How To Build A Spam Filtering Mail Gateway
How To Build A Spam Filtering Mail Gateway
How To Build A Spam Filtering Mail Gateway
By Brian Goldberg – {brian AT carbonite D0T com}
www.carbonite.com
Spam has evolved from a nusance to a threat. SysAdms need a strategy for combating spam. You can use filtering software loaded on all your users computers, but that takes a lot of time to install and maitenance can be real drag on your time and resources. A better way is to use a centralised device which filters your spam before it enters your enterprise. This “Anti-Spam Gateway” is a lot easier to manage and maintain than individually installed client software. Additionally, it can be tuned to be a lot more effective.
Overview
- 1. Build bare-bones Linux server
- a. Custom Configurations
- b. Partitions
- c. Firewall Option
- d. Package Selection
- e. LANG variable
- b. Partitions
- 2. Install Postfix Message Transfer Agent (MTA)
- a. Disable sendmail
- b. Install Postfix
- c. Configure Postfix
- d. Test Postfix
- e. Configure for mail forwarding
- f. Test again
- b. Install Postfix
- 3. Install Mailscanner
- a. Install MailScanner Package
- b. Initial MailScanner Configuration
- b. Initial MailScanner Configuration
- 4. Install Spamassassin
- a. Install SpamAssassin
- b. Configure SpamAssassin
- b. Configure SpamAssassin
- 5. Install ClamAV
- a. Install ClamAV
- b. Configure ClamAV
- c. Test ClamAV
- b. Configure ClamAV
Step I – Build Bare-Bones Linux Server
I’ve used some of the fairly recent versions of RedHat Linux. Versions 8, 9 or Fedora should work fine. I choose the custom build using the GUI installer.
- a. Custom User Configurations
- Select the generic selections for keyboard, language and timezone.
- b. Partitions
- You should partition the server with at least this layout:
/
/usr
/var
- This will protect your server from runaway log files.
- This will protect your server from runaway log files.
- c. Firewall Configuration
- I chose to select the “no firewall” option. I consider this device to be a traffic management device and not a security device. Upstream security should be handeld by an actual firewall. Of course, many may disagree with this and choose to load IPTables. Just make sure you have the right chains configured to allow traffic to flow properly.
- d. Package Selection
- When you get to the package selections, DE-SELECT EVERYTHING. Go back and choose only the following items:
Editors -> you’ll need this to vi files
Development Tools -> you’ll need this to compile software
Once the machine builds itself, it will reboot.
- e. Fix LANG Variable
- Once it reboots, we need to edit the LANG variable. RedHat’s LANG variable setting of LANG=”en_US.UTF-8″ can cause compilation errors in some perl code used by MailScanner and SpamAssassin.
- In Red Hat Linux you must edit the file /etc/sysconfig/i18n to change the lines:
You then need to re-set and export the LANG variable:
LANG=”en_US.UTF-8″
SUPPORTED=”en_US.UTF-8:en_US:en”
To:
LANG=”en_US”
SUPPORTED=”en_US.UTF-8:en_US:en”
[root@titan sysconfig]# LANG=’en_US’
[root@titan sysconfig]# export LANG
Step II – Install Postfix
I chose to use postifx instead of sendmail for my MTA. I like postfix because its configuration is very understandable. Also, I believe it is a bit more lightweight than sendmail.
- a. Disable existing Sendmail services
- Before you install postfix, you need to disable the existing sendmail items running on your Linux box.
Service sendmail stop
chkconfig sendmail off
- b. Install Postfix
- Download postfix 2.1.5 from www.postfix.org and install as per this postfix document. Make sure you add the required records in passwd, group and aliases files. Postfix and Mailscanner will not work without them!
- Accept all of the default settings when you “make install”
- Accept all of the default settings when you “make install”
- c. Configure Postfix
- Postifx has two files which control most of its functionality. These are main.cf and master.cf.
- Specific main.cf edits:
myhostname = titan.corp.com
mydomain = corp.com
myorgin = $mydomain
inet_interfaces = all
mydestination = $myhostname, localhost.$mydomain $mydomain
mynetwork_style = host
- Note: some of these items need to be changed, while some only need to be uncommented.
- Specific main.cf edits:
- d. Test Postfix Build
- It is very importiant to test postfix now to make sure everything works.
- Send an email to this mail server. You can telnet on port 25 to this box and manually send an email.
- Send an email to this mail server. You can telnet on port 25 to this box and manually send an email.
- e. Configure Postfix to forward email
- Since we do not want this device to be the final destination for our mail, we need to configure Postfix to forward all mail for our domain to our SMTP mail server. We need to make sure that only mail for our domain is forwarded, and mail for other domains is dropped (do not become a open mail relay – very bad!)
- Edit this item in main.cf
relay_domains = lab.net
- This tells Postfix which domains it should relay mail. All mail destined for this doamin (and only this domain) will be forwarded to its remote SMTP server. You can put multiple domains here, just seperate them with a comma or whitespace.
