Integrating amavisd-new Into Postfix For Spam- And Virus-Scanning - Page 2
On this page
3 Debian Sarge
For volatile packages such as ClamAV (there are new ClamAV releases very often), there exists the Debian-volatile repository (for Sarge and Woody only at the time of this writing). To make sure that we install the latest ClamAV package, we edit /etc/apt/sources.list first and add the following line to it:
vi /etc/apt/sources.list
[...] deb http://volatile.debian.net/debian-volatile sarge/volatile main contrib non-free |
Afterwards we update our packages database by running:
apt-get update
Then we install amavisd-new, SpamAssassin, and ClamAV together with a few other programs (mainly programs that amavisd-new needs to unpack archives, because emails can contain archives as attachments):
apt-get install amavisd-new spamassassin clamav clamav-daemon zoo unzip unarj bzip2 unzoo libnet-ph-perl libnet-snpp-perl libnet-telnet-perl nomarch lzop
You will be asked a few questions:
Virus database update method: <-- daemon
Local database mirror site: <-- db.de.clamav.net (Germany; select the mirror that is closest to you)
HTTP proxy information (leave blank for none): <-- (blank)
Should clamd be notified after updates? <-- Yes
Afterwards we must configure amavisd-new by editing /etc/amavis/amavisd.conf. This is a very long file with lots of comments. Most default settings are ok, however please make sure that the @bypass_virus_checks_acl and @bypass_spam_checks_acl are commented out because otherwise amavisd-new will not load the anti-spam/-virus code (in my copy the @bypass_spam_checks_acl line was active so I had to comment it out):
vi /etc/amavis/amavisd.conf
[...] # @bypass_virus_checks_acl = qw( . ); # uncomment to DISABLE anti-virus code [...] # @bypass_spam_checks_acl = qw( . ); # No default dependency on spamassassin [...] |
And then you should take a look at the spam settings and the actions for spam-/virus-mails in the same file. There's no need to change anything if the default settings are ok for you. The file contains many explanations so there's no need to explain the settings here:
[...] $final_virus_destiny = D_DISCARD; # (defaults to D_BOUNCE) $final_banned_destiny = D_BOUNCE; # (defaults to D_BOUNCE) $final_spam_destiny = D_REJECT; # (defaults to D_REJECT) $final_bad_header_destiny = D_PASS; # (defaults to D_PASS), D_BOUNCE suggested [...] $virus_admin = "postmaster\@$mydomain"; # due to D_DISCARD default [...] $QUARANTINEDIR = '/var/lib/amavis/virusmails'; #$virus_quarantine_method = "local:virus-%i-%n"; # default #$spam_quarantine_method = "local:spam-%b-%i-%n"; # default $virus_quarantine_to = 'virus-quarantine'; # traditional local quarantine $spam_quarantine_to = 'spam-quarantine'; [...] $sa_local_tests_only = 1; # (default: false) #$sa_auto_whitelist = 1; # turn on AWL (default: false) # Timout for SpamAssassin. This is only used if spamassassin does NOT # override it (which it often does if sa_local_tests_only is not true) $sa_timeout = 30; # timeout in seconds for a call to SpamAssassin # (default is 30 seconds, undef disables it) # AWL (auto whitelisting), requires spamassassin 2.44 or better # $sa_auto_whitelist = 1; # defaults to undef $sa_mail_body_size_limit = 150*1024; # don't waste time on SA is mail is larger # (less than 1% of spam is > 64k) # default: undef, no limitations # default values, can be overridden by more specific lookups, e.g. SQL $sa_tag_level_deflt = 4.0; # add spam info headers if at, or above that level $sa_tag2_level_deflt = 6.31; # add 'spam detected' headers at that level $sa_kill_level_deflt = $sa_tag2_level_deflt; # triggers spam evasive actions # at or above that level: bounce/reject/drop, # quarantine, and adding mail address extension $sa_dsn_cutoff_level = 10; # spam level beyond which a DSN is not sent, # effectively turning D_BOUNCE into D_DISCARD; # undef disables this feature and is a default; $sa_spam_subject_tag = '***SPAM*** '; # (defaults to undef, disabled) [...] |
