How to install a complete mailserver on Debian 8/9, featuring Postfix, Dovecot, MySQL, Spamassassin, ClamAV, Roundcube and Fail2ban.
~ the howto that actually works ~
Part 1: Introduction
Part 2: Preparations: Apache, Let’s Encrypt, MySQL and phpMyAdmin
Part 3: MTA: Postfix
Part 4: IMAP server: Dovecot
Part 5: Web interface: Roundcube
Part 6: Spam filtering: SpamAsasssin
Part 7: Antivirus: ClamAV and ClamSMTP
Part 8: Quota and other Roundcube settings
Part 9: Using mail with a remote IMAP client (i.e. Thunderbird)
Part 10: Counter brute-force attacks with Fail2ban
Part 11: Sources, config files, colouring and comments
On this page
Comments are on the last page.
ClamAV is a open source antivirus tool. It comes with Freshclam, which handles definition updates. Clamsmtp is the part that allows Clam to scan smtp traffic.
# aptitude install clamav-daemon clamav clamsmtp
The clamsmtp manfile suggests the following. Change the clamsmtp folders ownership to clamav:
# chown -R clamav:clamav /var/spool/clamsmtp/ # chown -R clamav:clamav /var/run/clamsmtp/
Restart the service:
# service clamsmtp restart
In /etc/postfix/main.cf we need to tell Postfix about the virus scanner. Add these lines:
# Virusscanner content_filter = scan:127.0.0.1:10026 receive_override_options = no_address_mappings
in /etc/postfix/master.cf add:
# Antivirus scan unix - - n - 16 smtp -o smtp_send_xforward_command=yes # For injecting mail back into postfix from the filter 127.0.0.1:10025 inet n - n - 16 smtpd -o content_filter= -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks -o smtpd_helo_restrictions= -o smtpd_client_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks_style=host -o smtpd_authorized_xforward_hosts=127.0.0.0/8
As always make sure that the lines starting with -o begin with one or more whitespaces.
# postfix reload
# service clamav-daemon start
Automatically updating ClamAV
ClamAV will update automatically. Initially you should keep an eye on /var/log/clamav/freshclam.log for errors.
In /etc/clamav/freshclam.conf change
# service clamav-daemon start
Change XX to your country code (NL for The Netherlands, BE for Belgium, and so on). I vaguely remember that if you get this value right you are allowed to poll for updates every 15 minutes instead of 60 but I’m not sure ClamAV still do that.
Testing the virus filter
Testing antivirus is not easy. It is, in a sense, because you can just send the EICAR test virus to your server, only you can’t because no mailserver will allow you to send it. Even if you found one you can’t save the EICAR file locally because your local antivirus will delete the file. There are webservices that send EICAR files to your address but most are obsolete.
We’ll send an EICAR test virus from within our server using Mutt. Mutt is a versatile but lightweight e-mail client installed by default on Debian 8.
# tail -f /var/log/mail.log | grep -i clam
# tail -f /var/log/clamav/clamav.log
to keep an eye on Clam’s activities, especially regarding the EICAR test file.
Fire up a new SSH session into your server and this time don’t su to root.
Download the EICAR test file:
$ wget http://www.eicar.org/download/eicar.com
Mutt will ask you if you want to create a spool file. That’s ok. In Mutt press m to start a new mail.
Subject: 01 – test
Now the Nano text editor is started. Type something in the body of the mail; it doesn’t matter what. Press Ctrl + X to stop editing.
Press Y to save the mail
Press Enter to confirm the filename.
Press y to send the mail. Mutt should now say the mail was sent.
/var/log/clamav/clamav.log should show no new entries and /var/log/mail.log | grep -i clam should show “firstname.lastname@example.org, email@example.com, status=CLEAN”
Verify you have received the mail in Roundcube. Then start over: in Mutt, press m to start a new mail.
Subject: 02 – test
Type something in the body.
Ctrl + X to stop editing
Y to save
Enter to confirm the filename
Press a to add an attachment
type: eicar.com and press Enter (if the file wasn’t found use an absolute path).
eicar.com is now added as attachment
Press y to send the mail. Mutt should confirm the mail was sent.
/var/log/clamav/clamav.log should log something like
Tue Mar 22 15:27:47 2016 -> /var/spool/clamsmtp/clamsmtpd.N3lkUG: Eicar-Test-Signature(c88982d8fd9fe8013389c4f801a237b6:851) FOUND
and /var/log/mail.log | grep -i clam should show:
firstname.lastname@example.org, email@example.com, status=VIRUS:Eicar-Test-Signature