HOWTO Install Courier with maildrop and ClamAV and SpamAssassin

From Gentoo Linux Wiki

It has been suggested that this article be split into multiple articles accessible from a disambiguation or index page.   (Discuss)

[edit] Introduction

[edit] Background

After installing Courier I went started trying to get maildrop to filter the incoming email - without much luck unfortunately. So I naively turned to the courier-users mailinglist hoping for help - didn't get much there either. So now that I've gotten things working I (with some encouraging) decided to make this article.

[edit] Assumptions

• When writing this I have already installed everything - and it was a couple of months ago so everything here might not work out-of-the-box. If that is the case I expect you to be able to solve it (and hopefully edit this page so that it is correct).
• You will be using virtual users - i.e. the users for the system will be fetched from a MySQL database
• SpamAssassin user-defined rules will also be stored in a MySQL database.
• Your mailboxes are correctly configured (you should be able to recieve mail if you start courier after configuring the Courier-MTA)
• You know how to add scripts to a runlevel (to start automatically at boot)
• You will be using IMAP-SSL only to access mail (webmail should work as well - but is not covered)
• You will want to be able to use ESMTP-SSL

[edit] Environment

You should have a working Courier mailsystem working before venturing any further. You can use HOWTO Email Virtual Hosting with Courier and MySQL to accomplish this

[edit] Versions

This HOWTO was written/has been updated to work with (later probably works, but config files might be in other locations)

• mail-mta/courier-0.50.1 (or mail-filter/maildrop-1.8.0-r3, but not *guaranteed* to work)
• mail-filter/spamassassin-3.1.0
• app-antivirus/clamav-0.87.1

[edit] Disclaimer

The HOWTO is provieded as-is - neither I nor any one else who has edited this article can be held responsible if your system goes haywire after following this HOWTO.

[edit] Installing software

[edit] ClamAV

emerge clamav

[edit] SpamAssassin

emerge spamassassin

[edit] Configuring software

[edit] ClamAV

 
#!/bin/bash
# Created by Tom Walsh, slim at ala.net
# slightly modified by Wolfgang Ziegler, nuppla at gmx.at

RUN=clamscan
# Enable this line, if you are using the clamav-daemon.
# RUN=clamdscan


#start
MSG=$(< /proc/self/fd/0) # stdin -> $MSG
SCAN=$(echo "$MSG" | $RUN - --stdout --disable-summary)
EXIT="$?"
VIRUS=$(echo "$SCAN" | awk '{print $2}')
SUBJECT=$(echo "$MSG" | reformail -x Subject:)

if [ "$EXIT" == "1" ]; then
 SUBJECT="**VIRUS** [$VIRUS] $SUBJECT"
 MSG=$(echo "$MSG" | reformail -i"X-Virus-Status: INFECTED")
 MSG=$(echo "$MSG" | reformail -i"Subject: $(echo "$SUBJECT")")
else
 MSG=$(echo "$MSG" | reformail -i"X-Virus-Status: CLEAN")
fi

echo "$MSG"
exit 0
  

Don't forget to make the file executable...

chmod +x /usr/bin/clamscan.sh

I did not need to change any of the ClamAV configuration files to get it to work.

[edit] SpamAssassin

For this to work you need to have the appropiate perl module installed - for MySQL you get it by

emerge Msql-Mysql-modules

[edit] Creating the user and database in MySQL

Execute these commands in mysql:

CREATE DATABASE spamassassin;
USE spamassassin;
CREATE TABLE userpref (
 id int(8) unsigned NOT NULL auto_increment,
 username varchar(128) NOT NULL default '',
 preference varchar(64) NOT NULL default '',
 value varchar(128) default NULL,
 descript varchar(128) default NULL,
 added datetime NOT NULL default '2003-01-01 00:00:00',
 added_by varchar(128) NOT NULL default '',
 modified timestamp NOT NULL default CURRENT_TIMESTAMP on update CURRENT_TIMESTAMP,
 UNIQUE KEY id (id),
 KEY type (preference),
 KEY added_by (added_by),
 KEY preference (preference),
 KEY username (username)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 COMMENT='Spamassassin Preferences';
GRANT SELECT ON spamassassin.* TO spamassassin@localhost IDENTIFIED BY '<password>';
FLUSH PRIVILEGES;

Change <password> with some suitable password.

