These classnotes are depreciated. As of 2005, I no longer teach the classes. Notes will remain online for legacy purposes

UNIX03/Amavisd-New

Classnotes | UNIX03 | RecentChanges | Preferences

Instead of using Procmail, we will be using Amavisd-New.

Amavisd-New is decended from [AMaViS - A Mail Virus Scanner], which was intended as a snap-in integrator for a number of UNIX anti-virus scanners with an MTA. AMaViS also aimed to have their own in-house anti-virus scanner, but certain technical problems early on in the project required much of the code to be rewritten shortly after their initial stable release.

Amavisd-New is now more of a mail preprocessor, ala Procmail, but with a more limitted focus than other preprocessors. It is meant to easily allow ant-virus and anti-spam scanners to be integrated into an existing mail system, and that is all it is meant for. Whereas using Procmail to simply scan for viruses and spam might be like using a Bazooka to swat a fly, Amavisd-New would be more like simply using a fly-swatter.

That being said, you may still wish to supply Procmail to your users in addition to Amavisd-New. As was said before, Procmail can do things such as preprocess mail into a specific folder tree, or even into alternative accounts, so your users may still have a need for it. However, if they do not need it, and all you wish is for a virus/spam scanner, then Amavisd-New will be sufficient.

Amavisd-New should be run as a non-priviledged user, preferably as a user "amavis", and should have its own unique group (again, "amavis" will suffice).

For more information on Amavisd-New, see it's homepage: http://www.ijs.si/software/amavisd/

/etc/amavisd.conf

Amavisd-New's configuration file is /etc/amavisd.conf. Amavisd-New is written in Perl, and (like most Perl utilities, if you haven't yet discovered this) has it's configuration files actually written directly in Perl.

Let's now look at a standard amavisd.conf file:

 use strict;

 $MYHOME = '/var/lib/amavisd';
 $mydomain = 'domain.com';
 $daemon_user = 'amavis';
 $daemon_group = 'amavis';
 $daemon_chroot_dir = $MYHOME;

These settings tell Amavisd-New all about itself: what it's home directory is, what user and group it runs as, as well as whether to run itself as chroot.

 $QUARANTINEDIR = "$MYHOME/quarantine";
 $TEMPBASE = "$MYHOME/tmp";
 $ENV{TMPDIR} = $TEMPBASE;
 $helpers_home = $MYHOME;

$QUARANTINEDIR is the location where amavisd would place quarantine files if you were using it for virus scanning. Even if you are not doing virus scanning, it is still needed.

When amavisd does its thing, it creates a bunch of temp files. Normally it would just store them in $MYHOME. By storing them in $TEMPBASE, we can easily cleanup the temp directory whenever we need to by stopping amavisd and deleting everything in $TEMPBASE.

 $forward_method = 'smtp:127.0.0.1:10025';
 $notify_method = $forward_method;
 $inet_socket_port = 10024;
 $inet_socket_bind = '127.0.0.1';
 @inet_acl = qw( 127.0.0.1 );

These settings set up the communications between amavisd and postfix. Basically the two programs communicate using different ports. Postfix sends email it wants to filter to amavisd on port 10024. Amavis processes the message and returns it to postfix on port 10025. The $inet_acl setting makes sure that it accepts only packets from the local computer.

 @bypass_virus_checks_acl = qw( . );

We will not be setting up a virus scanner today, so this is the line that turns this feature off. However, if you were doing virus scanning, you would re-enable it here.

 @local_domains_acl = ( ".$mydomain" );

This setting is used to determine if a message is incoming or outgoing.

 $DO_SYSLOG = 1; # (1 = syslog, 0 = logfile)
 $LOGFILE = "$MYHOME/amavis.log";
 $log_level = 5; # (0-5)

These settings describe how amavisd should do logging for debugging. The $log_level can be set from 0-5 with 5 producing the most logging output. Even though we aren't using it, the $LOGFILE setting is required. Also don't be surprised to see an empty file with this name in the $MYHOME directory. You should also note that when running amavisd in debug mode, logging doesn't occur to the syslog.

