CentOS7.9 : Mail Server, Clamav, SpamAssassin

Contents

Clamav ( anti-virus software )
Mail Server Installation
Mail Server : Postfix + Clamav + Amavisd+SpamAssassin
- 1.Real-time scanning of e-mail
- 2.Email spam protection

Clamav ( anti-virus software )

1.Clam AntiVirus Install

# yum -y install clamav clamd clamav-update

2.Edit Clam AntiVirus configuration file

# vi /etc/clamd.d/scan.conf
●Kine 14
# Default: disabled
LogFile /var/log/clamd.scan　←　Uncomment
●Line 77
# Default: disabled
PidFile /run/clamd.scan/clamd.pid　←　Uncomment
●Line 96
# Path to a local socket file the daemon will listen on.
# Default: disabled (must be specified by a user)
LocalSocket /run/clamd.scan/clamd.sock　←　Uncomment
●Line 219
# Run as another user (clamd must be started by root for this option to work)
# Default: don't drop privileges
#User clamscan　←　Add # at the beginning of the line and comment it out (to make it work with root privileges)

3.Virus definition file update settings

# vi /etc/freshclam.conf
●Line 75
#DatabaseMirror database.clamav.net ←　Comment out
DatabaseMirror db.jp.clamav.net
●Per line 151
#NotifyClamd /path/to/clamd.conf
NotifyClamd /etc/clamd.d/scan.conf  ←　Add

4.Virus definition file update

# freshclam
ClamAV update process started at Fri Feb 17 13:57:32 2023
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.103.7 Recommended version: 0.103.8
DON'T PANIC! Read https://docs.clamav.net/manual/Installing.html
daily database available for download (remote version: 26814)
Time:    1.0s, ETA:    0.0s [========================>]   57.92MiB/57.92MiB
Testing database: '/var/lib/clamav/tmp.74071b8e81/clamav-5c721fb2e9847debeac2250d462b62f6.tmp-daily.cvd' ...
Database test passed.
daily.cvd updated (version: 26814, sigs: 2020990, f-level: 90, builder: raynman)
main database available for download (remote version: 62)
Time:    3.9s, ETA:    0.0s [========================>]  162.58MiB/162.58MiB
Testing database: '/var/lib/clamav/tmp.74071b8e81/clamav-fe04e5e17fdbecb650199572c6a4f1a3.tmp-main.cvd' ...
Database test passed.
main.cvd updated (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)
bytecode database available for download (remote version: 333)
Time:    0.4s, ETA:    0.0s [========================>]  286.79KiB/286.79KiB
Testing database: '/var/lib/clamav/tmp.74071b8e81/clamav-5882c19beb25579bd997d5e40e8d96e2.tmp-bytecode.cvd' ...
Database test passed.
bytecode.cvd updated (version: 333, sigs: 92, f-level: 63, builder: awillia2)

# freshclam

ClamAV update process started at Fri Feb 17 13:57:32 2023

WARNING: Your ClamAV installation is OUTDATED!

WARNING: Local version: 0.103.7 Recommended version: 0.103.8

DON'T PANIC! Read https://docs.clamav.net/manual/Installing.html

daily database available for download (remote version: 26814)

Time: 1.0s, ETA: 0.0s [========================>] 57.92MiB/57.92MiB

Testing database: '/var/lib/clamav/tmp.74071b8e81/clamav-5c721fb2e9847debeac2250d462b62f6.tmp-daily.cvd' ...

Database test passed.

daily.cvd updated (version: 26814, sigs: 2020990, f-level: 90, builder: raynman)

main database available for download (remote version: 62)

Time: 3.9s, ETA: 0.0s [========================>] 162.58MiB/162.58MiB

Testing database: '/var/lib/clamav/tmp.74071b8e81/clamav-fe04e5e17fdbecb650199572c6a4f1a3.tmp-main.cvd' ...

Database test passed.

main.cvd updated (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)

bytecode database available for download (remote version: 333)

Time: 0.4s, ETA: 0.0s [========================>] 286.79KiB/286.79KiB

Testing database: '/var/lib/clamav/tmp.74071b8e81/clamav-5882c19beb25579bd997d5e40e8d96e2.tmp-bytecode.cvd' ...

