You are on page 1of 10

Postfix as Relay - Step by Step instructions


OS:Fedora Core 4 with Apache and Mysql preinstalled

Users and group creation

# groupadd -g 2000 postfix

# groupadd -g 2002 dspam
# groupadd -g 2004 clamav
# groupadd -g 3000 postdrop
# useradd -u 2000 -g 2000 -d /var/empty -c "Postfix Server" -s /sbin/nologin
# useradd -u 2002 -g 2002 -d /var/empty -c "DSPAM Server" -s /sbin/nologin -G
postdrop dspam
useradd -u 2004 -g 2004 -d /var/empty -c "ClamAV Server" -s /sbin/nologin -G
clamav clamav

# mysqladmin -u root password 'ROOTPASS'

Downloading, compiling and starting Clamav

# cd /tmp
# wget
# ./configure
# make
# make install
cp /tmp/clamav-0.88/contrib/init/RedHat/clamd /etc/rc.d/init.d/
chkconfig --add clamd
chkconfig --level 3 clamd on
/etc/rc.d/init.d/clamd start

vi /usr/local/etc/clamd.conf

Make sure the following entries are uncommented and present

TCPSocket 3310
User clamav

Please see for upgrading

Clamav from a previous version

Downloading, compiling and starting Postfix-2.2.9

# mkdir -p /var/work/source
# mkdir -p /var/work/compile/configure

# cd /var/work/source
# wget
# cd ../compile
# tar -zxf ../source/postfix-2.2.9.tar.gz
# cd postfix-2.2.9
# vim ../configure/postfix
make -f Makefile.init makefiles \
"CCARGS=-DHAS_MYSQL -I/usr/include/mysql" \
"AUXLIBS=-L/usr/lib/mysql -lmysqlclient -lz -lm"
# chmod 755 ../configure/postfix
# ../configure/postfix
# make && make install
( answer default settings to all prompts )
# postfix start
( see that postfix starts )
# ps axf

Warning: you still need to edit myorigin/mydestination/mynetworks
parameter settings in /etc/postfix/

See also for information about dialup

sites or about sites inside a firewalled network.

BTW: Check your /etc/aliases file and be sure to set up aliases

that send mail for root and postmaster to a real person, then run
We do this to start postfix at boot time:

# vi /etc/rc.local
# start postfix
/usr/sbin/postfix start

Downloading, compiling DSPAM-3.6.4

# cd /var/work/source
# wget
# cd ../compile
# tar -zxf ../source/dspam-3.4.2.tar.gz
# cd dspam-3.4.2/
# vi ../configure/dspam
./configure \
--with-dspam-home=/var/dspam \
--with-dspam-home-mode=770 \
--with-dspam-home-owner=dspam \
--with-dspam-home-group=postdrop \
--with-dspam-mode=2510 \
--with-dspam-owner=dspam \
--with-dspam-group=postfix \
--with-delivery-agent=/usr/sbin/sendmail \
--with-storage-driver=mysql_drv \
--with-mysql-includes=/usr/include/mysql \
--with-mysql-libraries=/usr/lib/mysql \
--enable-preferences-extension \
--enable-virtual-users \
--enable-daemon \
--enable-debug --enable-clamav --build=i686-pc-linux-gnu

# chmod 755 ../configure/dspam

# ../configure/dspam
# make && make install
# mkdir -p /usr/local/share/dspam/
Downloading, compiling Apache-2.0.53

# cd /var/work/source
# wget
# cd ../compile
# tar -zxf ../source/httpd-2.0.53.tar.gz
# cd httpd-2.0.53/
# vi ../configure/apache
./configure \
--enable-rewrite \
--enable-cgi \
--disable-userdir \
--enable-suexec \
--with-suexec-caller=apache \
--with-suexec-docroot=/var/www \
--with-suexec-uidmin=1000 \
--with-suexec-gidmin=1000 \
# chmod 755 ../configure/apache
# ../configure/apache
# make && make install


We have now installed the main tools; we will now start configuration!
Mysql DSPAM user and database creation.

# cd /var/work/compile/dspam-3.4.2/src/tools.mysql_drv/
# mysql -e "create database dspam"
# mysql -e "grant all on dspam.* to dspam@localhost identified by 'yourpassword'"
# mysql dspam < mysql_objects-4.1.sql

You can use any of the following lines based on whether u want dspam to add non-
exixtant users automaically in to the system or whether you would add users using
the mysql backend

#This script will require you to manually add users

mysql dspam < virtual_user_aliases.sql

If you want users to be created automatically ,use this script

mysql dspam < virtual_users.sql

# cp purge-4.1.sql /usr/local/share/dspam/

(To keep your database nice and clean you will want to run this command nightly)

