1
amavisd-new consists of the daemon, and optionally some helper programs,
2
which are only needed in setups with certain mail transport agents (MTA).
3
For Postfix, Exim-V4, and dual-sendmail setups no helper program is needed.
1
amavisd-new consists of a daemon 'amavisd', and optionally a helper program,
2
which is only needed in setups with certain mail transport agents (MTA).
3
For Postfix, Exim-V4, and dual-sendmail setups no helper program for
4
interfacing MTA with amavisd daemon is needed.
5
6
Obtaining the software:
6
7
=======================
8
9
Fetch the tarball and unpack it:
9
wget http://www.ijs.si/software/amavisd/amavisd-new-<version>.tar.gz
10
curl -O http://www.ijs.si/software/amavisd/amavisd-new-<version>.tar.gz
10
11
gzip -d -c amavisd-new-<version>.tar.gz | tar xvf -
11
12
cd amavisd-new-<version>
13
14
Checking the web page http://www.ijs.si/software/amavisd/ if there are
14
15
any any required last-minute patches, fetch and apply them, e.g.:
15
wget http://www.ijs.si/software/amavisd/amavisd-new-<version>-p1.patch
16
curl -O http://www.ijs.si/software/amavisd/amavisd-new-<version>-p1.patch
16
17
patch < amavisd-new-<version>-p1.patch
17
18
(or grab the tar file with patches already applied, if available).
19
20
The most important files thus obtained (and patched if necessary)
20
21
are amavisd and amavisd.conf.
22
Start reading with AAAREADME.first, then RELEASE_NOTES and INSTALL.
23
Start reading with AAAREADME.first, then RELEASE_NOTES if upgrading,
24
and INSTALL and README_FILES/<your-MTA> for new installations.
26
Check also the on-line documentation at:
27
http://www.ijs.si/software/amavisd/
28
and http://www.ijs.si/software/amavisd/amavisd-new-docs.html
28
34
file(1) utility is required, the most recent version is heartly recommended!
29
35
There are a number of security and robustness problems with earlier versions.
30
36
Use file(1) 4.06 or later to avoid it crashing upon seeing certain files
31
and to avoid possible control characters in its output.
37
and to avoid possible control characters leaking into its output.
33
39
Archive::Tar (Archive-Tar-x.xx)
34
Archive::Zip (Archive-Zip-x.xx) (1.09 or later is recommended!)
35
Compress::Zlib (Compress-Zlib-x.xx)
40
Archive::Zip (Archive-Zip-x.xx) (1.14 or later should be used!)
41
Compress::Zlib (Compress-Zlib-x.xx) (1.35 or later)
36
42
Convert::TNEF (Convert-TNEF-x.xx)
37
Convert::UUlib (Convert-UUlib-x.xxx) (stick to the new versions!)
43
Convert::UUlib (Convert-UUlib-x.xxx) (1.05 or later, stick to new versions!)
38
44
MIME::Base64 (MIME-Base64-x.xx)
39
MIME::Parser (MIME-Tools-x.xxxx)
40
( the patched MIME-tools by David F. Skoll is recommended over 5.411,
41
as it better handles broken/bad MIME syntax:
42
http://www.mimedefang.org/ -> Download section.
43
The new 6.2xx from http://search.cpan.org/dist/MIME-tools/
44
also includes these patches, and more.
45
MIME::Parser (MIME-Tools-x.xxxx) (latest version from CPAN - currently 5.417)
45
46
Mail::Internet (MailTools-1.58 or later have workarounds for Perl 5.8.0 bugs)
46
Net::Server (Net-Server-x.xx)
47
Net::SMTP (libnet-x.xx) (use libnet-1.16 or latter for performance)
48
Digest::MD5 (Digest-MD5-x.xx)
47
Net::Server (Net-Server-x.xx) (version 0.88 finally does setuid right)
48
Net::SMTP (libnet-x.xx, ports/net/p5-Net) (>= libnet-1.16 for performance)
49
Digest::MD5 (Digest-MD5-x.xx) (2.22 or later)
49
50
IO::Stringy (IO-stringy-x.xxx)
50
Time::HiRes (Time-HiRes-x.xx) (use 1.49 or later, some older cause problems)
51
Time::HiRes (Time-HiRes-x.xx) (use 1.49 or later, older can cause problems)
51
52
Unix::Syslog (Unix-Syslog-x.xxx)
53
BerkeleyDB with bdb library 3.2 or later (4.2 or later preferred)
53
55
The following external programs are used for decoding/dearchiving
54
56
if they are available:
55
compress, gzip, bzip2, nomarch (or arc), lha, arj (or unarj),
56
rar (or unrar), zoo, cpio, lzop, freeze (or unfreeze or melt).