Database test passed.

bytecode.cvd updated (version: 333, sigs: 92, f-level: 63, builder: awillia2)

5.Start Clam AntiVirus

# systemctl start clamd@scan　←　clamd start.

# systemctl enable clamd@scan　←　Automatic clamd startup configuration
Created symlink from /etc/systemd/system/multi-user.target.wants/clamd@scan.service to /usr/lib/systemd/system/clamd@.service.

# systemctl status clamd@scan　←　operation check
● clamd@scan.service - clamd scanner (scan) daemon
Loaded: loaded (/usr/lib/systemd/system/clamd@.service; enabled; vendor preset: disabled)
Active: active (running) since Fri 2023-02-17 14:00:20 JST; 1min 24s ago
Docs: man:clamd(8)
man:clamd.conf(5)

Introduction - ClamAV Documentation
An open source malware detection toolkit and antivirus engin...
www.clamav.net
Main PID: 2745 (clamd)
CGroup: /system.slice/system-clamd.slice/clamd@scan.service
mq2745 /usr/sbin/clamd -c /etc/clamd.d/scan.conf
Feb 17 14:00:20 Lepard clamd[2745]: ELF support enabled.
Feb 17 14:00:20 Lepard clamd[2745]: Mail files support enabled.
Feb 17 14:00:20 Lepard clamd[2745]: OLE2 support enabled.
Feb 17 14:00:20 Lepard clamd[2745]: PDF support enabled.
Feb 17 14:00:20 Lepard clamd[2745]: SWF support enabled.
Feb 17 14:00:20 Lepard clamd[2745]: HTML support enabled.
Feb 17 14:00:20 Lepard clamd[2745]: XMLDOCS support enabled.
Feb 17 14:00:20 Lepard clamd[2745]: HWP3 support enabled.
Feb 17 14:00:20 Lepard clamd[2745]: Self checking every 600 seconds.
Feb 17 14:00:20 Lepard systemd[1]: Started clamd scanner (scan) daemon.

6.Perform virus scan

Download a test virus and perform a virus scan

# wget http://www.eicar.org/download/eicar.com
# clamscan --infected --remove --recursive
/root/eicar.com: Win.Test.EICAR_HDB-1 FOUND
/root/eicar.com: Removed.

----------- SCAN SUMMARY -----------
Known viruses: 8652920
Engine version: 0.103.7
Scanned directories: 7
Scanned files: 11
Infected files: 1
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 1.00:1)
Time: 19.751 sec (0 m 19 s)
Start Date: 2023:02:17 14:06:37
End Date:   2023:02:17 14:06:57

7.Deployment of virus scan auto-execution scripts

# mkdir -p /var/www/system
# cd /var/www/system

Create clamscan.sh in /var/www/system with the following contents

# vi /var/www/system/clamscan.sh

#!/bin/bash

PATH=/usr/bin:/bin

# excludeopt setup
excludelist=/var/www/system/clamscan.exclude
if [ -s $excludelist ]; then
for i in `cat $excludelist`
do
if [ $(echo "$i"|grep \/$) ]; then
i=`echo $i|sed -e 's/^\([^ ]*\)\/$/\1/p' -e d`
excludeopt="${excludeopt} --exclude-dir=$i"
else
excludeopt="${excludeopt} --exclude=$i"
fi
done
fi

# signature update
freshclam

# virus scan
clamscan --recursive --remove ${excludeopt} /

8.Virus scan exclusion directory settings

# chmod 700 clamscan.sh
# echo "/sys/" >> /var/www/system/clamscan.exclude
# echo "/proc/" >> /var/www/system/clamscan.exclude
Exclude sys and proc directories.

# chmod 700 clamscan.sh

# echo "/sys/" >> /var/www/system/clamscan.exclude

# echo "/proc/" >> /var/www/system/clamscan.exclude

Exclude sys and proc directories.

9.Scheduled virus scan

# crontab -e
0 1 * * * /var/www/system/clamscan.sh > /dev/null 2>&1

1 2	# crontab -e 0 1 * * * /var/www/system/clamscan.sh > /dev/null 2>&1

Mail Server Installation

1. Postfix Install

1.1 install
Install Postfix and build an SMTP server

# yum -y install postfix

Make sure Postfix is installed

# rpm -qa | grep postfix
postfix-2.10.1-9.el7.x86_64

1.2Register Postfix to the service

# systemctl enable postfix.service
# systemctl is-enabled postfix.service
enabled

1.3 Backup postfix configuration files, main.cf and master.cf files

# cp -p /etc/postfix/main.cf `date '+/etc/postfix/main.cf.%Y%m%d'`
# cp -p /etc/postfix/master.cf `date '+/etc/postfix/master.cf.%Y%m%d'`

1.4 Edit postfix configuration file
To prevent unauthorized mail relay, configure Postfix to require authentication for outgoing mail as well, using Dovecot's SASL function.

