Note: You can copy/paste all commands written here although they are not inline, they will be when you paste them to shell or file.

For this I needed to have:

• Fully functional Linux machine ( I had already installed Ubuntu 8.04 server )
• Postfix – default installation will do
• Mail Scanner – free package that you can get on MailScanner home page
• SpamAssassin – free antispam solution
• Clam AV – free antivirus

Before of installing anything we will fetch the latest list of packages from Ubuntu repositories with command:

aptitude update

Now before installation of a Mail Scanner we need to install some packages with command:

aptitude install libconvert-tnef-perl libdbd-sqlite3-perl libfilesys-df-perl libmailtools-perl libmime-tools-perl libmime-perl libnet-cidr-perl libsys-syslog-perl libio-stringy-perl libfile-temp-perl libole-storage-lite-perl libarchive-zip-perl postfix clamav clamav-daemon libsys-hostname-long-perl libnet-cidr-lite-perl spamassassin

Answer with Y when asked to install dependencies for these packages. During the installation of postfix you will get simple menu in which you need to select Internet site and write your full host name with domain.

Because whole configuration of Postfix is being done via main.cf and master.cf files we need to change some values in them. Open main.cf and add/edit following lines to look like this:

myhostname = ubuntu.sp.local
mydomain = sp.local
myorgin = $mydomain
inet_interfaces = all
mydestination = $myhostname, localhost.$mydomain $mydomain
mynetwork_style = host
relay_domains = lab.net
transport_maps = hash:/etc/postfix/transport
append_at_myorigin = no
local_recipient_maps =
header_checks = regexp:/etc/postfix/header_checks

Now open /etc/postfix/transport and add your forwarding domains in it. For multiple domains go to new row by same principle.

sp.local smtp:[192.168.1.5]

This ip 192.168.1.5 is IP of my Exchange server, not of my Linux machine and sp.local is the name of my domain, replace IP and domain name with yours. After this editing we need to create hash of the transport file and to restart Postfix.

postmap /etc/postfix/transport
/etc/init.d/postfix restart

Now you can control if Postfix is working like it should and if it transports mail. If everything works stop it so that we can configure other options in it and because it needs to be started after MailScanner.

/etc/init.d/postfix stop

Next step would be to unpack and install the latest version of Mail Scanner because Ubuntu 8.04 still doesn’t have the latest version in the repositories. You can get the latest version of Mail Scanner here. Because we will compile it we need .tar.gz version.

wget http://mailscanner.info/files/4/tar/MailScanner-install-4.71.10-1.tar.gz
tar zxvf MailScanner-install-4.71.10-1.tar.gz
cd MailScanner-install-4.71.10
./install.sh

You will see lot of output when you run ./install.sh because it will check which Perl modules do you have installed and install those that are missing, but as installation says:

Do not worry too much about errors from the next command.
It is quite likely that some of the Perl modules are
already installed on your system.

When install.sh is done you will get message to enter some lines in crontab to automatize jobs. Type crontab -e and enter following lines in crontab (:w to write and exit if you are using Vi editor ctrl+x for Pico).

37 5 * * * /opt/MailScanner/bin/update_phishing_sites
07 * * * * /opt/MailScanner/bin/update_bad_phishing_sites
58 23 * * * /opt/MailScanner/bin/clean.quarantine
42 * * * * /opt/MailScanner/bin/update_virus_scanners
3,23,43 * * * * /opt/MailScanner/bin/check_mailscanner

Now we need to edit /etc/default/spamassassin file and to enable SpamAssassin daemon. Open this file with editor and change these lines:

ENABLED=0 to ENABLED=1
CRON=0 to CRON=1

Now we have enabled SpamAssassin as a daemon and enabled it to update daily via cron. It’s time to start it for the first time.

/etc/init.d/spamassassin start

Next step would be to edit MailScanner.conf. Find following lines and edit them to look like this:

Run As User = postfix
Run As Group = postfix
MTA = postfix
Incoming Queue Dir = /var/spool/postfix/hold
Outgoing Queue Dir = /var/spool/postfix/incoming
Virus Scanners = clamav
Spam List = SBL+XBL
SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin

Now we will run MailScanner with command:

/opt/MailScanner/bin/check_mailscanner

It will automatically go to background. Now we need to tell Postfix to wait with forwarding of mails while they are checked against spam and antivirus definitions. We will need to edit file /etc/postfix/header_checks and to add following line because without it nothing will work.

