There is a new version of this tutorial available for Debian 7 (Wheezy).

Virtual Users And Domains With Postfix, Courier And MySQL (Debian Etch) - Page 4

9 Install amavisd-new, SpamAssassin, And ClamAV

To install amavisd-new, spamassassin and clamav, run the following command:

apt-get install amavisd-new spamassassin clamav clamav-daemon zoo unzip bzip2 unzoo libnet-ph-perl libnet-snpp-perl libnet-telnet-perl nomarch lzop pax

Afterwards we must configure amavisd-new. The configuration is split up in various files which reside in the /etc/amavis/conf.d directory. Take a look at each of them to become familiar with the configuration. Most settings are fine, however we must modify three files:

First we must enable ClamAV and SpamAssassin in /etc/amavis/conf.d/15-content_filter_mode by uncommenting the @bypass_virus_checks_maps and the @bypass_spam_checks_maps lines:

vi /etc/amavis/conf.d/15-content_filter_mode

The file should look like this:

use strict;

# You can modify this file to re-enable SPAM checking through spamassassin
# and to re-enable antivirus checking.

#
# Default antivirus checking mode
# Uncomment the two lines below to enable it back
#

@bypass_virus_checks_maps = (
   \%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re);


#
# Default SPAM checking mode
# Uncomment the two lines below to enable it back
#

@bypass_spam_checks_maps = (
   \%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re);

1;  # insure a defined return

And then you should take a look at the spam settings and the actions for spam-/virus-mails in /etc/amavis/conf.d/20-debian_defaults. There's no need to change anything if the default settings are ok for you. The file contains many explanations so there's no need to explain the settings here:

vi /etc/amavis/conf.d/20-debian_defaults
$QUARANTINEDIR = "$MYHOME/virusmails";

$log_recip_templ = undef;    # disable by-recipient level-0 log entries
$DO_SYSLOG = 1;              # log via syslogd (preferred)
$syslog_ident = 'amavis';    # syslog ident tag, prepended to all messages
$syslog_facility = 'mail';
$syslog_priority = 'debug';  # switch to info to drop debug output, etc

$enable_db = 1;              # enable use of BerkeleyDB/libdb (SNMP and nanny)
$enable_global_cache = 1;    # enable use of libdb-based cache if $enable_db=1

$inet_socket_port = 10024;   # default listenting socket

$sa_spam_subject_tag = '***SPAM*** ';
$sa_tag_level_deflt  = 2.0;  # add spam info headers if at, or above that level
$sa_tag2_level_deflt = 6.31; # add 'spam detected' headers at that level
$sa_kill_level_deflt = 6.31; # triggers spam evasive actions
$sa_dsn_cutoff_level = 10;   # spam level beyond which a DSN is not sent

$sa_mail_body_size_limit = 200*1024; # don't waste time on SA if mail is larger
$sa_local_tests_only = 0;    # only tests which do not require internet access?

[...]
$final_virus_destiny      = D_DISCARD;  # (data not lost, see virus quarantine)
$final_banned_destiny     = D_BOUNCE;   # D_REJECT when front-end MTA
$final_spam_destiny       = D_BOUNCE;
$final_bad_header_destiny = D_PASS;     # False-positive prone (for spam)
[...]

Finally, edit /etc/amavis/conf.d/50-user and add the line $pax='pax'; in the middle:

vi /etc/amavis/conf.d/50-user
use strict;

#
# Place your configuration directives here.  They will override those in
# earlier files.
#
# See /usr/share/doc/amavisd-new/ for documentation and examples of
# the directives you can use in this file
#

$pax='pax';

#------------ Do not modify anything below this line -------------
1;  # insure a defined return

Afterwards, run these commands to add the clamav user to the amavis group and to restart amavisd-new and ClamAV:

adduser clamav amavis
 /etc/init.d/amavis restart
 /etc/init.d/clamav-daemon restart
 /etc/init.d/clamav-freshclam restart

Now we have to configure Postfix to pipe incoming email through amavisd-new:

postconf -e 'content_filter = amavis:[127.0.0.1]:10024'
 postconf -e 'receive_override_options = no_address_mappings'

Afterwards append the following lines to /etc/postfix/master.cf:

vi /etc/postfix/master.cf
[...]
amavis unix - - - - 2 smtp
        -o smtp_data_done_timeout=1200
        -o smtp_send_xforward_command=yes

127.0.0.1:10025 inet n - - - - smtpd
        -o content_filter=
        -o local_recipient_maps=
        -o relay_recipient_maps=
        -o smtpd_restriction_classes=
        -o smtpd_client_restrictions=
        -o smtpd_helo_restrictions=
        -o smtpd_sender_restrictions=
        -o smtpd_recipient_restrictions=permit_mynetworks,reject
        -o mynetworks=127.0.0.0/8
        -o strict_rfc821_envelopes=yes
        -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
        -o smtpd_bind_address=127.0.0.1

Then restart Postfix:

