This page will guide you in configuring MailScanner, ClamAV and SpamAssassin to work in Postfix. Before proceeding, please make sure that all of the above components are already installed.
Here are the installation guides for the above components.
- How to install Postfix SMTP Server
- How to install Clam Anti-virus (ClamAV)
- How to install MailScanner
SpamAssassin is included in Red Hat Enterprise Linux 5 and CentOS 5 and it’s ready to go out of the box. Just add it using the Package Manager tool if you haven’t done so during installation.
Configuring MailScanner
1. Edit the file /etc/MailScanner/MailScanner.conf%org-name% = your organization name %org-long-name% = your full organization name Run As User = postfix Run As Group = postfix Incoming Queue Dir = /var/spool/postfix/hold Outgoing Queue Dir = /var/spool/postfix/incoming Incoming Work Group = clamav Incoming Work Permissions = 0640 MTA = postfix Virus Scanners = clamd Clamd Socket = /tmp/clamd.socket Use SpamAssassin = yes SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin
2. Click Applications and click File Browser to launch the File Browser window and go to the /var/spool/MailScanner directory.
3. In the File Browser window, click File and click Create Folder. Name the new folder spamassassin.
4. Right click on the folder incoming and click Properties.
ln -s /usr/bin/freshclam /usr/local/bin/freshclamMailScanner will be looking for freshclam in the /usr/local/bin directory so we’ll create a symbolic link to it in that directory.
Integrating MailScanner into Postfix
1. Edit the file /etc/postfix/main.cf and remove the # in front of the line below header_checks = regexp:/etc/postfix/header_checks
2. Edit the file /etc/postfix/header_checks and add the line below to the bottom of the file/^Received:/ HOLDThis will now place all incoming mail into the holding area until released by MailScanner.
3. MailScanner should now be the one to start the Postfix service. Stop the Postfix service and start the MailScanner service in that order. Learn how to stop and start services here.
4. Test if Postfix is still working. See Test Postfix using Telnet.Congratulations
Congratulations, your mails are now checked for spam and viruses. Each mail you send or receive will now contain the lines below to indicate that MailScanner is doing its job.
This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
If you would like to change the inline signature above or any MailScanner email templates, go to /etc/MailScanner/reports/en for the English templates.
***
Posted on 4/25/2007 and last updated on 5/1/2008
Filed under Anti-spam/Anti-virus , CentOS 5 , MailScanner , Postfix , Red Hat Enterprise Linux 5
Share This
March 4th, 2008 at 3:12 am
There are log files for errors?
How many time takes to release a one line mail MailScanner?
The telnet test does not send any mail so far.
Thanks.
March 4th, 2008 at 12:11 pm
> Are there log files for errors?
I don’t think so. The problem I usually encounter are mails getting stuck in /var/spool/postfix/hold. This happens when one of the component, either the anti-virus or anti-spam is not configured properly.
March 11th, 2008 at 4:27 am
I had to change the setting
Clamd Socket = /tmp/clamd
to
Clamd Socket = /tmp/clamd.socket
in the mailscanner.conf
else I got his error
Cannot find Socket (/tmp/clamd) Exiting!
in the maillog.
Otherwise your webpage was excellent.
Have you tried webmin?
Thanks
Todd
March 24th, 2008 at 10:41 am
I can’t find this folder /etc/MailScanner/MailScanner.conf
March 24th, 2008 at 12:35 pm
Hi Froylan,
You probably wasn’t able to successfully install MailScanner. There should be a /etc/MailScanner folder and a MailScanner.conf file in it. Try installing MailScanner from a terminal window to see the error.
March 24th, 2008 at 12:40 pm
Hi Todd,
You’re right about clamd socket, I must have missed that out when I was documenting the steps. I’ve corrected the text, thank you very much.
I haven’t tried out webmin, but I’ve seen the screenshots and it looks very interesting.