# vi /etc/postfix/main.cf
●Per line 77: Add
#myhostname = virtual.domain.tld
myhostname = mail.<Domain name>
●Per line84:Add your domain name
#mydomain = domain.tld
mydomain = <Domain name>
●Per line99: Uncomment
myorigin = $mydomain
●Per line 116: Change
inet_interfaces = all
●Per line164: Comment out Add under that
#mydestination = $myhostname, localhost.$mydomain, localhost
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
●Per line 268: Add
#mynetworks = 168.100.189.0/28, 127.0.0.0/8
#mynetworks = $config_directory/mynetworks
#mynetworks = hash:/etc/postfix/network_table
mynetworks = 192.168.11.0/24, 127.0.0.0/8　←192.168.11.0/24 to suit your environment
●Per line 420: Uncomment
Set the mail storage format.
#home_mailbox = Mailbox
home_mailbox = Maildir/　
●Per line 428: Add
#mail_spool_directory = /var/mail
mail_spool_directory = /var/spool/mail　
●Per line 575: Add
#smtpd_banner = $myhostname ESMTP $mail_name
#smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
smtpd_banner = $myhostname ESMTP unknown
●Add the following to the last line
# Limit send/receive mail size to 10M
message_size_limit = 10485760
# Limit mailbox size to 1G
mailbox_size_limit = 1073741824
# SMTP-Auth setting
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $mydomain
smtpd_recipient_restrictions = permit_mynetworks, permit_auth_destination, permit_sasl_authenticated, reject

# vi /etc/postfix/main.cf

●Per line 77: Add

#myhostname = virtual.domain.tld

myhostname = mail.<Domain name>

●Per line84:Add your domain name

#mydomain = domain.tld

mydomain = <Domain name>

●Per line99: Uncomment

myorigin = $mydomain

●Per line 116: Change

inet_interfaces = all

●Per line164: Comment out Add under that

#mydestination = $myhostname, localhost.$mydomain, localhost

mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain

●Per line 268: Add

#mynetworks = 168.100.189.0/28, 127.0.0.0/8

#mynetworks = $config_directory/mynetworks

#mynetworks = hash:/etc/postfix/network_table

mynetworks = 192.168.11.0/24, 127.0.0.0/8　←192.168.11.0/24 to suit your environment

●Per line 420: Uncomment

Set the mail storage format.

#home_mailbox = Mailbox

home_mailbox = Maildir/　

●Per line 428: Add

#mail_spool_directory = /var/mail

mail_spool_directory = /var/spool/mail　

●Per line 575: Add

#smtpd_banner = $myhostname ESMTP $mail_name

#smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)

smtpd_banner = $myhostname ESMTP unknown

●Add the following to the last line

# Limit send/receive mail size to 10M

message_size_limit = 10485760

# Limit mailbox size to 1G

mailbox_size_limit = 1073741824

# SMTP-Auth setting

smtpd_sasl_type = dovecot

smtpd_sasl_path = private/auth

smtpd_sasl_auth_enable = yes

smtpd_sasl_security_options = noanonymous

smtpd_sasl_local_domain = $mydomain

smtpd_recipient_restrictions = permit_mynetworks, permit_auth_destination, permit_sasl_authenticated, reject

Release SMTP port (port 25)

# firewall-cmd --add-service=smtp --permanent
success
# firewall-cmd --reload
success

1.5 Start Postfix

# systemctl restart --now postfix

2.Dovecot install

2.1 dovecot install

# yum -y install dovecot

2.2 Edit dovecot.conf file

# cp -p /etc/dovecot/dovecot.conf `date '+ /etc/dovecot/dovecot.conf.%Y%m%d'`
# vi /etc/dovecot/dovecot.conf
●Per line 25: Add
# protocols = imap pop3 lmtp
protocols = imap pop3
●Line 30: Uncomment
# Remove [::] if listening for IPv4 only
listen = *, ::