# crontab -e
0 0 * * * /usr/local/bin/mysql -udspam -pDSPAMSQLPASS dspam <

Postfix configuration

The following configuration steps will make your postfix act as a relay (not
opened), uses DSPAM for users validation and forward mails to your real inside

# cd /etc/postfix/
# vi
( Add/Remove what is needed )
smtp inet n - n - - smtpd
-o content_filter=dspam:
dspam unix - n n - 10 pipe
flags=Rhqu user=dspam argv=/usr/local/bin/dspam --deliver=innocent --user
${recipient} -i -f ${sender} -- ${recipient}

Now replace the content of your by this one; and modifie the 4 lines
(you'll see where) with your data

# vi
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
mail_owner = postfix
unknown_local_recipient_reject_code = 550
debug_peer_level = 2
debugger_command =
xxgdb $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail
newaliases_path = /usr/bin/newaliases
mailq_path = /usr/bin/mailq
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/local/man
sample_directory = /etc/postfix
readme_directory = no
# Modify to your need thoses 4 lignes
mynetworks =
myorigin =
mydomain =
virtual_mailbox_domains =
virtual_transport = lmtp:unix:/tmp/dspam.sock
virtual_mailbox_maps = mysql:/etc/postfix/
dspam_destination_recipient_limit = 1
mydestination =
local_recipient_maps =
local_transport = error:local mail delivery is disabled
unknown_local_recipient_reject_code = 550
parent_domain_matches_subdomains =
debug_peer_list smtpd_access_maps
smtpd_recipient_restrictions =
permit_mynetworks reject_unauth_destination
relay_recipient_maps = hash:/etc/postfix/relay_recipients
transport_maps = hash:/etc/postfix/transport
alias_maps = hash:/etc/aliases
relay_domains = $transport_maps
smtpd_helo_required = yes
disable_vrfy_command = yes
biff = no
empty_address_recipient = MAILER-DAEMON
queue_minfree = 40000000
message_size_limit = 20000000
mailbox_size_limit = 100000000
smtpd_banner = $myhostname ESMTP Postfix
local_transport = local
# vi
user = dspam
dbname = dspam
query = SELECT username FROM dspam_virtual_uids WHERE username='%s'
table = dspam_virtual_uids
host =
select_field = username
where_field = username

Put every domain you want to relay mail for in the transport table, and what
server to relay each one to. This will route mail for "" to the inside
gateway machine. The [] forces Postfix to do no MX lookup.

# vi transport smtp:[]

Now we enter every valid e-mail address in the relay_recipient table. Any not
found will get rejected right here. If you want to allow any e-mail address for a
domain, leave off the user name. The right-hand "dummy" value must be present. It
is ignored, but the file must be in name/value pairs.

# vi relay_recipients
#, three valid addresses dummy dummy dummy
#, one valid address dummy
#, allow any address dummy

Do not forget to use this each times you modifie one of theses files:

# postmap transport
# postmap relay_recipients

You need to setup an address that root mail goes to (not here!):

# vi aliases
# postalias aliases
# postfix reload
# tail /var/log/maillog

Verify you logs (# tail /var/log/maillog) that postfix started correctly.

Apache configuration

Add/modify the following to your apache configuration:

# vi /usr/local/apache2/conf/httpd.conf
User apache
Group apache
AddHandler cgi-script .cgi
# Modify / to your needs
<VirtualHost *:80>
DocumentRoot "/var/www/"
ErrorLog /var/log/httpd/
TransferLog /var/log/httpd/
RewriteEngine on
RewriteRule ^/$ /dspam.cgi [R]
SuexecUserGroup dspam dspam
<Directory "/var/www/">
Options FollowSymLinks ExecCGI
AllowOverride None
Order deny,allow
Deny from all
AuthType Basic
AuthName "DSPAM Control Center"
AuthUserFile /var/www/etc/htpasswd
Require valid-user
Satisfy Any

# apachectl restart
# ps axf

Setting up the DSPAM web interface

# mkdir -p /var/www/etc/
# chown apache.dspam /var/www/etc/
Setup the password file for logging into the web interface:
# htpasswd -c /var/www/etc/htpasswd
# htpasswd /var/www/etc/htpasswd

Create an administrative account (you'll be able in a few lines to edit a file

containing the list of user with have access to admin interface; file is called

# htpasswd /var/www/etc/htpasswd root

Replace / by the path defined in your apache configuration:

# mkdir -p /var/www/
# chmod 555 /var/www/
# chown dspam.dspam /var/www/
# cd /var/www/
# cp -r /var/work/compile/dspam-3.4.2/cgi/* .
# rm -f Makefile*
# chown -R dspam.dspam *
# chmod 444 *.*
# chmod 554 *.cgi
# chmod 555 templates
# chmod 444 templates/*

You need to modify 2 littles things:

# vi
$CONFIG{'DSPAM_HOME'} = "/var/dspam";

And you need (for the configuration we choses (authentication with the domain
name) to remove the domain:

# vi templates/nav_performance.html
- <strong>spam-$REMOTE_USER$</strong>
+ <strong>spam-$REMOTE_USER$</strong>

You should now be able to test the web interface! BUT graphics generation is not
Downloading, compiling and installing GD & Co.

