Introduction
In this howto, Postfix integration with amavis-new will be presented. Amavis-new is a wrapper that can call any number of content filtering programs for spam detection, antivirus, etc. In this howto, integration with Spamassassin and Clamav will be presented. This is a classical installation of Postfix + Amavis-new + Spamassassin + Clamav.
Prerequisite
You should have a functional Postfix server installed. If this is not the case, follow the Postfix guide.
Installation
To begin, install (see InstallingSoftware) the following packages:
sudo apt-get install amavisd-new spamassassin clamav-daemon
Install the optional packages for better spam detection (who does not want better spam detection?):
sudo apt-get install libnet-dns-perl libmail-spf-perl pyzor razor
Install these optional packages to enable better scanning of attached archive files:
sudo apt-get install arj bzip2 cabextract cpio file gzip lha nomarch pax rar unrar unzip unzoo zip zoo
Note: Ubuntu 12.04 LTS doesn't have unzoo. Ubuntu 14.04 LTS doesn't have lha. You may try to substitute lhasa.
Configuration
Clamav
The default behaviour of Clamav will fit our needs. A daemon is launched (clamd) and signatures are fetched every day. For more Clamav configuration options, check the configuration files in /etc/clamav.
Add clamav user to the amavis group and vice versa in order for Clamav to have access to scan files:
sudo adduser clamav amavis sudo adduser amavis clamav
Note: especially when driven on small cloud instances, VPS or routers there were concerns about the memory consumption. There is a good summary why virus scanning in general has a rather high memory consumption in general. An admin setting up such a solution needs to consider that ~200-350mb seem to be rather normal.
Spamassassin
As amavis is its own spamassassin-daemon (amavis uses the spamassassin libraries), there is no need in configuring or starting spamassassin. amavis will not use any running instance of spamd! Even changes in /etc/spamassassin will have no effect on the behaviour of amavis.
The use of razor and pyzormust be enabled by
# su - amavis -s /bin/bash # razor-admin -create # razor-admin -register # pyzor discover
There is no need of configuring razor or pyzor.
Amavis
First, activate spam and antivirus detection in Amavis by editing /etc/amavis/conf.d/15-content_filter_mode:
use strict; # You can modify this file to re-enable SPAM checking through spamassassin # and to re-enable antivirus checking. # # Default antivirus checking mode # Uncomment the two lines below to enable it # @bypass_virus_checks_maps = ( \%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re); # # Default SPAM checking mode # Uncomment the two lines below to enable it # @bypass_spam_checks_maps = ( \%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re); 1; # insure a defined return
After configuration Amavis needs to be restarted:
sudo /etc/init.d/amavis restart
Postfix integration
For postfix integration, you need to add the content_filter configuration variable to the Postfix configuration file /etc/postfix/main.cf. This instructs postfix to pass messages to amavis at a given IP address and port:
content_filter = smtp-amavis:[127.0.0.1]:10024
The following postconf command, run as root because of the preceding sudo command, adds the content_filter specification line above to main.cf:
sudo postconf -e "content_filter = smtp-amavis:[127.0.0.1]:10024"
Alternatively, you can manually edit main.cf yourself to add the content_filter line.
Next edit /etc/postfix/master.cf and add the following to the end of the file:
smtp-amavis unix - - - - 2 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
-o max_use=20
127.0.0.1:10025 inet n - - - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_delay_reject=no
-o smtpd_client_restrictions=permit_mynetworks,reject
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o smtpd_data_restrictions=reject_unauth_pipelining
-o smtpd_end_of_data_restrictions=
-o mynetworks=127.0.0.0/8
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o smtpd_client_connection_count_limit=0
-o smtpd_client_connection_rate_limit=0
-o receive_override_options=no_header_body_checks,no_unknown_recipient_checksAlso add the following two lines immediately below the "pickup" transport service:
-o content_filter=
-o receive_override_options=no_header_body_checksThis will prevent messages that are generated to report on spam from being classified as spam.
More information can be found from "README.postfix from amavisd-new" and "D.J.Fan"
Reload postfix:
sudo /etc/init.d/postfix reload
Now content filtering with spam and virus detection is enabled.
Test
First, test that the amavis SMTP is listening:
telnet localhost 10024 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. 220 [127.0.0.1] ESMTP amavisd-new service ready ^]
Check on your /var/log/mail.log that everything goes well. If you raise the log level, you can check every step of the content filtering: spam check, virus check, etc. Don't forget to lower the log level after your checks!
On messages that go through the content filter you should see:
X-Spam-Level: X-Virus-Scanned: Debian amavisd-new at example.com X-Spam-Status: No, hits=-2.3 tagged_above=-1000.0 required=5.0 tests=AWL, BAYES_00 X-Spam-Level:
Note: $sa_tag_level in /etc/amavis/conf.d/20-debian_defaults must be lower than spam hit rating for the header to appear on the message. For troubleshooting set $sa_tag_level to -999
Troubleshooting
If the filtering is not happening, adding the following to /etc/amavis/conf.d/50-user may help:
@local_domains_acl = ( ".$mydomain" );
If you receive mail for other domains, add them to the list. This information was obtained from the Amavis-New FAQ here.
If you see the following error in /var/log/syslog when amavisd is trying to scan a message:
amavis[30807]: (30807-01) (!!) ask_av (ClamAV-clamd) FAILED - unexpected result: /var/lib/amavis/tmp/amavis-20070615T125025-30807/parts: lstat() failed. ERROR\n
Try changing the permissions on /var/lib/amavis/tmp:
chmod -R 775 /var/lib/amavis/tmp
You can also change AllowSupplementaryGroups in /etc/clamav/clamd.conf:
AllowSupplementaryGroups true
Another way to trouble shoot errors associated with Amavisd-new, Spamassassin, Postfix, or Clamav is to restart all the services with Amavisd-new being the last one to start:
sudo /etc/init.d/postfix restart sudo /etc/init.d/spamassassin restart sudo /etc/init.d/clamav-daemon restart sudo /etc/init.d/amavis restart
Then check /var/log/mail.log and see if the error has gone away.
Note: $sa_tag_level in /etc/amavis/conf.d/20-debian_defaults must be lower than spam hit rating for the header to appear on the message. For troubleshooting set $sa_tag_level to -999
Amavis Performance
To increase the number of processes that amavisd-new uses above the default 2 edit the file /etc/amavis/conf.d/50-user inserting the line:
$max_servers = X;
above the line:
#------------ Do not modify anything below this line -------------
where X is the number of processes you wish amavis to use.
Amend the following line in /etc/postfix/master.cf with the same value for the max_procs (marked below as X)
smtp-amavis unix - - - - X smtp
Restart amavis and reload postfix's config
sudo /etc/init.d/amavis restart sudo postfix reload
You can check the configuration change has taken affect by running amavisd-nanny:
sudo amavisd-nanny
For guidance on how many processes to set this value to please see:
zcat /usr/share/doc/amavisd-new/README.performance.gz | less
and http://www.ijs.si/software/amavisd/amavisd-new-magdeburg-20050519.pdf
Note: This guide has been tested on Ubuntu 7.10 (Gutsy Gibbon), Ubuntu 10.04 LTS Server (Lucid Lynx), Ubuntu 12.04.3 LTS (Precise Pangolin), and Ubuntu 14.04.2 LTS (Trusty Tahr).