Amavis

From QmailToaster
Revision as of 15:29, 26 March 2024 by Ebroch (talk | contribs) (Created page with " For testing until production stability proven. Get Amavis Qmail queue # grep "release 7" /etc/centos-release # [ "$?" = "0" ] && cos=7 || cos=8 # echo $cos # wget -O /var/qmail/bin/qmail-queue.smtp https://github.com/qmtoaster/amavis/blob/main/qmail-queue.smtp.cos${cos}?raw=true # chown qmailq:qmail /var/qmail/bin/qmail-queue.smtp # chmod 4711 /var/qmail/bin/qmail-queue.smtp Build Your Own qmail-queue.smtp Install Amavis & edit config, run clamd under Amavis, star...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search 
For testing until production stability proven.

Get Amavis Qmail queue
  1. grep "release 7" /etc/centos-release
  2. [ "$?" = "0" ] && cos=7 || cos=8
  3. echo $cos
  4. wget -O /var/qmail/bin/qmail-queue.smtp https://github.com/qmtoaster/amavis/blob/main/qmail-queue.smtp.cos${cos}?raw=true
  5. chown qmailq:qmail /var/qmail/bin/qmail-queue.smtp
  6. chmod 4711 /var/qmail/bin/qmail-queue.smtp
Build Your Own qmail-queue.smtp

Install Amavis & edit config, run clamd under Amavis, start both services
  1. yum --enablerepo=epel,PowerTools -y install amavisd-new lz4 perl-Digest-SHA1 perl-IO-stringy
  2. yum --enablerepo=fedora cabextract
  3. wget https://www.rarlab.com/rar/rarlinux-x64-6.0.b1.tar.gz
  4. tar zxvf rarlinux-x64-6.0.b1.tar.gz
  5. cd rar
  6. cp rar unrar /usr/local/bin
  7. sed -i 's/%i.conf/amavisd.conf/' /usr/lib/systemd/system/clamd@.service
  8. systemctl daemon-reload
  9. systemctl restart clamd@scan
  10. vi /etc/amavisd/amavisd.conf
 $mydomain = 'domain.tld';
 $myhostname = 'mx.domain.tld';
 $notify_method = 'smtp:[127.0.0.1]:10025';
 $forward_method = 'smtp:[127.0.0.1]:10025';
  1. systemctl enable --now amavisd
Create tcp rules for qmail smtp & qmail amavis
  1. mv /etc/tcprules.d/tcp.smtp /etc/tcprules.d/tcp.smtp.bak

tee /etc/tcprules.d/tcp.amavis.smtp > /dev/null <<EOT 127.:allow,RELAYCLIENT="",RBLSMTPD="",NOP0FCHECK="1"

allow,CHKUSER_RCPTLIMIT="50",CHKUSER_WRONGRCPTLIMIT="10",QMAILQUEUE="/var/qmail/bin/qmail-queue.smtp",NOP0FCHECK="1"

EOT

tee /etc/tcprules.d/tcp.smtp > /dev/null <<EOT 127.:allow,RELAYCLIENT="",RBLSMTPD="",NOP0FCHECK="1"

allow,CHKUSER_RCPTLIMIT="50",CHKUSER_WRONGRCPTLIMIT="10",QMAILQUEUE="/var/qmail/bin/qmail-queue",NOP0FCHECK="1"

EOT 

Edit/Create run files for qmail smtp & qmail amavis
  1. cp -Rp /var/qmail/supervise/smtp /var/qmail/supervise/smtp2

tee /var/qmail/supervise/smtp/run > /dev/null <<EOT

  1. !/bin/sh

QMAILDUID=`id -u vpopmail` NOFILESGID=`id -g vpopmail` MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` SMTPD="/var/qmail/bin/qmail-smtpd" TCP_CDB="/etc/tcprules.d/tcp.amavis.smtp.cdb" HOSTNAME=`hostname` VCHKPW="/home/vpopmail/bin/vchkpw" export SMTPAUTH="-"

exec /usr/bin/softlimit -m 64000000 \ 

    /usr/bin/tcpserver -v -R -H -l $HOSTNAME -x $TCP_CDB -c "$MAXSMTPD" \
    -u "$QMAILDUID" -g "$NOFILESGID" 0 smtp \
    $SMTPD $VCHKPW /bin/true 2>&1

EOT

tee /var/qmail/supervise/smtp2/run > /dev/null <<EOT

  1. !/bin/sh

QMAILDUID=`id -u vpopmail` NOFILESGID=`id -g vpopmail` MAXSMTPD=`cat /var/qmail/control/concurrencyincoming` SMTPD="/var/qmail/bin/qmail-smtpd" TCP_CDB="/etc/tcprules.d/tcp.smtp.cdb" HOSTNAME=`hostname` VCHKPW="/home/vpopmail/bin/vchkpw" export SMTPAUTH="-" export FORCETLS=0

exec /usr/bin/softlimit -m 64000000 \ 

    /usr/bin/tcpserver -v -R -H -l $HOSTNAME -x $TCP_CDB -c "$MAXSMTPD" \
    -u "$QMAILDUID" -g "$NOFILESGID" 0 10025 \
    $SMTPD $VCHKPW /bin/true 2>&1

EOT

tee /var/qmail/supervise/smtp2/log/run > /dev/null <<EOT

  1. !/bin/sh

LOGSIZE=`cat /var/qmail/control/logsize` LOGCOUNT=`cat /var/qmail/control/logcount` exec /usr/bin/setuidgid qmaill \ 

