This forum uses cookies
This forum makes use of cookies to store your login information if you are registered, and your last visit if you are not. Cookies are small text documents stored on your computer; the cookies set by this forum can only be used on this website and pose no security risk. Cookies on this forum also track the specific topics you have read and when you last read them. Please confirm whether you accept or reject these cookies being set.

A cookie will be stored in your browser regardless of choice to prevent you being asked this question again. You will be able to change your cookie settings at any time using the link in the footer.

Centos 7 | Postfix + Amavisd-new + ClamAV + Spamassassin
#1
Centos 7 | Postfix + Amavisd-new + ClamAV + Spamassassin
Install Amavisd-new


Ok. Here we go…
Code:
yum install amavisd-new
This will install amavisd-new and a bunch of dependencies (30Mb)
It will also install Spamassassin by default

Install ClamAV
Code:
yum install clamav clamav-update

edit the following file
Code:
vi /etc/freshclam.conf
and comment the line “Example” like this
Code:
# Example

update the ClamAV database
Code:
freshclam

auto update is already set up, but to work properly, we need to edit the following file:
Code:
vi /etc/sysconfig/freshclam
and remove this 4 lines:
Code:
### !!!!! REMOVE ME !!!!!!
### REMOVE ME: By default, the freshclam update is disabled to avoid
### REMOVE ME: network access without prior activation
FRESHCLAM_DELAY=disabled-warn   # REMOVE ME

edit the cron file just to make sure that the line is not commented
Code:
vi /etc/cron.d/clamav-update

OK. Packages are installed. Here comes the configuration part

Configuration

We need to edit amavisd.conf file
Code:
vi /etc/amavisd/amavisd.conf

Change the following lines like this…
Code:
$mydomain = ‘domain.com’;   # a convenient default for other settings
$myhostname = 'mail.domain.com’;  # must be a fully-qualified domain name and same as reverse DNS lookup

Now we need to check if everything is set in postfix master.cf
Code:
vi /etc/postfix/master.cf

On top you should have lines…
Code:
smtp      inet  n       -       n       -       -       smtpd
 -o smtpd_sasl_auth_enable=yes
 -o receive_override_options=no_address_mappings
 -o content_filter=smtp-amavis:127.0.0.1:10024
…and on the bottom of the file…
Code:
#
# spam/virus section
#
smtp-amavis  unix  -    -       y       -       2       smtp
 -o smtp_data_done_timeout=1200
 -o disable_dns_lookups=yes
 -o smtp_send_xforward_command=yes
127.0.0.1:10025 inet n  -       y       -       -       smtpd
 -o content_filter=
 -o smtpd_helo_restrictions=
 -o smtpd_sender_restrictions=
 -o smtpd_recipient_restrictions=permit_mynetworks,reject
 -o mynetworks=127.0.0.0/8
 -o smtpd_error_sleep_time=0
 -o smtpd_soft_error_limit=1001
 -o smtpd_hard_error_limit=1000
 -o receive_override_options=no_header_body_checks
 -o smtpd_helo_required=no
 -o smtpd_client_restrictions=
 -o smtpd_restriction_classes=
 -o disable_vrfy_command=no
 -o strict_rfc821_envelopes=yes

Stop the postfix daemon
Code:
systemctl stop postfix

First we need to make sure that Spamassassin, Amavisd-new and ClamAV daemons are running
Code:
systemctl start spamassassin
systemctl start amavisd # This will also run ClamAV

Then make sure that after reboot all daemons are automatically started:
Code:
systemctl enable spamassassin
systemctl enable amavisd

Now start the postfix daemon:
Code:
systemctl start postfix

If all is well, we should have a basic spam and virus protection up and running!
Let's do some testing:

Test Amavisd…

Code:
telnet localhost 10024
Trying ::1...
Connected to localhost.
Escape character is '^]'.
220 [::1] ESMTP amavisd-new service ready
ehlo localhost
250-[::1]
250-VRFY
250-PIPELINING
250-SIZE
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-DSN
250 XFORWARD NAME ADDR PORT PROTO HELO IDENT SOURCE
OK. 

Test the SMTP daemon on port 10025

Code:
telnet localhost 10025
Trying ::1...
telnet: connect to address ::1: Connection refused
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 mail.domain.com ESMTP
ehlo localhost
250-mail.domain.com
250-PIPELINING
250-SIZE 20480000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
OK.

Daemons are up and running. It's time to send some viruses and spam to test our server.

Keep an eye on maillog file while receiving virus and spam
Code:
tail -f /var/log/maillog

Send an email from external account (gmail) to account hosted on this server with the following content (Eicar virus) :
Code:
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

You should see something like this in your maillog file…
Code:
Feb 00 00:00:00 host amavis[32426]: (032426-01) Blocked INFECTED (Eicar-Test-Signature) {DiscardedOpenRelay,Quarantined}
Woohoo, Amavis, ClamAV and Postfix are working together nicely!

What about SPAM? Send the following string from external account:
Code:
XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X

Check the maillog…
Code:
Feb 00 00:00:00 host amavis[32425]: (032425-02) Blocked SPAM {DiscardedOpenRelay,Quarantined}
Blocked!

