« Posts tagged spam

Fighting spam with Postfix+postgrey+clamav

After year working with Mailscanner installed I've decided to try another way;

So, in our servers room (after server consolidation) I had an IBM x226 configured with

  • 2x Intel Xeon 3GHz;
  • 6 GB RAM,
  • 4x 40GB SCSI
  • IBM Server Raid controller
  • 2X NetXtreme BCM5703 Gigabit Ethernet controller

I know this is too to do this job, but in future I don't know if will be sufficient.

Installed Centos 5.5 final; purged and updated; next installed postfix, postgrey, and after enable (only this time ) rpmforge repo I've installed clamav-milter.

Next I've configured postfix to act as mailgateway for our internal mailserver, and I've enabled some controls on sender, look my posfix.conf:

smtpd_recipient_restrictions =  reject_invalid_hostname,
                                check_sender_access hash:/etc/postfix/whitelist
                                reject_rbl_client zen.spamhaus.org,
                                reject_rbl_client dnsbl.njabl.org,

in "check_sender_access" I've Whitelists some sender that use blacklisted mailservers.
Now It's time to setup postgrey, so in "smtpd_recipient_restrictions" section of main.cf add this line at the end of the section:

check_policy_service inet:

In /etc/sysconfig/postgrey you have to set options. This is mine:

OPTIONS="--greylist-text=\"You are greylisted...try again later. \"
--inet=  --user=postfix --group=postfix"

You can also use unix socket instead of tcp socket It's your choice.
Clamav-milter need to be configured, his configuration file is in /etc/clamav-milter.conf,
I've changed these parameter:

MilterSocket unix:/var/clamav/clmilter.socket
User clamav
AllowSupplementaryGroups yes
ClamdSocket unix:/var/run/clamav/clamd.sock
LogFile /var/log/clamav/clamav-milter.log
LogSyslog yes
LogFacility LOG_MAIL
LogInfected Basic

To instruct postfix to use clamav-milter, add these two lines in /etc/postfix/main.cf after "smtpd_recipient_restrictions" section:

smtpd_milters = unix:/var/clamav/clmilter.socket
non_smtpd_milters = unix:/var/clamav/clmilter.socket

With this settings we have no false positive, and we can catch 99 % of spam.