Email upgrade: Replacing Axigen mail with MailScanner

Page 2 of 3

MailScanner has support for many anti-virus programs and integrates with SpamAssassin, which is finally active again (it may not have been inactive, but since SARE went offline it was fairly useless at blocking new Spam). This is extremely important because the Spam rules must be updated at all times.

It seems there is just not one tool that does everything. So I finally decided on using:

  • MailScanner

  • Postfix

  • ClamAV (via clamD)

  • Dovecot

  • SpamAssassin

  • Mailwatch

  • Postfix.admin

And to add to the web based management capabilities I chose to use Webmin as well.

Postfix was trivial to get working without a SQL backend. It is important to have Postfix working before you add in MailScanner. MailScanner requires the MTA, Anti-Virus, and Spam Assassin to be pre-installed. The install script that comes with MailScanner is very good at resolving dependencies. Even so, the key to integrating everything is to pay very close attention to permissions. MailScanner runs as the Postfix user, this is crucial. ClamAV however generally runs as the clam or clamav user. User permissions are the worst issues to overcome. Here is what I ended up doing:

  • Postfix as postfix user

  • Dovecot as mail user using Maildir format

  • Dovecot deliver program running as mail (from within postfix). To do this, I set my local_transport within Postfix to be 'virtual,' which uses the virtual_transport mechanism to store local email. If you use the standard mailbox_command setting of using the dovecot deliver program, deliver cannot deliver the email without using setuid permissions, which is a poor security choice. In addition, to make this happen, I had to set the Postfix virtual_minimum_uid option to the UID of the mail user as well as the virtual_uid_maps to be 'static:8'. In essence always deliver email as the mail user. Since I do not have physical local users, this allows Dovecot to manage all email.

  • SpamAssassin runs via MailScanner so runs as the user postfix

  • ClamD was changed however to run as the root user. Eventually, this will need to change back to the clam user, but there are issues with being able to write and read the temporary files owned by postfix. Running as either mail or postfix did not solve this problem.

There are lots of write-ups on how to get MailScanner + Postfix + Dovecot working together. I used the following resources to install and solve problems.

| 1 2 3 Page 2
ITWorld DealPost: The best in tech deals and discounts.
Shop Tech Products at Amazon