All posts by neutrinus

Beat Caveng, Developer by A-Enterprise GmbH. Blog Author to the Themes, Python and Open Source. Tutorials to Python Troubleshooting and Shell Scripts.

How to Install AMAVIS-NEW Content filter on Postfix

Setup Amavis-new on Postfix MTA

AMaViS stands for A MAil Virus Scanner and is a server-side open-source content filter for e-mails, decoding and checking e-mails and can be considered as an interface between external content filters such as SpamAssassin, to provide protection against spam, viruses and other vulnerable malware e-mails. Amavis-new is implementet on Unixoid mail servers such as Mail Transfer Agent like Postfix.

  AMaViS was written in the Unix-Shell programming language. With the further development in 2000 it was converted to Perl, from then on as amavis-new the standard interface between Mail Transfer Agents (MTA) and content filters, compatible to Postfix and interacts with the Antivirus program ClamAV and some other virus scanner. The current amavisd-new is under the GPLv2 and BSD license and also offers the possibility of integrating SpamAssassin and other filters they call Milter.

INSTALL

In this post are describes the installation and configuration of amavis-new, the integration of Postfix on CentOS7 should already done. It is assumed that Postfix is ​​already setting up and basic skills for Postfix is ​​well.

First step is add EPEL repository in order to install components.

$ yum update
$ yum -y install epel-release

Now install the amavis-new and ClamAV utilities.

$ yum clean all
$ yum -y install amavisd-new clamav-scanner clamav-scanner-systemd

We modify the following lines in the amavisd configuration, with opening in the editor of your choice, here I use vim. if you’r not familiar with vim you can of course use nano.

$ vi /etc/amavisd/amavisd.conf

Add the changes after the comment lines.

# at line 20 set your own domain
$mydomain = 'domain.org';
# line 152 the own hostname
$myhostname = 'mail.domain.org';
# line 50 add local domain and network
@local_domains_maps = ( [".$mydomain", '.domain.org', 'next.domain.org'] );  # list of all local domains

@mynetworks = qw( 127.0.0.0/8 [::1] [FE80::]/10 [FEC0::]/10
                  10.0.0.0/8 10.127.99.0/24 );
# line 58 enter the exendet ports
$inet_socket_port = 10024,10026;
# line 154 w/o uncomment
$notify_method = 'smtp:[127.0.0.1]:10025';
$forward_method = 'smtp:[127.0.0.1]:10025';
# line 157 change to D_PASS
$final_virus_destiny    = D_PASS;
$final_spam_destiny     = D_PASS;

If use SELinux Enforced then add the policy.

$ setsebool -P antivirus_can_scan_system 1
$ setsebool -P clamd_use_jit 1

The Clamd virus scanner can be modified by using the sed stream editor, insert and run the following command lines in a terminal:

$ sed -i -e "s/^Example/#Example/" /etc/clamd.d/scan.conf
$ sed -i -e "s/^Example/#Example/" /etc/freshclam.conf

Configure the Clamd configuration file /etc/clamd.d/scan.conf as follows:

# line 8 w/o uncomment
#Example
# line 14 w/o uncomment
LogFile /var/log/clamd.scan
# line 44 w/o uncomment
LogSyslog yes
# line 66 w/o uncomment
PidFile /var/run/clamd.scan/clamd.pid
# line 70 w/o uncomment
TemporaryDirectory /var/tmp
# line 85 w/o uncomment
LocalSocket /var/run/clamd.scan/clamd.sock
# line 97 w/o uncomment
FixStaleSocket yes
# line 101 w/o uncomment
TCPSocket 3310
# line 195 insert uid
User clamscan

Create the log file for Clamd and assign the UserID:

$ touch /var/log/clamd.scan
$ chown clamscan:clamscan /var/log/clamd.scan

Now download and update the antivirus detection database.

$ freshclam

Now amavis-new configuration has been completed, let’s go ahead with the integration of Postfix. The content filter can be added at any place in the Postfix file main.cf by edit using nano or vi /etc/postfix/main.cf

content_filter=smtp-amavis:[127.0.0.1]:10024

To do this, with add the interface for amavis-new at the end of the file /etc/postfix/master.cf.

smtp-amavis unix  -     -     n     -    2   smtp
 -o smtp_data_done_timeout=1200
 -o smtp_send_xforward_command=yes
 -o disable_dns_lookups=yes
 -o max_use=20

127.0.0.1:10025  inet  n  -    n    -     -   smtpd
 -o content_filter=
 -o local_recipient_maps=
 -o relay_recipient_maps=
 -o smtpd_restriction_classes=
 -o smtpd_client_restrictions=
 -o smtpd_helo_restrictions=
 -o smtpd_sender_restrictions=
 -o smtpd_recipient_restrictions=permit_mynetworks,reject
 -o mynetworks=127.0.0.0/8
 -o strict_rfc821_envelopes=yes
 -o smtpd_error_sleep_time=0
 -o smtpd_soft_error_limit=1001
 -o smtpd_hard_error_limit=1000

Now restart Postfix so that the configuration takes effect.

