Amavisd-new, spamassassin and clamav On FreeBSD 7.2 (and probably 8.0)

Lars Sommer, lasg@lasg.dk, 2009-05-21

DISCLAIMER: This is a personal note made for personal usage.
It might not be easy usable nor explaining.

This is personal notes. Get an idea of why this combination of programs are a
good idea first.


---

Installation:

Install these ports:
security/amavisd-new
security/clamav

You also need
databases/p5-DBD-mysql60
to let Amavis check your DSN in the MySQL mailserver DB

---

Initial configuration:

Enable amavisd-new and clamav in /etc/rc.conf with the following lines:
clamav_clamd_enable="YES"
clamav_freshclam_enable="YES"
amavisd_enable="YES"

Optionally enable amavisd tmp ram disk with: (example 512k)
amavisd_ram="512m"

Let the user clamav be a member in the group vscan, so that:
$ id clamav
uid=106(clamav) gid=106(clamav) groups=106(clamav), 6(mail), 110(vscan)
by:
 pw user mod clamav -G vscan,mail

---

Configure postfix:

Add to postfix' main.cf:

content_filter=smtp-amavis:[127.0.0.1]:10024
max_use = 10
receive_override_options=no_address_mappings


And to master.cf:

smtp-amavis unix -      -       n       -       2  smtp
    -o smtp_data_done_timeout=1200
    -o disable_dns_lookups=yes

127.0.0.1:10025 inet n  -       n       -       -       smtpd
    -o content_filter=
    -o local_recipient_maps=
    -o relay_recipient_maps=
    -o smtpd_restriction_classes=
    -o smtpd_delay_reject=no
    -o smtpd_client_restrictions=permit_mynetworks,reject
    -o smtpd_helo_restrictions=
    -o smtpd_sender_restrictions=
    -o smtpd_recipient_restrictions=permit_mynetworks,reject
    -o smtpd_data_restrictions=reject_unauth_pipelining
    -o smtpd_end_of_data_restrictions=
    -o mynetworks=127.0.0.0/8 
    -o smtpd_error_sleep_time=0
    -o smtpd_soft_error_limit=1001
    -o smtpd_hard_error_limit=1000
    -o smtpd_client_connection_count_limit=0
    -o smtpd_client_connection_rate_limit=0
    -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks

---

Configure amavisd:

vi /usr/local/etc/amavisd.conf

#Set this to your primary domain
$mydomain = 'ruthsfjender.dk';

#Change this to undef, to have spam-info tags in all mails
$sa_tag_level_deflt  = undef;

#Set this to let amavis check up DSN in your mailserver DB
 (for use with postadmin syntax)
@lookup_sql_dsn = ( [ 'DBI:mysql:database=postfix;host=127.0.0.1', 'dbusername', 'dbpassword' ] );
$sql_select_policy = 'SELECT *, id as policy_id FROM mailbox WHERE username IN (%k)';

#Like $mydomain, but FQDN
$myhostname = 'lillith.ruthsfjender.dk'; #Must be a FQDN

#Find this section, and remove the outcomments:
 ['ClamAV-clamd',
   \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd"],
   qr/\bOK$/, qr/\bFOUND$/,
   qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],

---

Configure spamassassin updates:

Add sa-update to crontab:
#Update SpamAssassin rules once a day:
9       4       *       *       *       root    sa-update  > /dev/null 2>&1

---

Amavis-stats
NOT WORKING YET?

security/amavis-stats
make install

modify your Apache httpd.conf including this line:
Alias /amavis-stats /usr/local/www/amavis-stats

setup cronjob for amavis-stats by putting this line to /etc/crontab
*/5 * * * * amavis /usr/local/sbin/amavis-stats /var/log/maillog 2>&1 > /dev/null

---

Mailgraph:
WORKING BUT SOMETHNG MORE IS PERHAPS NEEDED?

mail/mailgraph
make install

Edit /etc/rc.conf and set
mailgraph_enable="YES"

Interesting files:
/usr/local/www/cgi-bin/mailgraph.cgi
/usr/local/sbin/mailgraph.pl

---

Skriv et svar

Din e-mailadresse vil ikke blive publiceret. Krævede felter er markeret med *