Helpful websites: Postfix Amavis New, Mail Filtering.
Excellent article on spam filtering using postfix
Install mail filtering programs and utilities
$ sudo apt install amavisd-new spamassassin clamav-daemon $ sudo apt-get install libnet-dns-perl libmail-spf-perl pyzor razor $ sudo apt-get install arj bzip2 cabextract cpio file gzip lhasa liblz4-tool lrzip nomarch pax rar ripole rpm unrar-free lzop unzip zipCross add clamav and amvis to each other's group
$ sudo adduser clamav amavis $ sudo adduser amavis clamavAmavis is its own spamassassin-daemon (amavis uses the spamassassin libraries). There is no need to configure spamassassin.
Enable pyzor and razor
$ sudo amavis -s /bin/bash $ sudo razor-admin -create $ sudo razor-admin -registerActivate spam and antivirus detection in Amavis. Edit /etc/amavis/conf.d/15-content_filter_mode
$ sudo nano /etc/amavis/conf.d/15-content_filter_mode
Uncomment lines as shown
use strict; # You can modify this file to re-enable SPAM checking through spamassassin # and to re-enable antivirus checking. # # Default antivirus checking mode # Uncomment the two lines below to enable it # @bypass_virus_checks_maps = ( \%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re); # # Default SPAM checking mode # Uncomment the two lines below to enable it # @bypass_spam_checks_maps = ( \%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re); 1; # insure a defined return
To cover multiple domains, edit the following
Run the following command
Test that amavisd-new is listening
Get last date clamav virus definitions were updated
$ sudo nano /etc/amavis/conf.d/50-userEdit as follows
$myhostname = 'your-mail-server-domain.com'; @local_domains_acl = ( "your-domain.com", "your-domain.org" );or configure last line above this way
@local_domains_acl = qw(.);Restart amavis service
$ sudo systemctl restart amavis
Postfix integration
Run the following command
$ sudo postconf -e 'content_filter = smtp-amavis:[127.0.0.1]:10024'Edit postfix master.cf
$ sudo nano /etc/postfix/master.cfAdd the following to the end of file
smtp-amavis unix - - - - 2 smtp -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes -o max_use=20 127.0.0.1:10025 inet n - - - - smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_delay_reject=no -o smtpd_client_restrictions=permit_mynetworks,reject -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_data_restrictions=reject_unauth_pipelining -o smtpd_end_of_data_restrictions= -o mynetworks=127.0.0.0/8 -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 -o smtpd_client_connection_count_limit=0 -o smtpd_client_connection_rate_limit=0 -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_miltersAlso add the following to the postfix master.cer file immediately after the pickup transport service.
-o content_filter= -o receive_override_options=no_header_body_checksRestart postfix service
$ sudo systemctl restart postfix
Testing
Test that amavisd-new is listening
$ telnet localhost 10024 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. 220 [127.0.0.1] ESMTP amavisd-new service ready ^] 22Review incoming email headers for the presence of X-Virus-Scanned and X-Spam-Status entries.
Get last date clamav virus definitions were updated
$ strings /var/lib/clamav/daily.cld|head -1|cut -c1-2