Amavis-new and ClamAV: Difference between revisions

From Edgar BV Wiki
Jump to navigation Jump to search
No edit summary
No edit summary
 
(15 intermediate revisions by the same user not shown)
Line 1: Line 1:
= to stop using them =
vi /etc/postfix/main.cf
comment out
<pre>
#content_filter=smtp-amavis:[127.0.0.1]:10024
</pre>
= ClamAV =
First get this installed
<pre>
<pre>
apt-get install clamav clamav-testfiles
apt-get install clamav clamav-testfiles
Line 16: Line 26:


From [http://www.server-world.info/en/note?os=Debian_6.0&p=mail&f=6]
From [http://www.server-world.info/en/note?os=Debian_6.0&p=mail&f=6]
<pre>  
 
aptitude -y install clamav-daemon amavisd-new spamassassin
== reporting results ==
<pre>
clamscan -avr
</pre>
</pre>
will scan the logs to see what it's caught.


vi /etc/default/spamassassin
== silly memory usage ==


line 8: turn '1' if you use spam filter
can't figure out how to make amavis start up the clamscan, so disabled it using
 
ENABLED=1
<pre>
<pre>
cp /usr/share/doc/amavisd-new/examples/amavisd.conf-sample.gz /etc/amavis/ gunzip /etc/amavis/amavisd.conf-sample.gz mv /etc/amavis/amavisd.conf-sample /etc/amavis/amavisd.conf vi /etc/amavis/amavisd.conf
update-rc.d -f clamav-daemon remove
 
update-rc.d -f clamav-freshclam remove
</pre>
</pre>
line 66: uncomment
$MYHOME = '/var/lib/amavis';
line 71: specify domain name


$mydomain = 'tripany.com';
and commenting out in amavis conf (see below)


line 73: uncomment and specify hostname
you can reduce the amount of max-threads, but that's about it :(


$myhostname = 'imap.tripany.com';
= Amavis =
Then we install Amavis, which sends mail from postfix to clamav and spamassassin and then into procmail after scanning


line 77,78: change
<pre>
$daemon_user  = 'amavis';
aptitude -y install clamav-daemon amavisd-new spamassassin altermime ripole arj cabextract cpio lhasa lzop nomarch p7zip rpm unrar unrar-free zoo
$daemon_group = 'amavis';
</pre>


line 62: make it comment (not notify if virus would detect )
Also install the suggested unzip packages


<pre>
vi /etc/default/spamassassin
#$virus_admin = "virusalert\@$mydomain";
</pre>


line 8: turn '1' if you use spam filter


line 1934: uncomment and add the .ctl behind /var/run/clamav/clamd.ctl
ENABLED=1
 
Get the permissions for the temp dirs right:
<pre>
<pre>
['ClamAV-clamd',
usermod -a -G clamav clamav
  \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd.ctl"],
usermod -a -G amavis clamav
  qr/\bOK$/m, qr/\bFOUND$/m,
  qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ],
</pre>
</pre>


vi /etc/amavis/conf.d/15-content_filter_mode  
vi /etc/amavis/conf.d/15-content_filter_mode  


line 13: uncomment
line 13: uncomment (ONLY if you want clamav to scan everything!)
<pre>
<pre>


Line 74: Line 82:


vi /etc/postfix/main.cf add at the last line
vi /etc/postfix/main.cf add at the last line
<pre>
content_filter=smtp-amavis:[127.0.0.1]:10024
</pre>


content_filter=smtp-amavis:[127.0.0.1]:10024
vi /etc/postfix/master.cf  
vi /etc/postfix/master.cf  


