-
- Getting Started
- Git and File-System Layout (non-default setup)
- Version Constraints
- Managing Themes and Plugins (for entire WordPress site)
- Updating Themes and Plugins (for entire WordPress site)
- Adding Composer Support to Your Own Themes and Plugins (for developers)
- Using Composer to Manage Own Theme/Plugin Dependencies (for developers)
-
- Assigning Multiple IP Addresses to Single LAN Card
- Disable IPv6 on Ubuntu 12.04
- dsh – distributed shell
- fdupes – find & replace duplicate files with hardlinks
- GPG Keys Cheatsheet
- Increase "Open Files Limit"
- kill all php, nginx, mysql or any kind of processes
- Passwordless Authentication for SSH
- Screen
- search replace in multiple files useing grep xargs sed
- Setup sftp
- sysctl.conf
- Timezone Sync
- Using Google Public DNS on Ubuntu Server
- Using openssl to match private key, cerificate and CSR
- Configure Postfix to Use Gmail SMTP on Ubuntu
- Logrotate Example for Custom Logs
- PHP 5.5, MySQL, Postfix, Nginx and WordPress on Ubuntu
- Serverdensity
- Upgrade Ubuntu 10.04 to 12.04
- Using find and sed to replace strings in multiple files
- Webmin
-
- .my.cnf – mysql user & password
- Analyse slow-query-log using Anemometer
- Improving MySQL Query Cache
- MySQL Query Profiling
- Reset MySQL root password
- tuning-primer.sh – an alternative for mysqltuner
- Using MariaDB 10
- Install/Upgrade to MySQL 5.6 on Ubuntu 12.04 LTS
- Change WordPress Domain Name
- Character Sets and Collations
- Enable innodb_file_per_table
- Enable Remote Access (Grant)
- Installing Percona Toolkit
- Using tmpfs for temporary folder creation
- YARPP and InnoDB
- Convert MyISAM to InnoDB
- Using tmpfs for mysqldump & mysqlimport
- Convert from INNODB to MYISAM
- Analyse slow-query-log using mysqldumpslow & pt-query-digest
- mysqlcheck with cron to optimize automatically
- Using MySQLTuner to Optimize MySQL configuration
-
- Checking FQDN, Reverse-DNS/PTR, MX record
- Clients
- DKIM with Postfix
- Postfix Queue Management
- RoundCube
- Server Setup
- Setup OpenDKIM
- SPF Records
- swaks – SMTP test tool
- Using larch for mail transfer between imap/gmail servers
- Debugging Postfix Config, Mail Logs & more
- Increasing Attachment Size in Posfix
-
- Adding $upstream_cache_status in HTTP Response Headers
- Amazon Elastic Load Balancer and Forwarding Real-IP Nginx
- Block wp-login.php bruteforce attack
- Configuring HTTP/2 Server Push
- Enable gzip compression
- fail2ban
- Filter query string for Redis-Nginx cache
- Let's Encrypt with EasyEngine
- Nginx's Open file cache
- Serving fonts with correct mime types
- SSL – PCI compliance and performance optimization
- Troubleshooting
- Tweaking fastcgi-buffers
- Using $upstream_cache_status in access.log
- Using Pagespeed
- Weak Diffie Hellman Logjam Attack Fix
- Website access restriction using nginx
- Enable Nginx Status Page
- Forwarding Visitor's Real-IP + Nginx Proxy/Fastcgi backend correctly
- Parsing access.log and error.logs using linux commands
- Debugging Nginx Configuration
- Nginx config for www to non-www and non-www to www redirection
- Optimizing Nginx Configuration
- Rewrite Rules for vBulletin SEO-friendly permalinks
-
- Directly connect to PHP-FPM
- Generating core-dump for php5-fpm
- GeoIP
- Having php5 and php7 on same system.
