[Amavisd-new-debian-devel] amavisd-new 2.5.2-1
Ondřej Surý
ondrej at sury.org
Thu Sep 13 08:49:54 UTC 2007
Hi guys,
attached is patch to update your mercurial repo to 2.5.2-1.
Compiles cleanly.
I have yet to test it on some server :-).
I had to update few patches.
Ondrej
--
Ondřej Surý <ondrej at sury.org> *** http://blog.rfc1925.org/
Kulturnà obÄasnÃk *** http://www.obcasnik.cz/
Nehoupat, prosÃm *** http://nehoupat.blogspot.com/
-------------- next part --------------
# HG changeset patch
# User Ondřej Surý <ondrej at sury.org>
# Date 1189673239 -7200
# Node ID 8a46f5ab6edd3931fc1d4f88e268d5ee5850c82e
# Parent f14c306762a6d899163a5bb69b11d2b432041060
Update HEAD to 2.5.2 upstream source
diff --git a/INSTALL b/INSTALL
--- a/INSTALL
+++ b/INSTALL
@@ -26,19 +26,16 @@ Prerequisites:
file(1) utility is required, the most recent version is heartly recommended!
There are a number of security and robustness problems with earlier versions.
-Use file(1) 4.06 or later to avoid it crashing upon seeing certain files
-and to avoid possible control characters leaking into its output.
-
-Archive::Tar (Archive-Tar-x.xx)
+Use file(1) version 4.21 or later to avoid known security vulnerabilities.
+
Archive::Zip (Archive-Zip-x.xx) (1.14 or later should be used!)
Compress::Zlib (Compress-Zlib-x.xx) (1.35 or later)
Convert::TNEF (Convert-TNEF-x.xx)
-Convert::UUlib (Convert-UUlib-x.xxx) (1.05 or later, stick to new versions!)
+Convert::UUlib (Convert-UUlib-x.xxx) (1.08 or later, stick to new versions!)
MIME::Base64 (MIME-Base64-x.xx)
-MIME::Parser (MIME-Tools-x.xxxx) (latest version from CPAN - currently 5.417)
+MIME::Parser (MIME-Tools-x.xxxx) (latest version from CPAN - currently 5.420)
Mail::Internet (MailTools-1.58 or later have workarounds for Perl 5.8.0 bugs)
Net::Server (Net-Server-x.xx) (version 0.88 finally does setuid right)
-Net::SMTP (libnet-x.xx, ports/net/p5-Net) (>= libnet-1.16 for performance)
Digest::MD5 (Digest-MD5-x.xx) (2.22 or later)
IO::Stringy (IO-stringy-x.xxx)
Time::HiRes (Time-HiRes-x.xx) (use 1.49 or later, older can cause problems)
@@ -76,6 +73,7 @@ The most crucial programs are marked wit
nomarch: http://rus.members.beeb.net/nomarch.html
arc: ftp://ftp.kiarchive.ru/pub/unix/arcers/
lha: http://www2m.biglobe.ne.jp/~dolphin/lha/prog/
+ 7z: http://p7zip.sourceforge.net/, http://www.7-zip.org/
unarj: ftp://ftp.kiarchive.ru/pub/unix/arcers/
arj: http://testcase.newmail.ru/files/ (arj is preferable to unarj)
rar, unrar: http://www.rarsoft.com/, ftp://ftp.kiarchive.ru/pub/unix/arcers/
@@ -207,6 +205,9 @@ Installing the daemon:
chown -R amavis:amavis /var/amavis/home
chmod 750 /var/amavis /var/amavis/home
+ If $TEMPBASE resides on a dedicated file system, it may be prudent to
+ specify mount options: noexec,nosuid,nodev.
+
- install virus scanners (if they are to be used), and Perl module
Mail::SpamAssassin (if desired), and adjust variables in /etc/amavisd.conf.
There are several other Perl modules needed by amavisd daemon
@@ -220,9 +221,10 @@ Installing the daemon:
Some virus scanners may require write permission to the $TEMPBASE directory
to be able to create auxiliary files there.
- If different UID is preferred for an AV scanner, a solution for
- ClamAV is to add user clamav to the amavis group, and then add
- AllowSupplementaryGroups to clamd.conf.
+ If a different UID is preferred for an AV scanner, a solution for ClamAV
+ is to add user clamav to the amavis group (e.g.: vscan:*:110:clamav
+ in a file /etc/group), and then add: AllowSupplementaryGroups yes
+ to clamd.conf.
- start the program 'amavisd', either as root (possibly with option
-u user), or with su(1) as the user chosen above. It should
diff --git a/MANIFEST b/MANIFEST
--- a/MANIFEST
+++ b/MANIFEST
@@ -14,6 +14,7 @@ amavisd.conf its configuration file
amavisd.conf its configuration file (should go into /etc/)
amavisd.conf-default lists all configuration variables with their defaults
amavisd.conf-sample traditional-style commented amavisd.conf with examples
+amavisd-custom.conf example custom hooks, to be invoked from amavisd.conf
amavisd-agent a demo program to access and display SNMP-like counters
being updated and made available as a Berkeley DB by amavisd
@@ -42,9 +43,3 @@ amavisd-new-qmqpqq.patch adds support
amavisd_init.sh sample init shell script
amavisd-new.spec rpm spec file
-
-Macintosh.tar.gz auto-startup and installation instructions for Macintosh OSX;
- This is a contributed set of files and hasn't been checked
- for correctness or usability by the amavisd-new author.
- In particular, use provided procedures and patches at your
- own risk.
diff --git a/Macintosh.tar.gz b/Macintosh.tar.gz
deleted file mode 100644
Binary file Macintosh.tar.gz has changed
diff --git a/README_FILES/README.courier b/README_FILES/README.courier
--- a/README_FILES/README.courier
+++ b/README_FILES/README.courier
@@ -2,6 +2,10 @@ How to use amavisd-new with Courier
***********************************
by Martin Orr <amavis at martinorr.name>
+
+
+ There may be additional or more up-to-date information at:
+ http://www.martinorr.name/amavisd-new
WARNING: This README applies to the current version of the Courier patch,
and requires Net::Server version 0.90 or later. For older versions of
diff --git a/README_FILES/README.customize b/README_FILES/README.customize
--- a/README_FILES/README.customize
+++ b/README_FILES/README.customize
@@ -1,6 +1,6 @@ Customization of notification messages a
Customization of notification messages and log entries
======================================================
- Mark Martinec <Mark.Martinec at ijs.si>, 2002, 2004, 2006
+ Mark Martinec <Mark.Martinec at ijs.si>, 2002, 2004, 2006, 2007
Since March 2002 amavisd-new provides a way to customize e-mail notification
messages that are sent in response to a virus (and spam) detection,
@@ -67,7 +67,8 @@ The substitution text for the following
is still in place);
h dns name of this host, or configurable name (variable $myhostname)
HOSTNAME same as h
- n amavis internal message id (as seen in log entries)
+ n amavis internal task id (also called message id, am_id) as shown
+ in the log and by amavisd-nanny, e.g. 58725-05-2
b message digest of mail body (MD5, hex)
date_unix_utc timestamp of the message reception - Unix time
@@ -87,16 +88,16 @@ The substitution text for the following
a original SMTP session client IP address(empty if unknown,e.g. no XFORWARD)
g original SMTP session client DNS name (empty if unknown, e.g. no XFORWARD)
e best guess of the originator IP address collected from the Received trace
- l (letter ell) true if sender is local;
- - if SMTP client IP is known (via XFORWARD or AM.PDP from mailer), then
- locality is determined by checking client IP address against @mynetworks
- - if SMTP client IP is NOT provided by MTA, locality is determined by
- comparing sender mail address to @local_domains_maps (can be faked);
+ l (letter ell, suggesting 'local') is true if a variable 'originating' is
+ true, and is an empty string otherwise; the boolean variable 'originating'
+ is under policy bank control, and usually corresponds to a sending host
+ (SMTP client's IP address) matching @mynetworks_maps, or the client being
+ an authenticated roaming user;
o best attempt at determining true sender of the virus - normally same as %s
S address that will get sender notification;
this is normally a one-entry list containing sender address (same as %s),
but may be unmangled/reconstructed in an attempt to undo the address
- forging done by some viruses; in case of unkown (e.g. forged) sender
+ forging done by some viruses; in case of unknown (e.g. forged) sender
address, the result is empty.
R a list of original envelope recipients
@@ -113,29 +114,66 @@ The substitution text for the following
header_field field body of the header field specified in the argument;
can only obtain header field stored in $msginfo->orig_header_fields,
and only its first occurrence; currently these are: from, to, cc, sender,
- subject, received, message-id, resent-message-id, precedence, user-agent,
- x-mailer, dkim-signature, domainkey-signature, authentication-results;
- argument is case-insensitive
- useragent 'User-Agent: ...' or 'X-Mailer: ...' header field (whichever
- is present); note that this is an entire field, including a header
- field head, unlike macros header_field and x-mailer;
- x-mailer 'X-Mailer' header field body (just body, without header field head),
+ subject, received, message-id, resent-message-id, in-reply-to, references,
+ precedence, list-id, user-agent, x-mailer, dkim-signature,
+ domainkey-signature, authentication-results; argument is case-insensitive
+ useragent returns 'User-Agent: ...' or 'X-Mailer: ...' header field
+ (whichever is present); an optional argument specifies whether
+ an entire field is to be returned (empty or unrecognized argument),
+ or just a field name (argument: 'name'), e.g. 'X-Mailer';
+ or just a field body (argument 'body'), e.g. 'Thunderbird_1.5.0.9';
+ x-mailer 'X-Mailer' header field body (just body, without header field name),
deprecated, use macros header_field or useragent instead;
Q MTA queue ID of the message if available (Courier, sendmail milter/AM.PDP)
H a list of all header lines (field may be wrapped over more than one line);
- this does not include the 'Return-Path:' or 'Delivered-To:' headers,
+ this does not include the 'Return-Path:' or 'Delivered-To:' header fields,
which would have been added (or will be added later) by the local
delivery agent if mail would have been delivered to a mailbox.
z original mail size (in bytes)
-
- i long-term unique mail id on this system
+ i long-term unique mail_id on this system, possibly used in log and in
+ quarantine names (also in releasing from a quarantine), e.g. jaUETfyBMJHG
q list of quarantine mailbox names, or empty if not quarantined
- ccat_maj minor category number of the main contents category,
- see constants CC_* in file amavisd
- ccat_min minor category number of the main contents category,
- usually 0 unless more specific information is available
- ccat_name display name of the contents category best describing mail contents
+ ccat_maj (deprecated, use [:ccat|major]) a major category number
+ of the blocking or a main contents category, see constants
+ CC_* in file amavisd
+ ccat_min (deprecated, use [:ccat|minor]) a minor category number
+ of the blocking or a main contents category, usually 0
+ unless more specific information is available (e.g.
+ details about bad header or tag3 spam level)
+ ccat_name (deprecated, use [:ccat|name]) a display name of the
+ blocking or main contents category best describing mail contents
+
+ ccat a new general-purpose macro providing access to information about
+ a mail contents category. Macro 'ccat' takes two optional fixed-string
+ arguments, which are interpreted case-insensitively. In their absence
+ it expands to a string "(maj,min)" which shows a major and a minor
+ contents category number of a blocking ccat for a blocked message,
+ and of a main contents category for a passed message.
+
+ The first argument specifies which attribute of a ccat is to be provided,
+ the second argument specifies whether a main or a blocking contents
+ category is to be consulted:
+
+ The first argument may be any of the following strings:
+ name ... provide a human-readable name of a ccat (%ccat_display_names)
+ major ... provide a number: a major contents category,
+ values correspond to CC_* constants in the program
+ minor ... provide a number: a minor contents category, often a 0
+ <empty>... empty argument (also a default) results in a string "(maj,min)"
+ is_blocking ... '1' if blocking_ccat is true (message is being blocked),
+ or an empty string when a message is being passed;
+ is_nonblocking .. the opposite: '1' if blocking_ccat false, '' otherwise
+ is_blocked_by_nonmain .. '1' if blocking_ccat is true
+ _and_ is different from a main contents category;
+
+ The second argument may be any of the following strings:
+ main ... provide information on main contents category
+ when asked for name/major/minor/<empty>
+ blocking.. provide information on blocking contents category if it exists,
+ otherwise it falls back to providing info on main ccat;
+ this is also a default in the absence of this argument;
+
v output of the (last) virus checking program
V a list of virus names found; contains at least one entry (possibly empty)
if a virus was found, otherwise a null list
@@ -181,23 +219,41 @@ The substitution text for the following
Note that to get a percent character it needs to be doubled, to avoid
its special meaning as a macro call introducer,
e.g. [:sprintf|%%s %%.1f|text|[:SCORE]]
- dquote encloses its argument in double quotes and replace existing
- double quotes by \" (suitable to sanitize Subject header field);
- provisional - exact interpretation may change;
+ join (just like a Perl function join): the first argument is a separator
+ string, remaining arguments are strings to be concatenated, with a
+ separator string inserted at every concatenation point;
+ dquote encloses its argument in double quotes and doubles existing double
+ quotes within a string (suitable to sanitize Subject header field,
+ e.g. ab"oh"cd -> "ab""oh""cd"); provisional - exact interpretation
+ may change (and has changed, prior to 2.4.5 double quotes were replaced
+ by \", which made parsing tricky as backquotes themselves were not
+ escaped);
uquote replaces one or more consecutive space or tab characters by '_',
but does not protect existing underlines, which makes it a lossy
transformation (suitable for logging of From or To header fields);
provisional - exact interpretation may change;
- a couple of SpamAssassin lookalike macros with the same names and arguments
+ supplementary_info gives access to some additional information provided by
+ content scanners, such as a provided by SpamAssassin API routine get_tag.
