Amavis-new and ClamAV: Difference between revisions
No edit summary |
No edit summary |
||
(17 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
= to stop using them = | |||
vi /etc/postfix/main.cf | |||
comment out | |||
<pre> | |||
#content_filter=smtp-amavis:[127.0.0.1]:10024 | |||
</pre> | </pre> | ||
= ClamAV = | |||
First get this installed | |||
<pre> | |||
apt-get install clamav clamav-testfiles | |||
</pre> | |||
Update using: | |||
<pre> | |||
freshclam | |||
</pre> | |||
test using: | |||
<pre> | |||
clamscan --infected --recursive /usr/share/clamav-testfiles/ | |||
</pre> | |||
To get it to go: | |||
<pre> | <pre> | ||
clamscan --infected --remove --recursive /usr/share/clamav-testfiles/ | |||
</pre> | |||
From [http://www.server-world.info/en/note?os=Debian_6.0&p=mail&f=6] | |||
== reporting results == | |||
<pre> | |||
clamscan -avr | |||
</pre> | </pre> | ||
will scan the logs to see what it's caught. | |||
== silly memory usage == | |||
can't figure out how to make amavis start up the clamscan, so disabled it using | |||
<pre> | |||
update-rc.d -f clamav-daemon remove | |||
update-rc.d -f clamav-freshclam remove | |||
</pre> | |||
and commenting out in amavis conf (see below) | |||
you can reduce the amount of max-threads, but that's about it :( | |||
= Amavis = | |||
Then we install Amavis, which sends mail from postfix to clamav and spamassassin and then into procmail after scanning | |||
<pre> | <pre> | ||
aptitude -y install clamav-daemon amavisd-new spamassassin altermime ripole arj cabextract cpio lhasa lzop nomarch p7zip rpm unrar unrar-free zoo | |||
</pre> | </pre> | ||
Also install the suggested unzip packages | |||
vi /etc/default/spamassassin | |||
line 8: turn '1' if you use spam filter | |||
ENABLED=1 | |||
Get the permissions for the temp dirs right: | |||
<pre> | <pre> | ||
usermod -a -G clamav clamav | |||
usermod -a -G amavis clamav | |||
</pre> | </pre> | ||
vi /etc/amavis/conf.d/15-content_filter_mode | vi /etc/amavis/conf.d/15-content_filter_mode | ||
line 13: uncomment | line 13: uncomment (ONLY if you want clamav to scan everything!) | ||
<pre> | <pre> | ||
Line 56: | Line 82: | ||
vi /etc/postfix/main.cf add at the last line | vi /etc/postfix/main.cf add at the last line | ||
<pre> | |||
content_filter=smtp-amavis:[127.0.0.1]:10024 | |||
</pre> | |||
vi /etc/postfix/master.cf | vi /etc/postfix/master.cf | ||
Line 69: | Line 97: | ||
-o disable_dns_lookups=yes | -o disable_dns_lookups=yes | ||
127.0.0.1:10025 inet n - n - - smtpd | 127.0.0.1:10025 inet n - n - - smtpd | ||
-o content_filter= | |||
-o smtpd_delay_reject=no | |||
-o smtpd_client_restrictions=permit_mynetworks,reject | |||
-o smtpd_helo_restrictions= | |||
-o smtpd_sender_restrictions= | |||
-o smtpd_recipient_restrictions=permit_mynetworks,reject | |||
-o smtpd_data_restrictions=reject_unauth_pipelining | |||
-o smtpd_end_of_data_restrictions= | |||
-o smtpd_restriction_classes= | |||
-o mynetworks=127.0.0.0/8 | |||
-o smtpd_error_sleep_time=0 | |||
-o smtpd_soft_error_limit=1001 | |||
-o smtpd_hard_error_limit=1000 | |||
-o smtpd_client_connection_count_limit=0 | |||
