PFSense postfix forwarder + mailscanner + freshclam contab
I recently brought email “in house” for a client. The setup they had was:
mail going to their web hosting provider (CPanel web host) > they then had their email server (Exchange 2003) setup with a pop3 connector that would pop email down every 15 minutes to user inboxes > users would then get their email.
This setup is less than ideal primarily because:
- Email is delayed depending on when the pop connector checks it and the users check it.
- Connecting other devices like phones, tablets and such also experience receiving delays
- No real root access to the filter mechanism on the CPanel server
Ideally it should be as direct as possible and in your control as much as possible.
The solution I came up with was to replace their lame Netgear VPN firewall which was not a real solution because of how limited and inflexible it is with a far more flexible and feature rich open source firewall called PFSEnse. We’ve got almost 30 of these deployed for a number of clients in various configurations depending on their needs.
What we needed then was an anti-spam solution since the one benefit of the CPanel pop connector solution was that server did a bulk of the filtering for viruses, malware (I assume) and spam.
We used postfix forwarder and connected it to active directory which worked PERFECTLY however, I wasn’t able to figure out how to filter out zip file and other attachments. Eventually I found the solution and you can too if you check out their forums BUT what wasn’t clear was clamav and updating it.
As it stands, clamav doesn’t get automatically updated and you have to make a cron separately to do it.
So from the console do this:
- setenv EDITOR /usr/local/bin/nano <– that will set your editor as nano, otherwise it’s VI.
- crontab -e <– that will edit your root crontab if you’re logged in as root, and you should be
- I put this in as my cron: * 0,4,8,12,16,20 * * * /usr/local/bin/freshclam
That should update clamav definitions every 4 hours, the first * = minutes, the second section with the 0,4, 8…etc is the hours in the day so at midnight (0 hours) it runs freshclam which fetches clamav updates.
I’d recommend using: PFSense + postfix forwader + mailscanner
It seems like mailscanner started blocking zip file attachments (among others) and anything it missed, the postfix forwader header and mime mods I made also caught some. In addition to the RBL’s it’s a solid system.
Note that in mailscanner you’ll get a footer in a blocked piece of content like this: “For all your IT requirements visit: http://www.transtec.co.uk“
That’s because those guys sponsor mailscanner I guess (or develop it, not sure) and you can edit that out on PFSEnse x64 bit in this directory, all the report text files have it at the bottom:
/usr/pbi/mailscanner-amd64/local/share/MailScanner/reports/en
* Assuming you use the English version, if not it’s a directory higher and in the language you chose in the setup
The setup they now have is: Email to their firewall which runs postfix forwarder tied to active directory for valid recipient checking > mailscanner to check for viruses, spam and bad attachments > postfix forwarder for more checking > user inbox. It’s a fast, more direct and realtime method without much delay, certainly not 15 minutes! LOL!