Line 87: Line 97:
       -o disable_dns_lookups=yes
       -o disable_dns_lookups=yes
127.0.0.1:10025 inet n    -    n    -    -  smtpd
127.0.0.1:10025 inet n    -    n    -    -  smtpd
      -o content_filter=
    -o content_filter=
      -o local_recipient_maps=
    -o smtpd_delay_reject=no
      -o relay_recipient_maps=
    -o smtpd_client_restrictions=permit_mynetworks,reject
      -o smtpd_restriction_classes=
    -o smtpd_helo_restrictions=
      -o smtpd_client_restrictions=
    -o smtpd_sender_restrictions=
      -o smtpd_helo_restrictions=
    -o smtpd_recipient_restrictions=permit_mynetworks,reject
      -o smtpd_sender_restrictions=
    -o smtpd_data_restrictions=reject_unauth_pipelining
      -o smtpd_recipient_restrictions=permit_mynetworks,reject
    -o smtpd_end_of_data_restrictions=
      -o mynetworks=127.0.0.0/8
    -o smtpd_restriction_classes=
      -o strict_rfc821_envelopes=yes
    -o mynetworks=127.0.0.0/8
      -o smtpd_error_sleep_time=0
    -o smtpd_error_sleep_time=0
      -o smtpd_soft_error_limit=1001
    -o smtpd_soft_error_limit=1001
      -o smtpd_hard_error_limit=1000
    -o smtpd_hard_error_limit=1000
    -o smtpd_client_connection_count_limit=0
    -o smtpd_client_connection_rate_limit=0
    -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters
    -o local_header_rewrite_clients=
    -o smtpd_milters=
    -o local_recipient_maps=
    -o relay_recipient_maps=
</pre>
</pre>


If you don't have it yet, then:
If you don't have it yet, then:


touch /etc/mailname  
vi /etc/mailname  
<pre>
servername.tripany.com
</pre>




Line 118: Line 138:
</pre>
</pre>


More info in /usr/share/doc/amavisd-new
== Spamassassin settings ==
Amavis overrides some spamassassing settings, such as:
<pre>
$sa_local_tests_only = 0;
$sa_mail_body_size_limit = 400*1024;
$sa_tag_level_deflt  = 2.0;
</pre>
and more
== Tuning ==
You can set a higher number of servers in /etc/amavis/conf.d/50-user '''not in''' /etc/amavis/amavisd.conf
<pre>
$max_servers = 10;
</pre>
This number has to be the same as the maxproc column in /etc/postfix/master.cf, ie:
<pre>
smtp-amavis unix -      -      n      -    10 smtp
</pre>
where the 10 = $max_servers. The number in master.cf should definitely not be higher than $max_servers.
You can see if this is working by doing
<pre>
ps ax | grep amavis
</pre>
You will see the amavis processes as well as the postfix processes sending info to the amavis children:
<pre>
26805 ?        Ss    0:01 amavisd (master)
26844 ?        S      0:28 amavisd (ch2-26844-02-16)
26990 ?        S      0:00 smtp -n smtp-amavis -t unix -u -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes
</pre>
There should '''not''' be more smtp processes running than amavisd children!
Also in amavisd-nanny you should see as many processes as you have specified:
<pre>
PID 26844: 26844-02-16  0:00:02 ===
PID 26845: 26845-01-20  0:00:02 ==
PID 26846: 26846-02-17  0:00:04 =====
PID 26847: 26847-02-17  0:00:12 m========:==
PID 26848: 26848-01-16  0:00:01 =
PID 26849: 26849-01-16  0:00:02 ===
PID 26850: 26850-01-15  0:00:06 ======
PID 26851: 26851-01-16  0:00:03 ====
PID 26852: 26852-02-16  0:00:04 ====
PID 26853: 26853-02-17  0:00:01 ==
</pre>
== Testing ==
Check if amavis is up:
Check if amavis is up:
<pre>
<pre>
netstat -nap | grep 10024
netstat -nap | grep 10024
</pre>
See what amavisd-new is doing:
<pre>
amavisd-nanny
</pre>
and
<pre>
amavisd-agent
</pre>
</pre>


Now your messages should have an X-header line saying it was scanned by Amavis
Now your messages should have an X-header line saying it was scanned by Amavis
check clamd usage with
<pre>
clamdtop
</pre>

Latest revision as of 10:09, 1 November 2018

to stop using them

vi /etc/postfix/main.cf

comment out

#content_filter=smtp-amavis:[127.0.0.1]:10024

ClamAV

First get this installed

apt-get install clamav clamav-testfiles

Update using:

freshclam

test using:

clamscan --infected --recursive /usr/share/clamav-testfiles/

To get it to go:

clamscan --infected --remove --recursive /usr/share/clamav-testfiles/

From [1]

reporting results

clamscan -avr

will scan the logs to see what it's caught.

silly memory usage

can't figure out how to make amavis start up the clamscan, so disabled it using

update-rc.d -f clamav-daemon remove
update-rc.d -f clamav-freshclam remove

and commenting out in amavis conf (see below)

you can reduce the amount of max-threads, but that's about it :(

Amavis

Then we install Amavis, which sends mail from postfix to clamav and spamassassin and then into procmail after scanning

 
aptitude -y install clamav-daemon amavisd-new spamassassin altermime ripole arj cabextract cpio lhasa lzop nomarch p7zip rpm unrar unrar-free zoo

Also install the suggested unzip packages

vi /etc/default/spamassassin

line 8: turn '1' if you use spam filter

ENABLED=1

Get the permissions for the temp dirs right:

usermod -a -G clamav clamav
usermod -a -G amavis clamav

vi /etc/amavis/conf.d/15-content_filter_mode

line 13: uncomment (ONLY if you want clamav to scan everything!)


