$mydomain = 'example.com';

Replacing example.com with you real domain name.
If you are scanning mail for more than one domain, list them in @local_domains_maps.

< Dovecot | EmailServer | ClamAV Antivirus >

Testing

Follow the simple testing procedures listed on the amavisd website to make sure that postfix and amavisd are properly configured:

http://www.ijs.si/software/amavisd/README.postfix.html#basics_testing

The only error you may be getting is related to hte lack of antivirus, something we'll move onto now.

 -o max_use=20

Edit your /etc/aliases and append the following to send all notification emails to the existing administrator user account (see the previous DoveCot? section about creating and configuring this account).

virusalert : administrator spam.police : administrator

• http://www.ijs.si/software/amavisd/README.postfix.html

virusalert : postmaster spam.police : postmaster

It used to require some work to install Amavisd-New but it now has been included in most distributions, so installing it along with its numerous dependencies is as simple as:

1. yum -t install amavisd-new

If you want or need to install it by hand, get the latest package and have a look at

Now we need to make sure that some other optional software needed by Amavisd-New is correclty installed on our machine (they are used to extract content in archived attachments):

1. yum -t install unarj
2. yum -t install unrar
3. yum -t install cabextract
4. yum -t install

Note: if you reduced the number of amavisd processes ($max_servers) to launch, you should reflect that number in the first line above as well.

Resources

• http://www.ijs.si/software/amavisd/

Now we can use service amavisd start and stop as with any other service.

Amavisd-New White and Black lists

$final_virus_destiny = D_DISCARD;

$final_banned_destiny = D_BOUNCE;

         wsc|wsf|wsh)$'ix,

The most basic setup is to let the user deal with the spam. The good thing about that is that they can judge if there is a false positive, and can still separate the spam by using filters in their mail clients to automatically move marked spam to a local folder.
It is also preferable to do that in a newly setup system as it makes it easier to detect how good your spam catching is and tweak your system.

content_filter = smtp-amavis:[127.0.0.0]:10024

Here we tell Amavisd-New that it will be running under the amavis user account, that its home directory is /var/amavis and we tell it our domain name as well.

@local_domains_maps = ( [".$mydomain", "example2.com", "example3.com"] );

If you are scanning mail for more than one domain, list them in here.

(:source lang=Perl:) $max_servers = 5;

This tells Amavisd-New to always fork 5 children waiting for our mails. This means that, at any time, we'll be able to process 5 emails simultaneously. If you don't have much RAM, you can lower this figure to 2, but you'll have to reflect that as well in the /etc/postfix/master.cf (see below) otherwise Postif will expect 5 processes to be available.

(:source lang=Perl:) $sa_tag_level_deflt = undef; $sa_tag2_level_deflt = 6.31;

Ensures that we always get X-Spam-Status and X-Spam-Level in our email headers, whatever the spam score, that anything above a spam score (see SpamAssassin) will be flagged as spam.

(:source lang=Perl:) $sa_spam_subject_tag = '[SPAM] '; (:sourcend:) This is what will be shown in the subject of an email detected as spam.

(:source lang=Perl:) $final_virus_destiny = D_DISCARD; (:sourcend:) We will quarantine messages containing viruses so they are not delivered to the user (when our antivirus will be installed).

(:source lang=Perl:) @bypass_virus_checks_maps = (1); (:sourcend:) We also disable virus checking for now because we haven't installed the antivirus yet and Amavisd-New will not let mail through if this option is disabled and there is no Antivirus.

(:source lang=Perl:) $final_banned_destiny = D_BOUNCE; $banned_filename_re = new_RE(

  qr'\.[^./]*[A-Za-z][^./]*\.(exe|vbs|pif|scr|bat|cmd|com|cpl|dll)\.?$'i,
  qr'^application/x-msdownload$'i,                    
  qr'^application/x-msdos-program$'i,
  qr'^application/hta$'i,
  [ qr'^\.(rpm|cpio|tar)$'       => 0 ],  
  [ qr'^\.(zip|rar|arc|arj|zoo)$'=> 0 ],
  qr'.\.(exe|vbs|pif|scr|bat|cmd|com|cpl)$'i, # banned extension - basic
  qr'.\.(ade|adp|app|bas|bat|cmd|com|cpl|crt|exe|fxp|grp|hlp|hta|
         inf|ins|isp|js|jse|lnk|mda|mde|mdw|mdt|mdz|msc|msp|mst|
         ops|pcd|pif|prg|reg|scr|sct|shb|shs|vb|vbe|vbs|
         wsc|wsf|wsh)$'ix,  # banned ext - long
  qr'.\.(mim|b64|bhx|hqx|xxe|uu|uue)$'i,
  qr'^\.(exe-ms)$',                       

); (:sourcend:) Here we make sure that emails containing attachments with banned extensions get bounced. While we'll probably end up trying to bounce viruses and spam, it's better to use this option to let legitimate senders who are sending us banned attachements that their messages did not get through.

