Ubuntu UTM Homebrew - Part 3 - Mail Proxy and Spam Checker

1 minute read

In this guide we will be setting up a mail proxy and spam checker that will run transparently.  This will be running on our Ubuntu UTM server that we have been building and you can check out Part 1 and Part 2 as well.

We will be using EXIM4 (Using google as a smarthost), P3SCAN, SpamAssassin and clamav (already installed from part 1 of the UTM setup).

So let’s get started.

Install the packages we need for this all to work

sudo apt-get install exim4 sa-exim spamassassin

Now we need to configure exim to use Google as a smarthost

sudo dpkg-reconfigure exim4-config

Choose “Mail sent by smarthost… Set system mail name to whatever fits for you On the screen for “IP address or host name of outgoing smarthost” enter

smtp.gmail.com::587

(two colons) Now we need to configure exim with the username/password to use for relaying to work through google

sudo nano /etc/exim4/passwd.client

add these lines to the end of the file

smtp.gmail.com:[email protected]:PaSsWoRd
gmail-smtp.l.google.com:[email protected]:PaSsWoRd
*.google.com:[email protected]:PaSsWoRd

Now we need to configure the iptables rules for the redirect to work as traffic passes through our bridged utm server and flows through p3scan.  This will be accomplished by adding the following rules.

sudo iptables -t nat -A PREROUTING -i br0 -p tcp -m tcp --dport 25 -j REDIRECT --to-port 8110
sudo iptables -t nat -A PREROUTING -i br0 -p tcp -m tcp --dport 110 -j REDIRECT --to-port 8110
sudo iptables -t nat -A PREROUTING -i br0 -p tcp -m tcp --dport 143 -j REDIRECT --to-port 8110

Now we should have a working mail proxy and spam checker as email flows start passing through the UTM.  This will only work with smtp (tcp/25), pop3 (tcp/110) and imap (tcp/143).  This setup will not work with any web based email.  You can verify that email is getting redirected through the proxy using the following command.

sudo iptables -L -v -n -t nat

image

And there you go. If you have any questions please let me know.

Updated:

Leave a comment