特殊:Badtitle/NS100:PostfixAmavisNew:修订间差异
小无编辑摘要 |
小无编辑摘要 |
||
第2行: | 第2行: | ||
{{Languages|UbuntuHelp:PostfixAmavisNew}} | {{Languages|UbuntuHelp:PostfixAmavisNew}} | ||
== Introduction == | == Introduction == | ||
In this howto, Postfix integration with amavis-new will be presented. Amavis-new is a wrapper that can call any number of content filtering programs for spam detection, antivirus, etc. In this howto, integration with Spamassassin and Clamav will be presented. This is a classical installation of Postfix + Amavis-new + Spamassassin + Clamav. | In this howto, Postfix integration with amavis-new will be presented. Amavis-new is a wrapper that can call any number of content filtering programs for spam detection, antivirus, etc. In this howto, integration with Spamassassin and Clamav will be presented. This is a classical installation of Postfix + Amavis-new + Spamassassin + Clamav. | ||
Please note that the packages <code><nowiki>amavisd-new</nowiki></code>, <code><nowiki>clamav</nowiki></code>, <code><nowiki>spamassassin</nowiki></code> are part of the [[UbuntuHelp:UniversePackages]]. That means they will not receive security support from Canonical. You have been warned. | Please note that the packages <code><nowiki>amavisd-new</nowiki></code>, <code><nowiki>clamav</nowiki></code>, <code><nowiki>spamassassin</nowiki></code> are part of the [[UbuntuHelp:UniversePackages]]. That means they will not receive security support from Canonical. You have been warned. | ||
== Prerequisite == | == Prerequisite == | ||
You should have a functional Postfix server installed. If this is not the case, follow the [[UbuntuHelp:Postfix]] guide. | You should have a functional Postfix server installed. If this is not the case, follow the [[UbuntuHelp:Postfix]] guide. | ||
== Installation == | == Installation == | ||
Activate Universe and Multiverse repositories. Just follow this howto: [[UbuntuHelp:AddingRepositoriesHowto]]. We explain why Universe is needed in the introduction; multiverse will be necessary for some compress/uncompress utils. | Activate Universe and Multiverse repositories. Just follow this howto: [[UbuntuHelp:AddingRepositoriesHowto]]. We explain why Universe is needed in the introduction; multiverse will be necessary for some compress/uncompress utils. | ||
To begin, install (see InstallingSoftware) the following packages: | To begin, install (see InstallingSoftware) the following packages: | ||
<pre><nowiki> | <pre><nowiki> | ||
sudo apt-get install amavisd-new spamassassin clamav-daemon | sudo apt-get install amavisd-new spamassassin clamav-daemon | ||
</nowiki></pre> | </nowiki></pre> | ||
Install the optional packages for better spam detection (who does not want better spam detection?): | Install the optional packages for better spam detection (who does not want better spam detection?): | ||
<pre><nowiki> | <pre><nowiki> | ||
sudo apt-get install libnet-dns-perl libmail-spf-query-perl pyzor razor | sudo apt-get install libnet-dns-perl libmail-spf-query-perl pyzor razor | ||
</nowiki></pre> | </nowiki></pre> | ||
Install some compress/uncompress utils. Install the following packages: | Install some compress/uncompress utils. Install the following packages: | ||
<pre><nowiki> | <pre><nowiki> | ||
sudo apt-get install arj bzip2 cabextract cpio file gzip lha nomarch pax rar unrar unzip unzoo zip zoo | sudo apt-get install arj bzip2 cabextract cpio file gzip lha nomarch pax rar unrar unzip unzoo zip zoo | ||
</nowiki></pre> | </nowiki></pre> | ||
== Configuration == | == Configuration == | ||
