This is a quick howto on how to get it all running. Most of the software used is a lot more powerful than this howto suggests. Once you have it all up and running make sure to spend some time checking out the full potential of your setup.

Get all the packages:

Include

deb http://ftp2.de.debian.org/
debian-volatile sarge/volatile main

in your /etc/apt/sources.list to make sure you get updates on the clamav engine (and not just the virus data as provided by freshclam).

apt-get install postfix clamav clamav-base clamav-daemon clamav-freshclam amavisd-new spamassassin spamc razor pyzor cyrus21-admin cyrus21-common cyrus21-imapd cyrus21-pop3d

The amavis package recommends a lot of tools like unzip, unrar, etc. It’s best to install all of them; using dselect might be helpful here.

Clamav

Clamav will run fine without changing any settings. To make sure Clamav plays nicely with Amavis add the clamav user to the amavis group in /etc/group:

…
postfix:x:104:
postdrop:x:105:
mysql:x:106:
clamav:x:107:
amavis:x:108:clamav

You can do this by typing: adduser clamav amavis

Spamassassin

Switch user to amavis:

peen:~# su - amavis

Then run the commands required to enable Razor to be used by Spamassassin:

amavis@peen:~$ razor-admin -create
amavis@peen:~$ razor-admin -register
Register successful. Identity stored in /var/lib/amavis/.razor/
identity-ruu0K-KHfE

Also enable Pyzor:

amavis@peen:~$ pyzor discover
downloading servers from http://pyzor.sourceforge.net/cgi-bin/
inform-servers-0-3-x

Create/edit /etc/spamassassin/local.cf. Mine is very simple:

report_safe 0
skip_rbl_checks 1

I turn off rbl checks in spamassassin as I will have postfix do this instead; see below. No other changes are required.

By default spamassassin is disabled on Debian. Make sure to edit /etc/default/spamassassin and start it:

peen:~# /etc/init.d/spamassassin start
Starting SpamAssassin Mail Filter Daemon: spamd.

Amavis

/etc/amavis/amavisd.conf requires a few configuration changes. Please find the settings quoted below and adjust them to match your setup.

…
$mydomain = ‘peen.net’;
…
$forward_method = ’smtp:127.0.0.1:10025′;
$notify_method = $forward_method;
…
@local_domains_acl = ( “.$mydomain”, “.localhost” );
…
$inet_socket_port = 10024;
…

Also make sure you turn on spamassassin support by removing this line:

@bypass_spam_checks_acl = qw( . );

The rest of the defaults are fine. Now restart amavis:

peen:~# /etc/init.d/amavis restart
Stopping amavisd: amavisd-new.
Starting amavisd: amavisd-new.

And do a tail on your syslog to make sure it detects Clamav and Spamassassin:

peen:~# tail -4 /var/log/syslog
Dec 1 11:42:38 peen amavis[15613]: Using internal av scanner code for (primary) Clam Antivirus-clamd
Dec 1 11:42:38 peen amavis[15613]: Found secondary av scanner Clam Antivirus – clamscan at /usr/bin/clamscan
Dec 1 11:42:38 peen amavis[15613]: SpamControl: initializing Mail::SpamAssassin
Dec 1 11:42:39 peen amavis[15613]: SpamControl: done

Cyrus

The default Cyrus configuration will work for us. We do however need to set sasl passwords and create mailboxes:

peen:~# saslpasswd2 cyrus
Password:
Again (for verification):
peen:~# saslpasswd2 niels
Password:
Again (for verification):

The cyrus user is used for administering Cyrus. The niels user is, well, me. Now create the mailbox for niels:

peen:~# su – cyrus
cyrus@peen:~$ cyradm localhost
IMAP Password:
localhost.localdomain> cm user.niels
localhost.localdomain> exit

Postfix

Finally we’ll need Postfix to actuall get this thing going. We need to add quite a bit to /etc/postfix/master.cf to make sure Postfix can communicate with Amavis:

…
smtp-amavis unix – – n – 2 smtp
-o smtp_data_done_timeout=1200

127.0.0.1:10025 inet n – n – – smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=
permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000

Then we edit /etc/postfix/main.cf to accept email for our domain, do rbl checks, send email to Amavis and deliver it to Cyrus:

smtpd_banner = peen.net ESMTP
biff = no

append_dot_mydomain = no

myhostname = xxx-xxx-xxx-xxx.solcon.nl
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = peen.net, localhost.localdomain, localhost.localdomain, localhost
mynetworks = 127.0.0.0/8, 192.168.2.0/24
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
mailbox_transport=
lmtp:unix:/var/run/cyrus/socket/lmtp
content_filter = smtp-amavis:[127.0.0.1]:10024

smtpd_helo_required = yes
disable_vrfy_command = yes

smtpd_recipient_restrictions =
permit_mynetworks,
reject_unauth_destination,
reject_rbl_client relays.ordb.org,
reject_rbl_client opm.blitzed.org,
reject_rbl_client list.dsbl.org,
reject_rbl_client sbl.spamhaus.org,
reject_rbl_client cbl.abuseat.org,
reject_rbl_client dul.dnsbl.sorbs.net,
permit

smtpd_data_restrictions =
reject_unauth_pipelining,
permit

Now restart postfix and you’re ready to receive email!

peen:~# /etc/init.d/postfix restart
Stopping mail transport agent: Postfix.
Starting mail transport agent: Postfix.

