One of the selling points of Linux is that older PCs that cannot run the latest version of Windows can often be used for Linux. While this is true, there are other factors affecting the choice of a PC for a critical role.

Spam filtering is CPU-intensive. However, it is rarely worth paying a premium price for a fast processor, which costs more per processing unit than the older slow processors. High-speed disks are not required unless a multiple-CPU machine is highly loaded. Disk I/O is relatively low for spam processing. The disk space usage for an email gateway will be low. The server software installation can be less than 1 GB, and little additional space is required, unless the main email server is down for a period of time, in which case additional spool space will be required.

Older PCs often have no hardware support. If a component fails, there may not be an engineer call-out available, and a suitable replacement part may not be available for several days. Older...

There are many different Linux distributions. Some include support, and some have no formal support but have a user community that provides effective peer-to-peer support. The main Linux distributions are listed overleaf:

The Postfix configuration files normally reside in /etc/postfix and /etc/mail/, although this may vary from distribution to distribution. The main files are main.cf and master.cf. To create an email gateway, perform the operations described in the following sections.

myhostname = mailgateway.domain.com
mydomain = domain.com
relay_domains = domain.com

# /etc/mail/aliases
# Basic system aliases -- these MUST be present.
MAILER-DAEMON: postmaster
postmaster: root
# General redirections for pseudo accounts.
adm: root
bin: root
daemon: root
exim: root
lp: root
mail...

Amavisd-new is an interface between MTAs and content checkers. Content-checkers scan email for viruses and/or spam. Amavisd-new is written in Perl and runs as a daemon. Instead of accessing SpamAssassin via the spamc or spamassassin clients, it loads SpamAssassin into memory and accesses the SpamAssassin functions directly. It is therefore closely coupled to SpamAssassin, and may need to be upgraded at the same time as SpamAssassin.

Amavisd-new is available in source form, RPMs are available for SuSE and Mandrake Linux, and third-party RPMs are available for RedHat Linux. Details of versions available are listed on http://www.ijs.si/software/amavisd/#download. If an RPM is available, use it.

Several changes need to be made to the file /etc/amavisd.conf. This file will be parsed as Perl source and syntax is important. Each line should end in a semicolon, and the casing is important. The following variable declaration lines should be changed:

$MYHOME = '/home/amavis';
$mydomain = 'domain.com';
$daemon_user = 'amavis';
$daemon_group = 'amavis';
$max_servers = 5; # number of pre-forked children (default 2)
$max_requests = 10; # retire a child after that many accepts (default 10)
$child_timeout=60;# abort child if it does not complete each task in n sec

Ensure that the correct domain is specified for $mydomain. The number 5 specified for $max_servers is the number of daemons that will be run.

In /etc/amavisd.conf, one line needs to be uncommented as virus scanning is not going to be used. If this step is to be omitted, then Amavisd-new will not start. This line begins with # @bypass_virus_checks_acl. The initial # and space characters need to be removed.

@bypass_virus_checks_acl...

Edit /etc/postfix/master.cf and locate this line:

smtp inet n - n - - smtpd

Add these lines after it:

smtp-amavis unix y - 5 smtp
-o smtp_data_done_timeout=1200
-o disable_dns_lookups=yes
127.0.0.1:10025 inet n y-- smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes

In the smtp-amavis line, the number 5 specifies the number of instances that can be used at once. This should correspond to the $max_servers entry specified in the amavisd.conf file.

Edit /etc/postfix/main.cf and add the following line near the end of the file:

content_filter = smtp-amavis:[localhost]:10024

Restart Postfix with the postfix reload command:

# postfix reload

SpamAssassin can use several external services, such as Pyzor and the DCC. The configuration of these is discussed in Chapter 11. Follow the instructions for these as required.

A firewall prevents unwanted connections from the Internet. Most organizations will have a dedicated firewall and will place their email server in a so-called de-militarized zone, popularly known as DMZ, accessible from both the external network and their internal network. It is possible to use a Linux box as a firewall by using iptables, the Linux kernel firewall. If external services such as DCC are used, Chapter 13 provides firewall information to allow the services to be accessed.

If the email gateway is not behind a corporate firewall, then the Linux kernel firewall should be configured on the email gateway. Consult the documentation for the distribution to configure this.

Backups are an essential part of a service supporting any organization. Unusually, an email server has little data that changes, apart from the various spools of email currently being processed. The content of these spools changes very quickly, and so the data is difficult to back up. As a result, a daily backup is superfluous, but the whole machine configuration should be backed up whenever it is modified to aid recovery after hardware failure. Hardware RAID or software RAID can be used to guard against disk failures.

Before going live, the system should be tested. The machine should be rebooted, and Amavisd and Postfix should be running. This can be tested with the ps command:

$ ps -ef | grep amavisd

amavis 27549 1 0 Jul18 ? 00:00:01 amavisd (master)
amavis 27554 27549 0 Jul18 ? 00:00:00 amavisd (virgin child)
amavis 27555 27549 0 Jul18 ? 00:00:00 amavisd (virgin child)
$ ps -ef | grep postfix

root 6657 1 0 Jul18 ? 00:00:00 /usr/lib/postfix/master
postfix 29918 6657 0 00:37 ? 00:00:00 pickup -l -t fifo -u
postfix 29919 6657 0 00:37 ? 00:00:00 qmgr -l -t fifo -u
root 30989 10059 0 01:16 pts/11 00:00:00 grep postfix

The standard SpamAssassin test emails should be sent to a test user:

$ cd /spamassassin-distribution-dir
$ mail user@domain.com < sample-nonspam.txt
$ mail user@domain.com < sample-spam.txt

The ham email should be delivered to the appropriate user on the original email server, and the spam email should be discarded or sent to the email address that was used when Amavisd-new was...

Switching to the email gateway will involve one of three methods:

An organization can add spam filtering by building an email gateway. This is done by using a new machine installed with Linux, SpamAssassin, Postfix, and Amavisd-new.

The email filtering can take place without any changes to the existing mail server. Spam filtering can be enabled and disabled by directing existing traffic to the old email server or the new email gateway as required. Email is tagged for spam, and a threshold can be set where spam email is simply discarded.