We now have a couple of choices: sending our spam to the user with the modified subject line, or quarantine the message by sending it to a special user account.

Basic setup: spam email sent to user

The most basic setup is to let the user deal with the spam. The good thing about that is that they can judge if there is a false positive, and can still separate the spam by using filters in their mail clients to automatically move marked spam to a local folder.

In /etc/amavisd.conf change the following: (:source lang=Perl:) $sa_kill_level_deflt = 10000; (:sourcend:) This will make Amavisd-New ignore any action for spam scores below this figure, which is normally beyond the highest possible spam score.

Advanced setup: quarantine to a special account

If instead of cloggin the users with spam messages we want to move them to a special user account on the server, we need to modify the following in /etc/amavisd.conf:

(:source lang=Perl:) $sa_kill_level_deflt = 6.31; $final_spam_destiny = D_DISCARD; (:sourcend:)

When Amavisd-New finds a virus or spam, it notifies you by sending an email with a report. It's a good idea to have a separate user account to receive these so you can check if there is no false positives from time to time. Don't use your own mailbox for that or you'll be swamped with these messages (or at least use mail filtering in your client to automatically separate these).

Edit your /etc/aliases and append the following to send all notification emails to the existing administrator user account: (:source lang=Perl:) virusalert : administrator spam.police : administrator (:sourcend:) Again, don't forget to rebuild the aliases database with postalias /etc/aliases.

Configuring Postfix to use Amavisd-New

Now we need to let postfix know about Amavisd-New. Postfix communicates with external programs through TCP/IP ports. This method allows a clear separation of processes and their priviledges as each is running under its own account.

Edit the /etc/postfix/master.cf file and append the following: (:source lang=:) smtp-amavis unix - - y - 5 smtp

 -o smtp_data_done_timeout=1200
 -o smtp_send_xforward_command=yes
 -o disable_dns_lookups=yes

127.0.0.1:10025 inet n - y - - smtpd

 -o content_filter=
 -o local_recipient_maps=
 -o relay_recipient_maps=
 -o smtpd_restriction_classes=
 -o smtpd_helo_restrictions=
 -o smtpd_sender_restrictions=
 -o smtpd_recipient_restrictions=permit_mynetworks,reject
 -o mynetworks=127.0.0.0/8
 -o strict_rfc821_envelopes=yes
 -o smtpd_error_sleep_time=0
 -o smtpd_soft_error_limit=1001
 -o smtpd_hard_error_limit=1000
 -o receive_override_options=no_header_body_checks

(:sourcend:)

And edit /etc/postfix/main.cf and append this definition: (:source lang=:) content_filter = smtp-amavis:127.0.0.0:10024 (:sourcend:)

White and Black lists

If you want to make sure that some addresses always get through and that some always get banned, you will need to create a white list and a black list.

(:source lang=:)

1. touch /var/amavis/white.lst
2. touch /var/amavis/black.lst
3. chown amavis.amavis -R /var/amavis/

(:sourcend:)

You need to make Amavisd-New know about those files. Edit /etc/amavisd.conf and add: (:source lang=:) @whitelist_sender_maps = read_hash("$MYHOME/white.lst"); @blacklist_sender_maps = read_hash("$MYHOME/black.lst"); (:sourcend:)

Now simply add each email address you want to unconditionnaly allow (white list)/block (black list) on a single line inside the relevant file.

Amavisd is a mail filtering interface that allows an MTA such as Postfix to talk to specialzed external add-ons such as SpamAssassin or ClamAV amongst others. On its own, it doesn't do anything useful, but it will make our anstispam and antivirus tools work well together.

1. mkdir -p /var/amavis/{tmp,var,db}

1. chmod 750 /var/amavis

1. chown amavis.amavis /var/virusmails
2. chmod 750 /var/virusmails

1. chmod 755 /usr/local/sbin/amavisd

1. chmod 644 /etc/amavisd.conf

$max_servers = 5;

$MYHOME = '/var/amavis';

smtp-amavis unix - - y - 5 smtp

OK, now we're ready to install the antispam and antivirus that will make use of Amavisd-New.

Installing Amavisd-New

Amavisd is a mail filtering interface that allows an MTA such as Postfix to talk to specialzed external add-ons such as SpamAssassin or ClamAV amongst others.

First thing to do is to add a user for running Amavisd-New:

1. useradd -c "amavisd-new daemon" -u 999 -M -s /bin/false amavis
2. mkdir -p /var/amavis/tmp
3. chown amavis.amavis -R /var/amavis
4. mkdir /var/virusmails

(:sourcend:)

We make sure that the user is unpriviledged and that its home directory is under /var/amavis and to avoid using any skeleton file, we make the home directory ourselves.

