Antivirus and anti-spam protection are the among the most important security features for a mail server.
Unix/Linux based mail servers are typically invulnerable to malware and viruses, and there is a very slim chance that the server itself may get infected. On the other hand, the operating system of an end user device may not always be so secured. We certainly do not want our mail server to accept or distribute malware embedded emails. So setting up antivirus software on a mail server is a must.
Anti spam filters will inspect every incoming and outgoing mail for patterns of spamming. For example, spam mails usually contain a large number of recipients. Also, reverse DNS query for the domain in a spam mail does not always provide proper answers. If the spam filter software finds any mail that could be spam, it blocks the mail. This helps retaining the reputation of the mail server, as well as prevents the IP address of the mail server from being blacklisted.
In this tutorial, we will be looking at how to secure our mail server on Ubuntu by setting up:
- Clam Antivirus: open-source antivirus engine.
- SpamAssassin: e-mail spam filtering engine.
- MailScanner [version_4.74.16-1]: uses antivirus and anti-spam engines to scan inbound and outbound emails.
This tutorial is version specific. As of this writing, MailScanner is not available in the Ubuntu repository. So we will be using the MailScanner .deb package instead. Unfortunately, the dependency packages required for the latest version of MailScanner [4.79.11-2.2] are not available in the Ubuntu repository either. However, the dependency packages for version 4.74.16-1 are available. Thus, we will be using MailScanner [4.79.16-1] .deb package in this tutorial. Ubuntu 12.04 is used for testing.
For those of you who are interested in setting it up on CentOS, refer to this tutorial instead.
Installing Dependencies on Ubuntu
Before starting doing anything on Ubuntu, the first thing to do is be to install all the necessary dependencies. The list of dependencies is long, but luckily it can be done using one command.
Installing Clam Antivirus and SpamAssassin
Now that the dependencies are installed, Clam Antivirus and SpamAssassin can be installed using apt-get.
SpamAssassin has to be enabled, and then started:
After the packages are installed, they can be updated using the following commands.
After all the software that MailScanner depends on has been installed, we will download the .deb package for MailScanner version 4.74 and install it.
# dpkg -i mailscanner_4.74.16-1_all.deb
Now it is time to adjust the parameters of MailScanner.
First of all, the directory for SpamAssassin is created and permission for that directory is adjusted.
# chown postfix /var/spool/MailScanner/spamassassin
The configuration file /etc/MailScanner/MailScanner.conf is backed up, and then modified as followed.
%org-name% = test Ubuntu mail server %org-long-name% = Your Organization Name Here %web-site% = www.your-organisation.com Run As User = postfix Run As Group = postfix Incoming Queue Dir = /var/spool/postfix/hold Outgoing Queue Dir = /var/spool/postfix/incoming MTA = postfix Virus Scanners = clamav Spam List = SBL+XBL ## please check /etc/MailScanner/spam.lists.conf for more details ## SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin ## the directory created earlier ##
More information about the configuration file parameters can be found in the official documentation.
Postfix configuration file is modified as well. We will configure Postfix to hold off any mails. MailScanner will swoop in, and check those emails. Then the mails will be handed over to Postfix again for delivery. Here is how the configurations are modified.
header_checks = regexp:/etc/postfix/header_checks
MailScanner is enabled by un-commenting the following line.
Finally, Postfix and MailScanner services are started.
# service mailscanner restart
Now that MailScanner has been deployed, we can test its functionality by monitoring the mail log. Let us send a test mail and see what happens.
Mar 3 02:46:39 ubuntu postfix/smtpd: connect from localhost[127.0.0.1] Mar 3 02:46:39 ubuntu postfix/smtpd: E5F3C44FB1: client=localhost[127.0.0.1], sasl_method=LOGIN, sasl_username=sarmed Mar 3 02:46:39 ubuntu postfix/cleanup: E5F3C44FB1: hold: header Received: from [server_ip] (localhost [127.0.0.1])??by ubuntu.example.tst (Postfix) with ESMTPA id E5F3C44FB1??for
; Mon, 3 Mar 2014 02:46:39 +0600 (BDT) from localhost[127.0.0.1]; from= to= proto=ESMTP helo=<[server_ip]> Mar 3 02:46:39 ubuntu postfix/cleanup: E5F3C44FB1: message-id= Mar 3 02:46:40 ubuntu postfix/smtpd: disconnect from localhost[127.0.0.1] Mar 3 02:46:40 ubuntu MailScanner: MailScanner E-Mail Virus Scanner version 4.74.16 starting... Mar 3 02:46:40 ubuntu MailScanner: Read 848 hostnames from the phishing whitelist Mar 3 02:46:40 ubuntu MailScanner: New Batch: Scanning 1 messages, 2572 bytes Mar 3 02:46:40 ubuntu MailScanner: Read 4278 hostnames from the phishing blacklist Mar 3 02:46:40 ubuntu MailScanner: Using SpamAssassin results cache Mar 3 02:46:40 ubuntu MailScanner: Connected to SpamAssassin cache database Mar 3 02:46:40 ubuntu MailScanner: Enabling SpamAssassin auto-whitelist functionality... Mar 3 02:46:41 ubuntu MailScanner: Using locktype = flock Mar 3 02:46:41 ubuntu MailScanner: Virus and Content Scanning: Starting Mar 3 02:46:48 ubuntu MailScanner: Requeue: E5F3C44FB1.283A6 to 13B8344FB3 Mar 3 02:46:48 ubuntu MailScanner: Uninfected: Delivered 1 messages Mar 3 02:46:48 ubuntu postfix/qmgr: 13B8344FB3: from= , size=1879, nrcpt=1 (queue active) Mar 3 02:46:48 ubuntu postfix/local: 13B8344FB3: to= , relay=local, delay=8.6, delays=8.6/0/0/0.02, dsn=2.0.0, status=sent (delivered to mailbox) Mar 3 02:46:48 ubuntu postfix/qmgr: 13B8344FB3: removed
The summary of the log is provided below.
- Postfix held the email after the SMTP connection. The email was placed in /var/spool/postfix/hold.
- MailScanner scanned the email: (1) spam-check from blacklist, (2) spam-check from spamassassin online database, and (3) virus and content scanning.
- MailScanner changed the queue ID for the email.
- After the mail was found clean, it was handed over to Postfix with the new queue ID.
- Postfix delivered the email to destination account.
To sum up, MailScanner integrated with Clam Antivirus and SpamAssassin is a very powerful tool, and is a must for production mail servers. It can fend off exploitation of most existing mail server vulnerabilities. This tutorial covers the minimum configuration for securing a mail server using MailScanner. The parameters of MailScanner, Clam Antivirus and SpamAssassin are highly customizable, and can be modified to meet different requirements.
Hope this helps.
Subscribe to Xmodulo
Do you want to receive Linux FAQs, detailed tutorials and tips published at Xmodulo? Enter your email address below, and we will deliver our Linux posts straight to your email box, for free. Delivery powered by Google Feedburner.
Did you find this tutorial helpful? Then please be generous and support Xmodulo!
Latest posts by Sarmed Rahman (see all)
- How to combine two graphs on Cacti - June 15, 2015
- How to set up NTP server in CentOS - April 27, 2015
- How to secure BGP sessions using authentication on Quagga - April 6, 2015