MailScanner, ClamAV, SpamAssassin and Postfix Integration

This page will guide you in configuring MailScanner, ClamAV and SpamAssassin to work in Postfix. Before proceeding, please make sure that all of the above components are already installed.

Here are the installation guides for the above components.
-Postfix With SMTP-AUTH And TLS
- Installing Clam AntiVirus
- Installing MailScanner

SpamAssassin is included in Red Hat Enterprise Linux and CentOS and it’s ready to go out of the box. If it is not yet installed in your system, use the command below to install it.

yum install spamassassin

Configuring MailScanner

1. Edit the file /etc/MailScanner/virus.scanners.conf and change the path of clamav to /usr.

2. Edit the file /etc/MailScanner/MailScanner.conf and update the lines below.
%org-name% = your organization name
%org-long-name% = your full organization name
%web-site% = your mail support website or company website
Run As User = postfix
Run As Group = postfix
Incoming Queue Dir = /var/spool/postfix/hold
Outgoing Queue Dir = /var/spool/postfix/incoming
MTA = postfix
Incoming Work Group = clam
Incoming Work Permissions = 0640
Virus Scanners = clamd
Clamd Socket = /var/run/clamav/clamd.sock
Use SpamAssassin = yes
SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin
3. Setup the necessary directories using the commands below.

cd /var/spool/MailScanner/
mkdir spamassassin
chown -R postfix.clam *
chmod -R 750 *
restorecon -R ../MailScanner/

4. For CentOS 6, configure SELinux using the commands below.

touch freshclamtmp.te
vi freshclamtmp.te
copy all content in quote below to freshclamtmp.te
module freshclamtmp 1.0;

require {
 type tmp_t;
 type freshclam_t;
 class dir { write add_name };
 class file { lock create open getattr append };

#============= freshclam_t ==============
#!!!! The source type 'freshclam_t' can write to a 'dir' of the following types:
# freshclam_var_log_t, clamd_var_lib_t, clamd_var_run_t, var_run_t, var_log_t, root_t

allow freshclam_t tmp_t:dir { write add_name };
allow freshclam_t tmp_t:file { lock create open getattr append }; 
After that enter the command below.
checkmodule -M -m -o freshclamtmp.mod freshclamtmp.te
semodule_package -o freshclamtmp.pp -m freshclamtmp.mod
semodule -i freshclamtmp.pp

Integrating MailScanner into Postfix

1. Edit the file /etc/postfix/ and remove the # in front of the line below
header_checks = regexp:/etc/postfix/header_checks 
2. Edit the file /etc/postfix/header_checks and add the line below to the bottom of the file
/^Received:/ HOLD 
This will now place all incoming mail into the holding area until released by MailScanner.

3. MailScanner should now be the one to start the Postfix service. Stop the Postfix service and start the Clamd and MailScanner service in that order. Use the commands below to accomplish these.

chkconfig postfix off
chkconfig clamd on
chkconfig MailScanner on
service postfix stop
service clamd start
service MailScanner start

If you encounter any problems, check the log file at /var/log/maillog


Congratulations, your mails are now checked for spam and viruses. Each mail you send or receive will now contain the lines below to indicate that MailScanner is doing its job.
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

Share on Google Plus

About somono chek

Hi, I am Somono Chek. I've been working in IT field for 8 years. I created this blog for sharing my experiences and knowledge for this 8 years related to IT Skill: Networking, Network Security, Linux Server, Windows Server and other skill related to IT.


Post a Comment