5.4. Amavisd-new

In this section, we will configure Amavisd-new, which acts as an interface between the mail server (SMTP service), the anti-virus (ClamAv) and the anti-spam (SpamAssassin).

For spam detection, Amavisd-new uses the SpamAssassin library to give each incoming email a score. The score represents the probability that the mail is spam and a mail with a high score means that the chances of it being spam are high. In our system, mail with a score below 5.0 is considered clean and is accepted for delivery, mail with a score between 5.0 and 10.0 is considered likely to be spam and is put into quarantine (in the directory /var/spool/amavisd/quarantine/spam) and mail with a score above 10.0 is considered to definitely be spam and is rejected.

For virus detection, Amavisd-new uses the clamav daemon to detect if a message contains a virus. If the mail contain archives, those are decoded by an external command (i.e.: zip, rar, gunzip, etc.). If a virus is found, the mail is put into quarantine.

If the message is considered clean and does not contain any viruses, Amavisd-new forwards the mail to a second Postfix interface (through the socket 127.0.0.1:10025).

A message in quarantine can be released by the utility amavisd-release.

5.4.1. Distribution-based information

Here is the complete list of recommended RPM (RedHat Package Manager) packages to install for the full mail system:

Recommended Linux-based operating systems are the following:

Table 5-6. Amavisd-new on CentOS

PackageAmavisd-new
Useramavis
Configuration/etc/amavisd/amavisd.conf
Socket127.0.0.1:10024, unix:/var/spool/amavisd/amavisd.sock
PID/var/run/amavisd/amavisd.run
LogSyslog:MAIL aka /var/log/maillog
Home/var/spool/amavisd

Table 5-7. Amavisd-new on Debian

PackageAmavisd-new
Useramavis
Configuration/etc/amavis/conf.d/*
Socket127.0.0.1:10024, unix:/var/spool/amavisd/amavisd.sock
PID/var/run/amavisd/amavisd.run
Log/var/log/syslog
Home/var/lib/amavis

5.4.2. Installation

NOTE: Once Amavisd-new has been installed, amavis user and group is created. To prevent access permission errors between ClamAv and Amavisd-new, please add amavis user to the clamav group and vice versa.

5.4.2.1. Installing Amavisd-new on CentOS

Use the following command:

yum install amavisd-new

5.4.2.2. Installing Amavisd-new on Debian

Use the following command:

# apt-get update

# apt-get upgrade

# apt-get install amavisd-new

5.4.3. Configuration

5.4.3.1. Configuring Postfix

Before configuring Amavisd-new, we must update the configuration of Postfix (defined in Chapter 5 Section 1: SMTP service) to spawn two instances of Postfix. We will change the configuration of the first instance of Postfix to forward mails to Amavisd-new which listens to 127.0.0.1:10024. The second instance of Postfix will listen to the socket 127.0.0.1:10025, get mails from Amavisd-new and accept them for delivery.

To forward mails from the first instance of Postfix to amavisd-new, we must add the following lines at the end of /etc/postfix/main.cf:

## Check for spam through amavisd-new (which will use ClamAV and SpamAssassin)
content_filter = smtp-amavis:[127.0.0.1]:10024

To spawn a second instance of Postfix, we append the following lines at the end of /etc/postfix/master.cf:

# ====================================================================
# Amavis
smtp-amavis     unix -        -       n     -       2  smtp
  -o smtp_data_done_timeout=1200
  -o smtp_send_xforward_command=yes

127.0.0.1:10025 inet n        -       n     -       -  smtpd
  -o content_filter=
  -o local_recipient_maps=
  -o relay_recipient_maps=
  -o smtpd_restriction_classes=
  -o smtpd_client_restrictions=
  -o smtpd_helo_restrictions=
  -o smtpd_sender_restrictions=
  -o smtpd_recipient_restrictions=permit_mynetworks,reject
  -o mynetworks=127.0.0.0/8
  -o strict_rfc821_envelopes=yes
  -o smtpd_error_sleep_time=0
  -o smtpd_soft_error_limit=1001
  -o smtpd_hard_error_limit=1000
# ====================================================================

This configuration defines a new instance of Postfix which listens to 127.0.0.1:10025 and resets most of the parameters defined in /etc/postfix/main.cf for this second instance.

