On moving anti-spam and viruschecking from an endangered host

Jurjen Bokma

July 2007


Procedure 26.  Things to do on the new server
  1. Alter /etc/default/spamassassin:

    # Change to one to enable spamd
    ENABLED=1
    #...
    #OPTIONS="--create-prefs --max-children 5 --helper-home-dir"
    OPTIONS="-c -m 10 -H -i my.own.ip.number -p 783 -u spamass"
    	

  2. Edit /etc/default/spampd:

    AUTOWHITELIST=1
    #...
    LOCALONLY=0
    	

  3. Start the ClamAv daemons:

  4. Edit /etc/amavis/conf.d/05-domain_id:

    @local_domains_acl = ( ".$mydomain", "my.first.domain.com", "my.second.domain.com", "my.third.domain.com" );
    	

  5. Edit /etc/amavis/conf.d/20-debian-defaults (the last two lines are the modification) in oder to grant access from other machines than localhost:

    $inet_socket_port = 10024;   # default listenting socket
    @inet_acl = ( '127/8', 'my.ip.nnn/24' ); #This needed to grant access to mailservers JBJB JB 20070717
    $inet_socket_bind = undef;               #This needed too to grant access to mailservers JBJB JB 20070717
    	

Procedure 27.  Things to do on the mail server


[14] This assumes that in /etc/postfix/master.cf you already have a snippet like this to enable it to receive from the mailscanner:

10025           inet n  -       n       -       -  smtpd
   -o content_filter=
   -o local_recipient_maps=
   -o relay_recipient_maps=
   -o smtpd_restriction_classes=
   -o smtpd_client_restrictions=
   -o smtpd_helo_restrictions=
   -o smtpd_sender_restrictions=
   -o smtpd_recipient_restrictions=permit_mynetworks,reject
   -o mynetworks=my.first.ip.range/no_bitsmasked,my.second.ip.range/no_bitsmasked
   -o mynetworks_style=host
   -o strict_rfc821_envelopes=yes