Navigation
User login
Who's online
Shoutbox
Recent Popular Post
Syndicate
How To Configure Postfix With Amavisd-new, ClamAV and Spamassassin
What is ClamAV, Amavisd-new and Spamassassin?
Clam AntiVirus is an open source (GPL) anti-virus toolkit for UNIX, designed especially for e-mail scanning on mail gateways. It provides a number of utilities including a flexible and scalable multi-threaded daemon, a command line scanner and advanced tool for automatic database updates. The core of the package is an anti-virus engine available in a form of shared library.
Amavisd-new is a high-performance interface between mailer (MTA) and content checkers: virus scanners, and/or SpamAssassin. It is written in Perl for maintainability, without paying a significant price for speed. It talks to MTA via (E)SMTP or LMTP, or by using helper programs. Best with Postfix, fine with dual-sendmail setup and Exim v4, works with sendmail/milter, or with any MTA as a SMTP relay. For Courier and qmail MTA integration there is a patch in the distributed package.
SpamAssassin is a computer program released under the Apache License 2.0 used for e-mail spam filtering based on content-matching rules. SpamAssassin uses a variety of spam-detection techniques, including DNS-based and checksum-based spam detection, Bayesian filtering, external programs, blacklists and online databases.
I assume you already have postfix, postfixadmin, courier-authlib, courier-imap, squirellmail up and running in your server. If you still don't have postfix up and running, you can install it from this URL http://wowtutorial.org/en/tutorial/150.html
Download ClamAV, Spamassassin and Amavisd-new :
ClamAV : http://freshmeat.net/redir/clamav/29355/url_tgz/clamav-0.94.1.tar.gz
Spamassassin : http://www.alliedquotes.com/mirrors/apache/spamassassin/Mail-SpamAssassin-3.2.5.tar.gz
Amavisd-New : http://www.ijs.si/software/amavisd/amavisd-new-2.6.1.tar.gz
Login into your server :
$wget http://freshmeat.net/redir/clamav/29355/url_tgz/clamav-0.94.1.tar.gz
$wget http://www.alliedquotes.com/mirrors/apache/spamassassin/Mail-SpamAssassin-3.2.5.tar.gz
$wget http://www.ijs.si/software/amavisd/amavisd-new-2.6.1.tar.gz
Create user Amavis and ClamAV:
$adduser clamav
Make sure passwd and group file is like below :
uid=506(clamav) gid=506(amavis) groups=506(amavis)
#id amavis
uid=507(amavis) gid=507(clamav) groups=507(clamav)
#cat /etc/passwd
...
clamav:x:506:506::/home/clamav:/sbin/nologin
amavis:x:507:507::/home/amavis:/sbin/nologin
#cat /etc/group
...
clamav:x:507:
amavis:x:506:
Installing ClamAV :
$cd clamav-0.94.1
$./configure --prefix=/usr/local/clamav --with-dbdir=/usr/local/share/clamav --disable-zlib-vcheck --sysconfdir=/etc/clamav
$make && make install
Create Log Directory ClamAV and Modify clamd.conf and freshclam.conf
$chown -R amavis:amavis /var/log/clamav
$chown -R amavis.amavis /usr/local/share/clamav
$mkdir /var/run/clamav
$chmod 700 /var/run/clamav
$chown amavis.amavis /var/run/clamav
$mv /etc/clamav/freshclam.conf /etc/clamav/freshclam.conf.old
$vi /etc/clamav/freshclam.conf
DatabaseDirectory /usr/local/share/clamav
UpdateLogFile /var/log/clamav/freshclam.log
LogVerbose yes
LogSyslog yes
LogFacility LOG_MAIL
PidFile /var/run/freshclam.pid
DatabaseOwner amavis
DatabaseMirror db.CN.clamav.net
DatabaseMirror database.clamav.net
DatabaseMirror database.clamav.net
$mv /etc/clamav/clamd.conf /etc/clamav/clamd.conf.old
$vi /etc/clamav/clamd.conf
LogFile /var/log/clamav/clamd.log
LogSyslog yes
LogFacility LOG_MAIL
LogVerbose yes
PidFile /var/run/clamav/clamd.pid
DatabaseDirectory /usr/local/share/clamav
LocalSocket /tmp/clamd
StreamMaxLength 20M
User amavis
ScanELF yes
ScanPDF yes
ScanMail yes
PhishingSignatures yes
$cp contrib/init/RedHat/clamd /etc/rc.d/init.d/clamd
$cp contrib/init/RedHat/clamav-milter /etc/rc.d/init.d/clamav-milter
$chkconfig --add clamd
$chkconfig --add clamav-milter
$chkconfig --level 2345 clamd on
$chkconfig --level 2345 clamav-milter on
$echo "/usr/local/clamav/lib" >> /etc/ld.so.conf
$ldconfig -v
$vi /etc/rc.d/init.d/clamd
