Protecting with Amavis/Clamav/SpamAssassin

Posted on by

Back to introduction

Finally we can add a layer of antivirus and spam protection to our postfix email server using the best tools available in the open source community: amavis, clamav and spamassasin.

Amavis is the main content filter that postfix is using. Once an email enters in the postfix queue, it is then redirected to the amavis daemon, who is responbile for calling both SpamAssassin and ClamAV to check for spam or virus respectively.

The postfix redirection to the amavis content filter is performed with this line in the postfix configuration file main.cf:

content_filter=smtp-amavis:[127:0:0:1]:10024

The meaning of this configuration is to tell postfix to create a unix-domain socket called smtp-amavis, with IP loopback address (the same machine) and listening to port 10024. This is the port the amavis-new daemon is already listening to.

With this configuration postfix will redirect all incoming mail to the amavis daemon

This postfix service/daemons are defined in the master.cf file in the following instructions:

 smtp-amavis	unix	-	-	-	-	2 smtp
                                                        	-o smtp_data_done_timeout=1200
                                                                -o smtp_send_xforward_command=yes
                                                                -o disable_dns_lookups=yes
                                                                -o max_use=20

 127.0.0.1:10025 inet	n	-	-	-	- smtpd
                                                          	-o content_filter=
                                                         	-o local_recipient_maps=
                                                           	-o relay_recipient_maps=
                                                         	-o smtpd_restriction_classes=
                                                        	-o smtpd_delay_reject=no
                                                                -o smtpd_client_restrictions=permit_mynetworks,reject
                                                                -o smtpd_helo_restrictions=
                                                                -o smtpd_sender_restrictions=
                                                                -o smtpd_recipient_restrictions=permit_mynetworks,reject
                                                                -o smtpd_data_restrictions=reject_unauth_pipelining
                                                         	-o smtpd_end_of_data_restrictions=
                                                                -o mynetworks=127.0.0.0/8
                                                                -o smtpd_error_sleep_time=0
                                                                -o smtpd_soft_error_limit=1001
                                                                -o smtpd_hard_error_limit=1000
                                                                -o smtpd_client_connection_count_limit=0
                                                                -o smtpd_client_connection_rate_limit=0
                                                                -o receive_override_options=no_header_body_checks,
                                                                                            no_unknown_recipient_checks

 

The first group of instructions defines the incoming traffic, on port 10024 where the amavis daemon is listening. The second group of instruction defines the outgoing traffic from amavis that needs to be re-injected in the postfix queue at port 10025.

The -o options attached to the command (last field) in these instructions represent an override to the postfix configuration parameters as defined in main.cf. For example the content_filter parameter is disabled when re-injecting into the postfix queue, to prevent an infinite loop: postfix->amavis->postfix->amavis->…