On moving anti-spam and viruschecking from an endangered host
Prev Part I.  Miscellaneous subjects (and those still to be sorted)  Next

On moving anti-spam and viruschecking from an endangered host

Jurjen Bokma

July 2007

Procedure 30.  Things to do on the new server

  1. Install some packages: apt-get install spamassassin spamc spamoracle spampd spamprobe clamav clamav-base clamav-daemon clamav-freshclam postfix postfix-tls

  2. Leave /etc/spamassassin and /etc/clamav as they are (for now)

  3. Alter /etc/default/spamassassin: 

    # Change to one to enable spamd
ENABLED=1
#...
#OPTIONS="--create-prefs --max-children 5 --helper-home-dir"
OPTIONS="-c -m 10 -H -i my.own.ip.number -p 783 -u spamass"

  4. Add a SpamAssassin-specific system user: adduser --system spamass

  5. Start SpamAssassin: /etc/init.d.spamassassin restart

  6. Edit /etc/default/spampd: 

    AUTOWHITELIST=1
#...
LOCALONLY=0

  7. Start the spampd daemon: /etc/init.d/spampd start

  8. Start the ClamAv daemons:


      
    /etc/init.d/clamav-daemon start && \
    /etc/init.d/clamav-daemon clamav-freshclam
      

  9. Edit /etc/amavis/conf.d/05-domain_id: 

    @local_domains_acl = ( ".$mydomain", "my.first.domain.com", "my.second.domain.com", "my.third.domain.com" );

  10. Edit /etc/amavis/conf.d/20-debian-defaults (the last two lines are the modification) in oder to grant access from other machines than localhost: 

    $inet_socket_port = 10024;   # default listenting socket
@inet_acl = ( '127/8', 'my.ip.nnn/24' ); #This needed to grant access to mailservers JBJB JB 20070717
$inet_socket_bind = undef;               #This needed too to grant access to mailservers JBJB JB 20070717

  11. Restart the amavis daemon: /etc/init.d/amavis restart

Procedure 31.  Things to do on the mail server


[15] This assumes that in /etc/postfix/master.cf you already have a snippet like this to enable it to receive from the mailscanner: 

10025           inet n  -       n       -       -  smtpd
   -o content_filter=
   -o local_recipient_maps=
   -o relay_recipient_maps=
   -o smtpd_restriction_classes=
   -o smtpd_client_restrictions=
   -o smtpd_helo_restrictions=
   -o smtpd_sender_restrictions=
   -o smtpd_recipient_restrictions=permit_mynetworks,reject
   -o mynetworks=my.first.ip.range/no_bitsmasked,my.second.ip.range/no_bitsmasked
   -o mynetworks_style=host
   -o strict_rfc821_envelopes=yes

Prev Up Next
OWL Home Part II.  Plain Usage