From ArchWiki
Revision as of 21:59, 23 April 2015 by Frnmst (talk | contribs) (Fixes and new contents.)
Jump to navigation Jump to search

Amavis gives you an interface between mail servers (MTAs such as Postfix or Dovecot) and mail filters (ClamAV, Spamassassin). In many cases it is more efficient than running separate daemons like spamd.

Installation and Setup

  • Install amavisd-newAUR from the AUR. You'd be wise to also install optdepends such as p7zip and unrar so your filters can actually see inside compressed files.
  • Install ClamAV from the official repositories.

Basic Configuration

  • If your hostname is not a FQDN, you must set $myhostname and $mydomain accordingly in /etc/amavisd/amavisd.conf.
  • You can enable ClamAV support by commenting out the following lines like this:
# ###
   \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd.sock"],
   qr/\bOK$/m, qr/\bFOUND$/m,
   qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ],
# # NOTE: run clamd under the same user as amavisd - or run it under its own
# #   uid such as clamav, add user clamav to the amavis group, and then add
# #   AllowSupplementaryGroups to clamd.conf;
# # NOTE: match socket name (LocalSocket) in clamav.conf to the socket name in
# #   this entry; when running chrooted one may prefer a socket under $MYHOME.

After that, you can start the amavisd service with systemctl and possibly enable it:

# systemctl start amavisd.service
# systemctl enable amavisd.service

Check for errors with these commands:

# systemctl status amavisd
# journalctl -xbo short -u amavisd


  • To test the new configuration just telnet to the amavisd default listening port:
$ telnet 10024
  • You should see something like:
Connected to
Escape character is '^]'
220 [] ESMTP amavisd-new service ready
  • type ehlo
EHLO localhost
  • Now just type quit to exit.

Integration with Postfix

Quick start

  • To configure amavis for Postfix add the following to /etc/postfix/ :
# anti spam & anti virus section
amavisfeed      unix  -    -       n       -       2       smtp
 -o smtp_data_done_timeout=1200
 -o smtp_send_xforward_command=yes
 -o disable_dns_lookups=yes
 -o max_use=20 inet n  -       y       -       -       smtpd
 -o content_filter=
 -o smtpd_delay_reject=no
 -o smtpd_client_restrictions=permit_mynetworks,reject
 -o smtpd_helo_restrictions=
 -o smtpd_sender_restrictions=
 -o smtpd_recipient_restrictions=permit_mynetworks,reject
 -o smtpd_data_restrictions=reject_unauth_pipelining
 -o smtpd_end_of_data_restrictions=
 -o smtpd_restrictions_classes=
 -o mynetworks=
 -o smtpd_error_sleep_time=0
 -o smtpd_soft_error_limit=1001 
 -o smtpd_hard_error_limit=1000
 -o smtpd_client_connection_count_limit=0
 -o smtpd_client_connection_rate_limit=0
 -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters
 -o local_header_rewrite_clients=
  • In this configuration we assume that postfix and Amavis are running on the same machine (i.e. If that is not the case edit /etc/amavisd/amavisd.conf and the prevous Postfix entry accordingly.
  • Postfix will listen to port 10025 so that Amavis can send back checked emails to that port.
  • You also have to add another other configuration in your smtp or submission sections:
-o content_filter=amavisfeed:[]:10024

Using this options implies that Postfix will send emails to Amavis on port 10024, so that these can be checked. If mail passes the control then these are sent to port 10025, as explained before.

  • We can now restart postfix and amavisd:
# systemctl restart postfix.service
# systemctl restart amavis.service
  • To check that Postfix is listening on port 10025 do the same operations as the port 10024 case.

SpamAssassin support

Tango-view-fullscreen.pngThis article or section needs expansion.Tango-view-fullscreen.png

Reason: todo (Discuss in Talk:Amavis#)
  • Spamassassin is integrated in Amavis so you don't have to start spamassassin.service. To enable support for Spamassassin comment the following line in /etc/amavis/amavis.conf like this:
# @bypass_spam_checks_maps = (1);  # controls running of anti-spam code
  • Edit the SpamAssassin configuration based on your needs:
$sa_tag_level_deflt  = 1.0;  # add spam info headers if at, or above that level
$sa_tag2_level_deflt = 1.0;  # add 'spam detected' headers at that level
$sa_kill_level_deflt = 5.0;  # triggers spam evasive actions (e.g. blocks mail)
$sa_dsn_cutoff_level = 8;   # spam level beyond which a DSN is not sent
# $sa_quarantine_cutoff_level = 25; # spam level beyond which quarantine is off
$penpals_threshold_high = $sa_kill_level_deflt;  # don't waste time on hi spam
$bounce_killer_score = 100;  # spam score points to add for joe-jobbed bounces
  • Now you just need to restart amavisd service.

Final test

Tango-view-fullscreen.pngThis article or section needs expansion.Tango-view-fullscreen.png

Reason: todo (Discuss in Talk:Amavis#)

To check that everything is working all right:

  • Send a normal email.
  • Send an email with an EICAR file as attachment.
  • Send an email that would result as spam.
  • Check both Postfix and Amavis logs.

See also