Reading Time: 4 minutes

This post will describe how to fight against spam on a Scalix system with the help of Postfix. I assume you replaced the Scalix SMTPD with Postfix, as described in this post:

How To: Replace Scalix SMTPD with Postfix

As the picture above indicates, sometimes, spam could be a good idea, but when talking about emails, spam is always considered as cumbersome. To help your users to save time and get to the important e mails very fast, it is necessary to fight against spam and filter them from normal mails. There are many ways to do that, but I prefer to filter them as early as possible, which is at the server. That is mostly the main reason, why I decided to replace the Scalix SMTPD with Postfix. I will now explain how I fight against spam on my server.

Install and Configure the Required Packages

To start the fight against spam, you need to install the required packages on the system:

[email protected]:~# apt-get install clamav clamav-daemon spamassassin amavisd-new

This will install “ clamav ” which is used to test attachments against viruses, which is not spam but need to be filtered too. The “ spamassassin ” package will do the spam filtering and the “ amavisd -new” package will do the communication with Postfix and will use the two other tools to check and filter e mails .

You now need to enable and configure the tools to work. The first thing would be to start “ freshclam ”, this will download the latest virus definitions and keep them up to date:

The next step is to tell amavis to use spamassassin and clamav. Open this file:

and uncomment those lines:

@bypass_virus_checks_maps = ( %bypass_virus_checks, @bypass_virus_checks_acl, $bypass_virus_checks_re); @bypass_spam_checks_maps = ( %bypass_spam_checks, @bypass_spam_checks_acl, $bypass_spam_checks_re);

This will tell amvis to check all e mails and attachments with the help of spamassassin and clamav . I will now tune spamassassin to fit my needs.

Open this file:

I changed some options to fit better to my needs:

#$sa_spam_subject_tag = '***SPAM*** '; $sa_tag2_level_deflt = -9999; # add 'spam detected' headers at that level

The first command is commented to let the subject as it is. I don’t like those “***SPAM***” strings in the subject. The second option will add the X-SPAM headers to the mail, which I use to filter spam on the mail server. I will come back to that later.

After every thing is configured, you need to start/restart all the services.

Configure Postfix to Fight Against Spam

The last step is to tell Postfix, to use amavis for mail filtering. This is a very easy step, as you just need to add some lines to the master.cf:

smtp-amavis unix - - n - 2 smtp -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes 127.0.0.1:10025 inet n - n - - smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks=127.0.0.0/8 -o strict_rfc821_envelopes=yes -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 -o receive_override_options=no_header_body_checks

Now, every e mail, is sent to the amavis daemon, which is doing all the tests and afterwards , the amavis daemon uses the Postfix service, running on 127.0.0.1:10025 to send the mail back to Postfix. The mail is then handed over to the Scalix SMTPD to put the mail in the correct mailbox.

I also added some restrictions to the main.cf in order to prevent some spammy mail servers to connect and send emails to my server:

smtpd_client_restrictions = permit_mynetworks permit_sasl_authenticated reject_rbl_client zen.spamhaus.org reject_rbl_client bl.spamcop.net reject_rbl_client ix.dnsbl.manitu.net reject_unknown_client permit smtpd_sender_restrictions = permit_mynetworks permit_sasl_authenticated reject_invalid_hostname reject_non_fqdn_hostname reject_unknown_recipient_domain reject_non_fqdn_recipient reject_non_fqdn_sender reject_unknown_sender_domain reject_unknown_recipient_domain reject_unauth_destination permit smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination

You can test the setup by sending some testmails to your server with some SpamAssassin strings, which will be detected as Spam/Virus.

Spam test string:

XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X

Virus test string:

X5O!P%@AP[4PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

If you insert those lines into a mail, the mail should be classified accordingly.

Create Scalix Rule to Filter Mails

In order to filter spammy emails from important e mails I use the Scalix server side rules. Normally, those rules must be applied by every user, which could be hard for non-it guys. But there is a solution. I created a small script, which will iterate over all users and check if the spam filter rule is there and if not, the script will create this rule. The script can be found below:

#!/bin/bash #This script will add iterate over every user and add the SPAM rule user_list=$(omshowu -m mail -i) arr=$(echo $user_list | tr " " "n") for x in $arr do spam_filter=$(sxaa --user $x | grep SPAM) if [[ $spam_filter != *SPAM* ]] then echo Add SPAM Rule for $x sxaa --user $x --file "Spam" --header "%X-Spam-Flag: YES%" --title "SPAM" fi done

The rule will use the X-Spam flag to detect, whether the mail is spam or not. If the mail is marked as spam, the mail will be put into the “SPAM” folder. This makes it easy for my users to deal with the important emails and they can go through the spammy e mails when they have the time. You can run the script as a cron job.

For any feedback or questions, you can use the comment function.

Share this: Facebook

LinkedIn

Reddit

Twitter

Email

More

Print

Tumblr



Pinterest

Pocket



Telegram

WhatsApp



Skype



Like this: Like Loading...