The last post: Building your own mail server, Part 3

Adding some much-needed spam and virus filtering

54 Reg comments Got Tips?

Setting up ClamAV

The ClamAV package is installed with Amavis on OpenBSD, and includes a daemon that can run in the background, checking content that's passed to it by other applications, including Amavis. Before you start it, however, two config files need to be updated. The first is /etc/clamd.conf, where you need to comment (ie, put a # at the beginning) the line that says 'Example' and then uncomment the following entries:

LogSyslog yes
LogFacility LOG_MAIL
LocalSocket /tmp/clamd.socket
User _clamav
AllowSupplementaryGroups yes
The ClamAV config file needs editing

ClamAV won't work at all until you edit its config file

The second file is /etc/freshclam.conf, which controls the process that periodically updates the virus definitions. Again, comment out the Example line near the top, and remove the # at the start of the lines.

LogSyslog yes
LogFacility LOG_MAIL

You'll also need to add the clamav user to the /etc/group file, adding it to the vscan group. Find the line at near bottom that starts _vscan:*:530: and edit it so that it reads.

_vscan:*:530:_clamav

Now, both freshclam and clamd can be started with their scripts /etc/rc.d/freshclam and /etc/rc.d/clamd respectively. You should see startup messages in /var/log/maillog. Don't panic if you see a warning about your ClamAV version; it will still be detecting viruses.

Configuring Amavis

Amavis is configured by editing the file /etc/amavisd.conf. This looks rather different to many of the config files we've seen before, and is, frankly, a bit on the scary side; it's actually a Perl script. We'll start with some straightforward edits. First, near the top, you'll see a line that says

$max_servers = 2 ;

which you should change to a higher number, say 7 to start with. This is the number of scanners Amavisd will have ready for incoming connections. Next change the mydomain setting, for example

$mydomain = 'nigelwhitfield.com' ;

A little further down, you can add info about other domains, such as virtual domains, to the local_domains_maps line; this starts with an @ as it's an array of variables. To match our config so far, you'd update it to read:

@local_domains_maps = ( [“.$mydomain”,“fancynewdomain.com”]) ;

Make sure you don't mess up the punctuation; Perl can be very particular. You should also add details of your network to the @mynetworks line; note that a comma isn't used between entries there. Scroll down and you'll find a series of entries starting with $virus_admin which specify the user name that will send various alerts; you can either change there, or create a 'virusalert@yourdomain' alias in Postfix.

Next, find the entry for $forward_method, and uncomment it, so it reads

$forward_method = 'smtp:[127.0.0.1]:10025' ;

This tells Amavis to pass mail back to Postfix on port 10025. An entry near the top called $inet_socket_port is uncommented by default and tells it to listen on port 10024.

The Amavis config file is quite complex

The Amavis config file is complex - edit with care!

Work through the file — you don't need to change much else for now — and you'll see options for banned file extensions; some of these will have a comment (#) at the start of the line, and the active ones won't. You may want to change these later, depending on which type of files you want to accept via email. Carry on scrolling down until you find the AV scanner definitions. One of these is for ClamAV, and starts

#['ClamAV-clamd',

Remove the comments on that line, and the following three, and also make sure the name of the socket in the second line matches the one in clamd.conf. You should end up with something that looks like this:

# ### http://www.clamav.net/
['ClamAV-clamd',
  \&ask_daemon, ["CONTSCAN {}\n", "/tmp/clamd.socket"],
   qr/\bOK$/m, qr/\bFOUND$/m,
   qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ],
# #

That's all for now, though there's a lot more you can tweak in Amavis, including error messages, the level at which messages are marked as spam, and optionally rejected, and so on. The Amavisd site has lots more detail. For now, though, start Amavis running with

/etc/rc.d/amavisd start

If all is well you should see entries in the maillog showing the startup, and confirming that various unarchiving tools have been detected along with the ClamAV scanner.

When Amavis starts, it should detect ClamAV

Check the log file after starting Amavis, and it should have detected ClamAV

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER


Biting the hand that feeds IT © 1998–2020