Exim4 + ClamAV + SpamAssassin + Greylistd on Debian etch mini-HOWTO

What if you hope to have ClamAV and SpamAssassin with your Debian Exim4, but don't really hope for a complete virtual hosting email system with vexim? You may follow this simple guideline and set them up within 15min :)

Install required packages

You may need something else but I am not sure right now. Please correct me if package missed: apt-get update apt-get install exim4-daemon-heavy spamassassin clamav-daemon clamav-freshclam clamav-testfiles greylistd

Configure SpamAssassin

In case of Debian, SpamAssassin is disable by default, so you will need to activate it by editing /etc/default/spamassassin: # Change to one to enable spamd ENABLED=1

Configure Greylistd

That is very handy for Debian. Just simply run the following command and you will get it done: greylistd-setup-exim4 add

Configure ClamAV

For ClamAV that will be a bit more complicated. I will suggest you have a look about /usr/share/doc/clamav/README.Debian.gz before start. First of all, ClamAV will not able to scan the Exim4 mail spool according to directory privilege: dc:~# ls -lad /var/spool/exim4/ drwxr-x--- 5 Debian-exim Debian-exim 4096 2008-03-06 07:35 /var/spool/exim4/ So we will add user clamav to group Debian-exim, and change the directory privilege accordingly: adduser clamav Debian-exim chmod -Rf g+w /var/spool/exim4 chmod -Rf g+s /var/spool/exim4 Next, let's check if /etc/clamav/clamd.conf contain the following line, or else set and active it: AllowSupplementaryGroups true After restart ClamAV, the scan action should be fine: /etc/init.d/clamav-daemon restart

Configure Exim4

To activate ClamAV scan for Exim4, you will need to handle to part. You will need to tell Exim4 where is the unix socket for ClamAV. Edit /etc/exim4/exim4.conf.template, search and change the following line (edit /etc/exim4/conf.d/main/02_exim4-config_options if split config is being used): av_scanner = clamd:/var/run/clamav/clamd.ctl Next, search this section and change as below (edit /etc/exim4/conf.d/acl/40_exim4-config_check_data if split config is being used): # Deny if the message contains malware. Before enabling this check, you # must install a virus scanner and set the av_scanner option in the # main configuration. # # exim4-daemon-heavy must be used for this section to work. # deny message = This message was detected as possible malware ($malware_name). demime = * malware = * For SpamAssassin, search the following line and uncomment it (edit /etc/exim4/conf.d/main/02_exim4-config_options if split config is being used): spamd_address = 783 Then Search the following section and uncomment as below (edit /etc/exim4/conf.d/acl/40_exim4-config_check_data if split config is being used): # Add headers to a message if it is judged to be spam. Before enabling this, # you must install SpamAssassin. You also need to set the spamd_address # option in the main configuration. # # exim4-daemon-heavy must be used for this section to work. # # Please note that this is only suiteable as an example. There are # multiple issues with this configuration method. For example, if you go # this way, you'll give your spamassassin daemon write access to the # entire exim spool which might be a security issue in case of a # spamassassin exploit. # # See the exim docs and the exim wiki for more suitable examples. # warn spam = Debian-exim:true message = X-Spam-Flag: YES\n\ X-Spam-Score: $spam_score\n\ X-Spam-Level: $spam_bar\n\ X-Spam-Report: $spam_report
Don't use Debian's default message: Thunderbird will not recognize it! Read Thunderbird:Help Documentation:Dealing with Junk E-mail for more information.
Save all changes, and reactivate Exim4 setup: dpkg-reconfigure exim4-config

Some simple test

To test ClamAV, send yourself a email with ONLY the following line within body: X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H* You email client should prompt you an error message and block your mail delivery. To test SpamAssassin, send yourself an email with ONLY the following line within body: XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X After mail delivery, when you check the received email source code, you should have similar message within header. If you are using Thunderbird and enable junk filtering within your mail account setup, this message will even move to "Junk" folder directly: X-Spam-Flag: YES X-Spam-Score: 1000.0 X-Spam-Level: +++++++++++++++++++++++++++++++++++++++++++++++++++ X-Spam-Report: Spam detection software, running on the system "mail.example.com", has identified this incoming email as possible spam. The original message has been attached to this so you can view it (if it isn't spam) or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X [...] Content analysis details: (1000.0 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -1.4 ALL_TRUSTED Passed through trusted hosts only via SMTP 1000 GTUBE BODY: Generic Test for Unsolicited Bulk Email 1.4 AWL AWL: From: address is in the auto white-list


admin's picture

Thanks, this helped me set up a similar system for the charity I work for.

