Installation and Configuration of Postfix Server on Centos 6.5 Part-3/4 :...

Installation and Configuration of Postfix Server on Centos 6.5 Part-3/4 : Amavisd-New, ClamAV And Spamassassin Installation

by -
0 3002

Enable the RPMForge Repo:
Amavisd-new and ClamAV were installed from the RPMForge repository. To enable the RPMForge repository do the following (this example is for 64bit systems. You will need a different RPM for 32bit systems)
For RHEL/CentOS 7 64 Bit
# wget http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.3-1.el7.rf.x86_64.rpm
# rpm -ivh rpmforge-release-0.5.3-1.el7.rf.x86_64.rpm
For RHEL/CentOS 6 32-64 Bit
## RHEL/CentOS 6 32 Bit OS ##
# wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el6.rf.i686.rpm
# rpm -ivh rpmforge-release-0.5.2-2.el6.rf.i686.rpm

## RHEL/CentOS 6 64 Bit OS ##
# wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm
# rpm -ivh rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm
For RHEL/CentOS 5 32-64 Bit
## RHEL/CentOS 5 32 Bit OS ##
# wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el5.rf.i386.rpm
# rpm -ivh rpmforge-release-0.5.2-2.el5.rf.i386.rpm

## RHEL/CentOS 5 64 Bit OS ##
# wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el5.rf.x86_64.rpm
# rpm -ivh rpmforge-release-0.5.2-2.el5.rf.x86_64.rpm

Import RPMForge Repository Key for RHEL/CentOS 7/6/5 :
We need to download and install DAG’s GPG key for our system.
# wget http://dag.wieers.com/rpm/packages/RPM-GPG-KEY.dag.txt
# rpm –import RPM-GPG-KEY.dag.txt

Install amavisd-new, clamav and spamassassin:
[root@pc1 ~]# yum install amavisd-new clamav clamav-devel clamd spamassassin
This will likely also install a bunch of dependencies including various perl modules and archive packages. If all went well, two new users, amavis and clam should have been installed onto the system:

Verify amavis and clam user’s:
[root@pc1 ~]# cat /etc/passwd | grep “amavis\|clamav”
clam:x:495:492:Clam Anti Virus Checker:/var/lib/clamav:/sbin/nologin
amavis:x:494:491:User for amavisd-new:/var/spool/amavisd:/sbin/nologin

In addition, the clam user should automatically have been added to the amavis group:
[root@pc1 ~]# groups clam
clam : clam amavis

If not, you can manually add clam to the amavis group:
[root@pc1 ~]# gpasswd -a clam amavis

Finally, three new services should have been added to the system
[root@pc1 ~]# chkconfig –list | grep “amavisd\|clamd\|spamassassin”
amavisd         0:off   1:off   2:off   3:off   4:off   5:off   6:off
clamd           0:off   1:off   2:off   3:off   4:off   5:off   6:off
clamd.amavisd   0:off   1:off   2:off   3:off   4:off   5:off   6:off
spamassassin    0:off   1:off   2:off   3:off   4:off   5:off   6:off

ClamAV Setup:
ClamAV’s configuration is stored in /etc/clamd.conf. We must edit /etc/clamd.conf to tell ClamAV that Amavisd-new will communicate using a local UNIX socket rather than a tcp socket.

[root@pc1 ~]# vim /etc/clamd.conf
### /etc/clamd.conf
#
# Set the LocalSocket for clam
# Note this *MUST* match that set in /etc/amavisd.conf
#
LocalSocket /var/run/clamav/clamd.sock
#
# Comment out the TCPSocket setting:
# TCPSocket 3310             <—–  (Disable this line)

Amavisd-new setup:
Amavisd-new keeps its configuration settings in /etc/amavisd/amavisd.conf.

#vim /etc/amavisd/amavisd.conf
Next, note to following lines although no change is required:
$max_servers = 2;                   # num of pre-forked children (2..30 is common), -m
$daemon_user  = “amavis”;           # (no default;  customary: vscan or amavis), -u
$daemon_group = “amavis”;           # (no default;  customary: vscan or amavis), -g

$inet_socket_port = 10024;          # listen on this local TCP port(s)

# $notify_method  = ‘smtp:[127.0.0.1]:10025’;
# $forward_method = ‘smtp:[127.0.0.1]:10025’;  # set to undef with milter!

$mydomain = ‘6987.in’;   # a convenient default for other settings (Edit this line)

$MYHOME = ‘/var/spool/amavisd’;   # a convenient default for other settings, -H
$TEMPBASE = “$MYHOME/tmp”;   # working directory, needs to exist, -T
$ENV{TMPDIR} = $TEMPBASE;    # environment variable TMPDIR, used by SA, etc.
$QUARANTINEDIR = undef;      # -Q

$db_home   = “$MYHOME/db”;        # dir for bdb nanny/cache/snmp databases, -D
$helpers_home = “$MYHOME/var”;  # working directory for SpamAssassin, -S (uncomment this line)
$lock_file = “/var/run/amavisd/amavisd.lock”;  # -L
$pid_file  = “/var/run/amavisd/amavisd.pid”;   # -P

$myhostname = ‘pc1.6987.in’;  # must be a fully-qualified domain name!(add this line)

