Tuesday, September 24, 2019

Email Spam and Virus Filters

Note: Installation performed on a VPS KVM server
Helpful websites: Postfix Amavis NewMail Filtering.
Excellent article on spam filtering using postfix

Install mail filtering programs and utilities

$ sudo apt install amavisd-new spamassassin clamav-daemon
$ sudo apt-get install libnet-dns-perl libmail-spf-perl pyzor razor
$ sudo apt-get install arj bzip2 cabextract cpio file gzip lhasa liblz4-tool lrzip nomarch pax rar ripole rpm unrar-free lzop unzip zip
Cross add clamav and amvis to each other's group
$ sudo adduser clamav amavis
$ sudo adduser amavis clamav
Amavis is its own spamassassin-daemon (amavis uses the spamassassin libraries). There is no need to configure spamassassin.

Enable pyzor and razor
$ sudo amavis -s /bin/bash
$ sudo razor-admin -create
$ sudo razor-admin -register
Activate spam and antivirus detection in Amavis.  Edit /etc/amavis/conf.d/15-content_filter_mode
$ sudo nano /etc/amavis/conf.d/15-content_filter_mode
Uncomment lines as shown
use strict;

# You can modify this file to re-enable SPAM checking through spamassassin
# and to re-enable antivirus checking.

# Default antivirus checking mode
# Uncomment the two lines below to enable it

@bypass_virus_checks_maps = (
   \%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re);

# Default SPAM checking mode
# Uncomment the two lines below to enable it

@bypass_spam_checks_maps = (
   \%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re);

1;  # insure a defined return
To cover multiple domains, edit the following
$ sudo nano /etc/amavis/conf.d/50-user
Edit as follows
$myhostname = 'your-mail-server-domain.com';
@local_domains_acl = ( "your-domain.com", "your-domain.org" );
or configure last line above this way
@local_domains_acl = qw(.);
Restart amavis service
$ sudo systemctl restart amavis

Postfix integration

Run the following command
$ sudo postconf -e 'content_filter = smtp-amavis:[]:10024'
Edit postfix master.cf
$ sudo nano /etc/postfix/master.cf
Add the following to the end of file
smtp-amavis     unix    -       -       -       -       2       smtp
  -o smtp_data_done_timeout=1200
  -o smtp_send_xforward_command=yes
  -o disable_dns_lookups=yes
  -o max_use=20 inet    n       -       -       -       -       smtpd
  -o content_filter=
  -o local_recipient_maps=
  -o relay_recipient_maps=
  -o smtpd_restriction_classes=
  -o smtpd_delay_reject=no
  -o smtpd_client_restrictions=permit_mynetworks,reject
  -o smtpd_helo_restrictions=
  -o smtpd_sender_restrictions=
  -o smtpd_recipient_restrictions=permit_mynetworks,reject
  -o smtpd_data_restrictions=reject_unauth_pipelining
  -o smtpd_end_of_data_restrictions=
  -o mynetworks=
  -o smtpd_error_sleep_time=0
  -o smtpd_soft_error_limit=1001
  -o smtpd_hard_error_limit=1000
  -o smtpd_client_connection_count_limit=0
  -o smtpd_client_connection_rate_limit=0
  -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters
Also add the following to the postfix master.cer file immediately after the pickup transport service.
  -o content_filter=
  -o receive_override_options=no_header_body_checks
Restart postfix service
$ sudo systemctl restart postfix


Test that amavisd-new is listening
$ telnet localhost 10024
Connected to localhost.
Escape character is '^]'.
220 [] ESMTP amavisd-new service ready
^] 22
Review incoming email headers for the presence of X-Virus-Scanned and X-Spam-Status entries.

Get last date clamav virus definitions were updated
$ strings /var/lib/clamav/daily.cld|head -1|cut -c1-2