5.4.3.2. Configuring Amavisd-new

We expalin the configuration file of Amavisd-new at /etc/amavisd/amavisd.conf. Because of its size it is divided into separate blocks.

The organisation of the Amavisd-new service in Debian is completely different. It has eight files, of which /etc/amavis/conf.d/50-user is the file to site-specific modification or customisation. By default, it is the last configuration file to be read, and its modifications overwrite all those defined in the other configuration files.

First, to enable the ClamAv and SpamAssassin services in /etc/amavis/conf.d/15-content_filter_mode, uncomment the @bypass_virus_checks_maps and @bypass_spam_checks_maps options:

# vi /etc/amavis/conf.d/15-content_filter_mode

Its content should look like:

@bypass_virus_checks_maps = (

\%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re);

@bypass_spam_checks_maps = (

\%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re);

Finally you should adjust settings and actions in /etc/amavis/conf.d/50-user for e-mails with spam and/or viruses:

# vi /etc/amavis/conf.d/50-user

For modifying e-mail addresses you should add the following to the configuration file:

# Administrator addresses

$virus_admin = "admins\@onelab.eu";

$spam_admin = "admins\@onelab.eu";

# Sender envelope address, from which notification reports are sent from

$mailfrom_notify_admin = "postmaster\@onelab.eu";

$mailfrom_notify_recip = "postmaster\@onelab.eu";

$mailfrom_notify_spamadmin = "postmaster\@onelab.eu";

# 'From' HEADER FIELD for sender and admin notifications.

$hdrfrom_notify_sender = "Content-filter ";

$hdrfrom_notify_admin = $mailfrom_notify_admin;

$hdrfrom_notify_spamadmin = $mailfrom_notify_spamadmin;

For quarantine directories, change the following:

$spam_quarantine_bysender_to

This is a new feature that is disabled by default:

$spam_quarantine_bysender_to = 'spam-quarantine';

You should also change the default values of tag2 level ($sa_tag2_level_deflt) and kill level ($sa_kill_level_deflt) for the spam selection procedure. By default they are about 6.31, and if you reduce them, your spam selection procedure becomes more restrictive:

$sa_tag2_level_deflt = 5; # add 'spam detected' headers at that level

$sa_kill_level_deflt = 5; # triggers spam evasive actions

The final modification is related to white- and blacklists. For them, you should add the following lines to the configuration file:

# White/Blacklists

read_hash(\%whitelist_sender, '/etc/mail/whitelist');

read_hash(\%blacklist_sender, '/etc/mail/blacklist');

And that's all. In general, the default configuration meets our requirements.

In this first part we define general parameters, such as the main domain name, the user and group which will run the service, some of the paths used in the configuration file, etc:

use strict;

### Section I: Essential daemon and MTA settings ###
# Amavisd Home directory
$MYHOME = '/var/spool/amavisd';

# Domain to be scanned 

$mydomain = 'onelab.eu';  

# Change 

# Set the user and group to which the daemon will change if started as root 

$daemon_user = 'amavis'; 

$daemon_group = 'amavis'; 

# Runtime working directory (cwd), and a place where temporary directories for 

# unpacking mail are created (Use RAMDISK for speedup). 

$TEMPBASE = "$MYHOME/tmp"; $ENV{TMPDIR} = $TEMPBASE; 

# Some paths 

$pid_file = "/var/run/amavisd/amavisd.pid"; 

$lock_file = "/var/run/amavisd/amavisd.lock"; 

$path = '/usr/sbin:/sbin:/usr/bin:/bin';

This part allows us to easily tweak the behaviour of the service:

  • Comment out the bypass_virus_checks_maps line to bypass mail scan for viruses.

