Amavis (A Mail Virus Scanner) is a versatile content filter used with mail servers to scan for spam, viruses, and other malicious content. It integrates seamlessly with popular MTAs like Postfix, Exim, and Sendmail. This guide will provide a step-by-step process to install, configure, and optimize Amavis for maximum protection against spam.
Table of Contents
- Introduction to Amavis
- System Requirements
- Installing Amavis
- On Ubuntu/Debian
- On CentOS/RHEL
- Configuring Amavis
- Integrating Amavis with Popular Mail Servers
- Postfix
- Exim
- Sendmail
- Configuring Spam and Virus Scanning
- Whitelisting and Blacklisting
- Logging and Monitoring Amavis
- Advanced Amavis Configuration
- Troubleshooting Common Issues
- Best Practices for Amavis Configuration
1. Introduction to Amavis
Amavis is a high-performance content filter for mail servers that checks incoming and outgoing messages for spam and viruses. It is often used with SpamAssassin and ClamAV for comprehensive email protection.
Key Features:
- Integration with multiple MTAs
- Virus and spam scanning
- Custom policy configuration
- Support for DKIM, SPF, and DMARC
2. System Requirements
Ensure your system meets the following requirements:
- Linux (Ubuntu, Debian, CentOS, RHEL)
- Mail Transfer Agent (Postfix, Exim, Sendmail)
- Perl 5.10 or later
- SpamAssassin (for spam detection)
- ClamAV (for virus scanning)
3. Installing Amavis
On Ubuntu/Debian
sudo apt update sudo apt install amavisd-new spamassassin clamav-daemon
Enable and start services:
sudo systemctl enable amavis clamav-daemon sudo systemctl start amavis clamav-daemon
On CentOS/RHEL
Enable EPEL repository:
sudo yum install epel-release
Install packages:
sudo yum install amavisd-new spamassassin clamav clamav-update
Enable and start services:
sudo systemctl enable amavisd clamd sudo systemctl start amavisd clamd
4. Configuring Amavis
Amavis configuration is located in:
/etc/amavis/conf.d/
Main Configuration File
Edit the 50-user
file for custom settings:
sudo nano /etc/amavis/conf.d/50-user
Basic settings:
$sa_tag_level_deflt = -999; $sa_tag2_level_deflt = 5.0; $sa_kill_level_deflt = 10.0; @local_domains_acl = ( ".example.com" ); $virus_admin = 'admin@example.com';
Restart Amavis after changes:
sudo systemctl restart amavis
5. Integrating Amavis with Popular Mail Servers
Postfix Integration
- Edit
/etc/postfix/master.cf
:
smtp-amavis unix - - n - 2 smtp -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes 127.0.0.1:10025 inet n - n - - smtpd -o content_filter= -o receive_override_options=no_unknown_recipient_checks
- Edit
/etc/postfix/main.cf
:
content_filter = smtp-amavis:[127.0.0.1]:10024
Reload Postfix:
sudo systemctl reload postfix
Exim Integration
- Edit
/etc/exim/exim.conf
:
av_scanner = "socket:/var/amavis/amavisd.sock"
Restart Exim:
sudo systemctl restart exim
Sendmail Integration
- Add the following to
/etc/mail/sendmail.mc
:
INPUT_MAIL_FILTER(`amavis', `S=inet:10024@localhost, F=T, T=S:4m;R:4m;E:10m')
Rebuild and restart Sendmail:
sudo make -C /etc/mail sudo systemctl restart sendmail
6. Configuring Spam and Virus Scanning
Ensure Amavis is using SpamAssassin and ClamAV:
@bypass_virus_checks_maps = (0); @bypass_spam_checks_maps = (0);
7. Whitelisting and Blacklisting
Edit /etc/amavis/conf.d/50-user
:
Whitelist a domain:
@whitelist_sender_maps = ( ["user@example.com"] );
Blacklist a domain:
@blacklist_sender_maps = ( ["spammer@example.com"] );
Restart Amavis:
sudo systemctl restart amavis
8. Logging and Monitoring Amavis
Check logs for troubleshooting:
tail -f /var/log/mail.log
Enable verbose logging:
$log_level = 2;
9. Advanced Amavis Configuration
Increasing Scan Efficiency
Adjust concurrent processes in /etc/amavis/conf.d/50-user
:
$max_servers = 4;
10. Troubleshooting Common Issues
- Emails not scanning: Ensure Amavis is running and ports 10024/10025 are open.
- ClamAV errors: Update virus definitions:
sudo freshclam
11. Best Practices for Amavis Configuration
- Regularly update SpamAssassin and ClamAV rules.
- Monitor mail logs for anomalies.
- Adjust spam thresholds based on mail flow.
By following this guide, you will have a robust Amavis setup capable of filtering spam and viruses effectively. Consistently updating and monitoring your configuration will ensure optimal performance and protection against email-borne threats.