This is a quick howto on how to get it all running. Most of the software used is a lot more powerful than this howto suggests. Once you have it all up and running make sure to spend some time checking out the full potential of your setup.
Get all the packages:
Include
deb http://ftp2.de.debian.org/
debian-volatile sarge/volatile main
in your /etc/apt/sources.list to make sure you get updates on the clamav engine (and not just the virus data as provided by freshclam).
apt-get install postfix clamav clamav-base clamav-daemon clamav-freshclam amavisd-new spamassassin spamc razor pyzor cyrus21-admin cyrus21-common cyrus21-imapd cyrus21-pop3d
The amavis package recommends a lot of tools like unzip, unrar, etc. It’s best to install all of them; using dselect might be helpful here.
Clamav
Clamav will run fine without changing any settings. To make sure Clamav plays nicely with Amavis add the clamav user to the amavis group in /etc/group:
postfix:x:104:
postdrop:x:105:
mysql:x:106:
clamav:x:107:
amavis:x:108:clamav
You can do this by typing:
adduser clamav amavis
Spamassassin
Switch user to amavis:
peen:~# su - amavis
Then run the commands required to enable Razor to be used by Spamassassin:
amavis@peen:~$ razor-admin -create
amavis@peen:~$ razor-admin -register
Register successful. Identity stored in /var/lib/amavis/.razor/
identity-ruu0K-KHfE
Also enable Pyzor:
amavis@peen:~$ pyzor discover
downloading servers from http://pyzor.sourceforge.net/cgi-bin/
inform-servers-0-3-x
Create/edit /etc/spamassassin/local.cf.
Mine is very simple:
report_safe 0
skip_rbl_checks 1
I turn off rbl checks in spamassassin as I will have postfix do this instead; see below. No other changes are required.
By default spamassassin is disabled on Debian. Make sure to edit /etc/default/spamassassin and start it:
peen:~# /etc/init.d/spamassassin start
Starting SpamAssassin Mail Filter Daemon: spamd.
Amavis
/etc/amavis/amavisd.conf requires a few configuration changes. Please find the settings quoted below and adjust them to match your setup.
…
$mydomain = ‘peen.net’;
…
$forward_method = ’smtp:127.0.0.1:10025′;
$notify_method = $forward_method;
…
@local_domains_acl = ( “.$mydomain”, “.localhost” );
…
$inet_socket_port = 10024;
…
Also make sure you turn on spamassassin support by removing this line:
@bypass_spam_checks_acl = qw( . );
The rest of the defaults are fine. Now restart amavis:
peen:~# /etc/init.d/amavis restart
Stopping amavisd: amavisd-new.
Starting amavisd: amavisd-new.
And do a tail on your syslog to make sure it detects Clamav and Spamassassin:
peen:~# tail -4 /var/log/syslog
Dec 1 11:42:38 peen amavis[15613]: Using internal av scanner code for (primary) Clam Antivirus-clamd
Dec 1 11:42:38 peen amavis[15613]: Found secondary av scanner Clam Antivirus – clamscan at /usr/bin/clamscan
Dec 1 11:42:38 peen amavis[15613]: SpamControl: initializing Mail::SpamAssassin
Dec 1 11:42:39 peen amavis[15613]: SpamControl: done
##Cyrus
The default Cyrus configuration will work for us. We do however need to set sasl passwords and create mailboxes:
peen:~# saslpasswd2 cyrus
Password:
Again (for verification):
peen:~# saslpasswd2 niels
Password:
Again (for verification):
The cyrus user is used for administering Cyrus. The niels user is, well, me. Now create the mailbox for niels:
peen:~# su – cyrus
cyrus@peen:~$ cyradm localhost
IMAP Password:
localhost.localdomain> cm user.niels
localhost.localdomain> exit
##Postfix
Finally we’ll need Postfix to actuall get this thing going. We need to add quite a bit to /etc/postfix/master.cf to make sure Postfix can communicate with Amavis:
…
smtp-amavis unix – – n – 2 smtp
-o smtp_data_done_timeout=1200
127.0.0.1:10025 inet n – n – – smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=
permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
Then we edit /etc/postfix/main.cf to accept email for our domain, do rbl checks, send email to Amavis and deliver it to Cyrus:
smtpd_banner = peen.net ESMTP
biff = no
append_dot_mydomain = no
myhostname = xxx-xxx-xxx-xxx.solcon.nl
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = peen.net, localhost.localdomain, localhost.localdomain, localhost
mynetworks = 127.0.0.0/8, 192.168.2.0/24
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
mailbox_transport=
lmtp:unix:/var/run/cyrus/socket/lmtp
content_filter = smtp-amavis:[127.0.0.1]:10024
smtpd_helo_required = yes
disable_vrfy_command = yes
smtpd_recipient_restrictions =
permit_mynetworks,
reject_unauth_destination,
reject_rbl_client relays.ordb.org,
reject_rbl_client opm.blitzed.org,
reject_rbl_client list.dsbl.org,
reject_rbl_client sbl.spamhaus.org,
reject_rbl_client cbl.abuseat.org,
reject_rbl_client dul.dnsbl.sorbs.net,
permit
smtpd_data_restrictions =
reject_unauth_pipelining,
permit
Now restart postfix and you’re ready to receive email!
peen:~# /etc/init.d/postfix restart
Stopping mail transport agent: Postfix.
Starting mail transport agent: Postfix.