  • Comment out the bypass_spam_checks_maps line to bypass mail scan for spam.

  • Comment out the bypass_decode_parts line to bypass the decompression of mail attachments to scan them for viruses/spam.

# Uncomment to bypass some check: virus, spam or attachment decoding
#@bypass_virus_checks_maps = (1);  # controls running of anti-virus code
#@bypass_spam_checks_maps  = (1);  # controls running of anti-spam code
#$bypass_decode_parts = 1;         # controls running of decoders&dearchivers

This part states that clean mails accepted to delivery must be forwarded to our second Postfix box (on the global schema) which listens to 127.0.0.1:10025:

# SMTP forward
$forward_method = 'smtp:[127.0.0.1]:10025';  # where to forward checked mail
$notify_method  = $forward_method;           # where to submit notifications

This is the list of virtual domains. It must reflect the list of virtual domains defined in the Postfix configuration: /etc/postfix/main.cf (see Chapter 5 Section 1: SMTP service):

# Domains accepted for checking
@local_domains_maps = ( [".onelab.eu", ".planet-lab.eu"] );

This part defines two sockets:

  1. A unix socket located at /var/spool/amavisd/amavisd.sock which will be used by the amavisd-release utility to release mail put into quarantine.

  2. A inet socket located at 127.0.0.1:10024 which will be used by the first instance of Postfix to forward mails.

### Section 2: MTA settings ###
# Create a unix socket for amavisd. It will be used by 'amavisd-release' to
# release spams put into quarantaine.
$interface_policy{'SOCK'} = 'AM.PDP-SOCK';
$policy_bank{'AM.PDP'} = {protocol=>'AM.PDP'};

# Necessary?
$policy_bank{'AM.PDP-SOCK'} = {
  protocol => 'AM.PDP',  # Amavis policy delegation protocol
  auth_required_release => 0,  # do not require secret_id for amavisd-release
};

# Unix socket: used to release spam with amavisd-release
$unix_socketname = "/var/spool/amavisd/amavisd.sock";

# Socket to listen connexion from MTA: localhost:10024
$inet_socket_port = 10024;
@inet_acl = qw(127.0.0.1 [::1]);

Logging:

### Section 3: loggings ###
# Use Syslog to log
$DO_SYSLOG = 1;
$syslog_ident = 'amavis';     # Syslog ident string
$syslog_facility = 'mail';    # Syslog facility as a string
$syslog_priority = 'info';    # Syslog base (minimal) priority as a string

#NOTE: levels are not strictly observed and are somewhat arbitrary
# 0: startup/exit/failure messages, viruses detected
# 1: args passed from client, some more interesting messages
# 2: virus scanner output, timing
# 3: server, client
# 4: decompose parts
# 5: more debug details
$log_level = 0;

This part defines some actions to take regarding viruses, spam, banned mails (not used) or mails with a bad header:

  • D_DISCARD means that nothing is done.

  • D_BOUNCE means that a notification is sent to the sender of the mails.

  • D_PASS means that the mail is accepted for delivery.

### Section 4: notification/DSN, bounce/reject/discard/pass, quarantine ###
$final_virus_destiny      = D_DISCARD;          # Discard virus
$final_spam_destiny       = D_DISCARD;          # Discard spams
$final_banned_destiny     = D_BOUNCE;           # Bounce banned email
$final_bad_header_destiny = D_PASS;              # Bounce email with bad headers

This part defines some email addresses to notify when a virus/spam is detected:

# Administrator addresses
$virus_admin = "admins\@onelab.eu";
$spam_admin  = "admins\@onelab.eu";

# Sender envelope address, from which notification reports are sent from
$mailfrom_notify_admin     = "postmaster\@onelab.eu";
$mailfrom_notify_recip     = "postmaster\@onelab.eu";
$mailfrom_notify_spamadmin = "postmaster\@onelab.eu";