2.3 Edit 10-auth.conf file

# vi /etc/dovecot/conf.d/10-auth.conf
●Line 10: Uncomment and Change
If plain text authentication is also allowed
disable_plaintext_auth = no
●Line 100: Add
auth_mechanisms = plain login

2.3 Edit 10-mail.conf file

# vi /etc/dovecot/conf.d/10-mail.conf
●Line 31: Add
mail_location = maildir:~/Maildir

2.4 Edit 10-master.conf file

# vi /etc/dovecot/conf.d/10-master.conf
●Line 96-98: Uncomment and Add
# Postfix smtp-auth
unix_listener /var/spool/postfix/private/auth {
mode = 0666
user = postfix
group = postfix
}

2.5 Edit 10-ssl.conf file

# vi /etc/dovecot/conf.d/10-ssl.conf
●Per line 8: Change
ssl = yes

2.6 Register dovecot as a service and start it

# systemctl enable dovecot.service
Created symlink from /etc/systemd/system/multi-user.target.wants/dovecot.service to /usr/lib/systemd/system/dovecot.service.
# systemctl is-enabled dovecot.service
Enabled
# systemctl start dovecot.service

2.7 Allow POP/IMAP services with firewalld

POP is [110/TCP], IMAP is [143/TCP].

# firewall-cmd --permanent --add-service=pop3
# firewall-cmd --permanent --add-service=imap
# firewall-cmd --reload

3.Create mail user and check operation

3.1 advance preparation
①Pretreatment for new users
When a new user is added, set up the system to automatically send and receive e-mail.

# mkdir -p /etc/skel/Maildir/{new,cur,tmp}
# chmod -R 700 /etc/skel/Maildir/
# echo "~/Maildir/"> /etc/skel/.forward
# chmod 600 /etc/skel/.forward

# mkdir -p /etc/skel/Maildir/{new,cur,tmp}

# chmod -R 700 /etc/skel/Maildir/

# echo "~/Maildir/"> /etc/skel/.forward

# chmod 600 /etc/skel/.forward

②Mail environment pre-processing for existing users
Configure the already created users to be able to send and receive e-mail.

# mkdir -p /home/huong/Maildir/{new,cur,tmp}
# chown -R huong:huong /home/huong/Maildir/
# chmod 700 /home/huong/Maildir
# chmod 700 /home/huong/Maildir/{new,cur,tmp}

3.2 User Account Creation
Mail client installation

# yum -y install mailx 
# echo 'export MAIL=$HOME/Maildir' >> /etc/profile.d/mail.sh

Add user [linux]

# useradd linux 
# passwd linux 
New password:xxxxx 
Retype new password:xxxxx 
passwd: all authentication tokens updated successfully.

3.3 Operation check　①

# su - linux
$ mail linux@localhost
Subject: Test Mail
mail test
.   ←　To end the text, type ".".
EOT
$ mail
Heirloom Mail version 12.5 7/5/10.  Type ? for help.
"/home/linux/Maildir": 1 message 1 new
>N  1 linux@korodes.com     Fri Feb 17 16:40  17/536   "Test Mail"
& 1
Message  1:
From linux@korodes.com Fri Feb 17 16:40:53 2023
Return-Path: <linux@korodes.com>
X-Original-To: linux@localhost
Delivered-To: linux@localhost.korodes.com
Date: Fri, 17 Feb 2023 16:40:53 +0900
To: linux@localhost.korodes.com
Subject: Test Mail
User-Agent: Heirloom mailx 12.5 7/5/10
Content-Type: text/plain; charset=us-ascii
From: linux@korodes.com
Status: R

mail test

&

# su - linux

$ mail linux@localhost

Subject: Test Mail

mail test

. ←　To end the text, type ".".

EOT

$ mail

Heirloom Mail version 12.5 7/5/10. Type ? for help.

"/home/linux/Maildir": 1 message 1 new

>N 1 linux@korodes.com Fri Feb 17 16:40 17/536 "Test Mail"

& 1

Message 1:

From linux@korodes.com Fri Feb 17 16:40:53 2023

Return-Path: <linux@korodes.com>

X-Original-To: linux@localhost

Delivered-To: linux@localhost.korodes.com

Date: Fri, 17 Feb 2023 16:40:53 +0900

To: linux@localhost.korodes.com

Subject: Test Mail

User-Agent: Heirloom mailx 12.5 7/5/10

Content-Type: text/plain; charset=us-ascii

From: linux@korodes.com

Status: R

mail test

3.4 Operation check　②
Set up and confirm your account in Mozilla Thunderbird

①Start Thunderbird, and click "Tools", "Account Settings".