[edit] Applying settings in SpamAssassin

Add

user_scores_dsn                  DBI:mysql:spamassassin:localhost:3306
user_scores_sql_password         <password>
user_scores_sql_username         spamassassin
user_scores_sql_custom_query     SELECT preference, value FROM _TABLE_ WHERE username = _USERNAME_ OR  username = '$GLOBAL' OR username = CONCAT('%',_DOMAIN_) ORDER BY username ASC

to /etc/spamassassin/secrets.cf (and don't forget to enter the correct password to be used...)

And at last you need to change the SPAMD_OPTS option in /etc/conf.d/spamd to look something like this:

SPAMD_OPTS="-m 5 -q -x -H -u mail"

Here "-q -x" is essential to get it to read preferences from database. The option "-c" should be there as default and must be removed - see the manpage for spamd for the reason.

[edit] Getting Courier-MTA to send mail thru maildrop

To get the mail to be filtered throught maildrop you can put a file ".courier" in the homedir of each virtual mail user (it should be a single directory) and inside this file write:

| /usr/bin/maildrop

or for a global configuration, so every mail is filtered open the file /etc/courier/courierd and set:

DEFAULTDELIVERY="| /usr/bin/maildrop"

Be sure of the pipe " | " at the beginning.

[edit] Getting maildrop to filter the mail thru ClamAV and SpamAssassin

This is the default maildropfile for the entire system - I'm unclear on if this file is processed before or after the user .maildrop files.

 
# Only scan mails smaller than VSCANSIZE for a virus
VSCANSIZE="2000000"

# Only scan mails smaller than SCANSPAMSIZE for spam
SCANSPAMSIZE="200000"

###############################################################################
#
# Use ClamAV to scan for viruses.
#
###############################################################################

if( $SIZE < $VSCANSIZE ) 
{
  exception {
    xfilter "/usr/bin/clamscan.sh"
  }
}
 
if(/^X-Virus-Status:.*INFECTED/)
{
  `test -d $DEFAULT/.Quarantine`
  if ( $RETURNCODE == 1 )
  {
    `/usr/bin/maildirmake -f Quarantine $DEFAULT`
    `echo INBOX.Quarantine >> $DEFAULT/courierimapsubscribed`
  }
  exception {
    to "$DEFAULT/.Quarantine/"
  }
}

###############################################################################
#
# Use SpamAssassin to filter SPAM
#
###############################################################################
if( $SIZE < $SCANSPAMSIZE ) 
{
  xfilter "/usr/bin/spamc -u $USER -s $SCANSPAMSIZE"
}

if (/^X-Spam-Status: *Yes/:h)
{
  #Create SPAM IMAP folder if they don't have one
  `test -d $DEFAULT/.Spam`
  if( $RETURNCODE == 1 )
  {
    `/usr/bin/maildirmake -f Spam $DEFAULT`
    `echo INBOX.Spam >> $DEFAULT/courierimapsubscribed`
  }
  exception {
    to "$DEFAULT/.Spam/"
  }
}
  

In many case you might not be interested in keeping virus in quarantine as it may bother your users or spend useless data on your account. So I personaly replace : { #Create SPAM IMAP folder if they don't have one `test -d $DEFAULT/.Spam` if( $RETURNCODE == 1 ) { `/usr/bin/maildirmake -f Spam $DEFAULT` `echo INBOX.Spam >> $DEFAULT/courierimapsubscribed` } exception { to "$DEFAULT/.Spam/" } } by : { exit } This way, mail is trashed and only a log remain in the clamav log file that a virus has been found

[edit] Starting the system

This is fairly simple:

/etc/init.d/spamd start
/etc/init.d/clamd start
/etc/init.d/courier restart

[edit] Training SpamAssassin

Check Gentoo Linux Documentation -- Setting up an integrated local email delivery system for a good way to do this - the simple way