You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by Jayanta Ghosh <ja...@rp-sg.in> on 2012/09/05 09:29:12 UTC

Interfacing between Postfix, Amavis-new, Clamav and Spamassassin

Dear List,

  I am not sure whether this is the right forum to discuss this issue. But I have few queries regarding the interfacing between the Postfix, Amavis-new, Clamav and Spamassassin. If this is not the right forum to discuss this issue then please excuse me. 
I have configured a mail server on RHEL 6.1(64 Bit) with the following components:-

1. Postfix

2. Courier-authlib

3. Courier-imap

4. MySql

5. Maildrop

6. Spamassassin

7. Clamav

8. Amavis-new

 

The basic functionality of the mail server is in place. I have configured the server in such a way so that after the mail is being received by the postfix, then it is handed over to Spamassassin for spam detection. The Spamassassin returns the mail back to the postfix after scanning. The postfix then transfers the mail to Amavis for virus detection. The Amavis returns the mail back to postfix after the scanning is over. Finally, the postfix gives the mail to maildrop for delivery . The postfix  configuration files (i.e main.cf and master.cf)are attached herein.

 

But I have gone through few documents where it was mentioned that Amavis-new acts like an interface between Postfix and Spamassassin , Clamav. The flow of the mail should be such where Postfix gives the mail to Amavis which in turn sends the mail to both Spamassassin and Clamav. After the scanning is over Amavis  returns the mail back to Postfix.This flow of email is not matching with our configuration. 

 

Is there any problem with my configuration or it can be deployed in production environment.

 

Kindly, refer below the details of mail transaction which will give a clear picture about our configuration.

 

 Sep  3 14:22:52 dctest1 postfix/smtpd[17664]: connect from unknown[10.50.81.45]

Sep  3 14:22:52 dctest1 authdaemond: received auth request, service=smtp, authtype=login

Sep  3 14:22:52 dctest1 authdaemond: authmysql: trying this module

Sep  3 14:22:52 dctest1 authdaemond: SQL query: SELECT email, "", clear, uid, gid, homedir, maildir, quota, "", "" FROM postfix_users WHERE email = 'jayanta.ghosh@rpsg.in'  AND (access='y')

Sep  3 14:22:52 dctest1 authdaemond: authmysql: sysusername=<null>, sysuserid=502, sysgroupid=503, homedir=/home/jayanta.ghosh/Maildir/, address=jayanta.ghosh@rpsg.in, fullname=<null>, maildir=/home/jayanta.ghosh/Maildir/, quota=209715200, options=<null>

Sep  3 14:22:52 dctest1 authdaemond: authmysql: clearpasswd=cesc, passwd=<null>

Sep  3 14:22:52 dctest1 authdaemond: Authenticated: sysusername=<null>, sysuserid=502, sysgroupid=503, homedir=/home/jayanta.ghosh/Maildir/, address=jayanta.ghosh@rpsg.in, fullname=<null>, maildir=/home/jayanta.ghosh/Maildir/, quota=209715200, options=<null>

Sep  3 14:22:52 dctest1 authdaemond: Authenticated: clearpasswd=cesc, passwd=<null>

Sep  3 14:22:52 dctest1 postfix/smtpd[17664]: C4551D008A: client=unknown[10.50.81.45], sasl_method=LOGIN, sasl_username=jayanta.ghosh@rpsg.in

Sep  3 14:22:52 dctest1 postfix/cleanup[17671]: C4551D008A: message-id=<EC...@JayantaGhosh>

Sep  3 14:22:52 dctest1 postfix/qmgr[8009]: C4551D008A: from=<ja...@rpsg.in>, size=1348, nrcpt=1 (queue active)

Sep  3 14:22:52 dctest1 postfix/smtpd[17664]: disconnect from unknown[10.50.81.45]

Sep  3 14:22:52 dctest1 spamd[8987]: spamd: connection from localhost.localdomain [127.0.0.1] at port 41998

Sep  3 14:22:52 dctest1 spamd[8987]: spamd: setuid to spamuser succeeded

Sep  3 14:22:52 dctest1 spamd[8987]: spamd: processing message <EC...@JayantaGhosh> for spamuser:504

Sep  3 14:22:55 dctest1 spamd[8987]: spamd: clean message (-1.0/5.0) for spamuser:504 in 2.5 seconds, 1346 bytes.