# apt-get install libpng-devel libjpeg-devel

# cd /var/work/source
# wget
# mkdir CPAN; cd CPAN
# wget
# wget
# wget
# wget
# cd ../../compile/
# tar xzf ../source/gd-2.0.33.tar.gz
# cd gd-2.0.33/
# vi ../configure/gd
# chmod 755 ../configure/gd
# ../configure/gd
# make
# make install
# cd ..
# mkdir CPAN; cd CPAN
# tar xzf ../../source/CPAN/GDGraph-1.43.tar.gz
# tar xzf ../../source/CPAN/GDTextUtil-0.86.tar.gz
# tar xzf ../../source/CPAN/GD-Graph3d-0.63.tar.gz
# tar xzf ../../source/CPAN/GD-2.23.tar.gz
# cd GD-2.23
# perl Makefile.PL
# make && make test
# make install
# cd ../GDTextUtil-0.86/
# perl Makefile.PL
# make && make test
# make install
# cd ../GDGraph-1.43/
# perl Makefile.PL
# make && make test
# make install
# cd ../GD-Graph3d-0.63/
# perl Makefile.PL
# make && make test
# make install

If you followed thoses steps graphics should be printed now!

The real thing
Edition of you DSPAM configuration file
"But why have you make me wait so long?!" Just to increase pleasure ;)

# vi /usr/local/etc/dspam.conf
+ Trust dspam
+ Trust apache
+ Trust postfix
+ AllowOverride localStore
MySQLServer /tmp/mysql.sock
MySQLPort 3306
MySQLUser dspam
MySQLDb dspam
MySQLCompress true

This prevents Postfix from needing to use any aliases for retraining. When users
email, DSPAM will automatically realize that it needs to
retrain the message.

ParseToHeaders on
ChangeModeOnParse on
ChangeUserOnParse off
ServerQueueSize 32
ServerPID /var/run/
ServerMode standard
ServerParameters "--deliver=innocent"
ServerIdent "localhost.localdomain"
ServerDomainSocketPath /tmp/dspam.sock

Please ensure the following entries are present and uncommented in

ClamAVPort 3310
#ClamAVPort /tmp/clamd
ClamAVResponse accept

Database cleanning

# crontab -e
0 0 * * * /usr/local/bin/mysql -u dspam -p'DSPAMPASS' dspam <
/usr/local/share/dspam/purge-4.1.sql | mail root

Testing the antispam relay server

# telnet 25
Connected to (
Escape character is '^]'.
220 ESMTP Postfix
helo myself
250 Ok
250 Ok
354 End data with <CR><LF>.<CR><LF>
My message
250 Ok: queued as 52B821FFA5C

Authentication with IMAP accounts

# locate apxs

If apxs is not found on your server then install httpd-devel using the following

# yum install httpd-devel

Download mod_auth_imap from or any

other mirror

Installation (shared module)

- CD to the mod_auth_imap directory.
- Use Apache's APXS program (you may have to hunt for it):
apxs -i -a -c mod_auth_imap.c
- Note: if you have previously installed mod_auth_imap, don't use the "-a"
flag to APXS, as you already have the necessary changes in httpd.conf
- Make the appropriate changes to your .htaccess or httpd.conf, see the
files in the included "examples" directory for some examples.
- Restart Apache.

Add the following entries to your apache virtual host section in httpd.conf

<VirtualHost *:80>
DocumentRoot "/var/www/"
ErrorLog /var/log/httpd/
TransferLog /var/log/httpd/
RewriteEngine on
RewriteRule ^/$ /dspam.cgi [R]
SuexecUserGroup dspam dspam
<Directory "/var/www/">
Options FollowSymLinks ExecCGI
AllowOverride None
Order deny,allow
Deny from all
Auth_IMAP_Enabled on
AuthType Basic
AuthName ""
Auth_IMAP_Authoritative on
Auth_IMAP_Port 143
Require valid-user
Auth_IMAP_Log on
Satisfy Any
Dspam Training

#Touch /var/dspam/group
#vi /var/dspam/group

# cd /tmp
# wget
Download the public corpus from
It is recommended you grab all of the 20030228 archives except for
easy_ham_2 (to help balance the corpus) and the 2002 spam archive.
Extract and untar each archive in /tmp/spam directory.

# tar zxvf dspam_sa_trainer.tar.gz

#cd /tmp/spam
/tmp/dspam_sa_trainer/ global_group

Troubleshooting History page display issues

vi /var/www/
Modify as follows