=== Clamav === | === Clamav === | ||
The default behaviour of Clamav will fit our needs. A daemon is launched (clamd) and signatures are fetched every day. For more Clamav configuration options, check the configuration files in <code><nowiki>/etc/clamav</nowiki></code>. | The default behaviour of Clamav will fit our needs. A daemon is launched (clamd) and signatures are fetched every day. For more Clamav configuration options, check the configuration files in <code><nowiki>/etc/clamav</nowiki></code>. | ||
Add <code><nowiki>clamav</nowiki></code> user to the <code><nowiki>amavis</nowiki></code> group in order for Clamav to have access to scan files: | Add <code><nowiki>clamav</nowiki></code> user to the <code><nowiki>amavis</nowiki></code> group in order for Clamav to have access to scan files: | ||
<pre><nowiki> | <pre><nowiki> | ||
sudo adduser clamav amavis | sudo adduser clamav amavis | ||
</nowiki></pre> | </nowiki></pre> | ||
=== Spamassassin === | === Spamassassin === | ||
Spamasssassin autodetects optional components and will use them if they are present. This means that there is no need to configure <code><nowiki>dcc-client</nowiki></code>, <code><nowiki>pyzor</nowiki></code> and <code><nowiki>razor</nowiki></code>. | Spamasssassin autodetects optional components and will use them if they are present. This means that there is no need to configure <code><nowiki>dcc-client</nowiki></code>, <code><nowiki>pyzor</nowiki></code> and <code><nowiki>razor</nowiki></code>. | ||
The fine tuning of Spamassassin rules is beyond the scope of this guide. Please refer to the [[UbuntuHelp:Spamassassin]] page. | The fine tuning of Spamassassin rules is beyond the scope of this guide. Please refer to the [[UbuntuHelp:Spamassassin]] page. | ||
Edit <code><nowiki>/etc/default/spamassassin</nowiki></code> to activate the Spamassassin daemon change ''ENABLED=0'' to: | Edit <code><nowiki>/etc/default/spamassassin</nowiki></code> to activate the Spamassassin daemon change ''ENABLED=0'' to: | ||
<pre><nowiki> | <pre><nowiki> | ||
ENABLED=1 | ENABLED=1 | ||
</nowiki></pre> | </nowiki></pre> | ||
Now start Spamassassin: | Now start Spamassassin: | ||
<pre><nowiki> | <pre><nowiki> | ||
sudo /etc/init.d/spamassassin start | sudo /etc/init.d/spamassassin start | ||
</nowiki></pre> | </nowiki></pre> | ||
=== Amavis === | === Amavis === | ||
First, activate spam and antivirus detection in Amavis by editing <code><nowiki>/etc/amavis/conf.d/15-content_filter_mode</nowiki></code>: | First, activate spam and antivirus detection in Amavis by editing <code><nowiki>/etc/amavis/conf.d/15-content_filter_mode</nowiki></code>: | ||
<pre><nowiki> | <pre><nowiki> | ||
use strict; | use strict; | ||
# You can modify this file to re-enable SPAM checking through spamassassin | # You can modify this file to re-enable SPAM checking through spamassassin | ||
# and to re-enable antivirus checking. | # and to re-enable antivirus checking. | ||
# | # | ||
# Default antivirus checking mode | # Default antivirus checking mode | ||
# Uncomment the two lines below to enable it | # Uncomment the two lines below to enable it | ||
# | # | ||
@bypass_virus_checks_maps = ( | @bypass_virus_checks_maps = ( | ||
\%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re); | \%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re); | ||
# | # | ||
# Default SPAM checking mode | # Default SPAM checking mode | ||
# Uncomment the two lines below to enable it | # Uncomment the two lines below to enable it | ||
# | # | ||
@bypass_spam_checks_maps = ( | @bypass_spam_checks_maps = ( | ||
