Re: integrating clamav into mail delivery system

To: debian-user@lists.debian.org
Subject: Re: integrating clamav into mail delivery system
From: Kevin Coyner <kevin@rustybear.com>
Date: Thu, 05 Jun 2003 19:10:59 -0400
Message-id: <[🔎] 20030605231059.GN13016@rustybear.com>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 1054845164.995.3.camel@VISHNU.INTERNAL>
References: <[🔎] 1054845164.995.3.camel@VISHNU.INTERNAL>


On Thu, Jun 05, 2003 at 09:32:44PM +0100, Shri Shrikumar wrote......
 
> In any case what would be the simplest way of integrating clamAV into
> this setup.
> 
> Thanks for your time,
> 
> Shri

No guarantees this will work for you, but these are the notes I wrote up
for myself when I set up my mail server with amavis and clam.  Amavis
stuff is towards the bottom.  Note also that I think newer versions of Amavis
use ports 10025 and 10026, not the ones I have shown below. HTH.   Kevin

-------------------------------------------------------------------------

A work in progress on how to set up a SOHO email server that filters for spam
and viruses.  The base Linux installation is on an i386 PIII based machine
using Debian.

***************************
Components:
***************************

Postfix
Fetchmail
Procmail
Spamassassin
Amavis
Clam Antivirus
Qpopper

***************************
Postfix Configuration
***************************

# Excerpts from /etc/main.cf

command_directory = /usr/sbin
daemon_directory = /usr/lib/postfix
program_directory = /usr/lib/postfix

smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
setgid_group = postdrop
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no
myhostname = sumida.hawkwood
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
# myorigin = /etc/mailname
myorigin = $myhostname
mydestination = rustybear.com, sumida.hawkwood, localhost.hawkwood, localhost
relayhost = mail.rustybear.com
mynetworks = 127.0.0.0/8
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
content_filter = smtp-amavis:[127.0.0.1]:10024
# disable_dns_lookups=yes



# Excerpts from /etc/master.cf
# entries needed for amavis virus scanning
smtp-amavis unix -      -  n  -  2  smtp -o smtp_data_done_timeout=1200
127.0.0.1:10025 inet n  -  n  -  -  smtpd -o content_filter=

That's really all you need to change for Postfix.  If you are going to
virusscan using Amavis, have Amavis start "before" Postfix in the startup
scripts.  In Debian, the startup scripts are in /etc/init.d/.  Set the order
for starting these scripts by adding/moving the symbolic links in
/etc/rc(1-3).d.  Also add a kill symbolic link in /etc/rc6.d/ for any start
scripts you put in rc1.d through rc3.d.

***************************
Fetchmail Configuration
***************************

#Excerpts from /etc/fetchmailrc

# /etc/fetchmailrc for system-wide daemon mode
# This file must be chmod 0600, owner fetchmail

# Daemon configuration
# These two are set in /etc/default/fetchmail
set daemon      300             # Pool every 5 minutes
set syslog                      # log through syslog facility

set no bouncemail               # avoid loss on 4xx errors
                                # on the other hand, 5xx errors get
                                # more dangerous...
set postmaster kosuke

# Defaults =====================
# Set antispam to -1, since it is far safer to use that together with
# no bouncemail.  -1 disables antispam, so nothing should get dropped
defaults:
  antispam -1 
  batchlimit 100

# Uncomment this line if, after fetching from POP3 servers, you want the
# mail to go directly to procmail for delivery to appropriate folders.
# However, if you want the mail to go to something like Amavis for virus
# processing, then you need to insert the mail into the SMTP server process
# on this machine.  You do that by simply keeping the following line 
# commented out.
# mda '/usr/bin/procmail -d %T'  ## -d drops it in /var/mail/mailuser

poll justhogs.org with protocol pop3
  user kevin%justhogs.org pass XXXXX is kosuke;

poll mail-hub.optonline.net with protocol pop3
  user rtc87 pass XXXXX is ryan;


***************************
Procmail Configuration
***************************

Set up recipes in /etc/procmail/rcdelivery

Excerpt from /etc/procmailrc

PMDIR=/etc/procmail/            # directory for storing procmail log
                                # and rc files

LOGFILE=$PMDIR/log
INCLUDERC=$PMDIR/rcdelivery

FORMAIL=/usr/bin/formail        # useful for autoreply recipes


***************************
Spamassassin Configuration
***************************

straightforward configuration in /etc/spamassassin/local.cf


***************************
Amavis Configuration
***************************

Presently I'm using Amavis-Postfix from the Debian apt archives.  There are
several other versions of Amavis, so settings might be different.

In /etc/amavis.conf, make the following changes/additions:

1.  # Clam Antivirus
      $clamscan = "/usr/bin/clamscan";

2.  # yes - syslog, no - file logging 
      $DO_SYSLOG = "no";
    # personal preference.  if no, you'll find the logs in /var/lib/amavis,
    # unless you change the log path directory in /etc/amavis.conf (see next
    # item in the list)

3.  # Directory to put log entries (if not using syslog)
      $LOGDIR = "/var/lib/amavis";
      $LOGFILE = "amavis.log";

4.  $log_level = 1;  # level 4 gives more details

5.  # Notify admin/sender/recipient?
      $warnadmin  = "yes";
      $warnsender = "no";  # personal preference here.  most viruses seem
      $warnrecip  = "no";  # to come from spammers anyway

6.  # who notification reports are sent from
      $mailfrom = 'postmaster';
    # your MUA or Postfix will append the .domain stuff

7.  $relayhost = "127.0.0.1"; # delivery to this IP unless $relayhost_is_client
    $relayhost_port = "10025"; # (same port for all MTAs)

8.  # SMTP-INPUT SETTINGS
    # (used when MTA is configured to pass mail to amavisd directly via SMTP)
      $inet_socket_port = "10024";      # accept SMTP on this local TCP port
    # This version of Amavis uses 10024 to read in mail to be scanned, and
    # 10025 to put the mail back into the SMTP delivery process with an Amavis
    # scanned tag in the headers so that it doesn't return again.  Other
    # versions of Amavis may use 10025/10026.  Whatever you use, just make
    # sure that you make similar changes on the Postfix end in main.cf and
    # master.cf.  

9.  $recipient_delimiter = '+';
    # You'll see this in /etc/postfix/main.cf too.  

All other settings can be left at defaults.

To check and see if Amavis is up and listening for incoming mail to be
scanned, do the following:

-->  $ telnet 127.0.0.1 10024
     Trying 127.0.0.1...
     Connected to 127.0.0.1.
     Escape character is '^]'.

     220 localhost amavisd

-->  quit

     221 Bye
     Connection closed by foreign host.

----------------------------------------------------------------


-- 
Kevin Coyner
mailto: kevin@rustybear.com
GnuPG key: 1024D/8CE11941

Attachment: pgpXakUMCst7x.pgp
Description: PGP signature

Reply to:

References:
- integrating clamav into mail delivery system
  - From: Shri Shrikumar <shri@urbyte.com>

Prev by Date: Re: D-Link DFE-530TX under 2.4.16-686
Next by Date: ERROR 2003: Can't connect to MySQL server on ....
Previous by thread: integrating clamav into mail delivery system
Next by thread: conflicts
Index(es):
- Date
- Thread