Skip to content

Instantly share code, notes, and snippets.

@MartinEnders

MartinEnders/spamfilter-setup-postfix-dovecot.md

Last active January 29, 2022 21:27
Show Gist options
  • Star 3 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save MartinEnders/c3bbbc6ce5145658451d to your computer and use it in GitHub Desktop.
Save MartinEnders/c3bbbc6ce5145658451d to your computer and use it in GitHub Desktop.
Download ZIP
Setup of spamfilter and sieve for postfix and dovecot
Raw
spamfilter-setup-postfix-dovecot.md

Packetinstallation

aptitude install spamassassin razor pyzor rsyslog
aptitude install amavisd-new
aptitude install dovecot-sieve dovecot-lmtpd
aptitude install clamav clamav-daemon
# restart freshclam and clamav-daemon when error messages occour:
# [FAIL] Clamav signatures not found in /var/lib/clamav ... failed!
# [FAIL] Please retrieve them using freshclam ... failed!
# [FAIL] Then run '/etc/init.d/clamav-daemon start' ... failed!

/etc/init.d/clamav-freshclam restart
/etc/init.d/clamav-daemon restart

aptitude install arj bzip2 cabextract cpio file gzip nomarch pax unzip zoo zip zoo

razor-admin -create
razor-admin -register
pyzor discover

spamassassin

/etc/default/spamassassin

ENABLED=1 und CRON=1 setzen:

# systemctl enable spamassassin.service
# Change to "1" to enable spamd on systems using sysvinit:
ENABLED=1

# Cronjob
# Set to anything but 0 to enable the cron job to automatically update
# spamassassin's rules on a nightly basis
CRON=1

Postfix

/etc/postfix/main.cf

# Spamfilter
content_filter=smtp-amavis:[127.0.0.1]:10024
mailbox_transport = lmtp:unix:private/dovecot-lmtp

Hinweis: check_relay_domains muss jetzt reject_unauth_destination sein

/etc/postfix/master.cf

Hinweis: Vorsicht beim Einfuegen (copy-past) in master.cf mit emacs unter linux wird die Einrueckung recht komisch.

# Spambehandlung ANFANG

smtp-amavis     unix    -       -       -       -       2       smtp
        -o smtp_data_done_timeout=1200
        -o smtp_send_xforward_command=yes
        -o disable_dns_lookups=yes
        -o max_use=20
        -o smtp_tls_security_level=none
127.0.0.1:10025 inet    n       -       -       -       -       smtpd
        -o content_filter=
        -o local_recipient_maps=
        -o relay_recipient_maps=
        -o smtpd_restriction_classes=
        -o smtpd_delay_reject=no
        -o smtpd_client_restrictions=permit_mynetworks,reject
        -o smtpd_helo_restrictions=
        -o smtpd_sender_restrictions=
        -o smtpd_recipient_restrictions=permit_mynetworks,reject
        -o smtpd_data_restrictions=reject_unauth_pipelining
        -o smtpd_end_of_data_restrictions=
        -o mynetworks=127.0.0.0/8
        -o smtpd_error_sleep_time=0
        -o smtpd_soft_error_limit=1001
        -o smtpd_hard_error_limit=1000
        -o smtpd_client_connection_count_limit=0
        -o smtpd_client_connection_rate_limit=0
        -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks
        -o smtp_tls_security_level=none

# Spambehandlung ENDE


# -o eintraege sind fuer spamfilter 
pickup    fifo  n       -       -       60      1       pickup
    -o content_filter=
    -o receive_override_options=no_header_body_checks

amavis

/etc/amavis/conf.d/50-user

use strict;

#
# Place your configuration directives here.  They will override those in
# earlier files.
#
# See /usr/share/doc/amavisd-new/ for documentation and examples of
# the directives you can use in this file
#

@local_domains_acl = ( ".$mydomain", "martin-enders.de", "elise-robert.de", "oberweissenbach.de" );

@bypass_virus_checks_maps = (
   \%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re);

@bypass_spam_checks_maps = (
   \%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re);

$sa_spam_modifies_subj = 1;

$sa_spam_subject_tag = '***SPAM*** '; # Spam in den Betreff schreiben
$sa_tag_level_deflt  = undef;
$sa_tag2_level_deflt = 5;
$sa_kill_level_deflt = 20;
$sa_dsn_cutoff_level = 10;   # spam level beyond which a DSN is not sent

$hdrfrom_notify_sender = "martin\@martin-enders.de";


#------------ Do not modify anything below this line -------------
1;  # ensure a defined return

dovecot

/etc/dovecot/local.conf

# Vorraussetzung fuer Spamhandling
namespace inbox {
    mailbox Junk {
            auto = subscribe
            special_use = \Junk
    }
}

protocol lmtp {
  # Space separated list of plugins to load (default is global mail_plugins).
  postmaster_address = martin@martin-enders.de
  mail_plugins = $mail_plugins sieve
}

service lmtp {
  unix_listener /var/spool/postfix/private/dovecot-lmtp {
      group = postfix
      mode = 0600
      user = postfix
  }
}

plugin {
  sieve_dir = ~/sieve
  sieve_before = /var/mail/sieve/spam-global.sieve
}


# Domain bei usernamen abschneiden
auth_username_format = %Ln

sieve

mkdir /var/mail/sieve/
chown -R mail:mail /var/mail/sieve/

/var/mail/sieve/spam-global.sieve

require ["fileinto"];

if header :contains "X-Spam-Flag" "YES"
{
  fileinto "Junk";
}
sievec /var/mail/sieve/spam-global.sieve

clamav

/etc/clamav/clamd.conf

# Anpassung von Martin Enders
AllowSupplementaryGroups true

usermod -a -G amavis clamav

Final

service spamassassin restart
service amavis restart
service postfix restart
service dovecot restart

Quellen

@Gurkengewuerz
Copy link

Super Zusammenfassung aller Tutorials. Top!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment