I use Fetchmail to go and collect mails from ISPs left, right and centre for all the Users defined on the PC. Fetchmail delivers the mail locally to Postfix, which filters it through Amavis (SpamAssassin, dspam, DCC, Razor and ClamAV) for spam and virus checks. All good mails are delivered locally to my Maildir, and Courier-IMAP is then used to access the mails by Apple Mail and SquirrelMail.
This would not compile as it complained about some missing symbols (_rfc1035_default_resolver). A check on a rather popular search engine, provided the solution
./configure --with-authpwd=YES --without-authuserdb --without-authcram --enable-unicode --disable-root-check
Courier-IMAP compiled and installed - and worked.
Postfix comes installed on Mac OSX but needs a little configuration to work with Amavis. At the minumum, main.cf needs the following
content_filter = smtp-amavis:[127.0.0.1]:10024
strict_rfc821_envelopes = yes
The master.cf file, also needs something like the following
127.0.0.1:10025 inet n - n - - smtpd
smtp-amavis unix - - n - 2 smtp
I went through the read-me files and installed/upgraded the Perl required modules
perl -MCPAN -e shell
One of the Perl modules is SpamAssassin - so no great problems there
perl -MCPAN -e shell
At the time of writing, the most recent version of the ClamAV engine on Fink was 0.88 - while 0.91.2 was available on the web site. So I removed the Fink version, downloaded the source, configured and compiled.
The configure script needs to be updated to remove the nidump command and replace it with the dscl command.
* line 25245: replace @/usr/bin/nidump passwd .@ with @/usr/bin/dscl . -list /Users@
* line 25246: replace @/usr/bin/nidump group .@ with @/usr/bin/dscl . -list /Groups@
Only then will the configure script work correctly
./configure --with-user=_clamav --with-group=_clamav
As the ClamAV virus scanning engine evolves, the source code should be downloaded again, and re-compiled. By subscribing to the clamav-announce mailing list you can keep abreast of the latest releases.
Freshclam, a ClamAV daemon to automatically update virus signatures, is configured to update the virus signature files every few hours. Once Freshclam runs, it notifies the ClamAV daemon, which in turn, reloads itself using the new signatures.
I ended up with one problem though, Amavis is started as the _amavisd user, and the ClamAV daemon is started and the _clamd user - I was gettings access denied while both process tried to access the same socket with different user/group allocations. This is easily resolved by adding the line into the clamd.conf file
Also, either the _amavisd user should be in the _clamav group, or the _clamav user should be in the _amavisd group. In Mac OSX this is not as simple to do as you might think. NetInfo is gone - leaving the dscl command line tool.
change /Local/Default/Users/_clamav UniqueID 260 82
change /Local/Default/Users/_clamav PrimaryGroupID 260 82
append /Local/Default/Groups/_amavisd GroupMembership _clamav
append /Local/Default/Groups/_clamav GroupMembership _amavisd
I changed the UniqueID of the _clamav user to match that of /etc/passwd.
The DCC or Distributed Checksum Clearinghouse is an anti-spam content filter that runs on a variety of operating systems. By disabling dccm, I remove the dependency on sendmail milter.
./configure --disable-sys-inst --disable-dccm
The next thing is to update the SpamAssassin *init.pre* script to
As dccproc is run under the auspices of Amavis, dccproc needs to run to have a setuid of root to access, among other things, the /var/dcc files, so:
chmod +s dccproc
Razor is a distributed, collaborative, spam detection and filtering network. Through user contribution, Razor establishes a distributed and constantly updating catalogue of spam in propagation that is consulted by email clients to filter out known spam.
First, I needed to make sure the that the prerequisites were met, so
perl -MCPAN -e shell
Once I have the prerequisites,
Finally, I needed to update the SpamAssassin *init.pre* script to
dspam is a scalable and open-source content-based spam filter designed for multi-user enterprise systems.
./configure --with-storage-driver=mysql_drv --enable-daemon --enable-clamav --with-mysql-includes=/usr/local/mysql/include --with-mysql-libraries=/usr/local/mysql/lib --enable-preferences-extension --without-local-delivery-agent --without-quarantine-agent --enable-debug --enable-shared=NO --with-dspam-home-owner=_amavisd --with-dspam-home-group=_amavisd --with-dspam-owner=_amavisd --with-dspam-group=_amavisd
I needed to add _amavisd to the mail group to allow the dspam deamon running as _amavisd access to the files with group mail have read/write access.
append /Local/Default/Groups/mail GroupMembership _amavisd
I used @dspam --debug --daemon@ to test if I had the dspam.conf configured correctly. My biggest glaring mistake was to forget to uncomment the mySQL socket. Once that was done, the daemon started correctly.
Postfix passes all messages to Amavis for spam and virus checking. Amavis quarantines those messages deemed to be spam or contain a virus. All remaining messages are delivered to each users Maildir. With the Maildir, Courier-IMAP provides access to the mails - using either imap or imaps.
So far today, I have not had any spam in my inbox - I have had normal messages though;-) - so e-mail is working.
The dspam now adds something like the following to each message
X-Virus-Scanned: amavisd-new at my.domain.name