![[Valid Atom 1.0]](/images/valid-atom.png "Validate my Atom 1.0 feed")
- Install the necessary debian packages.
- Add the postfix user to groups sasl and lmtp.
- Add user cyrus to group sasl.
Add in /etc/cyrus.conf:
lmtpunix cmd="lmtpd" listen="/var/run/cyrus/socket/lmtp" prefork=10 maxchild=100
and in /etc/imapd.conf:
lmtpsocket: /var/run/cyrus/socket/lmtp
sasl_pwcheck_method: saslauthd
sasl_mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5
Make a symbolic link:
/var/run/saslauthd -> /var/spool/postfix/var/run/saslauthd
Mind the permissions on the directory saslauthd:
drwxr-x--- 2 root sasl /var/spool/postfix/var/run/saslauthd
Launch saslauthd with the following parameters:
saslauthd -c -m /var/spool/postfix/var/run/saslauthd -a sasldb
using /etc/default/saslauthd in Debian:
MECHANISMS="sasldb"
# MECHANISMS could be any combination of sasldb pam shadow ldap
PARAMS="-c -m /var/spool/postfix/var/run/saslauthd"
The relevant configurations in /etc/postfix/main.cf are:
smtpd_recipient_restrictions =
...
check_recipient_access pcre:/etc/postfix/spam_check.pcre,
...
virtual_transport = lmtp:unix:/var/run/cyrus/socket/lmtp
virtual_mailbox_domains = example.dom1 example.dom2
virtual_alias_maps = hash:/etc/postfix/virtual_alias,
hash:/var/lib/mailman/data/virtual-mailman
mime_header_checks = regexp:/etc/postfix/mime_header_checks.regexp
While /etc/postfix/spam_check.pcre says:
// FILTER lmtp:unix:/tmp/dspam.sock
Modify /etc/postfix/mime_header_checks.regexp as follows:
/^\s*Content-(Disposition|Type).*application\/(octet-stream|msword|mspowerpoint|msexcel|zip|x-bzip|x-gzip).*$/ FILTER scan:127.0.0.1:10025
in order to catch the files you want to pass to the antivirus.
The relevant configurations in /etc/dspam/dspam.conf are:
ServerDomainSocketPath "/tmp/dspam.sock"
DeliveryHost 127.0.0.1
DeliveryPort 10026
DeliveryProto SMTP
Trust postfix
ParseToHeaders on
ChangeModeOnParse on
ChangeUserOnParse full
The relevant configurations in /etc/clamsmtpd.conf are:
OutAddress: 127.0.0.1:10027
Listen: 127.0.0.1:10025
The relevant configurations in /etc/postfix/master.cf are:
scan unix - - n - 10 smtp
-o smtp_send_xforward_command=yes
-o disable_mime_output_conversion=yes
localhost:10026 inet n - n - 10 smtpd
-o content_filter=
-o myhostname=smtp-spamfilter.example.com
-o smtpd_use_tls=no
-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks,no_milters
-o smtpd_helo_restrictions=
-o smtpd_client_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o smtpd_authorized_xforward_hosts=127.0.0.0/8
localhost:10027 inet n - n - 10 smtpd
-o content_filter=lmtp:unix:/tmp/dspam.sock
-o myhostname=smtp-virusfilter.example.com
-o smtpd_use_tls=no
-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks,no_milters
-o smtpd_helo_restrictions=
-o smtpd_client_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o smtpd_authorized_xforward_hosts=127.0.0.0/8
Note: since the checks specified in mime_header_checks.regexp apply both for inbound email and for outbound email, you cannot use this configuration for a server that is also the relay host for your domain/net. For outbound email, the sender is an address internal to your domain, while the recipient can be an external address. After the check of clamsmtp, the mail is given to dspam, that add to the learning database the recipient of the message, that is an external address; moreover this external address is treated exactly like an internal address by dspam and, for example, receives the dspam notifications for the first spam.