HowTos/Amavisd
Contents
Introduction
This HOWTO details a setup that uses amavisd to do both spam & virus scanning.
NB: it's not necessary (or wise) to install SA or clamav as per the Scalix docs in addition to this.
I decided to use amavisd-new on my scalix boxes, partly because I already had a fair bit of experience using it, but also because I like the way it keeps configuration for both virus & spam filtering under one roof (and away from Scalix!). It also (from my admittedly scant reading of the tech notes) gives more comprehensible & finer-grained control of the scanning process & actions. Whilst this isn't an 'officially supported' configuration, it is almost identical to the Scalix/Spamass-milter setup (as detailed in the Tech Note) in the way it interfaces with Scalix/Sendmail.
Scalix version tested: CE
Test platforms: FC-4, CentOS 4.
One final note: big thanks to STrRedWolf for the Scalix/Amavisd-New (using Postfix) HOWTO which enabled me to get a working mailscanning setup up & running in the first place! Whilst the postfix setup still has some advantages (easy integration with Mailguard for one) I hope that this HOWTO will give most users the goodness of amavisd without having to use an additional MTA.
Prerequesites
You'll obviously need the amavisd-new package, plus spamassassin & clamd to do the spam/virus detection if you haven't already got them.
The gcc & sendmail-devel packages are required to compile amavisd-milter.
NB: Once amavisd-new & clamd are installed check that the amavis user has been made a member of the clamav group (it shouldn't need to be its primary group) and if not add it with something like:
sudo gpasswd -a amavis clamav
Installing amavisd-milter
Firstly, DO NOT install the amavisd-new-milter binary package - despite the 'new' tag this is a different, older version that lacks the ability to add anything other than a hard-coded 'virus scanned by amavisd-new-milter' to the message headers. As a consequence of this it's pretty useless if you want to sort messages into Spam folders downstream.
As far as I'm aware there's no binary package available for amavisd-milter but it's an quick & easy compile, just grab the source from :http://sourceforge.net/project/showfiles.php?group_id=138169 and do the usual:
cd /usr/local/src && tar xvzf /path/to/amavisd-milter-1.x.x.tar.gz
cd amavisd-milter-1.x.x
./configure && make && sudo make install
Assuming you compiled in /usr/local/src and ran the commands above, the binary will be installed in /usr/local/sbin
Configuring amavisd-new
The config file for amavisd-new is fairly huge, but don't be put off as most of the values can safely stay at the defaults. The critical ones to add/edit/uncomment/comment are:
$protocol = "AM.PDP"; # Use AM.PDP protocol.
$unix_socketname = "$MYHOME/amavisd.sock"; # uncomment when using sendmail milter.
#$inet_socket_port = 10024; #comment out with milter.
$notify_method = 'pipe:flags=q argv=/usr/sbin/sendmail -Ac -i -odd -f ${sender} -- ${recipient}';
$forward_method = undef; #must be set like this with sendmail milter.
$mydomain='example.com #Your domain e.g. example.com
$myhostname='cosmo.example.com #The FQDN of the Scalix host
$virusadmin='virusalert\@$mydomain #The person who should receive the NDR if virus found
$virusadmin='virusalert\@$mydomain #The sender address for the mails above
This lines below control amavisd-new's behaviour according to the SA score. I set the first to undef so that the info headers are always added even if the message is deemed 'ham' (if your box is heavily-loaded you'll probably want to change this after debugging). The second sets the score above which SA will rewrite the subject line, prepending whatever you define with $sa_spam_subject_tag. You'll probably want to leave the next three commented to prevent amavisd-new doing anything extreme with mail until you're comfortable with the setup. Set the last to undef if you want to leave subject lines alone for spam mail.
$sa_tag_level_deflt = undef; # add spam info headers if at, or above that level
$sa_tag2_level_deflt = 3.4; # add 'spam detected' headers at that level
#sa_kill_level_deflt = 6.31; # triggers spam evasive actions
#sa_dsn_cutoff_level = 9; # spam level beyond which a DSN is not sent
#$sa_quarantine_cutoff_level = 20; # spam level beyond which quarantine is off
$sa_spam_subject_tag = '[SPAM] '; # Prepended to the subject line if defined.
