[CentOS] Use postfix and spamd on CentOS 6 - looking for a shortest guide

Mon Aug 18 10:53:33 UTC 2014
James B. Byrne <byrnejb at harte-lyne.ca>

On Wed, August 13, 2014 12:32, Timothy Murphy wrote:
> BC wrote:
>
>>> I've never seen a 1-page document that said,
>>> "These are the changes I made after downloading packages X, Y and Z."
>
>> There is a large chasm between configuring a mail server and understanding
>> the configuration of a mail server. Due to the many pitfalls and custom
>> environments, it is very difficult to have a 1-page document that does
>> much more than be an outbound MTA.
>
> Note what I asked for.
> If you have installed postfix + spamassassin or whatever under CentOS
> then presumably you downloaded certain packages
> and then made certain changes in config files and perhaps elsewhere.
> Therefore it is possible to write a short document just listing
> the changes you have made.
> It may be a waste of time in your view;
> but in my experience this is exactly what I want to read
> for my very basic home server needs.
>
>> Unlike apache, you can't just tweak the config after a failure
>> and hit 'refresh'.
>
> I don't see why not.
> That is exactly what I do, in both cases.
> The difference in my experience is that apache documentation is much better.
>
>> The postfix documentation does detail a few sane defaults,
>> but spamassassin is not part of postfix
>> and therefore the defaults have to be modified right from the get-go,
>> also unlike with apache where the defaults work for many people
>> because they don't require any complexity from their httpd servers.
>
> MySQL, LDAP, PHP, etc, are not part of httpd,
> but they all seem to me to work well together
> without studying the matter in depth.
>
>>  I would highly recommend getting a book on postfix.
>
> If I had to read a book in order to install and configure postfix
> I would go back to sendmail.
>
> You sound as though you think it is meritorious
> for software to be difficult to use.
> The task of postfix seems to me fairly easy to understand,
> so I don't see why implementing a solution should be that difficult.
>

The task of an SMTP service is what? To route messages from origin to
destination based on the DNS information relating to the delivery address
correct?  But SMTP is not intended for message composition, submission, final
delivery, display, content checking or any other ancillary operation.  And it
is these ancillary operations that are the source of much of the complexity
and nearly all of the confusion and difficulty experienced with setting up
Mail Transfer Agents (MTA).

For example, a major problem discussed WRT MTAs is the proper setup of
SpamAssassin (SA).  People talk about setting up SA to filter mail.  But SA
does not do that.  It simply scores messages as to the relative likelihood
that the message contents are UCE/SPAM.  Likewise, ClamAV does not filter for
virus infection, it simply detects and reports.

To filter one must configure the MTA to respond to the reports of SA and
ClamAV.  And there are many ways of configuring that response.  Sendmail uses
Milters for example whilst Postfix uses policy daemons. These are
fundamentally different approaches to the problem. However,  Postfix can also
provide a Milter-like interface.  Thus the configuration options can get quite
extensive and it is difficult to anticipate and describe 'normal'
configurations in such a case.

Using Amavisd-New (http://www.amavis.org/) with Postfix to configure SA and
ClamAv to filter mail worked best for me.  Trying to get Postfix to work
directly with either proved beyond my ability.  Even with Sendmail I found
that MailScanner was essential to get SA and ClamAV working together.   Given
that Amavis and MaiScanner exist for the sole purpose of bolting anti-spam and
anti-virus filters into Postfix and Sendmail I infer that most people have
experiences similar to mine.

The Postfix mailing list at Cloud9 is a good place to get help WITH SPECIFIC
POSTFIX PROBLEMS.  However, I believe that it would be, shall we say, unwise
to ask for hand-held guidance setting up a Postfix MTA on that list.  RTFM is
perhaps the mildest response one could expect.  On the other hand, asking a
very specific question about what TFM is trying to say in a particular section
usually elicits helpful replies.

I suggest that you look at Amavisd-New from EPEL and probably ClamAV from the
same source (do not mix EPEL and Repoforge packages in this case) and go from
there.  I believe that you will find that much easier to work with than trying
to use SA directly with Postfix.


-- 
***          E-Mail is NOT a SECURE channel          ***
James B. Byrne                mailto:ByrneJB at Harte-Lyne.ca
Harte & Lyne Limited          http://www.harte-lyne.ca
9 Brockley Drive              vox: +1 905 561 1241
Hamilton, Ontario             fax: +1 905 561 0757
Canada  L8E 3C3