set all this up on my old zpanel production server running Ubuntu 12.04, but I can't remember how I did it.

[Me.B]

The path instruction over appending/edit files are the same, you mainly replace yum with apt-get and systemctl restart command & you will get a Ubuntu how to ;-).

[kellenw]

Thanks for the reply Me.B.  I tried setting it up substituting the various ubuntu/debian specific commands (apt-get instead of yum, nano instead of vi, etc.).  It mostly went well, but I ran into a couple points of confusion.

1. Instead of this:

Code:

yum install clamav clamav-update

I used this:

Code:

apt-get install clamav

...Because the extra "clamav-update" portion resulted in some "unable to locate package" errors.  Is it okay just to use the command above (without "clamav-update") instead, or do I need to add something else instead?  For instance,

Code:

apt-get install clamav clamav-daemon -y

Maybe that's what I should be using?




2. There was no "Example" line in this file:

Code:

/etc/freshclam.conf

I assume that's okay and can be ignored?


3. This file:

Code:

/etc/sysconfig/freshclam

...Doesn't exist in Ubuntu... Or better put, it's in a different location than sysconfig, because that folder does not exist.  Any idea where it would be located in ubuntu?


The rest is simple enough.  I just need to verify/correct the above issues, and then I'll give it another try, and write up a "how-to" specific to Ubuntu once successful.

Thanks!

[Me.B]

sudo apt-get install clamav clamtk

http://askubuntu.com/questions/282452/ho...untu-12-10

yep no example no issue as ubuntu conf files are a bit cleaner than centos.

/etc/clamav/freshclam.conf
http://manpages.ubuntu.com/manpages/prec...onf.5.html

M B

[kellenw]

I ended up following the directions for Ubuntu in this link https://help.ubuntu.com/community/PostfixAmavisNew
It worked correctly. I've posted the link in the how-to section.

Mods - You could probably delete all my posts and related replies in this thread since they are unrelated to the Centos setup, and it will keep this thread cleaner.

Thanks!

[poudenes]

Hi Guys,
Did everything like the tutorial, also the telnet tests where the same.
But when i send a email from Gmail with the (Eicar virus) in it, it will not block... mails still deliver.
what can that be?

EDIT:

Never mind... i see other lines in MAILLOG but with same result...

May 28 21:54:59 sentora postfix/smtp[14945]: 447CB417B1: to=<my@domain.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=5.8, delays=0.27/0/0.02/5.5, dsn=2.7.0, status=sent (250 2.7.0 Ok, discarded, id=08267-13 - spam)

May 28 21:56:25 sentora postfix/smtp[14945]: BD066417B1: to=<my@domain.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.74, delays=0.48/0/0.04/0.21, dsn=2.7.0, status=sent (250 2.7.0 Ok, discarded, id=08267-14 - INFECTED: Eicar-Test-Signature)

[d8teen]

Thank you! After installation for some reason in the /etc/postfix/master.cf top lines looked different
was missing " -o smtpd_sasl_auth_enable=yes"
And two -o instructions on top was commented out with #, thanks to detailed instructions i have noticed that my relay is not what it needed to be, and was easily able to fix it.

Only one things was confusing, testing with telnet. My Centos setup dont have it and i was not going to install it just to test. Maybe warn others that this function is not installed by default?

Admins, please delete the Ubuntu questions from the thread, there is topic with Ubuntu instructions available (http://forums.sentora.org/showthread.php?tid=1175).

[w3in1web]

I m having problems when start please help

[root@host201 ~]# systemctl start amavisd
Job for amavisd.service failed. See 'systemctl status amavisd.service' and 'jour nalctl -xn' for details.
[root@host201 ~]#
[root@host201 ~]# systemctl status amavisd.service
amavisd.service - Amavisd-new is an interface between MTA and content checkers.
Loaded: loaded (/usr/lib/systemd/system/amavisd.service; enabled)
Active: failed (Result: start-limit) since Fri 2015-06-12 05:43:16 CDT; 29s ago
Docs: http://www.ijs.si/software/amavisd/#doc
Process: 10424 ExecStart=/usr/sbin/amavisd -c /etc/amavisd/amavisd.conf (code=exited, status=227/NO_NEW_PRIVILEGES)

Jun 12 05:43:15 host201 systemd[1]: Failed to start Amavisd-new is an interface b...s..
Jun 12 05:43:15 host201 systemd[1]: Unit amavisd.service entered failed state.
Jun 12 05:43:16 host201 systemd[1]: amavisd.service holdoff time over, scheduling...rt.
Jun 12 05:43:16 host201 systemd[1]: Stopping Amavisd-new is an interface between ......
Jun 12 05:43:16 host201 systemd[1]: Starting Amavisd-new is an interface between ......
Jun 12 05:43:16 host201 systemd[1]: amavisd.service start request repeated too qu...rt.
Jun 12 05:43:16 host201 systemd[1]: Failed to start Amavisd-new is an interface b...s..
Jun 12 05:43:16 host201 systemd[1]: Unit amavisd.service entered failed state.
Hint: Some lines were ellipsized, use -l to show in full.
[root@host201 ~]#
[root@host201 ~]# jour nalctl -xn
-bash: jour: command not found
[root@host201 ~]# journalctl -xn
-- Logs begin at Thu 2015-04-09 15:41:35 CDT, end at Fri 2015-06-12 05:45:01 CDT. --
Jun 12 05:43:17 host201 postfix/postfix-script[10436]: fatal: cannot execute /usr/sbin/postconf!
Jun 12 05:43:17 host201 systemd[1]: postfix.service: control process exited, code=exited status=1
Jun 12 05:43:17 host201 systemd[1]: Failed to start Postfix Mail Transport Agent.
-- Subject: Unit postfix.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/lis...temd-devel
--
-- Unit postfix.service has failed.
--
-- The result is failed.
Jun 12 05:43:17 host201 systemd[1]: Unit postfix.service entered failed state.
Jun 12 05:44:50 host201 systemd[1]: Starting Telnet Server...
-- Subject: Unit telnet@16-31.187.71.150:23-220.130.12.107:32999.service has begun with start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/lis...temd-devel
--
-- Unit telnet@16-31.187.71.150:23-220.130.12.107:32999.service has begun starting up.
Jun 12 05:44:50 host201 systemd[1]: Started Telnet Server.
-- Subject: Unit telnet@16-31.187.71.150:23-220.130.12.107:32999.service has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/lis...temd-devel
--
-- Unit telnet@16-31.187.71.150:23-220.130.12.107:32999.service has finished starting up.
--
-- The start-up result is done.
Jun 12 05:44:51 host201 telnetd[10439]: ttloop: peer died: EOF
Jun 12 05:45:01 host201 systemd[1]: Starting Session 14224130 of user root.
-- Subject: Unit session-14224130.scope has begun with start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/lis...temd-devel
--
-- Unit session-14224130.scope has begun starting up.
Jun 12 05:45:01 host201 systemd[1]: Started Session 14224130 of user root.
-- Subject: Unit session-14224130.scope has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/lis...temd-devel
--
-- Unit session-14224130.scope has finished starting up.
--
-- The start-up result is done.
Jun 12 05:45:01 host201 CROND[10442]: (root) CMD (nice -2 /usr/bin/php -q /etc/sentora/panel/bin/daemon.php > /var/sentora/logs/daemon-last-run.log 2>&1)
[root@host201 ~]#