This document describes how to install milter manager toUbuntu Linux. See Install for generalinstall information.
We provide milter manager deb packages for Ubuntu onLaunchpad.
You also enable the official backports repository to detect the latestviruses by the latest ClamAV.
% sudo add-apt-repository "deb http://archive.ubuntu.com/ubuntu $(lsb_release -cs)-backports main universe"
The milter manager APT repository for Ubuntu uses PPA (PersonalPackage Archive) on Launchpad. You caninstall milter manager by APT from the PPA.
Here are supported Ubuntu versions:
Add the ppa:milter-manager/ppa PPA to your system:
% sudo apt -y install software-properties-common % sudo add-apt-repository -y ppa:milter-manager/ppa % sudo apt update
Install milter manager:
% sudo apt -y install milter-manager
We use Postfix as MTA:
% sudo apt -V -y install postfix
We use spamass-milter, clamav-milter and milter-greylist asmilters:
% sudo apt -V -y install spamass-milter clamav-milter milter-greylist
Here is a basic configuration policy.
We use UNIX domain socket for accepting connection fromMTA because security and speed.
We set read/write permission for 'postfix' group to UNIXdomain socket because existing milter packages'configuration can be used.
milter-greylist should be applied only ifS25Rcondition is matched to reduce needless delivery delay.But the configuration is automatically done bymilter-manager. We need to do nothing for it.
At first, we configure spamd.
We add the following configuration to/etc/spamassassin/local.cf. This configuration is for addingheaders only if spam detected.
report_safe 0 remove_header ham Status remove_header ham Level
We change /etc/default/spamassassin like the following toenable spamd:
Before:
ENABLED=0
After:
ENABLED=1
spamd should be started:
% sudo /etc/init.d/spamassassin start
There are no changes for spamass-milter's configuration.
We don't need to change the default clamav-milter's configuration.
We change /etc/milter-greylist/greylist.conf for the followingconfigurations:
# note The configuration relaxes Greylist check to avoid Greylist adverse effect. It increases received spam mails but we should give priority to avoid false positive rather than false negative. We should not consider that we blocks all spam mails by Greylist. We can blocks spam mails that isn't blocked by Greylist by other anti-spam technique such as SpamAssassin. milter manager helps constructing mail system that combines some anti-spam techniques.
Before:
racl whitelist default
After:
subnetmatch /24 greylist 10m autowhite 1w racl greylist default
We change /etc/default/milter-greylist to enablemilter-greylist. milter-greylist uses IPv4 socket becausemilter-gresylist's run script doesn't support changingsocket's group permission:
Before:
ENABLED=0
After:
ENABLED=1 SOCKET="inet:11125@[127.0.0.1]"
milter-greylist should be started:
% sudo /etc/init.d/milter-greylist start
milter-manager detects milters that installed in system.We can confirm spamass-milter, clamav-milter andmilter-greylist are detected:
% sudo /usr/sbin/milter-manager -u milter-manager --show-config
The following output shows milters are detected:
...
define_milter("milter-greylist") do |milter|
milter.connection_spec = "inet:11125@[127.0.0.1]"
...
milter.enabled = true
...
end
..
define_milter("clamav-milter") do |milter|
milter.connection_spec = "unix:/var/run/clamav/clamav-milter.ctl"
...
milter.enabled = true
...
end
..
define_milter("spamass-milter") do |milter|
milter.connection_spec = "unix:/var/spool/postfix/spamass/spamass.sock"
...
milter.enabled = true
...
end
..
We should confirm that milter's name, socket path and'enabled = true'. If the values are unexpected,we need to change/etc/milter-manager/milter-manager.conf.See Configuration for details ofmilter-manager.conf.
But if we can, we want to use milter manager without editingmiter-manager.conf. If you report your environment to themilter manager project, the milter manager project mayimprove detect method.
We change /etc/default/milter-manager to work with Postfix:
Before:
# For postfix, you might want these settings: # SOCKET_GROUP=postfix # CONNECTION_SPEC=unix:/var/spool/postfix/milter-manager/milter-manager.sock
After:
# For postfix, you might want these settings: SOCKET_GROUP=postfix CONNECTION_SPEC=unix:/var/spool/postfix/milter-manager/milter-manager.sock
We create a directory for milter-manager's socket:
% sudo mkdir -p /var/spool/postfix/milter-manager/
We add milter-manager user to postfix group:
% sudo adduser milter-manager postfix
milter-manager's configuration is completed. We startmilter-manager:
% sudo /etc/init.d/milter-manager restart
/usr/bin/milter-test-server is usuful to confirmmilter-manager was ran:
% sudo -u postfix milter-test-server -s unix:/var/spool/postfix/milter-manager/milter-manager.sock
Here is a sample success output:
status: accept elapsed-time: 0.128 seconds
If milter-manager fails to run, the following message willbe shown:
Failed to connect to unix:/var/spool/postfix/milter-manager/milter-manager.sock: No such file or directory
In this case, we can use log to solve theproblem. milter-manager is verbosily if –verbose option isspecified. milter-manager outputs logs to standard output ifmilter-manager isn't daemon process.
We can add the following configuration to/etc/default/milter-manager to output verbose log tostandard output:
OPTION_ARGS="--verbose --no-daemon"
We start milter-manager again:
% sudo /etc/init.d/milter-manager restart
Some logs are output if there is a problem. Runningmilter-manager can be exitted by Ctrl+c.
OPTION_ARGS configuration in /etc/default/milter-managershould be commented out after the problem is solved to runmilter-manager as daemon process. And we should restartmilter-manager.
We add the following milter configuration to/etc/postfix/main.cf.
milter_default_action = accept
milter_protocol = 6
milter_mail_macros = {auth_author} {auth_type} {auth_authen}
Here are descriptions of the configuration.
We need to register milter-manager to Postfix. It'simportant that spamass-milter, clamav-milter,milter-greylist aren't needed to be registered because theyare used via milter-manager.
We need to add the following configuration to/etc/postfix/main.cf. Note that Postfix chrooted to/var/spool/postfix/.
smtpd_milters = unix:/milter-manager/milter-manager.sock
We reload Postfix configuration:
% sudo /etc/init.d/postfix reload
Postfix's milter configuration is completed.
milter-manager logs to syslog. If milter-manager works well,some logs can be showen in /var/log/mail.info. We need tosent a test mail for confirming.
There are many configurations to work milter and Postfixtogether. They can be reduced by introducing milter-manager.
Without milter-manager, we need to specify sockets ofspamass-milter, clamav-milter and milter-greylist tosmtpd_milters. With milter-manager, we doesn't need tospecify sockets of them, just specify a socket ofmilter-manager. They are detected automatically. We doesn'tneed to take care some small mistakes like typo.
milter-manager also supports ENABELD configuration used in/etc/default/milter-greylist. If we disable a milter, weuse the following steps:
% sudo /etc/init.d/milter-greylist stop % sudo vim /etc/default/milter-greylist # ENABLED=1 => ENABLED=0
We need to reload milter-manager after we disable a milter.
% sudo /etc/init.d/milter-manager reload
milter-manager detects a milter is disabled and doesn't useit. We doesn't need to change Postfix's main.cf.
We can reduce maintainance cost by introducingmilter-manager if we use some milters on Ubuntu.
milter manager also provides tools to helpoperation. Installing them is optional but we can reduceoperation cost too. If we also install them, we will go toInstall to Ubuntu(optional).