Postfix mail filtering on Ubuntu
Install postfix (config file is /etc/postfix/main.cf)
$ sudo apt install postfix
$ sudo dpkg-reconfigure postfix
$ sudo postconf -e 'home_mailbox = Maildir/'
Test mail
$ telnet mail.yourdomain.com 25
ehlo yourdomain.com
mail from: root@yourdomain.com
rcpt to: fmaster@yourdomain.com
data
Subject: My first mail for my domain
Hi,
Are you there?
regards,
Admin
. (and Enter In a new Line)
quit
Mail filtering
Check your fqdn name
$ hostname --fqdn
If it return localhost, change the first line in /etc/hosts.
$ sudo vi /etc/hosts
127.0.0.1 servername.domain.com localhost
$ sudo apt install amavisd-new spamassassin clamav-daemon
$ sudo apt install opendkim postfix-policyd-spf-python
$ sudo apt install pyzor razor
$ sudo apt install arj cabextract cpio nomarch pax rar unrar unzip zip jlha-utils lhasa
$ sudo adduser clamav amavis
$ sudo adduser amavis clamav
$ sudo vi /etc/default/spamassassin
...
ENABLED=1
...
$ sudo systemctl start spamassassin.service
use strict;
# You can modify this file to re-enable SPAM checking through spamassassin
# and to re-enable antivirus checking.
#
# Default antivirus checking mode
# Uncomment the two lines below to enable it
#
@bypass_virus_checks_maps = (
\%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re);
#
# Default SPAM checking mode
# Uncomment the two lines below to enable it
#
@bypass_spam_checks_maps = (
\%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re);
1; # insure a defined return
sudo vi /etc/amavis/conf.d/20-debian_defaults
...
$sa_spam_subject_tag = '***SPAM*** ';
# $sa_tag_level_deflt = 2.0; # add spam info headers if at, or above that level
# $sa_tag2_level_deflt = 6.31; # add 'spam detected' headers at that level
# $sa_kill_level_deflt = 6.31; # triggers spam evasive actions
# $sa_dsn_cutoff_level = 10; # spam level beyond which a DSN is not sent
$sa_tag_level_deflt = -999; # add spam info headers if at, or above that level
$sa_tag2_level_deflt = 6.0; # add 'spam detected' headers at that level
$sa_kill_level_deflt = 21.0; # triggers spam evasive actions
$sa_dsn_cutoff_level = 4; # spam level beyond which a DSN is not sent
...
# $final_spam_destiny = D_BOUNCE;
$final_spam_destiny = D_DISCARD;
...
$ sudo vi /etc/amavis/conf.d/50-user
...
@local_domains_acl = qw(.);
...
sudo systemctl restart amavis.service
sudo postconf -e 'content_filter = smtp-amavis:[127.0.0.1]:10024'
sudo vi /etc/postfix/master.cf
# add to the end of the file
smtp-amavis unix - - - - 2 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
-o max_use=20
127.0.0.1:10025 inet n - - - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_delay_reject=no
-o smtpd_client_restrictions=permit_mynetworks,reject
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o smtpd_data_restrictions=reject_unauth_pipelining
-o smtpd_end_of_data_restrictions=
-o mynetworks=127.0.0.0/8
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o smtpd_client_connection_count_limit=0
-o smtpd_client_connection_rate_limit=0
-o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters
...
#628 inet n - y - - qmqpd
pickup unix n - y 60 1 pickup
-o content_filter=
-o receive_override_options=no_header_body_checks
cleanup unix n - y - 0 cleanup
...
39 #628 inet n - y - - qmqpd
40 pickup unix n - y 60 1 pickup
41 -o content_filter=
42 -o receive_override_options=no_header_body_checks
43 cleanup unix n - y - 0 cleanup
...
sudo systemctl restart postfix.service
Testing
$ telnet localhost 10024
Trying 127.0.0.1...
Connected to mail.cisdd.org.
Escape character is '^]'.
220 [127.0.0.1] ESMTP amavisd-new service ready
Checked /var/log/mail.log and found errors
Nov 21 14:26:36 mail-tiqc amavis[705]: (00705-01) (!)run_av (ClamAV-clamd) FAILED - unexpected , output="/var/lib/amavis/tmp/amavis-20161121T142636-00705-g5ZqbF_3/parts: lstat() failed: Permission denied. ERROR\n"
Nov 21 14:26:36 mail-tiqc amavis[705]: (00705-01) (!)ClamAV-clamd av-scanner FAILED: CODE(0x4bde0d0) unexpected , output="/var/lib/amavis/tmp/amavis-20161121T142636-00705-g5ZqbF_3/parts: lstat() failed: Permission denied. ERROR\n" at (eval 100) line 905.
Nov 21 14:26:36 mail-tiqc amavis[705]: (00705-01) (!)WARN: all primary virus scanners failed, considering backups
Fix error
$ sudo vi /etc/clamav/clamd.conf
...
AllowSupplementaryGroups true
...
$ sudo systemctl restart clamav-daemon
Written on November 19, 2016