+ The macro takes two arguments, the first is a tag name (a name of some
+ attribute which is expected to provide an associated value), the second
+ argument is a sprintf format string and is optional, if missing a %s
+ is assumed. Currently the only available attributes are AUTOLEARN,
+ AUTOLEARNSCORE, SC, SCRULE, SCTYPE, RELAYCOUNTRY, and LANGUAGES.
+ These are nonempty only when an associated SpamAssassin plugin or
+ function is enabled.
+
+
+ A couple of SpamAssassin look-alike macros with the same names and arguments
as in SA, see 'man Mail::SpamAssassin::Conf' for details:
- AUTOLEARN autolearn status
+ AUTOLEARN autolearn status (deprecated, use supplementary_info instead)
+
DATE same as date_rfc2822_local
SCORE similar to macro 'c', but returns a single number (sum of
SA score and boost), and allows padding as per SA documentation.
In a per-message log ($log_templ) when a message has multiple
- recipients, a minimum value is given;
+ recipients, a minimum value across all recipients is given;
STARS score as in macro SCORE, but represented as a bar of characters
REPORT a SA terse report of tests hit (for header reports)
SUMMARY similar to macro A, but provides a single multiline string,
@@ -209,6 +265,11 @@ The substitution text for the following
YESNO similar to macro '2', but provides Yes/No instead of 1/0
YESNOCAPS similar to macro '2', but provides YES/NO instead of 1/0
REQD minimal tag2 level of all recipients
+
+ and two additional SA-lookalikes, but with no counterparts in SpamAssassin:
+
+ LOGID log id (a.k.a. am_id) e.g. 58725-05-2, synonym for macro n
+ MAILID mail_id as in quarantine e.g. jaUETfyBMJHG, synonym for macro i
- when $log_recip_templ is expanded (by-recipient log entry), certain
macros keep their general semantics but reflect a value for that recipient:
@@ -225,7 +286,7 @@ The substitution text for the following
%2 above tag2 level for this recipient: Y or 0
%k above kill level for this recipient: Y or 0
REQD recipient's tag2_level
- ccat_maj minor category number, takes into account per-recip bypass_*
+ ccat_maj major category number, takes into account per-recip bypass_*
ccat_min minor category number, takes into account per-recip bypass_*
ccat_name display name of the c.cat, takes into account per-recip bypass_*
remote_mta MTA to which a message was forwarded
@@ -312,11 +373,11 @@ to a macro as its first argument (beside
to a macro as its first argument (besides argument 0, which is a macro
name). Commas within (...) are not special, calls like _TESTS(,)_ and
_SPAMMYTOKENS(2,short)_ still provide a single argument: "," or "2,short"
-respectively, to accomodate SA peculiarity. These all-capitals macros can
+respectively, to accommodate SA peculiarity. These all-capitals macros can
still be called by a normal general-purpose form of a macro call for greater
flexibility, as described above.
-A macro is evaluated only in nonquoted context. Enclosing strings between
+A macro is evaluated only in non-quoted context. Enclosing strings between
tokens [" and "] prevents its evaluation. Quoting may be nested, quote tokens
must be balanced. Evaluating a quoted input strips off one level of quotes.
@@ -393,7 +454,7 @@ as a null lexical separator.
] same thing: a newline-separated list of virus names
[
- %V] a list of virus names, each preceeded by NL and spaces
+ %V] a list of virus names, each preceded by NL and spaces
[ %R |%s --> <%R>|, ] a comma-space separated list of sender/recipient
name pairs where recipient is iterated over the list
diff --git a/README_FILES/README.lookups b/README_FILES/README.lookups
--- a/README_FILES/README.lookups
+++ b/README_FILES/README.lookups
@@ -175,8 +175,8 @@ or false (no, deny, drop). Falling throu
or false (no, deny, drop). Falling through without a match
produces false (undef). Search is case-insensitive.
-lookup_acl is not aware of address extensions and they are not
-handled specially.
+NOTE: lookup_acl is not aware of address extensions and they are
+not handled specially!
If a list element contains a '@', the full e-mail address is compared,
otherwise if a list element has a leading dot, the domain name part is
diff --git a/README_FILES/README.milter b/README_FILES/README.milter
--- a/README_FILES/README.milter
+++ b/README_FILES/README.milter
@@ -185,8 +185,8 @@ is mandatory):
INPUT_MAIL_FILTER(`milter-amavis',
`S=local:/var/amavis/amavis-milter.sock, F=T, T=S:10m;R:10m;E:10m')
- define(`confMILTER_MACROS_ENVFROM',
- confMILTER_MACROS_ENVFROM``, {b}'')dnl # supply macro {b} to helper
+ define(`confMILTER_MACROS_ENVFROM',
+ confMILTER_MACROS_ENVFROM`, r, b') # supply macros b,r to helper
Now rebuild your sendmail.cf file and install it (usually
/etc/mail/sendmail.cf).
diff --git a/README_FILES/README.postfix b/README_FILES/README.postfix
--- a/README_FILES/README.postfix
+++ b/README_FILES/README.postfix
@@ -1,665 +1,1128 @@ This file README.postfix is part of the
-This file README.postfix is part of the amavisd-new distribution,
-which can be found at http://www.ijs.si/software/amavisd/
-
-Author: Mark Martinec <Mark.Martinec at ijs.si>
-Last updated: 2006-09-15
-
-
-How to use amavisd-new with Postfix
-***********************************
-
-Sections labeled 'COMMENT' may be skipped on first reading.
-
-Your Postfix must not be ancient, it must support parameter 'content_filter'.
-Check for the purpose of this parameter in ./README_FILES/FILTER_README
-of the Postfix distribution. This file was revised in postfix-1.1.9-20020512,
-and again in postfix 20030120, you may want to read the latest version.
-In the more recent Postfix documentation the setup described here is known
-as 'Postfix After-Queue Content Filter', section 'Advanced content filter'.
-
-For compatibility with previous versions of amavisd the choice of default
-tcp port numbers is 10024 and 10025, in contrast to 10025 and 10026 as used
-in FILTER_README examples. The service name chosen here is 'smtp-amavis'
-instead of 'scan' as in the Postfix documentation.
-
-We are assuming that Postfix is already installed, configured and is
-working as expected. As a safety net during experimenting one might feel
-better by setting 'soft_bounce=yes' in /etc/postfix/main.cf, and doing
-a 'postfix reload'. It will turn hard errors experienced by Postfix into
-temporary failures, causing failed mail operations to be retried later.
-Don't forget to remove it later when things appear to be running well.
-
-
-1. Install and start amavisd (as explained in INSTALL - just the daemon,
-no helper programs amavis(.c) or amavisd-milter(.c) are needed)
-
-For the first time it is best to start amavisd daemon interactively
-and keep it attached to the terminal:
-
- $ /usr/local/sbin/amavisd debug
-
-From another window check that it is listening on a
-local SMTP port 10024 (the default port):
-
---> $ telnet 127.0.0.1 10024
- Trying 127.0.0.1...
- Connected to 127.0.0.1.
- Escape character is '^]'.
-
- 220 [127.0.0.1] ESMTP amavisd-new service ready
-
---> quit
-
- 221 Bye
- Connection closed by foreign host.
-
-
-2. With a text editor add to the Postfix master.cf file
-the following two entries, e.g. near the end of the file:
-
-smtp-amavis unix - - y/n - 2 smtp
- -o smtp_data_done_timeout=1200
- -o smtp_send_xforward_command=yes
- -o disable_dns_lookups=yes
- -o max_use=20
-
-127.0.0.1:10025 inet n - y/n - - smtpd
- -o content_filter=
- -o smtpd_restriction_classes=
- -o smtpd_delay_reject=no
- -o smtpd_client_restrictions=permit_mynetworks,reject
- -o smtpd_helo_restrictions=
- -o smtpd_sender_restrictions=
- -o smtpd_recipient_restrictions=permit_mynetworks,reject
- -o smtpd_data_restrictions=reject_unauth_pipelining
- -o smtpd_end_of_data_restrictions=
- -o mynetworks=127.0.0.0/8
- -o smtpd_error_sleep_time=0
- -o smtpd_soft_error_limit=1001
- -o smtpd_hard_error_limit=1000
- -o smtpd_client_connection_count_limit=0
- -o smtpd_client_connection_rate_limit=0
- -o smtpd_milters=
- -o local_header_rewrite_clients=
- -o local_recipient_maps=
- -o relay_recipient_maps=
- -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks
-
-Change the 'y/n' to either 'y' or 'n', depending on how you prefer
-the smtp and smtpd postfix services to run - either chroot-ed, or not.
-See your other (normal) smtp and smtpd postfix services in master.cf
-and use the same setting here.
-
-COMMENTS:
-- Of all the options specified above in the second entry,
- the one that is essential is the '-o content_filter=' .
-- The '-o smtp_send_xforward_command=yes'
- (or '-o lmtp_send_xforward_command=yes' if using LMTP)
- is optional, but recommended - amavisd-new benefits from it since V2.0.
- It does not hurt if specified even if not yet supported by the currently
- running Postfix or amavisd-new.
-- the '-o max_use=20' is optional, it overrides the default value of 100,
- and is primarily useful with lmtp, as the Postfix lmtp client is more
- aggressive in keeping the connection open than the smtp client;
-- If there is an entry like 'vscan unix - n n - 2 pipe user=vscan ...'
- from an ancient amavisd installation, it is not needed any longer
- and may be removed. Keeping it does no harm.
-- for IPv6 enabled MTA, consider: -o mynetworks=127.0.0.0/8,[::1]/128
-
-
-3. Do a 'postfix reload', check its log file for any complaints,
- and test if it is listening on port 10025:
-
---> $ telnet 127.0.0.1 10025
- Trying 127.0.0.1...
- Connected to 127.0.0.1.
- Escape character is '^]'.
- 220 yourhost.example.com ESMTP Postfix
---> quit
- 221 Bye
- Connection closed by foreign host.
-
-
-4. If you want, simulate a mail sent to amavisd and see if it gets delivered
- via Postfix to its recipient. Try first with a simple and clean message,
- then a message with an EICAR test virus pattern which should be recognized
- by all virus scanners (unless all scanners are disabled or not installed):
-
---> $ telnet 127.0.0.1 10024
- Trying 127.0.0.1...
- Connected to 127.0.0.1.
- Escape character is '^]'.
- 220 [127.0.0.1] ESMTP amavisd-new service ready
---> MAIL FROM:<test at example.com>
- 250 2.1.0 Sender test at example.com OK
---> RCPT TO:<postmaster>
- 250 2.1.5 Recipient postmaster OK
---> DATA
- 354 End data with <CR><LF>.<CR><LF>
---> Subject: test1
--->
---> test1
---> .
-
-*** 250 2.6.0 Ok, id=31859-01, from MTA: 250 Ok: queued as 90B7F16F
-
---> MAIL FROM:<test at example.com>
- 250 2.1.0 Sender test at example.com OK
---> RCPT TO:<postmaster>
- 250 2.1.5 Recipient postmaster OK
---> DATA
- 354 End data with <CR><LF>.<CR><LF>
---> Subject: test2 - virus test pattern
--->
---> X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
---> .
-
-you should get one of the following replies (or similar), depending on
-the $final_virus_destiny and *virus_lovers* settings in amavisd.conf:
-*** 550 5.7.1 Message content rejected, id=16968-01 - VIRUS: EICAR-AV-Test
-*** 250 2.5.0 Ok, but 1 BOUNCE
-*** 250 2.7.1 Ok, discarded, id=16984-01 - VIRUS: EICAR-AV-Test
-*** 250 2.6.0 Ok, id=17041-01, from MTA: 250 Ok: queued as 3F1841A5F5
-
---> QUIT
- 221 2.0.0 [127.0.0.1] (amavisd) closing transmission channel
- Connection closed by foreign host.
-
-You may need/want to use different sender and recipient addresses.
-The test pattern must be entered exactly to be recognized, starting
-at the beginning of a line (without indentation).
-
-Depending on the settings in amavisd.conf, the sender (test at example.com)
-and the virus administrator may have been sent a (non-)delivery status
-notification, the second message should have been quarantined, and the first
-message must have been successfully delivered to the recipient. See the log
-that is scrolling on the terminal (as set up at step 1) and check for possible
-problems.
-
-
-5. Tell Postfix to start forwarding all mail it receives to amavisd-new
- for content inspection.
-
-To the Postfix main.cf file add a line:
-
- content_filter=smtp-amavis:[127.0.0.1]:10024
-
-either with a text editor, or preferably using a shell command:
- # postconf -e 'content_filter=smtp-amavis:[127.0.0.1]:10024'
-
-COMMENT:
- The global setting of 'content_filter' in main.cf affects any Postfix
- input service (i.e. smtpd and pickup). If a more selective approach
- is required, the option
- -o content_filter=smtp-amavis:[127.0.0.1]:10024
- may be given in master.cf to selected services only, or the option:
- -o content_filter=
- may override (i.e. clear) the global setting on selected services.
