How to set up MailScanner, Clam Antivirus and SpamAssassin in CentOS mail server

In the world of mail servers, MailScanner is one of the best open source software for virus scanning and spam detection. MailScanner relies on pre-installed anti-virus and anti-spam software to check incoming and outgoing emails for malicious content or patterns of spamming. This makes sure that the mail server does not participate in the distribution of malware and unsolicited spam emails. It also helps preventing the mail server IP from becoming blacklisted, keeping the mail server records clean.

This tutorial will focus on setting up MailScanner along with Clam Antivirus and SpamAssassin in a CentOS system. The procedure should work on RHEL as well. If you are interested in setting up this system on Ubuntu, refer to this tutorial instead.

Installing MailScanner is a lengthy process, but going forward step by step should make the deployment process easy.

Preparing the System

Before we start doing anything, it should be mentioned that SELinux is disabled on CentOS. Configuring SELinux for MailScanner is beyond the scope of this tutorial. It is also necessary to add Repoforge repository on CentOS.

Installing Dependencies

yum is used to install packages that are required for MailScanner. The list is long, but fortunately yum can resolve all the dependencies.

# yum install gcc cpp perl bzip2 zip unrar make patch automake rpm-build perl-DBI perl-MIME-tools perl-DBD-SQLite binutils glibc-devel perl-Filesys-Df zlib zlib-devel

Installing ClamAV and SpamAssassin

yum can be used to install ClamAV and SpamAssassin as well. The following few steps cover how to install and prepare them.

# yum install clamav spamassassin

Update ClamAV.

# freshclam -v

Update and start SpamAssassin.

# sa-update
# service spamassassin start
# chkconfig spamassassin on

Fix a path to MailScanner by creating a symbolic link.

# ln -s /usr/bin/freshclam /usr/local/bin/freshclam

Configuring Postfix

Postfix is stopped and disabled on start-up. Postfix should not auto-start because the MailScanner service will be responsible for invoking Postfix whenever necessary.

# service postfix stop
# chkconfig postfix off

Postfix header_checks is used to hold any incoming email that Postfix receives. MailScanner performs checks on the emails held in a queue.

# vim /etc/postfix/main.cf
## This line is added ##
header_checks = regexp:/etc/postfix/header_checks
# vim /etc/postfix/header_checks
## This line is added ##
/^Received:/ HOLD

Preparing MailScanner

MailScanner is not yet available in CentOS or Repoforge repositories. We will download packages from the official MailScanner site and install it.

# wget http://www.mailscanner.info/files/4/rpm/MailScanner-4.84.6-1.rpm.tar.gz

Now we will extract and install the packages. The installation will take some time, so you can take a break if you want.

# tar zxvf MailScanner-4.84.6-1.rpm.tar.gz
# cd MailScanner-4.84.6-1
# ./install

After installation, the directories necessary for SpamAssassin are created and permissions are modified.

# mkdir /var/spool/MailScanner/spamassassin
# chown postfix /var/spool/MailScanner/spamassassin
# chown postfix /var/spool/MailScanner/incoming/*

Next, the configuration file for MailScanner is backed up and then modified.

# vim /etc/MailScanner/MailScanner.conf
%org-name% = test CentOS Mail Server
%org-long-name% = ORGFULLNAME
%web-site% = ORG WEBSITE

Run As User = postfix
Run As Group = postfix
MTA = postfix

Incoming Queue Dir = /var/spool/postfix/hold
Outgoing Queue Dir = /var/spool/postfix/incoming

Virus Scanners = clamav

## please check /etc/MailScanner/spam.lists.conf for more details ##
Spam List = SBL+XBL

## the directory created earlier ##
SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin

At this point, MailScanner is ready. We can initialize the service.

Debug MailScanner stats before firing up.

# MailScanner -lint

# service MailScanner start
# chkconfig MailScanner on

Verifying MailScanner Operation

After MailScanner has been deployed, the events that take place behind the scenes can be viewed in /var/log/maillog. The following log snippet shows the sample activities while a mail is processed by Postfix.

# tailf /var/log/maillog
Mar  8 03:12:15 centos postfix/pickup[15865]: 79F6D1391: uid=0 from=
Mar  8 03:12:15 centos postfix/cleanup[15871]: 79F6D1391: hold: header Received: by mail.example.tst (Postfix, from userid 0)??id 79F6D1391; Sat,  8 Mar 2014 03:12:15 +0600 (BDT) from local; from= to=
Mar  8 03:12:15 centos postfix/cleanup[15871]: 79F6D1391: message-id=<20140307211215.79F6D1391@mail.example.tst>
Mar  8 03:12:16 centos MailScanner[15832]: New Batch: Scanning 1 messages, 668 bytes
Mar  8 03:12:16 centos MailScanner[15832]: Virus and Content Scanning: Starting
Mar  8 03:12:22 centos MailScanner[15832]: Requeue: 79F6D1391.AA526 to 0FA2E139C
Mar  8 03:12:22 centos MailScanner[15832]: Uninfected: Delivered 1 messages
Mar  8 03:12:22 centos postfix/qmgr[15866]: 0FA2E139C: from=, size=442, nrcpt=1 (queue active)
Mar  8 03:12:22 centos MailScanner[15832]: Deleted 1 messages from processing-database
Mar  8 03:12:22 centos postfix/local[15897]: 0FA2E139C: to=, relay=local, delay=6.8, delays=6.7/0.01/0/0.07, dsn=2.0.0, status=sent (delivered to mailbox)
Mar  8 03:12:22 centos postfix/qmgr[15866]: 0FA2E139C: removed