Anonymous's picture

air max 90 hyperfuse blackAir Jordanwhite huarachesLouis Vuitton Outletmichael kors salemichael kors outlet onlinekate spade pursesair jordan saleNike OutletNike Air Maxhttp://www.michaelkorsmkoutlet.orgLouis Vuitton Handbagshttp://www.mkmichaelkorspurses.comnike air max theacoach outletcoach outlet storenike roshe menlouis vuitton outlethttp://www.michaelkorsmksale.comnike flyknit 4.0nike air huarache blackhttp://www.2015coachoutlet.comcoach coupon codelouis vuitton bagsLouis Vuittonhttp://www.nikefreetrainer50.netcheap air max 90michael kors factory storemichael korscoach bags on salenike free 5.0nike 4.0 flyknitcoach outlet 80% offnike roshe run blackLouis Vuitton Outlethttp://www.nikeairmax-90.in.netkate spade diaper baghttp://www.airjordan5forsale.comcoach outletmichaelkorsair max zerokate spade outletcoach outlet store onlinekate spade outletnike air max 1 http://www.nikeairmaxthea.in.nethttp://www.usalouisvuittonoutlet-stores.comnike huarache womenhttp://www.rosherunwomen.orghttp://www.airmax90ice.orghttp://www.louisvuittonclutchs.commichael korshttp://www.coachoutletstoreinc.orgmichael kors bags outletkate spade factoryLouis Vuitton Pursesmk purses coach outlet store onlineflyknit roshemichael kors handbagshttp://www.2015michaelkorsoutlet.nethttp://www.katespade2015.orglouis vuitton storemichael kors outletLouis Vuittoncoach couponscoach factory outletroshe runshttp://www.airmax90ice.in.nethttp://www.nikeairmax1in2014.comair jordan shoesNike Outlet OnlineAir Jordan 11 Retrokate spade diaper bagmk saleLV handbagshttp://www.nikeairhuarache.netNike Air Max 90 Classicair max 90katespadeair max theacoach bags usahttp://www.nikeairmax90classic.comlouis vuitton store 2015http://www.nikehuarachewomens.comroshe run flyknitmichael kors jet set walletkate spade outletmichael kors bagscoach online storemichael kors outletcoach outletcoach coupon codenike air maxnike free trainernike roshe womenkate spade factorycoach 80% off handbagsnike air max thea mensmk wallet outletcoach outlet promo codekate spade outlet onlinehttp://www.katespade-usa.orgmk factorykate spade handbagsroshe run womenLouis Vuitton pursesmichael kors outletnike air max thealouis vuitton bagkate spade outletlouis vuitton storesmichaelkorscoach bags outletair max shoeskate spade bags ushttp://www.nikeoutletstore-online.comLouis Vuitton SunglassesNike Air Jordan 4kate spade bagsnike.comhttp://www.louisvuitton-lv.us.commk outlet onlinehttp://www.louisvuitton--outletstore.netLouis Vuitton Outlet OnlineLouis Vuitton clutchhttp://www.louisvuitton-lvpurses.comkate spade oninenike air huarachecoach outlet storeAir Max 90rosheskate spade outlethttp://www.mkfactoryoutlet.netblack roshe runmk bagsnike air maxLouis Vuitton clutch bagair max zero salehttp://www.michaelkorsoutletonlinee.netNike LunarGlipseroshes womenhttp://www.nikeairmaxzero.netcoach outletLouis Vuitton Handbagsnike roshe womenair max theaair jordan 5 retrokate spade surprise salecoach bags

Add new comment

Restricted HTML

  • Allowed HTML tags: <a> <em> <strong> <cite> <blockquote> <code> <ul> <ol> <li> <dl> <dt> <dd> <h4> <h5> <h6>
  • Lines and paragraphs break automatically.
  • Web page addresses and e-mail addresses turn into links automatically.
  • HTML tags will be transformed to conform to HTML standards.

Plain text

  • No HTML tags allowed.
  • Lines and paragraphs break automatically.
  • Web page addresses and e-mail addresses turn into links automatically.
This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.