Amavis: Difference between revisions

From QmailToaster
Jump to navigation Jump to search
No edit summary
No edit summary
 
(23 intermediate revisions by the same user not shown)
Line 1: Line 1:
  For testing until production stability proven.
  For testing until production stability proven.


  Get Amavis Qmail queue
  The way it works <span style="color:red">[TCP Port or pipe]</span>:
  # wget -O /var/qmail/bin/qmail-queue.smtp https://github.com/qmtoaster/amavis/blob/main/qmail-queue.smtp.cos8?raw=true
SMTP ''--[25]->'' qmail-smtpd ''--[|]->'' qmail-queue.smtpd ''--[10024]->'' amavisd ''--[10025]->'' qmail-smtpd ''--[|]->'' qmail-queue ''>'' qmail queue ''>'' qmail-local
 
'''Build qmail-queue.smtp transfers email to Amavisd'''
  # wget https://raw.githubusercontent.com/qmtoaster/amavis/main/qmail-amavisd-0.94.patch
# wget https://raw.githubusercontent.com/qmtoaster/amavis/main/qmail-amavisd-0.94.tgz
# tar zxvf qmail-amavisd-0.94.tgz
# cd qmail-amavisd-0.94
# patch < ../qmail-amavisd-0.94.patch
# make
# cp qmail-queue.smtp /var/qmail/bin
  # chown qmailq:qmail /var/qmail/bin/qmail-queue.smtp
  # chown qmailq:qmail /var/qmail/bin/qmail-queue.smtp
  # chmod 4711 /var/qmail/bin/qmail-queue.smtp
  # chmod 4711 /var/qmail/bin/qmail-queue.smtp


  Build Your Own qmail-queue.smtp
  '''Install Amavis & edit config, run clamd under Amavis, start both services'''
wget https://raw.githubusercontent.com/qmtoaster/amavis/main/qmail-amavisd-0.94.patch
  # dnf -y install amavisd-new lz4 cabextract perl-Digest-SHA1 perl-IO-stringy
wget https://raw.githubusercontent.com/qmtoaster/amavis/main/qmail-amavisd-0.94.tgz
  # wget https://www.rarlab.com/rar/rarlinux-x64-700.tar.gz (https://www.rarlab.com/)
tar zxvf qmail-amavisd-0.94.tgz
  # tar zxvf rarlinux-x64-700.tar.gz
cd qmail-amavisd-0.94
  # cp rar/rar rar/unrar /usr/local/bin
patch < ../qmail-amavisd-0.94.patch
make
cp qmail-queue.smtp /var/qmail/bin
chown qmailq:qmail /var/qmail/bin/qmail-queue.smtp
chmod 4711 /var/qmail/bin/qmail-queue.smtp
 
Install Amavis & edit config, run clamd under Amavis, start both services
  # yum --enablerepo=epel,PowerTools -y install amavisd-new lz4 perl-Digest-SHA1 perl-IO-stringy
# yum --enablerepo=fedora cabextract
  # wget https://www.rarlab.com/rar/rarlinux-x64-6.0.b1.tar.gz
  # tar zxvf rarlinux-x64-6.0.b1.tar.gz
  # cd rar
# cp rar unrar /usr/local/bin
  # sed -i 's/%i.conf/amavisd.conf/' /usr/lib/systemd/system/clamd@.service
  # sed -i 's/%i.conf/amavisd.conf/' /usr/lib/systemd/system/clamd@.service
  # systemctl daemon-reload
  # systemctl daemon-reload
Line 34: Line 30:
  # systemctl enable --now amavisd
  # systemctl enable --now amavisd


  Create tcp rules for qmail smtp & qmail amavis
  '''Create tcp rules for qmail smtp & qmail amavis'''
  # mv /etc/tcprules.d/tcp.smtp /etc/tcprules.d/tcp.smtp.bak
  # mv /etc/tcprules.d/tcp.smtp /etc/tcprules.d/tcp.smtp.bak


  tee /etc/tcprules.d/tcp.amavis.smtp  > /dev/null <<EOT
  # tee /etc/tcprules.d/tcp.amavis.smtp  > /dev/null <<EOT
  127.:allow,RELAYCLIENT="",RBLSMTPD="",NOP0FCHECK="1"
  127.:allow,RELAYCLIENT="",RBLSMTPD="",NOP0FCHECK="1"
  :allow,CHKUSER_RCPTLIMIT="50",CHKUSER_WRONGRCPTLIMIT="10",QMAILQUEUE="/var/qmail/bin/qmail-queue.smtp",NOP0FCHECK="1"
  :allow,CHKUSER_RCPTLIMIT="50",CHKUSER_WRONGRCPTLIMIT="10",QMAILQUEUE="/var/qmail/bin/qmail-queue.smtp",NOP0FCHECK="1"
  EOT
  EOT
# tcprules /etc/tcprules.d/tcp.amavis.smtp.cdb /etc/tcprules.d/tcp.amavis.smtp.tmp < /etc/tcprules.d/tcp.amavis.smtp
# chmod 644 tcp.amavis.smtp*


