Scalix & Amavisd-New HOWTO - Wiki updated

[interways2]

Either you have a typo in your amavisd-milter.sock path settings or your amavisd-milter has wrong user/permissions settings. Start amavisd-milter with your amavis or vscan user.

[Shredder]

I have a client that has followed this setup on a SLES 10 install.

It seems to be working, but isn't inserting headers into messages as they come in. According to /var/log/mail.info it looks like the messages are going through amavisd but SA doesn't seem to be applied to it.

According to the Amavisd-new website, they say that if headers are not put in, then your $local_domain_acl line could be wrong. In the how-to only a $ local_domain_map line is used. Is that correct?

In the local_domain_map line I have the clients domain listed.

Here is his amavisd.conf file (with the domain munged out):

Code: Select all

use strict;

# a minimalistic configuration file for amavisd-new with all necessary settings
#
#   see amavisd.conf-default for a list of all variables with their defaults;
#   see amavisd.conf-sample for a traditional-style commented file;
#   for more details see documentation in INSTALL, README_FILES/*
#   and at http://www.ijs.si/software/amavisd/amavisd-new-docs.html


# COMMONLY ADJUSTED SETTINGS:

# @bypass_virus_checks_maps = (1);  # uncomment to DISABLE anti-virus code
# @bypass_spam_checks_maps  = (1);  # uncomment to DISABLE anti-spam code

$max_servers = 2;            # number of pre-forked children (2..15 is common)
$daemon_user = 'vscan';
$daemon_group = 'vscan';

$mydomain = 'xxx.ca';   # a convenient default for other settings

$MYHOME = '/var/amavis';
$TEMPBASE = "$MYHOME/tmp";   # working directory, needs to be created manually
$ENV{TMPDIR} = $TEMPBASE;    # environment variable TMPDIR
$QUARANTINEDIR = '/var/spool/amavis/virusmails';
# $quarantine_subdir_levels = 1;  # add level of subdirs to disperse quarantine

# $daemon_chroot_dir = $MYHOME;   # chroot directory or undef

# $db_home   = "$MYHOME/db";
# $helpers_home = "$MYHOME/var";  # prefer $MYHOME clean and owned by root?
# $pid_file  = "$MYHOME/var/amavisd.pid";
# $lock_file = "$MYHOME/var/amavisd.lock";
#NOTE: create directories $MYHOME/tmp, $MYHOME/var, $MYHOME/db manually

@local_domains_maps = ( [".$mydomain", ".xxx-xxx.ca"] );
# @mynetworks = qw( 127.0.0.0/8 [::1] [FE80::]/10 [FEC0::]/10
#                   10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 );

$log_level = 5;              # verbosity 0..5
$log_recip_templ = undef;    # disable by-recipient level-0 log entries
$DO_SYSLOG = 1;              # log via syslogd (preferred)
$SYSLOG_LEVEL = 'mail.debug';

$enable_db = 1;              # enable use of BerkeleyDB/libdb (SNMP and nanny)
$enable_global_cache = 1;    # enable use of libdb-based cache if $enable_db=1

#$inet_socket_port = 10024;   # listen on this local TCP port(s) (see $protocol)
$unix_socketname = "$MYHOME/amavisd.sock";  # when using sendmail milter
$protocol = "AM.PDP"; # Use AM.PDP Protocol

$sa_tag_level_deflt  = -9999;  # add spam info headers if at, or above that level
$sa_tag2_level_deflt = 3.4;
#$sa_kill_level_deflt = 6.31; # triggers spam evasive actions
#$sa_dsn_cutoff_level = 9;    # spam level beyond which a DSN is not sent
#$sa_quarantine_cutoff_level = 20; # spam level beyond which quarantine is off

$sa_mail_body_size_limit = 200*1024; # don't waste time on SA if mail is larger
$sa_local_tests_only = 0;    # only tests which do not require internet access?
$sa_auto_whitelist = 1;      # turn on AWL in SA 2.63 or older (irrelevant
                             # for SA 3.0, cf option is 'use_auto_whitelist')

# @lookup_sql_dsn =
#   ( ['DBI:mysql:database=mail;host=127.0.0.1;port=3306', 'user1', 'passwd1'],
#     ['DBI:mysql:database=mail;host=host2', 'username2', 'password2'],
#     ["DBI:SQLite:dbname=$MYHOME/sql/mail_prefs.sqlite", '', ''] );
# @storage_sql_dsn = @lookup_sql_dsn;  # none, same, or separate database

$virus_admin               = "postmaster\@$mydomain";  # notifications recip.