Finally, uncomment the code near the bottom that tells amavis to use the clamd daemon and edit the value /var/run/clamav/clamd to read /var/run/clamav/clamd.sock (matching the value in /etc/clamav.conf)
### http://www.clamav.net/
['ClamAV-clamd',
\&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd.sock"],
qr/\bOK$/, qr/\bFOUND$/,
qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
Initscript for amavisd & amavisd-milter
Since originally posting the combined amavisd/milter scripts I've observed that yum has a tendency to stomp on any config files for installed rpms, so I've separated the milter stuff off into a separate script.
http://www.redcircleit.com/public/scripts/amavisd-milter-init.txt
http://www.redcircleit.com/public/scripts/amavisd-milter-sysconfig.txt
Copy these to /etc/init.d/amavisd-milter & /etc/sysconfig/amavsid-milter respectively & do:
sudo chkconfig --add amavisd-milter
The standalone amavisd script/config is here but the default ones installed by the rpm will do just fine.
http://www.redcircleit.com/public/scripts/amavisd-init.txt
http://www.redcircleit.com/public/scripts/amavisd-sysconfig.txt
If you need them copy to /etc/init.d/amavisd & /etc/sysconfig/amavsid respectively & do:
sudo chkconfig --add amavisd
Configuring sendmail
Backup sendmail.cf & sendmail.mc & then edit sendmail.mc, adding the following two lines at the end of the file:
define(`MILTER', 1)dnl
INPUT_MAIL_FILTER(`milter-amavis', `S=local:/var/amavis/amavisd-milter.sock, F=T, T=S:10m;R:10m;E:10m')dnl
NB: The suggested lines in the amavisd-milter manpage seem a bit broken!
Rebuild sendmail.cf and run omsendin to reinsert the Scalix mods:
sudo sh -c "m4 sendmail.mc > sendmail.cf"
sudo omsendin
NB: Virus notification mails are deferred to avoid the the milter being called twice. This means that if amavisd catches an infected mail the '$virusadmin' user won't be sent the notification until the queue is next run, which by default is every hour. Therefore, edit /etc/sysconfig/sendmail & set the queue runner to a reasonably low value at least for debugging, e.g.
QUEUE=1m
Configuring clamd
NB: Did you ensure that the amavis user is a member of the clamav group?
Firstly, edit /etc/clamav.conf, [un]commenting or changing:
#LocalSocket Must match value in /etc/amavisd.conf
LocalSocket /var/run/clamav/clamd.sock
#Only use one connection method or clamd won't start.
#TCPSocket 3310
#The following setting avoids a raft of permission issues!
AllowSupplementaryGroups
FixStaleSocket
Then edit /etc/freshclam.conf
UpdateLogFile /var/log/clamav/freshclam.log
PidFile /var/clamav/freshclam.pid
NotifyClamd
Configuring Scalix
Backup /var/opt/sys/smtpd.cfg and add the following line to the end:
SMTPFILTER=TRUE
Starting it all up
Start spamassassin: sudo service spamassassin start
Start clamd: sudo service clamd start
Start amavisd/amavisd-milter: sudo service amavisd start
Restart sendmail: sudo service sendmail restart
Restart the Scalix SMTP Relay: sudo omoff -d0 smtpd && sudo omon smtpd
Debugging
Tail /var/log/maillog and try sending clean, virus and spam mails e.g.
mail -s test me@example.com < clean.txt
mail -s test me@example.com < eicar.sig
mail -s test me@example.com < gtube.txt
Check the headers of your received mails & the mailbox your virus notifications go to & debug.
NB: If you encounter any permission errors when debugging, DO NOT attempt to solve them by changing the permissions on /var/amavis away from 0750 - for security reasons milters insist that the work directory is not world-readable or group-writable.
