{"id":229,"date":"2011-06-12T20:18:58","date_gmt":"2011-06-13T03:18:58","guid":{"rendered":"http:\/\/blog.networkpresence.co\/?p=229"},"modified":"2013-03-28T04:03:24","modified_gmt":"2013-03-28T11:03:24","slug":"installing-spamassassin-clamav-with-amavisd-milter-on-sendmail-on-centos-5","status":"publish","type":"post","link":"http:\/\/blog.networkpresence.co\/?p=229","title":{"rendered":"Installing SpamAssassin & ClamAV with Amavisd-milter on Sendmail on CentOS 5"},"content":{"rendered":"

I’ve previously described the install & setup process for spamass-milter on Sendmail<\/a> for Anti-Spam processing.<\/p>\n

This blog post describes a different interface to Sendmail for Anti-Spam & Anti-Virus (AS\/AV), using the Amavis daemon (amavisd-new) along with the Milter interface for Amavis to Sendmail.<\/p>\n

1. Software Installs<\/p>\n

1.0 Pre-Requisites<\/p>\n

This requires (at least during this install process) the C compiler, so to install all the pre-req’s run:<\/p>\n

yum -y install gcc make sendmail-devel<\/code><\/p>\n

1a. Amavisd-Milter<\/p>\n

Please DO NOT install the ‘amavisd-new-milter’ package in RPMForge, it’s old & lacks functionality. Please download the source distribution for amavisd-milter from http:\/\/sourceforge.net\/projects\/amavisd-milter\/
\nThe latest amavisd-milter in early 2011 delivers the file ‘amavisd-milter-1.5.0.tar.gz’, so extract that file & install that software to its default install locations. <\/p>\n

Then do the following in the extract amavisd-milter directory:<\/p>\n

.\/configure
\nmake install<\/code><\/p>\n

Which yields the \/usr\/local\/sbin\/amavisd-milter exacutable & the ‘man amavisd-milter’ manual page.<\/p>\n

1b. Amavisd itself and its pre-requisites<\/p>\n

Run:
\nyum -y install amavisd-new<\/code><\/p>\n

1c. Check that the SpamAssassin & ClamAV packages are installed with:<\/p>\n

yum -y install clamav clamav-db clamav-milter clamd spamass-milter perl-Mail-SPF sendmail-cf perl-Mail-DKIM<\/code><\/p>\n

1d. There are some scanners that aren’t installed with amavisd-new’s Yum install, so bring in these decoders:<\/p>\n

yum -y install tnef unzip lrzip p7zip-plugins<\/code>
\n(updated for CentOS 5.9)<\/p>\n

2 Configuring components & Amavisd<\/p>\n

2a. See our previously posted SpamAssassin\/ClamAV & Sendmail page for the SpamAssassin & ClamAV setup<\/a>, but the important difference here is that ClamAV (clamd) must be reconfigured to run as the same pid\/user that runs the Amavisd software (amavis username & group).
\nWe set the pid & gid of the clamav user in \/etc\/passwd to be the same pid\/gid as the amavis user<\/strong> that’s installed when using Yum to install the amavisd-new package.
\nThen you need to chown the ClamAV run & log directories to the new pid\/gid of the clamav user with:
\nchown -R clamav.amavis \/var\/run\/clamav \/var\/log\/clamav\/ \/var\/clamav\/<\/code>
\nThen restart clamd with:
\nservice clamd restart<\/code>
\nAnd check that it comes up ok with no errors in \/var\/log\/maillog and \/var\/log\/messages<\/p>\n

2b. Amavisd-Milter Sysconfig file isn’t provided, as we’ve installed it from source, not a pre-build Package, so we need to create the file & I’ve used the following, from the site http:\/\/users.on.net\/~hilton\/amavisd-milter-sysconfig.txt<\/p>\n