Make sure
progdi path is like below
progdir="/usr/local/clamav/sbin"
Setting Up Crontab
37 * * * * /usr/local/clamav/bin/freshclam
Installing Amavisd-new
$tar -zxvf amavisd-new-2.6.1.tar.gz
$cd amavisd-new-2.6.1
$mkdir -p /var/amavis /var/amavis/tmp /var/amavis/var /var/amavis
$chown -R amavis:amavis /var/amavis
$chmod -R 750 /var/amavis
$cp amavisd /usr/local/sbin/
$chown root /usr/local/sbin/amavisd
$chmod 755 /usr/local/sbin/amavisd
$cp amavisd.conf /etc/
$chown root /etc/amavisd.conf
$chmod 644 /etc/amavisd.conf
$mkdir /var/virusmails
$chown amavis:amavis /var/virusmails
$chmod 750 /var/virusmails
Modify Amavisd.conf
use strict;
# @bypass_virus_checks_acl = qw( . ); # uncomment to DISABLE anti-virus code
$file = 'file';
$arc = ['nomarch', 'arc'];
$gzip = 'gzip';
$bzip2 = 'bzip2';
$uncompress = ['uncompress', 'gzip -d', 'zcat'];
$lha = 'lha';
$unarj = 'unarj';
$unrar = 'unrar';
$zoo = 'zoo';
$path = '/usr/local/sbin:/usr/local/bin:/usr/sbin:/sbin:/usr/bin:/bin';
$max_servers=2;
$daemon_user = 'amavis';
$daemon_group = 'amavis';
$mydomain = 'server.wowtutorial.org';
$db_home = "$MYHOME/db";
$inet_socket_port = 10024;
$sa_tag_level_deflt = 3.0;
$sa_tag2_level_deflt = 6.3;
$sa_kill_level_deflt = $sa_tag2_level_deflt;
# $virus_admin = "virusalert@$mydomain";
$sa_spam_subject_tag = '***SPAM*** ';
$notify_method = $forward_method;
$forward_method = 'smtp:127.0.0.1:10025';
$final_virus_destiny = D_DISCARD;
$final_banned_destiny = D_DISCARD;
$final_spam_destiny = D_PASS;
$virus_admin = "postmaster\@$mydomain"; # notifications recip.
$mailfrom_notify_admin = "postmaster\@$mydomain"; # notifications sender
$mailfrom_notify_recip = "postmaster\@$mydomain"; # notifications sender
$mailfrom_notify_spamadmin = "postmaster\@$mydomain"; # notifications sender
$mailfrom_to_quarantine = ''; # null return path; uses original sender if undef
### Virus scanners
# Add X-Virus-Scanned line to mail? (default: undef)
$X_HEADER_TAG = 'X-Virus-Scanned';
$remove_existing_x_scanned_headers = 0; # leave existing X-Virus-Scanned alone
# Don't notify sender when these viruses are found because they spoof From:
$viruses_that_fake_sender_re = new_RE(
qr'nimda|hybris|klez|bugbear|yaha|braid|sobig|fizzer|palyh|peido|holar'i,
qr'tanatos|lentin|bridex|mimail|trojan\.dropper|dumaru|parite|spaces'i,
qr'dloader|galil|gibe|swen|netwatch|bics|sbrowse|sco|mydoom'i,
[qr'^(EICAR\.COM|Joke\.|Junk\.)'i => 0],
[qr'^(WM97|OF97|W95/CIH-|JS/Fort)'i => 0],
);
@av_scanners = (
# http://www.clamav.net/
['ClamAV-clamd',
\&ask_daemon, ["CONTSCAN {}\n", "/tmp/clamd"],
qr/\bOK$/, qr/\bFOUND$/,
qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
);
Debug amavisd with this command below :
ERROR: MISSING REQUIRED BASIC MODULES:
IO::Wrap
IO::Stringy
Unix::Syslog
MIME::Words
MIME::Head
MIME::Body
MIME::Entity
MIME::Parser
MIME::Decoder
MIME::Decoder::Base64
MIME::Decoder::Binary
MIME::Decoder::QuotedPrint
MIME::Decoder::NBit
MIME::Decoder::UU
MIME::Decoder::Gzip64
Net::Server
Net::Server::PreFork
BEGIN failed--compilation aborted at /usr/local/sbin/amavisd line 232.
It's mean we need to install perl module.
Here is the steps how to install perl module :
cpan> install IO::Wrap
cpan> install IO::Stringy
cpan> install Mail::DKIM::Verifier
cpan> install Crypt::OpenSSL::RSA
cpan> install Convert::TNEF
cpan> install Convert::UUlib
cpan> install Archive::Zip
Testing Debug or Starting Amavisd Services :
$/usr/local/sbin/amavisd debug
nb : if there is an error again, please try to install perl module again.
If all perl module is up and running we can just start amavisd daemon with this command below :
We also need to make sure anti virus and anti spam modules is loaded :
/usr/local/sbin/amavisd[17650]: ANTI-SPAM code loaded
/usr/local/sbin/amavisd[17650]: ANTI-SPAM-SA code loaded
Starting up Amavisd Daemon
$/usr/local/sbin/amavisd
Installing Spamassassin
$tar -zxvf Mail-SpamAssassin-3.2.5.tar.gz
$cd Mail-SpamAssassin-3.2.5
$Perl Makefile.PL
if there is an error.. you need to make sure all perl module is installed on the server first.
