Implementing a Postfix mail server with spam and antivirus protection This was taken from the web originally (sorry I don't remember where or I would attribute) Updated for Fedora Core 7 on Sat 16 Jun 2007 01:45:55 PM EST Installation To begin, you'll want to make sure your system is up-to-date. Run yum update if you haven't already. yum install postfix dovecot spamassassin squirrelmail clamav clamav-server clamav-update clamav-lib clamav-data amavisd-new Wait until all the packages and dependencies are installed. By default, Fedora and Red Hat distributions come with sendmail set as the MTA for the system. You can check or change the default MTA with the system-switch-mail utility. If you don't have it installed yet, install it now: yum install system-switch-mail system-switch-mail-gnome Simply run the system-switch-mail tool and select Postfix as your default MTA. Now that you have all the necessary applications and tools installed, it's time to configure them to work together. Setting up Postfix To configure Postfix, edit the main Postfix configuration file /etc/postfix/main.cf and change these entries as follows: #This is your fully qualified domain name (FQDN): myhostname = mail.jamesmcdonald.id.au #myorigin specifies the default domain name that is appended myorigin = jamesmcdonald.id.au #By the parameter "all" we allow the connections to our server # from anywhere, not only from localhost inet_interfaces = all #The mydestination parameter specifies the list of domains that #this machine considers itself the final destination for. mydestination = $mydomain, $myhostname, localhost.$mydomain, localhost, blackbox.jmcd.local #Reject the unknown users local_recipient_maps = unix:passwd.byname $alias_maps #With this parameter we make sure that our server won't be an open relay server # mynetworks_style = host mynetworks = 127.0.0.0/8 10.254.239.0/24 The configuration file is well commented, so if you need more info about the configuration, dig into it. For even more information on Postfix, see the Postfix.org documentation. Next, start the Postfix service with the command service postfix start. Also make sure the service is automatically started at boot time: chkconfig postfix on Setting up Dovecot Now it's time to set up Dovecot. Edit the Dovecot config file, /etc/dovecot.conf, to suit your needs. In this case we want to enable POP3, secure POP3, IMAP, and secure IMAP services as shown: protocols = imap imaps pop3 pop3s imap_listen = * pop3_listen = * imaps_listen = * pop3s_listen = * After that's done, start the Dovecot service and make sure that it's started at boot time: service dovecot start chkconfig dovecot on Setting up Squirrelmail In order to be able to use webmail, you need to have Apache's httpd service up and running. It shouldn't be necessary to do any extra configuring of httpd config file for this task, so you can just use it as is. Start the service and make sure it's started at boot time: service httpd start chkconfig httpd on The installation of Squirrelmail will not change your httpd.conf file. Instead, Squirrelmail creates the file squirrelmail.conf in /etc/httpd/conf.d. This file links the /webmail/ virtual folder to the actual Squirrelmail folder installation located at /usr/share/squirrelmail. Edit the /usr/share/squirrelmail/config/config.php file and change the domain$ variable to match your domain name, in order to make the from-domain setting (when sending email from Web) correct. For our server, it looks like this: $domain = 'jamesmcdonald.id.au'; To test webmail, go to http://localhost/webmail/ or http://your_domain_name/webmail/ and log in to check your email and send a few test messages. Blocking spam and viruses SpamAssassin is configured right out of the box when you install it, so you shouldn't need to change anything here. However, to reduce the chance that a false positive will tag known addresses, you can whitelist addresses. The file /etc/mail/spammassassin/local.cf should list known email addresses, in a format similar to: whitelist_from anzevi@some-strange-domain.com whitelist_from anze@out-there-somewhere.net Spamassassin will be called by amavisd-new, so we don't need to configure the SpamAssassin daemon to start at boot time. To block viruses, we need to configure ClamAV to connect daily to an Internet-based antivirus database and fetch new virus definitions. You need to have a cron daemon running in order for ClamAV to fetch the virus definitions. First, edit /etc/sysconfig/freshclam and comment out the following line: #FRESHCLAM_DELAY=disabled-warn # REMOVE ME Next, edit /etc/freshclam.conf and change the antivirus database to the closest mirror to your location: #Example DatabaseMirror db.au.clamav.net To test ClamAV, run the clamscan command in your home folder. The AV client should check your home directory and subdirectories for viruses. Since you are running this check on a Linux box for local files, I'm pretty sure ClamAV won't find any viruses on your machine. To test updating the virus definitions, run freshclam. After making the changes, start the service with service amavisd start, and set it to start at boot with chkconfig amavisd on. note: there is another service clamd.amavisd which doesn't need starting Now, test your configuration to see that everything works. Telnet to port 10024 and you should see something like this: [root@mail ~]# telnet localhost 10024 Trying 127.0.0.1... Connected to localhost.localdomain (127.0.0.1). Escape character is '^]'. 220 [127.0.0.1] ESMTP amavisd-new service ready quit 221 2.0.0 [127.0.0.1] amavisd-new closing transmission channel Connection closed by foreign host. If you are able to telnet to port 10024 and you are greeted by amavisd-new, you've done a good job and you may continue with the configuration. If you're unable to connect to that port, make sure the amavisd service is running, and look for errors in /var/log/messages. Additional Postfix configuration Once amavisd is configured and working correctly, you need to configure Postfix so it knows how to communicate with amavisd-new. Copy the following lines to the bottom of your existing /etc/postfix/master.cf file: smtp-amavis unix - - n - 2 smtp -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes -o max_use=20 127.0.0.1:10025 inet n - n - - smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_delay_reject=no -o smtpd_client_restrictions=permit_mynetworks,reject -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks_style=host -o mynetworks=127.0.0.0/8 -o strict_rfc821_envelopes=yes -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 -o smtpd_client_connection_count_limit=0 -o smtpd_client_connection_rate_limit=0 -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks You can find more information how this work in the amavisd documentation in your /usr/share/doc folder. For example, since we're running amavisd 2.3.3, we would check the /usr/share/doc/amavisd-new-2.3.3/README.postfix file. Save the file and reload the Postfix service, then test it by using telnet to connect to port 10025: [root@mail ~]# telnet localhost 10025 Trying 127.0.0.1... Connected to localhost.localdomain (127.0.0.1). Escape character is '^]'. 220 mail.srv.dyndns.org ESMTP Postfix quit 221 Bye Connection closed by foreign host. If this works for you, you have a working configuration, and you are ready to make the final changes to Postfix. Add this line to the end of /etc/postfix/main.cf: content_filter = smtp-amavis:[127.0.0.1]:10024 You can also use postconf -e 'content_filter=smtp-amavis:[127.0.0.1]:10024' to add the content_filter configuration line to main.cf Once you've done this, Postfix will send all incoming and outgoing mail directly through the content filter that you configured earlier. Testing Goto http://www.abuse.net/cgi-bin/relaytest and check to make sure you haven't configured an open relay. All you have to do now is send yourself some clean email messages and some spam, junk, and viruses, and see what's happening on your mail server. You can find sample messages with spam and virus content in /usr/share/doc/amavisd-new-X.X.X/test-messages folder. The best way to see in real time what is going on your mail server is to watch /var/log/maillog for entries using tail -f /var/log/maillog. That's all you need to do to configure Postfix and the helper applications to provide antivirus, spam filtering, webmail, POP, and IMAP access. Enjoy your new mail server!