Latest

Setting up Amavis and ClamAV to Ubuntu Mail Server

Pinterest LinkedIn Tumblr

 

That is half 10 within the Ubuntu mail server from scratch tutorial sequence. On this article, I’ll present you the way to use Amavis and ClamAV to scan viruses in e-mail messages.

Amavis (A Mail Virus Scanner) is a high-performance interface between a message switch agent (MTA) reminiscent of Postfix and content material filters. A content material filter is a program that scans the headers and physique of an e-mail message, and often takes some motion based mostly on what it finds. The commonest examples are ClamAV virus scanner and SpamAssassin.

Setting up Amavis and ClamAV to Ubuntu Mail Server

Amavis speaks customary SMTP protocol and may use the Sendmail milter interface. It’s generally used for

  • virus-scanning by integrating with ClamAV (Clam AntiVirus)
  • spam-checking by integrating with SpamAssassin
  • DKIM signing and verification. (Truly, I desire to make use of OpenDKIM to do DKIM signing and verification.)

Stipulations

You need to have accomplished a minimum of half 1 (Postfix SMTP server) and half 2 (Dovecot IMAP server) of the Ubuntu mail server from scratch tutorial sequence.

Warning: Amavis and ClamAV require a good quantity of RAM. Be sure you have a minimum of 1GB free RAM in your server earlier than putting in Amavis and ClamAV. The entire mail server stack (Postfix, Dovecot, Amavis, ClamAV, SpamAssassin, OpenDKIM, MySQL/MariaDB, PostfixAdmin, and Roundcube Webmail) wants a minimum of 2GB RAM. In case your RAM runs out, you will have troubles like mail server going offline or unresponsive.

Step 1: Set up Amavis on Ubuntu

Amvis is on the market from the default Ubuntu repository, so run the next command to put in it.

sudo apt set up amavisd-new -y

As soon as put in, it mechanically begins. You’ll be able to verify its standing with:

systemctl standing amavis

Output:

● amavis.service – LSB: Begins amavisd-new mailfilter
Loaded: loaded (/and so forth/init.d/amavis; generated)
Energetic: lively (working) since Fri 2020-08-07 15:43:40 HKT; 1min 1s in the past
Docs: man:systemd-sysv-generator(8)
Duties: 3 (restrict: 9451)
Reminiscence: 75.4M
CGroup: /system.slice/amavis.service
├─1794260 /usr/sbin/amavisd-new (grasp)
├─1794263 /usr/sbin/amavisd-new (virgin baby)
└─1794264 /usr/sbin/amavisd-new (virgin baby)

If it’s not working, you can begin it with:

sudo systemctl begin amavis

Allow auto-start at boot time.

sudo systemctl allow amavis

By default, it pay attention on 127.0.0.1:10024, as may be seen with:

sudo netstat -lnpt | grep amavis

Setting up Amavis and ClamAV to Ubuntu Mail Server

And it runs because the amavis person. To verify the model quantity, run

amavisd-new -V

Pattern output:

amavisd-new-2.11.0 (20160426)

To verify the logs of Amavis, you’ll be able to run

sudo journalctl -eu amavis

Viruses are generally unfold as attachments to e-mail messages. Set up the next packages for Amavis to extract and scan archive recordsdata in e-mail messages reminiscent of .7z, .cab, .doc, .exe, .iso, .jar, and .rar recordsdata.

sudo apt set up arj bzip2 cabextract cpio rpm2cpio file gzip lhasa nomarch pax rar unrar p7zip-full unzip zip lrzip lzip liblz4-tool lzop unrar-free

For those who use Ubuntu 18.04, then additionally set up the ripole bundle.

sudo apt set up ripole

Observe that in case your server doesn’t use a fully-qualified area title (FQDN) because the hostname, Amavis would possibly fail to start out. And the OS hostname would possibly change, so it’s advisable to set a sound hostname straight within the Amavis configuration file.

sudo nano /and so forth/amavis/conf.d/05-node_id

Discover the next line.

#$myhostname = “mail.instance.com”;

Take away the remark character (#) and alter mail.instance.com to your actual hostname.

$myhostname = “mail.linuxbabe.com”;

Save and shut the file. Restart Amavis for the adjustments to take impact.

sudo systemctl restart amavis

Step 2: Combine Postfix SMTP Server With Amavis

Amavisd-new works as an SMTP proxy. E mail is fed to it by way of SMTP, processed, and fed again to the MTA by way of a brand new SMTP connection.

Edit the Postfix principal configuration file.

sudo nano /and so forth/postfix/principal.cf

Add the next line on the finish of the file. This tells Postfix to activate content material filtering by sending each incoming e-mail message to Amavis, which listens on 127.0.0.1:10024.

content_filter = smtp-amavis:[127.0.0.1]:10024

Additionally, add the next line.

smtpd_proxy_options = speed_adjust

This can delay Postfix connection to content material filter till all the e-mail message has been obtained, which might forestall content material filters from losing time and assets for gradual SMTP shoppers.