# 'From' HEADER FIELD for sender and admin notifications.
$hdrfrom_notify_sender    = "Content-filter <postmaster\@onelab.eu>";
$hdrfrom_notify_admin     = $mailfrom_notify_admin;
$hdrfrom_notify_spamadmin = $mailfrom_notify_spamadmin;

This part defines quarantine, where mails with a virus or considered as spam will be put:

  • Viruses will be put into /var/spool/amavisd/quarantine/virus

  • Spam will be put into /var/spool/amavisd/quarantine/spam

# Quarantine
$QUARANTINEDIR = "$MYHOME/quarantine";
# Separate quarantine subdirectories virus, spam, banned and badh within the
# directory $QUARANTINEDIR
#$clean_quarantine_method        = 'local:clean/%m';#don't quarantine clean mail
$virus_quarantine_method        = 'local:virus/%m';
$spam_quarantine_method         = 'local:spam/%m.gz';
$banned_files_quarantine_method = 'local:banned/%m';
#$bad_header_quarantine_method   = 'local:badh/%m'; #no quarantine for bad header

$virus_quarantine_to      = 'virus-quarantine';      # local quarantine
$banned_quarantine_to     = 'banned-quarantine';     # local quarantine
$bad_header_quarantine_to = 'bad-header-quarantine'; # local quarantine
$spam_quarantine_to       = 'spam-quarantine';       # local quarantine

This part defines what action to take based on the score that SpamAssassin gives an e-mail:

  • Below 2.0, accept the e-mail as clean.

  • Between 2.0 and 5.0, accept the e-mail as clean but add it a spam info header.

  • Between 5.0 and 10.0, the e-mail is considered as a spam and put into quarantine.

  • Above 10.0, the e-mail is simply deleted.

### Section 7: External programs, virus scanners ###
# ...
# SpamAssassin settings
$sa_local_tests_only = 0;     # only tests which do not require internet access?
#$sa_mail_body_size_limit = 400*1024; # don't waste time on SA if mail is large
                                      # (undef = no limitations)
$sa_tag_level_deflt  = 2.0;  # add spam info headers if at, or above that level
#$sa_tag_level_deflt  = undef; # Always add a spam info header
$sa_tag2_level_deflt = 5;     # add 'spam detected' headers at that level
$sa_kill_level_deflt = 5;     # triggers spam evasive actions at or above that
                              # level: discard, quarantine and send notification
$sa_dsn_cutoff_level = 10;    # spam level beyond which a DSN is not sent,
                              # effectively turning D_BOUNCE into D_DISCARD;

This part defines the anti-virus to use to scan e-mails, ClamAV:

# ClamAV-clamd settings
@av_scanners = (
['ClamAV-clamd',
  \&ask_daemon, ["CONTSCAN {}\n", "/var/spool/amavisd/clamd.sock"],
  qr/\bOK$/, qr/\bFOUND$/,
  qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
);

This part defines two files:

  • /etc/mail/whitelist which is a list of mail servers from which e-mails are always accepted.

  • /etc/mail/blacklist which is a list of mail servers from which e-mails are always rejected.

# White/Blacklists
read_hash(\%whitelist_sender, '/etc/mail/whitelist');
read_hash(\%blacklist_sender, '/etc/mail/blacklist');

This part defines a list of decoders to decode attachments based on the attachment type. The following shows its default configuration:

### Decoders ###
@decoders = (
  ['mail', \&do_mime_decode],
  ['asc',  \&do_ascii],
  ['uue',  \&do_ascii],
  ['hqx',  \&do_ascii],
  ['ync',  \&do_ascii],
  ['F',    \&do_uncompress, ['unfreeze','freeze -d','melt','fcat'] ],
  ['Z',    \&do_uncompress, ['uncompress','gzip -d','zcat'] ],
  ['gz',   \&do_uncompress,  'gzip -d'],
  ['gz',   \&do_gunzip],
  ['bz2',  \&do_uncompress,  'bzip2 -d'],
  ['lzo',  \&do_uncompress,  'lzop -d'],
  ['rpm',  \&do_uncompress, ['rpm2cpio.pl','rpm2cpio'] ],
  ['cpio', \&do_pax_cpio,   ['pax','gcpio','cpio'] ],
  ['tar',  \&do_pax_cpio,   ['pax','gcpio','cpio'] ],
  ['tar',  \&do_tar],
  ['deb',  \&do_ar,          'ar'],
# ['a',    \&do_ar,          'ar'],  # unpacking .a seems an overkill
  ['zip',  \&do_unzip],
  ['rar',  \&do_unrar,      ['rar','unrar'] ],
  ['arj',  \&do_unarj,      ['arj','unarj'] ],
  ['arc',  \&do_arc,        ['nomarch','arc'] ],
  ['zoo',  \&do_zoo,        ['zoo','unzoo'] ],
  ['lha',  \&do_lha,         'lha'],
# ['doc',  \&do_ole,         'ripole'],
  ['cab',  \&do_cabextract,  'cabextract'],
  ['tnef', \&do_tnef_ext,    'tnef'],
  ['tnef', \&do_tnef],
# ['sit',  \&do_unstuff,     'unstuff'],  # broken/unsafe decoder
  ['exe',  \&do_executable, ['rar','unrar'], 'lha', ['arj','unarj'] ],
);

The following shows the rest of the file with default configurations:

### OTHER SETTINGS ###
@keep_decoded_original_maps = (new_RE(
# qr'^MAIL$',   # retain full original message for virus checking (can be slow)
  qr'^MAIL-UNDECIPHERABLE$', # recheck full mail if it contains undecipherables
  qr'^(ASCII(?! cpio)|text|uuencoded|xxencoded|binhex)'i,
# qr'^Zip archive data',     # don't trust Archive::Zip
));

$banned_filename_re = new_RE(
### BLOCKED ANYWHERE
# qr'^UNDECIPHERABLE$',  # is or contains any undecipherable components
  qr'^\.(exe-ms|dll)$',                   # banned file(1) types, rudimentary
# qr'^\.(exe|lha|tnef|cab|dll)$',         # banned file(1) type

### BLOCK THE FOLLOWING, EXCEPT WITHIN UNIX ARHIVES:
# [ qr'^\.(gz|bz2)$'             => 0 ],  # allow any in gzip or bzip2
  [ qr'^\.(rpm|cpio|tar)$'       => 0 ],  # allow any in Unix-type archives

  qr'.\.(pif|scr)$'i,                     # banned extensions - rudimentary
# qr'^\.zip$',

### BLOCK THE FOLLOWING, EXCEPT WITHIN ARHIVES:
# [ qr'^\.(zip|rar|arc|arj|zoo)$'=> 0 ],  # allow any within these archives

  qr'^application/x-msdownload$'i,        # block these MIME types
  qr'^application/x-msdos-program$'i,
  qr'^application/hta$'i,

# qr'^message/partial$'i,         # rfc2046 MIME type
# qr'^message/external-body$'i,   # rfc2046 MIME type

# qr'^(application/x-msmetafile|image/x-wmf)$'i,  # Windows Metafile MIME type
# qr'^\.wmf$',                            # Windows Metafile file(1) type

  # block certain double extensions in filenames
  qr'\.[^./]*[A-Za-z][^./]*\.\s*(exe|vbs|pif|scr|bat|cmd|com|cpl|dll)[.\s]*$'i,