- Install Xdebug and configure it with webgrind
- Installation of PHP Code Review Tools
- memcache
- PHP's Zend Opcache Config & Web Viewer
- Setting Sqlite support with PHP
- Using HHVM with PHP-FPM Fallback
- Using Redis for PHP Sessions on Ubuntu Server
- Installing PhpMyAdmin Quickly
- Moving PHP's session storage to tmpfs
- Install Xdebug and configure it with Netbeans
- Nginx – Enable PHP-FPM Status Page
- PHP-FPM: Socket vs TCP/IP and sysctl tweaking
- APC Cache Optimization & Monitoring Using Web Interface
- Checking if PHP/WordPress can send mails
- Debugging PHP Scripts Using slow_log and more
- Increase file upload size limit in PHP-Nginx
- Increase PHP script execution time with Nginx
-
- Performance Optimization
- Remove Query string of css/js files
- Setup ElasticSearch with ElasticPress
- Using Redis for WordPress Object-Cache
- WooCommerce Window Shopping Caching Technique
- Moving WordPress To New Server (Faster)
- Better wp-cron using linux's crontab
- 404 error- Page not Found!!!
- Debugging WordPress with Nginx
Last updated on Dec 18, 2020
This article covers:
- Spam filtering setup using spamassassin
- Antivirus scanning using clamav
Installing packages amavis, clamav, spamassassin
apt-get install amavisd-new spamassassin clamav clamav-daemon arj zoo nomarch cpio lzop cabextract apt-listchanges libauthen-sasl-perl libdbi-perl libmail-dkim-perl p7zip rpm unrar-free libsnmp-perl Please note that amavis itself doesn’t do any kind of spam-checking or virus-checking. It uses spamassassin for spam-testing and clamav for virus-testing. So we need to configure amavis only to spam & virus filtering implemented.
Amavis Configuration
By default, amavis comes with all kind of checks disabled! Might sound strange but we need to enable everything.
Enable virus & spam checking:
vim /etc/amavis/conf.d/15-content_filter_mode Uncomment following lines:
@bypass_virus_checks_maps = ( \%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re); @bypass_spam_checks_maps = ( \%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re); If your server has less spare CPU power, you may leave virus-checking disabled. ClamAV consumes considerable CPU resources. Also note that these checks delays mail delivery (generally by few seconds).
Set filtering preference:
Open
vim /etc/amavis/conf.d/50-user Add following:
$sa_spam_subject_tag = undef; $spam_quarantine_to = undef; $sa_tag_level_deflt = undef; # Prevent spams from automatically rejected by mail-server $final_spam_destiny = D_PASS; # We need to provide list of domains for which filtering need to be done @lookup_sql_dsn = ( ['DBI:mysql:database=vimbadmin;host=127.0.0.1;port=3306', 'vimbadmin', 'password']); $sql_select_policy = 'SELECT domain FROM domain WHERE CONCAT("@",domain) IN (%k)'; If you are getting too many false positives, you may change $sa_tag_level_deflt to a positive value.
For lookup_sql_dsn, please make sure your mysql database details matches one that is used by postfix & dovecot.
To finalize changes:
service amavis restart Postfix config
Configuring amavis alone won’t work. We need to tell postfix to use amavis content-filters during mail processing.
Open vim /etc/postfix/master.cf
Find line containing:
pickup fifo n - - 60 1 pickup Add 2-lines below it so it looks like:
pickup fifo n - - 60 1 pickup -o content_filter= -o receive_override_options=no_header_body_checks Add following towards end:
smtp-amavis unix - - n - 2 smtp -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes -o max_use=20 127.0.0.1:10025 inet n - n - - smtpd -o content_filter= -o smtpd_delay_reject=no -o smtpd_client_restrictions=permit_mynetworks,reject -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_data_restrictions=reject_unauth_pipelining -o smtpd_end_of_data_restrictions= -o smtpd_restriction_classes= -o mynetworks=127.0.0.0/8 -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 -o smtpd_client_connection_count_limit=0 -o smtpd_client_connection_rate_limit=0 -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks -o local_header_rewrite_clients= Restart postfix
service postfix restart Testing
Its better to test if above setup is actually filtering spam & virus. Use following test: