55
54
Connection closed by foreign host.
58
2. With a text editor add to the Postfix master.cf file
57
2. With a text editor add to the Postfix master.cf file
59
58
the following two entries, e.g. near the end of the file:
61
60
smtp-amavis unix - - y/n - 2 smtp
62
61
-o smtp_data_done_timeout=1200
63
62
-o smtp_send_xforward_command=yes
64
63
-o disable_dns_lookups=yes
66
66
127.0.0.1:10025 inet n - y/n - - smtpd
68
68
-o local_recipient_maps=
69
69
-o relay_recipient_maps=
70
70
-o smtpd_restriction_classes=
71
-o smtpd_client_restrictions=
71
-o smtpd_delay_reject=no
72
-o smtpd_client_restrictions=permit_mynetworks,reject
72
73
-o smtpd_helo_restrictions=
73
74
-o smtpd_sender_restrictions=
74
75
-o smtpd_recipient_restrictions=permit_mynetworks,reject
76
-o smtpd_data_restrictions=reject_unauth_pipelining
77
-o smtpd_end_of_data_restrictions=
75
78
-o mynetworks=127.0.0.0/8
76
-o strict_rfc821_envelopes=yes
77
79
-o smtpd_error_sleep_time=0
78
80
-o smtpd_soft_error_limit=1001
79
81
-o smtpd_hard_error_limit=1000
82
the '-o disable_dns_lookups=yes' in the smtp-amavis smtp service is
83
no longer needed since Postfix 2.0. The '-o smtp_send_xforward_command=yes'
84
(or '-o lmtp_send_xforward_command=yes') are optional and will be used
85
by future versions of amavisd-new, primarily for logging purposes.
86
It does not hurt if specified, even if not yet needed or not yet
87
supported by the currently running Postfix or amavisd-new.
90
Of all the options specified above in the second entry, the one
91
that is essential is the '-o content_filter=' .
82
-o smtpd_client_connection_count_limit=0
83
-o smtpd_client_connection_rate_limit=0
84
-o receive_override_options=no_header_body_checks,no_unknown_recipient_checks
93
86
Change the 'y/n' to either 'y' or 'n', depending on how you prefer
94
87
the smtp and smtpd postfix services to run - either chroot-ed, or not.
95
See your other (normal) smtp and smtpd postfix services in this file
88
See your other (normal) smtp and smtpd postfix services in master.cf
96
89
and use the same setting here.
99
If you have an entry like 'vscan unix - n n - 2 pipe user=vscan ...'
100
from an ancient amavisd installation, you don't need it anymore and
101
it may be removed. Keeping it does no harm.
92
- Of all the options specified above in the second entry,
93
the one that is essential is the '-o content_filter=' .
94
- The '-o smtp_send_xforward_command=yes'
95
(or '-o lmtp_send_xforward_command=yes' if using LMTP)
96
is optional, but recommended - amavisd-new benefits from it since V2.0.
97
It does not hurt if specified even if not yet supported by the currently
98
running Postfix or amavisd-new.
99
- the '-o max_use=20' is optional, it overrides the default value of 100,
100
and is primarily useful with lmtp, as the Postfix lmtp client is more
101
aggressive in keeping the connection open than the smtp client;
102
- If there is an entry like 'vscan unix - n n - 2 pipe user=vscan ...'
103
from an ancient amavisd installation, it is not needed any longer
104
and may be removed. Keeping it does no harm.
105
- for IPv6 enabled MTA, consider: -o mynetworks=127.0.0.0/8,[::1]/128
104
108
3. Do a 'postfix reload', check its log file for any complaints,
177
181
To the Postfix main.cf file add a line:
179
content_filter=smtp-amavis:[127.0.0.1]:10024
183
content_filter=smtp-amavis:[127.0.0.1]:10024
181
185
either with a text editor, or preferably using a shell command:
182
186
# postconf -e 'content_filter=smtp-amavis:[127.0.0.1]:10024'
185
This global setting in main.cf affects any Postfix input service (i.e.
186
smtpd and pickup). If you require a more selective approach, the option
189
The global setting of 'content_filter' in main.cf affects any Postfix
190
input service (i.e. smtpd and pickup). If a more selective approach
191
is required, the option
187
192
-o content_filter=smtp-amavis:[127.0.0.1]:10024
188
193
may be given in master.cf to selected services only, or the option:
189
194
-o content_filter=
190
on selected services may override (clear) the global setting.
195
may override (i.e. clear) the global setting on selected services.
193
198
6. Do a 'postfix reload' and watch the logs - both the Postfix logs,
194
199
and the amavisd log file (on the screen or wherever you have it directed).
