Difference between revisions of "Amavis"

From ArchWiki
Jump to navigation Jump to search
(Added missing sections. The new sections are just drafts, they need majour re-write.)
m (Fixes.)
Line 1: Line 1:
 
[[Category:Mail Server]]
 
[[Category:Mail Server]]
 
{{Stub}}
 
{{Stub}}
Amavis gives you an interface between mail servers (MTAs such as Postfix or DoveCot) and mail filters (ClamAV, SpamAssassin). In many cases it is more efficient than running separate daemons like spamd.
+
* Amavis gives you an interface between mail servers (MTAs such as Postfix or DoveCot) and mail filters (ClamAV, SpamAssassin). In many cases it is more efficient than running separate daemons like spamd.
 
+
* Have a look at the official documentation [http://www.ijs.si/software/amavisd/README.postfix.html here] .
 
==Installation & Setup==
 
==Installation & Setup==
  
Line 14: Line 14:
  
 
Some ways to check for errors:
 
Some ways to check for errors:
 
+
<pre>
# systemctl status amavisd
+
# systemctl status amavisd
# journalctl -xbo short -u amavisd
+
# journalctl -xbo short -u amavisd
 +
</pre>
  
 
===Test your configuration===
 
===Test your configuration===
Line 23: Line 24:
  
 
* To test the new configuration just telnet to the amavis listening port:
 
* To test the new configuration just telnet to the amavis listening port:
telnet 127.0.0.1 10024
+
<pre>
 +
$ telnet 127.0.0.1 10024
 +
</pre>
 +
==Postfix==
 +
 
 +
{{Expansion|todo}}
  
==Postfix==
 
 
===Quick start===
 
===Quick start===
  
Line 58: Line 63:
 
</pre>
 
</pre>
  
In this configuration we assume that postfix and amavis are running on the same machine (i.e. {{ic|127.0.0.1}}).
+
* In this configuration we assume that postfix and amavis are running on the same machine (i.e. {{ic|127.0.0.1}}).
 +
* [[Postfix]] will listen to port {{ic|10025}} so that amavis can send back checked emails to that port.
  
You also have to add other configuration in your {{ic|smtp}} or {{ic|submission}} sections:
+
* You also have to add other configuration in your {{ic|smtp}} or {{ic|submission}} sections:
 
<pre>
 
<pre>
 
   -o content_filter=amavisfeed:[127.0.0.1]:10024
 
   -o content_filter=amavisfeed:[127.0.0.1]:10024
 
</pre>
 
</pre>
  
Digest of the excellent [http://www.ijs.si/software/amavisd/README.postfix.html upstream README].
+
We can now restart postfix and amavisd:
 +
<pre>
 +
# systemctl restart postfix.service
 +
# systemctl restart amavis.service
 +
</pre>
  
 
==SpamAssassin==
 
==SpamAssassin==
  
 
{{Expansion|todo}}
 
{{Expansion|todo}}
 +
 
* If you need spamassassin support (as well as an antivirus) comment the following line in {{ic|/etc/amavis/amavis.conf}} like this:
 
* If you need spamassassin support (as well as an antivirus) comment the following line in {{ic|/etc/amavis/amavis.conf}} like this:
 
<pre>
 
<pre>

Revision as of 17:22, 23 April 2015


  • Amavis gives you an interface between mail servers (MTAs such as Postfix or DoveCot) and mail filters (ClamAV, SpamAssassin). In many cases it is more efficient than running separate daemons like spamd.
  • Have a look at the official documentation here .

Installation & Setup

  • Install amavisd-newAUR from the AUR. You'd be wise to also install optdepends such as p7zip and unrar so your filters can actually see inside compressed files.
  • Install ClamAV from the official repositories.

Configuration

If your hostname is not a FQDN, you must set $myhostname in /etc/amavisd/amavisd.conf. You probably want to set $mydomain too.

After that, you can start the amavisd service with systemctl and possibly enable it.

