Amavisd-new, spamassassin and clamav
On FreeBSD 7.2 (and probably 8.0)
Lars Sommer, lasg@lasg.dk, 2009-05-21
DISCLAIMER: This is a personal note made for personal usage.
It might not be easy usable nor explaining.
This is personal notes. Get an idea of why this combination of programs are a
good idea first.
—
Installation:
Install these ports:
security/amavisd-new
security/clamav
You also need
databases/p5-DBD-mysql60
to let Amavis check your DSN in the MySQL mailserver DB
—
Initial configuration:
Enable amavisd-new and clamav in /etc/rc.conf with the following lines:
clamav_clamd_enable=”YES”
clamav_freshclam_enable=”YES”
amavisd_enable=”YES”
Optionally enable amavisd tmp ram disk with: (example 512k)
amavisd_ram=”512m”
Let the user clamav be a member in the group vscan, so that:
$ id clamav
uid=106(clamav) gid=106(clamav) groups=106(clamav), 6(mail), 110(vscan)
by:
pw user mod clamav -G vscan,mail
—
Configure postfix:
Add to postfix’ main.cf:
content_filter=smtp-amavis:[127.0.0.1]:10024
max_use = 10
receive_override_options=no_address_mappings
And to master.cf:
smtp-amavis unix – – n – 2 smtp
-o smtp_data_done_timeout=1200
-o disable_dns_lookups=yes
127.0.0.1:10025 inet n – n – – smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_delay_reject=no
-o smtpd_client_restrictions=permit_mynetworks,reject
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o smtpd_data_restrictions=reject_unauth_pipelining
-o smtpd_end_of_data_restrictions=
-o mynetworks=127.0.0.0/8
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o smtpd_client_connection_count_limit=0
-o smtpd_client_connection_rate_limit=0
-o receive_override_options=no_header_body_checks,no_unknown_recipient_checks
—
Configure amavisd:
vi /usr/local/etc/amavisd.conf
#Set this to your primary domain
$mydomain = ‘ruthsfjender.dk’;
#Change this to undef, to have spam-info tags in all mails
$sa_tag_level_deflt = undef;
#Set this to let amavis check up DSN in your mailserver DB
(for use with postadmin syntax)
@lookup_sql_dsn = ( [ 'DBI:mysql:database=postfix;host=127.0.0.1', 'dbusername', 'dbpassword' ] );
$sql_select_policy = ‘SELECT *, id as policy_id FROM mailbox WHERE username IN (%k)’;
#Like $mydomain, but FQDN
$myhostname = ‘lillith.ruthsfjender.dk’; #Must be a FQDN
#Find this section, and remove the outcomments:
['ClamAV-clamd',
\&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd"],
qr/\bOK$/, qr/\bFOUND$/,
qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
—
Configure spamassassin updates:
Add sa-update to crontab:
#Update SpamAssassin rules once a day:
9 4 * * * root sa-update > /dev/null 2>&1
—
Amavis-stats
NOT WORKING YET?
security/amavis-stats
make install
modify your Apache httpd.conf including this line:
Alias /amavis-stats /usr/local/www/amavis-stats
setup cronjob for amavis-stats by putting this line to /etc/crontab
*/5 * * * * amavis /usr/local/sbin/amavis-stats /var/log/maillog 2>&1 > /dev/null
—
Mailgraph:
WORKING BUT SOMETHNG MORE IS PERHAPS NEEDED?
mail/mailgraph
make install
Edit /etc/rc.conf and set
mailgraph_enable=”YES”
Interesting files:
/usr/local/www/cgi-bin/mailgraph.cgi
/usr/local/sbin/mailgraph.pl
—