196
If you get in trouble, you only need to undo the step 5 and 'postfix reload'.
197
New mail will no longer be tagged with content filter routing.
201
If you get in trouble, you only need to undo the step 5 and do a
202
'postfix reload'. New mail will no longer be tagged with content filter
200
206
The messages that have been received while 'content_filter' was set,
201
207
will still try to get delivered to your old setting of content_filter,
202
and will wait in the queue until successful or deleted - or until you do:
203
postsuper -r ALL; postfix reload
208
and will wait in the queue until successful or deleted or expired - or
209
until you do: postsuper -r ALL; postfix reload
205
211
If all is fine, you may abort (^C) the process running 'amavisd debug',
206
212
and start amavisd without a 'debug' option, making it detach and daemonize.
209
215
This completes the integration of amavisd and Postfix.
210
216
It uses the SMTP (or LMTP) protocol for Postfix->amavisd,
211
and SMTP protocol for amavisd->Postfix communication.
217
and uses SMTP protocol for amavisd->Postfix communication.
212
218
This is the fastest and recommended method, and simplest to set up.
217
If you have a recent Postfix version such as 2.0, and amavisd-new-20021116
218
or younger, Postfix can be told to feed mail to amavisd via LMTP protocol
219
instead of SMTP. This brings multi-session mail transaction capability and
220
per-recipient status responses. Just replace the service name (last item)
223
The most important tuning knob is the number of concurrent content filtering
224
processes allowed. Too low a value does not fully utilize the host resources,
225
a somewhat high value wastes memory and gains no benefit to the aggregate
226
mail throughput, while a too high value causes system thrashing and the
227
total system mail throughput starts to drop. A useful starting value is 2,
228
a commonly useful range is perhaps up to 10 (or perhaps 20 on hosts with
229
1 GB of RAM or more, and SA with network tests such as Razor enabled),
230
but the exact value largely depends on host capabilities and the anti-virus
231
and anti-spam options in use.
233
It is imperative that both the Postfix and the amavisd-new use the same value.
234
Actually the amavisd setting may be higher that the Postfix, but this serves
235
no useful purpose and just wastes resources. The amavisd.conf parameter is
236
the $max_servers, the Postfix parameter is the maxproc field in the
237
'smtp-amavis' entry (file master.cf).
239
Instead of adjusting the maxproc field of the 'smtp-amavis' service,
240
one may prefer to leave it a the default '-', and use a main.cf option
241
for the same purpose:
242
smtp-amavis_destination_concurrency_limit = 2
244
For other tuning hints, see README.performance and:
245
http://www.ijs.si/software/amavisd/amavisd-new-magdeburg-20050519.pdf
248
TO DO 'VIRTUAL ALIAS' MAPPING AND OTHER POSTFIX CLEANUP PROCESSING
249
BEFORE OR AFTER CONTENT FILTERING?
251
In a post-queue content filtering setup (a normal amavisd-new setup with
252
Postfix), a mail message passes through smtpd and cleanup Postfix services
253
twice, once before the content filter, and the second time when approved
254
message is passed from the content filter back to MTA. Any transformations
255
and checks done by a cleanup service are thus performed twice. In simpler
256
setups this does not matter much, but in more demanding situations one
257
needs to consider which cleanup instance should perform which task.
258
See cleanup(8) man page.
260
In particular, the following should be considered:
264
- canonical address transformations
265
placed before the content filter:
266
content filter will see canonicalized envelope addresses
267
(e.g. external addresses)
268
placed after the content filter:
269
content filter will see largely unmodified envelope addresses
271
- virtual alias transformations of envelope recipient addresses
272
placed before the content filter:
273
content filter will see modified (e.g. internalized) envelope addresses
274
placed after the content filter:
275
content filter will see largely unmodified envelope addresses
277
- built-in content checks like the header_checks, body_checks, mime processing
278
placed before the content filter:
279
the usual placement, checks should be performed as early as convenient
280
placed after the content filter:
281
most built-in content checks should not be performed again to save time
282
and prevent late bounces. An exception may be the 'placing on hold'
283
of a mail message that the content filter considered a potential threat
284
and inserted a header field 'X-Amavis-Hold: reason', which needs to be
285
done after content filtering.
287
- automatic BCC recipient controls
288
should only be done once to prevent mail duplication. The same
289
applies when virtual mapping is used a "poor man's" mailing lists.
