“UbuntuHelp:PostfixAmavisNew”的版本间的差异

2007年12月5日 (三) 12:24的版本

文章出处:

https://help.ubuntu.com/community/PostfixAmavisNew

点击翻译:

English

请不要直接编辑翻译本页，本页将定期与来源同步。

Introduction

In this howto, Postfix integration with amavis-new will be presented. Amavis-new is a wrapper that can call any number of content filtering programs for spam detection, antivirus, etc. In this howto, integration with Spamassassin and Clamav will be presented. This is a classical installation of Postfix + Amavis-new + Spamassassin + Clamav. Please note that the packages amavisd-new, clamav, spamassassin are part of the UniversePackages. That means they will not receive security support from Canonical. You have been warned.

Prerequisite

You should have a functional Postfix server installed. If this is not the case, follow the Postfix guide.

Installation

Activate Universe and Multiverse repositories. Just follow this howto: AddingRepositoriesHowto. We explain why Universe is needed in the introduction; multiverse will be necessary for some compress/uncompress utils. To begin, install (see InstallingSoftware) the following packages:

sudo apt-get install amavisd-new spamassassin clamav-daemon

Install the optional packages for better spam detection (who does not want better spam detection?):

sudo apt-get install libnet-dns-perl libmail-spf-query-perl pyzor razor

Install some compress/uncompress utils. Install the following packages:

sudo apt-get install arj bzip2 cabextract cpio file gzip lha nomarch pax rar unrar unzip unzoo zip zoo

Configuration

Clamav

The default behaviour of Clamav will fit our needs. A daemon is launched (clamd) and signatures are fetched every day. For more Clamav configuration options, check the configuration files in /etc/clamav. Add clamav user to the amavis group in order for Clamav to have access to scan files:

sudo adduser clamav amavis

Spamassassin

Spamasssassin autodetects optional components and will use them if they are present. This means that there is no need to configure dcc-client, pyzor and razor. The fine tuning of Spamassassin rules is beyond the scope of this guide. Please refer to the Spamassassin page. Edit /etc/default/spamassassin to activate the Spamassassin daemon change ENABLED=0 to:

ENABLED=1

Now start Spamassassin:

sudo /etc/init.d/spamassassin start

Amavis

First, activate spam and antivirus detection in Amavis by editing /etc/amavis/conf.d/15-content_filter_mode:

use strict;
# You can modify this file to re-enable SPAM checking through spamassassin
# and to re-enable antivirus checking.
#
# Default antivirus checking mode
# Uncomment the two lines below to enable it
#
@bypass_virus_checks_maps = (
\%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re);
#
# Default SPAM checking mode
# Uncomment the two lines below to enable it
#
@bypass_spam_checks_maps = (
\%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re);
1;  # insure a defined return

Bouncing spam can be a bad idea as the return address is often faked, so it may have your server put on a blacklist. Consider editing /etc/amavis/conf.d/20-debian_defaults to set $final_spam_destiny to D_DISCARD rather than D_BOUNCE, as follows:

$final_spam_destiny       = D_DISCARD;

After configuration Amavis needs to be restarted:

sudo /etc/init.d/amavis restart

Postfix integration

For postfix integration, you only need to edit /etc/postfix/main.cf and add the following line:

content_filter = smtp-amavis:[127.0.0.1]:10024

Next edit /etc/postfix/master.cf and add the following to the end of the file:

smtp-amavis	unix	-	-	-	-	2	smtp
	-o smtp_data_done_timeout=1200
	-o smtp_send_xforward_command=yes
	-o disable_dns_lookups=yes
	-o max_use=20
127.0.0.1:10025	inet	n	-	-	-	-	smtpd
	-o content_filter=
	-o local_recipient_maps=
	-o relay_recipient_maps=
	-o smtpd_restriction_classes=
	-o smtpd_delay_reject=no
	-o smtpd_client_restrictions=permit_mynetworks,reject
	-o smtpd_helo_restrictions=
	-o smtpd_sender_restrictions=
	-o smtpd_recipient_restrictions=permit_mynetworks,reject
	-o smtpd_data_restrictions=reject_unauth_pipelining
	-o smtpd_end_of_data_restrictions=
	-o mynetworks=127.0.0.0/8
	-o smtpd_error_sleep_time=0
	-o smtpd_soft_error_limit=1001
	-o smtpd_hard_error_limit=1000
	-o smtpd_client_connection_count_limit=0
	-o smtpd_client_connection_rate_limit=0
	-o receive_override_options=no_header_body_checks,no_unknown_recipient_checks

Also add the following two lines immediately below the "pickup" transport service:

	 -o content_filter=
	 -o receive_override_options=no_header_body_checks

This will prevent messages that are generated to report on spam from being classified as spam. More information can be found from "README.postfix from amavisd-new" and "D.J.Fan" Reload postfix:

 
sudo /etc/init.d/postfix reload

Now content filtering with spam and virus detection is enabled.