Some ways to check for errors:

# systemctl status amavisd
# journalctl -xbo short -u amavisd

Test your configuration

Tango-view-fullscreen.pngThis article or section needs expansion.Tango-view-fullscreen.png

Reason: todo (Discuss in Talk:Amavis#)
  • To test the new configuration just telnet to the amavis listening port:
$ telnet 127.0.0.1 10024

Postfix

Tango-view-fullscreen.pngThis article or section needs expansion.Tango-view-fullscreen.png

Reason: todo (Discuss in Talk:Amavis#)

Quick start

  • To configure amavis for Postfix add the following to /etc/postfix/master.cf :
#
# spam/virus section
#
amavisfeed      unix  -    -       n       -       2       smtp
 -o smtp_data_done_timeout=1200
 -o smtp_send_xforward_command=yes
 -o disable_dns_lookups=yes
 -o max_use=20
127.0.0.1:10025 inet n  -       y       -       -       smtpd
 -o content_filter=
 -o smtpd_delay_reject=no
 -o smtpd_client_restrictions=permit_mynetworks,reject
 -o smtpd_helo_restrictions=
 -o smtpd_sender_restrictions=
 -o smtpd_recipient_restrictions=permit_mynetworks,reject
 -o smtpd_data_restrictions=reject_unauth_pipelining
 -o smtpd_end_of_data_restrictions=
 -o smtpd_restrictions_classes=
 -o mynetworks=127.0.0.0/8
 -o smtpd_error_sleep_time=0
 -o smtpd_soft_error_limit=1001 
 -o smtpd_hard_error_limit=1000
 -o smtpd_client_connection_count_limit=0
 -o smtpd_client_connection_rate_limit=0
 -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters
 -o local_header_rewrite_clients=
  • In this configuration we assume that postfix and amavis are running on the same machine (i.e. 127.0.0.1).
  • Postfix will listen to port 10025 so that amavis can send back checked emails to that port.
  • You also have to add other configuration in your smtp or submission sections:
  -o content_filter=amavisfeed:[127.0.0.1]:10024

We can now restart postfix and amavisd:

# systemctl restart postfix.service
# systemctl restart amavis.service

SpamAssassin

Tango-view-fullscreen.pngThis article or section needs expansion.Tango-view-fullscreen.png

Reason: todo (Discuss in Talk:Amavis#)
  • If you need spamassassin support (as well as an antivirus) comment the following line in /etc/amavis/amavis.conf like this:
# @bypass_spam_checks_maps = (1);  # controls running of anti-spam code
  • Edit the SpamAssassin configuration based on your needs:
$sa_tag_level_deflt  = 1.0;  # add spam info headers if at, or above that level
$sa_tag2_level_deflt = 1.0;  # add 'spam detected' headers at that level
$sa_kill_level_deflt = 5.0;  # triggers spam evasive actions (e.g. blocks mail)
$sa_dsn_cutoff_level = 8;   # spam level beyond which a DSN is not sent
# $sa_quarantine_cutoff_level = 25; # spam level beyond which quarantine is off
$penpals_threshold_high = $sa_kill_level_deflt;  # don't waste time on hi spam
$bounce_killer_score = 100;  # spam score points to add for joe-jobbed bounces

ClamAV

Tango-view-fullscreen.pngThis article or section needs expansion.Tango-view-fullscreen.png

Reason: todo (Discuss in Talk:Amavis#)
  • Comment out the following lines in /etc/amavis/amavisd.conf like this:
# ### http://www.clamav.net/
['ClamAV-clamd',
   \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd.sock"],
   qr/\bOK$/m, qr/\bFOUND$/m,
   qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ],
# # NOTE: run clamd under the same user as amavisd - or run it under its own
# #   uid such as clamav, add user clamav to the amavis group, and then add
# #   AllowSupplementaryGroups to clamd.conf;
# # NOTE: match socket name (LocalSocket) in clamav.conf to the socket name in
# #   this entry; when running chrooted one may prefer a socket under $MYHOME.