### \/etc\/sysconfig\/amavisd-milter
\n### Configuration options for amavisd-milter
\n### Suitable for Redhat & SuSE systems.
\n#
\n#
\n### Amavisd's homedir.
\n### This should match the '$MYHOME' directive in amavisd.conf
\nAMAVISD_HOME=\"\/var\/amavis\"<\/p>\n

### Location of milter binary.
\nMILTER=\"\/usr\/local\/sbin\/amavisd-milter\"<\/p>\n

### User that amavisd-milter will run as.
\n### For RH\/CentOS\/Fedora set to \"amavis\"
\n### For SuSE set to \"vscan\"
\nAMAVISD_MILTER_USER=\"amavis\"<\/p>\n

### This is the socket used for communication between sendmail <--> milter
\n### It must correspond to the \"S=\" variable of the milter definition in sendmail.cf
\n### Note the variable substitution!
\nMILTER_SOCKET=\"local:$AMAVISD_HOME\/amavisd-milter.sock\"<\/p>\n

### This is the socket used for communication between amavisd <--> milter
\n### It must correspond to the value of \"$unix_socketname\" in amavisd.conf
\n### Note the variable substitution!
\nAMAVISD_SOCKET=\"$AMAVISD_HOME\/amavisd.sock\"<\/p>\n

### Pid file
\n### Note the variable substitution!
\nMILTER_PID=\"$AMAVISD_HOME\/amavisd-milter.pid\"<\/p>\n

### All the args to milter
\nMILTER_FLAGS=\"-s $MILTER_SOCKET -p $MILTER_PID -w $AMAVISD_HOME -S $AMAVISD_SOCKET\"<\/code><\/p>\n

2c. Amavisd-Milter init.d file isn’t provided, as we’ve installed it from source, not a pre-build Package, so we need to create the file & I’ve used the following, from the site http:\/\/users.on.net\/~hilton\/amavisd-milter-init.d.txt<\/p>\n

#!\/bin\/bash
\n# Init script for Amavisd-Milter.
\n# Written by Ben Tisdall
\n# chkconfig: 2345 78 31
\n# description: Amavisd Milter Interface
\n# processname: amavisd-milter<\/p>\n

### Read in the standard init functions
\nsource \/etc\/rc.d\/init.d\/functions<\/p>\n

### Default variables
\nAMAVIS_USER=\"amavis\"
\nMILTER_SOCKET=\"\"
\nMILTER_FLAGS=\"\"
\ndesc=\"Amavisd Milter Interface\"
\nRETVAL=0
\nSYSCONFIG=\"\/etc\/sysconfig\/amavisd-milter\"<\/p>\n

### Read configuration
\n[ -r \"$SYSCONFIG\" ] && source \"$SYSCONFIG\"<\/p>\n

### MILTER set in \/etc\/sysconfig\/amavisd
\nprog=\"${MILTER##*\/}\"
\nprogdir=\"${MILTER%\/*}\"<\/p>\n

### Check we have the milter
\nif ! [ -x $progdir\/$prog ]; then
\n echo -e \"\\nFATAL ERROR: $progdir\/$prog not found and\/or not executable, please check your installation.\\n\"
\nexit 1
\nfi<\/p>\n

### Functions
\nstart() {
\n if [ \"$MILTER_SOCKET\" -a -x \"$progdir\/$prog\" ]; then
\n echo -n $\"Starting $desc ($prog): \"
\n daemon --user \"$AMAVIS_USER\" $progdir\/$prog \"$MILTER_FLAGS\"
\n RETVAL=$?
\n echo
\n if [ $RETVAL -eq 0 -a -n \"$MILTER_PID\" -a ! -L \"\/var\/run\/${MILTER_PID##*\/}\" ]; then
\n ln -s \"$MILTER_PID\" \"\/var\/run\/${MILTER_PID##*\/}\"
\n touch \/var\/lock\/subsys\/$prog
\n fi
\n fi
\n}<\/p>\n