  tee /etc/tcprules.d/tcp.smtp  > /dev/null <<EOT
  # tee /etc/tcprules.d/tcp.smtp  > /dev/null <<EOT
  127.:allow,RELAYCLIENT="",RBLSMTPD="",NOP0FCHECK="1"
  127.:allow,RELAYCLIENT="",RBLSMTPD="",NOP0FCHECK="1"
  :allow,CHKUSER_RCPTLIMIT="50",CHKUSER_WRONGRCPTLIMIT="10",QMAILQUEUE="/var/qmail/bin/qmail-queue",NOP0FCHECK="1"
  :allow,CHKUSER_RCPTLIMIT="50",CHKUSER_WRONGRCPTLIMIT="10",QMAILQUEUE="/var/qmail/bin/qmail-queue",NOP0FCHECK="1"
  EOT
  EOT
# qmailctl cdb


  Edit/Create run files for qmail smtp & qmail amavis
  '''Edit/Create run files for qmail smtp & qmail amavis'''
  # cp -Rp /var/qmail/supervise/smtp /var/qmail/supervise/smtp2
  # cp -Rp /var/qmail/supervise/smtp /var/qmail/supervise/smtp2


  tee /var/qmail/supervise/smtp/run > /dev/null <<EOT
  # tee /var/qmail/supervise/smtp/run > /dev/null <<EOT
  #!/bin/sh
  #!/bin/sh
  QMAILDUID=`id -u vpopmail`
  QMAILDUID=`id -u vpopmail`
Line 66: Line 65:
  EOT
  EOT


  tee /var/qmail/supervise/smtp2/run > /dev/null <<EOT
  # tee /var/qmail/supervise/smtp2/run > /dev/null <<EOT
  #!/bin/sh
  #!/bin/sh
  QMAILDUID=`id -u vpopmail`
  QMAILDUID=`id -u vpopmail`
Line 83: Line 82:
  EOT
  EOT


  tee /var/qmail/supervise/smtp2/log/run > /dev/null <<EOT
  # tee /var/qmail/supervise/smtp2/log/run > /dev/null <<EOT
  #!/bin/sh
  #!/bin/sh
  LOGSIZE=`cat /var/qmail/control/logsize`
  LOGSIZE=`cat /var/qmail/control/logsize`
Line 92: Line 91:
  EOT
  EOT


  Add Amavis Dspam support
  '''Add Amavis Dspam support'''
 
  Install Dspam (skip 'install per domain')
  Install Dspam (skip 'install per domain')
  # wget https://raw.githubusercontent.com/qmtoaster/dspam/master/dspamdb.sh
  # wget https://raw.githubusercontent.com/qmtoaster/dspam/master/dspamdb.sh
Line 99: Line 97:
  # ./dpsamdb.sh
  # ./dpsamdb.sh


  Add Under $dspam = 'dspam'
  '''Add Under $dspam = 'dspam''''
  # vi /etc/amavisd/amavisd.conf
  # vi /etc/amavisd/amavisd.conf


Line 108: Line 106:
  );
  );


  Add under 'Trust vpopmail'
  '''Add under 'Trust vpopmail''''
  # vi /etc/dspam.conf
  # vi /etc/dspam.conf
  Trust amavis
  Trust amavis


  Start & stat qmail
  '''Start & stat qmail'''
  # qmailctl start
  # qmailctl start
  # qmailctl stat
  # qmailctl stat<br>
 
  send: up (pid 253068) 97100 seconds
  send: up (pid 253068) 97100 seconds
  smtp: up (pid 253065) 97100 seconds
  smtp: up (pid 253065) 97100 seconds
Line 127: Line 124:
  submission/log: up (pid 253069) 97100 seconds
  submission/log: up (pid 253069) 97100 seconds


  Test with Swaks
  '''Test with Swaks'''
  # swaks --to myuser@domain.tld,myuser2@domain.tld --from myuser@remotedomain.tld --server mx.domain.tld -tls
  # swaks --to myuser@domain.tld,myuser2@domain.tld --from myuser@remotedomain.tld --server mx.domain.tld -tls
  === Trying 192.168.16.75:25...
  === Trying 192.168.16.75:25...
Line 171: Line 168:
  === Connection closed with remote host.
  === Connection closed with remote host.


