UbuntuHelp:PostfixAmavisNew
来自Ubuntu中文
目录
Introduction
In this howto, Postfix integration with amavis-new will be presented. Amavis-new is a wrapper that can call any number of content filtering programs for spam detection, antivirus, etc. In this howto, integration with spamassassin and clamav will be presented. This is a classical installation of Postfix + amavis-new + spamassassin + clamav.
Please note that the packages amavisd-new, clamav, spamassassin are part of the UbuntuHelp:UniversePackages. That means they will not receive security support from canonical. You have been warned.
Prerequisite
Postfix should be functional on your server. If it is not the case, follow the UbuntuHelp:Postfix howto.
Installation
Activate Universe and Multiverse repositories. Just follow this howto: UbuntuHelp:AddingRepositoriesHowto. We explain why Universe is needed in the introduction; multiverse will be necessary for some compress/uncompress utils.
To begin, install (see InstallingSoftware) the following packages:
apt-get install amavisd-new spamassassin clamav-daemon clamav-freshclam
Install the optional packages for better spam detection (who does not want better spam detection?):
apt-get install libnet-dns-perl libmail-spf-query-perl pyzor razor
Install some compress/uncompress utils. Install the following packages:
apt-get install arj bzip2 cabextract cpio file gzip lha nomarch pax rar unrar unzip unzoo zip zoo
Configuration
clamav
The default behaviour of clamav will fit our needs. A daemon is launched (clamd) and signatures are fetched every day. If you want to run clamav functionnement, check configuration files in /etc/clamav.
Add clamav user in amavis in order for clamav to access files:
sudo adduser clamav amavis
spamassassin
spamasssassin autodetects optional components and will use them if they are present. This means that there is no need to configure dcc-client, pyzor and razor.
We will not talk about fine tuning of spamassassin rules here. Please refer to the UbuntuHelp:Spamassassin page.
Edit /etc/default/spamassassin to activate daemon file:
8<----------------------------------------- # Change to one to enable spamd ENABLED=1 8<-----------------------------------------
amavis
First, activate spam detection and antivirus detection in amavis by editing /etc/amavis/conf.d/15-content_filter_mode:
use strict; # You can modify this file to re-enable SPAM checking through spamassassin # and to re-enable antivirus checking. # # Default antivirus checking mode # Uncomment the two lines below to enable it # @bypass_virus_checks_maps = ( \%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re); # # Default SPAM checking mode # Uncomment the two lines below to enable it # @bypass_spam_checks_maps = ( \%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re); 1; # insure a defined return
(Disclaimer: the following advice and config is not from an expert - if you know better, please change/remove it - if you know it's good advice please remove this disclaimer). Bouncing spam can be a bad idea as the return address is often faked, so it may have your server put on a blacklist. Consider editing /etc/amavis/conf.d/20-debian_defaults to set $final_spam_destiny to D_DISCARD rather than D_BOUNCE, as follows:
$final_spam_destiny = D_DISCARD;
Postfix integration
For postfix integration, you only need to add in /etc/postfix/main.cf the following line:
content_filter=smtp-amavis:[127.0.0.1]:10024
Reload postfix. Now content filtering with spam and virus detection is enabled.
Add content filter
On Ubuntu server (postfix 2.2.10-1, amavisd-new 1:2.3.3-3), you will get errors in /etc/log/mail.info that look like:
postfix/qmgr[6502]: warning: connect to transport smtp-amavis-new: No such file or directory postfix/qmgr[6502]: warning: connect to transport amavis: No such file or directory
To correct this you will also need to edit /etc/postfix/master.cf and add the following to the end of the file:
smtp-amavis unix - - - - 2 smtp -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes -o max_use=20 127.0.0.1:10025 inet n - - - - smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_delay_reject=no -o smtpd_client_restrictions=permit_mynetworks,reject -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_data_restrictions=reject_unauth_pipelining -o smtpd_end_of_data_restrictions= -o mynetworks=127.0.0.0/8 -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 -o smtpd_client_connection_count_limit=0 -o smtpd_client_connection_rate_limit=0 -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks
Also add the following two lines immediately below the "pickup" transport service:
-o content_filter= -o receive_override_options=no_header_body_checks
This will prevent messages that are generated to report on spam from being classified as spam.
More information can be found from "README.postfix from amavisd-new" and "D.J.Fan"
Reload postfix. Now content filtering with spam and virus detection is enabled.
Test
First, test that the amavis SMTP is listening:
telnet localhost 10024 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. 220 [127.0.0.1] ESMTP amavisd-new service ready ^]
Check on your /var/log/mail.log that everything goes well. If you raise the log level, you can check every step of the content filtering: spam check, virus check, etc. Don't forget to lower the log level after your checks!
On messages that go through the content filter you should see:
X-Spam-Level: X-Virus-Scanned: Debian amavisd-new at example.com X-Spam-Status: No, hits=-2.3 tagged_above=-1000.0 required=5.0 tests=AWL, BAYES_00 X-Spam-Level:
Troubleshooting
If the filtering is not happening, adding the following to /etc/amavis/conf.d/50-user may help:
@local_domains_acl = ( ".$mydomain" );
If you receive mail for other domains, add them to the list. This information was obtained from the Amavis-New FAQ here.
CategoryDocumentation
