Advice on spam & virus checking (again)

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
pbw
Reply | Threaded
Open this post in threaded view
|

Advice on spam & virus checking (again)

pbw
I’m currently running postfix, dovecot and mailman on a Ubuntu 16.04 server, to which a number of domains resolve. There is a mailman list associated with one of the domains. The volumes are very low. After some adventures I got spamassassin running, but my attempts to run clamav, either through amavisd-new or clamsmtp have caused me problems.  Unfortunately, it was a while ago, and I did not make notes of the failures.

Essentially then, I would like recommendations on the best approach(es) to this, and the best associated documentation or recipes.  I have found a bewildering variety of recipes for setting such a system up, some of which contradict one another.  Even mailman comes with two different setups.

I have been reading the current related thread, and may simply be asking for a repetition, but setting these things up seems to be very delicate business.

postfinger:

postfinger - postfix configuration on Tue Apr 25 20:06:59 AEST 2017
version: 1.30

--Packaging information--
looks like this postfix comes from deb package: postfix-3.1.0-3

--main.cf non-default parameters--
alias_maps = hash:/etc/aliases hash:/var/lib/mailman/data/aliases
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
delay_warning_time = 4h
home_mailbox = Maildir/
inet_protocols = ipv4
mailbox_command = /usr/lib/dovecot/deliver -c /etc/dovecot/conf.d/01-dovecot-postfix.conf -m "${EXTENSION}"
mailbox_size_limit = 0
message_size_limit = 51200000
mydestination = localhost, localhost.localdomain, e.id.au, oz-e.id.au, y.org.au, top.com.au, p.id.au
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
recipient_delimiter = +
smtp_bind_address = 99.99.99.99
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
smtpd_recipient_restrictions = reject_unknown_sender_domain reject_unknown_recipient_domain reject_unauth_pipelining permit_mynetworks permit_sasl_authenticated reject_unauth_destination
smtpd_relay_restrictions = reject_unknown_sender_domain reject_unknown_recipient_domain reject_unauth_pipelining permit_mynetworks permit_sasl_authenticated reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_path = private/dovecot-auth
smtpd_sasl_type = dovecot
smtpd_sender_restrictions = reject_unknown_sender_domain
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/letsencrypt/live/e.id.au/fullchain.pem
smtpd_tls_key_file = /etc/letsencrypt/live/e.id.au/privkey.pem
smtpd_tls_mandatory_protocols = !SSLv3, !SSLv2
smtpd_tls_received_header = yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
virtual_alias_domains = lists.y.org.au
virtual_alias_maps = hash:/etc/postfix/virtual, hash:/var/lib/mailman/data/virtual-mailman

--master.cf--
smtp       inet  n       -       y       -       -       smtpd
  -o content_filter=spamassassin
submission inet  n       -       y       -       -       smtpd
smtps      inet  n       -       y       -       -       smtpd
pickup     fifo  n       -       y       60      1       pickup
cleanup    unix  n       -       y       -       0       cleanup
qmgr      fifo  n       -       n       300     1       qmgr
tlsmgr     unix  -       -       y       1000?   1       tlsmgr
rewrite    unix  -       -       y       -       -       trivial-rewrite
bounce     unix  -       -       y       -       0       bounce
defer      unix  -       -       y       -       0       bounce
trace      unix  -       -       y       -       0       bounce
verify     unix  -       -       y       -       1       verify
flush      unix  n       -       y       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
proxywrite unix -       -       n       -       1       proxymap
smtp       unix  -       -       y       -       -       smtp
relay      unix  -       -       y       -       -       smtp
    -o smtp_fallback_relay=
showq      unix  n       -       y       -       -       showq
error      unix  -       -       y       -       -       error
retry      unix  -       -       y       -       -       error
discard    unix  -       -       y       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp       unix  -       -       y       -       -       lmtp
anvil      unix  -       -       y       -       1       anvil
scache     unix  -       -       y       -       1       scache
maildrop  unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
uucp      unix  -       n       n       -       -       pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
bsmtp     unix  -       n       n       -       -       pipe
  flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix  -       n       n       -       2       pipe
  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
spamassassin    unix    -       n       n       -       -       pipe
        user=spamd argv=/usr/bin/spamc -f -e
        /usr/sbin/sendmail -oi -f ${sender} ${recipient}

— end of postfinger output --

virtual:

[hidden email]                     [hidden email]
[hidden email]                      p-oze@localhost
[hidden email]                    p_t@localhost
[hidden email]                 p_t@localhost
[hidden email]           p_t@localhost
[hidden email]            p_t@localhost
[hidden email]                  jen@localhost
[hidden email]                  chl@localhost
[hidden email]                       p_e@localhost
[hidden email]                    p_e@localhost
[hidden email]              p_e@localhost
[hidden email]               p_e@localhost
[hidden email]                   pidau@localhost
[hidden email]                       pidau@localhost
[hidden email]              pidau@localhost
lists.y.org.au                  ok
events.y.org.au                 ok
[hidden email]       postmaster@localhost
[hidden email]        webmaster@localhost
[hidden email]            abuse@localhost
[hidden email]             root@localhost
[hidden email]                p_y@localhost
[hidden email]                      p_y@localhost
[hidden email]                   p_y@localhost
[hidden email]             p_y@localhost
[hidden email]              p_y@localhost
[hidden email]                  ian_c@localhost
[hidden email]                    ian_c@localhost
[hidden email]                  ian_g@localhost
[hidden email]                  ron_g@localhost
[hidden email]              ian_g@localhost
[hidden email]              ian_c@localhost
[hidden email]              ron_g@localhost
[hidden email]                  [hidden email]
<a list of aliases>
[hidden email]                  [hidden email]




--
Peter West
[hidden email]
“Why do you seek the living among the dead? He is not here, but has risen!”