stop() {
\n if [ \"$MILTER_SOCKET\" -o -f \/var\/lock\/subsys\/$prog ]; then
\n echo -n $\"Shutting down $desc ($prog): \"
\n killproc $prog
\n RETVAL=$?
\n echo
\n [ $RETVAL -eq 0 ] && rm -f \/var\/lock\/subsys\/$prog
\n fi
\n return $RETVAL
\n}<\/p>\n

reload() {
\n echo -n $\"Reloading $desc ($prog): \"
\n killproc -HUP $prog
\n RETVAL=$?
\n echo
\n return $RETVAL
\n}<\/p>\n

restart() {
\n stop
\n start
\n}<\/p>\n

case \"$1\" in
\n start)
\n start
\n ;;
\n stop)
\n stop
\n ;;
\n restart)
\n restart
\n ;;
\n reload)
\n restart
\n ;;
\n condrestart)
\n [ -e \/var\/lock\/subsys\/$prog ] && restart
\n RETVAL=$?
\n ;;
\n status)
\n status $prog
\n status $prog
\n RETVAL=$?
\n ;;
\n *)
\n echo $\"Usage: $0 {start|stop|restart|reload|condrestart|status}\"
\n RETVAL=1
\nesac<\/p>\n

exit $RETVAL<\/code><\/p>\n

Download those two text files & copy them to the relevant system files with the commands:<\/p>\n

Install amavisd-milter sysconfig script:<\/p>\n

wget http:\/\/users.on.net\/~hilton\/amavisd-milter-sysconfig.txt
\nmv amavisd-milter-sysconfig.txt \/etc\/sysconfig\/amavisd-milter<\/code><\/p>\n

Install amavisd-milter init.d script:<\/p>\n

wget http:\/\/users.on.net\/~hilton\/amavisd-milter-init.d.txt
\nmv amavisd-milter-init.d.txt \/etc\/init.d\/amavisd-milter
\nchmod u+x \/etc\/init.d\/amavisd-milter
\nchkconfig --add amavisd-milter<\/code><\/p>\n

2d. Configuring Amavis<\/p>\n

Amavis config file is \/etc\/amavisd.conf and it’s a large text config file, but the relevant settings to check\/set are:<\/p>\n

$protocol = \"AM.PDP\"; # Use AM.PDP protocol.
\n$unix_socketname = \"$MYHOME\/amavisd.sock\"; # uncomment when using milter.
\n#$inet_socket_port = 10024; #comment out with milter.
\n$notify_method = 'pipe:flags=q argv=\/usr\/sbin\/sendmail -Ac -i -odd -f ${sender} -- ${recipient}';
\n$forward_method = undef; #must be set like this with sendmail milter.
\n$mydomain = \"example.com\" #Your domain
\n$myhostname = \"mail.example.com\"; #The FQDN of your Mail Server host
\n$virus_admin = \"root\\@$mydomain\"; #NDR recipient if virus found
\n$mailfrom_notify_admin = \"virusalert\\@$mydomain\"; #NDR --> admin sender<\/code><\/p>\n

Then the following affect the inclusion of mail message headers about the Amavis activity:<\/p>\n

$sa_tag_level_deflt = -9999; # add spam info headers if at, or above that level
\n$sa_tag2_level_deflt = 3.4; # add 'spam detected' headers at that level
\n#sa_kill_level_deflt = 6.31; # triggers spam evasive actions
\n#sa_dsn_cutoff_level = 9; # spam level beyond which a DSN is not sent
\n#$sa_quarantine_cutoff_level = 20; # spam level beyond which quarantine is off
\n$sa_spam_subject_tag = '[SPAM] '; # Prepended to the subject line if defined.<\/code><\/p>\n

2e. Create the ‘virusalert@yourdomain’ email address or alias, enter the following to \/etc\/aliases & run ‘newaliases’
\nvirusalert: root
\nspam-police: root<\/code><\/p>\n

2f. Setting domains which will be passed to Scanners
\nAmavis (Amavisd-New) only hands of messages which are deemed able to be ‘locally delivered’ by Sendmail, but you can include domains for SA (SpamAssassin) processing by loading them to the @local_domains_maps variable in \/etc\/amavisd.conf<\/strong>, which by default is set to the value of $mydomain & its subdomains:<\/p>\n

