How to setup the anti-spam & anti-virus Prerequisite: postfix should be up and running 1. installation sudo apt-get install amavisd-new spamassassin clamav-daemon sudo apt-get install dkim-filter python-policyd-spf sudo apt-get install pyzor razor sudo apt-get install arj cabextract cpio lha nomarch pax rar unrar unzip zip zoo 2. configuration a) ClamAV (sudo nano /etc/clamav) - the default is fine a.1) Add clamav user to the amavis group in order for Amavisd-new to have the appropriate access to scan files sudo adduser clamav amavis b) Spamassassin b.1) sudo nano /etc/default/spamassassin ENABLED=1 #activate the Spamassassin daemon b.2) sudo /etc/init.d/spamassassin start c) Amavisd-new c.1) activate spam and antivirus detection in Amavisd-new sudo nano /etc/amavis/conf.d/15-content_filter_mode @bypass_virus_checks_maps = ( \%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re); @bypass_spam_checks_maps = ( \%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re); c.2) Bouncing spam is the default, you may discard it as bellow sudo nano /etc/amavis/conf.d/20-debian_defaults $final_spam_destiny = D_DISCARD; c.3) If host name is different from the domain's MX record you may need to manually set the $myhostname option. Also, if the server receives mail for multiple domains the @local_domains_acl option will need to be customized. sudo nano /etc/amavis/conf.d/50-user $myhostname = 'mail.example.com'; @local_domains_acl = ( "example.com", "example.org" ); c.4) sudo /etc/init.d/amavis restart d) DKIM Whitelist (once a domain has been added to the Whitelist the message will not receive any anti-virus or spam filtering.) /etc/amavis/conf.d/40-policy_banks e) Postfix sudo postconf -e 'content_filter = smtp-amavis:[127.0.0.1]:10024' f) sudo nano /etc/postfix/master.cf (Note: add the following at the end. Don't leave space before the line "smtp-amavis" and "127.0.0.1:10025") smtp-amavis unix - - - - 2 smtp -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes -o max_use=20 127.0.0.1:10025 inet n - - - - smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_delay_reject=no -o smtpd_client_restrictions=permit_mynetworks,reject -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_data_restrictions=reject_unauth_pipelining -o smtpd_end_of_data_restrictions= -o mynetworks=127.0.0.0/8 -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 -o smtpd_client_connection_count_limit=0 -o smtpd_client_connection_rate_limit=0 -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks (Note: Also add the following two lines immediately below the "pickup" transport service: ) -o content_filter= -o receive_override_options=no_header_body_checks 3. test a) Amavisd-new SMTP is listening (directly in Ubuntu system) telnet localhost 10024 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. 220 [127.0.0.1] ESMTP amavisd-new service ready ^] b) In the Header of messages you should see: X-Spam-Level: X-Virus-Scanned: Debian amavisd-new at example.com X-Spam-Status: No, hits=-2.3 tagged_above=-1000.0 required=5.0 tests=AWL, BAYES_00 X-Spam-Level: In addtion: 1) to get the stuck message: postfix reload requeue the stuck messages: postsuper -r ALL wait for the messages to requeue (about a minute and a half should be good) postfix reload 2) to display the config of /etc/postfix/main.cf) postconf -n