\%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re); | \%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re); | ||
1; # insure a defined return | 1; # insure a defined return | ||
</nowiki></pre> | </nowiki></pre> | ||
Bouncing spam can be a bad idea as the return address is often faked, so it may have your server put on a blacklist. Consider editing <code><nowiki>/etc/amavis/conf.d/20-debian_defaults</nowiki></code> to set $final_spam_destiny to D_DISCARD rather than D_BOUNCE, as follows: | Bouncing spam can be a bad idea as the return address is often faked, so it may have your server put on a blacklist. Consider editing <code><nowiki>/etc/amavis/conf.d/20-debian_defaults</nowiki></code> to set $final_spam_destiny to D_DISCARD rather than D_BOUNCE, as follows: | ||
<pre><nowiki> | <pre><nowiki> | ||
$final_spam_destiny = D_DISCARD; | $final_spam_destiny = D_DISCARD; | ||
</nowiki></pre> | </nowiki></pre> | ||
After configuration Amavis needs to be restarted: | After configuration Amavis needs to be restarted: | ||
<pre><nowiki> | <pre><nowiki> | ||
sudo /etc/init.d/amavis restart | sudo /etc/init.d/amavis restart | ||
</nowiki></pre> | </nowiki></pre> | ||
=== Postfix integration === | === Postfix integration === | ||
For postfix integration, you only need to edit <code><nowiki>/etc/postfix/main.cf</nowiki></code> and add the following line: | For postfix integration, you only need to edit <code><nowiki>/etc/postfix/main.cf</nowiki></code> and add the following line: | ||
<pre><nowiki> | <pre><nowiki> | ||
content_filter = smtp-amavis:[127.0.0.1]:10024 | content_filter = smtp-amavis:[127.0.0.1]:10024 | ||
</nowiki></pre> | </nowiki></pre> | ||
Next edit <code><nowiki>/etc/postfix/master.cf</nowiki></code> and add the following to the end of the file: | Next edit <code><nowiki>/etc/postfix/master.cf</nowiki></code> and add the following to the end of the file: | ||
<pre><nowiki> | <pre><nowiki> | ||
第114行: | 第78行: | ||
-o disable_dns_lookups=yes | -o disable_dns_lookups=yes | ||
-o max_use=20 | -o max_use=20 | ||
127.0.0.1:10025 inet n - - - - smtpd | 127.0.0.1:10025 inet n - - - - smtpd | ||
-o content_filter= | -o content_filter= | ||
第135行: | 第98行: | ||
-o receive_override_options=no_header_body_checks,no_unknown_recipient_checks | -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks | ||
</nowiki></pre> | </nowiki></pre> | ||
Also add the following two lines immediately below the "pickup" transport service: | Also add the following two lines immediately below the "pickup" transport service: | ||
<pre><nowiki> | <pre><nowiki> | ||
第142行: | 第104行: | ||
</nowiki></pre> | </nowiki></pre> | ||
This will prevent messages that are generated to report on spam from being classified as spam. | This will prevent messages that are generated to report on spam from being classified as spam. | ||
More information can be found from [http://www.ijs.si/software/amavisd/README.postfix.txt "README.postfix from amavisd-new"] and [http://www200.pair.com/mecham/spam/spamfilter20060701.html "D.J.Fan"] | More information can be found from [http://www.ijs.si/software/amavisd/README.postfix.txt "README.postfix from amavisd-new"] and [http://www200.pair.com/mecham/spam/spamfilter20060701.html "D.J.Fan"] | ||
Reload postfix: | Reload postfix: | ||
<pre><nowiki> | <pre><nowiki> | ||
sudo /etc/init.d/postfix reload | sudo /etc/init.d/postfix reload | ||
</nowiki></pre> | </nowiki></pre> | ||
