The last post: Building your own mail server, Part 3

Adding some much-needed spam and virus filtering

54 Reg comments Got Tips?

Adding Amavis to Postfix

The Amavis config will listen on port 10024, and pass mail back to Postfix on port 10025, so we need to make some adjustments to the /etc/postfix/ file.

First, find the entry for smtp and below it add the extra two lines of options here. This tells it to pass messages to the proxy on port 10024 and limits the number of simultaneous connections from one system to three at a time; this should generally be smaller than the number of Amavis servers you set up:

smtp       inet  n       -       y       -       -       smtpd
    -o smtpd_proxy_filter=
    -o smtpd_client_connection_count_limit=3

Next, we need to set up a new instance of smtpd, which will listen only to connections from the local machine. Add these lines to to create a listener on port 10025. The options are mostly blank, to ensure any settings in are over-ridden; we don't want anything other than amavisd to be able to send mail via this connection:

# loopback daemon for receiving mail from amavis inet n - y - - smtpd
          -o smtpd_client_restrictions=
          -o smtpd_helo_restrictions=
          -o smtpd_sender_restrictions=
          -o smtpd_recipient_restrictions=permit_mynetworks,reject
          -o smtpd_data_restrictions=
          -o mynetworks=
          -o receive_override_options=no_unknown_recipient_checks
          -o smtpd_authorized_xforward_hosts=
Create a spammy looking message to test Amavis

Treat yourself to a spammy message to check the filtering is running

Now, restart Postfix with the postfix reload command, and try a sample SMTP transaction on port 25. Unless you manage to handcraft some really nasty spam, you should see your message delivered normally. Check the Maildir for the destination user (or just fetch the message in your email client) and check the headers.

If all is working well, you'll now see some extra Received headers, showing the message received by Amavisd on port 10024, then results of the scanning, with warnings and scores, depending on what you put in your test message, and a final Received line when the message was fed back to Postfix. Congratulations, you have your spam and virus filter up and running.

To make sure everything starts up in the order you want, you should now edit the pkg_scripts line in /etc/rc.conf to read

pkg_scripts=dovecot freshclam clamd amavisd postgrey postfix
Amavisd will add headers to the scanned email

Check your messages, and you'll see Amavisd now shows up in the headers

Keeping an eye on things

All the various parts of the mail system log what they're doing via syslog, in /var/log/maillog. There's a lot of information to wade through, however, so one of the tools we installed in the previous part was pflogsumm, a tool that summarises the logs for you. It's very simple to run - just give it the name of the log file to analyse, so

pflogsumm /var/log/maillog

will do the trick. And if you want to have the results sent to you each day, create a file called /etc/daily.local and containing that command. Postgrey has its own log analyser, postgreyreport, though I don't find it that useful. Two tools worth grabbing are postfix-logwatch and amavis-logwatch. I use this in my daily.local:

/usr/local/bin/postfix-logwatch --detail 6 /var/log/maillog


Keep Reading

TikTok to splurge €420m on Ireland data centre to get Euro-data into Europe by 2022

Nothing but love for regulators, but nothing for hyperscalers despite previous Google Cloud entanglement

Data centre reveals it modeled interiors on The Hunt for Red October sets

Australia bit barn outfit NEXTDC adds classic film reference to usual mix of resilience, connectivity and security

Power of the cloud builders: Who ate one-third of the $38bn data centre pie in Q3? AWS, Microsoft, Google 'n' pals

Old world vendors should club together, form new biz called 'Screwed by Cloud'

Something something DANE cook: Microsoft pledges to wrap its email systems in secure anti-snooping protocol

Office 365 will finally get DNSSEC-based protection later this year

Alarming news: ADT to flog Nest smart home kit after Google ploughs $450m into corporate security dinosaur

Resell agreement set up amid plans to build next gen of home automation and security gear

Enterprises slam pause button on data centre spending, flatten pockets of old world tech crowd

ODMs in Far East make bank as public cloud slingers buy yet more infrastructure

Dell publishes data centre cleaning guidance, suggests hiring pros to disinfect enterprise kit

Urges ‘extreme caution’ if you DIY and reminds you ‘Never spray any liquids directly onto or into any product’

Australia sues Google over data collection practices that merged DoubleClick data to create single user profiles

Alleges opt-in that promised “more control” actually sent more data without informed consent. Google 'strongly disagrees'

Biting the hand that feeds IT © 1998–2020