/^Received:/ HOLD

Now we need to restart Postfix with command:

/etc/init.d/postfix start

I have got interesting output when I once killed MailScanner process that really make me laugh.

11818 ? Ss 0:00 MailScanner: killing children, bwahaha!
11819 ? Z 0:01 [MailScanner] <defunct>
11862 ? Z 0:01 [MailScanner] <defunct>
11905 ? Z 0:01 [MailScanner] <defunct>
11948 ? Z 0:01 [MailScanner] <defunct>
11991 ? Z 0:01 [MailScanner] <defunct>
12038 ? Ss 0:00 MailScanner: killing children, bwahaha!
12039 ? Z 0:01 [MailScanner] <defunct>
12083 ? Z 0:01 [MailScanner] <defunct>
12126 ? Z 0:01 [MailScanner] <defunct>
12169 ? Z 0:01 [MailScanner] <defunct>
12212 ? Z 0:01 [MailScanner] <defunct>

LOL, they have a good sense of humor.

So if everything is working correctly you should receive now mails with small footer text:

–
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

You can control message delivery with command:

tail -f /var/log/syslog

There you will see scrolling text like:

Sep 11 10:14:14 ubuntu postfix/smtpd[13220]: connect from web54408.mail.yahoo.com[206.190.49.138]
Sep 11 10:14:14 ubuntu postfix/smtpd[13220]: CE433E643: client=web54408.mail.yahoo.com[206.190.49.138]
Sep 11 10:14:15 ubuntu postfix/cleanup[13222]: CE433E643: hold: header Received: from web54408.mail.yahoo.com (web54408.mail.yahoo.com [206.190.49.138])??by ubuntu.sp.local (Postfix) with SMTP id CE433E643??for <mymail@mydomain>; Thu, 11 Sep 2008 10:14:14 -0400 (EDT) from web54408.mail.yahoo.com[206.190.49.138]; from=<my_yahoo_mail@yahoo.com> to=<mymail@mydomain.com> proto=SMTP helo=<web54408.mail.yahoo.com>
Sep 11 10:14:15 ubuntu postfix/cleanup[13222]: CE433E643: message-id=<225121.37413.qm@web54408.mail.yahoo.com>
Sep 11 10:14:15 ubuntu postfix/smtpd[13220]: disconnect from web54408.mail.yahoo.com[206.190.49.138]
Sep 11 10:14:15 ubuntu MailScanner[13211]: New Batch: Scanning 1 messages, 2392 bytes
Sep 11 10:14:16 ubuntu MailScanner[13211]: Virus and Content Scanning: Starting
Sep 11 10:14:20 ubuntu MailScanner[13211]: Requeue: CE433E643.352A5 to 424A5E650
Sep 11 10:14:20 ubuntu postfix/qmgr[13003]: 424A5E650: from=<my_yahoo_mail@yahoo.com>, size=1712, nrcpt=1 (queue active)
Sep 11 10:14:20 ubuntu postfix/smtp[13245]: 424A5E650: to=<mymail@mydomain.com>, relay=192.168.1.5[192.168.1.5]:25, delay=5.6, delays=5.5/0.01/0/0.15, dsn=2.6.0, status=sent (250 2.6.0 <225121.37413.qm@web54408.mail.yahoo.com> Queued mail for delivery)
Sep 11 10:14:20 ubuntu postfix/qmgr[13003]: 424A5E650: removed
Sep 11 10:14:20 ubuntu MailScanner[13211]: Uninfected: Delivered 1 messages

This means that MailScanner is scanning messages against spam and viruses.

Now the latest step would be to create RC script to start MailScanner on boot and before Postfix. Here you can read/download file mailscanner.txt file which you will use to create new /etc/init.d/mailscanner file.