Note: The main reason we don't want to log to file is because when chrooted, amavisd can't be restarted with a HUP command. Therefore to rotate the logfile with newsyslog, you'd need to stop and restart amavisd. It's easier just to log to syslog.
Note 2: If you want to have amavisd log to /var/log/messages instead of /var/log/maillog, you can add a config line here: $SYSLOG_LEVEL = 'user.info';

 $hdrfrom_notify_sender =
         'SpamAssassin <helpdesk@domain.com>';
 $notify_spam_sender_templ =
         read_text("$MYHOME/notify_spam_sender.txt");

When we send email messages to the spammers telling them we are rejecting their email, and giving them directions for how to get on our whitelist, this is who the message appears to be from as well as the text of the message itself.

 # Set to D_BOUNCE to block/notify, D_PASS to pass through
 $final_spam_destiny = D_PASS;

 read_hash(\%whitelist_sender, '/var/lib/amavis/whitelist');
 read_hash(\%blacklist_sender, '/var/lib/amavis/blacklist');
 read_hash(\%spam_lovers, '/var/lib/amavis/spam_lovers');

These settings point to 3 files that identify our whitelist, blacklist and spam lovers. Each file should have 1 email address (or part of an email address) per line. The whitelist identifies senders that should always be passed through even if they are identified as spam. The blacklist identifies senders that should always be marked as spam. The spam_lovers identifies our users that want to opt-out of our system and receive all their spam.

Note that these files are read only on startup of amavisd, so if you edit them be sure to stop and restart amavisd. Also, not shown here is the ability of amavisd to support per-recipient whitelists and blacklists and MySQL? based whitelists and blacklists.

This whole next section is part of the anti-mail bomb measures of the anti-virus software.

 #defending against mail bombs
 # Maximum recursion level for extraction/decoding
 $MAXLEVELS = 14;
 # Maximum number of extracted files
 $MAXFILES = 1500; 
 # bytes (default undef, not enforced)
 $MIN_EXPANSION_QUOTA = 100*1024;
 # bytes (default undef, not enforced)
 $MAX_EXPANSION_QUOTA = 300*1024*1024;
 # times original mail size (must be specified)
 $MIN_EXPANSION_FACTOR = 5;
 # times original mail size (must be specified)
 $MAX_EXPANSION_FACTOR = 500;

 $path =
    '/usr/local/sbin:/usr/local/bin:/usr/sbin:/sbin:/usr/bin:/bin';

 #$banned_filename_re = new_RE();

Currently this is needed even though we aren't using it to block illegal attachment types. This is a workaround to fix a bug where SpamAssassin inserts the ***SPAM*** into the subject twice for some messages. This should be fixed in a future release of amavisd-new.

 $file = 'file';
 $arc = ['nomarch', 'arc'];
 $gzip = 'gzip';
 $bzip2 = 'bzip2';
 $uncompress = ['uncompress', 'gzip -d', 'zcat'];
 $lha = 'lha';
 $unarj = 'unarj';
 $unrar = 'unrar';
 $zoo = 'zoo';

These are the names of the programs that amavisd would normally use to unzip files so it could scan them for viruses. Basically we make them all available to amavisd to avoid any error messages, but they shouldn't ever be used since we turned of the anti-virus code.

 # SpamAssassin settings
 $sa_local_tests_only = 0;
 # comment this line out to turn off auto whitelist
 $sa_auto_whitelist = 1;
 $sa_mail_body_size_limit = 64*1024; # 64KB

 # controls adding the X-Spam-Status and X-Spam-Level headers,
 $sa_tag_level_deflt = 3.0;
 # controls adding 'X-Spam-Flag: YES', and  editing Subject,
 $sa_tag2_level_deflt = 6.3;
 # triggers spam evasive actions:
 $sa_kill_level_deflt = $sa_tag2_level_deflt;

SpamAssassin assigns each email a positive or negative score to indicate its "spamminess". These settings tell SpamAssassin when to take anti-spam measures. At the tag level, the message's headers are modified with the spam score. At the tag2 level, in addition to the actions from the tag level, it adds a header indicating that the message is spam, and it modifies the subject. At the kill level, the system will take action based on the $final_spam_destiny setting. In most cases, you want tag2 and kill to happen to any message that is spam, so they are usually equal.

 $sa_spam_subject_tag = '***SPAM*** ';
 $sa_debug = 1; # comment this line out to turn off debugging

This setting turns on spamassassin debugging. Comment it out once everything is running smoothly for better performance.

 1; # insure a defined return


Classnotes | UNIX03 | RecentChanges | Preferences
This page is read-only | View other revisions
Last edited June 6, 2003 11:01 pm (diff)
Search:
(C) Copyright 2003 Samuel Hart
Creative Commons License
This work is licensed under a Creative Commons License.