Comprehensive Guide to Configuring Amavis for Effective Anti-Spam Protection

by

Amavis (A Mail Virus Scanner) is a versatile content filter used with mail servers to scan for spam, viruses, and other malicious content. It integrates seamlessly with popular MTAs like Postfix, Exim, and Sendmail. This guide will provide a step-by-step process to install, configure, and optimize Amavis for maximum protection against spam.

Table of Contents

  1. Introduction to Amavis
  2. System Requirements
  3. Installing Amavis
    • On Ubuntu/Debian
    • On CentOS/RHEL
  4. Configuring Amavis
  5. Integrating Amavis with Popular Mail Servers
    • Postfix
    • Exim
    • Sendmail
  6. Configuring Spam and Virus Scanning
  7. Whitelisting and Blacklisting
  8. Logging and Monitoring Amavis
  9. Advanced Amavis Configuration
  10. Troubleshooting Common Issues
  11. Best Practices for Amavis Configuration

1. Introduction to Amavis

Amavis is a high-performance content filter for mail servers that checks incoming and outgoing messages for spam and viruses. It is often used with SpamAssassin and ClamAV for comprehensive email protection.

Key Features:

  • Integration with multiple MTAs
  • Virus and spam scanning
  • Custom policy configuration
  • Support for DKIM, SPF, and DMARC

2. System Requirements

Ensure your system meets the following requirements:

  • Linux (Ubuntu, Debian, CentOS, RHEL)
  • Mail Transfer Agent (Postfix, Exim, Sendmail)
  • Perl 5.10 or later
  • SpamAssassin (for spam detection)
  • ClamAV (for virus scanning)

3. Installing Amavis

On Ubuntu/Debian

sudo apt update sudo apt install amavisd-new spamassassin clamav-daemon

Enable and start services:

sudo systemctl enable amavis clamav-daemon sudo systemctl start amavis clamav-daemon

On CentOS/RHEL

Enable EPEL repository:

sudo yum install epel-release

Install packages:

sudo yum install amavisd-new spamassassin clamav clamav-update

Enable and start services:

sudo systemctl enable amavisd clamd sudo systemctl start amavisd clamd

4. Configuring Amavis

Amavis configuration is located in:

/etc/amavis/conf.d/

Main Configuration File

Edit the 50-user file for custom settings:

sudo nano /etc/amavis/conf.d/50-user

Basic settings:

$sa_tag_level_deflt = -999; $sa_tag2_level_deflt = 5.0; $sa_kill_level_deflt = 10.0; @local_domains_acl = ( ".example.com" ); $virus_admin = 'admin@example.com';

Restart Amavis after changes:

sudo systemctl restart amavis

5. Integrating Amavis with Popular Mail Servers

Postfix Integration

  1. Edit /etc/postfix/master.cf:
smtp-amavis unix - - n - 2 smtp -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes 127.0.0.1:10025 inet n - n - - smtpd -o content_filter= -o receive_override_options=no_unknown_recipient_checks
  1. Edit /etc/postfix/main.cf:
content_filter = smtp-amavis:[127.0.0.1]:10024

Reload Postfix:

sudo systemctl reload postfix

Exim Integration

  1. Edit /etc/exim/exim.conf:
av_scanner = "socket:/var/amavis/amavisd.sock"

Restart Exim:

sudo systemctl restart exim

Sendmail Integration

  1. Add the following to /etc/mail/sendmail.mc:
INPUT_MAIL_FILTER(`amavis', `S=inet:10024@localhost, F=T, T=S:4m;R:4m;E:10m')

Rebuild and restart Sendmail:

sudo make -C /etc/mail sudo systemctl restart sendmail

6. Configuring Spam and Virus Scanning

Ensure Amavis is using SpamAssassin and ClamAV:

@bypass_virus_checks_maps = (0); @bypass_spam_checks_maps = (0);

7. Whitelisting and Blacklisting

Edit /etc/amavis/conf.d/50-user:

Whitelist a domain:

@whitelist_sender_maps = ( ["user@example.com"] );

Blacklist a domain:

@blacklist_sender_maps = ( ["spammer@example.com"] );

Restart Amavis:

sudo systemctl restart amavis

8. Logging and Monitoring Amavis

Check logs for troubleshooting:

tail -f /var/log/mail.log

Enable verbose logging:

$log_level = 2;

9. Advanced Amavis Configuration

Increasing Scan Efficiency

Adjust concurrent processes in /etc/amavis/conf.d/50-user:

$max_servers = 4;

10. Troubleshooting Common Issues

  • Emails not scanning: Ensure Amavis is running and ports 10024/10025 are open.
  • ClamAV errors: Update virus definitions:
sudo freshclam

11. Best Practices for Amavis Configuration

  • Regularly update SpamAssassin and ClamAV rules.
  • Monitor mail logs for anomalies.
  • Adjust spam thresholds based on mail flow.

By following this guide, you will have a robust Amavis setup capable of filtering spam and viruses effectively. Consistently updating and monitoring your configuration will ensure optimal performance and protection against email-borne threats.

Leave a Comment