-
-
-6. Do a 'postfix reload' and watch the logs - both the Postfix logs,
-and the amavisd log file (on the screen or wherever you have it directed).
-
-If you get in trouble, you only need to undo the step 5 and do a
-'postfix reload'. New mail will no longer be tagged with content filter
-routing.
-
-COMMENT:
- The messages that have been received while 'content_filter' was set,
- will still try to get delivered to your old setting of content_filter,
- and will wait in the queue until successful or deleted or expired - or
- until you do: postsuper -r ALL; postfix reload
-
-If all is fine, you may abort (^C) the process running 'amavisd debug',
-and start amavisd without a 'debug' option, making it detach and daemonize.
-There is no need to stop or restart Postfix.
-
-This completes the integration of amavisd and Postfix.
-It uses the SMTP (or LMTP) protocol for Postfix->amavisd,
-and uses SMTP protocol for amavisd->Postfix communication.
-This is the fastest and recommended method, and simplest to set up.
-
-
-TUNING:
-
-The most important tuning knob is the number of concurrent content filtering
-processes allowed. Too low a value does not fully utilize the host resources,
-a somewhat high value wastes memory and gains no benefit to the aggregate
-mail throughput, while a too high value causes system thrashing and the
-total system mail throughput starts to drop. A useful starting value is 2,
-a commonly useful range is perhaps up to 10 (or perhaps 20 on hosts with
-1 GB of RAM or more, and SA with network tests such as Razor enabled),
-but the exact value largely depends on host capabilities and the anti-virus
-and anti-spam options in use.
-
-It is imperative that both the Postfix and the amavisd-new use the same value.
-Actually the amavisd setting may be higher that the Postfix, but this serves
-no useful purpose and just wastes resources. The amavisd.conf parameter is
-the $max_servers, the Postfix parameter is the maxproc field in the
-'smtp-amavis' entry (file master.cf).
-
-Instead of adjusting the maxproc field of the 'smtp-amavis' service,
-one may prefer to leave it a the default '-', and use a main.cf option
-for the same purpose:
- smtp-amavis_destination_concurrency_limit = 2
-
-For other tuning hints, see README.performance and:
- http://www.ijs.si/software/amavisd/amavisd-new-magdeburg-20050519.pdf
-
-
-TO DO 'VIRTUAL ALIAS' MAPPING AND OTHER POSTFIX CLEANUP PROCESSING
-BEFORE OR AFTER CONTENT FILTERING?
-
-In a post-queue content filtering setup (a normal amavisd-new setup with
-Postfix), a mail message passes through smtpd and cleanup Postfix services
-twice, once before the content filter, and the second time when approved
-message is passed from the content filter back to MTA. Any transformations
-and checks done by a cleanup service are thus performed twice. In simpler
-setups this does not matter much, but in more demanding situations one
-needs to consider which cleanup instance should perform which task.
-See cleanup(8) man page.
-
-In particular, the following should be considered:
-
-- masquerading
-
-- canonical address transformations
- placed before the content filter:
- content filter will see canonicalized envelope addresses
- (e.g. external addresses)
- placed after the content filter:
- content filter will see largely unmodified envelope addresses
-
-- virtual alias transformations of envelope recipient addresses
- placed before the content filter:
- content filter will see modified (e.g. internalized) envelope addresses
- placed after the content filter:
- content filter will see largely unmodified envelope addresses
-
-- built-in content checks like the header_checks, body_checks, mime processing
- placed before the content filter:
- the usual placement, checks should be performed as early as convenient
- placed after the content filter:
- most built-in content checks should not be performed again to save time
- and prevent late bounces. An exception may be the 'placing on hold'
- of a mail message that the content filter considered a potential threat
- and inserted a header field 'X-Amavis-Hold: reason', which needs to be
- done after content filtering.
-
-- automatic BCC recipient controls
- should only be done once to prevent mail duplication. The same
- applies when virtual mapping is used a "poor man's" mailing lists.
- Adding recipients is normally placed after content filtering;
-
-- resource and rate controls
- should be done before the content filtering, and should be disabled
- or be more liberal in the cleanup service after the content filter;
-
-To exercise full control over which cleanup service will perform which
-e-mail address mapping (virtual alias, canonical, masquerading), and
-which (if any) header/body checks, one needs to use two cleanup services:
-
-- add a new service 'pre-cleanup';
-- (optionally) add options to existing service 'cleanup';
-- add option 'cleanup_service_name=pre-cleanup' to existing services
- 'smtp' and 'pickup';
-
-as described further down.
-
-If the full flexibility of having two cleanup services is not needed
-and Postfix is snapshot 2.0.13-20030706 or later, there is a new parameter
-'receive_override_options' which eliminates the need for two cleanup
-services in some more straightforward cases (not all features of having
-two cleanup services are available). The idea is to use:
- -o receive_override_options=no_address_mappings
-for main incoming services (like smtpd and pickup), and the:
- -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks
-for the post-content-filter smtpd service on port 10025.
-See smtpd(8) man page and the FILTER_README and ADDRESS_REWRITING_README
-files in the Postfix documentation directory README_FILES.
-The receive_override_options=no_address_mappings also avoids the need
-for moving always_bcc option from main.cf to master.cf in common cases.
-
-
-ALTERNATIVE FOR POSTFIX OLDER THAN 2.2
-
-Postfix can be told to feed mail to amavisd via LMTP protocol instead
-of SMTP. This is possible since Postfix 2.0 and since amavisd-new-20021116.
-
-LMTP brings per-recipient status responses and multi-transaction session
-capability, the later of which the Postfix service smtp before cca. 2004-08
-lacked. For newer versions of Postfix with "connection cache" capability
-(previously known as "session caching"), i.e. the Postfix 2.2 and the
-snapshots since cca. 2004-08, the per-recipient status responses remains
-the only (small) advantage of LMTP.
-
-A LMTP advantage with its per-recipient status responses is most useful when
-the second MTA instance (on port 10025) returns a 5xx or 4xx SMTP response
-for some but not all recipients for some reason, or if amavisd-new is
-(inappropriately) configured to D_REJECT malware instead of D_BOUNCE it.
-Neither of the two is encountered regularly on well configured systems.
-
-As it is advisable to perform most of the MTA mail checks (like mail address
-validation, header and body checks) as soon as mail enters the mailer, the
-second MTA instance should under normal circumstances hardly ever generate
-a 5xx or 4xx response. Regarding the second argument, rejecting malware
-(D_REJECT) in an after-queue setup leads to backscatter generated by MTA
-and is not a recommended setting in a Postfix after-queue and other
-dual-MTA settings.
-
-To use LMTP instead of SMTP just replace the service name (last item)
-'smtp' with 'lmtp' in the master.cf entry: vvvv
-
-smtp-amavis unix - - y/n - 2 lmtp
- -o lmtp_data_done_timeout=1200
- -o lmtp_send_xforward_command=yes
-
-(and change option names accordingly).
-
-
-OPTIONAL:
-
-It is probably a good idea to set strict_rfc821_envelopes=yes in main.cf
-to reject non-replyable sender addresses such as <@yahoo.com> straight away,
-otherwise we end up processing such mail with inability to bounce it when
-needed, effectively losing such mail.
-
-
-One can set up an e-mail addresses (a mailbox) with Postfix to receive all
-quarantined viruses so that a mailer will deal with storing or forwarding
-them, and a local quarantine directory directly can be avoided. Here is
-one way of doing it, but see 'local(8)' Postfix man page for more options.
-
-This method of quarantining might be the only method available if amavisd
-is running chrooted and quarantine is to be located outside of chroot jail.
-
-To the Postfix aliases file (or database) add an entry for an e-mail address,
-e.g. 'infected', either to forward its mail to some place, or do a local
-delivery to a file or directory, e.g.:
-
-infected: /var/spool/mail/infected
-
-(append a '/' if you prefer Maildir style mailbox),
-then run 'newaliases' (or 'postalias /etc/postfix/aliases').
-
-In your amavisd.conf file specify (note the trailing '@') :
- $virus_quarantine_to = 'infected@'; # forward to MTA for delivery
-
-Reload amavisd (amavisd reload) if it is already running to make it
-re-read its config file, and check the log file. All set! Send some
-infected mail and watch it appear at the specified mailbox.
-
-
-----------------------------------------------------------------------------
-The next section is a commented setup that can be directly appended
-to the Postfix master.cf file instead of the item (2.) above,
-in case you need finer control or better understanding.
-It describes a Postfix setup with two cleanup services, as recommended
-by the new Postfix 2.0.3 README_FILES/FILTER_README .
-
-Here is an overall picture (adapted from FILTER_README to match
-port numbers and service name as traditionally used by amavisd-new):
-
- .......................................
- : Postfix :
- ----->smtpd \ :
- : -pre-cleanup-\ /local---->
- ---->pickup / -queue- :
- : -cleanup-/ | \smtp----->
- : bounces/ ^ v :
- : and locally | v :
- : forwarded smtpd smtp-amavis :
- : messages 10025 | :
- ...........................|...........
- ^ |
- | v
- ............|...............................
- : | $inet_socket_port=10024 :
- : | :
- : $forward_method='smtp:[127.0.0.1]:10025' :
- : $notify_method ='smtp:[127.0.0.1]:10025' :
- : :
- : amavisd-new :
- ............................................
-
-
-
-# Append this to the master.cf Postfix file and edit to will.
-# It defaults to the standard settings as described in README.postfix .
-#
-# Instruct Postfix content filtering to SEND all mail TO amavisd:
-# ===============================================================
-#
-# By default amavisd will listen to both protocols (SMTP/LMTP over TCP,
-# as well as to amavis helper protocol on a Unix socket). The older method
-# using the helper program amavis.c still works, but is not recommended, and
-# is not described here. To disable amavisd-new unnecessarily listening on a
-# Unix socket, comment out the assignment to $unix_socketname in amavisd.conf.
-#
-# NOTE1: match number of sending Postfix processes (the '2' below) with
-# $max_servers in amavisd.conf. Two to ten per CPU should be enough.
-# Going beyond 20 just wastes memory and does not help with throughput.
-# NOTE2: point the 'content_filter' hostname part to where amavisd is running,
-# and match the port number with $inet_socket_port in amavisd.conf, e.g:
-# content_filter = smtp-amavis:my-amavisd-server.example.com:10024
-# NOTE3: you should restrict amavisd to only accept connections from the
-# authorized Postfix host(s) by the @inet_acl access list in
-# the amavisd.conf file, and/or by binding to specific interface, e.g.:
-# $inet_socket_bind = '127.0.0.1'; # limit bind to loopback interface
-# NOTE4: set the chroot field the same (y/n) as for your regular smtp service;
-# NOTE5: set $child_timeout (in amavisd.conf) to a shorter time than
-# the Postfix parameter smtp_data_done_timeout - see rfc1047.
-# The value in '-o smtp_data_done_timeout=1200' must always be larger
-# (with some margin) than the value of $child_timeout in amavisd.conf
-# NOTE6: the option '-o disable_dns_lookups=yes' is recommended for reducing
-# latency with Postfix versions older than 2.0, but specify preferably
-# an IP address and not a DNS name in the content_filter specification
-# (thanks to Victor Duchovni for the suggestion).
-#
-# The "smtp-amavis" transport is a dedicated instance of the "smtp"
-# delivery agent for injecting messages into the SMTP/LMTP content filter.
-# Using a dedicated "smtp" or "lmtp" transport allows one to tune it
-# for the specific task of delivering mail to a local content filter
-# (low latency, low concurrency, throughput dependent on predictably
-# low latency).
-#
-smtp-amavis unix - - n - 2 smtp
- -o smtp_data_done_timeout=1200
- -o smtp_send_xforward_command=yes
-#some more ideas:
-# -o disable_dns_lookups=yes
-# -o max_use=20
-# -o smtp_bind_address=127.0.0.1
-# -o strict_rfc821_envelopes=yes
-# -o smtp_line_length_limit=0
-# -o notify_classes=protocol,resource,software
-# -o fallback_relay=backup-filter.example.com:10024
-
-# or equivalently when using lmtp:
-#smtp-amavis unix - - n - 2 lmtp
-# -o lmtp_data_done_timeout=1200
-# -o lmtp_send_xforward_command=yes
-#...
-
-# COMMENT:
-# To provide a backup content filter in case the primary fails,
-# either use the '-o fallback_relay' as above, or use a DNS name and
-# provide multiple MX records for it. See /etc/postfix/sample-smtp.cf
-# and smtp(8) man page for details.
-
-
-# from amavisd back to Postfix:
-# =============================
-#
-# variant 1A: via SMTP, same host (or see 1B for multihost setup)
-# In amavisd.conf choose the host running Postfix and its port number, e.g.:
-# $notify_method = 'smtp:[127.0.0.1]:10025';
-# $forward_method = 'smtp:[127.0.0.1]:10025';
-
-
-# The following is the SMTP listener that receives filtered messages from the
-# content filter. It *MUST* clear the content_filter parameter to avoid loops.
-#
-# This "smtpd" uses the normal cleanup service which is also used
-# for bounces and for internally forwarded mail.
-#
-# Disable all access control other than insisting on connections from one
-# of the IP addresses of the host. This can reduce resource usage if the
-# default restrictions do lots of checks.