# qr'\{[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}\}?'i, # Class ID CLSID, strict
# qr'\{[0-9a-z]{4,}(-[0-9a-z]{4,}){0,7}\}?'i, # Class ID extension CLSID, loose

  qr'.\.(exe|vbs|pif|scr|cpl)$'i,             # banned extension - basic
# qr'.\.(exe|vbs|pif|scr|cpl|bat|cmd|com)$'i, # banned extension - basic+cmd
# qr'.\.(ade|adp|app|bas|bat|chm|cmd|com|cpl|crt|emf|exe|fxp|grp|hlp|hta|
#        inf|ins|isp|js|jse|lnk|mda|mdb|mde|mdw|mdt|mdz|msc|msi|msp|mst|
#        ops|pcd|pif|prg|reg|scr|sct|shb|shs|vb|vbe|vbs|
#        wmf|wsc|wsf|wsh)$'ix,  # banned ext - long

# qr'.\.(mim|b64|bhx|hqx|xxe|uu|uue)$'i,  # banned extension - WinZip vulnerab.
);
# See http://support.microsoft.com/default.aspx?scid=kb;EN-US;q262631
# and http://www.cknow.com/vtutor/vtextensions.htm

### ENVELOPE SENDER SOFT-WHITELISTING / SOFT-BLACKLISTING ###
@score_sender_maps = ({ # a by-recipient hash lookup table,
                        # results from all matching recipient tables are summed
  ## site-wide opinions about senders (the '.' matches any recipient)
  '.' => [  # the _first_ matching sender determines the score boost
   new_RE(  # regexp-type lookup table, just happens to be all soft-blacklist
    [qr'^(bulkmail|offers|cheapbenefits|earnmoney|foryou)@'i         => 5.0],
    [qr'^(greatcasino|investments|lose_weight_today|market\.alert)@'i=> 5.0],
    [qr'^(money2you|MyGreenCard|new\.tld\.registry|opt-out|opt-in)@'i=> 5.0],
    [qr'^(optin|saveonlsmoking2002k|specialoffer|specialoffers)@'i   => 5.0],
    [qr'^(stockalert|stopsnoring|wantsome|workathome|yesitsfree)@'i  => 5.0],
    [qr'^(your_friend|greatoffers)@'i                                => 5.0],
    [qr'^(inkjetplanet|marketopt|MakeMoney)\d*@'i                    => 5.0],
   ),

#  read_hash("/var/amavis/sender_scores_sitewide"),

   { # a hash-type lookup table (associative array)
     'nobody@cert.org'                        => -3.0,
     'cert-advisory@us-cert.gov'              => -3.0,
     'owner-alert@iss.net'                    => -3.0,
     'slashdot@slashdot.org'                  => -3.0,
     'securityfocus.com'                      => -3.0,
     'ntbugtraq@listserv.ntbugtraq.com'       => -3.0,
     'security-alerts@linuxsecurity.com'      => -3.0,
     'mailman-announce-admin@python.org'      => -3.0,
     'amavis-user-admin@lists.sourceforge.net'=> -3.0,
     'amavis-user-bounces@lists.sourceforge.net' => -3.0,
     'spamassassin.apache.org'                => -3.0,
     'notification-return@lists.sophos.com'   => -3.0,
     'owner-postfix-users@postfix.org'        => -3.0,
     'owner-postfix-announce@postfix.org'     => -3.0,
     'owner-sendmail-announce@lists.sendmail.org'   => -3.0,
     'sendmail-announce-request@lists.sendmail.org' => -3.0,
     'donotreply@sendmail.org'                => -3.0,
     'ca+envelope@sendmail.org'               => -3.0,
     'noreply@freshmeat.net'                  => -3.0,
     'owner-technews@postel.acm.org'          => -3.0,
     'ietf-123-owner@loki.ietf.org'           => -3.0,
     'cvs-commits-list-admin@gnome.org'       => -3.0,
     'rt-users-admin@lists.fsck.com'          => -3.0,
     'clp-request@comp.nus.edu.sg'            => -3.0,
     'surveys-errors@lists.nua.ie'            => -3.0,
     'emailnews@genomeweb.com'                => -5.0,
     'yahoo-dev-null@yahoo-inc.com'           => -3.0,
     'returns.groups.yahoo.com'               => -3.0,
     'clusternews@linuxnetworx.com'           => -3.0,
     lc('lvs-users-admin@LinuxVirtualServer.org')    => -3.0,
     lc('owner-textbreakingnews@CNNIMAIL12.CNN.COM') => -5.0,

