Spam and Anti-Virus Scanning
On a per-virtual-server basis, Virtualmin enables spam and virus checking for email, and you may customize what happens to email that is flagged as spam or virus-laden. Under the hood, it scans emails for viruses and spam using the well-known SpamAssassin https://spamassassin.apache.org/ and ClamAV https://www.clamav.net/ packages.
Based on the message's content and the servers it was received from, SpamAssassin assigns each message it scans a score indicating how spammy it is. Typically, anything with a score of 5 or higher is considered to be spam. ClamAV, on the other hand, merely checks the message's content against a database of recognized viral signatures and indicates whether any were discovered or not.
Turning On Spam and Virus Scanning
In a typical Virtualmin installation, you can enable filtering for a new or existing virtual server by just selecting the Spam filtering enabled? and Virus filtering enabled? checkboxes in the features section of the Create or Edit Virtual Server page.
If they do not appear, make sure that these features are enabled globally on your system. This can be done as follows :
- Login as
root
, open the System Settings category on the left menu, and click on Features and Plugins. - Check the boxes next to Spam filtering and Virus filtering.
- Click Save. If you see any error messages about SpamAssassin or ClamAV not being installed, you'll need to install their packages on your system first.
Spam and Virus Filtering and Procmail
Depending on the domain to which each email received is delivered, Virtualmin internally creates a /etc/procmailrc
file that, in turn, runs a Procmail include file under /etc/webmin/virtual-server/procmail
. The spamassassin
and clamscan
commands are then executed, and the output is used to determine whether or not email should be delivered to a specific folder or deleted.
SpamAsssassin is run with command-line parameters that tell it to use configuration files under /etc/webmin/virtual-server/spam
, which can be different for each domain. This way, domain owners can customize their own SpamAssassin rules, spam levels and message modification settings.
Changing Delivery Destinations
By default, email classified as spam as delivered to the ~/Maildir/.spam
file under each user's home directory. This shows up as a folder named spam
in users' mail clients, and in Usermin. Email that is detected as containing viruses is deleted by default, as virus detection is almost 100% accurate.
However, you can change these destinations on a per-domain basis using Virtualmin. Some users may prefer that spam be deleted outright, or delivered normally so that it can be filtered by their mail clients. To change the delivery rules, the steps to follow are :
- Login to Virtualmin as
root
or as the domain owner. - Select the domain from the left menu.
- Open the Server Configuration category, and click on Spam and Virus Delivery.
- Change the Destination for spam emails and for virus emails to whatever you want.
- Click Save. The changes will take effect for email delivered from now on.
In Virtualmin versions 3.54 and above, you can select to have email whose virus score is above some threshold deleted instead of being delivered to a spam
folder. This can be used to stop the delivery of messages that are obviously spam, saving on disk spam and the bandwidth used to download them.
To delete high-scoring spam, just follow the steps above and set the Delete spam if score is above field to some number like 10.
Default Delivery Destinations
If you have spam and virus delivery destinations that you want used for all new domains, you can set them as follows :
- Login to Virtualmin as
root
. - Open the System Settings category on the left menu, and click on Module Config.
- Select the Spam filtering options section.
- Change the Default delivery for spam and for viruses to whatever you want.
- Click Save.
To make changes for all existing domains, use the modify-spam.pl
command-line API script.
Automatic Spam Clearing
If Virtualmin is configured to deliver spam to a separate folder for each user, this can end up consuming a lot of disk space and disk quotas. To keep usage down, it is possible have Virtualmin automatically delete users' spam that is more than a certain number of days old, or is taking up more than some amount of disk space.
To set this up for a single domain, the steps to follow are :
- Select the domain from Virtualmin's left menu.
- Open the Server Configuration category, and click on Spam and Virus Delivery.
- In the Automatically delete spam? field, select Yes, if older than and enter a number of days into the adjacent text box. I suggest 5 days, which is more than enough time for users to periodically check their spam folders for false positives.
- Click Save.
If you prefer to delete based on disk usage, select Yes, when mailbox exceeds instead and enter a maximum size for the spam folder. When this is exceeded, messages will be deleted oldest first until it is smaller than the specified size.
The default setting for new virtual servers can be set on the Module Config page in the Spam filtering options section. To make changes for all existing domains, use the modify-spam.pl
command-line API script.
Reducing CPU Load with Clamd
In the default Virtualmin configuration, each email received is processed with the clamscan
command to check if it contains viruses. Unfortunately, this can take anywhere from seconds to minutes to run, particularly on VPS systems that have limited IO bandwidth or CPU resources. Most of this time is spent loading the virus database, which is continually growing as new viruses are found by the ClamAV authors.
Slowness running clamscan
can cause email delivery to be delayed by several minutes, during which messages stay in the Postfix mail queue. It can also lead to high CPU load on the system, which then slows down other services like Apache or MySQL.
Fortunately, there is a fix - the clamd
server process, which loads the virus database just once and then stays running. When email arrives, the clamdscan
command connects to it, passes over the message to be scanned, then reads back the results. This typically only takes a seconds, even on a system with limited resources.
If your system is receiving a large amount of email, I recommend the use of clamd
. It probably isn't worth running on a system used primarily as a web server though, as it consumes about 750MB of RAM at all times. ClamAV is not suitable for use on a low-memory system.
To enable the use of the ClamAV server process, follow these steps :
- Login to Virtualmin as
root
. - Open the Email Messages category on the left menu, and click on Spam and Virus Scanning.