-#
-# NOTE: set the chroot field the same (y/n) as for your regular smtpd service
-#
-127.0.0.1:10025 inet n - n - - smtpd
- -o content_filter=
- -o smtpd_restriction_classes=
- -o smtpd_delay_reject=no
- -o smtpd_client_restrictions=permit_mynetworks,reject
- -o smtpd_helo_restrictions=
- -o smtpd_sender_restrictions=
- -o smtpd_recipient_restrictions=permit_mynetworks,reject
- -o smtpd_data_restrictions=reject_unauth_pipelining
- -o smtpd_end_of_data_restrictions=
- -o mynetworks=127.0.0.0/8
- -o smtpd_error_sleep_time=0
- -o smtpd_soft_error_limit=1001
- -o smtpd_hard_error_limit=1000
- -o smtpd_client_connection_count_limit=0
- -o smtpd_client_connection_rate_limit=0
- -o smtpd_milters=
- -o local_header_rewrite_clients=
- -o local_recipient_maps=
- -o relay_recipient_maps=
- -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks
-
-
-# The following is the cleanup daemon that handles messages in front of
-# the content filter. It does header_checks and body_checks (if any), but
-# does no virtual alias or canonical address mapping, so that mail comes
-# to a content filter with original recipient addresses still intact.
-#
-# Virtual alias or canonical address mapping happens in the second
-# cleanup phase after the content filter. This gives the content_filter
-# access to largely unmodified addresses for maximum flexibility.
-#
-# Note that some sites may specifically want to perform canonical and/or
-# virtual address mapping in front of the content_filter. However, in that
-# case you still have to enable address rewriting in the after-filter cleanup
-# instance in order to correctly process forwarded mail or bounced mail.
-
-# handle both the canonicalization and virtual_alias_maps later
-# (this will provide content filter with largely unmodified addresses)
-#
-pre-cleanup unix n - n - 0 cleanup
- -o virtual_alias_maps=
- -o canonical_maps=
- -o sender_canonical_maps=
- -o recipient_canonical_maps=
- -o masquerade_domains=
-
-# ...or leave canonicalization in pre-cleanup, but do virtual_alias_maps later
-# (this is useful if canonicalization is used to map internal e-mail
-# addresses to external, and you want the content filter to always see
-# external canonical addresses of local users, both as senders,
-# and as recipients):
-#
-#pre-cleanup unix n - n - 0 cleanup
-# -o virtual_alias_maps=
-
-
-# The following is the normal cleanup daemon. No header or body checks here,
-# because these have already been taken care of by the pre-cleanup service
-# before the content filter. The normal cleanup instance does all
-# the virtual alias and canonical address mapping that was disabled
-# in the pre-cleanup instance before the content filter.
-#
-cleanup unix n - n - 0 cleanup
- -o mime_header_checks=
- -o nested_header_checks=
- -o body_checks=
- -o header_checks=
-# or use second-stage header checks, to be able to place mail bombs on HOLD
-# -o header_checks=pcre:/etc/postfix/header_checks2
-# consider also:
-# -o always_bcc=snooping at example.com
-
-# Place the following line (without the leading # and space) into file
-# /etc/postfix/header_checks2, and use the -o header_checks=pcre:... above,
-# if you need trouble mail (e.g. mail bombs) to be placed on hold by Postfix,
-# instead of being passed to recipients:
-#
-# /^X-Amavis-Hold:/ HOLD
-
-
-# These are the usual input "smtpd" and local "pickup" servers already
-# present in master.cf. We add an option to select a non-default
-# cleanup service.
-#
-smtp inet n - n - - smtpd
- -o cleanup_service_name=pre-cleanup
-pickup fifo n - n 60 1 pickup
- -o cleanup_service_name=pre-cleanup
-
-
-
-# variant 1B: via SMTP - with amavisd on a different host,
-# also good for the case of several MTAs using the same amavisd server.
-# - re-injection (forwarding) if $forward_method is smtp:...
-# - notification messages if $notify_method is smtp:...
-# - quarantine if $virus_quarantine_to contains '@'
-# In amavisd.conf set port number where Postfix (one or more) is listening
-# for re-injected mail and notifications, and optionally use an asterisk in
-# $forward_method and $notify_method specification if host or port field
-# is to be dynamically replaced (re-injection port number is automatically
-# set to one higher than the port number on which message came in to amavisd,
-# making possible for several MTA pairs on the same host to independently
-# use amavisd, e.g. separately for incoming and outgoing mail). To prevent
-# unauthorized use of the service you should restrict the set of IP addresses
-# from which amavisd is willing to accept mail by specifying authorized Postfix
-# host(s) with the access list @inet_acl in the amavisd.conf file. Bind must
-# not be restricted to loopback interface, so set $inet_socket_bind to undef.
-#
-# NOTE1: you SHOULD also restrict Postfix to only accept connections
-# on port 10025 from the amavisd host by '-o mynetworks = ...'
-# NOTE2: set the chroot field the same (y/n) as for your regular smtp service.
-
-#10025 inet n - n - - smtpd
-# -o content_filter=
-# -o smtpd_restriction_classes=
-# -o smtpd_delay_reject=no
-# -o smtpd_client_restrictions=permit_mynetworks,reject
-# -o smtpd_helo_restrictions=
-# -o smtpd_sender_restrictions=
-# -o smtpd_recipient_restrictions=permit_mynetworks,reject
-# -o smtpd_data_restrictions=reject_unauth_pipelining
-# -o smtpd_end_of_data_restrictions=
-# -o mynetworks=127.0.0.0/8,10.0.0.0/8,192.168.1.1
-# -o smtpd_error_sleep_time=0
-# -o smtpd_soft_error_limit=1001
-# -o smtpd_hard_error_limit=1000
-# -o smtpd_client_connection_count_limit=0
-# -o smtpd_client_connection_rate_limit=0
-# -o smtpd_milters=
-# -o local_header_rewrite_clients=
-# -o local_recipient_maps=
-# -o relay_recipient_maps=
-# -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks
-
-
-A tip from Wietse Venema (2002-12-12):
-
-| If you want to filter inbound SMTP mail only, then:
-|
-| /etc/postfix/main.cf:
-| smtpd_recipient_restrictions =
-| check_recipient_access hash:/etc/postfix/recipient_access
-| ...the usual stuff here...
-| reject_unauth_destination
-|
-| /etc/postfix/recipient_access:
-| my.domain FILTER foo:bar
-|
-| That filters all the mail that has at least one recipient in your
-| domain, and does not filter mail with external recipients only.
-
-(comment: the 'foo:bar' is what you would traditionally specify
-in content_filter option, i.e. smtp-amavis:[127.0.0.1]:10024 )
+Chapter 1. Integrating amavisd-new in Postfix
+
+ Patrick Ben Koetter
+
+ <[1]patrick.koetter at state-of-mind.de>
+
+ Mark Martinec
+
+ <[2]Mark.Martinec+amavis at ijs.si>
+
+ License: GNU GENERAL PUBLIC LICENSE, Version 2, June 1991
+
+ +------------------------------------------------------------------------+
+ | Revision History |
+ |------------------------------------------------------------------------|
+ | Revision 122 | 15. Jun 2007 | PK |
+ |------------------------------------------------------------------------|
+ | Added Section on Advanced Configuration |
+ |------------------------------------------------------------------------|
+ | Revision 108 | 22. Apr 2007 | PK |
+ |------------------------------------------------------------------------|
+ | Initial publication |
+ +------------------------------------------------------------------------+
+
+ Table of Contents
+
+ [3]1. Requirements
+
+ [4]1.1. Which Postfix version is required?
+
+ [5]1.2. Catching errors during integration
+
+ [6]2. Basic Postfix and amavisd-new configuration
+
+ [7]2.1. Configuring amavisd-new for Postfix
+
+ [8]2.2. Configuring the transport from Postfix to amavisd-new
+
+ [9]2.3. Configuring a dedicated SMTP-server for message
+ reinjection
+
+ [10]2.4. Testing basic configuration
+
+ [11]3. Message filtering examples
+
+ [12]3.1. Filtering E-mail globally
+
+ [13]3.2. Filtering E-mail by Postfix service
+
+ [14]3.3. Filtering E-Mails per Recipient Domain
+
+ [15]3.4. Filtering E-Mails by Sender-Domain
+
+ [16]3.5. Filtering E-mail per Content
+
+ [17]4. Advanced Postfix and amavisd-new configuration
+
+ [18]4.1. Multiple cleanup service architecture
+
+ [19]4.2. Configuring two cleanup services
+
+ [20]5. Tuning
+
+ [21]5.1. Maximum Number of Concurrent Processes
+
+ [22]5.2. Additional Tips for Tuning
+
+ Abstract
+
+ This document describes how amavisd-new can be integrated into the Postfix
+ SMTP delivery process. It lists the necessary requirements, explains how
+ Postfix and amavisd-new need to be configured to basically work together
+ and it gives filter-examples to show how amavisd-new can be called from
+ Postfix.
+
+1. Requirements
+
+ The following requirements must be met before integration can begin:
+
+ 1. amavisd-new has already been installed and successfully tested.
+
+ 2. Postfix has been installed, configured for basic operations and tested
+ successfully.
+
+ [23][Tip] Tip
+ Independently of the configuration examples shown in this
+ document, it is advisable to set strict_rfc821_envelopes = yes
+ in /etc/postfix/main.cf. Postfix will reject any message from
+ envelope-senders, whose address can't be used to send a reply
+ to.
+
+ This avoids accepting e-mails from erroneous envelope-senders
+ that can't be informed of problems, which finally would result
+ in deleting the message - even if Postfix claimed successful
+ delivery in the first.
+
+ 1.1. Which Postfix version is required?
+
+ Integrating amavisd-new into the Postfix delivery process requires that
+ Postfix is able to delegate messages to external content filters. The
+ minimum version that provides content filtering is Postfix
+ release-20010228.
+
+ 1.2. Catching errors during integration
+
+ Chances are that configuration errors during implementation cause Postfix
+ to bounce legitimate messages. Setting the soft_bounce parameter during
+ integration and reloading the Postfix configuration afterwards prevents
+ Postfix from bouncing legitimate mail during that time:
+
+ # postconf -e "soft_bounce = yes"
+ # postfix reload
+
+ As soon as soft_bounce has been activated Postfix will treat all delivery
+ errors as temporary errors - any client that wants to send messages to
+ Postfix will keep mail in the mailqueue and it will suspend delivery until
+ the soft_bounce parameter has been removed or set to no.
+
+ Once the integration of amavisd-new into the Postfix delivery process has
+ been completed successfully soft_bounce must be removed or Postfix will
+ not generate bounce messages for legitimate mail.
+
+2. Basic Postfix and amavisd-new configuration
+
+ There are several moments at which Postfix can hand over messages over to
+ amavisd-new (before it accepts a message from a client or after) and there
+ are different filter approaches (globally, per recipient (domain), per
+ network interface, etc.) that can trigger Postfix to transport a message
+ to amavisd-new.
+
+ The transport methods - transporting a message from Postfix to amavisd-new
+ and backwards - however always remain the same. They will be described in
+ this section first. The section that follows will deal with different
+ filter approaches.
+
+ [24][Tip] Integration procedure
+ The following examples have been structured to cause minimum
+ trouble on an online mail system. The order of steps ensures
+ that filtering will be enabled at the very last moment. Several
+ tests will have been conducted to verify the delivery chain
+ works before the filter is enabled. Once enabled the complete
+ system should work at once.
+
+ 2.1. Configuring amavisd-new for Postfix
+
+ Configuring amavisd-new to work with Postfix answers the following two
+ questions:
+
+ 1. Which port should the amavisd-new daemon listen to for incoming
+ connections from Postfix?
+
+ 2. Which IP-address and port should the amavisd-new SMTP client use to
+ (re)inject filtered messages (and notifications about message
+ statuses) into the Postfix SMTP delivery system?
+
+ 2.1.1. Configuring amavisd-new for incoming connections
+
+ The $inet_socket_port in /etc/amavisd.conf parameter sets the port number
+ amavisd-new will listen for incoming (E)SMTP connections. The following
+ example explicitly configures amavisd-new to bind to port 10024 (default
+ setting undef):
+
+ $inet_socket_port = 10024;
+
+ 2.1.2. Configuring the reinjection path
+
+ Two parameters, $forward_method and $notify_method, need to be configured
+ (usually identically) to reinject messages into the Postfix mail system.
+
+ The first parameter, $forward_method, specifies where amavisd-new should
+ transport scanned messages to, while the second parameter, $notify_method,
+ specifies where notifications about scanned messages should be transported
+ to.
+
+ By default amavisd uses 127.0.0.1 on port 10025 to contact a SMTP server
+ for reinjection of filtered messages. Unless a different IP address or
+ port should be used, no modifications must be applied and this section can
+ be skipped.
+
+ In case a different IP address or port should be used, the parameters
+ $notify_method and $forward_method need to be adjusted to reflect these
+ requirements. The following example edits these parameters in
+ /etc/amavisd.conf and uses 192.0.2.1 as IP address and port 20025:
+
+ $notify_method = 'smtp:[192.0.2.1]:20025';
+ $forward_method = 'smtp:[192.0.2.1]:20025';
+
+ 2.2. Configuring the transport from Postfix to amavisd-new
+
+ Both, amavisd-new and Postfix, are able to use either SMTP- or
+ LMTP-communication to transport a message from Postfix to amavisd-new.
