Amavis-new on Postfix MTA
AMaViS stands for A MAil Virus Scanner and is a server-side open-source content filter for e-mails, decoding and checking e-mails and can be considered as an interface between external content filters such as SpamAssassin, to provide protection against spam, viruses and other vulnerable malware e-mails. Amavis-new is implementet on Unixoid mail servers such as Mail Transfer Agent like Postfix.
AMaViS was written in the Unix-Shell programming language. With the further development in 2000 it was converted to Perl, from then on as amavis-new the standard interface between Mail Transfer Agents (MTA) and content filters, compatible to Postfix and interacts with the Antivirus program ClamAV and some other virus scanner. The current amavisd-new is under the GPLv2 and BSD license and also offers the possibility of integrating SpamAssassin and other filters they call Milter.
INSTALL
In this post are describes the installation and configuration of amavis-new, the integration of Postfix on CentOS7 should already done. It is assumed that Postfix is already setting up and basic skills for Postfix is well.
First step is add EPEL repository in order to install components.
1 2 3 |
~]# yum update ~]# yum -y install epel-release |
Now install the amavis-new and ClamAV utilities.
1 2 3 |
~]# yum clean all ~]# yum -y install amavisd-new clamav-scanner clamav-scanner-systemd |
We modify the following lines in the amavisd configuration, with opening in the editor of your choice, here I use vim. if you’r not familiar with vim you can of course use nano.
1 2 |
~]# vi /etc/amavisd/amavisd.conf |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 |
# at line 20 set your own domain $mydomain = 'domain.ch'; # line 152 the own hostname $myhostname = 'mail.domain.ch'; # line 50 add local domain and network @local_domains_maps = ( [".$mydomain", '.domain.ch', 'next.domainxy.ch'] ); # list of all local domains @mynetworks = qw( 127.0.0.0/8 [::1] [FE80::]/10 [FEC0::]/10 10.0.0.0/8 10.127.99.0/24 ); # line 58 enter the exendet ports $inet_socket_port = 10024,10026; # line 154 w/o uncomment $notify_method = 'smtp:[127.0.0.1]:10025'; $forward_method = 'smtp:[127.0.0.1]:10025'; # line 157 change to D_PASS $final_virus_destiny = D_PASS; $final_spam_destiny = D_PASS; |
If use SELinux Enforced then add the policy.
1 2 3 |
~]# setsebool -P antivirus_can_scan_system 1 ~]# setsebool -P clamd_use_jit 1 |
The Clamd virus scanner can be modified by using the sed stream editor, insert and run the following command lines in a terminal:
1 2 3 |
~]# sed -i -e "s/^Example/#Example/" /etc/clamd.d/scan.conf ~]# sed -i -e "s/^Example/#Example/" /etc/freshclam.conf |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 |
# line 8 w/o uncomment #Example # line 14 w/o uncomment LogFile /var/log/clamd.scan # line 44 w/o uncomment LogSyslog yes # line 66 w/o uncomment PidFile /var/run/clamd.scan/clamd.pid # line 70 w/o uncomment TemporaryDirectory /var/tmp # line 85 w/o uncomment LocalSocket /var/run/clamd.scan/clamd.sock # line 97 w/o uncomment FixStaleSocket yes # line 101 w/o uncomment TCPSocket 3310 # line 195 insert uid User clamscan |
Create the log file for Clamd and assign the UserID:
1 2 3 |
~]# touch /var/log/clamd.scan ~]# chown clamscan:clamscan /var/log/clamd.scan |
Now download and update the antivirus detection database.
1 2 |
~]# freshclam |
Now amavis-new configuration has been completed, let’s go ahead with the integration of Postfix. The content filter can be added at any place in the Postfix file main.cf by use vi /etc/postfix/main.cf
1 2 |
content_filter=smtp-amavis:[127.0.0.1]:10024 |
To do this, with add the interface for amavis-new at the end of the file /etc/postfix/master.cf.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 |
smtp-amavis unix - - n - 2 smtp -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes -o max_use=20 127.0.0.1:10025 inet n - n - - smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_client_restrictions= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks=127.0.0.0/8 -o strict_rfc821_envelopes=yes -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 |
Now restart Postfix so that the configuration takes effect.
1 2 |
~]# systemctl restart postfix |
Start amavis-new and let it start automatically at the next boot.
1 2 3 4 5 |
~]# systemctl start clamd@scan ~]# systemctl start amavisd.service ~]# systemctl enable clamd@scan ~]# systemctl enable amavisd.service |
Just now testing Amavisd
Finally you can test amavisd. Note. that during download and installing amavis-new, with the use of an UTM firewall able to detect and blocking them, the conclusion arise the download are prevented because of contains the virus test signature, because the EICAR test signature should not by capsulated.
To do this, will go to the path /usr/share/doc/amavisd-new-*/test-messages and execute the following line in terminal shell, so that the EICAR test files are decapsulated and unpacked:
1 2 3 |
~]# cd /usr/share/doc/amavisd-new-*/test-messages ~]# perl -pe 's/./chr(ord($&)^255)/sge' |
Now send the EICAR test signature to yourself by using sendmail in a terminal shell.
1 2 |
~]# sendmail -i your_email@domain.ch <sample-virus-simple.txt |
The following entry should then be shown in the log file /var/log/maillog.
1 2 |
mail amavis[11855]: (11855-01) Passed INFECTED (Eicar-Test-Signature {RelayedTaggedInbound,Quarantine d}, [127.0.0.1] <root@mail.domain.ch>-> <meine_email@domain.ch>, Message-ID: <20190305170628.630A7C5428@mail.domain.ch>, mail_id: SSDU53BXGSVK, Hits: 2.547, size: 789, queued_as: A808AC5425, 1207 ms |
If get error: reject: header To: undisclosed-recipients when trying to send the test mail with sendmail, the file sample-virus-simple.txt must be modify with a valid email entered at From: and To :.
Troubleshoting
To checking the functionality of amavis-new can provide along with the following procedure, first check the status of the daemon, with the parameter -l displaying the last lines of the log:
1 2 |
~]# systemctl status postfix clamd@amavisd -l |
It should also be ensured that ports 10024 and 10025 are active LISTEN:
1 2 3 4 5 6 7 8 9 |
~]# ss -tuln4 Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port tcp LISTEN 0 128 127.0.0.1:10024 *:* tcp LISTEN 0 100 127.0.0.1:10025 *:* tcp LISTEN 0 100 *:587 *:* tcp LISTEN 0 100 *:465 *:* tcp LISTEN 0 128 *:22 *:* tcp LISTEN 0 100 *:25 *:* |
telnet must first be installed, the function of the amavisd and Postfix daemon can be checked interactively:
1 2 3 4 5 6 7 8 9 |
~]# telnet localhost 10024 Trying ::1... Connected to localhost. Escape character is '^]'. 220 [::1] ESMTP amavisd-new service ready quit 221 2.0.0 [::1] amavisd-new closing transmission channel Connection closed by foreign host. |
1 2 3 4 5 6 7 8 9 10 11 |
~]# telnet localhost 10025 Trying ::1... telnet: connect to address ::1: Connection refused Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. 220 mail.domain.ch ESMTP quit 221 2.0.0 Bye Connection closed by foreign host. |