One last thing to do… Spamassassin already added a cron job. Just make sure that the line is not commented!
Code:
vi /etc/cron.d/sa-update

Thats it! Job well done.
Reply
Thanks given by: kellenw , SidedTech , kmlreverser , wormsunited
#2
RE: Centos 7 | Postfix + Amavisd-new + ClamAV + Spamassassin
Great thanks for sharing.

Notice for those who plan to use the above you will need more ram for this setup usually above 1GB and best at 2GB.

M B
No support using PM (Auto adding to IGNORE list!), use the forum. 
How to ask
Coldfusion Freelance

10$ free to start your VPS

Reply
Thanks given by:
#3
RE: Centos 7 | Postfix + Amavisd-new + ClamAV + Spamassassin
Any chance someone would be willing to put together a similar how-to for Ubuntu 14.04? I set all this up on my old zpanel production server running Ubuntu 12.04, but I can't remember how I did it. Smile
Reply
Thanks given by:
#4
RE: Centos 7 | Postfix + Amavisd-new + ClamAV + Spamassassin
The path instruction over appending/edit files are the same, you mainly replace yum with apt-get and systemctl restart command & you will get a Ubuntu how to ;-).
No support using PM (Auto adding to IGNORE list!), use the forum. 
How to ask
Coldfusion Freelance

10$ free to start your VPS

Reply
Thanks given by:
#5
RE: Centos 7 | Postfix + Amavisd-new + ClamAV + Spamassassin
Thanks for the reply Me.B.  I tried setting it up substituting the various ubuntu/debian specific commands (apt-get instead of yum, nano instead of vi, etc.).  It mostly went well, but I ran into a couple points of confusion.

1. Instead of this:
Code:
yum install clamav clamav-update

I used this:
Code:
apt-get install clamav

...Because the extra "clamav-update" portion resulted in some "unable to locate package" errors.  Is it okay just to use the command above (without "clamav-update") instead, or do I need to add something else instead?  For instance,

Code:
apt-get install clamav clamav-daemon -y

Maybe that's what I should be using?




2. There was no "Example" line in this file:
Code:
/etc/freshclam.conf

I assume that's okay and can be ignored?


3. This file:
Code:
/etc/sysconfig/freshclam

...Doesn't exist in Ubuntu... Or better put, it's in a different location than sysconfig, because that folder does not exist.  Any idea where it would be located in ubuntu?


The rest is simple enough.  I just need to verify/correct the above issues, and then I'll give it another try, and write up a "how-to" specific to Ubuntu once successful.

Thanks! Smile
Reply
Thanks given by:
#6
RE: Centos 7 | Postfix + Amavisd-new + ClamAV + Spamassassin
sudo apt-get install clamav clamtk

http://askubuntu.com/questions/282452/ho...untu-12-10

yep no example no issue as ubuntu conf files are a bit cleaner than centos.

/etc/clamav/freshclam.conf
http://manpages.ubuntu.com/manpages/prec...onf.5.html

M B
No support using PM (Auto adding to IGNORE list!), use the forum. 
How to ask
Coldfusion Freelance

10$ free to start your VPS

Reply
Thanks given by:
#7
RE: Centos 7 | Postfix + Amavisd-new + ClamAV + Spamassassin
I ended up following the directions for Ubuntu in this link https://help.ubuntu.com/community/PostfixAmavisNew
It worked correctly. I've posted the link in the how-to section.

Mods - You could probably delete all my posts and related replies in this thread since they are unrelated to the Centos setup, and it will keep this thread cleaner.

Thanks!
Reply
Thanks given by:
#8
RE: Centos 7 | Postfix + Amavisd-new + ClamAV + Spamassassin
Hi Guys,
Did everything like the tutorial, also the telnet tests where the same.
But when i send a email from Gmail with the (Eicar virus) in it, it will not block... mails still deliver.
what can that be?

EDIT:

Never mind... i see other lines in MAILLOG but with same result... Smile

May 28 21:54:59 sentora postfix/smtp[14945]: 447CB417B1: to=<my@domain.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=5.8, delays=0.27/0/0.02/5.5, dsn=2.7.0, status=sent (250 2.7.0 Ok, discarded, id=08267-13 - spam)

May 28 21:56:25 sentora postfix/smtp[14945]: BD066417B1: to=<my@domain.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=0.74, delays=0.48/0/0.04/0.21, dsn=2.7.0, status=sent (250 2.7.0 Ok, discarded, id=08267-14 - INFECTED: Eicar-Test-Signature)
Reply
Thanks given by:
#9
RE: Centos 7 | Postfix + Amavisd-new + ClamAV + Spamassassin
Thank you! After installation for some reason in the /etc/postfix/master.cf top lines looked different
was missing " -o smtpd_sasl_auth_enable=yes"
And two -o instructions on top was commented out with #, thanks to detailed instructions i have noticed that my relay is not what it needed to be, and was easily able to fix it.

