amavisd-new is a high-performance interface between mailer (MTA) and content checkers: virus scanners, and/or SpamAssassin. It is written in Perl for maintainability, without paying a significant price for speed. It talks to MTA via (E)SMTP or LMTP, or by using helper programs. Best with Postfix, fine with dual-sendmail setup and Exim v4, works with sendmail/milter, or with any MTA as a SMTP relay. For Courier and qmail MTA integration there is a patch in the distributed package.
Step 1: Install Packages
First, make sure that amavis, spamassassin and clamav are installed. On a Debian instance, you can do this with:
Also practical to install the (optional) compression packages:
Step 2: ClamAV
The default behaviour of Clamav will fit our needs. A daemon is launched (clamd) and signatures are fetched every day. For more Clamav configuration options, check the configuration files in /etc/clamav.
Make sure the clamd service is enabled and restart it:
# systemctl enable clamd # systemctl restart clamd
Add the clamav user to the amavis group and vice versa in order for ClamAV to have access to scan files
# adduser clamav amavis # adduser amavis clamav
Step 3: Spamassassin
As amavis is its own spamassassin-daemon (amavis uses the spamassassin libraries), there is no need in configuring or starting spamassassin. amavis will not use any running instance of spamd! Even changes in /etc/spamassassin will have no effect on the behaviour of amavis.
The use of razor and pyzormust be enabled by
# su - amavis -s /bin/bash # razor-admin -create # razor-admin -register # pyzor discover
Step 4: Amavis
Edit /etc/amavis/conf.d/15-content_filter_mode to activate ClamAV and SpamAssassin:
use strict; # You can modify this file to re-enable SPAM checking through spamassassin # and to re-enable antivirus checking. # # Default antivirus checking mode # Uncomment the two lines below to enable it # @bypass_virus_checks_maps = ( \%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re); # # Default SPAM checking mode # Uncomment the two lines below to enable it # @bypass_spam_checks_maps = ( \%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re); 1; # insure a defined return
Make sure the amavis service is enabled and restart it:
# systemctl enable amavis # systemctl restart amavis
Step 5: Postfix Integration
Define the content_filter configuration in the Postfix configuration file inĀ /etc/postfix/main.cf
# postconf -e "content_filter = smtp-amavis:[127.0.0.1]:10024"
Next editĀ /etc/postfix/master.cfand add the following to the end of the file:
smtp-amavis unix - - - - 2 smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
-o max_use=20
127.0.0.1:10025 inet n - - - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_delay_reject=no
-o smtpd_client_restrictions=permit_mynetworks,reject
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o smtpd_data_restrictions=reject_unauth_pipelining
-o smtpd_end_of_data_restrictions=
-o mynetworks=127.0.0.0/8
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o smtpd_client_connection_count_limit=0
-o smtpd_client_connection_rate_limit=0
-o receive_override_options=no_header_body_checks,no_unknown_recipient_checks
Restart postfix and test the configuration by monitoring the mail log file when sending emails.
# systemctl restart postfix