Now content filtering with spam and virus detection is enabled. | Now content filtering with spam and virus detection is enabled. | ||
== Test == | == Test == | ||
First, test that the amavis SMTP is listening: | First, test that the amavis SMTP is listening: | ||
<pre><nowiki> | <pre><nowiki> | ||
第164行: | 第120行: | ||
^] | ^] | ||
</nowiki></pre> | </nowiki></pre> | ||
Check on your <code><nowiki>/var/log/mail.log</nowiki></code> that everything goes well. If you raise the log level, you can check every step of the content filtering: spam check, virus check, etc. Don't forget to lower the log level after your checks! | Check on your <code><nowiki>/var/log/mail.log</nowiki></code> that everything goes well. If you raise the log level, you can check every step of the content filtering: spam check, virus check, etc. Don't forget to lower the log level after your checks! | ||
On messages that go through the content filter you should see: | On messages that go through the content filter you should see: | ||
<pre><nowiki> | <pre><nowiki> | ||
第174行: | 第128行: | ||
X-Spam-Level: | X-Spam-Level: | ||
</nowiki></pre> | </nowiki></pre> | ||
== Troubleshooting == | == Troubleshooting == | ||
If the filtering is not happening, adding the following to <code><nowiki>/etc/amavis/conf.d/50-user</nowiki></code> may help: | If the filtering is not happening, adding the following to <code><nowiki>/etc/amavis/conf.d/50-user</nowiki></code> may help: | ||
<pre><nowiki> | <pre><nowiki> | ||
@local_domains_acl = ( ".$mydomain" ); | @local_domains_acl = ( ".$mydomain" ); | ||
</nowiki></pre> | </nowiki></pre> | ||
If you receive mail for other domains, add them to the list. This information was obtained from the Amavis-New FAQ [http://www.ijs.si/software/amavisd/#faq-spam here]. | If you receive mail for other domains, add them to the list. This information was obtained from the Amavis-New FAQ [http://www.ijs.si/software/amavisd/#faq-spam here]. | ||
If you see the following error in /var/log/syslog when amavisd is trying to scan a message: | If you see the following error in /var/log/syslog when amavisd is trying to scan a message: | ||
<code><nowiki>amavis[30807]: (30807-01) (!!) ask_av (ClamAV-clamd) FAILED - unexpected result: /var/lib/amavis/tmp/amavis-20070615T125025-30807/parts: lstat() failed. ERROR\n</nowiki></code> | <code><nowiki>amavis[30807]: (30807-01) (!!) ask_av (ClamAV-clamd) FAILED - unexpected result: /var/lib/amavis/tmp/amavis-20070615T125025-30807/parts: lstat() failed. ERROR\n</nowiki></code> | ||
Try changing the permissions on <code><nowiki>/var/lib/amavis/tmp</nowiki></code>: | Try changing the permissions on <code><nowiki>/var/lib/amavis/tmp</nowiki></code>: | ||
<pre><nowiki> | <pre><nowiki> | ||
chmod -R 775 /var/lib/amavis/tmp | chmod -R 775 /var/lib/amavis/tmp | ||
</nowiki></pre> | </nowiki></pre> | ||
Another way to trouble shoot errors associated with Amavisd-new, Spamassassin, Postfix, or Clamav is to restart all the services with Amavisd-new being the last one to start: | Another way to trouble shoot errors associated with Amavisd-new, Spamassassin, Postfix, or Clamav is to restart all the services with Amavisd-new being the last one to start: | ||
<pre><nowiki> | <pre><nowiki> | ||
第202行: | 第147行: | ||
sudo /etc/init.d/amavis restart | sudo /etc/init.d/amavis restart | ||
</nowiki></pre> | </nowiki></pre> | ||
Then check <code><nowiki>/var/log/mail.log</nowiki></code> and see if the error has gone away. | Then check <code><nowiki>/var/log/mail.log</nowiki></code> and see if the error has gone away. | ||