  All Amavis output is in the maillog (/var/log/maillog).
  '''All Amavis output is in the maillog (/var/log/maillog).'''


  Email headers will contain
  '''The following header will be inserted by amavisd'''
  X-Virus-Scanned: amavisd-new at domain.tld
  X-Virus-Scanned: amavisd-new at domain.tld


  Email headers will show Amavis routing
  '''Email headers will show Amavis routing'''
  Return-Path:  
  Return-Path:  
  Delivered-To: myemail@domain.tld
  Delivered-To: myemail@domain.tld
Line 185: Line 182:
  X-DSPAM-Confidence: 0.9899
  X-DSPAM-Confidence: 0.9899
  X-DSPAM-Probability: 0.0000
  X-DSPAM-Probability: 0.0000
  X-Virus-Scanned: amavisd-new at domain.tld
  <span style="color:red">X-Virus-Scanned: amavisd-new at domain.tld</span>
  X-DSPAM-Result: Whitelisted
  X-DSPAM-Result: Whitelisted
  X-DSPAM-Signature: 1,5fc2eece2666485921812939
  X-DSPAM-Signature: 1,5fc2eece2666485921812939
  Received: from unknown ([127.0.0.1])
  <span style="color:red">Received: from unknown ([127.0.0.1])
         by localhost (mx.domain.tld [127.0.0.1]) (amavisd-new, port 10024)
         by localhost (mx.domain.tld [127.0.0.1]) (amavisd-new, port 10024)
         with SMTP id kma806hO5pyA; Sat, 28 Nov 2020 17:43:57 -0700 (MST)
         with SMTP id kma806hO5pyA; Sat, 28 Nov 2020 17:43:57 -0700 (MST)</span>
  Received: from unknown (HELO mx.remotedomain.tld) (xxx.xxx.xxx.xxx)
  Received: from unknown (HELO mx.remotedomain.tld) (xxx.xxx.xxx.xxx)
   by localhost.localdomain with ESMTPS (ECDHE-RSA-AES256-GCM-SHA384 encrypted); 29 Nov 2020 00:43:57 -0000
   by localhost.localdomain with ESMTPS (ECDHE-RSA-AES256-GCM-SHA384 encrypted); 29 Nov 2020 00:43:57 -0000
Line 197: Line 194:




  Other spam scanners operable with Amavis
  '''Other spam scanners operable with Amavis'''


   @spam_scanners = (
   @spam_scanners = (
Line 208: Line 205:
   );
   );


  Other AV scanners operable with Amavis
  '''Other AV scanners operable with Amavis'''
   ESET NODE32
   ESET NODE32
   Avast
   Avast

Latest revision as of 09:05, 1 April 2024

For testing until production stability proven.

The way it works [TCP Port or pipe]:
SMTP --[25]-> qmail-smtpd --[|]-> qmail-queue.smtpd --[10024]-> amavisd --[10025]-> qmail-smtpd --[|]-> qmail-queue > qmail queue > qmail-local

Build qmail-queue.smtp transfers email to Amavisd
# wget https://raw.githubusercontent.com/qmtoaster/amavis/main/qmail-amavisd-0.94.patch
# wget https://raw.githubusercontent.com/qmtoaster/amavis/main/qmail-amavisd-0.94.tgz
# tar zxvf qmail-amavisd-0.94.tgz
# cd qmail-amavisd-0.94
# patch < ../qmail-amavisd-0.94.patch
# make
# cp qmail-queue.smtp /var/qmail/bin
# chown qmailq:qmail /var/qmail/bin/qmail-queue.smtp
# chmod 4711 /var/qmail/bin/qmail-queue.smtp

Install Amavis & edit config, run clamd under Amavis, start both services
# dnf -y install amavisd-new lz4 cabextract perl-Digest-SHA1 perl-IO-stringy
# wget https://www.rarlab.com/rar/rarlinux-x64-700.tar.gz (https://www.rarlab.com/)
# tar zxvf rarlinux-x64-700.tar.gz
# cp rar/rar rar/unrar /usr/local/bin
# sed -i 's/%i.conf/amavisd.conf/' /usr/lib/systemd/system/clamd@.service
# systemctl daemon-reload
# systemctl restart clamd@scan
# vi /etc/amavisd/amavisd.conf
 $mydomain = 'domain.tld';
 $myhostname = 'mx.domain.tld';
 $notify_method = 'smtp:[127.0.0.1]:10025';
 $forward_method = 'smtp:[127.0.0.1]:10025';
# systemctl enable --now amavisd