Sep  3 14:22:55 dctest1 spamd[8987]: spamd: result: . 0 - ALL_TRUSTED,HTML_MESSAGE,TVD_SPACE_RATIO scantime=2.5,size=1346,user=spamuser,uid=504,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=41998,mid=<EC...@JayantaGhosh>,autolearn=ham

Sep  3 14:22:55 dctest1 postfix/pickup[17220]: 6F649D008C: uid=504 from=<ja...@rpsg.in>

Sep  3 14:22:55 dctest1 postfix/cleanup[17671]: 6F649D008C: message-id=<EC...@JayantaGhosh>

Sep  3 14:22:55 dctest1 postfix/pipe[17672]: C4551D008A: to=<ja...@rpsg.in>, relay=spamassassin, delay=2.7, delays=0.12/0.01/0/2.5, dsn=2.0.0, status=sent (delivered via spamassassin service)

Sep  3 14:22:55 dctest1 postfix/qmgr[8009]: C4551D008A: removed

Sep  3 14:22:55 dctest1 postfix/qmgr[8009]: 6F649D008C: from=<ja...@rpsg.in>, size=1680, nrcpt=1 (queue active)

Sep  3 14:22:55 dctest1 spamd[8980]: prefork: child states: II

Sep  3 14:22:55 dctest1 amavis[6217]: (06217-13) (!!)WARN: all primary virus scanners failed, considering backups

Sep  3 14:22:57 dctest1 postfix/smtpd[17679]: connect from unknown[127.0.0.1]

Sep  3 14:22:57 dctest1 postfix/smtpd[17679]: EE0DFD008A: client=unknown[127.0.0.1]

Sep  3 14:22:57 dctest1 postfix/cleanup[17671]: EE0DFD008A: message-id=<VA...@dctest1.cesc.co.in>

Sep  3 14:22:57 dctest1 postfix/qmgr[8009]: EE0DFD008A: from=<vi...@localhost.rpsg.in>, size=3100, nrcpt=1 (queue active)

Sep  3 14:22:57 dctest1 postfix/smtpd[17679]: disconnect from unknown[127.0.0.1]

Sep  3 14:22:57 dctest1 amavis[6217]: (06217-13) Blocked INFECTED (Eicar-Test-Signature), [10.50.81.45] <ja...@rpsg.in> -> <ja...@rpsg.in>, quarantine: virus-b2tpskwyuuMR, Message-ID: <EC...@JayantaGhosh>, mail_id: b2tpskwyuuMR, Hits: -, size: 1680, 2531 ms

Sep  3 14:22:58 dctest1 authdaemond: received userid lookup request: virusalert@localhost.rpsg.in

 

Please help.  

 

Regards,

Jayanta Ghosh

Re: Interfacing between Postfix, Amavis-new, Clamav and Spamassassin

Posted by Noel <no...@gmail.com>.

On 9/5/2012 2:29 AM, Jayanta Ghosh wrote:
> Dear List,
>  
>  
> I am not surewhether this is the right forum to discuss this
> issue. But I have few queries regarding the interfacing between
> the Postfix, Amavis-new, Clamav and Spamassassin. If this is not
> the right forum to discuss this issue then please excuse me.
>
> I have configured a mail server on RHEL 6.1(64 Bit) with the
> following components:-
>
> 1.Postfix
>
> 2.Courier-authlib
>
> 3.Courier-imap
>
> 4.MySql
>
> 5.Maildrop
>
> 6.Spamassassin
>
> 7. Clamav
>
> 8. Amavis-new
>
>  
>
> The basic functionality of the mail server is in place. I have
> configured the server in such a way so that after the mail is
> being received by the postfix, then it is handed over to
> Spamassassin for spam detection. The Spamassassin returns the mail
> back to the postfix after scanning. The postfix then transfers the
> mail to Amavis for virus detection. The Amavis returns the mail
> back to postfix after the scanning is over. Finally, the postfix
> gives the mail to maildrop for delivery . The postfix 
> configuration files (i.e main.cf and master.cf)are attached herein.
>
>  
>
> But I have gone through few documents where it was mentioned that
> Amavis-new acts like an interface between Postfix and Spamassassin
> , Clamav. The flow of the mail should be such where Postfix gives
> the mail to Amavis which in turn sends the mail to both
> Spamassassin and Clamav. After the scanning is over Amavis 
> returns the mail back to Postfix.This flow of email is not
> matching with our configuration.
>
>  
>


Follow the install instructions included with amavisd-new.  Do not
configure your system to use spamd.