Exim4 with Antispam and Antivirus

Posted by Anurag in utilities
Wednesday, January 25. 2006

Last week, due to disk faliure we had to reinstall CC4 server. This old workhorse has been serving numerous domains since last 4 years and needed urgent maintenance. I had been customising Exim's configuration files over time,

But this time since we were doing it from scratch, I made sure that I was jotting down all the steps involved in implementing an Antispam & Antivirus filtering capable mail server.

1. Get Debian GNU/Linux 3.1 'Sarge'
Of course, first of all get Debian 'Sarge' running on the server. Though, everything detailed here also works with 'Woody' but 'Sarge' is recommended.

2. Download following packages from Debian
``exim4-daemon-heavy'', ``clamav-daemon'', ``sa-exim'', ``spamassassin'' and ``spamc'' via apt-get.

# apt-get install exim4-daemon-heavy
# apt-get install clamav-daemon
# apt-get install sa-exim
# apt-get install spamassassin spamc


After all of the above packages get installed, we need to make changes to following configuration files.

3. /etc/default/spamassassin
Change the parameter ENABLED to:

ENABLED=1


4. /etc/group
Add clamav user into Debian-exim's group. This will allow clamav-daemon to read-write into directories owned by Exim4. Exim4 needs to demime the attachments and store them into a temporary directory and ask clamav-daemon to scan it.

Debian-exim:x:102:clamav


5. /etc/exim4/sa-exim.conf
Locate these lines:

###
SAEximRunCond: ${if and {{def:sender_host_address} {!eq {$sender_host_address}{127.0.0.1}} {!eq {$h_X-SA-Do-Not-Run:}{Yes}} } {1}{0}}
# Remove or comment out the following line to enable sa-exim
SAEximRunCond: 0
###


Then change SAEximRunCond to

SAEximRunCond: 1


6. Configuring Exim4's configuration files.
Make sure that Exim4 is using splitted configuration files (i.e. multiple files inside /etc/exim4/conf.d/* ) Now locate these configuration files and make following changes.

7. /etc/exim4/conf.d/acl/40_exim4-config_check_data
At the end of the file, just before "accept" statement, add following lines.

# Deny viruses.
deny message = Message contains malware or a virus ($malware_name).
log_message = $sender_host_address tried sending $malware_name
demime =
malware =


8. /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs
At the starting of the file somewhere add this line:

av_scanner = clamd:/var/run/clamav/clamd.ctl


9. Restart Exim4 daemon

# /etc/init.d/exim4 restart


And keep a watch on Exim4's log files especially "paniclog", as it processes mails. Error messages are pretty much self explanotary and you may by able to fix them.

best luck
Anurag
Comments (0) - Trackbacks (0)

Trackbacks
Trackback specific URI for this entry

No Trackbacks

Comments
Display comments as (Linear | Threaded)

No comments


Add Comment

Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.
E-Mail addresses will not be displayed and will only be used for E-Mail notifications

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA

Standard emoticons like :-) and ;-) are converted to images.
BBCode format allowed
 
 

Calendar

Back January '09 Forward
Mon Tue Wed Thu Fri Sat Sun
      1 2 3 4
5 6 7 8 9 10 11
12 13 14 15 16 17 18
19 20 21 22 23 24 25
26 27 28 29 30 31  

Quicksearch

Advertisements

Bookmarks

Archives

January 2009
December 2008
November 2008
Recent...
Older...

Categories



All categories

Syndicate This Blog

Blog Administration

Open login screen

Creative

Creative Commons License - Some Rights Reserved
Original content in this work is licensed under a Creative Commons License

Visitors

Locations of visitors to this page


Geo Visitors Map