/etc/init.d/postfix restart

Now run

netstat -tap

and you should see Postfix (master) listening on port 25 (smtp) and 10025, and amavisd-new on port 10024:

server1:/etc/postfix# netstat -tap
 Active Internet connections (servers and established)
 Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
 tcp        0      0 localhost.localdo:10024 *:*                     LISTEN     14491/amavisd (mast
 tcp        0      0 localhost.localdo:10025 *:*                     LISTEN     14869/master
 tcp        0      0 localhost.localdo:mysql *:*                     LISTEN     12181/mysqld
 tcp        0      0 *:sunrpc                *:*                     LISTEN     1684/portmap
 tcp        0      0 *:auth                  *:*                     LISTEN     2036/inetd
 tcp        0      0 *:1522                  *:*                     LISTEN     2077/rpc.statd
 tcp        0      0 *:smtp                  *:*                     LISTEN     14869/master
 tcp        0      0 localhost.localdom:smtp localhost.localdom:2894 TIME_WAIT  -
 tcp6       0      0 *:imaps                 *:*                     LISTEN     12453/couriertcpd
 tcp6       0      0 *:pop3s                 *:*                     LISTEN     12482/couriertcpd
 tcp6       0      0 *:pop3                  *:*                     LISTEN     12463/couriertcpd
 tcp6       0      0 *:imap2                 *:*                     LISTEN     12436/couriertcpd
 tcp6       0      0 *:www                   *:*                     LISTEN     3712/apache2
 tcp6       0      0 *:ssh                   *:*                     LISTEN     2058/sshd
 tcp6       0      0 server1.example.com:ssh ::ffff:192.168.0.2:4515 ESTABLISHED2139/0
 tcp6       0      0 server1.example.com:ssh ::ffff:192.168.0.2:4648 ESTABLISHED14784/sshd: [email protected]
 

10 Install Razor, Pyzor And DCC And Configure SpamAssassin

Razor, Pyzor and DCC are spamfilters that use a collaborative filtering network. To install them, run

apt-get install razor pyzor dcc-client

Now we have to tell SpamAssassin to use these three programs. Edit /etc/spamassassin/local.cf and add the following lines to it:

vi /etc/spamassassin/local.cf
[...]

# dcc
use_dcc 1
dcc_path /usr/bin/dccproc
dcc_add_header 1
dcc_dccifd_path /usr/sbin/dccifd

#pyzor
use_pyzor 1
pyzor_path /usr/bin/pyzor
pyzor_add_header 1

#razor
use_razor2 1
razor_config /etc/razor/razor-agent.conf

#bayes
use_bayes 1
use_bayes_rules 1
bayes_auto_learn 1

Restart amavisd-new afterwards:

/etc/init.d/amavis restart
Share this page:

6 Comment(s)

Add comment

Please register in our forum first to comment.

Comments

By:
Reply  

Hi,

 why do you add this SMTP-PAM-Module? I don't see any sense in this.

By the way: In Debian Etch you have to enable DCC in /etc/spamassassin/v310.pre

Regards,

Hypz 

By:
Reply  

Hi, first ov all thanks for the tut.

In etch you also have to activate spamassasin in /etc/default/spamassasin "ENABLE = 1"

Also I found this in the Fedora tut. about the paths ( it worked for me on etch ):

the dcc_path to the socket is (as I followed exacly the way of installing as described in this tut):

/var/lib/dcc/dccifd

* dcc_add_header and  pyzor_add_header are deprecated (Cf. http://spamassassin.apache.org/full/2.6x/dist/doc/Mail_SpamAssassin_Conf.txt), instead use respectively add_header all DCC _DCCB_: _DCCR_ and add_header all Pyzor _PYZOR_

 * to make amavis keep a part of the spamassassin header, add the following lines to your amavisd.conf :

$remove_existing_spam_headers = 0;

$sa_spam_report_header = 1;

Please correct me if I'm wrong. But it looks like this how it worked for me.

Greets Josh 

 

By:
Reply  

You are wrong, spamd is typically not used along with amavisd-new. amavisd-new calls spamassassin directly via Perl module Mail::SpamAssassin. So, I suggest leaving the default of "ENABLE = 0" in /etc/default/spamassasin.

By: Tim
Reply  

I was able to make this run in lenny with some light modifications, no DCC (debian boycotted it in lenny), etc.

Everything works nicely, but spamassassin, razor and pyzor do not print any headers in the e-mail, when "$sa_tag_level_deflt = undef;".

On the amavis startup logging, it does show razor2 being loaded, but not pyzor, while both are installed (did not configuration though).

Amavis is logging to mail.log whether the message is spam or not, and the X-Virus-Scanned shows, but no spamassassin, razor (and pyzor, but it won't even load) headers. Should I just install the perl package for spamassassin? I currently have the "spamassasin" lenny deb installed.

 

"$QUARANTINEDIR = "$MYHOME/virusmails";
$quarantine_subdir_levels = 1; # enable quarantine dir hashing

$log_recip_templ = undef;    # disable by-recipient level-0 log entries
$DO_SYSLOG = 1;              # log via syslogd (preferred)
$syslog_ident = 'amavis';    # syslog ident tag, prepended to all messages
$syslog_facility = 'mail';
$syslog_priority = 'debug';  # switch to info to drop debug output, etc

$enable_db = 1;              # enable use of BerkeleyDB/libdb (SNMP and nanny)
$enable_global_cache = 1;    # enable use of libdb-based cache if $enable_db=1

$inet_socket_port = 10024;   # default listening socket

$sa_spam_subject_tag = '***SPAM*** ';
$sa_tag_level_deflt = undef;   # add spam info headers if at, or above that level
$sa_tag2_level_deflt = 4.00;   # add 'spam detected' headers at that level
$sa_kill_level_deflt = 6.31;   # triggers spam evasive actions
$sa_dsn_cutoff_level = 10;     # spam level beyond which a DSN is not sent
"

Thanks!

Tim

By:
Reply  

I got this error in /var/log/mail.log
Can't connect to UNIX socket /var/run/clamav/clamd.ctl: No such file or directory

Sollution -> http://blog.brachium-system.net/categories/7-virus

By:
Reply  

Hi i folowed this guide and the server has worked well for over a year but now clamd uses up 100% of my cpu.