59
Mail::SpamAssassin for doing spam scanning (recomm. 2.60 or later)
60
DBI with appropriate DBD::* if using SQL lookups
61
Net::LDAP if using LDAP lookups
62
virus scanners external programs for doing virus scanning
64
External programs are available from:
65
file: ftp://ftp.astron.com/pub/file/
57
compress, gzip, bzip2, nomarch (or arc), lha, arj (or unarj), rar (or unrar),
58
unzoo (or zoo), pax, cpio, lzop, freeze (or unfreeze or melt), ripole,
60
Self-extracting archives (executables) can be of types zip, rar, lha or arj,
61
and are only recognized when the corresponding dearchiver is available.
63
optional Perl modules:
64
Mail::SpamAssassin for doing spam scanning (2.64 or 3.0.4 or >=3.1)
65
DBI with appropriate DBD::* if using SQL lookups
66
Net::LDAP if using LDAP lookups
67
Authen::SASL authenticating on mail forwarding and on submitting DSN
68
Mail::ClamAV Perl module interface to ClamAV library
69
SAVI Perl module interface to Sophos library (0.30 or later)
71
optional, but usually desired:
72
virus scanners external programs for doing virus scanning, like ClamAV
74
Some external programs may already be provided with the system, but it is
75
worth checking that their version is recent. The following lists the programs
76
and their distribution sites (not necessarily the only or the official).
77
The most crucial programs are marked with an asterisk:
79
* file: ftp://ftp.astron.com/pub/file/
66
80
compress: ftp://ftp.warwick.ac.uk/pub/compression/
67
gzip: http://www.gzip.org/
68
bzip2: http://sources.redhat.com/bzip2/
81
* gzip: http://www.gzip.org/
82
bzip2: http://www.bzip.org/
69
83
nomarch: http://rus.members.beeb.net/nomarch.html
70
84
arc: ftp://ftp.kiarchive.ru/pub/unix/arcers/
71
85
lha: http://www2m.biglobe.ne.jp/~dolphin/lha/prog/
72
86
unarj: ftp://ftp.kiarchive.ru/pub/unix/arcers/
73
arj: http://testcase.newmail.ru/files/
87
arj: http://testcase.newmail.ru/files/ (arj is preferable to unarj)
74
88
rar, unrar: http://www.rarsoft.com/, ftp://ftp.kiarchive.ru/pub/unix/arcers/
89
(rar is preferable to unrar)
90
unzoo: http://critical.ch/distfiles/
75
91
zoo: ftp://ftp.kiarchive.ru/pub/unix/arcers/
76
cpio: ftp://ftp.gnu.org/pub/gnu/cpio
77
92
lzop: http://www.lzop.org/download/
78
93
freeze: ftp://ftp.warwick.ac.uk/pub/compression/
79
ClamAV http://clamav.elektrapro.com/ (open source virus scanner)
94
ripOLE: http://www.pldaniels.com/ripole/
95
tnef: http://tnef.sourceforge.net/
96
* pax: http://www.gnu.org/software/paxutils/
97
or: http://heirloom.sourceforge.net/
98
cpio: http://www.gnu.org/software/cpio/
99
or: http://heirloom.sourceforge.net/
100
cabextract: http://www.kyz.uklinux.net/cabextract.php
101
* ClamAV: http://clamav.elektrapro.com/ (open source virus scanner)
102
SAVI: http://www.csupomona.edu/~henson/www/projects/SAVI-Perl/dist/
103
dspam: http://www.nuclearelephant.com/projects/dspam/
105
bdb: http://www.sleepycat.com/ (Berkeley db libr. used via BerkeleyDB)
106
p0f: http://lcamtuf.coredump.cx/p0f.shtml
108
Optional third-party utilities:
109
MailZu: http://www.MailZu.org/ (quarantine management web UI)
110
amavisd-milter: http://sourceforge.net/projects/amavisd-milter/
111
(alternative sendmail milter supporting the new AM.PDP protocol)
113
See also: http://www.ijs.si/software/amavisd/#contrib
82
116
Installing the daemon:
109
143
Create its home directory, unless account creation procedure already did it:
110
144
mkdir /var/amavis
112
Check or set the ownership and protection of the directory to be readable
146
Create the following subdirectories:
147
mkdir /var/amavis/tmp /var/amavis/var /var/amavis/db /var/amavis/home
149
Check or set the ownership and protection of the directories to be readable
113
150
and writable by the chosen UID, and not writable by other non-privileged
115
chown amavis:amavis /var/amavis
116
chmod 750 /var/amavis
152
chown -R amavis:amavis /var/amavis
153
chmod -R 750 /var/amavis
118
- unpack the source distribution (see 'Obtaining the software' above)
119
wherever desired (/usr/local/src or elsewhere), and cd to the directory;
155
- unpack the amavisd-new source distribution (see 'Obtaining the software'
156
above) wherever desired (/usr/local/src or elsewhere), and cd to that
121
159
- copy file amavisd to wherever you want it to reside,
122
160
such as /usr/local/sbin, and make sure its protection setting allows it
123
to be executed, but not overwritten by non-privileged users.