$ systemctl restart postfix

Start amavis-new and let it start automatically at the next boot.

$ systemctl start clamd@scan
$ systemctl start amavisd.service
$ systemctl enable clamd@scan
$ systemctl enable amavisd.service

Testing Amavisd

Finally you can test amavisd. Note. that during download and installing amavis-new, with the use of an UTM firewall able to detect and blocking them, the conclusion arise the download are prevented because of contains the virus test signature, because the EICAR test signature should not by capsulated.

To do this, will go to the path /usr/share/doc/amavisd-new-*/test-messages and execute the following line in terminal shell, so that the EICAR test files are decapsulated and unpacked:

$ cd /usr/share/doc/amavisd-new-*/test-messages
$ perl -pe 's/./chr(ord($&)^255)/sge'

Now send the EICAR test signature to yourself by using sendmail in a terminal shell.

$ sendmail -i your_email@domain.ch < sample-virus-simple.txt

The following entry should then be shown in the log file /var/log/maillog.

mail amavis[11855]: (11855-01) Passed INFECTED (Eicar-Test-Signature {RelayedTaggedInbound,Quarantine d}, [127.0.0.1] <root@mail.domain.ch>-> <meine_email@domain.ch>, Message-ID: <20190305170628.630A7C5428@mail.domain.ch>, mail_id: SSDU53BXGSVK, Hits: 2.547, size: 789, queued_as: A808AC5425, 1207 ms

  If get error: reject: header To: undisclosed-recipients when trying to send the test mail with sendmail, the file sample-virus-simple.txt must be modify with a valid email entered at From: and To :.

Troubleshoting

To checking the functionality of amavis-new can provide along with the following procedure, first check the status of the daemon, with the parameter -l displaying the last lines of the log:

$ systemctl status postfix clamd@amavisd -l

It should also be ensured that ports 10024 and 10025 are active LISTEN:

$ ss -tuln4
Netid  State      Recv-Q Send-Q      Local Address:Port      Peer Address:Port
tcp    LISTEN     0      128             127.0.0.1:10024                *:*
tcp    LISTEN     0      100             127.0.0.1:10025                *:*
tcp    LISTEN     0      100                     *:587                  *:*
tcp    LISTEN     0      100                     *:465                  *:*
tcp    LISTEN     0      128                     *:22                   *:*
tcp    LISTEN     0      100                     *:25                   *:*

  telnet must first be installed, the function of the amavisd and Postfix daemon can be checked interactively:

$ telnet localhost 10024
Trying ::1...
Connected to localhost.
Escape character is '^]'.
220 [::1] ESMTP amavisd-new service ready
quit
221 2.0.0 [::1] amavisd-new closing transmission channel
Connection closed by foreign host.
$ telnet localhost 10025
Trying ::1...
telnet: connect to address ::1: Connection refused
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 mail.domain.ch ESMTP
quit
221 2.0.0 Bye
Connection closed by foreign host.

Synology Hyper Backup Replication

Backup replication with Hyper Backup and rsync

Synology Hyper Backup enables versatile use in data backup applications. In case of requests in these, the secured data should also be stored on another NAS, for example for the worst-case scenario, in case of fire or water damage in the server room, precautions are taken. There is the possibility to synchronize the backup storage with a second NAS, preferably in another building, or if there is the possibility to be located in a different location.

This article shows the structure of data synchronization between two NAS. The data backed up with Hyper Backup on the RackStation is synchronized with a DiskStation that is on the same network but is installed in another building.

To start, rsync is enabled on the external DiskStation, under Enable data services – rsync – rsync service.

To start, rsync is enabled on the external DiskStation, under Enable data services - rsync - rsync service.

For rsync account enable the Edit rsync account button and add a user.

Edit rsync account

Now with the RackStation, which runs the Hyper Backup backup, open the Hyper Backup app and create a new backup task by clicking on (+) Plus.

The Hyper Backup Backup Wizard is opened, as a backup destination under File Server you select rsync and click on next.

File Server you select rsync and click on next.

Create a backup task with a server name or IP address as the backup destination, enter user name and password, choose the shared folder and a directory.

synology choose the shared folder and a directory.

Shares can be selected to be saved.

Synology Shares can be selected to be saved.

If you want to back up applications, they can be selected, this is not required for synchronization.

If you want to back up applications, they can be selected, this is not required for synchronization.

Backup settings define the task notification and backup schedule.

Backup settings define the task notification and backup schedule.

Rotation settings can define backup rotation, with backup schedule and rotation scheme for a desired number of retained versions.

From the DSM on the RackStation, the first backup to the second NAS can now be made. The backup task can be added to an existing task, or a new backup task can be created, and it is recommended that you allow sufficient time between the two jobs to ensure that the second job is not started until the first backup is complete.

synology_datensicherung

When DiskStation receives the synchronized data, the Hyper Backup backup appears as an hbk folder, the folder can be opened with a deflator click, for which Hyper Backup must be installed.