Difference between revisions of "HowTos/Amavisd"

From Scalix Wiki
Jump to: navigation, search
(Configuring amavisd-new:)
Line 90: Line 90:
 
'''qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],'''
 
'''qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],'''
  
== Initscripts for amavisd* ==
+
== Initscript for amavis & amavisd-milter ==
  
  
 
I've created my own init script to start both amavisd and amavisd-milter as I didn't find the existing one very satisfactory (notably, it would run additional instances of the milter if the 'start' argument was passed and the milter was already running). You can find it, together with a suitable sysconfig file here:
 
I've created my own init script to start both amavisd and amavisd-milter as I didn't find the existing one very satisfactory (notably, it would run additional instances of the milter if the 'start' argument was passed and the milter was already running). You can find it, together with a suitable sysconfig file here:
  
 +
[http://www.redcircleit.com/public/scripts/amavisd-initscript.txt]
 +
 +
[http://www.redcircleit.com/public/scripts/amavisd-sysconfigscript.txt]
  
 
== Configuring sendmail: ==
 
== Configuring sendmail: ==

Revision as of 13:19, 5 May 2006

Introduction

I decided to use amavisd-new on my scalix boxes, partly because I already had a fair bit of experience using it, but also because I like the way it keeps configuration for both virus & spam filtering under one roof (and away from Scalix!). It also (from my admittedly scant reading of the tech notes) gives more comprehensible & finer-grained control of the scanning process & actions.


Prerequesites

You'll obviously need the amavisd-new package, plus spamassassin & clamd to do the spam/virus detection if you haven't already got them.

The gcc & sendmail-devel packages are required to compile amavisd-new milter.


NB: Once amavisd-new & clamd are installed check that the amavis user has been made a member of the clamav group (it shouldn't need to be its primary group) and if not add it with something like:


sudo gpasswd -a amavis clamav

Installing amavisd-milter

Firstly, do NOT install the amavisd-new-milter package - despite the 'new' tag this is a different, older version that lacks the ability to add anything other than a hard-coded 'virus scanned by amavisd-new-milter' to the message headers. As a consequence of this it's pretty useless if you want to sort messages into Spam folders downstream.


As far as I'm aware there's no binary package available for amavisd-milter but it's an easy compile, just grab the source from :http://sourceforge.net/project/showfiles.php?group_id=138169 and do the usual:


cd /usr/local/src && tar xvzf /path/to/amavisd-milter-1.0.4.tar.gz

cd amavisd-milter-1.0.4/

./configure && make && sudo make install


The binary will be installed in /usr/local/sbin

Configuring amavisd-new

The config file for amavisd-new is fairly huge, but don't be put off as most of the values can safely stay at the defaults. The critical ones to add/edit/uncomment/comment are:


$protocol = "AM.PDP"; # Use AM.PDP protocol.

$unix_socketname = "$MYHOME/amavisd.sock"; # uncomment when using sendmail milter.

#$inet_socket_port = 10024; #comment out with milter.

$notify_method = 'pipe:flags=q argv=/usr/sbin/sendmail -Ac -i -odd -f ${sender} -- ${recipient}';

$forward_method = undef; #must be set like this with sendmail milter

Set $mydomain to your domain e.g. $mydomain='example.com'

Set $myhostname to the FQDN of the Scalix host e.g. $myhostname='cosmo.example.com

Set $virusadmin to a sensible value (don't forget to escape the @) e.g. $virusadmin='virusalert\@$mydomain.com'

Set $mailfrom_notify_admin to a sensible value e.g. $virusadmin='virusalert\@$mydomain.com'


This lines below control spamassassin's behaviour. I set the first to undef so that the info headers are always added even if the message is deemed 'ham' (if your box is heavily-loaded you'll probably want to change this after debugging). The second sets the score above which SA will rewrite the subject line, prepending whatever you define with $sa_spam_subject_tag. You'll probably want to leave the next three commented to prevent amavisd-new doing anything extreme with mail until you're comfortable with the setup. Set the last to undef if you want to leave subject lines alone for spam mail.


$sa_tag_level_deflt = undef; # add spam info headers if at, or above that level

$sa_tag2_level_deflt = 3.4; # add 'spam detected' headers at that level

#sa_kill_level_deflt = 6.31; # triggers spam evasive actions

#sa_dsn_cutoff_level = 9; # spam level beyond which a DSN is not sent

#$sa_quarantine_cutoff_level = 20; # spam level beyond which quarantine is off

$sa_spam_subject_tag = '[SPAM] ';


Finally, uncomment the code near the bottom that tells amavis to use the clamd daemon and edit /var/run/clamav/clamd to read /var/run/clamav/clamd.sock (matching the value in /etc/clamav.conf)


### http://www.clamav.net/

['ClamAV-clamd',

\&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd.sock"],

qr/\bOK$/, qr/\bFOUND$/,

qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],

Initscript for amavis & amavisd-milter

I've created my own init script to start both amavisd and amavisd-milter as I didn't find the existing one very satisfactory (notably, it would run additional instances of the milter if the 'start' argument was passed and the milter was already running). You can find it, together with a suitable sysconfig file here:

[1]

[2]

Configuring sendmail:

Backup sendmail.cf & sendmail.mc & then edit sendmail.mc, adding the following two lines at the end of the file:


define(`MILTER', 1)dnl

INPUT_MAIL_FILTER(`milter-amavis', `S=local:/var/amavis/amavisd-milter.sock, F=T, T=S:10m;R:10m;E:10m')dnl


NB: The suggested lines in the amavisd-milter manpage seem a bit broken!


Rebuild sendmail.cf and run omsendin to reinsert the Scalix mods:


su -c "m4 sendmail.mc > sendmail.cf"

sudo omsendin


Virus notification mails are deferred to avoid the the milter being called twice. This means that if amavisd catches an infected mail the 'virusalert' user won't get the notification until the queue is next run, which by default is every hour. Therefore, edit /etc/sysconfig/sendmail & set the queue runner to a reasonably low value at least for debugging, e.g.

QUEUE=1m

Clamd configuration:

NB: Did you check that the 'amavis' user is a member of the 'clamav' group?


Firstly, edit /etc/clamav.conf, [un]commenting or changing:


LocalSocket /var/run/clamav/clamd.sock #Must match value in /etc/amavisd.conf

AllowSupplementaryGroups #Avoids a raft of permission issues!

FixStaleSocket


Then edit /etc/freshclam.conf


UpdateLogFile /var/log/clamav/freshclam.log

PidFile /var/clamav/freshclam.pid

NotifyClamd


Finally, backup /var/opt/sys/smtpd.cfg and then add the line:


SMTPFILTER=TRUE


Start amavisd/amavisd-milter: sudo service amavisd start

Restart sendmail: sudo service sendmail restart

Restart the Sx smtp relay: sudo omoff -d0 smtpd && sudo omon smtpd


Tail /var/log/maillog and try sending clean, virus and spam mails e.g.


mail -s test me@mydoamin < clean.txt

mail -s test me@mydoamin < ecicar.sig

mail -s test me@mydoamin < gtube.txt


Check the headers of your received mails & the mailbox your virus notifications go to & debug.


A word of warning: if you encounter any permission errors when debugging, DO NOT attempt to solve them by changing the permissions on /var/amavis away from 0750 - for security reasons milters insist that the work directory is not world-readable or group-writable.