-o smtpd_client_connection_rate_limit=0 | |||
-o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters | |||
-o local_header_rewrite_clients= | |||
-o smtpd_milters= | |||
-o local_recipient_maps= | |||
-o relay_recipient_maps= | |||
</pre> | </pre> | ||
If you don't have it yet, then: | If you don't have it yet, then: | ||
vi /etc/mailname | |||
<pre> | |||
servername.tripany.com | |||
</pre> | |||
Line 100: | Line 138: | ||
</pre> | </pre> | ||
More info in /usr/share/doc/amavisd-new | |||
== Spamassassin settings == | |||
Amavis overrides some spamassassing settings, such as: | |||
<pre> | |||
$sa_local_tests_only = 0; | |||
$sa_mail_body_size_limit = 400*1024; | |||
$sa_tag_level_deflt = 2.0; | |||
</pre> | |||
and more | |||
== Tuning == | |||
You can set a higher number of servers in /etc/amavis/conf.d/50-user '''not in''' /etc/amavis/amavisd.conf | |||
<pre> | |||
$max_servers = 10; | |||
</pre> | |||
This number has to be the same as the maxproc column in /etc/postfix/master.cf, ie: | |||
<pre> | |||
smtp-amavis unix - - n - 10 smtp | |||
</pre> | |||
where the 10 = $max_servers. The number in master.cf should definitely not be higher than $max_servers. | |||
You can see if this is working by doing | |||
<pre> | |||
ps ax | grep amavis | |||
</pre> | |||
You will see the amavis processes as well as the postfix processes sending info to the amavis children: | |||
<pre> | |||
26805 ? Ss 0:01 amavisd (master) | |||
26844 ? S 0:28 amavisd (ch2-26844-02-16) | |||
26990 ? S 0:00 smtp -n smtp-amavis -t unix -u -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes | |||
</pre> | |||
There should '''not''' be more smtp processes running than amavisd children! | |||
Also in amavisd-nanny you should see as many processes as you have specified: | |||
<pre> | |||
PID 26844: 26844-02-16 0:00:02 === | |||
PID 26845: 26845-01-20 0:00:02 == | |||
PID 26846: 26846-02-17 0:00:04 ===== | |||
PID 26847: 26847-02-17 0:00:12 m========:== | |||
PID 26848: 26848-01-16 0:00:01 = | |||
PID 26849: 26849-01-16 0:00:02 === | |||
PID 26850: 26850-01-15 0:00:06 ====== | |||
PID 26851: 26851-01-16 0:00:03 ==== | |||
PID 26852: 26852-02-16 0:00:04 ==== | |||
PID 26853: 26853-02-17 0:00:01 == | |||
</pre> | |||
== Testing == | |||
Check if amavis is up: | Check if amavis is up: | ||
<pre> | <pre> | ||
netstat -nap | grep 10024 | netstat -nap | grep 10024 | ||
</pre> | |||
See what amavisd-new is doing: | |||
<pre> | |||
amavisd-nanny | |||
</pre> | |||
and | |||
<pre> | |||
amavisd-agent | |||
</pre> | |||
Now your messages should have an X-header line saying it was scanned by Amavis | |||
check clamd usage with | |||
<pre> | |||
clamdtop | |||
</pre> | </pre> |
Latest revision as of 10:09, 1 November 2018
to stop using them
vi /etc/postfix/main.cf
comment out
#content_filter=smtp-amavis:[127.0.0.1]:10024
ClamAV
First get this installed
apt-get install clamav clamav-testfiles
Update using:
freshclam
test using:
clamscan --infected --recursive /usr/share/clamav-testfiles/
To get it to go:
clamscan --infected --remove --recursive /usr/share/clamav-testfiles/
From [1]
reporting results
clamscan -avr
will scan the logs to see what it's caught.
