Anti-virus and anti-spam measures on my server

After having thought about it for at least half a year and having researched the topic thoroughly for a good weekend, I finally got to implementing anti-spam and anti-virus measures on my server. It turned out to be more complex than I had initially thought (as always), but it seems to be working now.

To give a bit more background, I am running Postfix with Courier-IMAP and PostgreSQL as database backend. E-mail accounts reside in a virtual folder and have no corresponding Unix accounts.

I decided to use maildrop (I discussed Postfix and procmail issues [here](http://tadek.pietraszek.org/blog/2006/02/05/postfix-virtual-mailboxes-and-procmail-filtering/)) and followed [this tutorial](http://www.xs4all.nl/~jaspersl/howto/), with the following exceptions:

* I had to backport a few packages to sarge (wrote about it [here](http://tadek.pietraszek.org/blog/2006/02/05/backporting-debian-packages-sid-sarge-experiences-with-pbuilder/)).
* I found out by trial and error that two packages `courier-maildrop` and `maildrop` have the same program working differently (essentially, maildrop from the maildrop package works, the other one doesn’t!)
* I added a custom clamAV source to my `sources.list` files:

deb http://ftp2.de.debian.org/debian-volatile sarge/volatile main
* I wrote my own `/etc/maildroprc`

The idea is to have e-mail moved automatically to a folder containing spam if (and only if) such a folder exists. What I came up with is the following

#This is the folder into which spam messages are delivered
SPAMFOLDER="$DEFAULT/.caughtspam/"

#run the message through SpamAssassin
exception {
    xfilter "/usr/bin/spamc -u $LOGNAME"
}

# if the message is marked as spam AND SPAMFOLDER exists - deliver there
#I have no idea how to check it other than executing [ -d ] in a shell
SPAMFOLDEROK=`[ -d $SPAMFOLDER ]; echo $?`
if ( /^X-Spam-Flag:.*YES/ && $SPAMFOLDEROK == 0 )
{
  exception {
          to $SPAMFOLDER
  }
}

What still needs to be done is:

* automatic training on users’ emails (to enable per-user training)
* inclusion of user-specific rules (still need to thnik about it a bit as it has serious security implications).

Useful links:

* – Maildrop filtering language
* SpamAssasin GTUBE test
* – Sending EICAR messages to test anti-virus

3 Responses to “Anti-virus and anti-spam measures on my server”

  1. bjorne Says:

    Thanks for this (and the related) post. I’m trying a similar approach to antispam myself. However, in the if statement, shouldn’t “$SPAMFOLDER == 0″ read “$SPAMFOLDEROK == 0″?

  2. tadekp Says:

    Thanks for noticing, it was a typo. I updated this in the blog.

  3. gebi Says:

    Hi,
    i’ve tried your suggestions but it seems they don’t work here for virtual users.
    with maildrop -d ${recipient} maildrop tries to search for the user in /etc/passwd and gives the error “unknown user”.

Leave a Reply