Problems Setting up Amavis - Messages Unchecked
Mark.Martinec+amavis at ijs.si
Wed Apr 4 11:40:58 CEST 2012
> I'm setting up an email server on FreeBSD. I have Postfix configured,
> Dovecot, and Squirrelmail. I then wanted to add virus filtering via
> ClamAV and spam filtering via SpamAssassin, both being run through
> amavis-new. I installed everything through the FreeBSD ports system. I
> also followed various tutorials I've found through google.
> Here's the software information:
> ===>>> p5-Mail-SpamAssassin-3.3.2_6
> ===>>> clamav-0.97.4
> ===>>> dovecot-1.2.17
> ===>>> mutt-126.96.36.199_6
> ===>>> postfix-2.9.1,1
> FreeBSD sub.domain.com 9.0-RELEASE FreeBSD 9.0-RELEASE #0: Thu Feb 16
> 11:20:09 EST 2012 root at hostname:/usr/obj/usr/src/sys/KERNEL amd64
> The problem is, all incoming mail seems to be marked **UNCHECKED** in
> the subject. In addition, when I read my logs, amavis seems to be
> having problems detecting ClamAV (Is this related to the UNCHECKED?)
Yes, failure of all virus scanners results in **UNCHECKED**
That is new with 2.7.0:
amavisd-new-2.7.0 release notes
COMPATIBILITY WITH 2.6.4 / 2.6.5 / 2.6.6
- a failure of all virus scanners no longer automatically tempfails the
operation, but flags a message with a CC_UNCHECKED contents category
(just like a failure of decoders/dearchivers), and allows the usual
controls (*_destiny, *_quarantine_*) to be used to choose behaviour.
The $virus_scanners_failure_is_fatal=1 reverts to previous behaviour,
> Here is a snip from my mail.log (which logs postfix and amavis) when I
> send myself a mail from gmail to my server.
> Here is my amavisd.conf configuration file
> Apr 3 23:45:12 hostname amavis: (65898-01) (!)run_av (ClamAV-clamd)
> FAILED - unexpected , output="/var/amavis/tmp/amavis-20120403T234512-65898-
> msThX8GE/parts: lstat() failed: Permission denied. ERROR\n"
Clamd reported that it can't access the mail file.
In clamd.conf you need:
and in /etc/group you need to add clamav to a group vscan:
This is documented in the amavis INSTALL file:
- some virus scanners run as daemons or change UID when checking files.
It is easiest to run such virus scanners under the same UID/GID (or at least
within the same group) as amavisd, to avoid file permission problems
when virus scanner reads files prepared for checking by amavisd daemon.
Some virus scanners may require write permission to the $TEMPBASE directory
to be able to create auxiliary files there.
If a different UID is preferred for an AV scanner, a solution for ClamAV
is to add user clamav to the amavis group (e.g.: vscan:*:110:clamav
in a file /etc/group), and then add: AllowSupplementaryGroups yes
> Another issue I just remembered - I have tried to enable DKIM signing
> of mails. I setup the DNS record and followed instructions using
> amavis genrsa/showkeys/testkeys. However, when I send a mail to one of
> the various DKIM testing systems, it says my key does not validate. My
> DNS record exists properly, when I view the raw body of the mail the
> DKIM header exists. But for some reason, it is not validating. Any
> ideas come to mind?
Let's see a sample: send a signed mail, either to the list, or to me directly.
More information about the amavis-users