$make && make install
Modify Spamassassin Config file :
required_hits 10.0
report_safe 1
rewrite_header Subject [SPAM]
required_hits 10.0
rewrite_subject 1
use_bayes 1
bayes_auto_learn 1
skip_rbl_checks 1
use_razor2 0
use_pyzor 0
ok_locales all
$spamassassin -d --lint
[1034] warn: config: failed to parse line, skipping: rewrite_subject 1
[1034] warn: lint: 1 issues detected, please rerun with debug enabled for more information
We can just safely ignore the warning.
Starting Spamassassin
$/usr/bin/spamd -d
Added spamd to /etc/rc.local
$echo "/usr/bin/spamd -d" >> /etc/rc.local
Modify Postfix master.cf and main.cf
$vi main.cf
## add this line below
content_filter = smtp-amavis:[127.0.0.1]:10024
$vi master.cf
## add few line below into master.cf
smtp-amavis unix - - n - 2 smtp
-o smtp_data_done_timeout=1200
-o disable_dns_lookups=yes
127.0.0.1:10025 inet n - n - - smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
smtp inet n - n - - smtpd
Starting Postfix
postfix/postfix-script: starting the Postfix mail system
Testing Out the Mail Server :
Try to sending email to your local account with body (eicar virus)
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
Log For Amavisd, ClamAV and Spamassassin :
We are done.
We can just simple to testing out sending and receiving email and see amavisd log for Log ClamAV and Spamassassin.
$/usr/local/sbin/amavisd debug
....
/usr/local/sbin/amavisd[19461]: (19461-01) calling SA parse, SA version 3.2.5, 3.002005, data as GLOB
/usr/local/sbin/amavisd[19461]: (19461-01) CALLING SA check
/usr/local/sbin/amavisd[19461]: (19461-01) prolong_timer spam_scan_sa_finish: timer set to 479 s
/usr/local/sbin/amavisd[19461]: (19461-01) spam_scan: score=2.899 autolearn=no tests=[TVD_SPACE_RATIO=2.899]
/usr/local/sbin/amavisd[19461]: (19461-01) prolong_timer spam_scan: remaining time = 479 s
If you can see any log above it's mean your spamassassin is working properly
.....
/usr/local/sbin/amavisd[19461]: (19461-01) ask_av Using (ClamAV-clamd): CONTSCAN /var/amavis/amavis-20081111T234408-19461/parts\n
/usr/local/sbin/amavisd[19461]: (19461-01) ask_daemon_internal: timer set to 10 s (was 384 s)
/usr/local/sbin/amavisd[19461]: (19461-01) ClamAV-clamd: Connecting to socket /tmp/clamd
/usr/local/sbin/amavisd[19461]: (19461-01) ClamAV-clamd: Sending CONTSCAN /var/amavis/amavis-20081111T234408-19461/parts\n to UNIX socket /tmp/clamd
/usr/local/sbin/amavisd[19461]: (19461-01) prolong_timer ask_daemon_internal: timer set to 307 s
/usr/local/sbin/amavisd[19461]: (19461-01) prolong_timer ask_av: timer set to 480 s
/usr/local/sbin/amavisd[19461]: (19461-01) ask_av (ClamAV-clamd) result: /var/amavis/amavis-20081111T234408-19461/parts: OK\n
/usr/local/sbin/amavisd[19461]: (19461-01) run_av (ClamAV-clamd): CLEAN
/usr/local/sbin/amavisd[19461]: (19461-01) run_av (ClamAV-clamd) result: clean
If you can see any log above it's mean your ClamAV is working properly.
You also can see a email header like below :
<table width="99%" align="center" border="0" cellpadding="2" cellspacing="0">
<tbody>
<tr>
<td><nobr><tt><b>Received:</b> from localhost (server.wowtutorial.org [127.0.0.1])
by server.wowtutorial.org (Postfix) with ESMTP id 123C4220527
for <<a href="http://216.176.182.40/webmail/src/compose.php?send_to=sentono%40angelove.cc">sentono@wowtutorial.org</a>>; Tue, 11 Nov 2008 23:44:09 -0500 (EST)
</tt></nobr><nobr><tt>X-Virus-Scanned: amavisd-new at server.wowtutorial.org
</tt></nobr><nobr><tt><b>Received:</b> from server.wowtutorial.org ([127.0.0.1])
by localhost (</tt></nobr><tt>server.wowtutorial.org</tt><nobr><tt>[127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id CsDuPTZ3erXK for <<a href="http://216.176.182.40/webmail/src/compose.php?send_to=sentono%40angelove.cc">sentono@wowtutorial.org</a>>;
Tue, 11 Nov 2008 23:44:08 -0500 (EST)</tt></nobr></td>
</tr>
</tbody>
</table>
...
Recent comments
43 weeks 4 days ago
47 weeks 1 day ago
1 year 3 weeks ago