Exim4 with Antivirus and Antispam

From GLUG-BOM

You are here : Main Page > Howtos > Exim4 with Antivirus and Antispam

Contents 1 Exim4 with Antivirus and Antispam 1.1 Install Debian 'Sarge' 1.2 Additional Packages 1.3 Spamassasssin Configuration 1.4 Exim's group configuration 1.5 SA-Exim configuration 1.6 Exim4 Configuration files 1.7 Customising reject messages in Exim4 1.8 Clamav configuration for Exim4 1.9 Restart Exim4

Exim4 with Antivirus and Antispam

Last week, due to disk faliure we had to reinstall CC4 server. This old workhorse has been serving numerous domains since last 4 years and needed urgent maintenance. I had been customising Exim's configuration files over time,

But this time since we were doing it from scratch, I made sure that I was jotting down all the steps involved in implementing an Antispam & Antivirus filtering capable mail server.

Install Debian 'Sarge'

1. Get Debian GNU/Linux 3.1 'Sarge' Of course, first of all get Debian 'Sarge' running on the server. Though, everything detailed here also works with 'Woody' but 'Sarge' is recommended.

Additional Packages

2. Download following packages from Debian

``exim4-daemon-heavy, ``clamav-daemon, ``sa-exim, ``spamassassin and ``spamc via apt-get.

# apt-get install exim4-daemon-heavy
# apt-get install clamav-daemon
# apt-get install sa-exim
# apt-get install spamassassin spamc

After all of the above packages get installed, we need to make changes to following configuration files.

Spamassasssin Configuration

3. /etc/default/spamassassin Change the parameter ENABLED to:

ENABLED=1

Exim's group configuration

4. /etc/group Add clamav user into Debian-exim's group. This will allow clamav-daemon to read-write into directories owned by Exim4. Exim4 needs to demime the attachments and store them into a temporary directory and ask clamav-daemon to scan it.

Debian-exim:x:102:clamav

SA-Exim configuration

5. /etc/exim4/sa-exim.conf Locate these lines:

### 
SAEximRunCond: ${if and {{def:sender_host_address} {!eq {$sender_host_address}{127.0.0.1}} {!eq {$h_X-SA-Do-Not-Run:}{Yes}} } {1}{0}}
# Remove or comment out the following line to enable sa-exim
SAEximRunCond: 0
###

Then change SAEximRunCond to

SAEximRunCond: 1

Exim4 Configuration files

6. Configuring Exim4's configuration files. Make sure that Exim4 is using splitted configuration files (i.e. multiple files inside /etc/exim4/conf.d/* ) Now locate these configuration files and make following changes.

Customising reject messages in Exim4

7. /etc/exim4/conf.d/acl/40_exim4-config_check_data At the end of the file, just before "accept" statement, add following lines.

# Deny viruses.
deny message = Message contains malware or a virus ($malware_name).
log_message = $sender_host_address tried sending $malware_name
demime =
malware =

Clamav configuration for Exim4

8. /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs At the starting of the file somewhere add this line:

av_scanner = clamd:/var/run/clamav/clamd.ctl

Restart Exim4

9. Restart Exim4 daemon

# /etc/init.d/exim4 restart

And keep a watch on Exim4's log files especially "paniclog", as it processes mails. Error messages are pretty much self explanotary and you may by able to fix them.

best luck, Anurag