Antivirus and Antispam setup with Exim4

Posted by anurag on Wed 21 Mar 2007 at 12:04

Last week, due to disk failure, we had to reinstall a server. This old workhorse has been serving numerous domains for the past 4 years and needed urgent maintenance. I made sure that I noted all the steps involved in implementing an Antispam & Antivirus filtering capable mail server when setting it up from scratch, and this article is the result.

Install Debian 'Sarge'


1. Get Debian GNU/Linux 3.1 'Sarge'

Of course, first of all get Debian 'Sarge' running on the server. Though, everything detailed here also works with 'Woody' 'Sarge' is recommended, and Etch will soon replace that.

Additional Packages

2. Install the following packages from the Debian repositories via apt-get:

# apt-get install exim4-daemon-heavy
# apt-get install clamav-daemon
# apt-get install sa-exim
# apt-get install spamassassin spamc

After the packages have been installed, we need to make changes to the configuration files.

Spamassasssin Configuration

3. /etc/default/spamassassin Change the parameter ENABLED to: 

ENABLED=1

Exim's group configuration

4. /etc/group Add clamav user into Debian-exim's group. This will allow clamav-daemon to read/write into directories owned by Exim4. Exim4 needs to demime the attachments and store them into a temporary directory and ask clamav-daemon to scan it.

Debian-exim:x:102:clamav

SA-Exim configuration

5. /etc/exim4/sa-exim.conf Locate these lines:

### 
SAEximRunCond: ${if and {{def:sender_host_address} {!eq {$sender_host_address}{127.0.0.1}} {!eq {$h_X-SA-Do-Not-Run:}{Yes}} } {1}{0}}
#Remove or comment out the following line to enable sa-exim
SAEximRunCond: 0
###

Then change SAEximRunCond to:

SAEximRunCond: 1

Exim4 Configuration files

6. Configuring Exim4's configuration files.

Make sure that Exim4 is using "split" configuration files (i.e. multiple files inside /etc/exim4/conf.d/* ) Now locate these configuration files and make following changes.

Customising reject messages in Exim4

7. /etc/exim4/conf.d/acl/40_exim4-config_check_data

At the end of the file, just before "accept" statement, add following lines.

# Deny viruses.
deny message = Message contains malware or a virus ($malware_name).
log_message = $sender_host_address tried sending $malware_name
demime = *
malware = *

Clamav configuration for Exim4

8. /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs

At the starting of the file somewhere add this line:

av_scanner = clamd:/var/run/clamav/clamd.ctl

Restart Exim4

9. Restart the Exim4 daemon

# /etc/init.d/exim4 restart

Keep a watch on Exim4's log files especially "paniclog", as it processes mails. Error messages are pretty much self explanotary and you may by able to fix them.

best luck, Anurag

This article can be found online at the Debian Administration website at the following bookmarkable URL:

This article is copyright 2007 anurag - please ask for permission to republish or translate.