FreeBSD Postfix Amavis Spam Assassin Clam AntiVirus

From shankerbalan.net
Jump to: navigation, search

Contents

Overview 

[godzilla] ~# pkg_info -x p5-Mail-Spam
Information for p5-Mail-SpamAssassin-2.53:

Comment:
A highly efficient mail filter for identifying spam

[godzilla] ~# pkg_info -x razor-agents
Information for razor-agents-2.22:

Comment:
A distributed, collaborative, spam detection and filtering network

[godzilla] ~# pkg_info -x clamav
Information for clamav-0.54:

Comment:
Command line virus scanner using database from OpenAntiVirus

[godzilla] ~# pkg_info -x amavisd-new
Information for amavisd-new-20030314.p1:

Comment:
Performance-enhanced daemonized version of amavis-perl

Install/Configuration

  • Install the packaged via "portinstall" 
root# portinstall mail/p5-Mail-SpamAssassin
root# portinstall mail/razor-agents-2.22:
root# portinsyall security/clamav
root# portinstall security/amavisd-new


Configure Amavis

/usr/local/etc/amavisd.conf 

$MYHOME = '/var/amavis';   # (default is '/var/amavis')

$mydomain = 'mydomain.com';      # (no useful default)

$daemon_user  = 'amavis';      # (no default;  customary: vscan or amavis)
$daemon_group = 'amavis';      # (no default;  customary: vscan or amavis)

$SYSLOG_LEVEL = 'mail.info';     # (defaults to 'mail.info')

$final_spam_destiny   = D_PASS;  # (defaults to D_REJECT)

$virus_admin = "virusalert\@localhost";
$spam_admin = "spamalert\@localhost";
$mailfrom_notify_spamadmin = "spamadmin\@$mydomain";
$remove_existing_x_scanned_headers= 1; # remove existing headers

$sa_tag2_level_deflt = 5.0; # add 'spam detected' headers at that level
$sa_spam_subject_tag = '*SPAM* ';      # (defaults to undef, disables)

[godzilla] ~# id vscan
uid=1003(vscan) gid=1003(vscan) groups=1003(vscan)
  • Check perms on /var/amavis/. Amavis runs as "vsan" and creates socket/pid/lock file here. 
[godzilla] ~# ls -ld /var/amavis/
drwxr-x---  10 vscan  vscan  512 May 15 16:42 /var/amavis/

[godzilla] ~# ls -ld /var/amavis/amavisd*
-rw-r-----  1 vscan  vscan  0 May 15 16:44 /var/amavis/amavisd.lock
-rw-r-----  1 vscan  vscan  6 May 15 16:42 /var/amavis/amavisd.pid
srwxr-x---  1 vscan  vscan  0 May 15 16:42 /var/amavis/amavisd.sock
  • Check perms on /usr/local/share/clamav, it should be owned by "clamav:clamav" 
[godzilla] ~> ls -ld /usr/local/share/clamav/
drwxr-xr-x  2 clamav  clamav  512 May 19 12:30 /usr/local/share/clamav/
  • Update Clam A/V signature database 
[godzilla] ~# id clamav
uid=32000(clamav) gid=32000(clamav) groups=32000(clamav)

[godzilla] ~# freshclam
Checking for a new database - started at Thu May 15 16:55:15 2003
Current working dir is /usr/local/share/clamav
Connected to clamav.elektrapro.com.
Reading md5 sum (viruses.md5): OK
viruses.db is up to date.
Reading md5 sum (viruses2.md5): OK
viruses.db2 is up to date.

Start Amavisd 

[godzilla] ~# /usr/local/etc/rc.d/amavisd.sh start

/var/log/amavis.log 

May 15 16:56:34 godzilla.mydomain.com amavisd[64384]: starting.  amavisd at godzilla.mydomain.com amavisd-new-20030314-p1, Unicode aware, LC_ALL=C, LANG=C
May 15 16:56:34 godzilla.mydomain.com amavisd[64385]: Found $file       at /usr/bin/file
May 15 16:56:34 godzilla.mydomain.com amavisd[64385]: Found $arc        at /usr/local/bin/arc
May 15 16:56:34 godzilla.mydomain.com amavisd[64385]: Found $gzip       at /usr/bin/gzip
May 15 16:56:34 godzilla.mydomain.com amavisd[64385]: Found $bzip2      at /usr/bin/bzip2
May 15 16:56:34 godzilla.mydomain.com amavisd[64385]: Found $lha        at /usr/local/bin/lha
May 15 16:56:34 godzilla.mydomain.com amavisd[64385]: Found $unarj      at /usr/local/bin/unarj
May 15 16:56:34 godzilla.mydomain.com amavisd[64385]: Found $uncompress at /usr/bin/uncompress
May 15 16:56:34 godzilla.mydomain.com amavisd[64385]: Found $unrar      at /usr/local/bin/unrar
May 15 16:56:34 godzilla.mydomain.com amavisd[64385]: Found $zoo        at /usr/local/bin/zoo
May 15 16:56:34 godzilla.mydomain.com amavisd[64385]: Found secondary av scanner Clam Antivirus - clamscan at /usr/local/bin/clamscan

Postfix Configuration

Postfix main.cf 

content_filter = smtp-amavis:[127.0.0.1]:10024
max_use = 10

=== Postfix master.cf ===

<pre>
smtp-amavis unix - - y - 2 lmtp
        -o smtp_data_done_timeout=1200
        -o disable_dns_lookups=yes

127.0.0.1:10025 inet    n       -       y       -       -       smtpd
        -o content_filter=
        -o local_recipient_maps=
        -o relay_recipient_maps=
        -o smtpd_restriction_classes=
        -o smtpd_client_restrictions=
        -o smtpd_helo_restrictions=
        -o smtpd_sender_restrictions=
        -o smtpd_recipient_restrictions=permit_mynetworks,reject
        -o mynetworks=127.0.0.0/8
        -o strict_rfc821_envelopes=yes

Notes

  • Razor does not seem to kick in via Amavis/SpamAssassin. I think it has been left out intentionally at SA port compile time.
  • Dropping the "tagged_above" level to 2 so that most mails have the "X-Spam-Level" header added. Leaving the subject line untouched. If you do not see any Spam headers being added to your mails, try dropping the tagged_above level lower.
  • Make sure the accounts exist for Amavis (vscan) and Clam (clamav) and thir working directories have right perms.
  • I really dont know how well ClamAV works. On production sites I use the command line version F-Port from http://www.f-secure.com/.
  • Syslog for Amavis does clutter up maillog

ToDo

  • Figure our Razor+SA
  • Figure out the daemonized version of Clam and hook it to Amavis
  • Document Qmail-Scan

Resources

Retrieved from "http://shankerbalan.net/wiki/FreeBSD_Postfix_Amavis_Spam_Assassin_Clam_AntiVirus"
Personal tools