     # soft-blacklisting (positive score)
     'sender@example.net'                     =>  3.0,
     '.example.net'                           =>  1.0,

   },
  ],  # end of site-wide tables
});

1;      # insure a defined return

5.4.4. Further adjustments

5.4.4.1. How to add a virtual domain

To add a virtual domain to the mail server, for example, one-lab.org, edit the virtual_mailbox_domains parameter in the /etc/postfix/main.cf file and reload Postfix (service postfix reload):

virtual_mailbox_domains = onelab.eu planet-lab.eu one-lab.org

Edit the local_domains_maps parameter in the /etc/amavisd/amavisd.conf file and restart Amavisd (service amavisd reload):

@local_domains_maps = ( [".onelab.eu", ".planet-lab.eu", "one-lab.org"] );

Add default aliases in the virtual aliases files at /etc/mail/virtual_alias and regenerate the aliases (postmap /etc/mail/virtual_alias):

# one-lab.org
root@one-lab.org                xavier.cuvellier@lip6.fr
postmaster@one-lab.org          xavier.cuvellier@lip6.fr
abuse@one-lab.org               xavier.cuvellier@lip6.fr
webmaster@one-lab.org           xavier.cuvellier@lip6.fr

And don't forget to add an MX field in the DNS server for the one-lab.org domain.

5.4.4.2. How to release an e-mail put into quarantine

When a mail is put into quarantine, the administrators (admins@onelab.eu by default) receive a notification e-mail. If the mail put into quarantine is a false positive (not spam and contains no virus), you can release it with the utility amavisd-release:

# amavisd-release spam/<spam-file>  (for spam)
# amavisd-release virus/<virus-file>  (for a virus)

5.4.5. Additional notes for use in Debian 4

When you first launch Amavisd-new service, please stop running all other packages related to SMTP service:

# /etc/init.d/postfix stop

# /etc/init.d/clamav-daemon stop

# /etc/init.d/clamav-freshclam stop

# /etc/init.d/postgrey stop

Then start again one by one leaving the Amavisd-new service to last, and pay close attention to /var/log/syslog output. Log messages about lack of memory when fork procedures are called could be linked to insufficient amount of primary memory, as discussed at the beginning of Chapter 5 Section 1: SMTP service.

The second important tip is about spam test issues. The string of characters below might be sent as part of the body of an e-mail message addressed to our fresh server in order to verify the spam-detection functionality.

XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X

If it works, a log message notifying the spam detection will be shown in /var/log/syslog.

5.4.6. Service setup

5.4.6.1. Setting up CentOS

Start the amavisd daemon at boot:

# chkconfig amavisd on

Start/stop the clamd daemon:

# service amavisd start
# service amavisd stop

5.4.6.2. Setting up Debian Linux

Start the amavisd daemon at boot:

# update-rc.d amavis defaults

Start/stop the clamd daemon:

# /etc/init.d/amavis {start|stop|restart|force-reload|debug}

5.4.7. Security considerations

Update this service with yum update on a regular basis.

5.4.8. Restoring backup

  1. Get the daily backup file from the server:

    scp \
    root@vroot03.planet-lab.eu:/home/backup/dns1/dns1-etc-YYYYmmdd-HHMM.tar.bz2 \
    /tmp/restoring/dns1_etc/
    
  2. Decompress files:

    cd /tmp/restoring/dns1_etc/
    tar xjf dns1-etc-YYYYmmdd-HHMM.tar.bz2
    
  3. Install and copy the etc/amavisd/amavisd.conf file as described above. The recover of this service depends on the Postfix configuration/recover.