Next up are some SpamAssassin settings which override the default SpamAssassin settings:
$sa_tag_level_deflt  = 2.0;                 # add spam info headers if at, or above that level
$sa_tag2_level_deflt = 6.2;                 # add ‘spam detected’ headers at that level
$sa_kill_level_deflt = 6.9;                 # triggers spam evasive actions (e.g. blocks mail)
$sa_dsn_cutoff_level = 10;                  # spam level beyond which a DSN is not sent
# $sa_quarantine_cutoff_level = 25;         # spam level beyond which quarantine is off
$penpals_bonus_score = 8;                   # (no effect without a @storage_sql_dsn database)
$penpals_threshold_high = $sa_kill_level_deflt;         # don’t waste time on hi spam
$sa_mail_body_size_limit = 400*1024;        # don’t waste time on SA if mail is larger
$sa_local_tests_only = 0;                   # only tests which do not require internet access?

Finally, we need to uncomment the section for ClamAV like so:
### http://www.clamav.net/
[‘ClamAV-clamd’,
\&ask_daemon, [“CONTSCAN {}\n”, “/var/run/clamav/clamd.sock”],    <——–  (add this location)
qr/\bOK$/m, qr/\bFOUND$/m,
qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ],

Change the location of clamd.sock file from /var/spool/amavisd/clamd.sock to /var/run/clamav/clamd.sock.

Edit the configuration file /etc/postfix/master.cf  to tell Postfix to pass mail to Amasvid-new for filtering:

[root@pc1 ~]# vim /etc/postfix/master.cf
#at the end of line add the followings.
# define amavis service for postfix
# # maxproc column here must match the $max_servers in /etc/amavisd/amavisd.conf
$ amavisfeed unix –       –       n       –       2       lmtp
-o lmtp_data_done_timeout=1200
-o lmtp_send_xforward_command=yes
# define a service to inject mail back into Postfix
127.0.0.1:10025 inet n    –       n       –       –     smtpd
-o content_filter=
-o smtpd_delay_reject=no
-o smtpd_client_restrictions=permit_mynetworks,reject
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o smtpd_data_restrictions=reject_unauth_pipelining
-o smtpd_end_of_data_restrictions=
-o smtpd_restriction_classes=
-o mynetworks=127.0.0.0/8
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o smtpd_client_connection_count_limit=0
-o smtpd_client_connection_rate_limit=0
-o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters,no_address_mappings
-o local_header_rewrite_clients=
-o smtpd_milters=
-o local_recipient_maps=
-o relay_recipient_maps=

Edit Postfix Main.cf:
Edit the file /etc/postfix/main.cf and enable message filtering in Postfix adding the line:

[root@pc1 ~]# vim /etc/postfix/main.cf
###################################################
# message filtering in Postfix for Amavis mail scan
content_filter=amavisfeed:[127.0.0.1]:10024

[root@pc1 ~]# service postfix restart
Shutting down postfix:                                     [  OK  ]
Starting postfix:                                          [  OK  ]

Start the clamd and amavisd services:

[root@kvit ~]# service clamd start
Starting Clam AntiVirus Daemon: LibClamAV Warning: **************************************************
LibClamAV Warning: ***  The virus database is older than 7 days!  ***
LibClamAV Warning: ***   Please update it as soon as possible.    ***
LibClamAV Warning: **************************************************
[  OK  ]
[root@pc1 ~]# service amavisd start
Starting Mail Virus Scanner (amavisd):                     [  OK  ]

Check the clamav  version:
[root@kvit ~]# clamd -V
ClamAV 0.98.7/20394/Wed Apr 29 22:07:08 2015

Do not forget to update clam antivirus database using freshclam command.
[root@kvit ~]# freshclam
ClamAV update process started at Sat Nov  7 21:28:34 2015
Database updated (4092195 signatures) from db.in.clamav.net (IP: 193.1.193.64)
Check your maillog for success or error messages:

[root@pc1 ~]# tail -f /var/log/maillog /var/log/messages

Testing your Amavisd-new and Postfix setup:
Is Amavisd Listening?
Now test that the amavisd service is listening on 127.0.0.1:10024 using telnet
[root@pc1 ~]# telnet localhost 10024
Trying ::1…
Connected to localhost.
Escape character is ‘^]’.
220 [::1] ESMTP amavisd-new service ready
ehlo localhost
250-[::1]
250-VRFY
250-PIPELINING
250-SIZE
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-DSN
250 XFORWARD NAME ADDR PORT PROTO HELO IDENT SOURCE
quit
221 2.0.0 [::1] amavisd-new closing transmission channel
Connection closed by foreign host.

If everything is working then you should see a successful connection similar to above.

Is Postfix Listening?
Next to test the Postfix smtpd is listening on 127.0.0.1:10025:

[root@pc1 ~]# telnet localhost 10025
Trying ::1…
telnet: connect to address ::1: Connection refused
Trying 127.0.0.1…
Connected to localhost.
Escape character is ‘^]’.
220 pc1.6987.in ESMTP Postfix
ehlo localhost
250-pc1.6987.in
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
quit
221 2.0.0 Bye
Connection closed by foreign host.

Below is the log file which shows Blocked SPAM and Blocked INFECTED files by amavis through clamav and spamassassin.

18

19

Download PDF

NO COMMENTS

Leave a Reply

Required Captcha *