For future reference: I installed Amavisd on CentOS and configured it to be used within Postfix following instructions here and here.
I had also configured ClamAV and Spamassassin but those instructions are for another day.
yum install amavisd-new
I had some error messages starting amavisd and it was necessary for me to install the Mail::SPF perl module. I did this using CPAN rather than yum as I was receiving errors that perl was unable to find Error.pm (among others).
perl -MCPAN -eshell
Then install what you need with:
cpan[1]> install Mail::SPF
Watch the output in case anything else is needed but not automatically installed. I needed manual intervention for Error.pm.
My /etc/clamd.conf
LogFile /var/log/clamav/clamd.log
LogFileMaxSize 0
LogTime yes
LogClean yes
PidFile /var/run/clamav/clamd.pid
TemporaryDirectory /var/tmp
DatabaseDirectory /var/lib/clamav
LocalSocket /var/run/clamav/clamd.sock
FixStaleSocket yes
TCPSocket 3310
TCPAddr 127.0.0.1
MaxConnectionQueueLength 30
MaxThreads 50
ReadTimeout 300
AllowSupplementaryGroups yes
ScanPE yes
ScanELF yes
DetectBrokenExecutables yes
ScanOLE2 yes
ScanMail yes
ScanArchive yes
ArchiveBlockEncrypted no
Note that I have not specified a user so it runs as root. If it runs as user clamav it cannot perform the scans.
My /etc/amavisd.conf
use strict;
$myhostname = "www.CHANGEME.net"; # predefined default from uname(3), must be a FQDN
$mydomain = "CHANGEME.net"; # no useful default, should be set if used in expressions
$daemon_user = "amavis";
$daemon_group = "amavis";
$MYHOME = '/var/amavis';
$pid_file = "/var/run/amavis/amavisd.pid"; # after-default
$lock_file = "/var/run/amavis/amavisd.lock";
$max_servers = 2; # number of pre-forked children
$logfile = "/var/log/amavis/amavisd.log";
$inet_socket_port = 10024; # accept connections on this TCP port(s) (SMTP...)
$inet_socket_bind = '127.0.0.1'; # if only inet available
$forward_method = 'smtp:[127.0.0.1]:10025'; # may be arrayref
$notify_method = 'smtp:[127.0.0.1]:10025';
$virus_admin = "postmaster\@CHANGEME.net";
$mailfrom_notify_admin = "postmaster\@CHANGEME.net";
$mailfrom_notify_recip = "postmaster\@CHANGEME.net";
$mailfrom_notify_spamadmin = "postmaster\@CHANGEME.net";
@av_scanners = (
['ClamAV-clamd',
\&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd.sock"],
qr/\bOK$/, qr/\bFOUND$/,
qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
);
$sa_mail_body_size_limit = 400*1024;
$sa_local_tests_only = 0;
$sa_tag_level_deflt = -999;
$sa_tag2_level_deflt = 5.0;
$sa_kill_level_deflt = 6.9;
$sa_dsn_cutoff_level = 10;
$penpals_bonus_score = 8;
$penpals_threshold_high = $sa_kill_level_deflt;
/etc/postfix/main.cf
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
mail_owner = postfix
inet_interfaces = all
inet_protocols = all
mydestination = localhost.$mydomain, localhost, localhost.localdomain
unknown_local_recipient_reject_code = 550
alias_maps = hash:/etc/aliases, hash:/var/spool/postfix/plesk/aliases
alias_database = hash:/etc/aliases
smtpd_banner = $myhostname ESMTP
debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
ddd $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix-2.8.4/samples
readme_directory = /usr/share/doc/postfix-2.8.4/README_FILES
virtual_mailbox_domains = $virtual_mailbox_maps, hash:/var/spool/postfix/plesk/virtual_domains
virtual_alias_maps = $virtual_maps, hash:/var/spool/postfix/plesk/virtual
virtual_mailbox_maps = hash:/var/spool/postfix/plesk/vmailbox
transport_maps = hash:/var/spool/postfix/plesk/transport
smtpd_tls_cert_file = /etc/postfix/postfix_default.pem
smtpd_tls_key_file = $smtpd_tls_cert_file
