How To Build A Spam Filtering Mail Gateway

By Brian Goldberg – {brian AT carbonite D0T com}

www.carbonite.com

Spam has evolved from a nusance to a threat. SysAdms need a strategy for combating spam. You can use filtering software loaded on all your users computers, but that takes a lot of time to install and maitenance can be real drag on your time and resources. A better way is to use a centralised device which filters your spam before it enters your enterprise. This “Anti-Spam Gateway” is a lot easier to manage and maintain than individually installed client software. Additionally, it can be tuned to be a lot more effective.

Overview

1. Build bare-bones Linux server

a. Custom Configurations

b. Partitions

c. Firewall Option

d. Package Selection

e. LANG variable

2. Install Postfix Message Transfer Agent (MTA)

a. Disable sendmail

b. Install Postfix

c. Configure Postfix

d. Test Postfix

e. Configure for mail forwarding

f. Test again

3. Install Mailscanner

a. Install MailScanner Package

b. Initial MailScanner Configuration

4. Install Spamassassin

a. Install SpamAssassin

b. Configure SpamAssassin

5. Install ClamAV

a. Install ClamAV

b. Configure ClamAV

c. Test ClamAV

Step I – Build Bare-Bones Linux Server

I’ve used some of the fairly recent versions of RedHat Linux. Versions 8, 9 or Fedora should work fine. I choose the custom build using the GUI installer.

a. Custom User Configurations

Select the generic selections for keyboard, language and timezone.

b. Partitions

You should partition the server with at least this layout:

		/
		/usr
		/var

This will protect your server from runaway log files.

c. Firewall Configuration

I chose to select the “no firewall” option. I consider this device to be a traffic management device and not a security device. Upstream security should be handeld by an actual firewall. Of course, many may disagree with this and choose to load IPTables. Just make sure you have the right chains configured to allow traffic to flow properly.

d. Package Selection

When you get to the package selections, DE-SELECT EVERYTHING. Go back and choose only the following items:

Editors -> you’ll need this to vi files
Development Tools -> you’ll need this to compile software

Once the machine builds itself, it will reboot.

e. Fix LANG Variable

Once it reboots, we need to edit the LANG variable. RedHat’s LANG variable setting of LANG=”en_US.UTF-8″ can cause compilation errors in some perl code used by MailScanner and SpamAssassin.

In Red Hat Linux you must edit the file /etc/sysconfig/i18n to change the lines:

	
	LANG=”en_US.UTF-8″
	SUPPORTED=”en_US.UTF-8:en_US:en”
	To:
	LANG=”en_US”
	SUPPORTED=”en_US.UTF-8:en_US:en”

		[root@titan sysconfig]# LANG=’en_US’
	[root@titan sysconfig]# export LANG

Step II – Install Postfix

I chose to use postifx instead of sendmail for my MTA. I like postfix because its configuration is very understandable. Also, I believe it is a bit more lightweight than sendmail.

a. Disable existing Sendmail services

Before you install postfix, you need to disable the existing sendmail items running on your Linux box.

		Service sendmail stop
		chkconfig sendmail off

b. Install Postfix

Download postfix 2.1.5 from www.postfix.org and install as per this postfix document. Make sure you add the required records in passwd, group and aliases files. Postfix and Mailscanner will not work without them!

Accept all of the default settings when you “make install”

c. Configure Postfix

Postifx has two files which control most of its functionality. These are main.cf and master.cf.

Specific main.cf edits:

		myhostname = titan.corp.com
		mydomain = corp.com
		myorgin = $mydomain
		inet_interfaces = all
		mydestination = $myhostname, localhost.$mydomain $mydomain
		mynetwork_style = host

Note: some of these items need to be changed, while some only need to be uncommented.

d. Test Postfix Build

It is very importiant to test postfix now to make sure everything works.

Send an email to this mail server. You can telnet on port 25 to this box and manually send an email.

e. Configure Postfix to forward email

Since we do not want this device to be the final destination for our mail, we need to configure Postfix to forward all mail for our domain to our SMTP mail server. We need to make sure that only mail for our domain is forwarded, and mail for other domains is dropped (do not become a open mail relay – very bad!)

Edit this item in main.cf

		relay_domains = lab.net

This tells Postfix which domains it should relay mail. All mail destined for this doamin (and only this domain) will be forwarded to its remote SMTP server. You can put multiple domains here, just seperate them with a comma or whitespace.

Add line to end of main.cf

		transport_maps = hash:/etc/postfix/transport

This tells Postfix what method to use to resolve the destination address for relayed mail:

Add line to end of “/etc/postfix/transport”

		lab.net		smtp:[192.168.2.225]

This command specifically maps the domain “lab.net” to the IP address 192.168.2.225 and tells Postfix to use SMTP as the transport. All mail destined for lab.net which is relayed thru this Spam Gateway will be forwarded via SMTP to 192.168.2.225.

Then run command:

		postmap /etc/postfix/transport

This command builds the hash table/file which Posfix will use to forward mail. If you don’t do this, it wont work.

Finally add this line to main.cf

		append_at_myorigin = no

These lines will make sure your Spam Gateway does not add any of its own header domain info to the mail as it passes thru.

f. Test Again

Stop and start postfix to make sure all changes take.

		postfix stop
	postfix start

I know this is redundent, but you really should test your system again before installing MailScanner. Make sure that mail gets passed thru the system wihtout problem. If you do encounter a problem, it will be alot easier to fix it now than after you’ve installed MailScanner, SpamAssassin and ClamAV.

Step III – Install MailScanner

		tar zxvf MailScanner-.tar.gz

		./install.sh

		chkconfig –list | grep MailScanner

		MailScanner     0:off   1:off   2:on    3:on    4:on    5:on    6:off

		chkconfig postfix off

	header_checks = regexp:/etc/postfix/header_checks 

	/^Received:/ HOLD

	Run As User = postfix
     	Run As Group = postfix
     	Incoming Queue Dir = /var/spool/postfix/hold
     	Outgoing Queue Dir = /var/spool/postfix/incoming
     	MTA = postfix

    	chown postfix.postfix /var/spool/MailScanner/incoming
    	chown postfix.postfix /var/spool/MailScanner/quarantine