This forum uses cookies
This forum makes use of cookies to store your login information if you are registered, and your last visit if you are not. Cookies are small text documents stored on your computer; the cookies set by this forum can only be used on this website and pose no security risk. Cookies on this forum also track the specific topics you have read and when you last read them. Please confirm whether you accept or reject these cookies being set.

A cookie will be stored in your browser regardless of choice to prevent you being asked this question again. You will be able to change your cookie settings at any time using the link in the footer.

Centos 7 | Postfix + Amavisd-new + ClamAV + Spamassassin
#11
RE: Centos 7 | Postfix + Amavisd-new + ClamAV + Spamassassin
[root@host201 ~]# telnet localhost 10024
Trying ::1...
telnet: connect to address ::1: Connection refused
Trying 127.0.0.1...
telnet: connect to address 127.0.0.1: Connection refused
Reply
Thanks given by:
#12
RE: Centos 7 | Postfix + Amavisd-new + ClamAV + Spamassassin
(02-24-2015, 11:16 AM)paknet Wrote: Install Amavisd-new


Ok. Here we go…
Code:
yum install amavisd-new
This will install amavisd-new and a bunch of dependencies (30Mb)
It will also install Spamassassin by default

Install ClamAV
Code:
yum install clamav clamav-update

edit the following file
Code:
vi /etc/freshclam.conf
and comment the line “Example” like this
Code:
# Example

update the ClamAV database
Code:
freshclam

auto update is already set up, but to work properly, we need to edit the following file:
Code:
vi /etc/sysconfig/freshclam
and remove this 4 lines:
Code:
### !!!!! REMOVE ME !!!!!!
### REMOVE ME: By default, the freshclam update is disabled to avoid
### REMOVE ME: network access without prior activation
FRESHCLAM_DELAY=disabled-warn   # REMOVE ME

edit the cron file just to make sure that the line is not commented
Code:
vi /etc/cron.d/clamav-update

OK. Packages are installed. Here comes the configuration part

Configuration

We need to edit amavisd.conf file
Code:
vi /etc/amavisd/amavisd.conf

Change the following lines like this…
Code:
$mydomain = ‘domain.com’;   # a convenient default for other settings
$myhostname = 'mail.domain.com’;  # must be a fully-qualified domain name and same as reverse DNS lookup

Now we need to check if everything is set in postfix master.cf
Code:
vi /etc/postfix/master.cf

On top you should have lines…
Code:
smtp      inet  n       -       n       -       -       smtpd
 -o smtpd_sasl_auth_enable=yes
 -o receive_override_options=no_address_mappings
 -o content_filter=smtp-amavis:127.0.0.1:10024
…and on the bottom of the file…
Code:
#
# spam/virus section
#
smtp-amavis  unix  -    -       y       -       2       smtp
 -o smtp_data_done_timeout=1200
 -o disable_dns_lookups=yes
 -o smtp_send_xforward_command=yes
127.0.0.1:10025 inet n  -       y       -       -       smtpd
 -o content_filter=
 -o smtpd_helo_restrictions=
 -o smtpd_sender_restrictions=
 -o smtpd_recipient_restrictions=permit_mynetworks,reject
 -o mynetworks=127.0.0.0/8
 -o smtpd_error_sleep_time=0
 -o smtpd_soft_error_limit=1001
 -o smtpd_hard_error_limit=1000
 -o receive_override_options=no_header_body_checks
 -o smtpd_helo_required=no
 -o smtpd_client_restrictions=
 -o smtpd_restriction_classes=
 -o disable_vrfy_command=no
 -o strict_rfc821_envelopes=yes

Stop the postfix daemon
Code:
systemctl stop postfix

First we need to make sure that Spamassassin, Amavisd-new and ClamAV daemons are running
Code:
systemctl start spamassassin
systemctl start amavisd # This will also run ClamAV

Then make sure that after reboot all daemons are automatically started:
Code:
systemctl enable spamassassin
systemctl enable amavisd

Now start the postfix daemon:
Code:
systemctl start postfix

If all is well, we should have a basic spam and virus protection up and running!
Let's do some testing:

Test Amavisd…

Code:
telnet localhost 10024
Trying ::1...
Connected to localhost.
Escape character is '^]'.
220 [::1] ESMTP amavisd-new service ready
ehlo localhost
250-[::1]
250-VRFY
250-PIPELINING
250-SIZE
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-DSN
250 XFORWARD NAME ADDR PORT PROTO HELO IDENT SOURCE
OK. 

Test the SMTP daemon on port 10025

Code:
telnet localhost 10025
Trying ::1...
telnet: connect to address ::1: Connection refused
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 mail.domain.com ESMTP
ehlo localhost
250-mail.domain.com
250-PIPELINING
250-SIZE 20480000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
OK.

Daemons are up and running. It's time to send some viruses and spam to test our server.

Keep an eye on maillog file while receiving virus and spam
Code:
tail -f /var/log/maillog

Send an email from external account (gmail) to account hosted on this server with the following content (Eicar virus) :
Code:
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

You should see something like this in your maillog file…
Code:
Feb 00 00:00:00 host amavis[32426]: (032426-01) Blocked INFECTED (Eicar-Test-Signature) {DiscardedOpenRelay,Quarantined}
Woohoo, Amavis, ClamAV and Postfix are working together nicely!