This script is slightly modified original init script for MailScanner from Ubuntu. Next step would be to change permissions to the file and to create symlinks with commands:

chmod 755 /etc/init.d/mailscanner
cd /etc/rc0.d/
ln -s ../init.d/mailscanner K20mailscanner

cd /etc/rc1.d/
ln -s ../init.d/mailscanner K20mailscanner

cd /etc/rc2.d/
ln -s ../init.d/mailscanner S20mailscanner

cd /etc/rc3.d/
ln -s ../init.d/mailscanner S20mailscanner

cd /etc/rc4.d/
ln -s ../init.d/mailscanner S20mailscanner

cd /etc/rc5.d/
ln -s ../init.d/mailscanner S20mailscanner

cd /etc/rc6.d/
ln -s ../init.d/mailscanner K20mailscanner

So now we need to test everything with commands:

/etc/init.d/postfix stop
/etc/init.d/mailscanner start
/etc/init.d/postfix start

Notes:

If SpamAssassin doesn’t detect some of your messages as spam although they are spam you can easy manually learn it to detect that and other similar messages as spam. Follow next few steps:

1. Find that message and save it to text file including headers and content
2. Transfer file to your linux machine
3. From the directory where you have transfered file run command: spamassassin –spam < your_text_file

Because lately I (among other users) have begun to receive large number of spam on e-mail server of the company where I work, I have decided to implement SpamAssassin which is primary made for Linux.

I have searched little bit on the net how to do it and found ESA Sink written by Christopher G. Lewis. It works on the principle that SpamAssasin is working in serial mode (it scans one message at a time) and ESA Sink take incoming message from Exchange, outputs it to file, run that file through SpamAssasin and returns it to Exchange if it is OK.

Installation and configuration of everything is not that much complicated. It can be divided in following steps:

1. Download and install the latest version of Active Perl from Active State
2. Download NMake from Microsoft and after extracting move files to c:\perl\bin
3. Download ESA Sink from Chris’s site
4. After installation of ESA Sink you will get ExchangeSpamassassin.ini file opened
5. Check config file values, change if necessary, I have changed MaxMsgSizeKB from -1 to 2048 = 2MB and leave it opened for later as well as installation
6. Now start command prompt, Start->Run->Cmd and enter ppm to start Perl Package Manager
7. If you receive message that ppm is not recognizable type set path=%path%;c:\perl\bin\ and then ppm
8. Now in PPM press Ctrl+1 to see list of available perl modules for installation
9. Type Net-Dns in search field and when you get this package in list click with right mouse button on it and select install
10. Now we will do same thing for IO-Socket-INET6, IP-Country and Mail-SPF
11. Now press Ctrl+Enter to install these packages and when it is done you can close PPM
12. Download the latest version of SpamAssassin and unzip it to c:\Mail-SpamAssassin-3.2.5 (3.2.5=current version that you are downloading, in my case 3.2.5)
13. In the command prompt now type cd c:\Mail-SpamAssassin-3.2.5
14. Type following command: perl makefile.pl and answer questions before compiling
15. Now we need to run nmake, so just type nmake /i (/i means that we want nmake to compile application ignoring errors)
16. After compiling we need to run nmake /i install to install compiled files
17. Unset read-only attribute from c:\perl\site\bin\spamassassin.bat file
18. Now to test SpamAssassin we will enter in command prompt to directory C:\Mail-SpamAssassin-3.2.5\t\data\spam and execute command spamassassin -D < 001
19. If you see lot of text on your command prompt it means that SpamAssassin works like it should and on the end of output you should find scoring for content of file 001
20. Now we will return to .ini file from ESA setup and change line SpamAssassin_Batch_File to points to the location of our spamassassin.bat file which is c:\perl\site\bin\spamassassin.bat
21. Save and close file and finish the ESA installation
22. At the end of the installation you will leave checkbox to run ESA install script and click Finish button
23. Small command prompt window will come and leave as soon as ESA is installed
24. Now to see if it is working properly you can check C:\ESA\Ham or C:\ESA\Spam directories for files and you can send e-mail to yourself as well, if everything works you should find SpamAssassin information in header of the e-mail
25. To be sure that you don’t have any errors you can check C:\ESA\Log directory in which you should find log file with errors

This configuration works OK on servers that don’t receive more than 1500-2000 e-mail per day, but I wouldn’t recommend it for higher number of e-mails without very strong machine, because in this configuration SpamAssassin works in serial mode, it process one object at a time and this includes downloading of e-mail to file, control against filters, control against URBL lists and then if everything is ok returning it to server for delivery.

For me it was simple test to see if it will work for us, it didn’t worked because of large number of e-mails that we receive (10 000+ per day) so I will go on solution to create Linux SpamAssassin gateway.

Note: I would recomend creating of small .bat script that will delete .out files older than 7 days to avoid running out of disk on your system disk