smtpd_tls_security_level = may
smtpd_use_tls = yes
smtp_tls_security_level = may
smtp_use_tls = no
smtpd_timeout = 3600s
smtpd_proxy_timeout = 3600s
disable_vrfy_command = yes
mynetworks = 127.0.0.0/8 [::1]/128 87.106.246.116/32, hash:/var/spool/postfix/plesk/poplock
smtpd_sender_restrictions = check_sender_access hash:/var/spool/postfix/plesk/blacklists, permit_sasl_authenticated, check_client_access pcre:/var/spool/postfix/plesk/non_auth.re
smtpd_client_restrictions = permit_mynetworks, reject_rbl_client zen.spamhaus.org, reject_rbl_client sbl.spamhaus.org, reject_rbl_client cbl.abuseat.org, reject_rbl_client ispa.rbl.baruwa.net
smtp_send_xforward_command = yes
smtpd_authorized_xforward_hosts = 127.0.0.0/8 [::1]/128
smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions = permit_mynetworks, check_client_access pcre:/var/spool/postfix/plesk/no_relay.re, permit_sasl_authenticated, reject_unauth_destination
virtual_mailbox_base = /var/qmail/mailnames
virtual_uid_maps = static:110
virtual_gid_maps = static:31
smtpd_milters = inet:localhost:12768
non_smtpd_milters = inet:localhost:12768
sender_dependent_default_transport_maps = hash:/var/spool/postfix/plesk/sdd_transport_maps
virtual_transport = plesk_virtual
plesk_virtual_destination_recipient_limit = 1
mailman_destination_recipient_limit = 1
myhostname = www.CHANGEME.net
message_size_limit = 10240000
content_filter=amavisfeed:[127.0.0.1]:10024
/etc/postfix/master.cf
amavisfeed unix - - n - 2 lmtp
-o lmtp_data_done_timeout=1200
-o lmtp_send_xforward_command=yes
-o disable_dns_lookups=yes
-o max_use=20
127.0.0.1:10025 inet n - n - - smtpd
-o content_filter=
-o smtpd_delay_reject=no
-o smtpd_client_restrictions=permit_mynetworks,reject
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o smtpd_data_restrictions=reject_unauth_pipelining
-o smtpd_end_of_data_restrictions=
-o smtpd_restriction_classes=
-o mynetworks=127.0.0.0/8
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o smtpd_client_connection_count_limit=0
-o smtpd_client_connection_rate_limit=0
-o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters,no_address_mappings
-o local_header_rewrite_clients=
-o smtpd_milters=
-o local_recipient_maps=
-o relay_recipient_maps=
pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 1 1 qmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
-o smtp_fallback_relay=
showq unix n - n - - showq
error unix - - n - - error
retry unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
plesk_virtual unix - n n - - pipe flags=DORhu user=popuser:popuser argv=/usr/lib64/plesk-9.0/postfix-local -f ${sender} -d ${recipient} -p /var/qmail/mailnames
mailman unix - n n - - pipe flags=R user=mailman:mailman argv=/usr/lib64/plesk-9.0/postfix-mailman ${nexthop} ${user} ${recipient}
plesk_saslauthd unix y y n - 1 plesk_saslauthd status=5 listen=6 dbpath=/var/spool/postfix/plesk/passwd.db
111.222.CHANGEME111.222- unix - n n - - smtp -o smtp_bind_address=87.106.246.116 -o smtp_bind_address6= -o smtp_address_preference=ipv4
submission inet n - n - - smtpd -o smtpd_enforce_tls=yes -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o smtpd_sender_restrictions=
smtp inet n - n - - smtpd
smtps inet n - n - - smtpd -o smtpd_tls_wrappermode=yes
The SpamAssassin configuration is as normal, under /etc/mail/spamassassin.
It is necessary to create the directories with appropriate permissions for the pid files etc. in the above configuration files e.g.
mkdir /var/run/amavis/ && chown amavis:amavis /var/run/amavis/
I have just put my config files here in case they help someone (probably me) in future.
