Postfix-Spam-Virus-Protection

Postfix-Spam-Virus-Protection
Postfix-Spam-Virus-Protection

Spamassassin

Installation

sudo apt-get install spamassassin

Konfiguration

grep -vE "^\s*$|^\s*#" /etc/default/spamassassin
ENABLED=0
OPTIONS="--max-children 5 --helper-home-dir -x -u vmail"
PIDFILE="/var/run/spamd.pid"
CRON=1

Die --helper-home-dir -x -u vmail bezieht sich auf das Setup in Postfix-Dovecot-MySQL. Muss also ggf. angepasst werden.

sudo systemctl enable spamassassin

Spamass-Milter

Installation

sudo apt-get install spamass-milter
sudo adduser spamass-milter debian-spamd
sudo service spamassassin restart
sudo service spamass-milter restart

Postfix-Konfiguration

sudo postconf smtpd_milters=unix:/spamass/spamass.sock
sudo postconf milter_connect_macros="i j {daemon_name} v {if_name} _"
sudo service postfix restart

Test

Auf einem entfernten Rechner (nicht in Postfix’ mynetworks):

sudo apt-get install swaks
swaks --to $existierende_addresse --server $PostfixIP --body /usr/share/doc/spamassassin/examples/sample-spam.txt

Auf dem Mailserver:

sudo grep 'identified spam' -C 3 /var/log/mail.log

ClamAV

Installation

sudo apt-get install clamav-milter clamav-daemon
systemctl enable clamav-daemon
service clamav-daemon start
service clamav-milter start

Clamav-Milter-Konfiguration

Der Miltersocket soll im Postfix-Chroot liegen und für Postfix schreibbar sein:

grep -vE "^\s*$|^\s*#" /etc/clamav/clamav-milter.conf
MilterSocket /var/spool/postfix/private/clamav/clamav-milter.ctl
FixStaleSocket true
User clamav
AllowSupplementaryGroups true
ReadTimeout 120
Foreground false
PidFile /var/run/clamav/clamav-milter.pid
ClamdSocket unix:/var/run/clamav/clamd.ctl
OnClean Accept
OnInfected Reject
OnFail Defer
AddHeader Add
ReportHostname virus.check.local
LogSyslog false
LogFacility LOG_LOCAL6
LogVerbose false
LogInfected Off
LogClean Off
LogRotate true
MaxFileSize 25M
SupportMultipleRecipients false
TemporaryDirectory /tmp
LogFile /var/log/clamav/clamav-milter.log
LogTime true
LogFileUnlock false
LogFileMaxSize 1M
MilterSocketGroup postfix
MilterSocketMode 660
sudo service clamav-milter restart

Postfix-Konfiguration

sudo postconf smtpd_milters=unix:/spamass/spamass.sock,unix:/clamav/clamav-milter.ctl
sudo service postfix restart

Test

Auf einem entfernten Rechner (nicht in Postfix’ mynetworks):

sudo apt-get install swaks clamav-testfiles
swaks --to $existierende_addresse --server $PostfixIP --attach - --suppress-data < /usr/share/clamav-testfiles/clam.exe
  1. Postfix-Dovecot-MySQL
  2. Postfix-White-Black-Greylisting