How to Add Antivirus and Spam Protection to Postfix Mail Server with ClamAV and SpamAssassin

In today's world, email is a crucial tool for communication, both in personal and professional settings. However, it can also be a target for malicious attacks such as viruses and spam. As a result, it is vital to secure your mail server against these threats. One way to do this is by adding antivirus and spam protection to your Postfix mail server with ClamAV and SpamAssassin.

In this article, we will guide you through the steps to add ClamAV and SpamAssassin to your Postfix mail server, and show you how to configure them to work together to protect your mail server against viruses and spam.

What is ClamAV?

ClamAV is an open-source antivirus engine that can detect and remove viruses, malware, and other malicious content from emails. It supports various file formats and can scan both incoming and outgoing email messages.

What is SpamAssassin?

SpamAssassin is another open-source tool that can identify and mark spam emails. It uses a range of techniques such as header analysis, Bayesian filtering, and DNS blocklists to evaluate email messages' content and determine whether they are spam or not.

Installing ClamAV and SpamAssassin

Before we begin, make sure you have a working Postfix mail server installed on your system. If not, you can follow the official Postfix installation guide for your operating system.

To install ClamAV and SpamAssassin, you can use your system's package manager. For example, on Debian-based systems, you can run the following command −

sudo apt-get install clamav clamav-daemon spamassassin

On Red Hat-based systems, you can run the following command −

sudo yum install clamav clamav-update clamav-scanner-systemd spamassassin

Configuring ClamAV and SpamAssassin

Once you have installed ClamAV and SpamAssassin, you need to configure them to work with Postfix. Here's how −

Configuring ClamAV

By default, ClamAV runs as a daemon, which listens on a Unix socket for incoming requests from other applications such as Postfix. To enable ClamAV's daemon, you need to edit its configuration file located at /etc/clamav/clamd.conf and make sure the following lines are uncommented −

# Comment or remove the following line
#LocalSocket /run/clamav/clamd.sock

# Add the following line
TCPSocket 3310

These lines tell ClamAV to listen on TCP port 3310 instead of the Unix socket. This is important because Postfix communicates with ClamAV over TCP.

Next, you need to configure Postfix to communicate with ClamAV. To do this, you need to add the following lines to Postfix's configuration file located at /etc/postfix/main.cf −

# Add the following lines
content_filter = smtp-amavis:[127.0.0.1]:10024
receive_override_options = no_address_mappings

These lines tell Postfix to use ClamAV as a content filter, and to pass emails to it through the Amavis interface. Amavis is a content filter interface that allows various email filters such as ClamAV and SpamAssassin to work together.

Finally, you need to configure ClamAV's daemon to use the TCP socket by editing the file /etc/default/clamav-daemon and making sure the following line is uncommented −

# Comment or remove the following line
#TCP_SOCKET=unix:/var/run/clamav/clamd.ctl

# Add the following line
TCP_SOCKET=3310

These lines tell ClamAV's daemon to listen on the TCP socket instead of the Unix socket.

Configuring SpamAssassin

To configure SpamAssassin, you need to edit its configuration file located at /etc/spamassassin/local.cf and make sure the following lines are uncommented −

# Uncomment the following line
# rewrite_header Subject *****SPAM*****

# Uncomment the following line
# required_score 5.0

# Uncomment the following line
# report_safe 1

# Uncomment the following line
# use_bayes 1

These lines tell SpamAssassin to rewrite the email's subject line to indicate that it is spam, to mark emails with a score of 5.0 or higher as spam, to report the original message as an attachment, and to use Bayesian filtering to identify spam.

Next, you need to configure Postfix to use SpamAssassin. To do this, you need to add the following lines to Postfix's configuration file /etc/postfix/main.cf −

# Add the following lines
header_checks = regexp:/etc/postfix/header_checks
smtpd_milters = inet:127.0.0.1:8891
non_smtpd_milters = $smtpd_milters
milter_default_action = accept

These lines tell Postfix to use a regular expression file to check the email's headers for spam, to pass the email to the SpamAssassin daemon through the Milter interface, and to accept the default action from the milter.

Finally, you need to create the header_checks file by running the following command −

sudo nano /etc/postfix/header_checks

Then add the following line to the file −

/^Subject:/       FILTER smtp-amavis:[127.0.0.1]:10024

This line tells Postfix to filter the email's subject line through the Amavis interface and to pass it to ClamAV and SpamAssassin for scanning.

Testing the Configuration

To test the configuration, you can send an email to your mail server with a virus attached or with spam content. If everything is configured correctly, ClamAV and SpamAssassin should detect and quarantine the email.

You can check ClamAV's logs located at /var/log/clamav/clamd.log and SpamAssassin's logs located at /var/log/mail.log to see if any errors occurred during the scanning process.

In addition to the steps outlined above, there are a few additional considerations you should keep in mind when configuring ClamAV and SpamAssassin for your Postfix mail server.

Firstly, you should ensure that your system has enough resources to handle the additional load of running ClamAV and SpamAssassin. These tools can be resource-intensive, so it's important to have enough RAM and CPU power to support them. If your system is struggling to keep up, you may need to consider upgrading your hardware or optimizing your configuration.

Secondly, you should configure your system to automatically update ClamAV and SpamAssassin's virus and spam definitions regularly. These updates contain the latest signatures for identifying and blocking new threats, so it's important to stay up-to-date to ensure your mail server is adequately protected.

To update ClamAV's virus definitions, you can run the following command −

sudo freshclam

This command will download the latest virus definitions and update ClamAV's database.

To update SpamAssassin's spam definitions, you can run the following command −

sudo sa-update

This command will download the latest spam rules and update SpamAssassin's database.

You can schedule these commands to run automatically using cron jobs to ensure that your virus and spam definitions are always up-to-date.

Finally, you should also configure your mail server to send notifications to users when an email is identified as spam or contains a virus. This will help ensure that legitimate emails are not accidentally discarded and that users are aware of any potential threats.

To configure notifications, you can add the following lines to Postfix's configuration file /etc/postfix/main.cf −

# Add the following lines
notify_classes = bounce, 2bounce, policy, protocol, resource, software
bounce_notice_recipient = postmaster
2bounce_notice_recipient = postmaster

These lines tell Postfix to send notifications to the postmaster address for certain events, including when an email is bounced due to being identified as spam or containing a virus.

By following these additional considerations, you can ensure that your ClamAV and SpamAssassin configuration is optimized and effectively protecting your Postfix mail server against malicious threats.

Conclusion

Adding antivirus and spam protection to your Postfix mail server with ClamAV and SpamAssassin is an effective way to secure your email communication against malicious attacks. By following the steps outlined in this article, you can configure ClamAV and SpamAssassin to work together and protect your mail server against viruses and spam.