Mail Filter
Amavis is an open source content filter for electronic mail, implementing mail message transfer, decoding, some processing and checking, and interfacing with external content filters to provide protection against spam, viruses and other malware. It can be considered an interface between a mailer (MTA, Mail Transfer Agent) and one or more content filters.
We will use Amavis for the following tasks:
DKIM signing our outgoing mails.
Checking DKIM signatures of incoming mails.
Scanning all mails for viruses (using ClamAV).
Scanning inccoming mails for spam (using SpamAssassin).
Software Installation
Amavis is available as package in the Ubuntu software repository:
$ sudo apt-get install amavisd-new
The installation creates the following items:
The system user and group amavis.
The directory
/etc/amaviswith configuration files.The directory
/usr/share/amavis/conf.d/with read-only configuration files.The directory
/var/lib/amavisThe directory
/usr/share/doc/amavis-newwith documentation and configuration examples.The system service amavis (see
/etc/init.d/amavis)
Additional Archive Packages
With the following software packages installed, it will be possible to look inside various types of file-archives and scan the contents for viruses:
$ sudo apt-get install arj cabextract lzop nomarch p7zip-full rar ripole rpm2cpio unrar-free zip zoo
The following documentation is relevant to our installation and will be used as reference for what lies ahead:
/usr/share/doc/amavis-new/amavisd-new-docs.html
/usr/share/doc/amavis-new/README.debian.gz
/usr/share/doc/amavis-new/NEWS.Debian.gz
/usr/share/doc/amavis-new/README.postfix.html
Note that any Ubuntu specific notes are included in the above Debian files by the Ubuntu package maintainers.
Group Memberships
Add clamav user to the amavis group and vice versa in order for Clamav to have access to the files it needs to scan:
$ sudo adduser clamav amavis
$ sudo adduser amavis clamav
Configuration
Enable Scanning for Virus and Spam
Mail content scanners are disabled by deafult. To activate them open
/etc/amavis/conf.d/15-content_filter_mode and uncomment the following lines:
#
# Default antivirus checking mode
# Please note, that anti-virus checking is DISABLED by
# default.
# If You wish to enable it, please uncomment the following lines:
@bypass_virus_checks_maps = (
\%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re);
#
# Default SPAM checking mode
# Please note, that anti-spam checking is DISABLED by
# default.
# If You wish to enable it, please uncomment the following lines:
@bypass_spam_checks_maps = (
\%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re);
Database for Virtual Domains
Amavis needs to be able to lookup our hosted virtual mail-domains to decide if a mail is incoming or outgoing.
We create the /etc/amavis/conf.d/50-user and
define the database server connection there.
Use the same credentials as we defined in the database connection of our ViMbAdmin configuration.
use strict;
#
# Place your configuration directives here. They will override those in
# earlier files.
#
# See /usr/share/doc/amavisd-new/ for documentation and examples of
# the directives you can use in this file
#
$sa_spam_subject_tag = undef;
$spam_quarantine_to = undef;
$sa_tag_level_deflt = undef;
# Prevent spams from automatically rejected by mail-server
$final_spam_destiny = D_PASS;
# We need to provide list of domains for which filtering need to be done
@lookup_sql_dsn = (
['DBI:mysql:database=vimbadmin;host=127.0.0.1;port=3306',
'vimbadmin',
'********']);
$sql_select_policy = 'SELECT domain FROM domain WHERE CONCAT("@",domain) IN (%k)';
#------------ Do not modify anything below this line -------------
1; # ensure a defined return
Service Re-Start
Now re-start Amavis:
$ sudo service amavis restart