+ Both variants will be described in this section.
+
+ Why configure a dedicated service?
+
+ Theoretically it's possible to transport messages from Postfix to
+ amavisd-new using the existing smtp-, lmtp, or even the relay-service in
+ /etc/postfix/master.cf.
+
+ In practice transporting messages to amavisd-new requires imposing
+ transport limits on the transporting service. Imposing such limits on a
+ globally available service would impose these limits on the complete
+ Postfix mail system - it would slow down the system significantly and
+ should be avoided.
+
+ [25][Note] Note
+ The number of Postfix clients that may connect simultaneously
+ to amavisd-new instances must be limited to the maximum number
+ of daemon child processes amavisd-new starts.
+
+ If the Postfix transport client was allowed to open more
+ connections amavisd-new can handle, amavisd-new would start to
+ queue incoming Postfix connections. Postfix in turn would
+ interpret such behaviour as "unresponsive remote MTA" and would
+ itself begin to queue mail that should be filtered. All this
+ would possibly throttle down the complete system and all
+ further filtering attempts would suffer.
+
+ 2.2.1. Configuring a dedicated lmtp-client
+
+ The following example creates a new, dedicated lmtp-transport named
+ amavisfeed in /etc/postfix/master.cf. Its configuration details are
+ explained following the listing:
+
+ # ==========================================================================
+ # service type private unpriv chroot wakeup maxproc command + args
+ # (yes) (yes) (yes) (never) (100)
+ # ==========================================================================
+
+ ...
+
+ amavisfeed unix - - n - 2 lmtp
+ -o lmtp_data_done_timeout=1200
+ -o lmtp_send_xforward_command=yes
+ -o disable_dns_lookups=yes
+ -o max_use=20
+
+ [26][Important] Important
+ A noteworthy quote from the Postfix documentation: "...do
+ not specify whitespace around the `='. In parameter
+ values, either avoid whitespace altogether, ...". Further
+ details on master.cf configuration syntax can be found in
+ master.cf or master(5).
+
+ Here's a quick rundown on the settings that differ from other services
+ defaults:
+
+ maxproc
+
+ The maximum number of concurrent Postfix amavis-service processes
+ has been limited to 2 (default: default_process_limit = 100). This
+ value reflects the default of 2 amavisd-daemon children processes
+ and is a good setting to start from. The value may be raised
+ later, when the system works stable and still can take a higher
+ load. It should not exceed the number of simultaneous amavisd
+ child processes.
+
+ lmtp_data_done_timeout
+
+ Setting lmtp_data_done_timeout to 1200 (seconds) doubles the
+ default time span a regular Postfix client waits after message
+ delivery for the server to reply DONE to claim successful
+ delivery. It must be larger than amavisd setting $child_timeout
+ (default 8*60 seconds) and should add a sufficient safety margin,
+ for example to cater for periods of automatic database maintenance
+ (e.g. bayes database on non-SQL database types) which can take a
+ long time in some cases.
+
+ If the server does not reply within the configured time span, the
+ Postfix client will quit the connection, put the message into the
+ deferred queue, log a delivery failure and retry later to
+ transport the message to amavisd-new.
+
+ [27][Note] Note
+ Raising this value serves a trick amavisd uses to avoid
+ message loss in case of power outage etc. The trick
+ consists in keeping the incoming connection as long
+ open as it takes to filter the message and take
+ appropriate action (reinjection, notification,
+ quarantine, etc.).
+
+ Only when the message (or notifications etc.) has been
+ reinjected amavisd will send DONE to the client and the
+ client will close the connection. This way Postfix will
+ always keep the message in its own mail queue, where it
+ can be reactivated after a system failure.
+
+ lmtp_send_xforward_command
+
+ Enabling lmtp_send_xforward_command configures the Postfix
+ lmtp-client to forward the original clients HELO name and IP
+ address to amavisd-new. amavisd-new in turn can use these
+ informations for
+
+ o logging and notifications (macro %a)
+
+ o switching policy banks (MYNETS, @mynetworks_maps)
+
+ o pen pals functionality
+
+ o p0f fingerprinting
+
+ disable_dns_lookups
+
+ The transport route from Postfix to amavisd-new, it will be
+ configured later in [28]Section 3, "Message filtering examples",
+ will probably never change. It will - probably - only change when
+ the whole mail system is being reconfigured. The target host may
+ therefore be specified as IP address instead of using a DNS
+ hostname. This saves "expensive" DNS-request (3 lookups) and
+ improves performance.
+
+ max_use
+
+ By default Postfix reuses a service instance 100 times (max_use =
+ 100), before the instance terminates. The master daemon will
+ reinvoke such a service if required. There's no need for the
+ amavisfeed-service to have such a long life-span. Best practice
+ has it to set max_use to 20.
+
+ 2.2.2. Configuring a dedicated smtp-client
+
+ Configuring a dedicated smtp-client is almost identical to configuring a
+ dedicated lmtp-client. The syntax differences in detail are that the names
+ of parameters start with smtp_ instead of lmtp_ and that the command at
+ the end of the service invokes the smtp- and not lmtp-client. The same
+ reasons given for differing lmtp client options apply to the dedicated
+ smtp client configuration.
+
+ Here's an example of a dedicated smtp client given the service name
+ amavisfeed:
+
+ # ==========================================================================
+ # service type private unpriv chroot wakeup maxproc command + args
+ # (yes) (yes) (yes) (never) (100)
+ # ==========================================================================
+
+ ...
+
+ amavisfeed unix - - n - 2 smtp
+ -o smtp_data_done_timeout=1200
+ -o smtp_send_xforward_command=yes
+ -o disable_dns_lookups=yes
+ -o max_use=20
+
+ 2.3. Configuring a dedicated SMTP-server for message reinjection
+
+ The second service that needs to be added to the Postfix mail system is a
+ dedicated SMTP-server. It will exist only to accept filtered messages and
+ notifications from amavisd-new to transported them closer to their final
+ destination.
+
+ This dedicated smtpd server will differ in many aspects from the default
+ smtpd daemon. The most important difference is that it configures an empty
+ content_filter parameter, thus overriding any global external content
+ filtering settings in Postfix.
+
+ [29][Note] Note
+ Delegating messages to an external content filter in Postfix is
+ done using the content_filter parameter. If the dedicated
+ smtpd-daemon would not override any global content_filter
+ settings, the reinjected message would be sent of to the
+ external content filter again - the mail would end in an
+ endless loop.
+
+ The following Postfix example uses amavisd-new default settings taken from
+ the $forward_method and $notify_method parameters. These settings
+ configure amavisd-new to forward filtered messages and notifications to
+ 127.0.0.1 on port 10025; the Postfix smtpd daemon will be configured to
+ bind to that IP address and listen on the specified port for incoming
+ connections:
+
+ # ==========================================================================
+ # service type private unpriv chroot wakeup maxproc command + args
+ # (yes) (yes) (yes) (never) (100)
+ # ==========================================================================
+
+ ...
+
+ 127.0.0.1:10025 inet n - n - - smtpd
+ -o content_filter=
+ -o smtpd_delay_reject=no
+ -o smtpd_client_restrictions=permit_mynetworks,reject
+ -o smtpd_helo_restrictions=
+ -o smtpd_sender_restrictions=
+ -o smtpd_recipient_restrictions=permit_mynetworks,reject
+ -o smtpd_data_restrictions=reject_unauth_pipelining
+ -o smtpd_end_of_data_restrictions=
+ -o smtpd_restriction_classes=
+ -o mynetworks=127.0.0.0/8
+ -o smtpd_error_sleep_time=0
+ -o smtpd_soft_error_limit=1001
+ -o smtpd_hard_error_limit=1000
+ -o smtpd_client_connection_count_limit=0
+ -o smtpd_client_connection_rate_limit=0
+ -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters
+ -o local_header_rewrite_clients=
+
+ Here's a quick rundown on the settings that differ from smtpd defaults:
+
+ content_filter
+
+ The empty content_filter overrides other, globally set
+ content_filter delegations.
+
+ ..._maps
+
+ Empty ..._maps override any other globally set map lookups.
+ Procedures to enforce settings specified in such maps have already
+ taken place when Postfix accepted the message from the external
+ client. Doing them again will not produce new results but only
+ waste resources.
+
+ ..._restrictions_...
+
+ There's no need to apply any already enforced ..._restrictions_...
+ another time. It would also only waste resources.
+
+ mynetworks
+
+ To avoid abuse from remote hosts, the dedicated smtpd-daemon will
+ only allow clients from 127.0.0.0/8 to relay messages.
+
+ local_header_rewrite_clients
+
+ By default this option would "rewrite message header addresses in
+ mail from these clients and update incomplete addresses with the
+ domain name". If such action has already been taken by Postfix
+ before the message went off to amavis, it should not be done a
+ second time when it reenters the Postfix mail system. Leaving this
+ option empty disables local header rewrites and saves resources.
+
+ remaining options
+
+ All remaining options either configure the dedicated smtpd-daemon
+ to be more failure tolerant or exist to avoid unnecessary use of
+ resources.
+
+ Running the postfix reload will activate the new transports (Postfix will
+ not yet send regular mail to amavisd). Combined with the tail command
+ problems can easily be detected:
+
+ # postfix reload && tail -f /var/log/maillog
+
+ If there are no problems reported, basic configuration can be tested.
+
+ 2.4. Testing basic configuration
+
+ Testing basic configuration consists of three separate tests, starting at
+ the end of the new delivery chain and working to it's beginning. Their
+ goal is to answer the following questions:
+
+ 1. Will amavisd-new accept connections at the specified IP address and
+ port?
+
+ 2. Will the new dedicated smtpd-daemon accept connections at the
+ specified IP address and port?
+
+ 3. Will a test message, injected into amavisd-new, be filtered, sent to
+ Postfix and delivered into a mailbox?
+
+ 2.4.1. Testing amavisd's host and port
+
+ A test, using the telnet command, serves to verify that amavisd listens on
+ the specified IP address and port. A successful connection looks like
+ this:
+
+ $ telnet localhost 10024
+ 220 [127.0.0.1] ESMTP amavisd-new service ready
+ EHLO localhost
+ 250-[127.0.0.1]
+ 250-VRFY
+ 250-PIPELINING
+ 250-SIZE
+ 250-ENHANCEDSTATUSCODES
+ 250-8BITMIME
+ 250-DSN
+ 250 XFORWARD NAME ADDR PROTO HELO
+ QUIT
+ 221 2.0.0 [127.0.0.1] amavisd-new closing transmission channel
+
+ If the test fails, the following questions may help to debug the problem:
+
+ o Is the amavisd-new daemon running?
+
+ o Does amavisd-new write an error to the log?
+
+ o Do the IP address and port number specified in the amavisd-new
+ configuration match the values used during the test?
+
+ o Does a firewall intercept connections?
+
+ 2.4.2. Testing the dedicated Postfix smtpd-daemon
+
+ When Postfix was reloaded, the new, dedicated smtpd-daemon
+ (127.0.0.1:10025) should have been activated. A successful connection
+ looks like this:
+
+ $ telnet 127.0.0.1 10025
+ 220 mail.example.com ESMTP Postfix (2.3.2)
+ EHLO localhost
+ 250-mail.example.com
+ 250-PIPELINING
+ 250-SIZE 40960000
+ 250-ETRN
+ 250-STARTTLS
+ 250-AUTH PLAIN CRAM-MD5 LOGIN DIGEST-MD5
+ 250-AUTH=PLAIN CRAM-MD5 LOGIN DIGEST-MD5
+ 250-ENHANCEDSTATUSCODES
+ 250-8BITMIME
+ 250 DSN
+ QUIT
+ 221 2.0.0 Bye
+
+ If the test fails, the following questions may help to debug the problem:
+
+ o Is the Postfix master daemon running?
+
+ o Does Postfix write an error to the log?
+
+ o Do the IP address and port number specified in the new services
+ configuration match the values used during the test?
+
+ o Does a firewall intercept connections?
+
+ 2.4.3. Testing the new transport chain
+
+ This test proves amavisd accepts e-mail as specified in [30]Section 2.1,
+ "Configuring amavisd-new for Postfix", filters it and finally hands it
+ over to Postfix' dedicated smtpd-daemon as specified in [31]Section 2.3,
+ "Configuring a dedicated SMTP-server for message reinjection".
+
+ The following example uses the content of test-messages/sample-nonspam.txt
+ from the amavisd test-messages to send an e-mail:
+
+ $ telnet localhost 10024
+ 220 [127.0.0.1] ESMTP amavisd-new service ready
+ HELO localhost
+ 250 [127.0.0.1]
+ MAIL FROM: <>
+ 250 2.1.0 Sender OK
+ RCPT TO: <postmaster>
+ 250 2.1.5 Recipient postmaster OK
+ DATA
+ 354 End data with <CR><LF>.<CR><LF>
+ From: virus-tester
+ To: undisclosed-recipients:;
+ Subject: amavisd test - simple - no spam test pattern
+
+ This is a simple test message from the amavisd-new test-messages.
+ .
