What if you hope to have ClamAV and SpamAssassin with your Debian Exim4, but don't really hope for a complete virtual hosting email system with vexim? You may follow this simple guideline and set them up within 15min :)
Install required packages
You may need something else but I am not sure right now. Please correct me if package missed:
apt-get update
apt-get install exim4-daemon-heavy spamassassin clamav-daemon clamav-freshclam clamav-testfiles greylistdConfigure SpamAssassin
In case of Debian, SpamAssassin is disable by default, so you will need to activate it by editing /etc/default/spamassassin:
# Change to one to enable spamd
ENABLED=1Configure Greylistd
That is very handy for Debian. Just simply run the following command and you will get it done:
greylistd-setup-exim4 addConfigure ClamAV
For ClamAV that will be a bit more complicated. I will suggest you have a look about /usr/share/doc/clamav/README.Debian.gz before start.
First of all, ClamAV will not able to scan the Exim4 mail spool according to directory privilege:
dc:~# ls -lad /var/spool/exim4/
drwxr-x--- 5 Debian-exim Debian-exim 4096 2008-03-06 07:35 /var/spool/exim4/So we will add user clamav to group Debian-exim, and change the directory privilege accordingly:
adduser clamav Debian-exim
chmod -Rf g+w /var/spool/exim4
chmod -Rf g+s /var/spool/exim4Next, let's check if /etc/clamav/clamd.conf contain the following line, or else set and active it:
AllowSupplementaryGroups trueAfter restart ClamAV, the scan action should be fine:
/etc/init.d/clamav-daemon restartConfigure Exim4
To activate ClamAV scan for Exim4, you will need to handle to part. You will need to tell Exim4 where is the unix socket for ClamAV. Edit /etc/exim4/exim4.conf.template, search and change the following line (edit /etc/exim4/conf.d/main/02_exim4-config_options if split config is being used):
av_scanner = clamd:/var/run/clamav/clamd.ctlNext, search this section and change as below (edit /etc/exim4/conf.d/acl/40_exim4-config_check_data if split config is being used):
# Deny if the message contains malware. Before enabling this check, you
# must install a virus scanner and set the av_scanner option in the
# main configuration.
#
# exim4-daemon-heavy must be used for this section to work.
#
deny
message = This message was detected as possible malware ($malware_name).
demime = *
malware = *For SpamAssassin, search the following line and uncomment it (edit /etc/exim4/conf.d/main/02_exim4-config_options if split config is being used):
spamd_address = 127.0.0.1 783Then Search the following section and uncomment as below (edit /etc/exim4/conf.d/acl/40_exim4-config_check_data if split config is being used):
# Add headers to a message if it is judged to be spam. Before enabling this,
# you must install SpamAssassin. You also need to set the spamd_address
# option in the main configuration.
#
# exim4-daemon-heavy must be used for this section to work.
#
# Please note that this is only suiteable as an example. There are
# multiple issues with this configuration method. For example, if you go
# this way, you'll give your spamassassin daemon write access to the
# entire exim spool which might be a security issue in case of a
# spamassassin exploit.
#
# See the exim docs and the exim wiki for more suitable examples.
#
warn
spam = Debian-exim:true
message = X-Spam-Flag: YES\n\
X-Spam-Score: $spam_score\n\
X-Spam-Level: $spam_bar\n\
X-Spam-Report: $spam_reportDon't use Debian's default message: Thunderbird will not recognize it! Read Thunderbird:Help Documentation:Dealing with Junk E-mail for more information.
Save all changes, and reactivate Exim4 setup:
dpkg-reconfigure exim4-configSome simple test
To test ClamAV, send yourself a email with ONLY the following line within body:
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*You email client should prompt you an error message and block your mail delivery.
To test SpamAssassin, send yourself an email with ONLY the following line within body:
XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34XAfter mail delivery, when you check the received email source code, you should have similar message within header. If you are using Thunderbird and enable junk filtering within your mail account setup, this message will even move to "Junk" folder directly:
X-Spam-Flag: YES
X-Spam-Score: 1000.0
X-Spam-Level: +++++++++++++++++++++++++++++++++++++++++++++++++++
X-Spam-Report: Spam detection software, running on the system "mail.example.com", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X
[...]
Content analysis details: (1000.0 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
-1.4 ALL_TRUSTED Passed through trusted hosts only via SMTP
1000 GTUBE BODY: Generic Test for Unsolicited Bulk Email
1.4 AWL AWL: From: address is in the auto white-list
Clamav readme file
Very good instructions!! Nice work. Thank You.
The info from /usr/share/doc/clamav/README.Debian.gz is just a small
bit different.
I think the suggested method is to add clamav to the Debian-exim group
("adduser clamav Debian-exim") and then modify /etc/clamav/clamd.conf
("AllowSupplementaryGroups = true")
Then "chmod g+w on /var/spool/exim4/scan"
Also, after running "dpkg-reconfigure exim4-config" a good way to double
check the config settings is to look in "/var/lib/exim4/config.autogenerated"
Document updated
Thanks for your suggestion, and document is now updated.
After a double check with latest
/usr/share/doc/clamav/README.Debian.gz, the user group handling of ClamAV should as you mentioned. Well... Since I clone most content from my old article, they seems to be outdated ;p----------------------------------------
Edison Wong
Nearly but not quite..
A nice summary here, get to the point of how to slot these in. However, it's not working for me.
First off, in order to configure clamav properly, I had to manually issue the command:
dpkg-reconfigure clamav-base
and then debconf guided me through the proper configuration.
As for spamassassin.... no errors in logs, but it simply isn't working. I'm not sure what the problem with this one is, I'll have to compare with my old config files and get back to you.
Not working
Nice tutorial but for me it also isn't working at all. Have no idea what is going wrong, Tried lots of configurations allready and since nothing is in the logfile i have no idea where to look next.
Mike
enable SA
I think you will also need to enable spamassassin in /etc/default/spamassassin
Post new comment