290
Adding recipients is normally placed after content filtering;
292
- resource and rate controls
293
should be done before the content filtering, and should be disabled
294
or be more liberal in the cleanup service after the content filter;
296
To exercise full control over which cleanup service will perform which
297
e-mail address mapping (virtual alias, canonical, masquerading), and
298
which (if any) header/body checks, one needs to use two cleanup services:
300
- add a new service 'pre-cleanup';
301
- (optionally) add options to existing service 'cleanup';
302
- add option 'cleanup_service_name=pre-cleanup' to existing services
305
as described further down.
307
If the full flexibility of having two cleanup services is not needed
308
and Postfix is snapshot 2.0.13-20030706 or later, there is a new parameter
309
'receive_override_options' which eliminates the need for two cleanup
310
services in some more straightforward cases (not all features of having
311
two cleanup services are available). The idea is to use:
312
-o receive_override_options=no_address_mappings
313
for main incoming services (like smtpd and pickup), and the:
314
-o receive_override_options=no_header_body_checks,no_unknown_recipient_checks
315
for the post-content-filter smtpd service on port 10025.
316
See smtpd(8) man page and the FILTER_README and ADDRESS_REWRITING_README
317
files in the Postfix documentation directory README_FILES.
318
The receive_override_options=no_address_mappings also avoids the need
319
for moving always_bcc option from main.cf to master.cf in common cases.
322
ALTERNATIVE FOR POSTFIX OLDER THAN 2.2
324
Postfix can be told to feed mail to amavisd via LMTP protocol instead
325
of SMTP. This is possible since Postfix 2.0 and since amavisd-new-20021116.
327
LMTP brings per-recipient status responses and multi-transaction session
328
capability, the later of which the Postfix service smtp before cca. 2004-08
329
lacked. For newer versions of Postfix with "connection cache" capability
330
(previously known as "session caching"), i.e. the Postfix 2.2 and the
331
snapshots since cca. 2004-08, the per-recipient status responses remains
332
the only (small) advantage of LMTP.
334
A LMTP advantage with its per-recipient status responses is most useful when
335
the second MTA instance (on port 10025) returns a 5xx or 4xx SMTP response
336
for some but not all recipients for some reason, or if amavisd-new is
337
(inappropriately) configured to D_REJECT malware instead of D_BOUNCE it.
338
Neither of the two is encountered regularly on well configured systems.
340
As it is advisable to perform most of the MTA mail checks (like mail address
341
validation, header and body checks) as soon as mail enters the mailer, the
342
second MTA instance should under normal circumstances hardly ever generate
343
a 5xx or 4xx response. Regarding the second argument, rejecting malware
344
(D_REJECT) in an after-queue setup leads to backscatter generated by MTA
345
and is not a recommended setting in a Postfix after-queue and other
348
To use LMTP instead of SMTP just replace the service name (last item)
221
349
'smtp' with 'lmtp' in the master.cf entry: vvvv
223
351
smtp-amavis unix - - y/n - 2 lmtp
224
352
-o lmtp_data_done_timeout=1200
225
353
-o lmtp_send_xforward_command=yes
227
(and change parameter names accordingly).
229
It works with earlier version of Postfix as well, but there are one or two
230
minor bugs in the Postfix lmtp client code (parsing a LMTP port number,
231
and unnecessarily lowercasing the addresses), so it is easiest to stick
232
to the fresh Postfix version.
234
Option 'max_use=10' should be added to main.cf to limit the session reuse.
355
(and change option names accordingly).
240
I also like to set up an e-mail addresses with Postfix to receive
241
all quarantined viruses, so that a mailer will deal with storing
242
(or forwarding) them, and you don't even have to set up a quarantine
243
directory directly and locally accessible to amavisd. Here is one way
244
of doing it, but see 'local(8)' Postfix man page for more options.
246
This method of quarantining may be the only method available if amavisd
247
is running chrooted and quarantine should be located outside of chroot jail.
249
To the aliases file add an entry for an e-mail address, e.g. 'infected',
250
either to forward its mail to some place, or do a local delivery
251
to a file or directory, e.g.:
360
It is probably a good idea to set strict_rfc821_envelopes=yes in main.cf
361
to reject non-replyable sender addresses such as <@yahoo.com> straight away,
362
otherwise we end up processing such mail with inability to bounce it when
363
needed, effectively losing such mail.
366
One can set up an e-mail addresses (a mailbox) with Postfix to receive all
367
quarantined viruses so that a mailer will deal with storing or forwarding
368
them, and a local quarantine directory directly can be avoided. Here is
369
one way of doing it, but see 'local(8)' Postfix man page for more options.
371
This method of quarantining might be the only method available if amavisd
372
is running chrooted and quarantine is to be located outside of chroot jail.