Save and shut the file. Then edit the grasp.cf file.

sudo nano /and so forth/postfix/grasp.cf

Add the next strains on the finish of the file. This instructs Postfix to make use of a particular SMTP shopper part referred to as smtp-amavis to ship e-mail messages to Amavis. Please enable a minimum of one whitespace character (tab or spacebar) earlier than every -o.  In postfix configurations, a previous whitespace character implies that this line is continuation of the earlier line.

smtp-amavis unix – – n – 2 smtp
-o syslog_name=postfix/amavis
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=sure
-o disable_dns_lookups=sure
-o max_use=20

Then add the next strains on the finish of the file. This tells Postfix to run an extra smtpd daemon listening on 127.0.0.1:10025 to obtain e-mail messages again from Amavis.

127.0.0.1:10025 inet n – n – – smtpd
-o syslog_name=postfix/10025
-o content_filter=
-o mynetworks_style=host
-o mynetworks=127.0.0.0/8
-o local_recipient_maps=
-o relay_recipient_maps=
-o strict_rfc821_envelopes=sure
-o smtp_tls_security_level=none
-o smtpd_tls_security_level=none
-o smtpd_restriction_classes=
-o smtpd_delay_reject=no
-o smtpd_client_restrictions=permit_mynetworks,reject
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o smtpd_end_of_data_restrictions=
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o smtpd_client_connection_count_limit=0
-o smtpd_client_connection_rate_limit=0
-o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_address_mappings

Save and shut the file. Restart Postfix for the adjustments to take impact.

sudo systemctl restart postfix

Step 3: Combine Amavis with ClamAV

Now that Postfix can move incoming emails to Amavis, we have to set up the ClamAV virus scanner and combine it with Amavis, so incoming emails may be scanned by ClamAV.

Set up ClamAV on Ubuntu.

sudo apt set up clamav clamav-daemon

There shall be two systemd providers put in by ClamAV:

  • clamav-daemon.service: the Clam AntiVirus userspace daemon
  • clamav-freshclam.service: the ClamAV virus database updater

First, verify the standing of clamav-freshclam.service.

systemctl standing clamav-freshclam

Setting up Amavis and ClamAV to Ubuntu Mail Server

As you’ll be able to see, it’s lively (working) and makes use of 217.6M RAM on my mail server. Then verify the journal/log.

sudo journalctl -eu clamav-freshclam

Output:

Setting up Amavis and ClamAV to Ubuntu Mail Server

Trace: If the above command doesn’t give up instantly, press the Q key to make it give up.

We are able to see that freshclam downloaded Three virus databases. CVD stands for ClamAV Virus Database.

  • every day.cvd
  • principal.cvd
  • bytecode.cvd

Nevertheless, clamd was not notified as a result of freshclam can’t connect with clamd by way of /var/run/clamav/clamd.ctl. Verify the standing of clamav-daemon.service.

systemctl standing clamav-daemon

Output:

Setting up Amavis and ClamAV to Ubuntu Mail Server

As you’ll be able to see, it failed to start out as a result of a situation wasn’t met. Within the /lib/systemd/system/clamav-daemon.service file, there are two situations:

ConditionPathExistsGlob=/var/lib/clamav/principal.{c[vl]d,inc}
ConditionPathExistsGlob=/var/lib/clamav/every day.{c[vl]d,inc}

The clamav-daemon.service failed to start out as a result of principal.cvd and every day.cvd weren’t downloaded but when it begins. So we simply have to restart this service.

sudo systemctl restart clamav-daemon

Now it must be working. By the best way, it makes use of 731.4M RAM on my mail server. In case your mail server doesn’t have sufficient RAM left, the service will fail.

systemctl standing clamav-daemon.service

Setting up Amavis and ClamAV to Ubuntu Mail Server

The clamav-freshclam.service will verify ClamAV virus database updates as soon as per hour.

Now we have to activate virus-checking in Amavis.

sudo nano /and so forth/amavis/conf.d/15-content_filter_mode

Uncomment the next strains to allow virus-checking.

#@bypass_virus_checks_maps = (
#      %bypass_virus_checks, @bypass_virus_checks_acl, $bypass_virus_checks_re);

Setting up Amavis and ClamAV to Ubuntu Mail Server

Save and shut the file. There are many antivirus scanners within the /and so forth/amavis/conf.d/15-av_scanners file. ClamAV is the default. Amavis will name ClamAV through the /var/run/clamav/clamd.ctl Unix socket. We have to add person clamav to the amavis group.

sudo adduser clamav amavis

Then restart Amavis and ClamAV daemon for the adjustments to take impact.

sudo systemctl restart amavis clamav-daemon

Verify the logs.

sudo journalctl -eu amavis

You’ll be able to see that Amavis is now utilizing ClamAV to scan viruses.

