Linux Email Howto

postfix + procmail + clamav + spamassassin

This howto describes how to configure a Linux system so that mail delivered to local users is automatically scanned for viruses and spam using free, robust, high quality open source tools. This setup is suitable for desktop systems or laptops with single users or a small numbers of users. For larger numbers of users and/or mail servers, there are more efficient ways these tools could be used. The distro used was Fedora 3, but most if not all of the information here is relevant to any Linux system.

The tool chain includes the following basic elements. The version numbers are what I used, but you should always download the latest versions of software available at the time. I used the clamav and spamassassin RPM packages from Dag Wieers. These packages break clamav down into three separate packages (clamav, clamav-db, clamd). I collected clamassassin by James Lick from its homepage.

• postfix
• procmail
• clamav (0.86.2)
  • clamav (0.86.2)
  • clamav-db (0.86.2)
  • clamd (0.86.2)
• clamassassin (1.2.2)
• spamassassin (3.0.4)

1: Install postfix if you haven't already done that. If you're using Fedora and have also installed the system-switch-mail utility, you can use that to switch the system from the default sendmail MTA to postfix after installation.

2: Install clamav packages in this order to avoid dependency errors: clamav-db, clamav, clamd. You should now be able to start clamd using its init script for testing (run /etc/init.d/clamd start as root in a terminal). If clamd starts OK, you should now check that it is set to start at boot time using Fedora's Service Configuration management tool (System Settings->Server Settings->Services), where clamd should now appear in the list. To update your virus definition database, now run freshclam as root in a terminal. This should be done regularly, even daily. A cronjob could be set up to do this if your system is on line at predictable times each day.

3: Install clamassassin. This is a shell script that allows you to use procmail to run mail through clamav in the same way as spamassassin (see procmail script below). Just untar the package and run ./configure and then make install as root. Requires that clamav be already installed.

4: Install spamassassin. Fedora includes spamassassin, but it is probably best to download the very latest version. I remove the existing spamassassin supplied with Fedora first, but it may be possible to simply upgrade that package using rpm -U. You should now be able to start spamd for testing (run spamd -d as root in a terminal). If spamd starts OK, you should now check that it is set to start at boot time using Fedora's Service Configuration management tool (System Settings->Server Settings->Services), where spamassassin should now appear in the list.

5: Edit /etc/postfix/main.cf and add the following mailbox_command parameter:

mailbox_command = /usr/bin/procmail -f- -a "$USER"

This tells postfix to automatically deliver all mail through procmail. An alternative is to leave /etc/postfix/main.cf as it is and use a .forward file in your home directory. I found that a .forward file as simple as this worked OK:

| /usr/bin/procmail

6: Assuming procmail is installed (it should be), add this .procmailrc file to your local user home directory:

:0fw
| /usr/local/bin/clamassassin

:0:
* ^X-Virus-Status: Yes
mail/virus

:0fw
| /usr/bin/spamassassin

:0:
* ^X-Spam-Status: Yes
mail/spam

The procmail script above assumes that you have a mail directory in your home directory. Pine creates this by default. In that directory, you need to create the virus and spam files referred to in the script.

Once all this is done and working, simply collect your mail using fetchmail and read it with pine ... simple!

TROUBLESHOOTING: If things don't work, check the following:

• postfix must be restarted after editing /etc/postfix/main.cf
• Is clamd running? Check using ps aux | grep clamd
• Is spamd running? Check using ps aux | grep spamd
• procmail will not run without the correct permissions setup for $HOME/.procmailrc. If either the file itself (or the directory it is located in, according to the procmail man page) is group writable, procmail will not use the file, will not run, and will return a "Suspicious rcfile" error which should show up in your maillog file.

If your mail system is running correctly, your email should now all be delivered to your mailbox with extra headers added by clamd and spamd describing their virus and spam status. Email containing viruses or spam should be delivered to the files configured in your .procmailrc file.

The functioning of clamassassin and spamassassin can be tested locally by saving an email to file ('test_email' in the examples below), then piping it into each respective program as follows:

cat test_email | clamassassin
cat test_email | spamc

In both cases, the program should return the same email message with extra headers added, indicating that the program is in fact working.

The directory /usr/share/doc/spamassassin-* should contain a file called sample-spam.txt which can also be used for testing spamassassin. It contains a signature which should always be detected as spam.