<br> | <br> | ||
'''Note:''' This guide has been tested on Ubuntu 7.10 (Gutsy Gibbon). | '''Note:''' This guide has been tested on Ubuntu 7.10 (Gutsy Gibbon). |
2007年11月30日 (五) 21:05的版本
文章出处: |
{{#if: | {{{2}}} | https://help.ubuntu.com/community/PostfixAmavisNew }} |
点击翻译: |
English {{#ifexist: {{#if: UbuntuHelp:PostfixAmavisNew | UbuntuHelp:PostfixAmavisNew | {{#if: | :}}PostfixAmavisNew}}/af | • {{#if: UbuntuHelp:PostfixAmavisNew|Afrikaans| [[::PostfixAmavisNew/af|Afrikaans]]}}|}} {{#ifexist: {{#if: UbuntuHelp:PostfixAmavisNew | UbuntuHelp:PostfixAmavisNew | {{#if: | :}}PostfixAmavisNew}}/ar | • {{#if: UbuntuHelp:PostfixAmavisNew|العربية| [[::PostfixAmavisNew/ar|العربية]]}}|}} {{#ifexist: {{#if: UbuntuHelp:PostfixAmavisNew | UbuntuHelp:PostfixAmavisNew | {{#if: | :}}PostfixAmavisNew}}/az | • {{#if: UbuntuHelp:PostfixAmavisNew|azərbaycanca| [[::PostfixAmavisNew/az|azərbaycanca]]}}|}} {{#ifexist: {{#if: UbuntuHelp:PostfixAmavisNew | UbuntuHelp:PostfixAmavisNew | {{#if: | :}}PostfixAmavisNew}}/bcc | • {{#if: UbuntuHelp:PostfixAmavisNew|جهلسری بلوچی| [[::PostfixAmavisNew/bcc|جهلسری بلوچی]]}}|}} {{#ifexist: {{#if: UbuntuHelp:PostfixAmavisNew | UbuntuHelp:PostfixAmavisNew | {{#if: | :}}PostfixAmavisNew}}/bg | • {{#if: UbuntuHelp:PostfixAmavisNew|български| [[::PostfixAmavisNew/bg|български]]}}|}} {{#ifexist: {{#if: UbuntuHelp:PostfixAmavisNew | UbuntuHelp:PostfixAmavisNew | {{#if: | :}}PostfixAmavisNew}}/br | • {{#if: UbuntuHelp:PostfixAmavisNew|brezhoneg| [[::PostfixAmavisNew/br|brezhoneg]]}}|}} {{#ifexist: {{#if: UbuntuHelp:PostfixAmavisNew | UbuntuHelp:PostfixAmavisNew | {{#if: | :}}PostfixAmavisNew}}/ca | • {{#if: UbuntuHelp:PostfixAmavisNew|català| [[::PostfixAmavisNew/ca|català]]}}|}} {{#ifexist: {{#if: UbuntuHelp:PostfixAmavisNew | UbuntuHelp:PostfixAmavisNew | {{#if: | :}}PostfixAmavisNew}}/cs | • {{#if: UbuntuHelp:PostfixAmavisNew|čeština| [[::PostfixAmavisNew/cs|čeština]]}}|}} {{#ifexist: {{#if: UbuntuHelp:PostfixAmavisNew | UbuntuHelp:PostfixAmavisNew | {{#if: | :}}PostfixAmavisNew}}/de | • {{#if: UbuntuHelp:PostfixAmavisNew|Deutsch| [[::PostfixAmavisNew/de|Deutsch]]}}|}} {{#ifexist: {{#if: UbuntuHelp:PostfixAmavisNew | UbuntuHelp:PostfixAmavisNew | {{#if: | :}}PostfixAmavisNew}}/el | • {{#if: UbuntuHelp:PostfixAmavisNew|Ελληνικά| [[::PostfixAmavisNew/el|Ελληνικά]]}}|}} {{#ifexist: {{#if: UbuntuHelp:PostfixAmavisNew | UbuntuHelp:PostfixAmavisNew | {{#if: | :}}PostfixAmavisNew}}/es | • {{#if: UbuntuHelp:PostfixAmavisNew|español| [[::PostfixAmavisNew/es|español]]}}|}} {{#ifexist: {{#if: UbuntuHelp:PostfixAmavisNew | UbuntuHelp:PostfixAmavisNew | {{#if: | :}}PostfixAmavisNew}}/fa | • {{#if: UbuntuHelp:PostfixAmavisNew|فارسی| [[::PostfixAmavisNew/fa|فارسی]]}}|}} {{#ifexist: {{#if: UbuntuHelp:PostfixAmavisNew | UbuntuHelp:PostfixAmavisNew | {{#if: | :}}PostfixAmavisNew}}/fi | • {{#if: UbuntuHelp:PostfixAmavisNew|suomi| [[::PostfixAmavisNew/fi|suomi]]}}|}} {{#ifexist: {{#if: UbuntuHelp:PostfixAmavisNew | UbuntuHelp:PostfixAmavisNew | {{#if: | :}}PostfixAmavisNew}}/fr | • {{#if: UbuntuHelp:PostfixAmavisNew|français| [[::PostfixAmavisNew/fr|français]]}}|}} {{#ifexist: {{#if: UbuntuHelp:PostfixAmavisNew | UbuntuHelp:PostfixAmavisNew | {{#if: | :}}PostfixAmavisNew}}/gu | • {{#if: UbuntuHelp:PostfixAmavisNew|ગુજરાતી| [[::PostfixAmavisNew/gu|ગુજરાતી]]}}|}} {{#ifexist: {{#if: UbuntuHelp:PostfixAmavisNew | UbuntuHelp:PostfixAmavisNew | {{#if: | :}}PostfixAmavisNew}}/he | • {{#if: UbuntuHelp:PostfixAmavisNew|עברית| [[::PostfixAmavisNew/he|עברית]]}}|}} {{#ifexist: {{#if: UbuntuHelp:PostfixAmavisNew | UbuntuHelp:PostfixAmavisNew | {{#if: | :}}PostfixAmavisNew}}/hu | • {{#if: UbuntuHelp:PostfixAmavisNew|magyar| [[::PostfixAmavisNew/hu|magyar]]}}|}} {{#ifexist: {{#if: UbuntuHelp:PostfixAmavisNew | UbuntuHelp:PostfixAmavisNew | {{#if: | :}}PostfixAmavisNew}}/id | • {{#if: UbuntuHelp:PostfixAmavisNew|Bahasa Indonesia| [[::PostfixAmavisNew/id|Bahasa Indonesia]]}}|}} {{#ifexist: {{#if: UbuntuHelp:PostfixAmavisNew | UbuntuHelp:PostfixAmavisNew | {{#if: | :}}PostfixAmavisNew}}/it | • {{#if: UbuntuHelp:PostfixAmavisNew|italiano| [[::PostfixAmavisNew/it|italiano]]}}|}} {{#ifexist: {{#if: UbuntuHelp:PostfixAmavisNew | UbuntuHelp:PostfixAmavisNew | {{#if: | :}}PostfixAmavisNew}}/ja | • {{#if: UbuntuHelp:PostfixAmavisNew|日本語| [[::PostfixAmavisNew/ja|日本語]]}}|}} {{#ifexist: {{#if: UbuntuHelp:PostfixAmavisNew | UbuntuHelp:PostfixAmavisNew | {{#if: | :}}PostfixAmavisNew}}/ko | • {{#if: UbuntuHelp:PostfixAmavisNew|한국어| [[::PostfixAmavisNew/ko|한국어]]}}|}} {{#ifexist: {{#if: UbuntuHelp:PostfixAmavisNew | UbuntuHelp:PostfixAmavisNew | {{#if: | :}}PostfixAmavisNew}}/ksh | • {{#if: UbuntuHelp:PostfixAmavisNew|Ripoarisch| [[::PostfixAmavisNew/ksh|Ripoarisch]]}}|}} {{#ifexist: {{#if: UbuntuHelp:PostfixAmavisNew | UbuntuHelp:PostfixAmavisNew | {{#if: | :}}PostfixAmavisNew}}/mr | • {{#if: UbuntuHelp:PostfixAmavisNew|मराठी| [[::PostfixAmavisNew/mr|मराठी]]}}|}} {{#ifexist: {{#if: UbuntuHelp:PostfixAmavisNew | UbuntuHelp:PostfixAmavisNew | {{#if: | :}}PostfixAmavisNew}}/ms | • {{#if: UbuntuHelp:PostfixAmavisNew|Bahasa Melayu| [[::PostfixAmavisNew/ms|Bahasa Melayu]]}}|}} {{#ifexist: {{#if: UbuntuHelp:PostfixAmavisNew | UbuntuHelp:PostfixAmavisNew | {{#if: | :}}PostfixAmavisNew}}/nl | • {{#if: UbuntuHelp:PostfixAmavisNew|Nederlands| [[::PostfixAmavisNew/nl|Nederlands]]}}|}} {{#ifexist: {{#if: UbuntuHelp:PostfixAmavisNew | UbuntuHelp:PostfixAmavisNew | {{#if: | :}}PostfixAmavisNew}}/no | • {{#if: UbuntuHelp:PostfixAmavisNew|norsk| [[::PostfixAmavisNew/no|norsk]]}}|}} {{#ifexist: {{#if: UbuntuHelp:PostfixAmavisNew | UbuntuHelp:PostfixAmavisNew | {{#if: | :}}PostfixAmavisNew}}/oc | • {{#if: UbuntuHelp:PostfixAmavisNew|occitan| [[::PostfixAmavisNew/oc|occitan]]}}|}} {{#ifexist: {{#if: UbuntuHelp:PostfixAmavisNew | UbuntuHelp:PostfixAmavisNew | {{#if: | :}}PostfixAmavisNew}}/pl | • {{#if: UbuntuHelp:PostfixAmavisNew|polski| [[::PostfixAmavisNew/pl|polski]]}}|}} {{#ifexist: {{#if: UbuntuHelp:PostfixAmavisNew | UbuntuHelp:PostfixAmavisNew | {{#if: | :}}PostfixAmavisNew}}/pt | • {{#if: UbuntuHelp:PostfixAmavisNew|português| [[::PostfixAmavisNew/pt|português]]}}|}} {{#ifexist: {{#if: UbuntuHelp:PostfixAmavisNew | UbuntuHelp:PostfixAmavisNew | {{#if: | :}}PostfixAmavisNew}}/ro | • {{#if: UbuntuHelp:PostfixAmavisNew|română| [[::PostfixAmavisNew/ro|română]]}}|}} {{#ifexist: {{#if: UbuntuHelp:PostfixAmavisNew | UbuntuHelp:PostfixAmavisNew | {{#if: | :}}PostfixAmavisNew}}/ru | • {{#if: UbuntuHelp:PostfixAmavisNew|русский| [[::PostfixAmavisNew/ru|русский]]}}|}} {{#ifexist: {{#if: UbuntuHelp:PostfixAmavisNew | UbuntuHelp:PostfixAmavisNew | {{#if: | :}}PostfixAmavisNew}}/si | • {{#if: UbuntuHelp:PostfixAmavisNew|සිංහල| [[::PostfixAmavisNew/si|සිංහල]]}}|}} {{#ifexist: {{#if: UbuntuHelp:PostfixAmavisNew | UbuntuHelp:PostfixAmavisNew | {{#if: | :}}PostfixAmavisNew}}/sq | • {{#if: UbuntuHelp:PostfixAmavisNew|shqip| [[::PostfixAmavisNew/sq|shqip]]}}|}} {{#ifexist: {{#if: UbuntuHelp:PostfixAmavisNew | UbuntuHelp:PostfixAmavisNew | {{#if: | :}}PostfixAmavisNew}}/sr | • {{#if: UbuntuHelp:PostfixAmavisNew|српски / srpski| [[::PostfixAmavisNew/sr|српски / srpski]]}}|}} {{#ifexist: {{#if: UbuntuHelp:PostfixAmavisNew | UbuntuHelp:PostfixAmavisNew | {{#if: | :}}PostfixAmavisNew}}/sv | • {{#if: UbuntuHelp:PostfixAmavisNew|svenska| [[::PostfixAmavisNew/sv|svenska]]}}|}} {{#ifexist: {{#if: UbuntuHelp:PostfixAmavisNew | UbuntuHelp:PostfixAmavisNew | {{#if: | :}}PostfixAmavisNew}}/th | • {{#if: UbuntuHelp:PostfixAmavisNew|ไทย| [[::PostfixAmavisNew/th|ไทย]]}}|}} {{#ifexist: {{#if: UbuntuHelp:PostfixAmavisNew | UbuntuHelp:PostfixAmavisNew | {{#if: | :}}PostfixAmavisNew}}/tr | • {{#if: UbuntuHelp:PostfixAmavisNew|Türkçe| [[::PostfixAmavisNew/tr|Türkçe]]}}|}} {{#ifexist: {{#if: UbuntuHelp:PostfixAmavisNew | UbuntuHelp:PostfixAmavisNew | {{#if: | :}}PostfixAmavisNew}}/vi | • {{#if: UbuntuHelp:PostfixAmavisNew|Tiếng Việt| [[::PostfixAmavisNew/vi|Tiếng Việt]]}}|}} {{#ifexist: {{#if: UbuntuHelp:PostfixAmavisNew | UbuntuHelp:PostfixAmavisNew | {{#if: | :}}PostfixAmavisNew}}/yue | • {{#if: UbuntuHelp:PostfixAmavisNew|粵語| [[::PostfixAmavisNew/yue|粵語]]}}|}} {{#ifexist: {{#if: UbuntuHelp:PostfixAmavisNew | UbuntuHelp:PostfixAmavisNew | {{#if: | :}}PostfixAmavisNew}}/zh | • {{#if: UbuntuHelp:PostfixAmavisNew|中文| [[::PostfixAmavisNew/zh|中文]]}}|}} {{#ifexist: {{#if: UbuntuHelp:PostfixAmavisNew | UbuntuHelp:PostfixAmavisNew | {{#if: | :}}PostfixAmavisNew}}/zh-hans | • {{#if: UbuntuHelp:PostfixAmavisNew|中文(简体)| [[::PostfixAmavisNew/zh-hans|中文(简体)]]}}|}} {{#ifexist: {{#if: UbuntuHelp:PostfixAmavisNew | UbuntuHelp:PostfixAmavisNew | {{#if: | :}}PostfixAmavisNew}}/zh-hant | • {{#if: UbuntuHelp:PostfixAmavisNew|中文(繁體)| [[::PostfixAmavisNew/zh-hant|中文(繁體)]]}}|}} |
{{#ifeq:UbuntuHelp:PostfixAmavisNew|:PostfixAmavisNew|请不要直接编辑翻译本页,本页将定期与来源同步。}} |
{{#ifexist: :PostfixAmavisNew/zh | | {{#ifexist: PostfixAmavisNew/zh | | {{#ifeq: {{#titleparts:PostfixAmavisNew|1|-1|}} | zh | | }} }} }} {{#ifeq: {{#titleparts:PostfixAmavisNew|1|-1|}} | zh | | }}
Introduction
In this howto, Postfix integration with amavis-new will be presented. Amavis-new is a wrapper that can call any number of content filtering programs for spam detection, antivirus, etc. In this howto, integration with Spamassassin and Clamav will be presented. This is a classical installation of Postfix + Amavis-new + Spamassassin + Clamav.
Please note that the packages amavisd-new
, clamav
, spamassassin
are part of the UbuntuHelp:UniversePackages. That means they will not receive security support from Canonical. You have been warned.
Prerequisite
You should have a functional Postfix server installed. If this is not the case, follow the UbuntuHelp:Postfix guide.
Installation
Activate Universe and Multiverse repositories. Just follow this howto: UbuntuHelp:AddingRepositoriesHowto. We explain why Universe is needed in the introduction; multiverse will be necessary for some compress/uncompress utils. To begin, install (see InstallingSoftware) the following packages:
sudo apt-get install amavisd-new spamassassin clamav-daemon
Install the optional packages for better spam detection (who does not want better spam detection?):
sudo apt-get install libnet-dns-perl libmail-spf-query-perl pyzor razor
Install some compress/uncompress utils. Install the following packages:
sudo apt-get install arj bzip2 cabextract cpio file gzip lha nomarch pax rar unrar unzip unzoo zip zoo
Configuration
Clamav
The default behaviour of Clamav will fit our needs. A daemon is launched (clamd) and signatures are fetched every day. For more Clamav configuration options, check the configuration files in /etc/clamav
.