March 24th, 2008 at 2:27 pm
this my error
error: Failed dependencies:
perl-MIME-tools >= 5.412 is needed by mailscanner-4.67.6-1.noarch
March 24th, 2008 at 6:00 pm
No idea why that one occurred. Below is from http://www.mailscanner.info/linux.html
“If it fails to install the MIME-tools module, then something has gone wrong and you should look back through the script’s output and try to determine what failed.”
March 28th, 2008 at 2:36 pm
hi to all
how im going to change or create my own domain instead of @localhost.localdomain… I have this error sending email to my email server alwways have this msgs…
This is an automatically generated Delivery Status Notification
Delivery to the following recipient failed permanently:
lhan@localhost.localdomain
Technical details of permanent failure:
PERM_FAILURE: DNS Error: Domain name not found
March 28th, 2008 at 11:56 pm
Goto the Network Configuration window by clicking on System > Administrator > Network. From the Network Configuration window, click the DNS tab.
April 19th, 2008 at 6:06 am
Hi,
I’m having this permission problem:
Apr 19 13:39:23 localhost dovecot: POP3(fbm): Mailbox init failed top=0/0, retr=0/0, del=0/1, size=495
Apr 19 13:39:57 localhost dovecot: pop3-login: Login: user=, method=PLAIN, rip=::ffff:127.0.0.1, lip=::ffff:127.0.0.1, secured
Apr 19 13:39:57 localhost dovecot: POP3(fbm): open(/home/fbm/Maildir/cur/auth:2,) failed: Permission denied
Apr 19 13:39:57 localhost dovecot: POP3(fbm): open(/home/fbm/Maildir/cur/auth:2,) failed: Permission denied
This happened after integrating MainScanner to postfix. What could have caused this?
April 19th, 2008 at 6:38 am
I made an additional test to see if this problem will appear also with other users. I created a new user, sent mail to it, checked via telnet and I was able to log-in and get the message. This means that the configuration is correct, but this user has some problems with it’s mailbox (the one I initially used for testing). What could be causing this for this user?
April 19th, 2008 at 7:07 am
Please disregard previous two posts. Found out that I made a symbolic link pointing to nowhere in Maildir/cur directory. Everything is all working ok now.
April 29th, 2008 at 6:05 pm
My mail is held in /var/spool/postfix/hold directory as shown below:
-rwx—— 1 postfix postfix 1071 Apr 29 11:48 EC743191808D
Clam seems to be fine.
[root@www_01 ~]# clamscan
/root/.esd_auth: OK
/root/.tcshrc: OK
/root/.viminfo: OK
/root/.Xauthority: Empty file
/root/.rpmmacros: OK
/root/.bash_logout: OK
/root/anaconda-ks.cfg: OK
/root/.bash_profile: OK
/root/.bash_history: OK
/root/install.log.syslog: OK
/root/.cshrc: OK
/root/.bashrc: OK
/root/.lesshst: OK
/root/.dmrc: OK
/root/install.log: OK
/root/.xauth7luPa5: OK
/root/.rnd: OK
/root/.ICEauthority: OK
/root/.gtkrc-1.2-gnome2: OK
———– SCAN SUMMARY ———–
Known viruses: 272239
Engine version: 0.93
Scanned directories: 1
Scanned files: 18
Infected files: 0
Data scanned: 0.07 MB
Time: 1.687 sec (0 m 1 s)
[root@www_01 ~]#
The only error I can find from /var/log/maillog is:
Apr 29 13:10:03 www_01 ClamAV-autoupdate[13773]: ClamAV updater /usr/local/bin/freshclam cannot be run
What can be wrong here? Any suggestion?
April 29th, 2008 at 7:31 pm
See this link at http://forum.ensim.com/showthread.php?s=&threadid=10394 on how to fix freshclam fails to run issue.
I have “Clamd Socket = /tmp/clamd.socket” in /etc/MailScanner/MailScanner.conf file. However, I have this error in /var/log/maillog:
Apr 29 15:07:22 www_01 MailScanner[15291]: Cannot find Socket (/tmp/clamd.socket) Exiting!
