Spamassassin + ClamAV + Postfix WITHOUT Amavis (Debian)
Amavis is known to be a huge memory hog, and those of us leasing sub-30$ VPS servers just can’t afford it. Even as small as 10MB’s of RAM can have a huge impact on performance.
So in order to run with the least impact on memory I decided to drop amavis. The problem with this: I couldn’t find any howto’s that described how to run spamassassin and clamav with postfix WITHOUT amavis. So with a little of trial and error I figured it out on my own.
First you need to make sure spamd and clamd are already running, and that spamc is installed. There are plenty of howto’s on the ‘net to do this, so I won’t go into detail there. So to start off add the following lines to the end of your /etc/postfix/master.cf file
spamassassin unix - n n - - pipe
user=vmail argv=/usr/bin/spamc -f -e
/usr/sbin/sendmail -oi -f ${sender} ${recipient}
# AV scan filter (used by content_filter)
scan unix - - n - 16 smtp
-o smtp_send_xforward_command=yes
# For injecting mail back into postfix from the filter
127.0.0.1:10026 inet n - n - 16 smtpd
-o content_filter=spamassassin
-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
-o smtpd_helo_restrictions=
-o smtpd_client_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks_style=host
-o smtpd_authorized_xforward_hosts=127.0.0.0/8
(Remove/change user=vmail if you don’t use/use virtual mailboxes)
And in the same file look for the below line (Hint: It’s usually near the top)
smtp inet n - - - - smtpd
And add the following line underneath it
-o content_filter=scan:127.0.0.1:10025
Now you need to install clamsmtp, a small program that will handle connections to clamd for us
apt-get install clamsmtp
In /etc/clamsmtp.conf change OutAddress and Listen to read
OutAddress: 10026 Listen: 127.0.0.1:10025
While your at it, check all the other parameters to make sure clamsmtp can connect to clamd. You may also be interested in changing the header added to scanned mail so you know which server scanned it.
After all of this is done restart the daemons
/etc/init.d/postfix restart /etc/init.d/clamsmtp restart
And send yourself test mail. If it fails to work go back and make sure you followed the instructions properly, else congrats! You now have a great spamfiltering setup without amavis! You may now want to look at some basic SMTP-level scanning with RBL’s just to minimise load on your server caused by spamassassin and clamav.
This is exactly what I want to do on a new ubuntu install, but it’s not working for me. I’ve checked and double-checked everything (and configured it by copy/paste from this page to my config files).
When I use telnet to send a message, I keep getting “Error: too many hops (in reply to end of DATA command))”.
The one thing that may be different in my case is that I’m trying to configure a spam/av gateway — e.g., I want postfix to receive mail from the internet and relay to another internal server if all spam/av scanning succeeds.
From http://www.postfix.org/faq.html#loop
—
Short answer: this message means that mail is probably looping. If you see this after you turned on Postfix content filtering, then you have made a mistake that causes mail to be filtered repeatedly. This is cured by appropriate use of content_filter=, header_checks=, and body_checks=.
—
Something keeps resubmitting the message back into the queue. I would assume it’s likely something to do with /etc/clamsmtp.conf and the content_filter= ports being out of sync. It could also be a Ubuntu specific problem, as it’s possible Ubuntu has a different enough default configuration from Debian to cause issues with my setup here.
Also if your trying to do a setup like you described maybe it would be useful to try setting OutAddress in /etc/clamsmtp.conf to the address of your internal server, and modifying this config a little to make spamassassin run first. I don’t know if that would make things easier or not, but it’s worth a shot.
Thanks for the response — I managed to find the problem. The biggest part of my issue was that I found at least five different sets of instructions on how to do this and the first few I tried either didn’t work or didn’t seem appropriate for my relay configuration. One of them had me define content_filter in main.cf and I had completely forgotten it was there. After removing that, everything seems to be working.
Good to here you got it sorted out. I was thinking you probably had postfix just submitting the message to itself rather than to clamsmtp, which would cause the loop.
Thank you for this writeup – it’s exactly what I was looking for! I couldn’t do *anything* with Amavis running, and this solution is much better for me.
No problem, glad it helped you out.
Hi,
Great Thanks for the clean tips, I really needed …
Hello,
I have installed spamassassin and clamsmtp as described here. They seem to be working because I am able to receive and send emails. But I am still receiving spam emails in inboxes of various users (virtual).
I see following headers:
X-Spam: Not detected
X-Virus-Scanned: ClamAV using ClamSMTP
So it seems that both ClamAV and Spamassassin processed the email, but I am wondering why SA was not able to detect this message as spam?
Also what SA and ClamAV does to the messages that it detects as spam or virus? how can I configure their behaviour?
Thanks
DS
For SA: did you enable spamd (SA daemon?) My how-to kinda assumes it’s setup already. Regardless though it isn’t actually going to filter any mail on its own, it will only place headers that you can use any filtering software to delete/move to a junk folder/etc. You can adjust what headers it places and how sensitive it is by playing with SA’s configuration files.
For ClamAV: everything should be configurable in the clamsmtp configuration file. From what I remember the default is to drop messages containing viruses, but it’s easily changed.
Thanks for your response chuck…
You are right SA was not enabled, I had to enable it by editing “/etc/default/spamassassin” and changing line “ENABLED=0″ to “ENABLED=1″.
After some reading I was able to use Deliver & Sieve to filter the spam into separate folder under virtual mailboxes.
I am still wondering what clamsmtp is doing to email, but I hope I will be able to figure it out soon.
No problem at all.
All of this sounds good. I make mistakes like this all the time when setting up spare servers
so you’re not alone.
I’m pretty sure you can just read /etc/clamsmtp.conf and it should give you options for virus filtering.