UNIX03/Amavisd-New

Amavisd-New is decended from [AMaViS - A Mail Virus Scanner], which was intended as a snap-in integrator for a number of UNIX anti-virus scanners with an MTA. AMaViS also aimed to have their own in-house anti-virus scanner, but certain technical problems early on in the project required much of the code to be rewritten shortly after their initial stable release.

Amavisd-New is now more of a mail preprocessor, ala Procmail, but with a more limitted focus than other preprocessors. It is meant to easily allow ant-virus and anti-spam scanners to be integrated into an existing mail system, and that is all it is meant for. Whereas using Procmail to simply scan for viruses and spam might be like using a Bazooka to swat a fly, Amavisd-New would be more like simply using a fly-swatter.

That being said, you may still wish to supply Procmail to your users in addition to Amavisd-New. As was said before, Procmail can do things such as preprocess mail into a specific folder tree, or even into alternative accounts, so your users may still have a need for it. However, if they do not need it, and all you wish is for a virus/spam scanner, then Amavisd-New will be sufficient.

Amavisd-New should be run as a non-priviledged user, preferably as a user "amavisd", and should have its own unique group (again, "amavisd" will suffice).

/etc/amavisd.conf

Let's now look at a standard amavisd.conf file:

 use strict;

 $MYHOME = '/var/amavisd';
 $mydomain = 'domain.com';
 $daemon_user = 'amavisd';
 $daemon_group = 'amavisd';
 $daemon_chroot_dir = $MYHOME;

These settings tell Amavisd-New all about itself: what it's home directory is, what user and group it runs as, as well as whether to run itself as chroot.

 $QUARANTINEDIR = "$MYHOME/quarantine";
 $TEMPBASE = "$MYHOME/tmp";
 $ENV{TMPDIR} = $TEMPBASE;
 $helpers_home = $MYHOME;

$QUARANTINEDIR is the location where amavisd would place quarantine files if you were using it for virus scanning. Even if you are not doing virus scanning, it is still needed.

When amavisd does its thing, it creates a bunch of temp files. Normally it would just store them in $MYHOME. By storing them in $TEMPBASE, we can easily cleanup the temp directory whenever we need to by stopping amavisd and deleting everything in $TEMPBASE.

 $forward_method = 'smtp:127.0.0.1:10025';
 $notify_method = $forward_method;
 $inet_socket_port = 10024;
 $inet_socket_bind = '127.0.0.1';
 @inet_acl = qw( 127.0.0.1 );

These settings set up the communications between amavisd and postfix. Basically the two programs communicate using different ports. Postfix sends email it wants to filter to amavisd on port 10024. Amavis processes the message and returns it to postfix on port 10025. The $inet_acl setting makes sure that it accepts only packets from the local computer.

 @bypass_virus_checks_acl = qw( . );

We will not be setting up a virus scanner today, so this is the line that turns this feature off. However, if you were doing virus scanning, you would re-enable it here.

 @local_domains_acl = ( ".$mydomain" );

This setting is used to determine if a message is incoming or outgoing.

 $DO_SYSLOG = 1; # (1 = syslog, 0 = logfile)
 $LOGFILE = "$MYHOME/amavis.log";
 $log_level = 5; # (0-5)

These settings describe how amavisd should do logging for debugging. The $log_level can be set from 0-5 with 5 producing the most logging output. Even though we aren't using it, the $LOGFILE setting is required. Also don't be surprised to see an empty file with this name in the $MYHOME directory. You should also note that when running amavisd in debug mode, logging doesn't occur to the syslog.

Note: The main reason we don't want to log to file is because when chrooted, amavisd can't be restarted with a HUP command. Therefore to rotate the logfile with newsyslog, you'd need to stop and restart amavisd. It's easier just to log to syslog.

Note 2: If you want to have amavisd log to /var/log/messages instead of /var/log/maillog, you can add a config line here: $SYSLOG_LEVEL = 'user.info';

 $hdrfrom_notify_sender =
         'SpamAssassin <helpdesk@domain.com>';
 $notify_spam_sender_templ =
         read_text("$MYHOME/notify_spam_sender.txt");

When we send email messages to the spammers telling them we are rejecting their email, and giving them directions for how to get on our whitelist, this is who the message appears to be from as well as the text of the message itself.

 # Set to D_BOUNCE to block/notify, D_PASS to pass through
 $final_spam_destiny = D_PASS;

 read_hash(\%whitelist_sender, '/var/amavisd/whitelist');
 read_hash(\%blacklist_sender, '/var/amavisd/blacklist');
 read_hash(\%spam_lovers, '/var/amavisd/spam_lovers');

 #defending against mail bombs
 # Maximum recursion level for extraction/decoding
 $MAXLEVELS = 14;
 # Maximum number of extracted files
 $MAXFILES = 1500; 
 # bytes (default undef, not enforced)
 $MIN_EXPANSION_QUOTA = 100*1024;
 # bytes (default undef, not enforced)
 $MAX_EXPANSION_QUOTA = 300*1024*1024;
 # times original mail size (must be specified)
 $MIN_EXPANSION_FACTOR = 5;
 # times original mail size (must be specified)
 $MAX_EXPANSION_FACTOR = 500;

 $path =
    '/usr/local/sbin:/usr/local/bin:/usr/sbin:/sbin:/usr/bin:/bin';

 #$banned_filename_re = new_RE();

 $file = 'file';
 $arc = ['nomarch', 'arc'];
 $gzip = 'gzip';
 $bzip2 = 'bzip2';
 $uncompress = ['uncompress', 'gzip -d', 'zcat'];
 $lha = 'lha';
 $unarj = 'unarj';
 $unrar = 'unrar';
 $zoo = 'zoo';

 # SpamAssassin settings
 $sa_local_tests_only = 0;
 # comment this line out to turn off auto whitelist
 $sa_auto_whitelist = 1;
 $sa_mail_body_size_limit = 64*1024; # 64KB

 # controls adding the X-Spam-Status and X-Spam-Level headers,
 $sa_tag_level_deflt = 3.0;
 # controls adding 'X-Spam-Flag: YES', and  editing Subject,
 $sa_tag2_level_deflt = 6.3;
 # triggers spam evasive actions:
 $sa_kill_level_deflt = $sa_tag2_level_deflt;

 $sa_spam_subject_tag = '***SPAM*** ';
 $sa_debug = 1; # comment this line out to turn off debugging

 1; # insure a defined return

(C) Copyright 2003 Samuel Hart

This work is licensed under a Creative Commons License.