How to Add Antivirus and Spam Protection to Postfix Mail Server with ClamAV and SpamAssassin – Part 3

If You Appreciate What We Do Here On TecMint, You Should Consider:

  1. Stay Connected to: Twitter | Facebook | Google Plus
  2. Subscribe to our email updates: Sign Up Now
  3. Get your own self-hosted blog with a Free Domain at ($3.95/month).
  4. Become a Supporter - Make a contribution via PayPal
  5. Support us by purchasing our premium books in PDF format.
  6. Support us by taking our online Linux courses

We are thankful for your never ending support.

Gabriel Cánepa

Gabriel Cánepa is a GNU/Linux sysadmin and web developer from Villa Mercedes, San Luis, Argentina. He works for a worldwide leading consumer product company and takes great pleasure in using FOSS tools to increase productivity in all areas of his daily work.

Your name can also be listed here. Got a tip? Submit it here to become an TecMint author.

RedHat RHCE and RHCSA Certification Book
Linux Foundation LFCS and LFCE Certification Preparation Guide

You may also like...

12 Responses

  1. Bruce says:

    Hello,

    I have a working system except for Spamassassin. All the tests you mention work except sending from an outside domain to my server. Here’s my master.cf… How would I move messages to JUNK when it is working… Bruce

    # Postfix master process configuration file. For details on the format
    # of the file, see the master(5) manual page (command: “man 5 master”).
    #
    # Do not forget to execute “postfix reload” after editing this file.
    #
    # ==========================================================================
    # service type private unpriv chroot wakeup maxproc command + args
    # (yes) (yes) (yes) (never) (100)
    # ==========================================================================
    smtp inet n – n – – smtpd -o content_filter=spamassassin
    #smtp inet n – n – 1 postscreen
    #smtpd pass – – n – – smtpd
    #dnsblog unix – – n – 0 dnsblog
    #tlsproxy unix – – n – 0 tlsproxy
    submission inet n – n – – smtpd
    -o syslog_name=postfix/submission
    -o smtpd_tls_security_level=encrypt
    -o smtpd_sasl_auth_enable=yes
    -o smtpd_reject_unlisted_recipient=no
    # -o smtpd_client_restrictions=$mua_client_restrictions
    # -o smtpd_helo_restrictions=$mua_helo_restrictions
    # -o smtpd_sender_restrictions=$mua_sender_restrictions
    -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
    -o milter_macro_daemon_name=ORIGINATING
    smtps inet n – n – – smtpd
    -o syslog_name=postfix/smtps
    -o smtpd_tls_wrappermode=yes
    -o smtpd_sasl_auth_enable=yes
    -o smtpd_reject_unlisted_recipient=no
    # -o smtpd_client_restrictions=$mua_client_restrictions
    # -o smtpd_helo_restrictions=$mua_helo_restrictions
    # -o smtpd_sender_restrictions=$mua_sender_restrictions
    # -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
    # -o milter_macro_daemon_name=ORIGINATING
    #628 inet n – n – – qmqpd
    pickup unix n – n 60 1 pickup
    cleanup unix n – n – 0 cleanup
    qmgr unix n – n 300 1 qmgr
    #qmgr unix n – n 300 1 oqmgr
    tlsmgr unix – – n 1000? 1 tlsmgr
    rewrite unix – – n – – trivial-rewrite
    bounce unix – – n – 0 bounce
    defer unix – – n – 0 bounce
    trace unix – – n – 0 bounce
    verify unix – – n – 1 verify
    flush unix n – n 1000? 0 flush
    proxymap unix – – n – – proxymap
    proxywrite unix – – n – 1 proxymap
    smtp unix – – n – – smtp
    relay unix – – n – – smtp
    # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
    showq unix n – n – – showq
    error unix – – n – – error
    retry unix – – n – – error
    discard unix – – n – – discard
    local unix – n n – – local
    virtual unix – n n – – virtual
    lmtp unix – – n – – lmtp
    anvil unix – – n – 1 anvil
    scache unix – – n – 1 scache
    dovecot unix – n n – – pipe
    flags=DRhu user=vmail:vmail argv=/usr/libexec/dovecot/deliver -f ${sender} -d ${recipient}
    spamassassin unix – n n – – pipe flags=R user=spamd argv=/usr/bin/spamc -f -e /usr/sbin/sendmail -oi -f ${sender} ${recipient}

    • Gabriel A. Cánepa says:

      Hi Sergio,
      Which version of Debian are you using? Please note that systemctl is part of the systemd suite, which is available starting with Debian 8 Jessie.
      If you are sure you’re using Jessie, you can check how these services are called by doing
      systemctl | grep clam
      Hope it helps.

