How to Install AMAVIS-NEW Content filter on Postfix

()
Postfix Mail Transfer Agent Installation

Install and configuring Amavis-new on Postfix MTA

AMaViS stands for A MAil Virus Scanner and is a server-side open-source content filter for e-mails. For decoding and checking e-mails and can be considered as an interface between external content filters such as SpamAssassin, to provide protection against spam, viruses and other vulnerable malware e-mails. Amavis-new is implementet on Unixoid mail servers such as Mail Transfer Agent like Postfix.

  AMaViS was written in the Unix-Shell programming language. With the further development in 2000 it was converted to Perl, from then on as amavis-new the standard interface between Mail Transfer Agents (MTA) and content filters, compatible to Postfix and interacts with the Antivirus program ClamAV and some other virus scanner. The current amavisd-new is under the GPLv2 and BSD license and also offers the possibility of integrating SpamAssassin and other filters they call Milter.

Install Amavis-new

In this tutorial we describes the installation and configuration of amavis-new. As a prerequisite, Postfix should already be available. It is assumed that Postfix is ​​already setting up and basic skills for Postfix is ​​well.

First step is add EPEL repository in order to install components.

$ yum update
$ yum -y install epel-release

Now install the amavis-new and ClamAV utilities.

$ yum clean all
$ yum -y install amavisd-new clamav-scanner clamav-scanner-systemd

Amavis-new configuration

We modify the following lines in the amavisd configuration. With opening in the editor of your choice. Here I use vim. if you’r not familiar with vim you can of course use nano.

$ vi /etc/amavisd/amavisd.conf

Add the changes after the comment lines.

# at line 20 set your own domain
$mydomain = 'domain.org';
# line 152 the own hostname
$myhostname = 'mail.domain.org';
# line 50 add local domain and network
@local_domains_maps = ( [".$mydomain", '.domain.org', 'next.domain.org'] );  # list of all local domains

@mynetworks = qw( 127.0.0.0/8 [::1] [FE80::]/10 [FEC0::]/10
                  10.0.0.0/8 10.127.99.0/24 );
# line 58 enter the exendet ports
$inet_socket_port = 10024,10026;
# line 154 w/o uncomment
$notify_method = 'smtp:[127.0.0.1]:10025';
$forward_method = 'smtp:[127.0.0.1]:10025';
# line 157 change to D_PASS
$final_virus_destiny    = D_PASS;
$final_spam_destiny     = D_PASS;

If use SELinux Enforced then add the policy.

$ setsebool -P antivirus_can_scan_system 1
$ setsebool -P clamd_use_jit 1

The Clamd virus scanner can be modified by using the sed stream editor. Insert and run the following command lines in a terminal:

$ sed -i -e "s/^Example/#Example/" /etc/clamd.d/scan.conf
$ sed -i -e "s/^Example/#Example/" /etc/freshclam.conf

Configure the Clamd configuration file /etc/clamd.d/scan.conf as follows:

# line 8 w/o uncomment
#Example
# line 14 w/o uncomment
LogFile /var/log/clamd.scan
# line 44 w/o uncomment
LogSyslog yes
# line 66 w/o uncomment
PidFile /var/run/clamd.scan/clamd.pid
# line 70 w/o uncomment
TemporaryDirectory /var/tmp
# line 85 w/o uncomment
LocalSocket /var/run/clamd.scan/clamd.sock
# line 97 w/o uncomment
FixStaleSocket yes
# line 101 w/o uncomment
TCPSocket 3310
# line 195 insert uid
User clamscan

Create the log file for Clamd and assign the UserID:

$ touch /var/log/clamd.scan
$ chown clamscan:clamscan /var/log/clamd.scan

Now download and update the antivirus detection database.

$ freshclam

Now amavis-new configuration has been completed.