- At the bottom of the page you should see a button labelled Enable ClamAV Server - click it. If the button isn't visible, this means that Virtualmin doesn't know how to configure
clamd
on your operating system, and you will need to do it manually. - After clicking, check the messages that appear to make sure that no errors were reported. If all went well, return to the Spam and Virus Scanning page.
- Change the Virus scanning program to Server scanner (clamdscan) , and click Save.
Virtualmin will check if clamd
and clamdscan
are working properly, and if so configure all virtual servers to use it for virus classification from now on.
Common ClamAV Problems
If Virtualmin reports that the clamscan
command is not working on your system, here are some things to try :
- Run
freshclam
to download the virus database. On some systems, the standard ClamAV packages do not include any virus data files, soclamscan
cannot run. - Remove the
Example
line from/etc/freshclam.conf
. On some systems this line exists by default, to intentionally preventfreshclam
from running! - Make sure that the virus database path in
/etc/clamd.conf
matches the directory updated byfreshclam
. If not,clamd
will not start due to the lack of data files.
Moving Spam and Virus Scanning to Another System
SpamAssassin and ClamAV can use up a lot of CPU time, which on a system that receives a lot of email can significantly slow down email processing. However, it is possible to move some of this load to a separate system, by making use of spamd
and clamd
, the SpamAssassin and ClamAV server processes.
These can be run on one or two other systems on your network, and Virtualmin on the master system that actually receives email configured to offload scanning to them.
In the instructions below, serverip is the IP address of the system that will be running spamd
, and virtualminip is the IP of the Virtualmin machine.
Setting up Spamd on CentOS, Fedora or Redhat
- Login to the system you want to run
spamd
on asroot
- Install SpamAssassin with :
yum install spamassassin
- Edit the file
/etc/sysconfig/spamassassin
and add the following to theSPAMDOPTIONS
line :-i serverip -A virtualminip
An example file would look like :# Options to spamd
SPAMDOPTIONS="-d -c -m5 -H -i 193.9.101.242 -A 193.9.101.104" - Run the following commands to start
spamd
:/etc/init.d/spamassassin restart
chkconfig spamassassin on- If you are using a firewall on this system, open up port 783 to enable connections to SpamAssassin
Setting up Spamd on Debian or Ubuntu
- Login to the system you want to run
spamd
on asroot
- Install SpamAssassin with :
apt-get install spamassassin
- Edit the file
/etc/default/spamassassin
, and change the lineENABLED=0
toENABLED=1
. - In the same file, add the following to the
OPTIONS
line :-i serverip -A virtualminip
An example completed line would look like :OPTIONS="--create-prefs --max-children 5 --helper-home-dir -i 193.9.101.120 -A 193.9.101.104"
- Run the following commands to start
spamd
:/etc/init.d/spamassassin restart
update-rc.d -f spamassassin defaults- If you are using a firewall on this system, open up port 783 to enable connections to SpamAssassin
Configuring Virtualmin to Use a Remote Spamd
Once spamd
is running on the remote system, you can configure Virtualmin to use it as follows. Note that this will prevent domains and mailboxes from having their own SpamAssassin rules, unless you setup spam
to fetch them from a MySQL or LDAP database .
- Login to Virtualmin as
root
, and go to Email Messages -> Spam and Virus Scanning. - Change the SpamAssassin client program menu to spamc.
- Set the Server host for spamc to the IP address of the remote server you setup above.
- Click Save.
Now try sending email to a mailbox in one of the domains with spam filtering enabled on your Virtualmin server, and check if SpamAssassin X-Spam
headers are added. If not, check /var/log/mail*
on both the Virtualmin and spam scanning systems for error messages, and /var/log/procmail.log
.
Setting up Clamd on a Remote System
The easiest way to setup clamd
is to use Virtualmin's built-in support for configuring it. The steps to do this are :
- Install Virtualmin GPL or Pro on the system to be used for running
clamd
. You don't need to create any domains, or run any other servers like MySQL or Postfix. - Login to the new Virtualmin, and go to Email Messages -> Spam and Virus Scanning.
- Click the Enable ClamAV Server button.
- SSH into the system as
root
, and edit the file/etc/clamd.conf
and make sure the lineTCPSocket 3310
exists and is not commented out. - Also make sure the line
TCPAddr 127.0.0.1
does not exist or is commented out. - Run the command
/etc/init.d/clamd-virtualmin restart
or/etc/init.d/clamd restart
to apply the configuration changes.- If you are using a firewall on this system, open up port 3310 to enable connections to ClamAV
Configuring Virtualmin to Use a Remote Clamd
Unfortunately, the executables provided as part of the ClamAV package do not seem to support connecting to a remote server. However, the clamd-stream-client
program can do this, and can be used by Virtualmin versions 3.63 and later. You can download it from : https://sourceforge.net/projects/clamd-stream-cl/
Once you have the clamd-stream-client-1.3.tar.gz
file on your Virtualmin system, it can be compiled and installed with the commands :
tar xvzf clamd-stream-client-1.3.tar.gz
cd clamd-stream-client-1.3
./configure
make
make install
You can now configure Virtualmin 3.63 or later to use it as follows :
- Login to Virtualmin as
root
, and go to Email Messages -> Spam and Virus Scanning. - Change the Virus scanning program to Remote server scanner
- In the Server host for clamd-stream-client field, enter the hostname of the system running Clamd that you setup in the previous section.
- Click Save.
Assuming that clamd-stream-client
works and can contact the remote system, it will be enabled and used for virus scanning for all domains.