rerolpxE tenretnI tfosorciM - (#-> LostInfo.Com <-#)



	dlostboy (at) lostinfo (dot) com Home \| Journal \| Multimedia \| Files \| Other \| Links \| About

FreeBSD 4.X HOWTO for Postfix + AMAVISd + F-Prot + SpamAssassin

So you've got your handy-dandy Cyrus-IMAP + Postfix setup running smooth and want to add some virus filtering and/or spam filtering. Good for you! Get that crap off the 'net.

First thing to do is to install f-Prot which is the virus scanner. You'll have to get it for yourself from http://www.f-prot.com/products/fpfreebsd.html. The charge last time I checked was $300 for small business and free for personal use (Thank you, Frist Soft! It is my.lostinfo.com after all and not a company funded thing). I strongly encourage you to pay for the software if you are intending on using it for business. These guys deserve to get paid.

After you've followed their directions for installation, you'll have a /usr/local/f-prot directory that amavisd is going to find in order to scan the emails as they come in. Next, you'll need to install SpamAssassin which thankfully is in the ports. SpamAssassin is a program that will scan emails for spam-like behaviour and assign them a spam-score. You then configure how high this has to be before the message gets rejected. The default is 6.9. Mine is set to 5. You can still get good results at a setting of 10.

cd /usr/ports/mail/p5-Mail-SpamAssassin; make install clean
Once that is done, we'll install amavisd and configure the whole thing:

cd /usr/ports/security/amavisd-new; make install clean
We want the new one because it does not spawn a new process for each email to be scanned, saving CPU cycles. Once that has installed, you'll need to configure it. Open /usr/local/etc/amavisd.conf and make these modifications:

Uncomment this part:

	# POSTFIX or EXIM V4 or dual MTA setup (set host IP and port num as required)
	$forward_method = 'smtp:127.0.0.1:10025';  # where to forward checked mail 
	$notify_method  = 'smtp:127.0.0.1:10025';  # where to submit notifications

Then find this:

	# @local_domains = qw();

And replace it with something usable. In my case:

	@local_domains = rew_RE (qr'[@.]lostinfo\.com'/i);

Which tells amavisd that anything to that domain is to be filtered. Now you may be concerned that "I have thousands of domains!". Yeah, that might be true, but they all get translated via the virtual lookup to the local account name. So this just needs to match what name your server goes by in Postfix's main.cf

Now find this:

	$sa_kill_level_deflt = 6.9; # declare spam at or above this level,

And set it to whatever you'd like. Again, I'm a spam-nazi so I set mine to 5. Once you see it in action, you'll see what kind of numbers your spam is throwing. Now we just need to modify postfix to send messages to amavisd before cyrus and we'll be done!

Postfix does this through a process we call injection. Postfix will send the messages to amavisd as if it were another mail server, then amavisd will re-inject the processed message into postfix for final delivery. Open your master.cf from /usr/local/etc/postfix and make this change:

	smtp      inet  n       -       n       -       -       smtpd
	      -o content_filter=smtp-amavis:[127.0.0.1]:10024

And these additions:

	smtp-amavis unix -      -       n     -       2  smtp
	    -o smtp_data_done_timeout=1200s
	    -o smtp_never_send_ehlo=yes
	    -o disable_dns_lookups=yes

	127.0.0.1:10025 inet n  -       n     -       -  smtpd
	    -o content_filter=
	    -o virtual_maps=hash:/usr/local/etc/postfix/virtual
	    -o smtpd_client_restrictions=
	    -o smtpd_sender_restrictions=
	    -o smtpd_recipient_restrictions=permit_mynetworks,reject
	    -o fast_flush_domains=
	    -o smtpd_etrn_restrictions=
	    -o relay_domains=
	    -o disable_dns_lookups=yes
	    -o mynetworks=127.0.0.0/8

Almost done! Now just

/usr/local/etc/rc.d/amavisd.sh start
and then

postfix reload
and send yourself a message. You should see tons of stuff go through /var/log/maillog (which of course means that a 2nd window open running tail -f /var/log/maillog might be in order!)