+ 250 2.6.0 Ok, id=30897-02, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 079474CE44
+ QUIT
+ 221 2.0.0 [127.0.0.1] amavisd-new closing transmission channel
+
+ The maillog shows the delivery path. Here's an excerpt from a successful
+ delivery process:
+
+ Nov 1 11:28:10 mail postfix/smtpd[30986]: connect from localhost[127.0.0.1] [32]1
+ Nov 1 11:28:10 mail postfix/smtpd[30986]: 079474CE44: client=localhost[127.0.0.1]
+ Nov 1 11:28:10 mail postfix/cleanup[30980]: 079474CE44: message-id=<20061101102810.079474CE44 at mail.example.com>
+ Nov 1 11:28:10 mail postfix/qmgr[20432]: 079474CE44: from=<>, size=822, nrcpt=1 (queue active)
+ Nov 1 11:28:10 mail amavis[30897]: (30897-02) Passed BAD-HEADER, <> -> <postmaster>, quarantine: badh-le5gjszxowBk, mail_id: le5gjszxowBk, Hits: -1.76, queued_as: 079474CE44, 39505 ms [33]2
+ Nov 1 11:28:10 mail postfix/smtpd[30986]: disconnect from localhost[127.0.0.1]
+ Nov 1 11:28:10 mail postfix/local[30987]: 079474CE44: to=<postmaster at example.com>, relay=local, delay=0.27, delays=0.14/0.05/0/0.08, dsn=2.0.0, status=sent (delivered to mailbox: postmaster) [34]3
+ Nov 1 11:28:10 mail postfix/qmgr[20432]: 079474CE44: removed
+
+ [35]1 amavisd connects with Postfix dedicated smtpd-daemon and hands over
+ the e-mail that had been sent during the telnet session. smtpd gives
+ a queue-id of 079474CE44 that can be tracked throughout the maillog.
+ [36]2 amavisd notices it has checked and sent an e-mail to <postmaster>.
+ [37]3 Postfix' local-service logs it successfully delivered an e-mail with
+ queue-id 079474CE44 to the mailbox of postmaster.
+
+ If the test fails, the following questions may help to debug the problem:
+
+ o Does amavisd-new log errors?
+
+ o Does running amavisd-new in debug-mode report errors?
+
+3. Message filtering examples
+
+ Postfix can use various criteria to decide whether a message should be
+ sent to amavisd-new for examination. Combinations of criteria may serve to
+ create different configurations. The following section describes the
+ following configurations:
+
+ o Filtering e-mail globally
+
+ o Filtering e-mail globally by service
+
+ o Filtering e-mail per recipient domain
+
+ o Filtering e-mail per sender domain
+
+ o Filtering e-mail by content
+
+ 3.1. Filtering E-mail globally
+
+ In most cases email policies require global filtering - every inbound and
+ every outbound e-mail must be filtered by amavisd-new - before it may be
+ sent closer to its final destination.
+
+ [38][Note] Why check outgoing mail traffic?
+ Some reasons for checking mail coming from internal networks or
+ from authenticated roaming users are:
+
+ o detect an internal infected PC which is sending viruses
+
+ o detect an internal zombiized PC (or an internal open relay
+ or proxy) which is sending or relaying spam
+
+ o let the SpamAssassin Bayes autolearning feature see a
+ balanced view of all mail, including useful samples of
+ non-spam originating from inside
+
+ o make it possible for pen pals feature to function (if
+ enabled)
+
+ In Postfix global settings for its services are written to main.cf. The
+ content_filter parameter, the parameter configuring that messages are sent
+ to amavisd-new, must therefore be placed in main.cf.
+
+ The content_filter parameter requires a triplet, consisting of the
+ transport service's name (here: amavisfeed, given in [39]Section 2.2.1,
+ "Configuring a dedicated lmtp-client"), the target hosts IP address and
+ the port where amavisd-new listens for incoming connections. Following the
+ values used in this documents examples the content_filter configuration
+ results in this:
+
+ content_filter=amavisfeed:[127.0.0.1]:10024
+
+ The new external content filter will be activated once Postfix has been
+ reloaded. Sending a test-mail verifies the system works.
+
+ 3.2. Filtering E-mail by Postfix service
+
+ Postfix is able to filter messages per service. Such configuration
+ requires the content_filter not to be applied globally to all services in
+ main.cf (see: [40]Section 3.1, "Filtering E-mail globally"), but
+ selectively, per service in master.cf.
+
+ The following example presumes Postfix runs on a system offering three IP
+ addresses. In this example these are: 192.0.2.1 (WAN), 127.0.0.1
+ (localhost) and 10.0.0.254 (LAN). The goal is to filter only e-mail that
+ enters from the WAN interface.
+
+ This requires to create three dedicated smtpd-daemon instances, each
+ binding to one of the given IP addresses and deactivating the global smtp
+ service calling the smtpd command.
+
+ Additionally the WAN interface (here: 192.0.2.1:25) is configured to use
+ content_filter =amavisfeed:[127.0.0.1]:10024 - it will delegate any
+ message that enters the Postfix mail system at this service to the
+ external amavisd content filter.
+
+ # ==========================================================================
+ # service type private unpriv chroot wakeup maxproc command + args
+ # (yes) (yes) (yes) (never) (100)
+ # ==========================================================================
+ # smtp inet n - n - - smtpd
+
+ ...
+
+ 192.0.2.1:25 inet n - n - - smtpd
+ -o content_filter=amavisfeed:[127.0.0.1]:10024
+ -o receive_override_options=no_address_mappings
+
+ 10.0.0.254:25 inet n - n - - smtpd
+
+ 127.0.0.1:10025 inet n - n - - smtpd
+ -o content_filter=
+ -o smtpd_delay_reject=no
+ -o smtpd_client_restrictions=permit_mynetworks,reject
+ -o smtpd_helo_restrictions=
+ -o smtpd_sender_restrictions=
+ -o smtpd_recipient_restrictions=permit_mynetworks,reject
+ -o smtpd_data_restrictions=reject_unauth_pipelining
+ -o smtpd_end_of_data_restrictions=
+ -o smtpd_restriction_classes=
+ -o mynetworks=127.0.0.0/8
+ -o smtpd_error_sleep_time=0
+ -o smtpd_soft_error_limit=1001
+ -o smtpd_hard_error_limit=1000
+ -o smtpd_client_connection_count_limit=0
+ -o smtpd_client_connection_rate_limit=0
+ -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters
+ -o local_header_rewrite_clients=
+
+ 3.3. Filtering E-Mails per Recipient Domain
+
+ Postfix is able to filter e-mails per recipient domain. In order to do
+ this the content_filter parameter must not be set globally (see:
+ [41]Section 3.1, "Filtering E-mail globally"). Instead the content_filter
+ parameter has to be associated with one or more recipient domains listed
+ in a lookup table (map).
+
+ [42][Caution] Caution
+ This filter method is not selective! It will send any mail
+ with a recipient domain listed in the lookup table to amavis
+ even if the mail contains another recipient that should not
+ be examined by the amavis framework.
+
+ If fully selective rules are required all mail should be
+ sent to amavis and amavis' own rule sets should be
+ configured to decide whether a message for a given recipient
+ should be examined or not.
+
+ When Postfix searches the lookup table and finds the recipients domain
+ listed as key, it will take the action associated with that domain. The
+ action will send the message to a FILTER amavisfeed:[127.0.0.1]:10024.
+
+ The following map /etc/postfix/filter_recipient_domains specifies to send
+ messages to the FILTER amavisfeed whenever a message for any recipient at
+ example.com enters the Postfix mailqueues:
+
+ example.com FILTER amavisfeed:[127.0.0.1]:10024
+
+ Once the table has been created the postmap command must be used to create
+ an indexed map Postfix can read:
+
+ # postmap /etc/postfix/filter_recipient_domains
+
+ Once the map has been indexed, the postmap command is used to test the
+ map. In the following example the postmap command queries for the domain
+ example.com and returns the associated action:
+
+ # postmap -q "example.com" /etc/postfix/filter_recipient_domains
+ FILTER amavisfeed:[127.0.0.1]:10024
+
+ The tested map must be added to main.cf, before Postfix can make use of
+ the new filter policy. Setting the check_recipient_access parameter in the
+ list of smtpd_recipient_restrictions triggers evaluation of entries in the
+ map - check_recipient_access is triggered by the envelope-recipient(s)
+ given by a SMTP-client in a SMTP-session with Postfix.
+
+ The following example puts the check_recipient_access rule before
+ permit_mynetworks - all clients envelope-recipient(s) will be filtered:
+
+ smtpd_recipient_restrictions =
+ ...
+ check_recipient_access hash:/etc/postfix/filter_recipient_domains
+ ...
+ permit_mynetworks
+ reject_unauth_destination
+ ...
+
+ Filtering E-Mails per Recipient Domain only from External Clients
+
+ This example puts the check_recipient_access rule after permit_mynetworks
+ - only messages sent from clients that are not in Postfix $mynetworks list
+ (external or untrusted clients) will be filtered:
+
+ smtpd_recipient_restrictions =
+ ...
+ permit_mynetworks
+ reject_unauth_destination
+ check_recipient_access hash:/etc/postfix/filter_recipient_domains
+ ...
+
+ 3.4. Filtering E-Mails by Sender-Domain
+
+ In general it doesn't make sense to filter e-mails by sender-domain, as
+ anyone can fake a sender-domain during a SMTP-session. Filtering by
+ sender-domain will probably only make sense, if messages are not filtered
+ globally, but e-mails from ones own domain should be checked for spam or
+ viruses before they leave the network.
+
+ Most of the configuration steps are identical with the ones noted in
+ [43]Section 3.3, "Filtering E-Mails per Recipient Domain", except for the
+ parameter that triggers evaluation of the indexed map. In this scenario
+ envelope-senders should trigger map evaluation. The map, named
+ /etc/postfix/filter_sender_domains this time, contains the sender domain
+ (example.com) and associates it with the required FILTER:
+
+ example.com FILTER amavisfeed:[127.0.0.1]:10024
+
+ Once the map has been converted and tested with the postmap command (see:
+ [44]Section 3.3, "Filtering E-Mails per Recipient Domain") it must be
+ added to the list of smtpd_recipient_restrictions using the
+ check_sender_access parameter:
+
+ smtpd_recipient_restrictions =
+ ...
+ check_sender_access hash:/etc/postfix/filter_sender_domains
+ ...
+ permit_mynetworks
+ reject_unauth_destination
+ ...
+
+ [45][Important] Important
+ The map must be listed before permit_mynetworks, because
+ only then it will be applied to all clients - even the
+ ones Postfix trusts, which are very likely the ones from
+ example.com.
+
+ 3.5. Filtering E-mail per Content
+
+ Postfix is able - with deliberate limitations (see: BUILTIN_FILTER_README)
+ - to search for strings in headers, the body and MIME-headers. If a string
+ matches, Postfix may call appropriate action.
+
+ The following example configures Postfix to look for the string offer in
+ Subject:-headers and delegate the message to an external content filter if
+ if finds a matching string.
+
+ A map, consisting of the search string noted as regexp-expression,
+ associates the search pattern with a FILTER action:
+
+ /^Subject:.*offer/ FILTER amavisfeed:[127.0.0.1]:10024
+
+ [46][Note] Indexing regexp- or pcre-maps?
+ regexp- or pcre-maps are and must be plaintext files. They must
+ not and cannot be converted to an indexed map using the postmap
+ command. They can be tested using the postmap command using the
+ -q command line option.
+
+ Once the map has been created, Postfix must be configured to use it. The
+ following example uses the header_checks parameter (not body_checks or
+ mime_header_checks as they apply to other message parts) to implement the
+ map into the Postfix delivery process:
+
+ header_checks = regexp:/etc/postfix/filter_header
+
+ Once Postfix has been reloaded it will send every e-mail that contains the
+ word offer in the Subject:-header off to the external amavisd content
+ filter.
+
+4. Advanced Postfix and amavisd-new configuration
+
+ In a post-queue content filtering setup, a mail message passes through
+ smtpd and cleanup Postfix services twice, once before a content filter,
+ and the second time when an approved message is reinjected from a content
+ filter into the Postfix mail system. This is because checks and
+ transformations that have been configured in main.cf are globally active
+ and will be loaded and run by any instance of these two services. To avoid
+ wasting resources, options that control runtime behavior of these services
+ should not be applied globally in main.cf, but selectively to separate
+ instances of these services in master.cf.
+
+ Checks and transformations which are performed by a smtpd Postfix service
+ itself, e.g. access controls, recipient validation, milters etc., can be
+ controlled by adding options (-o) to appropriate smtpd services. This has
+ been shown in the basic configuration examples (see: [47]Section 2.3,
+ "Configuring a dedicated SMTP-server for message reinjection").
+
+ Checks and transformations which are performed by a cleanup Postfix
+ service are trickier because in a normal Postfix setup there is only one
+ cleanup service, unlike smtpd services of which there are many. Some of
+ the more important cleanup settings are dynamically controllable by a
+ smtpd service through the use of its receive_override_options option.
+
+ [48][Tip] Transformations and checks
+ Any transformation should preferably only be performed once,
+ either before or after content filtering. When to transform
+ depends on the desired effect, for example whether a content
+ filter should see unchanged or modified mail messages. Typical
+ transformations are:
+
+ o rewrite addresses
+
+ o add BCC recipients
+
+ o modify mail header.