②「Account Actions」「Add Mail Account」

③Enter as follows
Your full name : Any name
Email addtess : huong@korodes.com" that I just added.
Password : Password for huong
Click on "Configure manually"

④Set "INCOMMING SERVER" and "OUTGOING SERVER" as shown below and click "Re-test".

⑤"The following settings were found by probinfg the given server"Displayed

After clicking "Done", the following "Warning" appears, but there is no problem, so click "Confirm".

⑥Click "Finish" when "Account syccessfuly created" is displayed.

Mail Server : Postfix + Clamav + Amavisd+SpamAssassin

1.Real-time scanning of e-mail

①Install Amavisd and Clamav Server

# yum --enablerepo=epel -y install amavisd-new clamav-scanner clamav-scanner-systemd

➁Configuration File Edit

# vi /etc/clamd.d/scan.conf
●Line 77：Change
PidFile /var/run/clamd.scan/clamd.pid
●Line 81：Uncomment
TemporaryDirectory /var/tmp
●Line 96：Change
LocalSocket /var/run/clamd.scan/clamd.sock

# touch /var/log/clamd.scan
# chown clamscan. /var/log/clamd.scan
# systemctl enable clamd@scan

➂Setup and start Amavisd

# vi /etc/amavisd/amavisd.conf
●Per line 13: Uncomment
@bypass_spam_checks_maps = (1); # controls running of anti-spam code　
● Line 23：Change to your domain name
$mydomain = 'Domain name ';
●Per line28: comment-out
#$QUARANTINEDIR = undef; # -Q
●Per line122: comment-out
# $virus_admin = undef; # notifications recip
●Line 155：comment-out and Change to own hostname
$myhostname = 'mail.domain name';
●Line 157-158: Uncomment
$notify_method  = 'smtp:[127.0.0.1]:10025';
$forward_method = 'smtp:[127.0.0.1]:10025';  # set to undef with milter!

# systemctl start amavisd clamd@amavisd
# systemctl enable amavisd clamd@amavisd
Created symlink from /etc/systemd/system/multi-user.target.wants/clamd@amavisd.service to /usr/lib/systemd/system/clamd@.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/amavisd.service to /usr/lib/systemd/system/amavisd.service.

④Postfix Configuration

# vi /etc/postfix/main.cf
# Add to the last line
content_filter=smtp-amavis:[127.0.0.1]:10024

# vi /etc/postfix/master.cf
# Add to the last line　
smtp-amavis unix - - n - 2 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
127.0.0.1:10025 inet n - n - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000

# systemctl restart postfix

⑤I sent a test email to myself in Thunderbird, and in the header display section of the received email, I see the following X-Virus-Scanned: amavisd-new at korodes.

2.Email spam protection

①SpamAssassin installed to prevent spam

# yum -y install spamassassin spamass-milter-postfix
# systemctl start spamassassin
# systemctl enable spamassassin

②SpamAssassin Settings

# vi /etc/mail/spamassassin/v310.pre
●Per line 24: Uncomment
loadplugin Mail::SpamAssassin::Plugin::DCC

③SpamAssassin configuration file update script

# cd /var/www/system
# vi /var/www/system/spamassassin-update.sh

#!/bin/bash
cd /etc/mail/spamassassin
wget -q https://github.com/kittyfreak/spamassassin_user_prefs/archive/refs/heads/main.zip
[ $? -ne 0 ] && exit
unzip main.zip >/dev/null 2>&1
[ $? -ne 0 ] && exit
rm -f main.zip
mv spamassassin_user_prefs-main/user_prefs .
rm -rf spamassassin_user_prefs-main
diff user_prefs user_prefs.org > /dev/null 2>&1
if [ $? -ne 0 ]; then
cp user_prefs local.cf
echo "report_safe 0" >> local.cf
echo "rewrite_header Subject ***SPAM***" >> local.cf

#SpamAssassin restart
if [ -f /etc/rc.d/init.d/spamassassin ]; then
/etc/rc.d/init.d/spamassassin restart > /dev/null
else
systemctl restart spamassassin > /dev/null
fi
fi
cp user_prefs user_prefs.org