Create tcp rules for qmail smtp & qmail amavis
# mv /etc/tcprules.d/tcp.smtp /etc/tcprules.d/tcp.smtp.bak

# tee /etc/tcprules.d/tcp.amavis.smtp  > /dev/null <<EOT
127.:allow,RELAYCLIENT="",RBLSMTPD="",NOP0FCHECK="1"
:allow,CHKUSER_RCPTLIMIT="50",CHKUSER_WRONGRCPTLIMIT="10",QMAILQUEUE="/var/qmail/bin/qmail-queue.smtp",NOP0FCHECK="1"
EOT
# tcprules /etc/tcprules.d/tcp.amavis.smtp.cdb /etc/tcprules.d/tcp.amavis.smtp.tmp < /etc/tcprules.d/tcp.amavis.smtp
# chmod 644 tcp.amavis.smtp*

# tee /etc/tcprules.d/tcp.smtp  > /dev/null <<EOT
127.:allow,RELAYCLIENT="",RBLSMTPD="",NOP0FCHECK="1"
:allow,CHKUSER_RCPTLIMIT="50",CHKUSER_WRONGRCPTLIMIT="10",QMAILQUEUE="/var/qmail/bin/qmail-queue",NOP0FCHECK="1"
EOT
# qmailctl cdb

Edit/Create run files for qmail smtp & qmail amavis
# cp -Rp /var/qmail/supervise/smtp /var/qmail/supervise/smtp2

# tee /var/qmail/supervise/smtp/run > /dev/null <<EOT
#!/bin/sh
QMAILDUID=`id -u vpopmail`
NOFILESGID=`id -g vpopmail`
MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
SMTPD="/var/qmail/bin/qmail-smtpd"
TCP_CDB="/etc/tcprules.d/tcp.amavis.smtp.cdb"
HOSTNAME=`hostname`
VCHKPW="/home/vpopmail/bin/vchkpw"
export SMTPAUTH="-"

exec /usr/bin/softlimit -m 64000000 \
    /usr/bin/tcpserver -v -R -H -l $HOSTNAME -x $TCP_CDB -c "$MAXSMTPD" \
    -u "$QMAILDUID" -g "$NOFILESGID" 0 smtp \
    $SMTPD $VCHKPW /bin/true 2>&1

EOT

# tee /var/qmail/supervise/smtp2/run > /dev/null <<EOT
#!/bin/sh
QMAILDUID=`id -u vpopmail`
NOFILESGID=`id -g vpopmail`
MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
SMTPD="/var/qmail/bin/qmail-smtpd"
TCP_CDB="/etc/tcprules.d/tcp.smtp.cdb"
HOSTNAME=`hostname`
VCHKPW="/home/vpopmail/bin/vchkpw"
export SMTPAUTH="-"
export FORCETLS=0

exec /usr/bin/softlimit -m 64000000 \
    /usr/bin/tcpserver -v -R -H -l $HOSTNAME -x $TCP_CDB -c "$MAXSMTPD" \
    -u "$QMAILDUID" -g "$NOFILESGID" 0 10025 \
    $SMTPD $VCHKPW /bin/true 2>&1

EOT

# tee /var/qmail/supervise/smtp2/log/run > /dev/null <<EOT
#!/bin/sh
LOGSIZE=`cat /var/qmail/control/logsize`
LOGCOUNT=`cat /var/qmail/control/logcount`
exec /usr/bin/setuidgid qmaill \
    /usr/bin/multilog t s$LOGSIZE n$LOGCOUNT \
    /var/log/qmail/smtp2 2>&1

EOT

Add Amavis Dspam support
Install Dspam (skip 'install per domain')
# wget https://raw.githubusercontent.com/qmtoaster/dspam/master/dspamdb.sh
# chmod 755 dspamdb.sh
# ./dpsamdb.sh

Add Under $dspam = 'dspam'
# vi /etc/amavisd/amavisd.conf

@spam_scanners = (
  ['DSPAM', 'Amavis::SpamControl::ExtProg', 'dspam',
     [ qw(--user amavis --deliver=stdout) ],
  ],
);

Add under 'Trust vpopmail'
# vi /etc/dspam.conf
Trust amavis

Start & stat qmail
# qmailctl start
# qmailctl stat

send: up (pid 253068) 97100 seconds
smtp: up (pid 253065) 97100 seconds
smtp2: up (pid 253071) 97100 seconds
smtps: up (pid 253067) 97100 seconds
submission: up (pid 253073) 97100 seconds
send/log: up (pid 253064) 97100 seconds
smtp2/log: up (pid 253070) 97100 seconds
smtp/log: up (pid 253066) 97100 seconds
smtps/log: up (pid 253072) 97100 seconds
submission/log: up (pid 253069) 97100 seconds