+
+ Most checks should also be performed only once, preferably only
+ on the first passage, when the mail enters the Postfix mail
+ system the first time. This way messages can be rejected early -
+ if needed - and will not tie up downstream resources. Checking
+ early also avoids bounces in case of negative check results on a
+ second passage after content filtering.
+
+ 4.1. Multiple cleanup service architecture
+
+ To gain more control over a cleanup service than offered by
+ receive_override_options, two (or more) cleanup services, each with its
+ own set of options, must be run. A Postfix setup with more than one
+ cleanup service is possible either with two separate Postfix instances, or
+ through a specification of services and their options in master.cf file of
+ a single Postfix instance.
+
+ The following diagram illustrates a setup with two cleanup services in a
+ single Postfix instance:
+
+ .......................................
+ : Postfix :
+ ----->smtpd \ :
+ : -pre-cleanup-\ /local---->
+ ---->pickup / -queue- :
+ : -cleanup-/ | \smtp----->
+ : bounces/ ^ v :
+ : and locally | v :
+ : forwarded smtpd amavisfeed :
+ : messages 10025 | :
+ ...........................|...........
+ ^ |
+ | v
+ ............|...............................
+ : | $inet_socket_port=10024 :
+ : | :
+ : $forward_method='smtp:[127.0.0.1]:10025' :
+ : $notify_method ='smtp:[127.0.0.1]:10025' :
+ : :
+ : amavisd-new :
+ ............................................
+
+ Procedure 1.1. Message flow with two cleanup services
+
+ 1. Messages enter the Postfix system at the regular smtpd or pickup
+ service.
+
+ 2. The pre-cleanup cleanup service performs transformations and checks on
+ these messages.
+
+ 3. The qmgr service schedules the messages to be sent to the amavisd-new
+ content filter.
+
+ 4. amavisd-new performs various tests on the messages.
+
+ 5. Messages are re-injected into the Postfix mail system, sending them to
+ a dedicated, local smtpd service.
+
+ 6. The cleanup cleanup service performs transformations and checks that
+ must be done at this stage, but omits the ones that have already been
+ carried out in step 2.
+
+ 4.2. Configuring two cleanup services
+
+ Configuring Postfix smtpd services to use two separate, dedicated cleanup
+ services requires the following steps:
+
+ 1. Create a second cleanup instance
+
+ 2. Modify the existing cleanup service
+
+ 3. Configure smtpd services to use either of the two cleanup services.
+
+ 4.2.1. Creating a second cleanup instance
+
+ The following example adds a cleanup daemon named pre-cleanup. It will
+ handle messages before a content filter.
+
+ # ==========================================================================
+ # service type private unpriv chroot wakeup maxproc command + args
+ # (yes) (yes) (yes) (never) (100)
+ # ==========================================================================
+ # smtp inet n - n - - smtpd
+
+ ...
+
+ pre-cleanup unix n - n - 0 cleanup
+ -o virtual_alias_maps=
+
+ The above leaves canonicalization address rewriting enabled so that a
+ content filter will see canonicalized (external) sender mail addresses,
+ but it disables globally configured virtual alias transformations.
+
+ Such transformations will be done later by the second cleanup service, so
+ that a content filter will see original (external) recipient mail
+ addresses. Other options may also be used as needed.
+
+ 4.2.2. Modifying the existing cleanup service
+
+ The already existing cleanup service - having the service name cleanup -
+ will be used to process messages that re-enter the Postfix mail system
+ (also for delivery notifications and forwarding as generated internally by
+ Postfix).
+
+ Cleanup jobs that already have been performed by the pre-cleanup service
+ should not be run again. The following example disables typical checks
+ that have been run before or are not needed for internally generated
+ notifications:
+
+ # ==========================================================================
+ # service type private unpriv chroot wakeup maxproc command + args
+ # (yes) (yes) (yes) (never) (100)
+ # ==========================================================================
+ # smtp inet n - n - - smtpd
+
+ ...
+
+ cleanup unix n - n - 0 cleanup
+ -o mime_header_checks= [49]1
+ -o nested_header_checks= [50]2
+ -o body_checks= [51]3
+ -o header_checks= [52]4
+
+ [53]1 The specified options disable header and body checks as these would
+ [54]2 already be performed by a pre-cleanup service.
+ [55]3
+ [56]4
+
+ [57][Note] always_bcc
+ This cleanup service would also be the appropriate one for
+ specifying always_bcc option - doing it globally would apply to
+ both cleanup services and would result in two copies of each
+ message to be sent to the specified address.
+
+ 4.2.3. Configuring smtpd services
+
+ Finally existing smtpd services on ports 25 and 587 (submission), and the
+ pickup service must be configured to send messages to the new pre-cleanup
+ service instead of a default cleanup service:
+
+ # ==========================================================================
+ # service type private unpriv chroot wakeup maxproc command + args
+ # (yes) (yes) (yes) (never) (100)
+ # ==========================================================================
+ # smtp inet n - n - - smtpd
+
+ ...
+
+ pickup fifo n - n 60 1 pickup
+ -o cleanup_service_name=pre-cleanup
+ smtp inet n - n - - smtpd
+ -o cleanup_service_name=pre-cleanup
+ submission inet n - n - - smtpd
+ -o cleanup_service_name=pre-cleanup
+
+5. Tuning
+
+ 5.1. Maximum Number of Concurrent Processes
+
+ The most important settings to tune and optimize in Postfix and amavisd
+ workflow are the maximum number of concurrent processes. The maximum
+ number of concurrent processes on both sides must be chosen with care.
+
+ If the number is too low, hardware resources aren't used efficiently and
+ delivery time will be unnecessarily prolonged. Experience tells that
+ raising the number of processes a little, will not raise the overall
+ throughput in the same proportion.
+
+ As the system resources are nearing saturation with each increase of the
+ number of processes, an increase in throughput becomes marginal, and
+ eventually even negative when the number of processes exceeds its
+ near-optimum value. E-mail throughput will decrease, because processes
+ need to wait for each other. At worst e-mail delivery stalls.
+
+ Best practice is to start with a (conservative) maximum number of 2
+ concurrent processes. Everyday use has shown that this value may be raised
+ to a value between 10 and 30 concurrent Postfix client and amavisd server
+ processes. This also depends on the overall resources the system may
+ provide, how amavisd has been integrated into the Postfix delivery process
+ and on the anti-virus and anti-spam software being loaded and used by
+ amavisd-new.
+
+ Regardless of the maximum number of concurrent processes, both sides -
+ Postfix and amavisd - should be synchronized. To synchronize both sides
+ edit, the $max_servers parameter for amavisd-new (see: amavisd.conf) and
+ the number of processes in master.cf listed in the dedicated transports
+ maxproc column for Postfix.
+
+ Both values should be identical for two reasons: If amavisd-new offers
+ more processes than Postfix will ever use, amavisd-new wastes resources.
+ On the other hand, if Postfix starts more dedicated transports than
+ amavisd can handle simultaneously, e-mail transport will be refused and
+ logged as error.
+
+ [58][Note] Controlling the maximum number of concurrent processes in
+ main.cf
+ Instead of controlling the maximum number of concurrent
+ processes of Postfix' dedicated transport in master.cf it is
+ also possible to keep the default setting - in master.cf and
+ set the following parameter and option in main.cf:
+
+ amavisfeed_destination_concurrency_limit = 2
+
+ The name of the parameter starts with the service in master.cf
+ (here: amavisfeed) that should be controlled and goes on with
+ the suffix _destination_concurrency_limit. Here also 2 is set
+ as initial (conservative) value.
+
+ 5.2. Additional Tips for Tuning
+
+ Further Tuning-Tips can be found in README.performance and the slides from
+ [59]amavisd-new, advanced configuration and management.
+
+References
+
+ Visible links
+ 1. mailto:patrick.koetter at state-of-mind.de
+ 2. mailto:Mark.Martinec+amavis at ijs.si
+ 3. #requirements
+ 4. #requirements_postfix_version
+ 5. #requirements_catching_errors
+ 6. #basics
+ 7. #basics_amavisd-new
+ 8. #basics_transport
+ 9. #basics_smtpd-daemon
+ 10. #basics_testing
+ 11. #filter
+ 12. #filter_global
+ 13. #filter_service_global
+ 14. #filter_by_recipient
+ 15. #filter_by_sender
+ 16. #filter_by_content
+ 17. #d0e968
+ 18. #d0e1038
+ 19. #d0e1110
+ 20. #tuning
+ 21. #d0e1231
+ 22. #d0e1288
+ 28. 3. Message filtering examples
+ #filter
+ 30. 2.1. Configuring amavisd-new for Postfix
+ #basics_amavisd-new
+ 31. 2.3. Configuring a dedicated SMTP-server for message reinjection
+ #basics_smtpd-daemon
+ 35. #mailflow_1
+ 36. #mailflow_2
+ 37. #mailflow_3
+ 39. 2.2.1. Configuring a dedicated lmtp-client
+ #basics_transport_lmtp-client
+ 40. 3.1. Filtering E-mail globally
+ #filter_global
+ 41. 3.1. Filtering E-mail globally
+ #filter_global
+ 43. 3.3. Filtering E-Mails per Recipient Domain
+ #filter_by_recipient
+ 44. 3.3. Filtering E-Mails per Recipient Domain
+ #filter_by_recipient
+ 47. 2.3. Configuring a dedicated SMTP-server for message reinjection
+ #basics_smtpd-daemon
+ 53. #cleanup-mime_header_checks
+ 54. #cleanup-nested_header_checks
+ 55. #cleanup-body_checks
+ 56. #cleanup-header_checks
+ 59. http://www.ijs.si/software/amavisd/amavisd-new-magdeburg-20050519.pdf
diff --git a/README_FILES/README.postfix.html b/README_FILES/README.postfix.html
new file mode 100644
--- /dev/null
+++ b/README_FILES/README.postfix.html
@@ -0,0 +1,635 @@
+<html><head>
+ <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+ <title>Chapter 1. Integrating amavisd-new in Postfix</title><link rel="stylesheet" href="screen.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.69.1"><meta name="keywords" content="amavisd, amavisd-new, amavisd-new Postfix, configuring amavisd-new Postfix, amavisd-new Postfix configuration, amavisd-new Postfix HOWTO"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="README.postfix"></a>Chapter 1. Integrating amavisd-new in Postfix</h2></div><div><div class="authorgroup"><div class="author"><h3 class="author"><span class="firstname">Patrick</span> <span class="othername">Ben</span> <span class="surname">Koetter</span></h3><code class="email"><<a href="mailto:patrick.koetter at state-of-mind.de">patrick.koetter at state-of-mind.de</a>></code></div><div class="author"><h3 class="author"><span class="firstname">Mark</span> <span class="surname">Martinec</span></h3><code class="email"><<a href="mailto:Mark.Martinec+amavis at ijs.si">Mark.Martinec+amavis at ijs.si</a>></code></div></div></div><div><div class="legalnotice"><a name="d0e42"></a><p>License: GNU GENERAL PUBLIC LICENSE, Version 2, June 1991</p></div></div><div><div class="revhistory"><table border="1" width="100%" summary="Revision history"><tr><th align="left" valign="top" colspan="3"><b>Revision History</b></th></tr><tr><td align="left">Revision 122</td><td align="left">15. Jun 2007</td><td align="left">PK</td></tr><tr><td align="left" colspan="3">Added Section on Advanced Configuration</td></tr><tr><td align="left">Revision 108</td><td align="left">22. Apr 2007</td><td align="left">PK</td></tr><tr><td align="left" colspan="3">Initial publication</td></tr></table></div></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="section"><a href="#requirements">1. Requirements</a></span></dt><dd><dl><dt><span class="section"><a href="#requirements_postfix_version">1.1. Which Postfix version is required?</a></span></dt><dt><span class="section"><a href="#requirements_catching_errors">1.2. Catching errors during integration</a></span></dt></dl></dd><dt><span class="section"><a href="#basics">2. Basic Postfix and amavisd-new configuration</a></span></dt><dd><dl><dt><span class="section"><a href="#basics_amavisd-new">2.1. Configuring amavisd-new for Postfix</a></span></dt><dt><span class="section"><a href="#basics_transport">2.2. Configuring the transport from Postfix to amavisd-new</a></span></dt><dt><span class="section"><a href="#basics_smtpd-daemon">2.3. Configuring a dedicated SMTP-server for message
+ reinjection</a></span></dt><dt><span class="section"><a href="#basics_testing">2.4. Testing basic configuration</a></span></dt></dl></dd><dt><span class="section"><a href="#filter">3. Message filtering examples</a></span></dt><dd><dl><dt><span class="section"><a href="#filter_global">3.1. Filtering E-mail globally</a></span></dt><dt><span class="section"><a href="#filter_service_global">3.2. Filtering E-mail by Postfix service</a></span></dt><dt><span class="section"><a href="#filter_by_recipient">3.3. Filtering E-Mails per Recipient Domain</a></span></dt><dt><span class="section"><a href="#filter_by_sender">3.4. Filtering E-Mails by Sender-Domain</a></span></dt><dt><span class="section"><a href="#filter_by_content">3.5. Filtering E-mail per Content</a></span></dt></dl></dd><dt><span class="section"><a href="#d0e968">4. Advanced Postfix and amavisd-new configuration</a></span></dt><dd><dl><dt><span class="section"><a href="#d0e1038">4.1. Multiple cleanup service architecture</a></span></dt><dt><span class="section"><a href="#d0e1110">4.2. Configuring two cleanup services</a></span></dt></dl></dd><dt><span class="section"><a href="#tuning">5. Tuning</a></span></dt><dd><dl><dt><span class="section"><a href="#d0e1231">5.1. Maximum Number of Concurrent Processes</a></span></dt><dt><span class="section"><a href="#d0e1288">5.2. Additional Tips for Tuning</a></span></dt></dl></dd></dl></div><div class="abstract"><p class="title"><b>Abstract</b></p><p>This document describes how amavisd-new can be integrated into the
+ Postfix SMTP delivery process. It lists the necessary requirements,
+ explains how Postfix and amavisd-new need to be configured to basically
+ work together and it gives filter-examples to show how amavisd-new can be
+ called from Postfix.</p></div><div class="section" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="requirements"></a>1. Requirements</h2></div></div></div><p>The following requirements must be met before integration can
+ begin:</p><div class="orderedlist"><ol type="1"><li><p>amavisd-new has already been installed and successfully
+ tested.</p></li><li><p>Postfix has been installed, configured for basic operations and
+ tested successfully.</p></li></ol></div><div class="tip" style="margin-left: 0.5in; margin-right: 0.5in;"><table border="0" summary="Tip"><tr><td rowspan="2" align="center" valign="top" width="25"><img alt="[Tip]" src="images/tip.png"></td><th align="left">Tip</th></tr><tr><td align="left" valign="top"><p>Independently of the configuration examples shown in this
+ document, it is advisable to set
+ <em class="parameter"><code>strict_rfc821_envelopes</code></em> = <code class="option">yes</code> in
+ <code class="filename">/etc/postfix/main.cf</code>. Postfix will reject any
+ message from envelope-senders, whose address can't be used to send a
+ reply to.</p><p>This avoids accepting e-mails from erroneous envelope-senders that
+ can't be informed of problems, which finally would result in deleting
+ the message - even if Postfix claimed successful delivery in the
+ first.</p></td></tr></table></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="requirements_postfix_version"></a>1.1. Which Postfix version is required?</h3></div></div></div><p>Integrating amavisd-new into the Postfix delivery process requires
+ that Postfix is able to delegate messages to external content filters.
