Posted by anurag on Wed 21 Mar 2007 at 12:04
Last week, due to disk failure, we had to reinstall a server. This old workhorse has been serving numerous domains for the past 4 years and needed urgent maintenance. I made sure that I noted all the steps involved in implementing an Antispam & Antivirus filtering capable mail server when setting it up from scratch, and this article is the result.
Of course, first of all get Debian 'Sarge' running on the server. Though, everything detailed here also works with 'Woody' 'Sarge' is recommended, and Etch will soon replace that.
2. Install the following packages from the Debian repositories via apt-get:
# apt-get install exim4-daemon-heavy # apt-get install clamav-daemon # apt-get install sa-exim # apt-get install spamassassin spamc
After the packages have been installed, we need to make changes to the configuration files.
3. /etc/default/spamassassin Change the parameter ENABLED to:
ENABLED=1
4. /etc/group Add clamav user into Debian-exim's group. This will allow clamav-daemon to read/write into directories owned by Exim4. Exim4 needs to demime the attachments and store them into a temporary directory and ask clamav-daemon to scan it.
Debian-exim:x:102:clamav
5. /etc/exim4/sa-exim.conf Locate these lines:
###
SAEximRunCond: ${if and {{def:sender_host_address} {!eq {$sender_host_address}{127.0.0.1}} {!eq {$h_X-SA-Do-Not-Run:}{Yes}} } {1}{0}}
#Remove or comment out the following line to enable sa-exim
SAEximRunCond: 0
###
Then change SAEximRunCond to:
SAEximRunCond: 1
6. Configuring Exim4's configuration files.
Make sure that Exim4 is using "split" configuration files (i.e. multiple files inside /etc/exim4/conf.d/* ) Now locate these configuration files and make following changes.
7. /etc/exim4/conf.d/acl/40_exim4-config_check_data
At the end of the file, just before "accept" statement, add following lines.
# Deny viruses. deny message = Message contains malware or a virus ($malware_name). log_message = $sender_host_address tried sending $malware_name demime = * malware = *
8. /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs
At the starting of the file somewhere add this line:
av_scanner = clamd:/var/run/clamav/clamd.ctl
9. Restart the Exim4 daemon
# /etc/init.d/exim4 restart
Keep a watch on Exim4's log files especially "paniclog", as it processes mails. Error messages are pretty much self explanotary and you may by able to fix them.
best luck, Anurag
This article can be found online at the Debian Administration website at the following bookmarkable URL (along with associated comments):
This article is copyright 2007 anurag - please ask for permission to republish or translate.