374
To the Postfix aliases file (or database) add an entry for an e-mail address,
375
e.g. 'infected', either to forward its mail to some place, or do a local
376
delivery to a file or directory, e.g.:
253
378
infected: /var/spool/mail/infected
396
512
-o local_recipient_maps=
397
513
-o relay_recipient_maps=
398
514
-o smtpd_restriction_classes=
399
-o smtpd_client_restrictions=
515
-o smtpd_delay_reject=no
516
-o smtpd_client_restrictions=permit_mynetworks,reject
400
517
-o smtpd_helo_restrictions=
401
518
-o smtpd_sender_restrictions=
402
519
-o smtpd_recipient_restrictions=permit_mynetworks,reject
520
-o smtpd_data_restrictions=reject_unauth_pipelining
521
-o smtpd_end_of_data_restrictions=
403
522
-o mynetworks=127.0.0.0/8
404
-o mynetworks_style=host
405
-o strict_rfc821_envelopes=yes
407
# -o smtpd_data_restrictions=
408
# -o always_bcc=user@example.com
523
-o smtpd_error_sleep_time=0
524
-o smtpd_soft_error_limit=1001
525
-o smtpd_hard_error_limit=1000
526
-o smtpd_client_connection_count_limit=0
527
-o smtpd_client_connection_rate_limit=0
528
-o receive_override_options=no_header_body_checks,no_unknown_recipient_checks
411
531
# The following is the cleanup daemon that handles messages in front of
412
# the content filter. It does header_checks and body_checks (if any),
413
# but does no virtual alias or canonical address mapping,
414
# so that mail comes out of your content filter with the original
415
# recipient addresses still intact.
532
# the content filter. It does header_checks and body_checks (if any), but
533
# does no virtual alias or canonical address mapping, so that mail comes
534
# to a content filter with original recipient addresses still intact.
417
536
# Virtual alias or canonical address mapping happens in the second
418
537
# cleanup phase after the content filter. This gives the content_filter
419
# access to *largely* unmodified addresses for maximum flexibility.
538
# access to largely unmodified addresses for maximum flexibility.
421
# Note that some sites may specifically want to perform canonical or
422
# virtual address mapping in front of the content_filter. However,
423
# in that case you still have to enable address rewriting in the
424
# after-filter cleanup instance, in order to correctly process
425
# forwarded mail or bounced mail.
540
# Note that some sites may specifically want to perform canonical and/or
541
# virtual address mapping in front of the content_filter. However, in that
542
# case you still have to enable address rewriting in the after-filter cleanup
543
# instance in order to correctly process forwarded mail or bounced mail.
427
545
# handle both the canonicalization and virtual_alias_maps later
428
546
# (this will provide content filter with largely unmodified addresses)
482
602
# - re-injection (forwarding) if $forward_method is smtp:...
483
603
# - notification messages if $notify_method is smtp:...
484
604
# - quarantine if $virus_quarantine_to contains '@'
485
# In amavisd.conf set port number where Postfix (one or more) is
486
# listening for re-injected mail and notifications, and optionally set
487
# $relayhost_is_client to 1, if you want to have host field in the
488
# $forward_method and $notify_method specification dynamically replaced
489
# (re-injection port number is automatically set to one higher than the
490
# port number on which message came in to amavisd, making possible for
491
# several MTA pairs on the same host to independently use amavisd, e.g.
492
# separately for incoming and outgoing mail). To prevent unauthorized use
493
# of the service you SHOULD restrict the set of IP addresses from which
494
# amavisd is willing to accept mail by specifying authorized Postfix host(s)
495
# with the access list @inet_acl in the amavisd.conf file. Bind must not be
496
# restricted to the loopback interface, so set $inet_socket_bind to undef.
605
# In amavisd.conf set port number where Postfix (one or more) is listening
606
# for re-injected mail and notifications, and optionally use an asterisk in
607
# $forward_method and $notify_method specification if host or port field
608
# is to be dynamically replaced (re-injection port number is automatically
609
# set to one higher than the port number on which message came in to amavisd,
610
# making possible for several MTA pairs on the same host to independently
611
# use amavisd, e.g. separately for incoming and outgoing mail). To prevent
612
# unauthorized use of the service you should restrict the set of IP addresses
613
# from which amavisd is willing to accept mail by specifying authorized Postfix
614
# host(s) with the access list @inet_acl in the amavisd.conf file. Bind must
615
# not be restricted to loopback interface, so set $inet_socket_bind to undef.
498
617
# NOTE1: you SHOULD also restrict Postfix to only accept connections
499
618
# on port 10025 from the amavisd host by '-o mynetworks = ...'