This is preface. Amavis (A Mail Virus Scanner) is a high-performance interface between a message transfer agent (MTA) such as Postfix and content filters. A content filter is a program that scans the headers and body of an email message. Most common tool of content filters are ClamAV virus scanner and SpamAssassin. This article describe about simply Install Amavisd and ClamAV on Alma Linux 8 / Centos 8 / RHEL 8.
At least, we have finished setting Postfix as SMTP Server.
Install Amavis on Alma Linux 8/CentOS 8/RHEL 8
Enable the PowerTools repository since EPEL packages may depend on packages from it:
sudo yum config-manager --set-enabled powertools
sudo yum install epel-release
sudo yum update
After that, install Amavisd and other package needed.
yum -y install amavis
Commonly Viruses or spammer spread as attachments to email messages. Install the following packages for Amavis to extract and scan archive files in email messages such as .7z
, .cab
, .doc
, .exe
, .iso
, .jar
, and .rar
files.
yum -y install arj bzip2 cpio file gzip nomarch spax unrar p7zip unzip zip lrzsz lzip lz4 lzop
Important:
If our server doesn’t use a fully-qualified domain name (FQDN) as the hostname, Amavis might fail to start. And the OS hostname might change, so it’s recommended to set a valid hostname directly in the Amavis configuration file.
vim /etc/amavisd/amavisd.conf
Find $mydomain and $myhostname. Like this.
$mydomain = 'example.com'; # a convenient default for other settings
Change to
$mydomain = 'habibza.in'; # a convenient default for other settings
# $myhostname = 'host.example.com'; # must be a fully-qualified domain name!
Change to :
$myhostname = 'mx.habibza.in'; # customize with your name
And then restart service amavis.
systemctl restart amavisd
Amavisd listens on 127.0.0.1:10024, we can see with ss
command.
[root@mx-2 ~]# ss -lnpt
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 127.0.0.1:10024 0.0.0.0:* users:(("/usr/sbin/amavi",pid=1910,fd=8),("/usr/sbin/amavi",pid=1909,fd=8),("/usr/sbin/amavi",pid=1422,fd=8))
LISTEN 0 100 127.0.0.1:10025 0.0.0.0:* users:(("smtpd",pid=1991,fd=6),("master",pid=1255,fd=103))
LISTEN 0 100 0.0.0.0:587 0.0.0.0:* users:(("master",pid=1255,fd=20))
LISTEN 0 128 0.0.0.0:2222 0.0.0.0:* users:(("sshd",pid=814,fd=4))
LISTEN 0 128 127.0.0.1:783 0.0.0.0:* users:(("spamd child",pid=1429,fd=6),("spamd child",pid=1428,fd=6),("spamd",pid=818,fd=6))
LISTEN 0 100 0.0.0.0:465 0.0.0.0:* users:(("master",pid=1255,fd=23))
LISTEN 0 100 0.0.0.0:25 0.0.0.0:* users:(("smtpd",pid=1985,fd=6),("master",pid=1255,fd=16))
LISTEN 0 128 [::1]:10024 [::]:* users:(("/usr/sbin/amavi",pid=1910,fd=9),("/usr/sbin/amavi",pid=1909,fd=9),("/usr/sbin/amavi",pid=1422,fd=9))
LISTEN 0 128 [::]:2222 [::]:* users:(("sshd",pid=814,fd=6))
LISTEN 0 128 [::1]:783 [::]:* users:(("spamd child",pid=1429,fd=5),("spamd child",pid=1428,fd=5),("spamd",pid=818,fd=5))
Integrate Postfix SMTP Server With Amavis
Amavis works as an SMTP proxy. Email is fed to it through SMTP, processed, and fed back to the MTA through a new SMTP connection.
Run the following command, which tells Postfix to turn on content filtering by sending every incoming email message to Amavis, which listens on 127.0.0.1:10024.
postconf -e "content_filter = smtp-amavis:[127.0.0.1]:10024"
Also, run the following command. This will delay Postfix connection to content filter until the entire email message has been received, which can prevent content filters from wasting time and resources for slow SMTP clients.
postconf -e "smtpd_proxy_options = speed_adjust"
Then edit the master.cf
file.
vim /etc/postfix/master.cf
Add the following lines at the end of the file. This instructs Postfix to use a special SMTP client component called smtp-amavis
to deliver email messages to Amavis. Please allow at least one whitespace character (tab or spacebar) before each -o
. In postfix configurations, a preceding whitespace character means that this line is continuation of the previous line.
smtp-amavis unix - - n - 2 smtp
-o syslog_name=postfix/amavis
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
-o max_use=20
-o smtp_tls_security_level=none
Then add the following lines at the end of the file. This tells Postfix to run an additional smtpd daemon listening on 127.0.0.1:10025 to receive email messages back from Amavis.
127.0.0.1:10025 inet n - n - - smtpd
-o syslog_name=postfix/10025
-o content_filter=
-o mynetworks_style=host
-o mynetworks=127.0.0.0/8
-o local_recipient_maps=
-o relay_recipient_maps=
-o strict_rfc821_envelopes=yes
-o smtp_tls_security_level=none
-o smtpd_tls_security_level=none
-o smtpd_restriction_classes=
-o smtpd_delay_reject=no
-o smtpd_client_restrictions=permit_mynetworks,reject
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o smtpd_end_of_data_restrictions=
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o smtpd_client_connection_count_limit=0
-o smtpd_client_connection_rate_limit=0
-o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_address_mappings
Save and close the file. Restart Postfix for the changes to take effect.
sudo systemctl restart postfix
Integrate Amavis with ClamAV
Now that Postfix can pass incoming emails to Amavis, we need to install the ClamAV virus scanner and integrate it with Amavis, so incoming emails can be scanned by ClamAV.
Install ClamAV on Alma Linux 8/CentOS 8/RHEL 8.
yum install clamav clamav-lib clamav-data clamav-update -y
There will be two systemd services installed by ClamAV:
[email protected]
: the Clam AntiVirus userspace daemonclamav-freshclam.service
: the ClamAV virus database updater
First, start the clamav-freshclam.service
.
sudo systemctl start clamav-freshclam.service
Enable auto-start at boot time.
sudo systemctl enable clamav-freshclam.service
Check the status.
systemctl status clamav-freshclam
We can see that freshclam downloaded 3 virus databases. CVD stands for ClamAV Virus Database.
- daily.cvd
- main.cvd
- bytecode.cvd
The clamav-freshclam.service will check ClamAV virus database updates once per hour.
Ok, that is summary simple Install Amavisd and ClamAV. May be usefull.
Let's Buy Me Coffee. https://saweria.co/habibzain https://ko-fi.com/habibzain