Last updated on September 4, 2020 by Sarmed Rahman
Antivirus and anti-spam protection are the among the most important security features for a mail server. Unix/Linux based mail servers are typically invulnerable to malware and viruses, and there is a very slim chance that the server itself may get infected. On the other hand, the operating system of an end user device may not always be so secured. We certainly do not want our mail server to accept or distribute malware embedded emails. So setting up antivirus software on a mail server is a must.
Anti spam filters will inspect every incoming and outgoing mail for patterns of spamming. For example, spam mails usually contain a large number of recipients. Also, reverse DNS query for the domain in a spam mail does not always provide proper answers. If the spam filter software finds any mail that could be spam, it blocks the mail. This helps retaining the reputation of the mail server, as well as prevents the IP address of the mail server from being blacklisted.
In this tutorial, we will be looking at how to secure our mail server on Ubuntu by setting up:
This tutorial is version specific. As of this writing, MailScanner is not available in the Ubuntu repository. So we will be using the MailScanner .deb package instead. Unfortunately, the dependency packages required for the latest version of MailScanner [4.79.11-2.2] are not available in the Ubuntu repository either. However, the dependency packages for version 4.74.16-1 are available. Thus, we will be using MailScanner [4.79.16-1] .deb package in this tutorial. Ubuntu 12.04 is used for testing.
For those of you who are interested in setting it up on CentOS, refer to this tutorial instead.
Before starting doing anything on Ubuntu, the first thing to do is be to install all the necessary dependencies. The list of dependencies is long, but luckily it can be done using one command.
# apt-get install gcc g++ cpp zlib1g-dev libgmp3-dev perl bzip2 zip make patch automake libhtml-template-perl linux-headers-`uname -r` build-essential libnewt-dev libusb-dev libconvert-tnef-perl libdbd-sqlite3-perl libfilesys-df-perl libmailtools-perl libmime-tools-perl libmime-perl libnet-cidr-perl libsys-syslog-perl libio-stringy-perl libfile-temp-perl libole-storage-lite-perl libarchive-zip-perl libole-storage-lite-perl libdigest-sha-perl
Now that the dependencies are installed, Clam Antivirus and SpamAssassin can be installed using apt-get
.
# apt-get install clamav clamav-daemon spamassassin
SpamAssassin has to be enabled, and then started:
# vim /etc/default/spamassassin
ENABLED=1
# service spamassassin restart
After the packages are installed, they can be updated using the following commands.
# freshclam ; sa-update
After all the software that MailScanner depends on has been installed, we will download the .deb package for MailScanner version 4.74 and install it.
# wget http://mirrors.kernel.org/ubuntu/pool/universe/m/mailscanner/mailscanner_4.74.16-1_all.deb # dpkg -i mailscanner_4.74.16-1_all.deb
Now it is time to adjust the parameters of MailScanner.
First of all, the directory for SpamAssassin is created and permission for that directory is adjusted.
# mkdir /var/spool/MailScanner/spamassassin # chown postfix /var/spool/MailScanner/spamassassin
The configuration file /etc/MailScanner/MailScanner.conf
is backed up, and then modified as followed.
# vim /etc/MailScanner/MailScanner.conf
%org-name% = test Ubuntu mail server %org-long-name% = Your Organization Name Here %web-site% = www.your-organisation.com Run As User = postfix Run As Group = postfix Incoming Queue Dir = /var/spool/postfix/hold Outgoing Queue Dir = /var/spool/postfix/incoming MTA = postfix Virus Scanners = clamav Spam List = SBL+XBL ## please check /etc/MailScanner/spam.lists.conf for more details ## SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin ## the directory created earlier ##
More information about the configuration file parameters can be found in the official documentation.
Postfix configuration file is modified as well. We will configure Postfix to hold off any mails. MailScanner will swoop in, and check those emails. Then the mails will be handed over to Postfix again for delivery. Here is how the configurations are modified.