  2. Peter says:

    Is there a way to make all the spam automatically go to the users junk-mail folder?

    On workaround.org that function is implemented, but the guides isn’t identically so I don’t think I can use the configuration from that site.

    Some script that delete everything from all junk-folders that are older than 1 month or so would also be nice.

  3. Harmon20 says:

    Spamassassin went fine but I’m having trouble with clamav. I tried removing all (they were installed in Part 1 of this guide), including config files and backups, then installing from scratch and following these instructions precisely. Got the same results and my Google-fu is failing me. CentOS 7.2.1511 and ClamAV 0.99.1

    Everything went according to the script but the service won’t start. The output of the status query is:

    [[email protected] /]# systemctl -l status [email protected]
    [email protected] – Generic clamav scanner daemon
    Loaded: loaded ([email protected]; enabled; vendor preset: disabled)
    Active: failed (Result: start-limit) since Wed 2016-06-01 15:32:40 EDT; 4min 19s ago
    Process: 2528 ExecStart=/usr/sbin/clamd -c /etc/clamd.d/%i.conf –nofork=yes (code=exited, status=1/FAILURE)
    Main PID: 2528 (code=exited, status=1/FAILURE)

    Jun 01 15:32:40 mx systemd[1]: [email protected]: main process exited, code=exited, status=1/FAILURE
    Jun 01 15:32:40 mx systemd[1]: Unit [email protected] entered failed state.
    Jun 01 15:32:40 mx systemd[1]: [email protected] failed.
    Jun 01 15:32:40 mx systemd[1]: [email protected] holdoff time over, scheduling restart.
    Jun 01 15:32:40 mx systemd[1]: start request repeated too quickly for [email protected]
    Jun 01 15:32:40 mx systemd[1]: Failed to start Generic clamav scanner daemon.
    Jun 01 15:32:40 mx systemd[1]: Unit [email protected] entered failed state.
    Jun 01 15:32:40 mx systemd[1]: [email protected] failed.
    [[email protected] /]#

    Any ideas what I might be missing?

    • Harmon20 says:

      additional info: In case this was a problem with me trying to manually start the service I rebooted the server and checked the service status after it came back up. Same output.

      • @Harmon20, we’re almost there, brother :). Hang in there.
        Can you paste the output of journalctl -xn RIGHT AFTER attempting to manually start clamd? We are mostly interested in lines containing the word ERROR in them.

  4. ura soul says:

    if the clamav scan only runs once a day, won’t that mean that new messages that are infected will be available for download for up to 1 day? so therefore, many of them will get through to mail clients?

    • @ura,
      What runs once a day is the cron job that will update the virus definitions. On the other hand, the antivirus service itself should be running as a daemon at all times. That is what will protect your new messages.
      Of course, it is possible -though highly unlikely- that a message (infected with a virus released in the recent past, whose signature has not yet been identified by major antivirus engines) finds its way to your mailbox. With virus and antivirus you can be as paranoid as with backups. A solid knowledge of the threats your environment faces will give you the last word as to how paranoid you need to be about it.

      • Ivan says:

        Hello Gabriel,

        First of all, let me thank you for the great series of articles. I’m following along, and so far so good :)

        regarding the above question, I thing @ura souls was referring to this part:

        “The above cronjob will scan the mail server directory recursively and leave a log of its operation in /var/log/clamav/dailyclamscan.log”

        I understood as he did. Also, I find that updating is by default, but what needs to be done is to remove this four lines:

        ### !!!!! REMOVE ME !!!!!!
        ### REMOVE ME: By default, the freshclam update is disabled to avoid
        ### REMOVE ME: network access without prior activation
        FRESHCLAM_DELAY=disabled-warn # REMOVE ME

        from vi /etc/sysconfig/freshclam.

        If you can comment this, it would be really helpful.

        All the best

Got something to say? Join the discussion.

Your email address will not be published. Required fields are marked *