Spam

HowTo: Scalix, Fight Against Spam with Postfix

by
Reading Time: 4 minutes
2014-09-24-spam

This post will describe how to fight against spam on a Scalix system with the help of Postfix. I assume you replaced the Scalix SMTPD with Postfix, as described in this post:

How To: Replace Scalix SMTPD with Postfix

As the picture above indicates, sometimes, spam could be a good idea, but when talking about emails, spam is always considered as cumbersome. To help your users to save time and get to the important emails very fast, it is necessary to fight against spam and filter them from normal mails. There are many ways to do that, but I prefer to filter them as early as possible, which is at the server. That is mostly the main reason, why I decided to replace the Scalix SMTPD with Postfix. I will now explain how I fight against spam on my server.

Install and Configure the Required Packages

To start the fight against spam, you need to install the required packages on the system:

root@mail:~# apt-get install clamav clamav-daemon spamassassin amavisd-new

This will install “clamav” which is used to test attachments against viruses, which is not spam but need to be filtered too. The “spamassassin” package will do the spam filtering and the “amavisd-new” package will do the communication with Postfix and will use the two other tools to check and filter emails.

You now need to enable and configure the tools to work. The first thing would be to start “freshclam”, this will download the latest virus definitions and keep them up to date:

root@mail:~# /etc/init.d/clamav-freshclam start

The next step is to tell amavis to use spamassassin and clamav. Open this file:

root@mail:~# vi /etc/amavis/conf.d/15-content_filter_mode

and uncomment those lines:

@bypass_virus_checks_maps = (
   %bypass_virus_checks, @bypass_virus_checks_acl, $bypass_virus_checks_re);
@bypass_spam_checks_maps = (
   %bypass_spam_checks, @bypass_spam_checks_acl, $bypass_spam_checks_re);

This will tell amvis to check all emails and attachments with the help of spamassassin and clamav. I will now tune spamassassin to fit my needs.

Open this file:

root@mail:~# vi /etc/amavis/conf.d/20-debian_defaults

I changed some options to fit better to my needs:

#$sa_spam_subject_tag = '***SPAM*** ';
$sa_tag2_level_deflt = -9999; # add 'spam detected' headers at that level

The first command is commented to let the subject as it is. I don’t like those “***SPAM***” strings in the subject. The second option will add the X-SPAM headers to the mail, which I use to filter spam on the mail server. I will come back to that later.

After every thing is configured, you need to start/restart all the services.

Configure Postfix to Fight Against Spam

The last step is to tell Postfix, to use amavis for mail filtering. This is a very easy step, as you just need to add some lines to the master.cf:

smtp-amavis  unix    -    -    n    -    2    smtp
 -o smtp_data_done_timeout=1200
 -o smtp_send_xforward_command=yes
 -o disable_dns_lookups=yes
127.0.0.1:10025 inet    n    -    n    -    -    smtpd
 -o content_filter=
 -o local_recipient_maps=
 -o relay_recipient_maps=
 -o smtpd_restriction_classes=
 -o smtpd_helo_restrictions=
 -o smtpd_sender_restrictions=
 -o smtpd_recipient_restrictions=permit_mynetworks,reject
 -o mynetworks=127.0.0.0/8
 -o strict_rfc821_envelopes=yes
 -o smtpd_error_sleep_time=0
 -o smtpd_soft_error_limit=1001
 -o smtpd_hard_error_limit=1000
 -o receive_override_options=no_header_body_checks

Now, every email, is sent to the amavis daemon, which is doing all the tests and afterwards, the amavis daemon uses the Postfix service, running on 127.0.0.1:10025 to send the mail back to Postfix. The mail is then handed over to the Scalix SMTPD to put the mail in the correct mailbox.

I also added some restrictions to the main.cf in order to prevent some spammy mail servers to connect and send emails to my server:

smtpd_client_restrictions =
                permit_mynetworks
                permit_sasl_authenticated
                reject_rbl_client zen.spamhaus.org
                reject_rbl_client bl.spamcop.net
                reject_rbl_client ix.dnsbl.manitu.net
                reject_unknown_client
                permit

smtpd_sender_restrictions =
                permit_mynetworks
                permit_sasl_authenticated
                reject_invalid_hostname
                reject_non_fqdn_hostname
                reject_unknown_recipient_domain
                reject_non_fqdn_recipient
                reject_non_fqdn_sender
                reject_unknown_sender_domain
                reject_unknown_recipient_domain
                reject_unauth_destination
                permit

smtpd_recipient_restrictions =
                permit_mynetworks
                permit_sasl_authenticated
                reject_unauth_destination

You can test the setup by sending some testmails to your server with some SpamAssassin strings, which will be detected as Spam/Virus.
Spam test string:

XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X

Virus test string:

X5O!P%@AP[4PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

If you insert those lines into a mail, the mail should be classified accordingly.

Create Scalix Rule to Filter Mails

In order to filter spammy emails from important emails I use the Scalix server side rules. Normally, those rules must be applied by every user, which could be hard for non-it guys. But there is a solution. I created a small script, which will iterate over all users and check if the spam filter rule is there and if not, the script will create this rule. The script can be found below:

#!/bin/bash
#This script will add iterate over every user and add the SPAM rule

user_list=$(omshowu -m mail -i)
arr=$(echo $user_list | tr " " "n")
for x in $arr
do
        spam_filter=$(sxaa --user $x | grep SPAM)
        if [[ $spam_filter != *SPAM* ]]
        then
                echo Add SPAM Rule for $x
                sxaa --user $x --file "Spam" --header "%X-Spam-Flag: YES%" --title "SPAM"
        fi
done

The rule will use the X-Spam flag to detect, whether the mail is spam or not. If the mail is marked as spam, the mail will be put into the “SPAM” folder. This makes it easy for my users to deal with the important emails and they can go through the spammy emails when they have the time. You can run the script as a cron job.

For any feedback or questions, you can use the comment function.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.