Advertisment
Implementation Guides

Secure Your Mail Server

author-image
PCQ Bureau
New Update

The biggest problem faced by network administrators today is to provide a mail server that can filter spam and doesn't distribute viruses. True, creating a mail server that is completely secure from spam and viruses is virtually impossible. But in this article you will see one way of creating a mail server for your intranet, which is both effective and cost efficient. We shall be using Postfix (a Linux mail server) coupled with Spamassassin (a well known open source spam filter) and Amavis (an e-mail anti virus). This triplet combination is very popular and is deployed on many mail servers for internal and external mailing. But the same settings can be migrated to an Internet mail server as well. 

Advertisment

What you will need



Obviously Postfix, Amavis and Spamassassin are the three most important components. And if you are using either FC3 (Fedora Core 3) or RHEL 3 then you will need only these three components. You can download all of them from rpmfind.net. But if you are using PCQLinux 2004 then you will need to sort out some dependencies: metamail, libstdc++, ncompress and zoo. Again all these rpms can be downloaded from the rpmfind.net. When the downloads are done, install them one by one using the following command:

Direct Hit!
Applies to: Mail server administrators
USP:

 Configure Postfix mail server with spamassassin 
Links:

www.amavis.org/howto 

# rpm -ivh filename

Advertisment

Let's get started



First of all you have to select the mail transfer agent you want use. By default PCQLinux/Fedora has two MTAs and the default is set to sendmail. Run the following command as root to choose the right one.

#alternatives --config mta

It will give you an output as in this screenshot (on page 68). 

Advertisment

Now to select Postfix as your default MTA press '2' at the prompt and hit enter. This command will also set Postfix to get started when the system reboots. 

Here the entry marked by a star (*) is the default entry. To change the default agent, press the number shown against that MTA

Next comes configuring. There are two ways of configuring Postfix. One using Webmin and the other, modifying the configuration file manually. The parameters to modify are as follows. 

Advertisment

Open up the file /etc/postfix/main.cf and add the values to the following entries

command_directory = /usr/sbin



daemon_directory = /usr/libexec/postfix


mail_owners = postfix


myshotname=yourhost.yourdomain.com


mydomainname=yourdomain.com


inet_interface = all


mydestination=$mydomain, $myostname, localhost


mynetwork=your_network_address/subnet, 127.0.0.0/8


relayhost=<$mail.myprovider>


alias_database = hash:/etc/postfix/aliases


disable_dns_lookups=yes








Save the file, exit and execute the following to start Postfix and the network.

Advertisment

# service postfix restart



# service network restart

Partition Scheme 
To build a robust mail server, the installation and partition mechanism should also be similar to that for a server. As a good practice you should have two different partitions for

/usr and /home. These partitions should be enough to accommodate all your mail (at least a couple of

GBs). It is better to create LVM (Logical Volume Manager) partitions for them. LVM will allow you to later insert a new hard disk and add it to the existing LVM partition. RAID 3 or Mirroring are also good ideas to avoid single point of failure for your mail.

Postfix is now configured to distribute mails in your local domain. To check whether its running or not, you can telnet into it like this:

Advertisment

# telnet 127.0.0.1 25

This would connect to your Postfix server and give you a welcome message as:

220 yourhostname ESMTP Postfix.

Advertisment

All your SMTP command should work here. In case you can want to come out from here just type in 'quit'. 

Configuring Spamassassin



Configuring spamassassin is not a tough job because you just need to install it. Now that you have already done this, it is already configured. But there is still one step you have to do manually. You have to configure Postfix so that it can pass all the mail through spamassassin before sending them. For this, you need to write a shell script, which would do it automatically. First start spamassassin in daemon mode as:

# service spamassassin start

Now create a file called '/bin/filter.sh' and key in the following into it.

#!/bin/sh



#


INSPECT_DIR=/var/spool/flter


SENDMAIL="/usr/sbin/sendmail -i"


SPAMASSASSIN=/usr/bin/spamc


Ex_TEMPFAIL=75



EX_UNAVAILABLE=69

cd $INSPECT_DIR || {echo $INSPECT_DIR does not exists; \



Exit $EX_TEMPFAIL; }

trap "rm -f in.$$; rm -f out.$$" 0 1 2 3 15

cat | $SPAMASSASSIN -f > out.$$ #|| \



# {echo Message content reject; exit $EX_UNAVAILABLE;}

$SENDMAIL "$@" < out.$$

exit $? 

Here the entry marked by a star (*) is the default entry. To change the default agent, press the number shown against that MTA

Now give it executable rights (chmod 777). After this you have to create a user and a usergroup called spamfilter. To do this, run the following command.

# useradd -d /dev/null -s /bin/false spamfilter

Next run the following.

# mkdir /var/spool/filter



# chgrp spamfilter /var/spool/filter


# chmod 777 /var/spool/filter

Now you have to re-modify your master.cf file so that it can call filter.sh automatically. For this open the file /etc/postfix/mater.cf in any editor and enter the following.

filter unix - n n - - pipe



user=spamfilter argv=/bin/filter.sh


-f $(sender) -- ${recipent} 


smtp inet n -n - - smtpd


-o content_filter=filter; 


Now, all your mail will pass through Postfix twice-once before and once after getting scanned by spamassassin. You can check this by sending a test mail containing some spam-list words such as 'credit card offers', 'enlarge', 'compare rates', 'be amazed' etc.

In the next part of this article you can learn to configure Amavis with this server so that it can also scan the mail for viruses.

Anindya Roy

Advertisment