Any suggestion?
April 29th, 2008 at 10:09 pm
Last issue was resolved by restarting clamd.
The problem now is:
Apr 29 18:03:06 www_01 MailScanner[4178]: Clamd::ERROR:: UNKNOWN CLAMD RETURN ./lstat() failed. ERROR :: /var/spool/MailScanner/incoming/4178
It looks there are inconsistent permission settings between ClamAV and MailScanner. Any suggestion?
April 30th, 2008 at 2:50 pm
I was able to resolve this one with help from this link http://www.nuonce.net/support/viewthread.php?tid=1856 and setting ‘Virus Scanners = clamav’ in /etc/MailScanner/MailScanner.conf file.
Thanks,
Vince
April 30th, 2008 at 2:54 pm
I would like to customize the message appended at the end of each email.
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
I assume it’s configurable but where. Anyone knows?
Thanks,
Vince
May 1st, 2008 at 2:18 pm
Hi Vince,
Thank you very much for your comments. Something must have changed with either MailScanner or ClamAV which broke the guide. I’ve updated the text above, thanks again.
The answer came from MailScanner.conf
Note: If the “Run As User” is “root” (or not set at all) and you are using the “clamd” virus scanner, then this must be set:
Incoming Work Group = clamav
Incoming Work Permissions = 0640
Setting Virus Scanners = clamav will definitely fix the problem but I prefer to use the best option available which is clamd. See MailScanner now directly supports Clam Antivirus
I’ve also updated the text to correct the freshclam problem. Thanks for the link to the solution.
To change the inline signature and mail templates, go to /etc/MailScanner/reports/en for the English templates.
May 12th, 2008 at 6:12 am
Hi,
after following the steps, i m getting the following response:
[root@localhost ~]# telnet localhost smtp
Trying 127.0.0.1…
Connected to localhost.localdomain (127.0.0.1).
Escape character is ‘^]’.
Connection closed by foreign host.
help needed.
shyam
May 12th, 2008 at 11:43 am
Please check the log file at /var/log/maillog
May 17th, 2008 at 9:54 am
The log is showing like this:
May 17 15:01:02 localhost update.bad.phishing.sites: Delaying cron job up to 600 seconds
May 17 15:07:56 localhost postfix/pickup[10037]: 6D3F8648A38: uid=501 from=
May 17 15:07:56 localhost postfix/cleanup[10638]: 6D3F8648A38: hold: header Received: by localhost.localdomain (Postfix, from userid 501)??id 6D3F8648A38; Sat, 17 May 2008 15:07:56 +0530 (IST) from local; from= to=
May 17 15:07:56 localhost postfix/cleanup[10638]: 6D3F8648A38: message-id=
May 17 15:07:57 localhost MailScanner[9930]: New Batch: Scanning 1 messages, 726 bytes
May 17 15:07:58 localhost MailScanner[9930]: Virus and Content Scanning: Starting
May 17 15:07:58 localhost MailScanner[10641]: Cannot find Socket (/tmp/clamd.socket) Exiting!