Add clamav
user to the amavis
group in order for Clamav to have access to scan files:
sudo adduser clamav amavis
Spamassassin
Spamasssassin autodetects optional components and will use them if they are present. This means that there is no need to configure dcc-client
, pyzor
and razor
.
The fine tuning of Spamassassin rules is beyond the scope of this guide. Please refer to the UbuntuHelp:Spamassassin page.
Edit /etc/default/spamassassin
to activate the Spamassassin daemon change ENABLED=0 to:
ENABLED=1
Now start Spamassassin:
sudo /etc/init.d/spamassassin start
Amavis
First, activate spam and antivirus detection in Amavis by editing /etc/amavis/conf.d/15-content_filter_mode
:
use strict; # You can modify this file to re-enable SPAM checking through spamassassin # and to re-enable antivirus checking. # # Default antivirus checking mode # Uncomment the two lines below to enable it # @bypass_virus_checks_maps = ( \%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re); # # Default SPAM checking mode # Uncomment the two lines below to enable it # @bypass_spam_checks_maps = ( \%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re); 1; # insure a defined return
Bouncing spam can be a bad idea as the return address is often faked, so it may have your server put on a blacklist. Consider editing /etc/amavis/conf.d/20-debian_defaults
to set $final_spam_destiny to D_DISCARD rather than D_BOUNCE, as follows:
$final_spam_destiny = D_DISCARD;
After configuration Amavis needs to be restarted:
sudo /etc/init.d/amavis restart
Postfix integration
For postfix integration, you only need to edit /etc/postfix/main.cf
and add the following line:
content_filter = smtp-amavis:[127.0.0.1]:10024
Next edit /etc/postfix/master.cf
and add the following to the end of the file:
smtp-amavis unix - - - - 2 smtp -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes -o max_use=20 127.0.0.1:10025 inet n - - - - smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_delay_reject=no -o smtpd_client_restrictions=permit_mynetworks,reject -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_data_restrictions=reject_unauth_pipelining -o smtpd_end_of_data_restrictions= -o mynetworks=127.0.0.0/8 -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 -o smtpd_client_connection_count_limit=0 -o smtpd_client_connection_rate_limit=0 -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks
Also add the following two lines immediately below the "pickup" transport service:
-o content_filter= -o receive_override_options=no_header_body_checks
This will prevent messages that are generated to report on spam from being classified as spam. More information can be found from "README.postfix from amavisd-new" and "D.J.Fan" Reload postfix:
sudo /etc/init.d/postfix reload
Now content filtering with spam and virus detection is enabled.
Test
First, test that the amavis SMTP is listening:
telnet localhost 10024 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. 220 [127.0.0.1] ESMTP amavisd-new service ready ^]
Check on your /var/log/mail.log
that everything goes well. If you raise the log level, you can check every step of the content filtering: spam check, virus check, etc. Don't forget to lower the log level after your checks!
On messages that go through the content filter you should see:
X-Spam-Level: X-Virus-Scanned: Debian amavisd-new at example.com X-Spam-Status: No, hits=-2.3 tagged_above=-1000.0 required=5.0 tests=AWL, BAYES_00 X-Spam-Level:
Troubleshooting
If the filtering is not happening, adding the following to /etc/amavis/conf.d/50-user
may help:
@local_domains_acl = ( ".$mydomain" );
If you receive mail for other domains, add them to the list. This information was obtained from the Amavis-New FAQ here.
If you see the following error in /var/log/syslog when amavisd is trying to scan a message:
amavis[30807]: (30807-01) (!!) ask_av (ClamAV-clamd) FAILED - unexpected result: /var/lib/amavis/tmp/amavis-20070615T125025-30807/parts: lstat() failed. ERROR\n
Try changing the permissions on /var/lib/amavis/tmp
:
chmod -R 775 /var/lib/amavis/tmp
Another way to trouble shoot errors associated with Amavisd-new, Spamassassin, Postfix, or Clamav is to restart all the services with Amavisd-new being the last one to start:
sudo /etc/init.d/postfix restart sudo /etc/init.d/spamassassin restart sudo /etc/init.d/clamav-daemon restart sudo /etc/init.d/amavis restart
Then check /var/log/mail.log
and see if the error has gone away.
Note: This guide has been tested on Ubuntu 7.10 (Gutsy Gibbon).