Grant execute permission to the spamassassin-update script and run it

# chmod 700 /var/www/system/spamassassin-update.sh
# /var/www/system/spamassassin-update.sh

Verify that the SpamAssassin configuration file is created in the /etc/mail/spamassassin directory with the date of the day

# ls -l /etc/mail/spamassassin
total 1500
drwxr-xr-x 2 root root     59 Feb 17 15:37 channel.d
-rw-r--r-- 1 root root   1289 Oct  1  2020 init.pre
-rw-r--r-- 1 root root 499331 Feb 17 19:08 local.cf
drwx------ 2 root root      6 Oct  1  2020 sa-update-keys
-rw-r--r-- 1 root root     62 Oct  1  2020 spamassassin-default.rc
-rwxr-xr-x 1 root root     35 Oct  1  2020 spamassassin-helper.sh
-rw-r--r-- 1 root root     55 Oct  1  2020 spamassassin-spamc.rc
-rw-r--r-- 1 root root 499289 Dec 29  2021 user_prefs
-rw-r--r-- 1 root root 499289 Feb 17 19:08 user_prefs.org
-rw-r--r-- 1 root root   2523 Feb 17 18:51 v310.pre
-rw-r--r-- 1 root root   1194 Oct  1  2020 v312.pre
-rw-r--r-- 1 root root   2416 Oct  1  2020 v320.pre
-rw-r--r-- 1 root root   1237 Oct  1  2020 v330.pre
-rw-r--r-- 1 root root   1020 Oct  1  2020 v340.pre

Set up cron to automatically run a script daily that updates the SpamAssassin configuration file

# crontab -e
0 2 * * * /var/www/system/spamassassin-update.sh > /dev/null 2>&1

1 2	# crontab -e 0 2 * * * /var/www/system/spamassassin-update.sh > /dev/null 2>&1

④Integrate SpamAssassin into Postfix

# vi /etc/postfix/master.cf
●Line 11:Comment out and add under
# smtp inet n - n - - smtpd
smtp inet n - n - - smtpd
-o content_filter=spamassassin
●Add to last line
smtp-amavis unix - - n - 2 smtp
       -o smtp_data_done_timeout=1200
       -o smtp_send_xforward_command=yes
       -o disable_dns_lookups=yes

127.0.0.1:10025 inet n - n - - smtpd
       -o content_filter=
       -o local_recipient_maps=
       -o relay_recipient_maps=
       -o smtpd_restriction_classes=
       -o smtpd_client_restrictions=
       -o smtpd_helo_restrictions=
       -o smtpd_sender_restrictions=
       -o smtpd_recipient_restrictions=permit_mynetworks,reject
       -o mynetworks=127.0.0.0/8
       -o strict_rfc821_envelopes=yes
       -o smtpd_error_sleep_time=0
       -o smtpd_soft_error_limit=1001
       -o smtpd_hard_error_limit=1000

spamassassin unix - n n - - pipe
        user=nobody argv=/usr/bin/spamc -e /usr/sbin/sendmail.postfix -oi -f ${sender} ${recipient}

# vi /etc/postfix/master.cf

●Line 11:Comment out and add under

# smtp inet n - n - - smtpd

smtp inet n - n - - smtpd

-o content_filter=spamassassin

●Add to last line

smtp-amavis unix - - n - 2 smtp

-o smtp_data_done_timeout=1200

-o smtp_send_xforward_command=yes

-o disable_dns_lookups=yes

127.0.0.1:10025 inet n - n - - smtpd

-o content_filter=

-o local_recipient_maps=

-o relay_recipient_maps=

-o smtpd_restriction_classes=

-o smtpd_client_restrictions=

-o smtpd_helo_restrictions=

-o smtpd_sender_restrictions=

-o smtpd_recipient_restrictions=permit_mynetworks,reject

-o mynetworks=127.0.0.0/8

-o strict_rfc821_envelopes=yes

-o smtpd_error_sleep_time=0

-o smtpd_soft_error_limit=1001

-o smtpd_hard_error_limit=1000

spamassassin unix - n n - - pipe

user=nobody argv=/usr/bin/spamc -e /usr/sbin/sendmail.postfix -oi -f ${sender} ${recipient}

⑤Restart postfix

# systemctl restart postfix

⑥If you send an e-mail to yourself in Thunderbird with the following information in the body, the following will appear in the header.
"XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X"

Go to top