The above process can be summarized as:

  1. As instructed, Postfix holds the mail upon receipt.
  2. MailScanner swoops in and scans the email in queue.
  3. MailScanner re queues the email and hands it over back to Postfix.
  4. Postfix processes the email as necessary and delivers the mail to recipient.

On a finishing note, MailScanner is a very powerful tool for providing necessary security to a mail server. It can protect the mail server from malware for both incoming and outgoing mails. It is a must for any email server deployed in production environment.

This tutorial covered setting up MailScanner with basic configuration. The parameters of MailScanner as well as SpamAssassin and ClamAV can be customized to meet the requirements of the production environment.

Hope this helps.

Subscribe to Xmodulo

Do you want to receive Linux FAQs, detailed tutorials and tips published at Xmodulo? Enter your email address below, and we will deliver our Linux posts straight to your email box, for free. Delivery powered by Google Feedburner.

The following two tabs change content below.
Sarmed Rahman is an IT professional in the Internet Industry in Bangladesh. He writes tutorial articles on technology every now and then from a belief that knowledge grows through sharing. During his free time, he loves gaming and spending time with his friends.

2 thoughts on “How to set up MailScanner, Clam Antivirus and SpamAssassin in CentOS mail server

  1. Hi there

    Thanks for the great guide. I followed it and everything seems to be working on my test server, but I have some questions.

    1. Am I correct in thinking that clamd is not required because MailScanner runs clamav as required?
    2. Is it necessary to set a cron job to update clamav regularly, or does that occur by default?
    3. Is there a way to confirm that new emails are scanned by both clamav and spamassassin? The logs show "Virus and Content Scanning: Starting", but I'd like to confirm that emails are being scanned by both.
    4. Running "MailScanner -lint produces" "Connected to SpamAssassin cache database config: failed to parse line, skipping, in "/etc/mail/spamassassin/mailscanner.cf": use_auto_whitelist 0". How can I resolve this?
    5. Lastly, I have "reject_unauth_destination, reject_rbl_client zen.spamhaus.org and reject_rbl_client bl.spamcop.net" in /etc/postfix/main.cf. Should these be removed from there and moved to somewhere in MailScanner's config files, or doesn't it matter?
    6. Are MailScanner's default settings for SpamAssassin decent, or should they be modified?

    Thanks again for the great guide.

    • Sorry for the delayed response. To answer your questions-

      1. Am I correct in thinking that clamd is not required because MailScanner runs clamav as required?
      Clamd is required. Yes, MailScanner will call upon clamd as necessary, but for the call to be successful, clamd needs to be running in the first place.

      2. Is it necessary to set a cron job to update clamav regularly, or does that occur by default?
      Clamd takes care of updates at a fixed interval. No need to add a manual cronjob unless you want to implement some specific update interval.

      3. Is there a way to confirm that new emails are scanned by both clamav and spamassassin? The logs show "Virus and Content Scanning: Starting", but I'd like to confirm that emails are being scanned by both.
      By default, both of them should scan all emails. Howeve, I am not sure how to enable more detailed logging.

      4. Running "MailScanner -lint produces" "Connected to SpamAssassin cache database config: failed to parse line, skipping, in "/etc/mail/spamassassin/mailscanner.cf": use_auto_whitelist 0". How can I resolve this?
      It appears that a plugin needs to be enabled for that parameter to work. This may help: http://wiki.apache.org/spamassassin/AutoWhitelist

      5. Lastly, I have "reject_unauth_destination, reject_rbl_client zen.spamhaus.org and reject_rbl_client bl.spamcop.net" in /etc/postfix/main.cf. Should these be removed from there and moved to somewhere in MailScanner's config files, or doesn't it matter?
      Syncing the mail server with as many online spam monitors would be a good securing initiative. The mentioned parameters tell postfix to check spamhaus and spamcop for email black lists. If the server is able to get proper answers from there, the parameter should be kept. /etc/postfix/main.cf is the ideal location.

      6. Are MailScanner's default settings for SpamAssassin decent, or should they be modified?
      The default settings should be fine to start off with. You can always tune the parameters based on your clients.

      Hope this helps.

Leave a comment

Your email address will not be published. Required fields are marked *

Current ye@r *