Aug 08 17:26:19 mail.linuxbabe.com amavis[1233432]: Utilizing main inner av scanner code for ClamAV-clamd
Aug 08 17:26:19 mail.linuxbabe.com amavis[1233432]: Discovered secondary av scanner ClamAV-clamscan at /usr/bin/clamscan

Now if you happen to ship an e-mail from different mail servers like Gmail to your individual mail server and verify the e-mail headers, you will discover a line like under, which signifies this e-mail has been scanned by Amavis.

X-Virus-Scanned: Debian amavisd-new at linuxbabe.com

You must also verify the mail log (/var/log/mail.log) to search out if there are any errors.

Step 4: Use A Devoted Port for E mail Submissions

ClamAV can scan each incoming and outgoing emails now. Amavis listens on port 10024 for each incoming and outgoing e-mail messages. Nevertheless, it’s observe to make use of a unique port reminiscent of 10026 for e-mail submissions from authenticated customers. Edit the Amavis configuration file.

sudo nano /and so forth/amavis/conf.d/50-user

Customized settings must be added between the use strict; and 1; line. By default, Amavis solely listens on port 10024. Add the next line to make it additionally pay attention on port 10026.

$inet_socket_port = [10024,10026];

Then add the next line, which units the “ORIGINATING” coverage for port 10026.

$interface_policy{‘10026’} = ‘ORIGINATING’;

Subsequent, add the next strains, which outline the “ORIGINATING” coverage.

$policy_bank{‘ORIGINATING’} = ;

Save and shut the file. Restart Amavis.

sudo systemctl restart amavis

Verify its standing to see if the restart is profitable.

systemctl standing amavis

Subsequent, edit the Postfix grasp configuration file.

sudo nano /and so forth/postfix/grasp.cf

Add the next line to the submission service, so emails from authenticated SMTP shoppers shall be handed to Amavis listening on port 10026. This line will override (-o) the content_filter paramter in /and so forth/postfix/principal.cf file.

-o content_filter=smtp-amavis:[127.0.0.1]:10026

Like this:

Setting up Amavis and ClamAV to Ubuntu Mail Server

When you have enabled the smtps service for Microsoft Outlook customers, you then additionally want so as to add this line to the smtps service.

Setting up Amavis and ClamAV to Ubuntu Mail Server

Save and shut the file. Restart Postfix for the adjustments to take impact.

sudo systemctl restart postfix

Verify its standing to see if the restart is profitable.

systemctl standing postfix

Spam Filtering in Amavis

Observe: When you have adopted my SpamAssassin tutorial, you don’t have to allow spam-checking in Amavis. For those who allow it, every e-mail shall be checked twice by SpamAssassin.

To allow spam-checking in Amavis, set up SpamAssassin and associated packages.

sudo apt set up spamassassin libnet-dns-perl libmail-spf-perl pyzor razor

Edit an Amavis configuration file.

sudo nano /and so forth/amavis/conf.d/15-content_filter_mode

Uncomment the next strains to allow spam-checking.

#@bypass_spam_checks_maps = (
# %bypass_spam_checks, @bypass_spam_checks_acl, $bypass_spam_checks_re);

Save and shut the file. Then restart Amavis.

sudo systemctl restart amavis

DKIM in Amavis

Two frequent items of software program that may do DKIM signing and verification on Linux are OpenDKIM and Amavis. I desire to make use of OpenDKIM as a result of it really works higher with OpenDMARC. So I gained’t clarify the way to DKIM signal your e-mail in Amavis.

By default, Amavis can confirm the DKIM signature of incoming e-mail messages. When you have OpenDKIM working in your mail server, then you’ll be able to disable DKIM verification in Amavis.

sudo nano /and so forth/amavis/conf.d/21-ubuntu_defaults

Discover the next line and alter 1 to 0, so Amavis gained’t confirm DKIM signatures.

$enable_dkim_verification = 1;

Save and shut the file. Then restart Amavis.

sudo systemctl restart amavis

When receiving incoming emails, Postfix will name OpenDKIM through the sendmail milter interface to confirm DKIM signatures, then move the e-mail to Amavis for virus-checking. When sending outgoing emails, Postfix will name OpenDKIM to signal the emails, then move them to Amavis for virus-checking.

Wrapping Up

I hope this tutorial helped you arrange Amavis and ClamAV on Ubuntu mail server. As all the time, if you happen to discovered this publish helpful, then subscribe to our free e-newsletter to get extra suggestions and methods. Take care 🙂

Price this tutorial

[Total: 0 Average: 0]

ubuntu 18.04 mail server,install amavisd ubuntu,postfix mail server manager,amavis ubuntu,amavis postfix,clamav ubuntu,etc/amavis/conf d 50-user,reload amavis