161
to be executed and read, but not overwritten by non-privileged users.
124
162
This is a Perl source, so it is readable by any text viewer if needed.
125
It is commented to provide setup information and examples.
126
163
cp amavisd /usr/local/sbin/
127
164
chown root /usr/local/sbin/amavisd
128
165
chmod 755 /usr/local/sbin/amavisd
133
170
chown root /etc/amavisd.conf
134
171
chmod 644 /etc/amavisd.conf
173
(if the file contains sensitive information like a password for accessing
174
a SQL database, it should not be world-readable: chmod 600 /etc/amavisd.conf
175
in this case however amavisd daemon can not be started with option -u)
136
177
Some sites prefer location /etc/amavis/ or /usr/local/etc/. If using
137
a non-default location, one may use the command line option -c when
178
a non-default location, one may use a command line option -c when
138
179
starting the daemon to specify a non-default configuration file,
139
or provide a soft link at the default location.
180
or provide a soft link at the default location. Multiple -c options
181
are permitted and enable splitting the config file into sections such
182
as site-specific and general sections;
141
184
- create a directory (e.g. /var/virusmails) to be used by amavisd-new
142
185
as a quarantine area (if a virus or spam quarantine is desired).
143
Set the ownership and protection of the directory to be readable and
186
Set ownership and protection of the directory to be readable and
144
187
writable by the chosen UID, and not writable by other non-privileged
146
189
mkdir /var/virusmails
150
193
- edit file /etc/amavisd.conf and adjust variables $daemon_group
151
194
and $daemon_user to match the chosen group and user name,
152
adjust variables $MYHOME, $TEMPBASE and $QUARANTINEDIR to match
153
the directories just created, then check/adjust other variables,
154
especially those in 'Section I', including $mydomain.
195
adjust variables $MYHOME, $TEMPBASE, $db_home and $QUARANTINEDIR
196
to match the directories just created, then check/adjust other variables,
199
$MYHOME = '/var/amavis';
200
$TEMPBASE = "$MYHOME/tmp";
201
$db_home = "$MYHOME/db";
203
Optionally, if $MYHOME is preferred uncluttered and for extra security
204
owned by root (not modifyable by user amavis):
205
$MYHOME = '/var/amavis';
206
$helpers_home = "$MYHOME/home";
207
$pid_file = "$helpers_home/amavisd.pid";
208
$lock_file = "$helpers_home/amavisd.lock";
209
in which case the ownership of /var/amavisd should be changed to root
210
and ownership of /var/amavis/home must be amavis:
211
chown root /var/amavis
212
chown -R amavis:amavis /var/amavis/home
213
chmod 750 /var/amavis /var/amavis/home
156
215
- install virus scanners (if they are to be used), and Perl module
157
SpamAssassin (if desired), and adjust variables in /etc/amavisd.conf,
158
especially in the last section 'Section VII'. There are several other
159
Perl modules needed by amavisd daemon (see 'Prerequisites') - if they
160
are not yet installed, a list of missing modules will be logged
161
when amavisd is started;
216
Mail::SpamAssassin (if desired), and adjust variables in /etc/amavisd.conf.
217
There are several other Perl modules needed by amavisd daemon
218
(see 'Prerequisites') - if they are not yet installed, a list
219
of missing modules will be logged when amavisd is started;
163
221
- some virus scanners run as daemons or change UID when checking files.
164
222
It is easiest to run such virus scanners under the same UID/GID (or at least
165
223
within the same group) as amavisd, to avoid file permission problems
166
when virus scanner reads files prepared for checking by amavisd daemon;
168
- start the program 'amavisd', either as root, or with su(1) as the user
169
chosen above. It should start up and (if root) change its GID/UID to the
170
setting provided. It is wise to start it up for the first time with
224
when virus scanner reads files prepared for checking by amavisd daemon.
225
Some virus scanners may require write permission to the $TEMPBASE directory
226
to be able to create auxiliary files there.
228
If different UID is preferred for an AV scanner, a solution for
229
ClamAV is to add user clamav to the amavis group, and then add
230
AllowSupplementaryGroups to clamd.conf.
232
- start the program 'amavisd', either as root (possibly with option
233
-u user), or with su(1) as the user chosen above. It should
234
start up, and (if root) change its GID/UID to the setting provided.
235
It is wise to start it up for the first time with a 'debug' option:
236
/usr/local/sbin/amavisd -u vscan debug
172
238
/usr/local/sbin/amavisd debug
239
When checking SpamAssassin operations, the following can be useful:
240
/usr/local/sbin/amavisd debug-sa
174
242
- later when everything has been tested and works, a shell script
175
243
amavisd_init.sh or similar may be made to run at system startup/shutdown
added
removed
INSTALL
