Blog, GNU/Linux

Postfix+Amavisd-new+Spamassasin+Clamav

Since I had to disable the PTR check in Postfix at Binware because in Spain 90% of mail servers are badly configured and they were all rejected, and now we have lot of spam.

So I decided to install Spamassassin and Clamav to detect and reject some of this spam.

First of all, we need to install needed packages:

apt-get install spamassassin amavisd-new clamav clamav-daemon

We will begin configuring amavisd-new, the configuration files are at /etc/amavis/conf.

In file 20-debian_defaults I changed the header that will be added to each mail processed:

$X_HEADER_LINE = "AntiSpam/Antivirus Scanner at $mydomain";

We need to activate antispam and antivirus check in amavis, this is found in file 15-content_filter_mode. We need to uncomment @bypass_virus_checks_maps and @bypass_spam_checks_maps. The file will look like this:

use strict;

# You can modify this file to re-enable SPAM checking through spamassassin
# and to re-enable antivirus checking.

#
# Default antivirus checking mode
# Please note, that anti-virus checking is DISABLED by
# default.
# If You wish to enable it, please uncomment the following lines:


@bypass_virus_checks_maps = (
   \%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re);


#
# Default SPAM checking mode
# Please note, that anti-spam checking is DISABLED by
# default.
# If You wish to enable it, please uncomment the following lines:


@bypass_spam_checks_maps = (
   \%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re);

1;  # ensure a defined return

By default, amavis will use the hostname for $mydomain, but thats not what I want, so I edited file 05-domain_id, setting $mydomain to binware.org

use strict;

# $mydomain is used just for convenience in the config files and it is not
# used internally by amavisd-new except in the default X_HEADER_LINE (which
# Debian overrides by default anyway).

$mydomain = 'binware.org';

# amavisd-new needs to know which email domains are to be considered local
# to the administrative domain.  Only emails to "local" domains are subject
# to certain functionality, such as the addition of spam tags.
#
# Default local domains to $mydomain and all subdomains.  Remember to
# override or redefine this if $mydomain is changed later in the config
# sequence.

@local_domains_acl = ( ".$mydomain" );

1;  # ensure a defined return

Next step is to add the clamav user to the amavis group, so that amavis can call clamav

adduser clamav amavis

Now it’s time to configure postfix. The first file to edit is main.cf:

# Amavisd-new
content_filter = amavis:[127.0.0.1]:10024

And in master.conf add this at the end of file:

amavis unix - - - - 2 smtp
  -o smtp_data_done_timeout=1200
  -o smtp_send_xforward_command=yes

127.0.0.1:10025 inet n - - - - smtpd
  -o content_filter=
  -o local_recipient_maps=
  -o relay_recipient_maps=
  -o smtpd_restriction_classes=
  -o smtpd_client_restrictions=
  -o smtpd_helo_restrictions=
  -o smtpd_sender_restrictions=
  -o smtpd_recipient_restrictions=permit_mynetworks,reject
  -o mynetworks=127.0.0.0/8
  -o strict_rfc821_envelopes=yes
  -o smtpd_bind_address=127.0.0.1

That’s all! Now restart services:

/etc/init.d/clamav-daemon restart
/etc/init.d/clamav-freshclam restart
/etc/init.d/amavis restart
/etc/init.d/postfix restart
Blog, GNU/Linux

Postfix+VDA

Esto era una de las cosas que tenia pendiente de poner en el server hosting, y ultimamente ha habido mucha gente que superaba de mucho el limite, asi que me he puesto a configurar e instalar postfix con el parch VDA para poner limite de tamaño a los buzones.

Como tengo ahora mismo todo configurado con los paquetes de debian, he pensado que lo mejor es parchear los propios paquetes de debian, y aqui estan los pasos que he seguido:

  1. Instalo todas las utilidades necesarias para poder compilar y crear el paquete de postfix.
    apt-get install build-essential dpkg-dev fakeroot debhelper po-debconf dpatch lsb-release libdb4.3-dev libgdbm-dev libldap2-dev libpcre3-dev libmysqlclient15-dev libsasl2-dev libpq-dev
    
  2. Nos bajamos el codigo fuente del postfix (Conviene hacerlo en /usr/src ya que lo descarga en el directorio actual)
    apt-get source postfix
    
  3. Nos bajamos el ultimo parche disponible para nuestra version de http://web.onda.com.br/nadal/
    wget http://web.onda.com.br/nadal/postfix/VDA/postfix-2.2.8-vda.patch.gz
    
  4. Parcheamos el codigo
    gunzip postfix-2.2.8-vda.patch.gz
    patch -p1
    
  5. Compilamos
    dpkg-buildpackage
    
  6. Instalamos los paquetes generados
    dpkg -i postfix_2.2.8-9_i386.deb
    dpkg -i postfix-mysql_2.2.8-9_i386.deb
    
  7. Configuramos postfix
  1. main.cf
    virtual_mailbox_limit_override=yes
    #Use IMAP compatible files
    virtual_maildir_extended=yes
    #Create maildirsize files
    virtual_create_maildirsize=yes
    #Bounce mails overquota
    virtual_overquota_bounce=yes
    #MySQL info to get user quota
    virtual_mailbox_limit_maps=mysql:/etc/postfix/quota.cf
    #Count Trash
    virtual_trash_count=yes
    virtual_trash_name=.Trash
    
  2. quota.cf
    user=mail
    password=mailpassword
    dbname=mail
    table=users
    hosts=localhost
    where_field=address
    select_field=quota
    
  • Configuramos courier
    1. authmysqlrc
      MYSQL_QUOTA_FIELD quota
      

    Updated (2007/07/12): La nueva URL del patch VDA es http://vda.sourceforge.net/

    Blog, GNU/Linux, Technology

    Fracaso con VHCS ;(

    Despues de probar ayer el VHCS me he llevado una decepcion enorme. Tiene muy buena pinta, y hace de todo, pero resulta que es para que tu te adaptes a como funciona el, trae sus propios demonios y configuraciones. Supongo que si no tiene montado nada y empiezas desde cero es muy comodo, pero yo tengo todo montado para que funcione todo en mysql y volver a configurar y pasar a texto es un follon, aparte de la molestia de ir reiniciando los servicios.

    Por lo tanto he decido que voy a aprovechar lo que trae el VHCS y cogerlo como base para diseñarme mi propio panel teniendo Bind-Mysql, Postfix/Courier-Mysql y Proftpd-Mysql. Modificar la base de datos es mucho mejor que tener que tocar archivos de sistema y ir dando permisos a programas.