Now install Amavisd-New by doing the following from the command line (check the latest version number of Amavisd-New and replace it, this is just an example): (:source lang=:)

To manage Amavisd-New like any other service, do the following:

1. cp /usr/local/src/amavisd-new-2.3.2/amavisd_init.sh /etc/init.d/amavisd
2. chmod 744 /etc/init.d/amavisd
3. ln -s /usr/local/sbin/amavisd /usr/sbin/amavisd
4. chkconfig --add amavisd
5. chkconfig --levels 235 amavisd on

Now we can use service amavisd start@ and stop@@ as with any other service.

Since Amavisd-New is written in Perl and is built aupon the work of many other individuals, we need to install some prerequisites:

(:source lang=:)

1. perl -MCPAN -e shell

(:sourcend:)

At the Perl shell prompt, type the long line of prerequisites for Amavisd-New: (:source lang=:) cpan> install Archive::Tar Archive::Zip Compress::Zlib Convert::TNEF Convert::UUlib MIME::Base64 MIME::Parser Mail::Internet Net::Server Net::SMTP Digest::MD5 IO::Stringy Time::HiRes Unix::Syslog BerkeleyDB (:sourcend:) You can of course break that into multiple install chunks if you want.

Now we need to make sure that some other software needed by Amavisd-New is correclty installed on our machine: (:source lang=:) (:sourcend:)

Configuring Amavisd-New

Configuring Amavisd-New is simply a matter of editing its /etc/amavisd.conf and change the following: (:source lang=Perl:) $daemon_user = 'amavis'; $daemon_group = 'amavis'; $mydomain = 'example.com'; (:sourcend:)

When Amavisd-New finds a virus or spam, it notifies you by sending an email with a report. It's a good idea to have a separate user account to receive these so you can check if there is no false positives from time to time. Don't use your own mailbox for that or you'll be swamped with these messages (or at least use mail filtering in your client to automatically separate these).

Edit your /etc/aliases and append the following to send all notification emails to the existing administrator user account: (:source lang=Perl:) virusalert : administrator spam.police : administrator (:sourcend:) Again, don't forget to rebuild the aliases database with postalias /etc/aliases.

Configuring Postfix to use Amavisd-New

Now we need to let postfix know about Amavisd-New. Postfix communicates with external programs through TCP/IP ports. This method allows a clear separation of processes and their priviledges as each is running under its own account.

Edit the /etc/postfix/master.cf file and append the following: (:source lang=:) smtp-amavis unix - - y - 2 smtp

 -o smtp_data_done_timeout=1200
 -o smtp_send_xforward_command=yes
 -o disable_dns_lookups=yes

127.0.0.1:10025 inet n - y - - smtpd

 -o content_filter=
 -o local_recipient_maps=
 -o relay_recipient_maps=
 -o smtpd_restriction_classes=
 -o smtpd_helo_restrictions=
 -o smtpd_sender_restrictions=
 -o smtpd_recipient_restrictions=permit_mynetworks,reject
 -o mynetworks=127.0.0.0/8
 -o strict_rfc821_envelopes=yes
 -o smtpd_error_sleep_time=0
 -o smtpd_soft_error_limit=1001
 -o smtpd_hard_error_limit=1000
 -o receive_override_options=no_header_body_checks

(:sourcend:)

And edit /etc/postfix/main.cf and append this definition: (:source lang=:) content_filter = smtp-amavis:[localhost]:10024 (:sourcend:)

1. cd /usr/local/src/
2. wget http://www.ijs.si/software/amavisd/amavisd-new-2.3.2.tar.gz
3. tar xzvf amavisd-new-2.3.2.tar.gz
4. cd amavisd-new-2.3.2
5. cp amavisd /usr/local/sbin/
6. cp amavisd.conf /etc/

Since Amavisd-New is written in Perl and is built aupon the work of many other individuals, we need to install some prerequisites:

(:source lang=:)

1. perl -MCPAN -e shell

(:sourcend:)

(:noteblock:) Easier CPAN installation (:notecontent:) One other option that I find useful is to enable Perl to just download what it needs instead of asking me every time: when asked Policy on building prerequisites (follow, ask or ignore)? type follow instead of the default ask.
If you have made a mistake when configuring, you can restart the config by typing o conf init at the Perl shell prompt. (:noteblockend:) The first time you use this command, you will be prompted with a number of questions about your system. Just keep reading and answering, but most -if not all- of the time, just pressing Enter will use an appropriate default.
The only time you need to be careful is when selecting your geographical location and mirrors to download the modules from. Once this is done, things should be smooth.

This page is part of the EmailServer article.

Amavisd-New

Do the following from the command line (check the latest version number of Amavisd-New and replace it, this is just an example): (:source lang=:) cd /usr/local/src/ wget http://www.ijs.si/software/amavisd/amavisd-new-2.3.2.tar.gz tar xzvf amavisd-new-2.3.2.tar.gz cd amavisd-new-2.3.2 cp amavisd /usr/local/sbin/ cp amavisd.conf /etc/ (:sourcend:)

< Dovecot | EmailServer | SpamAssassin >

(:comments:)