May 17 15:07:58 localhost MailScanner[9930]: Requeue: 6D3F8648A38.36E0B to 72E59648A37
May 17 15:07:58 localhost postfix/qmgr[5582]: 72E59648A37: from=, size=896, nrcpt=1 (queue active)
May 17 15:07:58 localhost MailScanner[9930]: Uninfected: Delivered 1 messages
May 17 15:07:59 localhost postfix/qmgr[5582]: 72E59648A37: to=, relay=none, delay=2.7, delays=2.6/0.06/0/0, dsn=4.4.3, status=deferred (delivery temporarily suspended: Host or domain name not found. Name service error for name=tanaashi.com type=MX: Host not found, try again)
May 17 15:10:50 localhost postfix/qmgr[5582]: 12D7D6489D7: from=, size=896, nrcpt=1 (queue active)
May 17 15:10:50 localhost postfix/qmgr[5582]: 12D7D6489D7: to=, relay=none, delay=7373, delays=7373/0.03/0/0, dsn=4.4.3, status=deferred (delivery temporarily suspended: Host or domain name not found. Name service error for name=tanaashi.com type=MX: Host not found, try again)
May 17 15:10:50 localhost postfix/qmgr[5582]: 6F3E36489DB: from=, size=896, nrcpt=1 (queue active)
May 17 15:10:50 localhost postfix/qmgr[5582]: 6F3E36489DB: to=, relay=none, delay=3774, delays=3774/0.01/0/0, dsn=4.4.3, status=deferred (delivery temporarily suspended: Host or domain name not found. Name service error for name=tanaashi.com type=MX: Host not found, try again)
May 17 15:10:50 localhost postfix/qmgr[5582]: B3A176489DC: from=, size=896, nrcpt=1 (queue active)
May 17 15:10:50 localhost postfix/qmgr[5582]: B3A176489DC: to=, relay=none, delay=1974, delays=1974/0/0/0, dsn=4.4.3, status=deferred (delivery temporarily suspended: Host or domain name not found. Name service error for name=tanaashi.com type=MX: Host not found, try again)
May 17 15:11:04 localhost update.virus.scanners: Delaying cron job up to 600 seconds
May 17 15:12:59 localhost update.virus.scanners: Found clamav installed
May 17 15:12:59 localhost update.virus.scanners: Running autoupdate for clamav
May 17 15:13:00 localhost ClamAV-autoupdate[10759]: ClamAV update warning: ERROR: Please edit the example config file /usr/local/etc/freshclam.conf.
May 17 15:13:00 localhost ClamAV-autoupdate[10759]: ClamAV update warning: ERROR: Please edit the example config file /usr/local/etc/clamd.conf.
May 17 15:13:00 localhost ClamAV-autoupdate[10759]: ClamAV update warning: ERROR: Can’t parse the config file /usr/local/etc/clamd.conf
May 17 15:13:00 localhost ClamAV-autoupdate[10759]: ClamAV updater failed
May 17 15:13:00 localhost update.virus.scanners: Found generic installed
May 17 15:13:00 localhost update.virus.scanners: Running autoupdate for generic
May 17 15:26:00 localhost postfix/smtpd[11133]: warning: SASL: Connect to private/auth failed: Connection refused
May 17 15:26:00 localhost postfix/smtpd[11133]: fatal: no SASL authentication mechanisms
May 17 15:26:01 localhost postfix/master[2693]: warning: process /usr/libexec/postfix/smtpd pid 11133 exit status 1
May 17 15:26:01 localhost postfix/master[2693]: warning: /usr/libexec/postfix/smtpd: bad command startup — throttling
thanks.
shyam
May 18th, 2008 at 10:34 pm
Please describe your problem.
July 15th, 2008 at 10:09 pm
HELP!!! I have follow all the steps in this article, but I have a problem in the end when I try to test if postfix is still working…
this is the error:
[root@localhost ~]# telnet localhost smtp
Trying 127.0.0.1…
Connected to localhost.localdomain (127.0.0.1).
Escape character is ‘^]’.
220 localhost.localdomain ESMTP Postfix
ehlo host
250-localhost.localdomain
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
mail from: udla1
452 4.3.1 Insufficient system storage
Please this is for a very important exam!!! HELP!!!
July 16th, 2008 at 6:35 am
You don’t have enough space available. See
http://www.postfix.org/postconf.5.html#queue_minfree
July 16th, 2008 at 3:54 pm
Thanks for the information… I enter in the main.cf file of postfix and I haven’t found the parameter queue_minfree, so I added this to the bottom of the file, but even then appears the same problem… I don’t know what to do… please help!!!
July 16th, 2008 at 10:21 pm
You can check your available space by typing in df -h
July 17th, 2008 at 3:46 pm
Thanks… Now everything is working, maybe you know where I can find a good manual to do a cache dns with bind, I have to add this to my project. Thanks again for all!!!!… I owe you one!!!!