silly memory usage
can't figure out how to make amavis start up the clamscan, so disabled it using
update-rc.d -f clamav-daemon remove update-rc.d -f clamav-freshclam remove
and commenting out in amavis conf (see below)
you can reduce the amount of max-threads, but that's about it :(
Amavis
Then we install Amavis, which sends mail from postfix to clamav and spamassassin and then into procmail after scanning
aptitude -y install clamav-daemon amavisd-new spamassassin altermime ripole arj cabextract cpio lhasa lzop nomarch p7zip rpm unrar unrar-free zoo
Also install the suggested unzip packages
vi /etc/default/spamassassin
line 8: turn '1' if you use spam filter
ENABLED=1
Get the permissions for the temp dirs right:
usermod -a -G clamav clamav usermod -a -G amavis clamav
vi /etc/amavis/conf.d/15-content_filter_mode
line 13: uncomment (ONLY if you want clamav to scan everything!)
@bypass_virus_checks_maps = ( \%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re);
line 24: uncomment ( if you use spam filter )
@bypass_spam_checks_maps = ( \%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re);
vi /etc/postfix/main.cf add at the last line
content_filter=smtp-amavis:[127.0.0.1]:10024
vi /etc/postfix/master.cf
add at the last line
smtp-amavis unix - - n - 2 smtp -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes 127.0.0.1:10025 inet n - n - - smtpd -o content_filter= -o smtpd_delay_reject=no -o smtpd_client_restrictions=permit_mynetworks,reject -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_data_restrictions=reject_unauth_pipelining -o smtpd_end_of_data_restrictions= -o smtpd_restriction_classes= -o mynetworks=127.0.0.0/8 -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 -o smtpd_client_connection_count_limit=0 -o smtpd_client_connection_rate_limit=0 -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters -o local_header_rewrite_clients= -o smtpd_milters= -o local_recipient_maps= -o relay_recipient_maps=
If you don't have it yet, then:
vi /etc/mailname
servername.tripany.com
chmod -R 775 /var/lib/amavis/tmp usermod -G amavis clamav
/etc/init.d/clamav-daemon restart /etc/init.d/spamassassin start /etc/init.d/postfix restart /etc/init.d/amavis restart
More info in /usr/share/doc/amavisd-new
Spamassassin settings
Amavis overrides some spamassassing settings, such as:
$sa_local_tests_only = 0; $sa_mail_body_size_limit = 400*1024; $sa_tag_level_deflt = 2.0;
and more
Tuning
You can set a higher number of servers in /etc/amavis/conf.d/50-user not in /etc/amavis/amavisd.conf
$max_servers = 10;
This number has to be the same as the maxproc column in /etc/postfix/master.cf, ie:
smtp-amavis unix - - n - 10 smtp
where the 10 = $max_servers. The number in master.cf should definitely not be higher than $max_servers.
You can see if this is working by doing
ps ax | grep amavis
You will see the amavis processes as well as the postfix processes sending info to the amavis children:
26805 ? Ss 0:01 amavisd (master) 26844 ? S 0:28 amavisd (ch2-26844-02-16) 26990 ? S 0:00 smtp -n smtp-amavis -t unix -u -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes
There should not be more smtp processes running than amavisd children!
Also in amavisd-nanny you should see as many processes as you have specified:
PID 26844: 26844-02-16 0:00:02 === PID 26845: 26845-01-20 0:00:02 == PID 26846: 26846-02-17 0:00:04 ===== PID 26847: 26847-02-17 0:00:12 m========:== PID 26848: 26848-01-16 0:00:01 = PID 26849: 26849-01-16 0:00:02 === PID 26850: 26850-01-15 0:00:06 ====== PID 26851: 26851-01-16 0:00:03 ==== PID 26852: 26852-02-16 0:00:04 ==== PID 26853: 26853-02-17 0:00:01 ==
Testing
Check if amavis is up:
netstat -nap | grep 10024
See what amavisd-new is doing:
amavisd-nanny
and
amavisd-agent
Now your messages should have an X-header line saying it was scanned by Amavis
check clamd usage with
clamdtop