+ The minimum version that provides content filtering is Postfix
+ release-20010228.</p></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="requirements_catching_errors"></a>1.2. Catching errors during integration</h3></div></div></div><p>Chances are that configuration errors during implementation cause
+ Postfix to bounce legitimate messages. Setting the
+ <em class="parameter"><code>soft_bounce</code></em> parameter during integration and
+ reloading the Postfix configuration afterwards prevents Postfix from
+ bouncing legitimate mail during that time:</p><pre class="programlisting"># <strong class="userinput"><code>postconf -e "soft_bounce = yes"</code></strong>
+# <strong class="userinput"><code>postfix reload</code></strong></pre><p>As soon as <em class="parameter"><code>soft_bounce</code></em> has been activated
+ Postfix will treat all delivery errors as temporary errors - any client
+ that wants to send messages to Postfix will keep mail in the mailqueue
+ and it will suspend delivery until the
+ <em class="parameter"><code>soft_bounce</code></em> parameter has been removed or set to
+ <code class="option">no</code>.</p><p>Once the integration of amavisd-new into the Postfix delivery
+ process has been completed successfully
+ <em class="parameter"><code>soft_bounce</code></em> must be removed or Postfix will not
+ generate bounce messages for legitimate mail.</p></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="basics"></a>2. Basic Postfix and amavisd-new configuration</h2></div></div></div><p>There are several moments at which Postfix can hand over messages
+ over to amavisd-new (before it accepts a message from a client or after)
+ and there are different filter approaches (globally, per recipient
+ (domain), per network interface, etc.) that can trigger Postfix to
+ transport a message to amavisd-new.</p><p>The transport methods - transporting a message from Postfix to
+ amavisd-new and backwards - however always remain the same. They will be
+ described in this section first. The section that follows will deal with
+ different filter approaches.</p><div class="tip" style="margin-left: 0.5in; margin-right: 0.5in;"><table border="0" summary="Tip: Integration procedure"><tr><td rowspan="2" align="center" valign="top" width="25"><img alt="[Tip]" src="images/tip.png"></td><th align="left">Integration procedure</th></tr><tr><td align="left" valign="top"><p>The following examples have been structured to cause minimum
+ trouble on an online mail system. The order of steps ensures that
+ filtering will be enabled at the very last moment. Several tests will
+ have been conducted to verify the delivery chain works before the filter
+ is enabled. Once enabled the complete system should work at once.</p></td></tr></table></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="basics_amavisd-new"></a>2.1. Configuring amavisd-new for Postfix</h3></div></div></div><p>Configuring amavisd-new to work with Postfix answers the following
+ two questions:</p><div class="orderedlist"><ol type="1"><li><p>Which port should the amavisd-new daemon listen to for
+ incoming connections from Postfix?</p></li><li><p>Which IP-address and port should the amavisd-new SMTP client
+ use to (re)inject filtered messages (and notifications about message
+ statuses) into the Postfix SMTP delivery system?</p></li></ol></div><div class="section" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="d0e157"></a>2.1.1. Configuring amavisd-new for incoming connections</h4></div></div></div><p>The <em class="parameter"><code>$inet_socket_port</code></em> in
+ <code class="filename">/etc/amavisd.conf</code> parameter sets the port number
+ amavisd-new will listen for incoming (E)SMTP connections. The
+ following example explicitly configures amavisd-new to bind to port
+ <code class="systemitem">10024</code> (default setting
+ <code class="option">undef</code>):</p><pre class="programlisting">$inet_socket_port = 10024;</pre></div><div class="section" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="d0e176"></a>2.1.2. Configuring the reinjection path</h4></div></div></div><p>Two parameters, <em class="parameter"><code>$forward_method</code></em> and
+ <em class="parameter"><code>$notify_method</code></em>, need to be configured (usually
+ identically) to reinject messages into the Postfix mail system.</p><p>The first parameter, <em class="parameter"><code>$forward_method</code></em>,
+ specifies where amavisd-new should transport scanned messages to,
+ while the second parameter, <em class="parameter"><code>$notify_method</code></em>,
+ specifies where notifications about scanned messages should be
+ transported to.</p><p>By default amavisd uses <code class="systemitem">127.0.0.1</code> on port <code class="systemitem">10025</code> to contact a SMTP server for
+ reinjection of filtered messages. Unless a different IP address or
+ port should be used, no modifications must be applied and this section
+ can be skipped.</p><p>In case a different IP address or port should be used, the
+ parameters <em class="parameter"><code>$notify_method</code></em> and
+ <em class="parameter"><code>$forward_method</code></em> need to be adjusted to reflect
+ these requirements. The following example edits these parameters in
+ <code class="filename">/etc/amavisd.conf</code> and uses <code class="systemitem">192.0.2.1</code> as IP address and port
+ <code class="systemitem">20025</code>:</p><pre class="programlisting">$notify_method = 'smtp:[192.0.2.1]:20025';
+$forward_method = 'smtp:[192.0.2.1]:20025';</pre></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="basics_transport"></a>2.2. Configuring the transport from Postfix to amavisd-new</h3></div></div></div><p>Both, amavisd-new and Postfix, are able to use either SMTP- or
+ LMTP-communication to transport a message from Postfix to amavisd-new.
+ Both variants will be described in this section.</p><h4><a name="d0e227"></a>Why configure a dedicated service?</h4><p>Theoretically it's possible to transport messages from Postfix to
+ amavisd-new using the existing smtp-, lmtp, or even the relay-service in
+ <code class="filename">/etc/postfix/master.cf</code>.</p><p>In practice transporting messages to amavisd-new requires imposing
+ transport limits on the transporting service. Imposing such limits on a
+ globally available service would impose these limits on the complete
+ Postfix mail system - it would slow down the system significantly and
+ should be avoided.</p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><table border="0" summary="Note"><tr><td rowspan="2" align="center" valign="top" width="25"><img alt="[Note]" src="images/note.png"></td><th align="left">Note</th></tr><tr><td align="left" valign="top"><p>The number of Postfix clients that may connect simultaneously to
+ amavisd-new instances must be limited to the maximum number of daemon
+ child processes amavisd-new starts.</p><p>If the Postfix transport client was allowed to open more
+ connections amavisd-new can handle, amavisd-new would start to queue
+ incoming Postfix connections. Postfix in turn would interpret such
+ behaviour as “<span class="quote">unresponsive remote MTA</span>” and would itself
+ begin to queue mail that should be filtered. All this would possibly
+ throttle down the complete system and all further filtering attempts
+ would suffer.</p></td></tr></table></div><div class="section" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="basics_transport_lmtp-client"></a>2.2.1. Configuring a dedicated lmtp-client</h4></div></div></div><p>The following example creates a new, dedicated lmtp-transport
+ named <code class="systemitem">amavisfeed</code> in
+ <code class="filename">/etc/postfix/master.cf</code>. Its configuration details
+ are explained following the listing:</p><pre class="programlisting"># ==========================================================================
+# service type private unpriv chroot wakeup maxproc command + args
+# (yes) (yes) (yes) (never) (100)
+# ==========================================================================
+
+...
+
+amavisfeed unix - - n - 2 lmtp
+ -o lmtp_data_done_timeout=1200
+ -o lmtp_send_xforward_command=yes
+ -o disable_dns_lookups=yes
+ -o max_use=20</pre><div class="important" style="margin-left: 0.5in; margin-right: 0.5in;"><table border="0" summary="Important"><tr><td rowspan="2" align="center" valign="top" width="25"><img alt="[Important]" src="images/important.png"></td><th align="left">Important</th></tr><tr><td align="left" valign="top"><p>A noteworthy quote from the Postfix documentation:
+ “<span class="quote">...do not specify whitespace around the ‘<span class="quote">=</span>’. In
+ parameter values, either avoid whitespace altogether, ...</span>”.
+ Further details on <code class="filename">master.cf</code> configuration
+ syntax can be found in <code class="filename">master.cf</code> or
+ <span class="citerefentry"><span class="refentrytitle">master</span>(5)</span>.</p></td></tr></table></div><p>Here's a quick rundown on the settings that differ from other
+ services defaults:</p><div class="variablelist"><dl><dt><span class="term"><em class="parameter"><code>maxproc</code></em></span></dt><dd><p>The maximum number of concurrent Postfix amavis-service
+ processes has been limited to <code class="option">2</code> (default:
+ <em class="parameter"><code>default_process_limit</code></em> =
+ <code class="option">100</code>). This value reflects the default of
+ <code class="option">2</code> amavisd-daemon children processes and is a
+ good setting to start from. The value may be raised later, when
+ the system works stable and still can take a higher load. It
+ should not exceed the number of simultaneous amavisd child
+ processes.</p></dd><dt><span class="term"><em class="parameter"><code>lmtp_data_done_timeout</code></em></span></dt><dd><p>Setting <em class="parameter"><code>lmtp_data_done_timeout</code></em> to
+ <code class="option">1200</code> (seconds) doubles the default time span a
+ regular Postfix client waits after message delivery for the
+ server to reply <code class="computeroutput">DONE</code> to claim
+ successful delivery. It must be larger than amavisd setting
+ <em class="parameter"><code>$child_timeout</code></em> (default
+ <code class="option">8</code>*<code class="option">60</code> seconds) and should add a
+ sufficient safety margin, for example to cater for periods of
+ automatic database maintenance (e.g. bayes database on non-SQL
+ database types) which can take a long time in some cases.</p><p>If the server does not reply within the configured time
+ span, the Postfix client will quit the connection, put the
+ message into the deferred queue, log a delivery failure and
+ retry later to transport the message to amavisd-new.</p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><table border="0" summary="Note"><tr><td rowspan="2" align="center" valign="top" width="25"><img alt="[Note]" src="images/note.png"></td><th align="left">Note</th></tr><tr><td align="left" valign="top"><p>Raising this value serves a trick amavisd uses to avoid
+ message loss in case of power outage etc. The trick consists
+ in keeping the incoming connection as long open as it takes to
+ filter the message and take appropriate action (reinjection,
+ notification, quarantine, etc.).</p><p>Only when the message (or notifications etc.) has been
+ reinjected amavisd will send
+ <code class="computeroutput">DONE</code> to the client and the
+ client will close the connection. This way Postfix will always
+ keep the message in its own mail queue, where it can be
+ reactivated after a system failure.</p></td></tr></table></div></dd><dt><span class="term"><em class="parameter"><code>lmtp_send_xforward_command</code></em></span></dt><dd><p>Enabling <em class="parameter"><code>lmtp_send_xforward_command</code></em>
+ configures the Postfix lmtp-client to forward the original
+ clients HELO name and IP address to amavisd-new. amavisd-new in
+ turn can use these informations for</p><div class="itemizedlist"><ul type="disc"><li><p>logging and notifications (macro
+ <code class="varname">%a</code>)</p></li><li><p>switching policy banks (<code class="constant">MYNETS</code>,
+ <em class="parameter"><code>@mynetworks_maps</code></em>)</p></li><li><p>pen pals functionality</p></li><li><p>p0f fingerprinting</p></li></ul></div></dd><dt><span class="term"><em class="parameter"><code>disable_dns_lookups</code></em></span></dt><dd><p>The transport route from Postfix to amavisd-new, it will
+ be configured later i