Mail Content Filtering with Postfix and Amavisd-new on Red Hat Enterprise Linux G.R.Keech 2004-11-05 Version 1.0. Summary The Postfix Mail Transport Agent can be linked to a content filter. Either an anti-spam or an anti-virus facility can be employed as the content filter. However, linking multiple content filters is problematic. The amavisd-new package addresses this issue by being the content filter for Postfix. Amavisd-new invokes the necessary anti-spam and anti-virus facilities to serve as an integrated content filter. This paper shows how to fit Postfix with anti-spam and anti-virus content filtering using Amavisd-new. Amavisd-new The amavisd-new project is the work of Mark Martinec in Ljubljana, Slovenia, and can be found at http://www.ijs.si/software/amavisd/. Amavisd-new is now a distinctly separate project to Amavis (http://www.amavis.org/) by Christian Bricart and Rainer Link. Packaging for RHEL of amavisd-new by Dag Wier's had issues and a new package based on Dag's has been prepared. It can be found at http://people.redhat.com/rkeech. The amavisd-new package depends upon a number of other (mainly perl) packages which are not provided in RHEL. These dependencies are also provided along with amavisd-new. The packages provided are: * amavisd-new-2.1.2-2grk.i386.rpm * arc-5.21e-0.dag.rhel3.i386.rpm * freeze-2.5-2.rhel3.dag.i386.rpm * lzo-1.08-3.1.el3.dag.i386.rpm * lzo-devel-1.08-3.1.el3.dag.i386.rpm * lzop-1.01-1.rhel3.dag.i386.rpm * nomarch-1.3-1.dag.rhel3.i386.rpm * perl-Archive-Tar-1.08-0.rhel3.dag.noarch.rpm * perl-Archive-Zip-1.09-0.rhel3.dag.noarch.rpm * perl-BerkeleyDB-0.25-1.rhel3.dag.i386.rpm * perl-Compress-Zlib-1.33-0.rhel3.dag.i386.rpm * perl-Convert-TNEF-0.17-2.dag.rhel3.noarch.rpm * perl-Convert-UUlib-1.03-1.rhel3.dag.i386.rpm * perl-IO-stringy-2.109-1.1.el3.dag.noarch.rpm * perl-MailTools-1.60-0.rhel3.dag.noarch.rpm * perl-MIME-tools-5.411-2.rhel3.dag.noarch.rpm * perl-Net-Server-0.86-0.rhel3.dag.noarch.rpm * perl-TimeDate-1.16-0.rhel3.dag.noarch.rpm * perl-Unix-Syslog-0.100-0.dag.rhel3.i386.rpm * unarj-2.63-0.a.rhel3.dag.i386.rpm * unrar-3.3.6-1.rhel3.dag.i386.rpm * zoo-2.10-1.1.el3.dag.i386.rpm Model of operation Postfix communicates with Amavisd via a pair of inet sockets as follows +-------------------+ | | | Postfix | | "master" | | process | | 10025tcp | +----+--------------+ | ^ | | v | +------------+------+ | 10024tcp | | | | amavisd | | | | | +-------------------+ Anti-virus Amavisd can call upon a number of Anti-virus facilities which are not provided with it. The author has tested it with F-Secure Anti-Virus (http://www.f-secure.com/products/anti-virus/linux/). Initial Setup and installation It is assumed that Postfix is already configured as an MTA, and that the chosen anti-virus facility is installed. The RPM packages mentioned above should all be installed in the normal way. Any other packages required to satisfy dependencies are provided as part of RHEL. Amavisd Configuration The service profile of Amavisd-new is as follows: package: amavisd-new service: amavisd daemon: amavisd (a perl script executing as user amavis) port: 10024tcp config: /etc/amavisd.conf, /etc/sysconfig/amavisd log: to syslog (defaults: facility=mail; precedence=debug) spool: /var/spool/amavis/virusmails/ (quarantine area) In /etc/amavisd.conf, the following directives will need to be set to correspond to the appropriate domain name: $mydomain @local_domains_maps Also the @av_scanners element should be checked to ensure that it correctly refers to whatever anti-virus system is installed. This may involve correcting the path to the AV executable. Postfix configuration The configuration of postfix needs to be changed to integrate with Amavisd. The installation of amavisd-new-2.1.2-2grk appends two directives to the end of /etc/postfix/master.cf which define a transport known as "smtp-amavis" and define that postfix will listen on port 10025tcp for returns from amavisd. In addtion, a postfix's main.cf file must have the content_filter directive set as follows # postconf -e "content_filter = smtp-amavis:[127.0.0.1]:10024" Operational considerations Aliases. The mail server should define the aliases "virusalert" and "spam.police" since any time mail is blocked a message will be sent to one of these addresses. Reload. The amavisd daemon cannot do a re-load. It must be re-started if required. Quarantine. When messages are blocked in the filtering process, they will be quarantined under /var/spool/amavis/virusmails/. Be wary of the space that this area may take unless a strategy for clearing it is applied routinely. Postscript Since this work was done, amavisd-new version 2.2.0 has been released.