# vi /etc/postfix/header_checks
/^Received:/ HOLD
# vim /etc/postfix/main.cf
header_checks = regexp:/etc/postfix/header_checks
MailScanner is enabled by un-commenting the following line.
# vim /etc/default/mailscanner
run_mailscanner=1
Finally, Postfix and MailScanner services are started.
# service postfix restart # service mailscanner restart
Now that MailScanner has been deployed, we can test its functionality by monitoring the mail log. Let us send a test mail and see what happens.
# tail /var/log/mail.log
Mar 3 02:46:39 ubuntu postfix/smtpd[31616]: connect from localhost[127.0.0.1] Mar 3 02:46:39 ubuntu postfix/smtpd[31616]: E5F3C44FB1: client=localhost[127.0.0.1], sasl_method=LOGIN, sasl_username=sarmed Mar 3 02:46:39 ubuntu postfix/cleanup[31620]: E5F3C44FB1: hold: header Received: from [server_ip] (localhost [127.0.0.1])??by ubuntu.example.tst (Postfix) with ESMTPA id E5F3C44FB1??for; Mon, 3 Mar 2014 02:46:39 +0600 (BDT) from localhost[127.0.0.1]; from= to= proto=ESMTP helo=<[server_ip]> Mar 3 02:46:39 ubuntu postfix/cleanup[31620]: E5F3C44FB1: message-id= Mar 3 02:46:40 ubuntu postfix/smtpd[31616]: disconnect from localhost[127.0.0.1] Mar 3 02:46:40 ubuntu MailScanner[31695]: MailScanner E-Mail Virus Scanner version 4.74.16 starting... Mar 3 02:46:40 ubuntu MailScanner[31695]: Read 848 hostnames from the phishing whitelist Mar 3 02:46:40 ubuntu MailScanner[31570]: New Batch: Scanning 1 messages, 2572 bytes Mar 3 02:46:40 ubuntu MailScanner[31695]: Read 4278 hostnames from the phishing blacklist Mar 3 02:46:40 ubuntu MailScanner[31695]: Using SpamAssassin results cache Mar 3 02:46:40 ubuntu MailScanner[31695]: Connected to SpamAssassin cache database Mar 3 02:46:40 ubuntu MailScanner[31695]: Enabling SpamAssassin auto-whitelist functionality... Mar 3 02:46:41 ubuntu MailScanner[31695]: Using locktype = flock Mar 3 02:46:41 ubuntu MailScanner[31570]: Virus and Content Scanning: Starting Mar 3 02:46:48 ubuntu MailScanner[31570]: Requeue: E5F3C44FB1.283A6 to 13B8344FB3 Mar 3 02:46:48 ubuntu MailScanner[31570]: Uninfected: Delivered 1 messages Mar 3 02:46:48 ubuntu postfix/qmgr[31519]: 13B8344FB3: from= , size=1879, nrcpt=1 (queue active) Mar 3 02:46:48 ubuntu postfix/local[31637]: 13B8344FB3: to= , relay=local, delay=8.6, delays=8.6/0/0/0.02, dsn=2.0.0, status=sent (delivered to mailbox) Mar 3 02:46:48 ubuntu postfix/qmgr[31519]: 13B8344FB3: removed
The summary of the log is provided below.
/var/spool/postfix/hold
.
To sum up, MailScanner integrated with Clam Antivirus and SpamAssassin is a very powerful tool, and is a must for production mail servers. It can fend off exploitation of most existing mail server vulnerabilities. This tutorial covers the minimum configuration for securing a mail server using MailScanner. The parameters of MailScanner, Clam Antivirus and SpamAssassin are highly customizable, and can be modified to meet different requirements.
Hope this helps.
This website is made possible by minimal ads and your gracious donation via PayPal or credit card
Please note that this article is published by Xmodulo.com under a Creative Commons Attribution-ShareAlike 3.0 Unported License. If you would like to use the whole or any part of this article, you need to cite this web page at Xmodulo.com as the original source.
Xmodulo © 2021 ‒ About ‒ Write for Us ‒ Feed ‒ Powered by DigitalOcean