Written while using Debian 3.1 (sarge) and Plesk 7.5.

Clamav

Install the Debian packages clamav, clamav-daemon and clamav-freshclam.

plesk:~# apt-get install clamav clamav-daemon clamav-freshclam

Download and extract qsheff and ripmime tar balls.

plesk:~# cd /usr/local/src/
plesk:/usr/local/src# wget http://www.enderunix.org/qsheff/
qsheff-1.0-r3.tar.gz
plesk:/usr/local/src# wget http://www.pldaniels.com/ripmime/
ripmime-1.4.0.5.tar.gz
plesk:/usr/local/src# tar zxvf qsheff-1.0-r3.tar.gz
plesk:/usr/local/src# tar zxvf ripmime-1.4.0.5.tar.gz

Building and installing ripmime is straightforward:

plesk:/usr/local/src# cd ripmime-1.4.0.5
plesk:/usr/local/src/ripmime-1.4.0.5# make

plesk:/usr/local/src/ripmime-1.4.0.5# make install

Ripmime will now be installed in /usr/local/bin; an appropriate place, and right where qsheff expects it.

Now build and install qsheff:

plesk:/usr/local/src# cd qsheff-1.0-r3
plesk:/usr/local/src/qsheff-1.0-r3# ./configure
plesk:/usr/local/src/qsheff-1.0-r3# make
plesk:/usr/local/src/qsheff-1.0-r3# /etc/init.d/qmail stop
plesk:/usr/local/src/qsheff-1.0-r3# make install

Now, before starting qmail, we have to fix the clamav path in the qsheff config file. Open /usr/local/etc/qsheff/qsheff.conf and change

VIRUS_PROG = “/usr/local/bin/clamdscan –quiet”

to

VIRUS_PROG = “/usr/bin/clamdscan –quiet”

You will probably want to change

enable_blackhole = 0;

to

enable_blackhole = 1;

as well.

Continue the installation:

plesk:/usr/local/src/qsheff-1.0-r3# /usr/local/etc/qsheff/install-wrapper.sh
plesk:/usr/local/src/qsheff-1.0-r3# /etc/init.d/qmail start

And everything should be working!

Spamassassin
If you, like me, want to use the Debian provided spamassassin instead of the Plesk one, there are a few extra steps.

First make sure you remove the plesk spamassassin using plesk.

Then install the Debian version:

plesk:~# apt-get install spamassassin spamc pyzor razor dcc-client

Initialize pyzor and razor:

plesk:~# pyzor discover
plesk:~# razor-admin –create
plesk:~# razor-admin –register

If registering razor fails, simply try it again.

Enable pyzor, razor and the dcc-client in /etc/spamassassin/local.cf:

pyzor_path /usr/bin/pyzor
pyzor_max 2
add_header all Pyzor _PYZOR_
score PYZOR_CHECK 5.00
use_pyzor 1
use_razor2 1
add_header all DCC _DCCB_: _DCCR_
dcc_path /usr/bin/dccproc
use_dcc 1

And restart spamassassin:

/etc/init.d/spamassassin restart

To enable things in our qsheff installation above you will have to replace /var/qmail/bin/qmail-queue with a little shell script:

plesk:~# cd /var/qmail/bin/
plesk:/var/qmail/bin# rm qmail-queue
plesk:/var/qmail/bin# vi qmail-queue

Insert the following code:

#!/bin/sh

/usr/bin/spamc | /var/qmail/bin/qmail-qsheff

Save the file, make it executable and restart qmail:

plesk:/var/qmail/bin# chmod +x qmail-queue
plesk:/var/qmail/bin# /etc/init.d/qmail restart

Notes
If /var/log/qsheff.log contains errors like

ERR, error=QUEUE, hint=chdir_workdir,open_mesg

you’ve probably set the clamav path wrong.

As bristuff still seems to be the most popular way to use HFC Cologne based ISDN cards I’ve patched Asterisk with the lastest bristuff patches from Junghanns. Updated packages for Debian Sarge can be found at their usual location:

Add the following line to your /etc/apt/sources.list:

deb http://debian.peen.net asterisk/