Amavis is known to be a huge memory hog, and those of us leasing sub-30$ VPS servers just can’t afford it. Even as small as 10MB’s of RAM can have a huge impact on performance.
So in order to run with the least impact on memory I decided to drop amavis. The problem with this: I couldn’t find any howto’s that described how to run spamassassin and clamav with postfix WITHOUT amavis. So with a little of trial and error I figured it out on my own.
First you need to make sure spamd and clamd are already running, and that spamc is installed. There are plenty of howto’s on the ‘net to do this, so I won’t go into detail there. So to start off add the following lines to the end of your /etc/postfix/master.cf file
spamassassin unix - n n - - pipe
user=vmail argv=/usr/bin/spamc -f -e
/usr/sbin/sendmail -oi -f ${sender} ${recipient}
# AV scan filter (used by content_filter)
scan unix - - n - 16 smtp
-o smtp_send_xforward_command=yes
# For injecting mail back into postfix from the filter
127.0.0.1:10026 inet n - n - 16 smtpd
-o content_filter=spamassassin
-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
-o smtpd_helo_restrictions=
-o smtpd_client_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks_style=host
-o smtpd_authorized_xforward_hosts=127.0.0.0/8
(Remove/change user=vmail if you don’t use/use virtual mailboxes)
And in the same file look for the below line (Hint: It’s usually near the top)
smtp inet n - - - - smtpd
And add the following line underneath it
-o content_filter=scan:127.0.0.1:10025
Now you need to install clamsmtp, a small program that will handle connections to clamd for us
apt-get install clamsmtp
In /etc/clamsmtp.conf change OutAddress and Listen to read
OutAddress: 10026
Listen: 127.0.0.1:10025
While your at it, check all the other parameters to make sure clamsmtp can connect to clamd. You may also be interested in changing the header added to scanned mail so you know which server scanned it.
After all of this is done restart the daemons
/etc/init.d/postfix restart
/etc/init.d/clamsmtp restart
And send yourself test mail. If it fails to work go back and make sure you followed the instructions properly, else congrats! You now have a great spamfiltering setup without amavis! You may now want to look at some basic SMTP-level scanning with RBL’s just to minimise load on your server caused by spamassassin and clamav.