Updated: 10/23/2003
Adapted from README.postfix for ISPMan 0.9.7 on Debian 3.0/Stable by wasson@azxws.com
Author of README.postfix: Mark Martinec <Mark.Martinec@ijs.si>
amavisd-new gives an easy way to add spam tagging and virus filtering to an email server. Amavis-new has built in support for many virus scanners (commercial and open-source) and Spam Assassin. These instructions worked for me, your mileage may vary. Standard disclaimers apply.1. If you're using Debian Stable 3.0, amavisd isn't in the stable branch. You can work around this in either of these ways: (I used option A, probably out of habit). if you're using some other distribution get amavisd-new installed either from source or some packages for your distro.
A) Visit http://packages.debian.org and download the needed packages and dependencies
Put all the deb files on the server
LIST OF FILES: http://packages.debian.org/testing/mail/amavisd-new.html
'dpkg -i' install them, if you get stuck 'dpkg -r' the package and try again.
B) Edit /etc/apt/sources.list and add a testing source (this will update libc6 and a bunch of stuff)
"apt-get update;apt-get install amavisd-new spamassassin clamav-daemon"
when done, remove the testing source.I installed spam assassin using dh-make-perl to grab it from CPAN, like so:
apt-get install dh-make-perl dh-make-perl --build --install --cpan Mail::Spamassassin
NOTE: DEBUGGING amavisd
# su - amavisd (Debian creates this automagically) $ /usr/local/sbin/amavisd debug LIST OF DEB PACKAGES file libmime-perl libconvert-tnef-perl libconvert-uulib-perl libcompress-zlib-perl libarchive-tar-perl libarchive-zip-perl libmailtools-perl libunix-syslog-perl libnet-perl libnet-server-perl libmime-base64-perl spamassassin clamav clamav-daemon lha arj unrar zoo nomarch cpio lzop
2) After installation edit amavisd.conf like so:
#Use this line if you are doing this for all ISPMan domains read_hash(\%local_domains, '/etc/postfix/local_domains'); #If you want people to know they got sent a virus, uncomment this #NOT A GOOD IDEA DURING A MICROSOFT VIRUS STORM #$warnvirusrecip = 1; #Make sure these addresses work for your site #or just comment them out $virus_admin = "virusalert\@$mydomain"; $spam_admin = "spamalert\@$mydomain"; $virus_quarantine_to = 'virus-quarantine'; $spam_quarantine_to = 'spam-quarantine';
If you like, customize text file in /var/amavis/ with proper notification info (like abuse@ spam@ virus@ addresses)
3) Verify amavisd is listening on a local SMTP port 10024 (default):
--> $ telnet 127.0.0.1 10024 Trying 127.0.0.1... Connected to 127.0.0.1. Escape character is '^]'. 220 [127.0.0.1] ESMTP amavisd-new service ready --> quit 221 Bye Connection closed by foreign host.
4) Configure spam assassin
Edit /etc/defaults/spamassassin and set ENABLED=1 hup spamassassin (it listens on port 783)
5) Configure clamav
Nothing to do for Debian, but make sure it is running and schedule virus definition updates
6) With a text editor add to the Postfix master.cf file the following two entries, e.g. near the end of the file:
(YOU COULD USE LMTP FOR THIS, IF YOUR POSTFIX IS NEW ENOUGH) smtp-amavis unix - - n - 2 smtp -o smtp_data_done_timeout=1200 -o disable_dns_lookups=yes 127.0.0.1:10025 inet n - n - - smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_client_restrictions= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks=127.0.0.0/8 -o strict_rfc821_envelopes=yes
Of all the options specified above in the second entry, the one that is essential is the '-o content_filter=' .
Check the other (normal) smtp and smtpd postfix services in this file and use the same setting here for the chroot 'y/n'.
7) Do a 'postfix reload', check the log file for any complaints, and verify if it is listening on port 10025.
--> $ telnet 127.0.0.1 10025 Trying 127.0.0.1... Connected to 127.0.0.1. Escape character is '^]'. 220 yourhost.example.com ESMTP Postfix --> quit 221 Bye Connection closed by foreign host.
8) If you want, simulate a mail sent to amavisd and see if it gets delivered via Postfix to its recipient. Try first with a simple and clean message, then with an EICAR test virus pattern and a GTUBE spam pattern.
--> $ telnet 127.0.0.1 10024 Trying 127.0.0.1... Connected to 127.0.0.1. Escape character is '^]'. 220 [127.0.0.1] ESMTP amavisd-new service ready --> MAIL FROM:<test@example.com> 250 2.1.0 Sender test@example.com OK --> RCPT TO:<postmaster> 250 2.1.5 Recipient postmaster OK --> DATA 354 End data with <CR><LF>.<CR><LF> --> Subject: test1 --> --> test1 --> .
EICAR Test Pattern
*** 250 2.6.0 Ok, id=31859-01, from MTA: 250 Ok: queued as 90B7F16F --> MAIL FROM:<test@example.com> 250 2.1.0 Sender test@example.com OK --> RCPT TO:<postmaster> 250 2.1.5 Recipient postmaster OK --> DATA 354 End data with <CR><LF>.<CR><LF> --> Subject: test2 - virus test pattern --> --> X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H* --> .
you should get one of the following replies, depending on your $final_virus_destiny and *virus_lovers* settings in amavisd.conf:
550 5.7.1 Message content rejected, id=16968-01 - VIRUS: EICAR-AV-Test
250 2.5.0 Ok, but 1 BOUNCE
250 2.7.1 Ok, discarded, id=16984-01 - VIRUS: EICAR-AV-Test
250 2.6.0 Ok, id=17041-01, from MTA: 250 Ok: queued as 3F1841A5F5
--> QUIT 221 2.0.0 [127.0.0.1] (amavisd) closing transmission channel Connection closed by foreign host.
You may need/want to use different sender and recipient addresses. The test pattern must be entered exactly, starting at the beginning of the line (without indentation).
Depending on the settings in amavisd.conf, the sender (test@example.com) and the virus administrator should have been sent a (non-)delivery status notification, the second message quarantined, and the first message must have been successfully delivered to the recipient. See the log that is scrolling on the terminal (as setup at step 1) and check for possible problems.
GTUBE Spam Test Pattern
*** 250 2.6.0 Ok, id=31859-01, from MTA: 250 Ok: queued as 90B7F16F --> MAIL FROM:<test@example.com> 250 2.1.0 Sender test@example.com OK --> RCPT TO:<postmaster> 250 2.1.5 Recipient postmaster OK --> DATA 354 End data with <CR><LF>.<CR><LF> --> Subject: test3 – GTUBE spam test pattern -->XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X With default settings this will get bounce/rejected by amavisd. Increase the spam kill level
9) Tell Postfix to start forwarding all mail it receives to amavisd-new for content inspection.
Add this line to /etc/postfix/main.cf content_filter = smtp-amavis:[127.0.0.1]:10024
10) Do a 'postfix reload' and watch the logs - both the Postfix logs, and the amavisd log file (on the screen or wherever you have it directed).
If you get in trouble, you only need to undo the step 9 and reload postfix. New mail will no longer be tagged with content filter routing.
NOTE: the messages that have been received while 'content_filter' was set, will still try to get delivered to your old setting of content_filter, and will wait in the queue until successful or deleted - or until you do: postsuper -r ALL; postfix reload
Postfix (25) -> Amavisd (10024) -> Postfix#2 (10025) -> Cyrus
| ^
\ / |
Spam Assassin (783)
1) Mail comes to port 25 (postfix)