- Add line to end of main.cf
transport_maps = hash:/etc/postfix/transport
- This tells Postfix what method to use to resolve the destination address for relayed mail:
- Add line to end of “/etc/postfix/transport”
lab.net smtp:[192.168.2.225]
- This command specifically maps the domain “lab.net” to the IP address 192.168.2.225 and tells Postfix to use SMTP as the transport. All mail destined for lab.net which is relayed thru this Spam Gateway will be forwarded via SMTP to 192.168.2.225.
- Then run command:
postmap /etc/postfix/transport
- This command builds the hash table/file which Posfix will use to forward mail. If you don’t do this, it wont work.
- Finally add this line to main.cf
append_at_myorigin = no
- These lines will make sure your Spam Gateway does not add any of its own header domain info to the mail as it passes thru.
- Edit this item in main.cf
- f. Test Again
- Stop and start postfix to make sure all changes take.
postfix stop
postfix start
- I know this is redundent, but you really should test your system again before installing MailScanner. Make sure that mail gets passed thru the system wihtout problem. If you do encounter a problem, it will be alot easier to fix it now than after you’ve installed MailScanner, SpamAssassin and ClamAV.
Step III – Install MailScanner
tar zxvf MailScanner-.tar.gz
./install.sh
chkconfig –list | grep MailScanner
MailScanner 0:off 1:off 2:on 3:on 4:on 5:on 6:off
chkconfig postfix off
header_checks = regexp:/etc/postfix/header_checks
/^Received:/ HOLD
Run As User = postfix
Run As Group = postfix
Incoming Queue Dir = /var/spool/postfix/hold
Outgoing Queue Dir = /var/spool/postfix/incoming
MTA = postfix
chown postfix.postfix /var/spool/MailScanner/incoming
chown postfix.postfix /var/spool/MailScanner/quarantine
Step IV – SpamAssassin
- a. Install SpamAssassin
- SpamAssassin is also very easy to install, however, you need to make sure you have the proper PERL modules installed. They are:
Digest::SHA1
HTML::Parser
- Optional Modules:
MIME::Base64
DB_File
Net::DNS
Mail::SPF::Query
Time::HiRes
- You can install SpamAssassin with:
perl -MCPAN -e ‘install Mail::SpamAssassin
- Then install
Net::DNS
- Optional Modules:
- b. Configure SpamAssassin
- You don’t need to edit any of the SpamAssassin conf files because all of the configuration is done thru MailScanner.
- In /etc/MailScanner/MailScanner.conf we will make these changes:
- Change this line:
Use SpamAssassin = no
- to:
Use SpamAssassin = yes
- Update the SpamAssassin User State Dir setting:
SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin
- and then run commands:
mkdir /var/spool/MailScanner/spamassassin
chown postfix.postfix /var/spool/MailScanner/spamassassin
- Restart MailScanner to make changes stick.
service MailScanner restart
- In /etc/MailScanner/MailScanner.conf we will make these changes:
Step V – ClamAV
- a. Install ClamAV
- Before you install ClamAV, you need to add the clamav user and group. You can do this as follows:
groupadd clamav
useradd -g clamav -s /bin/false -c “Clam AntiVirus” clamav
- Once this is done, you can build the software.
- Open up the package:
tar xvzf clamav-0.80.tar.gz
- Generic build proceedure:
./configure
make
- I encountered a problem with my RedHat Fedora Core 3 build which was fixed by using this command “ln -s /usr/lib/libidn.so.11.4.6 /usr/lib/libidn.so”. See this web page for details: “http://kb.atmail.com/view_article.php?num=132&title=libidn.so:%20No%20such%20file%20or%20directory”
make install
- Now you need to load the perl modules for the ClamAV
perl -MCPAN -e shell
install Parse::RecDescent
install Inline
install Mail::ClamAV
- Once this is done, you can build the software.
- b. Configure ClamAV and MailScanner Settings
- In /usr/local/etc/clamd.conf make the following edits:
- Add ‘#’ in front of the word ‘Example’
- Do the same in /usr/local/etc/freshclam.conf
- Now you need to update ClamAV’s virus signature files
[root@titus]# freshclam
ClamAV update process started at Sat Jan 29 19:43:51 2005
main.cvd is up to date (version: 29, sigs: 29086, f-level: 3, builder: tomek)
daily.cvd is up to date (version: 691, sigs: 804, f-level: 4, builder: ccordes)
- Update MailScanner’s configuration file to use ClamAV
‘Virus Scanners = clamav’
- In MailScanner.conf, check the setting of ‘Monitors for ClamAV Updates’ to ensure it matches the location of your ClamAV virus database files. This should be “/usr/local/share/clamav/*.cvd”.
- Add ‘#’ in front of the word ‘Example’