Amavis-new integrating Postfix

Let’s go ahead with the integration of Postfix. The content filter can be added at any place in the Postfix file main.cf by edit using nano or vi /etc/postfix/main.cf

content_filter=smtp-amavis:[127.0.0.1]:10024

To do this, with add the interface for amavis-new at the end of the file /etc/postfix/master.cf.

smtp-amavis unix  -     -     n     -    2   smtp
 -o smtp_data_done_timeout=1200
 -o smtp_send_xforward_command=yes
 -o disable_dns_lookups=yes
 -o max_use=20

127.0.0.1:10025  inet  n  -    n    -     -   smtpd
 -o content_filter=
 -o local_recipient_maps=
 -o relay_recipient_maps=
 -o smtpd_restriction_classes=
 -o smtpd_client_restrictions=
 -o smtpd_helo_restrictions=
 -o smtpd_sender_restrictions=
 -o smtpd_recipient_restrictions=permit_mynetworks,reject
 -o mynetworks=127.0.0.0/8
 -o strict_rfc821_envelopes=yes
 -o smtpd_error_sleep_time=0
 -o smtpd_soft_error_limit=1001
 -o smtpd_hard_error_limit=1000

Now restart Postfix so that the configuration takes effect.

$ systemctl restart postfix

Start amavis-new and let it start automatically at the next boot.

$ systemctl start clamd@scan
$ systemctl start amavisd.service
$ systemctl enable clamd@scan
$ systemctl enable amavisd.service

Testing Amavisd EICAR signature

Finally you can test amavisd. Note. that during download and installing amavis-new, with the use of an UTM firewall able to detect and blocking them. The conclusion arise the download are prevented because of contains the virus test signature, because the EICAR test signature should not by capsulated.

To do this, will go to the path /usr/share/doc/amavisd-new-*/test-messages and execute the following line in terminal shell, so that the EICAR test files are decapsulated and unpacked:

$ cd /usr/share/doc/amavisd-new-*/test-messages
$ perl -pe 's/./chr(ord($&)^255)/sge'

Now send the EICAR test signature to yourself by using sendmail in a terminal shell.

$ sendmail -i your_email@domain.ch < sample-virus-simple.txt

The following entry should then be shown in the log file /var/log/maillog.

mail amavis[11855]: (11855-01) Passed INFECTED (Eicar-Test-Signature {RelayedTaggedInbound,Quarantine d}, [127.0.0.1] <root@mail.domain.ch>-> <meine_email@domain.ch>, Message-ID: <20190305170628.630A7C5428@mail.domain.ch>, mail_id: SSDU53BXGSVK, Hits: 2.547, size: 789, queued_as: A808AC5425, 1207 ms

  If get error: reject: header To: undisclosed-recipients when trying to send the test mail with sendmail, the file sample-virus-simple.txt must be modify with a valid email entered at From: and To :.

Amavis-new Troubleshoting

To checking the functionality of amavis-new can provide along with the following procedure, first check the status of the daemon, with the parameter -l displaying the last lines of the log:

$ systemctl status postfix clamd@amavisd -l

It should also be ensured that ports 10024 and 10025 are active LISTEN:

$ ss -tuln4
Netid  State      Recv-Q Send-Q      Local Address:Port      Peer Address:Port
tcp    LISTEN     0      128             127.0.0.1:10024                *:*
tcp    LISTEN     0      100             127.0.0.1:10025                *:*
tcp    LISTEN     0      100                     *:587                  *:*
tcp    LISTEN     0      100                     *:465                  *:*
tcp    LISTEN     0      128                     *:22                   *:*
tcp    LISTEN     0      100                     *:25                   *:*

  telnet must first be installed, the function of the amavisd and Postfix daemon can be checked interactively:

$ telnet localhost 10024
Trying ::1...
Connected to localhost.
Escape character is '^]'.
220 [::1] ESMTP amavisd-new service ready
quit
221 2.0.0 [::1] amavisd-new closing transmission channel
Connection closed by foreign host.
$ telnet localhost 10025
Trying ::1...
telnet: connect to address ::1: Connection refused
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 mail.domain.ch ESMTP
quit
221 2.0.0 Bye
Connection closed by foreign host.

How useful was this post?

Click on a star to rate it!

Average rating / 5. Vote count:

No votes so far! Be the first to rate this post.

We are sorry that this post was not useful for you!

Let us improve this post!

Tell us how we can improve this post?

Leave a Reply

Your email address will not be published. Required fields are marked *