Deploing CentOS 7 with postfix,

MailScanner, spamassassin, ClamAV as

SMTP gateway
Basic system configuration

First we will start by removing firewalld and install iptables. We will then open correct ports.
Next we will disable selinux and do complete update. This steps are not necessary and you can
configure selinux and firewall to work with this configuration but to make deployment quicker
we will not use this features for now.

#systemctl mask firewalld

#systemctl stop firewalld
#yum -y install iptables-services
#systemctl enable iptables
#systemctl start iptables
#iptables -I INPUT -p tcp --dport 25 -j ACCEPT
#iptables -I INPUT -p tcp --dport 10000 -j ACCEPT #webmin web interface
#service iptables save

disable selinux by editing /etc/selinux/config and changing enforcing directive to disabled , you
will need to restart system after that.

#yum update -y

Postfix configuration with relay maps

Now lets edit /etc/postfix/main.cf and make following configuration changes.

inet_interfaces = all # make sure the other ones are disabled - see below
#inet_interfaces = $myhostname
#inet_interfaces = $myhostname, localhost
#inet_interfaces = localhost

relay_domains = toys.com
mynetworks_style = hos t #uncomment
mynetworks = 192.168.0.23 #add this to only accept messaged for relay
from your trusted ip addressed in this case your internal SMTP server

add this to the end of /etc/postfix/main.cf

transport_maps = hash:/etc/postfix/transport

Edit etc/postfix/transport

toys.com smtp:[192.168.0.23] # relay map

#postmap /etc/postfix/transport
#systemctl restart postfix

Install MailScanner

#yum install perl unzip gcc patch rpm-build cpp perl-DBI perl-MIME-tools
perl-DBD-SQLite binutils glibc-devel perl-Filesys-Df zlib zlib-devel automake
perl-devel

download MailScanner-4.84.6-1.rpm.tar.gz to /opt directory or any other directory where you

want to install your software.

#tar xvf MailScanner-4.84.6-1.rpm.tar.gz

#cd MailScanner-4.84.6-1
#./install.sh

Install Spamassassin

#yum install spamassassin

#sa-update #update spamassasin
#service spamassassin start
#chkconfig spamassassin on

Install ClamAV

#rpm -Uhv http://apt.sw.be/redhat/el5/en/x86_64/rpmforge/RPMS//rpmforge-

release-0.3.6-1.el5.rf.x86_64.rpm
#yum install clamav
#freshclam

Configuration

#mkdir /var/spool/MailScanner/spamassassin
#chown postfix /var/spool/MailScanner/spamassassin
#chown postfix /var/spool/MailScanner/incoming/*
#chkconfig postfix off
#systemctl disable postfix.service
#systemctl stop postfix.service
#vim /etc/postfix/main.cf

Add line below at the bottom

header_checks = regexp:/etc/postfix/header_checks
vim /etc/postfix/header_checks

Add line below

/^Received:/ HOLD

vim /etc/MailScanner/MailScanner.conf
Make changes below

Run As User = postfix

Run As Group = postfix
Incoming Queue Dir = /var/spool/postfix/hold
Outgoing Queue Dir = /var/spool/postfix/incoming
MTA = postfix
SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin

Change permissions on some directories and files

#chown postfix.postfix /var/spool/MailScanner/incoming

#chown postfix.postfix /var/spool/MailScanner/quarantine
#chown postfix /var/spool/MailScanner/spamassassin
#chown postfix /var/spool/MailScanner/incoming/*

Start MailScanner

#MailScanner -lint #check configuration - make sure there is no errors

#service MailScanner restart

Install webmin

This step is also optional but it makes configuring and maintaining your server or vm much
quicker.

Edit /etc/yum.repos.d/webmin.repo # add the following

[Webmin]

name=Webmin Distribution Neutral

#baseurl=http://download.webmin.com/download/yum
mirrorlist=http://download.webmin.com/download/yum/mirrorlist
enabled=1
rpm --import http://www.webmin.com/jcameron-key.asc
#yum check-update
#yum install webmin -y
#chkconfig webmin on
#service webmin start