UbuntuHelp:PostfixAmavisNew
来自Ubuntu中文
 |
点击翻译: |
English |
请不要直接编辑翻译本页,本页将定期与来源同步。 |
目录
Introduction
In this howto, Postfix integration with amavis-new will be presented. Amavis-new is a wrapper that can call any number of content filtering programs for spam detection, antivirus, etc. In this howto, integration with Spamassassin and Clamav will be presented. This is a classical installation of Postfix + Amavis-new + Spamassassin + Clamav.
Please note that the packages amavisd-new, clamav, spamassassin are part of the UbuntuHelp:UniversePackages. That means they will not receive security support from Canonical. You have been warned.
Prerequisite
You should have a functional Postfix server installed. If this is not the case, follow the UbuntuHelp:Postfix guide.
Installation
Activate Universe and Multiverse repositories. Just follow this howto: UbuntuHelp:AddingRepositoriesHowto. We explain why Universe is needed in the introduction; multiverse will be necessary for some compress/uncompress utils.
To begin, install (see InstallingSoftware) the following packages:
sudo apt-get install amavisd-new spamassassin clamav-daemon
Install the optional packages for better spam detection (who does not want better spam detection?):
sudo apt-get install libnet-dns-perl libmail-spf-query-perl pyzor razor
Install some compress/uncompress utils. Install the following packages:
sudo apt-get install arj bzip2 cabextract cpio file gzip lha nomarch pax rar unrar unzip unzoo zip zoo
Configuration
Clamav
The default behaviour of Clamav will fit our needs. A daemon is launched (clamd) and signatures are fetched every day. For more Clamav configuration options, check the configuration files in /etc/clamav.
Add clamav user to the amavis group in order for Clamav to have access to scan files:
sudo adduser clamav amavis
Spamassassin
Spamasssassin autodetects optional components and will use them if they are present. This means that there is no need to configure dcc-client, pyzor and razor.
The fine tuning of Spamassassin rules is beyond the scope of this guide. Please refer to the UbuntuHelp:Spamassassin page.
Edit /etc/default/spamassassin to activate the Spamassassin daemon change ENABLED=0 to:
ENABLED=1
Now start Spamassassin:
sudo /etc/init.d/spamassassin start
Amavis
First, activate spam and antivirus detection in Amavis by editing /etc/amavis/conf.d/15-content_filter_mode:
use strict; # You can modify this file to re-enable SPAM checking through spamassassin # and to re-enable antivirus checking. # # Default antivirus checking mode # Uncomment the two lines below to enable it # @bypass_virus_checks_maps = ( \%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re); # # Default SPAM checking mode # Uncomment the two lines below to enable it # @bypass_spam_checks_maps = ( \%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re); 1; # insure a defined return
Bouncing spam can be a bad idea as the return address is often faked, so it may have your server put on a blacklist. Consider editing /etc/amavis/conf.d/20-debian_defaults to set $final_spam_destiny to D_DISCARD rather than D_BOUNCE, as follows:
$final_spam_destiny = D_DISCARD;
After configuration Amavis needs to be restarted:
sudo /etc/init.d/amavis restart
Postfix integration
For postfix integration, you only need to edit /etc/postfix/main.cf and add the following line:
content_filter = smtp-amavis:[127.0.0.1]:10024
Next edit /etc/postfix/master.cf and add the following to the end of the file:
smtp-amavis unix - - - - 2 smtp -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes -o max_use=20 127.0.0.1:10025 inet n - - - - smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_delay_reject=no -o smtpd_client_restrictions=permit_mynetworks,reject -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_data_restrictions=reject_unauth_pipelining -o smtpd_end_of_data_restrictions= -o mynetworks=127.0.0.0/8 -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 -o smtpd_client_connection_count_limit=0 -o smtpd_client_connection_rate_limit=0 -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks
Also add the following two lines immediately below the "pickup" transport service:
-o content_filter= -o receive_override_options=no_header_body_checks
This will prevent messages that are generated to report on spam from being classified as spam.
More information can be found from "README.postfix from amavisd-new" and "D.J.Fan"
Reload postfix:
sudo /etc/init.d/postfix reload
Now content filtering with spam and virus detection is enabled.
Test
First, test that the amavis SMTP is listening:
telnet localhost 10024 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. 220 [127.0.0.1] ESMTP amavisd-new service ready ^]
Check on your /var/log/mail.log that everything goes well. If you raise the log level, you can check every step of the content filtering: spam check, virus check, etc. Don't forget to lower the log level after your checks!
On messages that go through the content filter you should see:
X-Spam-Level: X-Virus-Scanned: Debian amavisd-new at example.com X-Spam-Status: No, hits=-2.3 tagged_above=-1000.0 required=5.0 tests=AWL, BAYES_00 X-Spam-Level:
Troubleshooting
If the filtering is not happening, adding the following to /etc/amavis/conf.d/50-user may help:
@local_domains_acl = ( ".$mydomain" );
If you receive mail for other domains, add them to the list. This information was obtained from the Amavis-New FAQ here.
If you see the following error in /var/log/syslog when amavisd is trying to scan a message:
amavis[30807]: (30807-01) (!!) ask_av (ClamAV-clamd) FAILED - unexpected result: /var/lib/amavis/tmp/amavis-20070615T125025-30807/parts: lstat() failed. ERROR\n
Try changing the permissions on /var/lib/amavis/tmp:
chmod -R 775 /var/lib/amavis/tmp
Another way to trouble shoot errors associated with Amavisd-new, Spamassassin, Postfix, or Clamav is to restart all the services with Amavisd-new being the last one to start:
sudo /etc/init.d/postfix restart sudo /etc/init.d/spamassassin restart sudo /etc/init.d/clamav-daemon restart sudo /etc/init.d/amavis restart
Then check /var/log/mail.log and see if the error has gone away.
Note: This guide has been tested on Ubuntu 7.10 (Gutsy Gibbon).
