Let's Build a Spam/Antivirus Filter



I need a Spam and antivirus filter for my network. Free is better! I use Exchange and TMG but Email spam and AV is not that good, and Money is lacking. Soooo lets look to good old Linux!

I did the install of OpenSuse linux per  Installing OpenSUSE article. Initially I tryed it on Centos and it was workable but a difficult install due to built in repository limits so I opted for OpenSUSE 12.2

Disable sendmail by running the following from konsole as root

Service sendmail stop
chkconfig sendmail off


install (if not already installed) through Add/Remove software:

  1. postfix
  2. spamassassin
  3. clamav
  4. clamav-db
  5. rpm-build
  6. binutils
  7. glibc-devel
  8. perl-Digest-SHA1
  9. perl-Parse-RecDescent
  10. perl-MIME-tools
  11. perl-Mail-Mbox-MessageParser
  12. perl-Inline
  13. perl-Convert-TNEF
  14. perl-dbd-sqlite3
  15. perl-FileSys-Df
  16. perl-OLE-Storage_Lite
  17. perl-Mail-SpamAssassin-Plugin-ixhash
  18. gcc
  19. make
  20. perl-Net-DNS
  21. perl-Net-CIDR-Lite
  22. nano

Install Webmin

From the terminal or konsole runthe following commands (as root)

wget http://prdownloads.sourceforge.net/webadmin/webmin-1.610-1.noarch.rpm

rpm -U webmin-1.610-1.noarch.rpm

Using Webmin

Now go to https://localhost:10000

I went to: Networking-->Linux and created a new rule accepting incoming connections on port 25 for mail

I also created a rule for Webin access on port 10000 so I could access webmin from other computers.

Now, Lets configure postfix mail.

In Webmin go to "Servers-->Postfix Mail Server" and select "Edit Config Files"

in the "/etc/postfix/main.cf" file uncomment (delete "#") or add at the end the following entries:


myhostname = fqn.of.server
mydomain = your.domain
myorigin = $myhostname = server. mydomain.org
mydomain = mydomain.org
myorigin = $mydomain
inet_interfaces = all
mydestination = $myhostname, localhost.$mydomain $mydomain
mynetwork_style = host
relay_domains = mydomain.org, mydomain.com
transport_maps = hash:/etc/postfix/transport
append_at_myorigin = no
local_recipient_maps =
header_checks = regexp:/etc/postfix/header_checks

Click "Save"

Add SPF Verifying:

Download SPF Policy Server for Postfix from https://launchpad.net/postfix-policyd-spf-perl/ and extract it, Then copy the "postfix-policyd-spf-perl" file to "/usr/lib/postfix/".

Next you will go back to the Webmin Postfix Config File Editor you just used and select the "master.cf" file and add the following to the end of it.:

policy unix - n n - - spawn
argv=/usr/bin/perl /usr/lib/postfix/policyd-spf-perl

In Webmin select "Transport Mapping" under "Postfix Mail Server" so we can do all the transport mappings


Now select  Add a new mapping


Enter a description, type the domain name under name and ip address


Click save mapping and repeat for each domain.

Once you are done entering mappings, click Save and apply


Now let's modify the Header Check. Click on "Header Checks".

Next, Click "Add New Mapping"

Next, Enter a Descrition. Then in Regular expression enter:


Select "Place in hold queue (with log message..)"

Click Save Mapping.

"Save and Apply"


Now, download MailScanner (RedHat RPM) from http://www.mailscanner.info/downloads.html by entering the code below in the terminal or konsole

wget http://www.mailscanner.info/files/4/rpm/MailScanner-4.84.5-3.rpm.tar.gz
tar zxvf MailScanner-4.84.5-3.rpm.tar.gz
cd MailScanner-4.84.5-3

Extract the files from the tar ball then from konsole or terminal in the dorectory the file was extracted to (as root) run install.sh

Next in konsole or terminal as root, you need to run the following commands:

mkdir /var/spool/MailScanner/spamassassin
chown postfix.postfix /var/spool/MailScanner/spamassassin
chown postfix.postfix /var/spool/MailScanner/incoming
chown postfix.postfix /var/spool/MailScanner/quarantine
mkdir /var/spool/mqueue

Once that is done, you may want to download and install the MailScanner frontend into Webmin.

Go to http://msfrontend.svn.sourceforge.net/ and click on the "Download GNU tarball" at the bottom of the page.

Once it is downloaded, go back to your Webmin webpage and and under "Webmin" on the left hand side of the page, select "Webmin Configuration", then click "Webmin Modules" from the main panel in the page

Now click "From Uploaded File" radio button, then brows to the location you downloaded the file to.

Once that is done, you will need to go to "Servers-->MailScanner". Then you will need to click "Module Config" to set it up.

Then you will need to enter the following information into the configuration:

Full path to MailScanner program :      /usr/sbin/MailScanner
Full path and filename of MailScanner config file:    /etc/MailScanner/MailScanner.conf
Full path to the MailScanner bin directory:     /usr/sbin
Full path and filename for the MailScanner pid file:    /var/run/MailScanner.pid
Command to start MailScanner:   leave "Just run server" selected.
Command to stop MailScanner:   /etc/rc.d/init.d/MailScanner stop

Click Save.

Now let's configure it.

Click "Edit MailScanner Config File"


Now you need to find and modify the following entries in the file:

Run As User = postfix
Run As Group = postfix
Incoming Queue Dir = /var/spool/postfix/hold
Outgoing Queue Dir = /var/spool/postfix/incoming
MTA = postfix
Use SpamAssassin = yes
SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin
Monitors for ClamAV Updates = /var/lib/clamav/*.cld /var/lib/clamav/*.cvd



Reboot the server

Check ClamAV Configuration

touch /var/log/freshclam.log

chmod 600 /var/log/freshclam.log

chown vscan.vscan /var/log/freshclam.log


Now we need to add an update schedule. In konsole or terminal as root run the command "nano -w /etc/crontab".  now under the line "MAILTO=root" add the line:

5 * * * * /usr/bin/freshclam --quiet

press "CTRL+X", then type "Y" and "Enter"


Now let's make a scan schedule. in konsole type "nano -w /etc/cron.daily/clamav-scan" then enter the 2 following lines in


/usr/bin/clamscan -ri /

press "CTRL+X", then type "Y" and "Enter"

In konsole type:

chmod +x /etc/cron.daily/clamav-scan

dos2unix /etc/MailScan/*

chown postfix.postfix /var/spool/MailScanner/incoming/*


postfix reload

clamd start

finally, in your firewall point incoming mail on port 25 to this box.

This website and its content is copyright of ITHierarchy Inc - © ITHierarchy Inc 2013-2015. All rights reserved.

Any redistribution or reproduction of part or all of the contents in any form is prohibited other than the following:

  • you may print or download to a local hard disk extracts for your personal and non-commercial use only
  • you may copy the content to individual third parties for their personal use, but only if you acknowledge the website as the source of the material

You may not, except with our express written permission, distribute or commercially exploit the content. Nor may you transmit it or store it in any other website or other form of electronic retrieval system.