Postfix with Cyrus, Clamav and Spamassassin


Niels - December 31, 2005
Heads up!    This post was written 16 years ago.

This is a quick howto on how to get it all running. Most of the software used is a lot more powerful than this howto suggests. Once you have it all up and running make sure to spend some time checking out the full potential of your setup.

Get all the packages:

Include

deb http://ftp2.de.debian.org/
debian-volatile sarge/volatile main

in your /etc/apt/sources.list to make sure you get updates on the clamav engine (and not just the virus data as provided by freshclam).

apt-get install postfix clamav clamav-base clamav-daemon clamav-freshclam amavisd-new spamassassin spamc razor pyzor cyrus21-admin cyrus21-common cyrus21-imapd cyrus21-pop3d

The amavis package recommends a lot of tools like unzip, unrar, etc. It’s best to install all of them; using dselect might be helpful here.

Clamav

Clamav will run fine without changing any settings. To make sure Clamav plays nicely with Amavis add the clamav user to the amavis group in /etc/group:

postfix:x:104:
postdrop:x:105:
mysql:x:106:
clamav:x:107:
amavis:x:108:clamav

You can do this by typing:

adduser clamav amavis

Spamassassin

Switch user to amavis:

peen:~# su - amavis

Then run the commands required to enable Razor to be used by Spamassassin:

amavis@peen:~$ razor-admin -create
amavis@peen:~$ razor-admin -register
Register successful. Identity stored in /var/lib/amavis/.razor/
identity-ruu0K-KHfE

Also enable Pyzor:

amavis@peen:~$ pyzor discover
downloading servers from http://pyzor.sourceforge.net/cgi-bin/
inform-servers-0-3-x

Create/edit /etc/spamassassin/local.cf. Mine is very simple:

report_safe 0
skip_rbl_checks 1

I turn off rbl checks in spamassassin as I will have postfix do this instead; see below. No other changes are required.

By default spamassassin is disabled on Debian. Make sure to edit /etc/default/spamassassin and start it:

peen:~# /etc/init.d/spamassassin start
Starting SpamAssassin Mail Filter Daemon: spamd.

Amavis

/etc/amavis/amavisd.conf requires a few configuration changes. Please find the settings quoted below and adjust them to match your setup.

…
$mydomain = ‘peen.net’;
…
$forward_method = ’smtp:127.0.0.1:10025′;
$notify_method = $forward_method;
…
@local_domains_acl = ( “.$mydomain”, “.localhost” );
…
$inet_socket_port = 10024;
…

Also make sure you turn on spamassassin support by removing this line:

@bypass_spam_checks_acl = qw( . );

The rest of the defaults are fine. Now restart amavis:

peen:~# /etc/init.d/amavis restart
Stopping amavisd: amavisd-new.
Starting amavisd: amavisd-new.

And do a tail on your syslog to make sure it detects Clamav and Spamassassin:

peen:~# tail -4 /var/log/syslog
Dec 1 11:42:38 peen amavis[15613]: Using internal av scanner code for (primary) Clam Antivirus-clamd
Dec 1 11:42:38 peen amavis[15613]: Found secondary av scanner Clam Antivirus – clamscan at /usr/bin/clamscan
Dec 1 11:42:38 peen amavis[15613]: SpamControl: initializing Mail::SpamAssassin
Dec 1 11:42:39 peen amavis[15613]: SpamControl: done

Cyrus

The default Cyrus configuration will work for us. We do however need to set sasl passwords and create mailboxes:

peen:~# saslpasswd2 cyrus
Password:
Again (for verification):
peen:~# saslpasswd2 niels
Password:
Again (for verification):

The cyrus user is used for administering Cyrus. The niels user is, well, me. Now create the mailbox for niels:

peen:~# su – cyrus
cyrus@peen:~$ cyradm localhost
IMAP Password:
localhost.localdomain> cm user.niels
localhost.localdomain> exit

Postfix

Finally we’ll need Postfix to actuall get this thing going. We need to add quite a bit to /etc/postfix/master.cf to make sure Postfix can communicate with Amavis:

…
smtp-amavis unix – – n – 2 smtp
-o smtp_data_done_timeout=1200

127.0.0.1:10025 inet n – n – – smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=
permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000

Then we edit /etc/postfix/main.cf to accept email for our domain, do rbl checks, send email to Amavis and deliver it to Cyrus:

smtpd_banner = peen.net ESMTP
biff = no

append_dot_mydomain = no

myhostname = xxx-xxx-xxx-xxx.solcon.nl
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = peen.net, localhost.localdomain, localhost.localdomain, localhost
mynetworks = 127.0.0.0/8, 192.168.2.0/24
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
mailbox_transport=
lmtp:unix:/var/run/cyrus/socket/lmtp
content_filter = smtp-amavis:[127.0.0.1]:10024

smtpd_helo_required = yes
disable_vrfy_command = yes

smtpd_recipient_restrictions =
permit_mynetworks,
reject_unauth_destination,
reject_rbl_client relays.ordb.org,
reject_rbl_client opm.blitzed.org,
reject_rbl_client list.dsbl.org,
reject_rbl_client sbl.spamhaus.org,
reject_rbl_client cbl.abuseat.org,
reject_rbl_client dul.dnsbl.sorbs.net,
permit

smtpd_data_restrictions =
reject_unauth_pipelining,
permit

Now restart postfix and you’re ready to receive email!

peen:~# /etc/init.d/postfix restart
Stopping mail transport agent: Postfix.
Starting mail transport agent: Postfix.
 

Bristuff 0.3.0-PRE-1d


Niels - December 22, 2005
Heads up!    This post was written 16 years ago.

As bristuff still seems to be the most popular way to use HFC Cologne based ISDN cards I’ve patched Asterisk with the lastest bristuff patches from Junghanns. Updated packages for Debian Sarge can be found at their usual location:

Add the following line to your /etc/apt/sources.list:

deb http://debian.peen.net asterisk/
 

enlightenment?


Niels - November 30, 2005
Heads up!    This post was written 16 years ago.

Inspired by David’s urge to maximize eye candy on his newly installed Linux machine and old memories of a cutting edge Enlightenment DR16 I decided to check out its latest version.

Although still beta, the latest version is called E17. It’s a complete rewrite and has been in development for quite some time now. Based on Shadoi’s i386 repository I built some amd64 packages for debian unstable. Building and installing Shadoi’s packages went very smoothly.

E17 is running a small 12 hours now, but so far it feels quite stable. The file manager wasn’t included in the packages and the media player feels a little basic, but as a window manager and basic desktop environment I might actually decide to stick with it. I wont throw screenshots and a lengthy description of the eye candy at you; there are many out there already and it’s a much better idea to just try yourself anyway :)

For those who fear destroying their beloved setup there is a live-cd available with both version 16.8 and 17 called elivecd.