    /usr/bin/multilog t s$LOGSIZE n$LOGCOUNT \
    /var/log/qmail/smtp2 2>&1

EOT 

Add Amavis Dspam support

Install Dspam (skip 'install per domain')
  1. wget https://raw.githubusercontent.com/qmtoaster/dspam/master/dspamdb.sh
  2. chmod 755 dspamdb.sh
  3. ./dpsamdb.sh
Add Under $dspam = 'dspam'
  1. vi /etc/amavisd/amavisd.conf

@spam_scanners = ( 

  ['DSPAM', 'Amavis::SpamControl::ExtProg', 'dspam',
     [ qw(--user amavis --deliver=stdout) ],
  ],

); 

Add under 'Trust vpopmail'
  1. vi /etc/dspam.conf

Trust amavis 

Start & stat qmail
  1. qmailctl start
  2. qmailctl stat

send: up (pid 253068) 97100 seconds smtp: up (pid 253065) 97100 seconds smtp2: up (pid 253071) 97100 seconds smtps: up (pid 253067) 97100 seconds submission: up (pid 253073) 97100 seconds send/log: up (pid 253064) 97100 seconds smtp2/log: up (pid 253070) 97100 seconds smtp/log: up (pid 253066) 97100 seconds smtps/log: up (pid 253072) 97100 seconds submission/log: up (pid 253069) 97100 seconds 

Test with Swaks
  1. swaks --to myuser@domain.tld,myuser2@domain.tld --from myuser@remotedomain.tld --server mx.domain.tld -tls

=== Trying 192.168.16.75:25... === Connected to 192.168.16.75. <- 220 localhost - Welcome to Qmail Toaster Ver. 1.03-3.3.1.qt.md.el8 SMTP Server ESMTP 

-> EHLO mx.domain.tld

<- 250-localhost - Welcome to Qmail Toaster Ver. 1.03-3.3.1.qt.md.el8 SMTP Server <- 250-STARTTLS <- 250-PIPELINING <- 250-8BITMIME <- 250 SIZE 20971520 

-> STARTTLS

<- 220 ready for tls === TLS started with cipher TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256 === TLS no local certificate set === TLS peer DN="/O=Qmail Toaster Server/OU=Test Certificate/CN=localhost" 

~> EHLO mx.domain.tld

<~ 250-localhost - Welcome to Qmail Toaster Ver. 1.03-3.3.1.qt.md.el8 SMTP Server <~ 250-PIPELINING <~ 250-8BITMIME <~ 250 SIZE 20971520 

~> MAIL FROM:<myuser@remotedomain.tld>

<~ 250 ok 

~> RCPT TO:<myuser@domain.tld>

<~ 250 ok 

~> RCPT TO:<myuser2@domain.tld>

<~ 250 ok 

~> DATA

<~ 354 go ahead 

~> Date: Sun, 29 Nov 2020 14:58:40 -0700
~> To: myuser@domain.tld,myuser2@domain.tld
~> From: myuser@remotedomain.tld
~> Subject: test Sun, 29 Nov 2020 14:58:40 -0700
~> Message-Id: <20201129145840.009255@mx.domain.tld>
~> X-Mailer: swaks v20170101.0 jetmore.org/john/code/swaks/
~>
~> This is a test mailing
~>
~> .

<~ 250 ok 1606687121 qp 308705 

~> QUIT

<~ 221 localhost - Welcome to Qmail Toaster Ver. 1.03-3.3.1.qt.md.el8 SMTP Server === Connection closed with remote host. 

All Amavis output is in the maillog (/var/log/maillog).

Email headers will contain

X-Virus-Scanned: amavisd-new at domain.tld 

Email headers will show Amavis routing

Return-Path: Delivered-To: myemail@domain.tld Received: (qmail 266650 invoked by uid 89); 29 Nov 2020 00:43:58 -0000 Received: from unknown (HELO localhost) (127.0.0.1) 

 by localhost.localdomain with SMTP; 29 Nov 2020 00:43:58 -0000

X-DSPAM-Processed: Sat Nov 28 17:43:58 2020 X-DSPAM-Confidence: 0.9899 X-DSPAM-Probability: 0.0000 X-Virus-Scanned: amavisd-new at domain.tld X-DSPAM-Result: Whitelisted X-DSPAM-Signature: 1,5fc2eece2666485921812939 Received: from unknown ([127.0.0.1]) 

       by localhost (mx.domain.tld [127.0.0.1]) (amavisd-new, port 10024)
       with SMTP id kma806hO5pyA; Sat, 28 Nov 2020 17:43:57 -0700 (MST)

Received: from unknown (HELO mx.remotedomain.tld) (xxx.xxx.xxx.xxx) 

 by localhost.localdomain with ESMTPS (ECDHE-RSA-AES256-GCM-SHA384 encrypted); 29 Nov 2020 00:43:57 -0000

Received-SPF: none (localhost.localdomain: domain at remotedomain.tld does not designate permitted sender hosts) 


Other spam scanners operable with Amavis

 @spam_scanners = (
   ['CRM114', 'Amavis::SpamControl::ExtProg', 'crm',
     [ qw(-u /var/amavis/home/.crm114 mailreaver.crm
          --dontstore --report_only --stats_only
          --good_threshold=8 --spam_threshold=-8) ],
     mail_body_size_limit => 64000, score_factor => -0.20,
   ],
 );

Other AV scanners operable with Amavis
 ESET NODE32
 Avast
 Trend Micro
 Kaspersky
 Sophos
 F-Secure
 ...

Questions, comments, suggestions, corrections...contact Eric on the QMT list
Retrieved from "http://wiki.qmailtoaster.org:80/index.php?title=Amavis&oldid=467"