$mailfrom_notify_admin     = "postmaster\@$mydomain";  # notifications sender
$mailfrom_notify_recip     = "postmaster\@$mydomain";  # notifications sender
$mailfrom_notify_spamadmin = "spam.police\@$mydomain"; # notifications sender
$mailfrom_to_quarantine = ''; # null return path; uses original sender if undef

@addr_extension_virus_maps      = ('virus');
@addr_extension_spam_maps       = ('spam');
@addr_extension_banned_maps     = ('banned');
@addr_extension_bad_header_maps = ('badh');
# $recipient_delimiter = '+';  # undef disables address extensions altogether
# when enabling addr extensions do also Postfix/main.cf: recipient_delimiter=+

$path = '/usr/local/sbin:/usr/local/bin:/usr/sbin:/sbin:/usr/bin:/bin';
# $dspam = 'dspam';

$MAXLEVELS = 14;
$MAXFILES = 1500;
$MIN_EXPANSION_QUOTA =      100*1024;  # bytes  (default undef, not enforced)
$MAX_EXPANSION_QUOTA = 300*1024*1024;  # bytes  (default undef, not enforced)

$sa_spam_subject_tag = '***SPAM*** ';
$defang_virus  = 1;  # MIME-wrap passed infected mail
$defang_banned = 1;  # MIME-wrap passed mail containing banned name


# OTHER MORE COMMON SETTINGS (defaults may suffice):

$myhostname = 'xxx.xxx.local';
$virus_admin = "postmaster\@$mydomain"; #NDR recipient if virus found


$notify_method  = 'pipe:flags=q argv=/usr/sbin/sendmail -Ac -i -odd -f ${sender} -- ${recipient}';
$forward_method = undef; #must be set like this with sendmail milter

# $final_virus_destiny      = D_DISCARD;
# $final_banned_destiny     = D_BOUNCE;
$final_spam_destiny = D_PASS;
# $final_bad_header_destiny = D_PASS;


I left out the section starting with SOME OTHER VARIABLES WORTH CONSIDERING as none were used.

Thanks,
Shredder

[divisionbyzero]

Either you have a typo in your amavisd-milter.sock path settings or your amavisd-milter has wrong user/permissions settings. Start amavisd-milter with your amavis or vscan user.

Yup. It was a typo in the /etc/mail/sendmail.mc file.

Everything working great now. Thanks.

[GeorgB]

Hy,
I have little problems with the init Script for Suse...
I have to say that I normaly work with exchange and Windows, and so my linux knowhow is very litlle...
if I try

Code: Select all

sudo chkconfig --add amavisd-milter

I receive

Code: Select all

insserv: script amavisd-milter is broken: missing end of LSB comment.
insserv: exiting now!
/sbin/insserv failed, exit code 1
amavisd-milter            0:off  1:off  2:off  3:off  4:off  5:off  6:off


I don't knwo how to search for the failure and im realy looking forward for any hint..

thanks a lot

Georg

[kmcital]

GeorgB, read earlier on in this same thread...question already answered:

Look for ## and change it to #.

It seams that LSB does not accept ##.

Friedmar

[kmcital]

Sorry, I guess I am missing something (new to linux, but can get around usually fine...)

Followed the instructions, but when I try to start spamassasin service, it says it does not exist. Also I notice that users are not created (amavis or clamav).

Tried starting other services, clamd started, but amavisd-milter-start also failed (no such user or user id: amavis).

Scalix 11.0
SuSE 10.1
all prerequisites installed, and read through this thread...

Update: I manually created amavis and clamav accounts, and now service amavisd-milter start results in:

Code: Select all

could not unlink old milter socket /var/spool/amavis/amavisd-milter.sock: Permission deniced

Also, after changing MYDOMAIN to mydomain in amavis.conf then that started up. But still no spamassassin service known on the system and amavisd-milter does not start.

UPDATE2: (sorry) ok...so I missed the sysconfig/amavisd-milter configuration for SUSE to set AMAVISD_MILTER_USER="vscan" ... now amavisd-milter started up.

I'm still wondering about spamassassin service ...

-kmcital

[alfista]

I just got this going on a new Scalix 11 server I plan on doing a migration to. I have two questions:

1 - does the clamav user need to be part of the scalix group? I only got the service router to start once I added it (mapper error 5183)

2 - I assume the clamav-milter is not required to run at startup? It gives errors if it is.

Thanks for the hard work in getting this article going...

regards,

Jason