@local_domains_maps = ( [\".$mydomain\", \".foo.com\"] );<\/code><\/p>\n

You may want to list in @local_domains_maps all hosts & domain names that you have in \/etc\/mail\/local-host-names & \/etc\/mail\/relay-domains<\/p>\n

2g. Further down in the amavisd.conf file you need to enable the ClamAV sections and set the \/var\/run\/clamav\/clamd.sock file (matching the value in \/etc\/clamd.conf)<\/p>\n

['ClamAV-clamd',
\n \\&ask_daemon, [\"CONTSCAN {}\\n\", \"\/var\/run\/clamav\/clamd.sock\"],
\n qr\/\\bOK$\/m, qr\/\\bFOUND$\/m,
\n qr\/^.*?: (?!Infected Archive)(.*) FOUND$\/m ],<\/code><\/p>\n

Now save all these edits to \/etc\/amavisd.conf<\/p>\n

2h. Set relevant entry in \/etc\/sysconfig\/amavisd<\/p>\n

AMAVIS_SENDMAIL_MILTER=\"no\"<\/code><\/p>\n

2i. Sendmail configs to enable use of Amavis-Milter<\/p>\n

Add the following MILTER definition to \/etc\/mail\/sendmail.mc & remove any\/all other Milter definitions (eg: remove clamav & spamass milter entries in sendmail.mc<\/p>\n

define(`MILTER', 1)dnl
\nINPUT_MAIL_FILTER(`milter-amavis', `S=local:\/var\/amavis\/amavisd-milter.sock, F=T, T=S:10m;R:10m;E:10m')dnl<\/code><\/p>\n

If you want your Sendmail server to be available on port 25 (SMTP), then also ensure:<\/p>\n

DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl<\/code><\/p>\n

Then save that update & recreate the sendmail.cf & submit.cf files by running<\/p>\n

make<\/code><\/p>\n

in \/etc\/mail, then restart sendmail (when ready) with<\/p>\n

service sendmail restart<\/code><\/p>\n

3. Start daemons up & monitor \/var\/log\/maillog for their logging<\/p>\n

service sendmail restart
\nservice amavisd start
\nservice amavisd-milter start
\nservice clamd restart<\/code><\/p>\n

4. Test \/ Check<\/p>\n

4a. Send an email through the server, either with manual “telnet your-mail-server 25” or such.<\/p>\n

4b. Monitor \/var\/log\/maillog<\/p>\n","protected":false},"excerpt":{"rendered":"

I’ve previously described the install & setup process for spamass-milter on Sendmail for Anti-Spam processing. This blog post describes a different interface to Sendmail for Anti-Spam & Anti-Virus (AS\/AV), using the Amavis daemon (amavisd-new) along with the Milter interface for … Continue reading →<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[45,44,18,42,43,78],"class_list":["post-229","post","type-post","status-publish","format-standard","hentry","category-network-presence","tag-amavisd-new","tag-clamav","tag-linux","tag-sendmail","tag-spamassassin","tag-sysadmin"],"_links":{"self":[{"href":"http:\/\/blog.networkpresence.co\/index.php?rest_route=\/wp\/v2\/posts\/229","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/blog.networkpresence.co\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/blog.networkpresence.co\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/blog.networkpresence.co\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"http:\/\/blog.networkpresence.co\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=229"}],"version-history":[{"count":12,"href":"http:\/\/blog.networkpresence.co\/index.php?rest_route=\/wp\/v2\/posts\/229\/revisions"}],"predecessor-version":[{"id":3178,"href":"http:\/\/blog.networkpresence.co\/index.php?rest_route=\/wp\/v2\/posts\/229\/revisions\/3178"}],"wp:attachment":[{"href":"http:\/\/blog.networkpresence.co\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=229"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/blog.networkpresence.co\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=229"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/blog.networkpresence.co\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=229"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}