Test with Swaks
# swaks --to myuser@domain.tld,myuser2@domain.tld --from myuser@remotedomain.tld --server mx.domain.tld -tls
=== Trying 192.168.16.75:25...
=== Connected to 192.168.16.75.
<-  220 localhost - Welcome to Qmail Toaster Ver. 1.03-3.3.1.qt.md.el8 SMTP Server ESMTP
-> EHLO mx.domain.tld
<-  250-localhost - Welcome to Qmail Toaster Ver. 1.03-3.3.1.qt.md.el8 SMTP Server
<-  250-STARTTLS
<-  250-PIPELINING
<-  250-8BITMIME
<-  250 SIZE 20971520
-> STARTTLS
<-  220 ready for tls
=== TLS started with cipher TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256
=== TLS no local certificate set
=== TLS peer DN="/O=Qmail Toaster Server/OU=Test Certificate/CN=localhost"
~> EHLO mx.domain.tld
<~  250-localhost - Welcome to Qmail Toaster Ver. 1.03-3.3.1.qt.md.el8 SMTP Server
<~  250-PIPELINING
<~  250-8BITMIME
<~  250 SIZE 20971520
~> MAIL FROM:<myuser@remotedomain.tld>
<~  250 ok
~> RCPT TO:<myuser@domain.tld>
<~  250 ok
~> RCPT TO:<myuser2@domain.tld>
<~  250 ok
~> DATA
<~  354 go ahead
~> Date: Sun, 29 Nov 2020 14:58:40 -0700
~> To: myuser@domain.tld,myuser2@domain.tld
~> From: myuser@remotedomain.tld
~> Subject: test Sun, 29 Nov 2020 14:58:40 -0700
~> Message-Id: <20201129145840.009255@mx.domain.tld>
~> X-Mailer: swaks v20170101.0 jetmore.org/john/code/swaks/
~>
~> This is a test mailing
~>
~> .
<~  250 ok 1606687121 qp 308705
~> QUIT
<~  221 localhost - Welcome to Qmail Toaster Ver. 1.03-3.3.1.qt.md.el8 SMTP Server
=== Connection closed with remote host.

All Amavis output is in the maillog (/var/log/maillog).

The following header will be inserted by amavisd
X-Virus-Scanned: amavisd-new at domain.tld

Email headers will show Amavis routing
Return-Path: 
Delivered-To: myemail@domain.tld
Received: (qmail 266650 invoked by uid 89); 29 Nov 2020 00:43:58 -0000
Received: from unknown (HELO localhost) (127.0.0.1)
 by localhost.localdomain with SMTP; 29 Nov 2020 00:43:58 -0000
X-DSPAM-Processed: Sat Nov 28 17:43:58 2020
X-DSPAM-Confidence: 0.9899
X-DSPAM-Probability: 0.0000
X-Virus-Scanned: amavisd-new at domain.tld
X-DSPAM-Result: Whitelisted
X-DSPAM-Signature: 1,5fc2eece2666485921812939
Received: from unknown ([127.0.0.1])
       by localhost (mx.domain.tld [127.0.0.1]) (amavisd-new, port 10024)
       with SMTP id kma806hO5pyA; Sat, 28 Nov 2020 17:43:57 -0700 (MST)
Received: from unknown (HELO mx.remotedomain.tld) (xxx.xxx.xxx.xxx)
 by localhost.localdomain with ESMTPS (ECDHE-RSA-AES256-GCM-SHA384 encrypted); 29 Nov 2020 00:43:57 -0000
Received-SPF: none (localhost.localdomain: domain at remotedomain.tld does not designate permitted sender hosts)



Other spam scanners operable with Amavis

 @spam_scanners = (
   ['CRM114', 'Amavis::SpamControl::ExtProg', 'crm',
     [ qw(-u /var/amavis/home/.crm114 mailreaver.crm
          --dontstore --report_only --stats_only
          --good_threshold=8 --spam_threshold=-8) ],
     mail_body_size_limit => 64000, score_factor => -0.20,
   ],
 );

Other AV scanners operable with Amavis
 ESET NODE32
 Avast
 Trend Micro
 Kaspersky
 Sophos
 F-Secure
 ...

Questions, comments, suggestions, corrections...contact Eric on the QMT list
Retrieved from "http://wiki.qmailtoaster.org:80/index.php?title=Amavis&oldid=906"