The last post: Building your own mail server, Part 3

Adding some much-needed spam and virus filtering

Adding Amavis to Postfix

The Amavis config will listen on port 10024, and pass mail back to Postfix on port 10025, so we need to make some adjustments to the /etc/postfix/ file.

First, find the entry for smtp and below it add the extra two lines of options here. This tells it to pass messages to the proxy on port 10024 and limits the number of simultaneous connections from one system to three at a time; this should generally be smaller than the number of Amavis servers you set up:

smtp       inet  n       -       y       -       -       smtpd
    -o smtpd_proxy_filter=
    -o smtpd_client_connection_count_limit=3

Next, we need to set up a new instance of smtpd, which will listen only to connections from the local machine. Add these lines to to create a listener on port 10025. The options are mostly blank, to ensure any settings in are over-ridden; we don't want anything other than amavisd to be able to send mail via this connection:

# loopback daemon for receiving mail from amavis inet n - y - - smtpd
          -o smtpd_client_restrictions=
          -o smtpd_helo_restrictions=
          -o smtpd_sender_restrictions=
          -o smtpd_recipient_restrictions=permit_mynetworks,reject
          -o smtpd_data_restrictions=
          -o mynetworks=
          -o receive_override_options=no_unknown_recipient_checks
          -o smtpd_authorized_xforward_hosts=
Create a spammy looking message to test Amavis

Treat yourself to a spammy message to check the filtering is running

Now, restart Postfix with the postfix reload command, and try a sample SMTP transaction on port 25. Unless you manage to handcraft some really nasty spam, you should see your message delivered normally. Check the Maildir for the destination user (or just fetch the message in your email client) and check the headers.

If all is working well, you'll now see some extra Received headers, showing the message received by Amavisd on port 10024, then results of the scanning, with warnings and scores, depending on what you put in your test message, and a final Received line when the message was fed back to Postfix. Congratulations, you have your spam and virus filter up and running.

To make sure everything starts up in the order you want, you should now edit the pkg_scripts line in /etc/rc.conf to read

pkg_scripts=dovecot freshclam clamd amavisd postgrey postfix
Amavisd will add headers to the scanned email

Check your messages, and you'll see Amavisd now shows up in the headers

Keeping an eye on things

All the various parts of the mail system log what they're doing via syslog, in /var/log/maillog. There's a lot of information to wade through, however, so one of the tools we installed in the previous part was pflogsumm, a tool that summarises the logs for you. It's very simple to run - just give it the name of the log file to analyse, so

pflogsumm /var/log/maillog

will do the trick. And if you want to have the results sent to you each day, create a file called /etc/daily.local and containing that command. Postgrey has its own log analyser, postgreyreport, though I don't find it that useful. Two tools worth grabbing are postfix-logwatch and amavis-logwatch. I use this in my daily.local:

/usr/local/bin/postfix-logwatch --detail 6 /var/log/maillog

Sponsored: Detecting cyber attacks as a small to medium business


Biting the hand that feeds IT © 1998–2020