Only one things was confusing, testing with telnet. My Centos setup dont have it and i was not going to install it just to test. Maybe warn others that this function is not installed by default?

Admins, please delete the Ubuntu questions from the thread, there is topic with Ubuntu instructions available (http://forums.sentora.org/showthread.php?tid=1175).
Reply
Thanks given by:
#10
RE: Centos 7 | Postfix + Amavisd-new + ClamAV + Spamassassin
I m having problems when start please help

[root@host201 ~]# systemctl start amavisd
Job for amavisd.service failed. See 'systemctl status amavisd.service' and 'jour nalctl -xn' for details.
[root@host201 ~]#
[root@host201 ~]# systemctl status amavisd.service
amavisd.service - Amavisd-new is an interface between MTA and content checkers.
Loaded: loaded (/usr/lib/systemd/system/amavisd.service; enabled)
Active: failed (Result: start-limit) since Fri 2015-06-12 05:43:16 CDT; 29s ago
Docs: http://www.ijs.si/software/amavisd/#doc
Process: 10424 ExecStart=/usr/sbin/amavisd -c /etc/amavisd/amavisd.conf (code=exited, status=227/NO_NEW_PRIVILEGES)

Jun 12 05:43:15 host201 systemd[1]: Failed to start Amavisd-new is an interface b...s..
Jun 12 05:43:15 host201 systemd[1]: Unit amavisd.service entered failed state.
Jun 12 05:43:16 host201 systemd[1]: amavisd.service holdoff time over, scheduling...rt.
Jun 12 05:43:16 host201 systemd[1]: Stopping Amavisd-new is an interface between ......
Jun 12 05:43:16 host201 systemd[1]: Starting Amavisd-new is an interface between ......
Jun 12 05:43:16 host201 systemd[1]: amavisd.service start request repeated too qu...rt.
Jun 12 05:43:16 host201 systemd[1]: Failed to start Amavisd-new is an interface b...s..
Jun 12 05:43:16 host201 systemd[1]: Unit amavisd.service entered failed state.
Hint: Some lines were ellipsized, use -l to show in full.
[root@host201 ~]#
[root@host201 ~]# jour nalctl -xn
-bash: jour: command not found
[root@host201 ~]# journalctl -xn
-- Logs begin at Thu 2015-04-09 15:41:35 CDT, end at Fri 2015-06-12 05:45:01 CDT. --
Jun 12 05:43:17 host201 postfix/postfix-script[10436]: fatal: cannot execute /usr/sbin/postconf!
Jun 12 05:43:17 host201 systemd[1]: postfix.service: control process exited, code=exited status=1
Jun 12 05:43:17 host201 systemd[1]: Failed to start Postfix Mail Transport Agent.
-- Subject: Unit postfix.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/lis...temd-devel
--
-- Unit postfix.service has failed.
--
-- The result is failed.
Jun 12 05:43:17 host201 systemd[1]: Unit postfix.service entered failed state.
Jun 12 05:44:50 host201 systemd[1]: Starting Telnet Server...
-- Subject: Unit telnet@16-31.187.71.150:23-220.130.12.107:32999.service has begun with start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/lis...temd-devel
--
-- Unit telnet@16-31.187.71.150:23-220.130.12.107:32999.service has begun starting up.
Jun 12 05:44:50 host201 systemd[1]: Started Telnet Server.
-- Subject: Unit telnet@16-31.187.71.150:23-220.130.12.107:32999.service has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/lis...temd-devel
--
-- Unit telnet@16-31.187.71.150:23-220.130.12.107:32999.service has finished starting up.
--
-- The start-up result is done.
Jun 12 05:44:51 host201 telnetd[10439]: ttloop: peer died: EOF
Jun 12 05:45:01 host201 systemd[1]: Starting Session 14224130 of user root.
-- Subject: Unit session-14224130.scope has begun with start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/lis...temd-devel
--
-- Unit session-14224130.scope has begun starting up.
Jun 12 05:45:01 host201 systemd[1]: Started Session 14224130 of user root.
-- Subject: Unit session-14224130.scope has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/lis...temd-devel
--
-- Unit session-14224130.scope has finished starting up.
--
-- The start-up result is done.
Jun 12 05:45:01 host201 CROND[10442]: (root) CMD (nice -2 /usr/bin/php -q /etc/sentora/panel/bin/daemon.php > /var/sentora/logs/daemon-last-run.log 2>&1)
[root@host201 ~]#
Reply
Thanks given by:


Possibly Related Threads...
Thread Author Replies Views Last Post
[How To] Update from PHP v5.4.16 to v5.6.31 (Includes suhosin patch) [CentOS] betatester3.0 0 175 10-18-2017, 02:46 AM
Last Post: betatester3.0
[How-To] Install the perfect Sentora server using CentOS 7 betatester3.0 0 166 10-18-2017, 12:55 AM
Last Post: betatester3.0
Centos 7 | Postfix + Postgrey and other SPAM evasive actions paknet 4 8,852 10-11-2017, 09:45 AM
Last Post: wormsunited

Forum Jump:


Users browsing this thread: 1 Guest(s)