Afterwards, run these commands to add the clamav user to the amavis group and to restart amavisd-new and ClamAV:
adduser clamav amavis
/etc/init.d/amavis restart
/etc/init.d/clamav-daemon restart
Next we must edit the configuration file of the Freshclam daemon (that's the daemon that regularly and automatically fetches the newest virus signatures from a ClamAV mirror) because it contains a small bug. Open /etc/clamav/freshclam.conf and modify the NotifyClamd line as shown below:
vi /etc/clamav/freshclam.conf
[...] NotifyClamd /etc/clamav/clamd.conf [...] |
Then restart Freshclam (make sure no other Freshclam process (maybe of another ClamAV installation) is running because then our Freshclam will fail to start):
/etc/init.d/clamav-freshclam restart
Now we have to configure Postfix to pipe incoming email through amavisd-new:
postconf -e 'content_filter = amavis:[127.0.0.1]:10024'
postconf -e 'receive_override_options = no_address_mappings'
Afterwards append the following lines to /etc/postfix/master.cf:
vi /etc/postfix/master.cf
[...] amavis unix - - - - 2 smtp -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes 127.0.0.1:10025 inet n - - - - smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_client_restrictions= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks=127.0.0.0/8 -o strict_rfc821_envelopes=yes -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks -o smtpd_bind_address=127.0.0.1 |
Then restart Postfix:
/etc/init.d/postfix restart
Now run
netstat -tap
and you should see Postfix (master) listening on port 25 (smtp) and 10025, and amavisd-new on port 10024:
server1:~# netstat -tap
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 localhost.localdo:10024 *:* LISTEN 4369/amavisd (maste
tcp 0 0 localhost.localdo:10025 *:* LISTEN 4895/master
tcp 0 0 *:874 *:* LISTEN 1964/rpc.statd
tcp 0 0 *:sunrpc *:* LISTEN 1553/portmap
tcp 0 0 *:auth *:* LISTEN 1932/inetd
tcp 0 0 *:smtp *:* LISTEN 4895/master
tcp6 0 0 *:imaps *:* LISTEN 3177/couriertcpd
tcp6 0 0 *:pop3s *:* LISTEN 3094/couriertcpd
tcp6 0 0 *:pop3 *:* LISTEN 3038/couriertcpd
tcp6 0 0 *:imap2 *:* LISTEN 3129/couriertcpd
tcp6 0 0 *:ssh *:* LISTEN 1943/sshd
tcp6 0 0 *:smtp *:* LISTEN 4895/master
tcp6 0 148 localhost:ssh localhost:4631 ESTABLISHED2052/0
If you like you can now add Razor, Pyzor, and DCC to SpamAssassin to improve its filtering performance. Razor, Pyzor and DCC are spamfilters that use a collaborative filtering network. To install them, run
apt-get install razor pyzor dcc-client
Now we have to tell SpamAssassin to use these three programs. Edit /etc/spamassassin/local.cf and add the following lines to it:
vi /etc/spamassassin/local.cf
[...] # dcc use_dcc 1 dcc_path /usr/bin/dccproc dcc_add_header 1 dcc_dccifd_path /usr/sbin/dccifd #pyzor use_pyzor 1 pyzor_path /usr/bin/pyzor pyzor_add_header 1 #razor use_razor2 1 razor_config /etc/razor/razor-agent.conf #bayes use_bayes 1 use_bayes_rules 1 bayes_auto_learn 1 |
Restart amavisd-new afterwards:
/etc/init.d/amavis restart
That's it already. Now watch your mail log (/var/log/mail.log) to see if amavisd-new is working properly. amavisd-new will log whenever it finds a spam or virus email. When you (re)start amavisd-new it should also log that it loads its spam and virus scanning code (if not, you probably did something wrong).
For taking a live look at your mail log, you can use this command:
tail -f /var/log/mail.log
(Press CTRL + c to leave the log.)
4 Links
- amavisd-new: http://www.ijs.si/software/amavisd
- Postfix: http://www.postfix.org
- ClamAV: http://www.clamav.net
- SpamAssassin: http://spamassassin.apache.org
- Debian: http://www.debian.org
- Ubuntu: http://www.ubuntu.com