Test

First, test that the amavis SMTP is listening:

telnet localhost 10024
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 [127.0.0.1] ESMTP amavisd-new service ready
^]

Check on your /var/log/mail.log that everything goes well. If you raise the log level, you can check every step of the content filtering: spam check, virus check, etc. Don't forget to lower the log level after your checks! On messages that go through the content filter you should see:

X-Spam-Level: 
X-Virus-Scanned: Debian amavisd-new at example.com
X-Spam-Status: No, hits=-2.3 tagged_above=-1000.0 required=5.0 tests=AWL, BAYES_00
X-Spam-Level:

Troubleshooting

If the filtering is not happening, adding the following to /etc/amavis/conf.d/50-user may help:

@local_domains_acl = ( ".$mydomain" );

If you receive mail for other domains, add them to the list. This information was obtained from the Amavis-New FAQ here. If you see the following error in /var/log/syslog when amavisd is trying to scan a message: amavis[30807]: (30807-01) (!!) ask_av (ClamAV-clamd) FAILED - unexpected result: /var/lib/amavis/tmp/amavis-20070615T125025-30807/parts: lstat() failed. ERROR\n Try changing the permissions on /var/lib/amavis/tmp:

chmod -R 775 /var/lib/amavis/tmp

Another way to trouble shoot errors associated with Amavisd-new, Spamassassin, Postfix, or Clamav is to restart all the services with Amavisd-new being the last one to start:

sudo /etc/init.d/postfix restart
sudo /etc/init.d/spamassassin restart
sudo /etc/init.d/clamav-daemon restart
sudo /etc/init.d/amavis restart

Then check /var/log/mail.log and see if the error has gone away.
Note: This guide has been tested on Ubuntu 7.10 (Gutsy Gibbon).

@@ 第3行： / 第3行： @@
 == Introduction ==
 In this howto, Postfix integration with amavis-new will be presented. Amavis-new is a wrapper that can call any number of content filtering programs for spam detection, antivirus, etc. In this howto, integration with Spamassassin and Clamav will be presented. This is a classical installation of Postfix + Amavis-new + Spamassassin + Clamav.
-Please note that the packages <code><nowiki>amavisd-new</nowiki></code>, <code><nowiki>clamav</nowiki></code>, <code><nowiki>spamassassin</nowiki></code> are part of the [[UbuntuHelp:UniversePackages]]. That means they will not receive security support from Canonical. You have been warned.
+Please note that the packages <code><nowiki>amavisd-new</nowiki></code>, <code><nowiki>clamav</nowiki></code>, <code><nowiki>spamassassin</nowiki></code> are part of the [[UbuntuHelp:UniversePackages|UniversePackages]]. That means they will not receive security support from Canonical. You have been warned.
 == Prerequisite ==
-You should have a functional Postfix server installed. If this is not the case, follow the [[UbuntuHelp:Postfix]] guide.
+You should have a functional Postfix server installed. If this is not the case, follow the [[UbuntuHelp:Postfix|Postfix]] guide.
 == Installation ==
-Activate Universe and Multiverse repositories. Just follow this howto: [[UbuntuHelp:AddingRepositoriesHowto]]. We explain why Universe is needed in the introduction; multiverse will be necessary for some compress/uncompress utils.
+Activate Universe and Multiverse repositories. Just follow this howto: [[UbuntuHelp:AddingRepositoriesHowto|AddingRepositoriesHowto]]. We explain why Universe is needed in the introduction; multiverse will be necessary for some compress/uncompress utils.
 To begin, install (see [[UbuntuHelp:InstallingSoftware|InstallingSoftware]]) the following packages:
 <pre><nowiki>
@@ 第29行： / 第29行： @@
 === Spamassassin ===
 Spamasssassin autodetects optional components and will use them if they are present. This means that there is no need to configure <code><nowiki>dcc-client</nowiki></code>, <code><nowiki>pyzor</nowiki></code> and <code><nowiki>razor</nowiki></code>.
-The fine tuning of Spamassassin rules is beyond the scope of this guide. Please refer to the [[UbuntuHelp:Spamassassin]] page.
+The fine tuning of Spamassassin rules is beyond the scope of this guide. Please refer to the [[UbuntuHelp:Spamassassin|Spamassassin]] page.
 Edit <code><nowiki>/etc/default/spamassassin</nowiki></code> to activate the Spamassassin daemon change ''ENABLED=0'' to:
 <pre><nowiki>
@@ 第135行： / 第135行： @@
 If you receive mail for other domains, add them to the list.  This information was obtained from the Amavis-New FAQ [http://www.ijs.si/software/amavisd/#faq-spam here].
 If you see the following error in /var/log/syslog when amavisd is trying to scan a message:
-<code><nowiki>amavis[30807]: (30807-01) (!!) ask_av ([[UbuntuHelp:ClamAV|ClamAV]]-clamd) FAILED - unexpected result: /var/lib/amavis/tmp/amavis-20070615T125025-30807/parts: lstat() failed. ERROR\n</nowiki></code>
+<code><nowiki>amavis[30807]: (30807-01) (!!) ask_av (ClamAV-clamd) FAILED - unexpected result: /var/lib/amavis/tmp/amavis-20070615T125025-30807/parts: lstat() failed. ERROR\n</nowiki></code>
 Try changing the permissions on <code><nowiki>/var/lib/amavis/tmp</nowiki></code>:
 <pre><nowiki>

个人工具

“UbuntuHelp:PostfixAmavisNew”的版本间的差异 - Ubuntu中文

搜索

导航

编辑

工具