@bypass_virus_checks_maps = (
  \%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re);


line 24: uncomment ( if you use spam filter )

@bypass_spam_checks_maps = (
  \%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re);

vi /etc/postfix/main.cf add at the last line

content_filter=smtp-amavis:[127.0.0.1]:10024

vi /etc/postfix/master.cf


add at the last line

smtp-amavis unix -       -       n      -     2  smtp
      -o smtp_data_done_timeout=1200
      -o smtp_send_xforward_command=yes
      -o disable_dns_lookups=yes
127.0.0.1:10025 inet n     -     n     -     -  smtpd
     -o content_filter=
     -o smtpd_delay_reject=no
     -o smtpd_client_restrictions=permit_mynetworks,reject
     -o smtpd_helo_restrictions=
     -o smtpd_sender_restrictions=
     -o smtpd_recipient_restrictions=permit_mynetworks,reject
     -o smtpd_data_restrictions=reject_unauth_pipelining
     -o smtpd_end_of_data_restrictions=
     -o smtpd_restriction_classes=
     -o mynetworks=127.0.0.0/8
     -o smtpd_error_sleep_time=0
     -o smtpd_soft_error_limit=1001
     -o smtpd_hard_error_limit=1000
     -o smtpd_client_connection_count_limit=0
     -o smtpd_client_connection_rate_limit=0
     -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters
     -o local_header_rewrite_clients=
     -o smtpd_milters=
     -o local_recipient_maps=
     -o relay_recipient_maps=

If you don't have it yet, then:

vi /etc/mailname

servername.tripany.com


 
chmod -R 775 /var/lib/amavis/tmp usermod -G amavis clamav 


/etc/init.d/clamav-daemon restart 
/etc/init.d/spamassassin start 
/etc/init.d/postfix restart 
/etc/init.d/amavis restart

More info in /usr/share/doc/amavisd-new

Spamassassin settings

Amavis overrides some spamassassing settings, such as:

$sa_local_tests_only = 0;
$sa_mail_body_size_limit = 400*1024;
$sa_tag_level_deflt  = 2.0;

and more

Tuning

You can set a higher number of servers in /etc/amavis/conf.d/50-user not in /etc/amavis/amavisd.conf

$max_servers = 10;

This number has to be the same as the maxproc column in /etc/postfix/master.cf, ie:

smtp-amavis unix -       -       n      -     10 smtp

where the 10 = $max_servers. The number in master.cf should definitely not be higher than $max_servers.

You can see if this is working by doing

ps ax | grep amavis

You will see the amavis processes as well as the postfix processes sending info to the amavis children:

26805 ?        Ss     0:01 amavisd (master)
26844 ?        S      0:28 amavisd (ch2-26844-02-16)
26990 ?        S      0:00 smtp -n smtp-amavis -t unix -u -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes

There should not be more smtp processes running than amavisd children!

Also in amavisd-nanny you should see as many processes as you have specified:

PID 26844: 26844-02-16   0:00:02 ===
PID 26845: 26845-01-20   0:00:02 ==
PID 26846: 26846-02-17   0:00:04 =====
PID 26847: 26847-02-17   0:00:12 m========:==
PID 26848: 26848-01-16   0:00:01 =
PID 26849: 26849-01-16   0:00:02 ===
PID 26850: 26850-01-15   0:00:06 ======
PID 26851: 26851-01-16   0:00:03 ====
PID 26852: 26852-02-16   0:00:04 ====
PID 26853: 26853-02-17   0:00:01 ==

Testing

Check if amavis is up:

netstat -nap | grep 10024

See what amavisd-new is doing:

amavisd-nanny

and

amavisd-agent

Now your messages should have an X-header line saying it was scanned by Amavis

check clamd usage with

clamdtop