What about SPAM? Send the following string from external account:
Code:
XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X

Check the maillog…
Code:
Feb 00 00:00:00 host amavis[32425]: (032425-02) Blocked SPAM {DiscardedOpenRelay,Quarantined}
Blocked!

One last thing to do… Spamassassin already added a cron job. Just make sure that the line is not commented!
Code:
vi /etc/cron.d/sa-update

Thats it! Job well done.

I have installed it in correctly. All service run well. But no detect any virus and spam like email.

Code:
XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X
and
Code:
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

are not detected. Email sent smoothly
Reply
Thanks given by:
#13
RE: Centos 7 | Postfix + Amavisd-new + ClamAV + Spamassassin
you need to install clamav-scanner as well and then it works

Code:
yum install clamav-scanner
Reply
Thanks given by:
#14
RE: Centos 7 | Postfix + Amavisd-new + ClamAV + Spamassassin
After installing everything as instructed (on CentOS 7), while the test spam and virus emails are properly classified, the maillog shows the following error:


May 31 00:55:13 sf amavis[3540]: (03540-05) (!)connect to /var/run/clamd.amavisd/clamd.sock failed, attempt Forum Add-ons and Usage: Can't connect to a UNIX socket /var/run/clamd.amavisd/clamd.sock: No such file or directory
May 31 00:55:14 sf amavis[3540]: (03540-05) (!)connect to /var/run/clamd.amavisd/clamd.sock failed, attempt Forum Add-ons and Usage: Can't connect to a UNIX socket /var/run/clamd.amavisd/clamd.sock: No such file or directory
May 31 00:55:14 sf amavis[3540]: (03540-05) (!)ClamAV-clamd: All attempts (1) failed connecting to /var/run/clamd.amavisd/clamd.sock, retrying (2)
May 31 00:55:18 sf amavis[3539]: (03539-05) Blocked INFECTED (Eicar-Test-Signature) {DiscardedInbound,Quarantined}, [74.125.82.41]:38479 [74.125.82.41] <zoltan.0.fedor@gmail.com> -> <zfedor@sf.com>, Queue-ID: EA875BF7CE, Message-ID: <CADi59_YrQ4KonGKf_G8778fxrBmGYkyJp7uZtCqUd+QHdjSw@mail.gmail.com>, mail_id: pjCwn64nuId, Hits: -, size: 2797, dkim_sd=20120113:gmail.com, 26349 ms
May 31 00:55:18 sf postfix/smtp[4682]: EA875BF7CE: to=<zfedor@sf.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=26, delays=0.12/0.02/0.01/26, dsn=2.7.0, status=sent (250 2.7.0 Ok, discarded, id=03539-05 - INFECTED: Eicar-Test-Signature)
May 31 00:55:18 sf postfix/qmgr[4535]: EA875BF7CE: removed
May 31 00:55:20 sf amavis[3540]: (03540-05) (!)connect to /var/run/clamd.amavisd/clamd.sock failed, attempt Forum Add-ons and Usage: Can't connect to a UNIX socket /var/run/clamd.amavisd/clamd.sock: No such file or directory
May 31 00:55:20 sf amavis[3540]: (03540-05) (!)ClamAV-clamd av-scanner FAILED: run_av error: Too many retries to talk to /var/run/clamd.amavisd/clamd.sock (All attempts (1) failed connecting to /var/run/clamd.amavisd/clamd.sock) at (eval 129) line 613.\n
May 31 00:55:20 sf amavis[3540]: (03540-05) (!)WARN: all primary virus scanners failed, considering backups
Reply
Thanks given by:
#15
RE: Centos 7 | Postfix + Amavisd-new + ClamAV + Spamassassin
I had the same problem. Did you try installing clamav-scanner? You need to restart all the services after that
Reply
Thanks given by:
#16
RE: Centos 7 | Postfix + Amavisd-new + ClamAV + Spamassassin
(05-31-2016, 09:00 AM)zfedor Wrote: After installing everything as instructed (on CentOS 7), while the test spam and virus emails are properly classified, the maillog shows the following error:


May 31 00:55:13 sf amavis[3540]: (03540-05) (!)connect to /var/run/clamd.amavisd/clamd.sock failed, attempt Forum Add-ons and Usage: Can't connect to a UNIX socket /var/run/clamd.amavisd/clamd.sock: No such file or directory
May 31 00:55:14 sf amavis[3540]: (03540-05) (!)connect to /var/run/clamd.amavisd/clamd.sock failed, attempt Forum Add-ons and Usage: Can't connect to a UNIX socket /var/run/clamd.amavisd/clamd.sock: No such file or directory
May 31 00:55:14 sf amavis[3540]: (03540-05) (!)ClamAV-clamd: All attempts (1) failed connecting to /var/run/clamd.amavisd/clamd.sock, retrying (2)
May 31 00:55:18 sf amavis[3539]: (03539-05) Blocked INFECTED (Eicar-Test-Signature) {DiscardedInbound,Quarantined}, [74.125.82.41]:38479 [74.125.82.41] <zoltan.0.fedor@gmail.com> -> <zfedor@sf.com>, Queue-ID: EA875BF7CE, Message-ID: <CADi59_YrQ4KonGKf_G8778fxrBmGYkyJp7uZtCqUd+QHdjSw@mail.gmail.com>, mail_id: pjCwn64nuId, Hits: -, size: 2797, dkim_sd=20120113:gmail.com, 26349 ms
May 31 00:55:18 sf postfix/smtp[4682]: EA875BF7CE: to=<zfedor@sf.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=26, delays=0.12/0.02/0.01/26, dsn=2.7.0, status=sent (250 2.7.0 Ok, discarded, id=03539-05 - INFECTED: Eicar-Test-Signature)
May 31 00:55:18 sf postfix/qmgr[4535]: EA875BF7CE: removed
May 31 00:55:20 sf amavis[3540]: (03540-05) (!)connect to /var/run/clamd.amavisd/clamd.sock failed, attempt Forum Add-ons and Usage: Can't connect to a UNIX socket /var/run/clamd.amavisd/clamd.sock: No such file or directory
May 31 00:55:20 sf amavis[3540]: (03540-05) (!)ClamAV-clamd av-scanner FAILED: run_av error: Too many retries to talk to /var/run/clamd.amavisd/clamd.sock (All attempts (1) failed connecting to /var/run/clamd.amavisd/clamd.sock) at (eval 129) line 613.\n
May 31 00:55:20 sf amavis[3540]: (03540-05) (!)WARN: all primary virus scanners failed, considering backups

(05-31-2016, 10:11 AM)chongma Wrote: I had the same problem. Did you try installing clamav-scanner?  You need to restart all the services after that

Yes, I have installed the clamav-scanner and then manually restarted all service. Now - just to be sure - restarted the whole server, but the maillog still shows the same error as before, no change.
Reply
Thanks given by:
#17
RE: Centos 7 | Postfix + Amavisd-new + ClamAV + Spamassassin
Maybe you need to start and enable clamav-scanner. I thought it would be started by amavis
Reply
Thanks given by:
#18
RE: Centos 7 | Postfix + Amavisd-new + ClamAV + Spamassassin
Done that, so the following is running now:

clamd.scan -c /etc/clamd.d/scan.conf --pid /var/run/clamd.scan/clamd.pid

But the issue is still there, no change, even after settings in /etc/clam.d/scan.conf:
LocalSocket /var/run/clamd.amavisd/clamd.sock


/var/run has:
drwxrwx--- 2 amavis clamupdate 40 May 31 13:33 clamd.amavisd
drwx--x--- 2 clamscan clamscan 40 May 31 13:33 clamd.scan
Reply
Thanks given by:
#19
RE: Centos 7 | Postfix + Amavisd-new + ClamAV + Spamassassin
All works perfectly, great post this one for those who want to stop spam and virus on the email accounts, indeed top class.

The only thing that really didnt work was the cmd: 
Code:
tail -f /var/log/maillog

Thumbs up for this, wonderful post  Wink Big Grin Cool Rolleyes
'' Life is full of important choices ''
Help Sentora Donate now => http://sentora.org/donate Blush
Reply
Thanks given by:
#20
RE: Centos 7 | Postfix + Amavisd-new + ClamAV + Spamassassin
(06-12-2015, 08:48 PM)w3in1web Wrote: I m having problems when start please help

[root@host201 ~]# systemctl start amavisd
Job for amavisd.service failed. See 'systemctl status amavisd.service' and 'jour                                                                                        nalctl -xn' for details.
[root@host201 ~]#
[root@host201 ~]# systemctl status amavisd.service
amavisd.service - Amavisd-new is an interface between MTA and content checkers.
  Loaded: loaded (/usr/lib/systemd/system/amavisd.service; enabled)
  Active: failed (Result: start-limit) since Fri 2015-06-12 05:43:16 CDT; 29s ago
    Docs: http://www.ijs.si/software/amavisd/#doc
 Process: 10424 ExecStart=/usr/sbin/amavisd -c /etc/amavisd/amavisd.conf (code=exited,                                                                                  status=227/NO_NEW_PRIVILEGES)
Try running:
amavisd -u amavis -c /etc/amavisd/amavisd.conf debug
I was getting this error, but was missing a ; in my config. so the error doesn't really point you in the right direction...
Reply
Thanks given by:


Possibly Related Threads…
Thread Author Replies Views Last Post
Fail2ban for Sentora (Centos 7) bbspike 14 48 ,694 01-14-2020, 07:32 AM
Last Post: Vedran B
[How To] Update from PHP v5.4.16 to v5.6.31 (Includes suhosin patch) [CentOS] betatester3.0 5 19 ,372 03-18-2019, 01:23 AM
Last Post: BigBang
Ubuntu: How to setup TLS on postfix and dovecot Diablo925 28 116 ,173 02-15-2018, 08:46 PM
Last Post: duane

Forum Jump:


Users browsing this thread: 3 Guest(s)