How to Install and Configure Postfix, ClamAV, and Amavisd on AlmaLinux
Categories:
4 minute read
Introduction
Running a secure and efficient email server requires not just sending and receiving emails but also protecting users from malware and spam. Combining Postfix (an open-source mail transfer agent), ClamAV (an antivirus solution), and Amavisd (a content filter interface) provides a robust solution for email handling and security.
In this guide, we will walk you through installing and configuring Postfix, ClamAV, and Amavisd on AlmaLinux, ensuring your mail server is optimized for secure and reliable email delivery.
Prerequisites
Before starting, ensure the following:
- A Fresh AlmaLinux Installation:
- Root or sudo privileges.
- Fully qualified domain name (FQDN) configured (e.g.,
mail.example.com).
- DNS Records:
- Properly configured DNS for your domain, including MX and A records.
- Basic Knowledge:
- Familiarity with Linux terminal commands.
Step 1: Update Your System
Start by updating the AlmaLinux packages to their latest versions:
sudo dnf update -y
Step 2: Install Postfix
Postfix is the Mail Transfer Agent (MTA) responsible for sending and receiving emails.
Install Postfix:
sudo dnf install postfix -yConfigure Postfix:
Open the Postfix configuration file:sudo nano /etc/postfix/main.cfUpdate the following lines to reflect your mail server’s domain:
myhostname = mail.example.com mydomain = example.com myorigin = $mydomain inet_interfaces = all inet_protocols = ipv4 mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain relayhost = mailbox_command = home_mailbox = Maildir/ smtpd_tls_cert_file = /etc/ssl/certs/mail.crt smtpd_tls_key_file = /etc/ssl/private/mail.key smtpd_use_tls = yes smtpd_tls_security_level = encrypt smtp_tls_note_starttls_offer = yesStart and Enable Postfix:
sudo systemctl start postfix sudo systemctl enable postfixVerify Postfix Installation:
Send a test email:echo "Postfix test email" | mail -s "Test Email" user@example.comReplace
user@example.comwith your email address.
Step 3: Install ClamAV
ClamAV is a powerful open-source antivirus engine used to scan incoming and outgoing emails for viruses.
Install ClamAV:
sudo dnf install clamav clamav-update -yUpdate Virus Definitions:
Run the following command to update ClamAV’s virus database:sudo freshclamConfigure ClamAV:
Edit the ClamAV configuration file:sudo nano /etc/clamd.d/scan.confUncomment the following lines:
LocalSocket /var/run/clamd.scan/clamd.sock TCPSocket 3310 TCPAddr 127.0.0.1Start and Enable ClamAV:
sudo systemctl start clamd@scan sudo systemctl enable clamd@scanTest ClamAV:
Scan a file to verify the installation:clamscan /path/to/testfile
Step 4: Install and Configure Amavisd
Amavisd is an interface between Postfix and ClamAV, handling email filtering and virus scanning.
Install Amavisd and Dependencies:
sudo dnf install amavisd-new -yConfigure Amavisd:
Edit the Amavisd configuration file:sudo nano /etc/amavisd/amavisd.confUpdate the following lines to enable ClamAV integration:
@bypass_virus_checks_maps = (0); # Enable virus scanning $virus_admin = 'postmaster@example.com'; # Replace with your email ['ClamAV-clamd'], ['local:clamd-socket', "/var/run/clamd.scan/clamd.sock"],Enable Amavisd in Postfix:
Open the Postfix master configuration file:sudo nano /etc/postfix/master.cfAdd the following lines:
smtp-amavis unix - - n - 2 smtp -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes -o max_use=20 127.0.0.1:10025 inet n - n - - smtpd -o content_filter= -o receive_override_options=no_header_body_checks -o smtpd_helo_restrictions= -o smtpd_client_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_tls_security_level=may -o smtpd_sasl_auth_enable=no -o smtpd_relay_restrictions=permit_mynetworks,reject_unauth_destinationRestart Services:
Restart the Postfix and Amavisd services to apply changes:sudo systemctl restart postfix sudo systemctl restart amavisd
Step 5: Test the Setup
Send a Test Email:
Use themailcommand to send a test email:echo "Test email through Postfix and Amavisd" | mail -s "Test Email" user@example.comVerify Logs:
Check the logs to confirm emails are being scanned by ClamAV:sudo tail -f /var/log/maillogTest Virus Detection:
Download the EICAR test file (a harmless file used to test antivirus):curl -O https://secure.eicar.org/eicar.comSend the file as an attachment and verify that it is detected and quarantined.
Step 6: Configure Firewall Rules
Ensure that your firewall allows SMTP and Amavisd traffic:
sudo firewall-cmd --add-service=smtp --permanent
sudo firewall-cmd --add-port=10024/tcp --permanent
sudo firewall-cmd --add-port=10025/tcp --permanent
sudo firewall-cmd --reload
Step 7: Regular Maintenance and Monitoring
Update ClamAV Virus Definitions:
Automate updates by scheduling acronjob:echo "0 3 * * * /usr/bin/freshclam" | sudo tee -a /etc/crontabMonitor Logs:
Regularly check/var/log/maillogand/var/log/clamav/clamd.logfor errors.Test Periodically:
Use test files and emails to verify that the setup is functioning as expected.
Conclusion
By combining Postfix, ClamAV, and Amavisd on AlmaLinux, you create a secure and reliable email server capable of protecting users from viruses and unwanted content. This guide provided a step-by-step approach to installing and configuring these tools, ensuring seamless email handling and enhanced security.
With this setup, your mail server is equipped to handle incoming and outgoing emails efficiently while safeguarding against potential threats. For further questions or troubleshooting, feel free to leave a comment below.
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.