Quote:
|
Originally Posted by combilli
I'm trying to set amavis as my virus scanner for my mail server..
Now I've downloaded and installed the amavis.
IT's running..
When I'm checking the mail log. there is a warning
mail postfix/qmgr[11879]warning: connect to transpot smtp-amavis: Connection refused. (Email send / receive is still working normally)
I don't really know how to config it...
Could anyone tell me where is a tutorial for this software?
|
Postfix runs an SMTP server, which listens for incoming connections on port 25. Well, amavis runs it's own SMTP server, but it's only available to the local system, and it (by default) listens on port 10024.
The way it works is Postfix receives mail from the Internet, and instead of just delivering it, it first gives it to amavis, by delivering it to the localhost port 10024 which amavis is listening on. Amavis will scan the email, and if it's clean, give it back to Postfix, usually by a separate SMTP server run by postfix, listening on another port (usually 10025).
So, first you need to install amavis, configure it (via /etc/amavisd.conf), and start it. To start it just run
I'm going to assume you read the amavis documentation and configured it correctly.
We'll now want to check if amavisd is running. If it's running, it should be listening on port 10024. So we check by running one of the following commands (or both)
Code:
lsof -i4 -a | grep amavis
netstat -pantu | grep amavis
If you see amavis running and LISTENING on port TCP/10024, congratulations. But we're not done yet.
You have to tell postfix to deliver all email to amavis (well, most email anyways). To do this we use the "content_filter" paramater. Set it to as follows
Code:
postconf -e "content_filter = smtp-amavis:[127.0.0.1]:10024"
You can check it by running
Code:
postconf content_filter
Now postfix will deliver all mail to this content filter. But wait, theres a problem. After amavis scans the email, it gives it back to Postfix (via an SMTP server listening on port 10025, see above). If Postfix gives it back to the "content_filter" (ie: amavis), we have ourselves a mail loop (that's bad).
So what's the solution? Easy, we override the "content_filter" setting, but only for the SMTP server that listens on port 10025. To do this, you'll have to edit the /etc/postfix/master.cf file, and add the following:
Code:
127.0.0.1:10025 inet n - n - - smtpd
-o content_filter=
-o smtpd_restriction_classes=
-o smtpd_delay_reject=no
-o smtpd_client_restrictions=permit_mynetworks,reject
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o smtpd_data_restrictions=reject_unauth_pipelining
-o smtpd_end_of_data_restrictions=
-o mynetworks=127.0.0.0/8
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o smtpd_client_connection_count_limit=0
-o smtpd_client_connection_rate_limit=0
-o smtpd_milters=
-o local_header_rewrite_clients=
-o local_recipient_maps=
-o relay_recipient_maps=
-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
This actually tells Postfix 2 things. First it tells postfix to run a special SMTP server which is listening on port 10025, but is only accessible to the localhost, not the whole Internet (mynetworks parameter). Then, it tells Postfix to NOT use a content_filter for this SMTP server, in order to avoid that mail loop I was talking about (content_filter parameter).
Now you'll want to refresh postfix for the settings to take effect by doing
if postfix is already running, or
if it's wasn't running.
Now we want to see if BOTH amavis and postfix are listening to the proper ports by doing
Code:
netstat -pantu | egrep '(25|10024|10025)'
or
Code:
lsof -i4 -a | egrep '(25|10024|10025)
You should have Postfix listing on TCP/25 for incoming email from the Internet & your LAN. Amavis listening on port 10024 for incoming email from Postfix. And Postfix also listening on port TCP/10025 for incoming, scanned & presumably CLEAN email from amavis.
I hope this clears it up for you. If you have any questions please reply.
Cheers
