Interfacing between Postfix, Amavis-new, Clamav and Spamassassin

Jayanta Ghosh jayanta.ghosh at rp-sg.in
Wed Sep 5 09:33:49 CEST 2012


Dear List,

  I am not sure whether this is the right forum to discuss this issue. But I have few queries regarding the interfacing between the Postfix, Amavis-new, Clamav and Spamassassin. If this is not the right forum to discuss this issue then please excuse me. 
I have configured a mail server on RHEL 6.1(64 Bit) with the following components:-

1. Postfix

2. Courier-authlib

3. Courier-imap

4. MySql

5. Maildrop

6. Spamassassin

7. Clamav

8. Amavis-new

 

The basic functionality of the mail server is in place. I have configured the server in such a way so that after the mail is being received by the postfix, then it is handed over to Spamassassin for spam detection. The Spamassassin returns the mail back to the postfix after scanning. The postfix then transfers the mail to Amavis for virus detection. The Amavis returns the mail back to postfix after the scanning is over. Finally, the postfix gives the mail to maildrop for delivery . The postfix  configuration files (i.e main.cf and master.cf)are attached herein.

 

But I have gone through few documents where it was mentioned that Amavis-new acts like an interface between Postfix and Spamassassin , Clamav. The flow of the mail should be such where Postfix gives the mail to Amavis which in turn sends the mail to both Spamassassin and Clamav. After the scanning is over Amavis  returns the mail back to Postfix.This flow of email is not matching with our configuration. 

 

Is there any problem with my configuration or it can be deployed in production environment.

 

Kindly, refer below the details of mail transaction which will give a clear picture about our configuration.

 

 Sep  3 14:22:52 dctest1 postfix/smtpd[17664]: connect from unknown[10.50.81.45]

Sep  3 14:22:52 dctest1 authdaemond: received auth request, service=smtp, authtype=login

Sep  3 14:22:52 dctest1 authdaemond: authmysql: trying this module

Sep  3 14:22:52 dctest1 authdaemond: SQL query: SELECT email, "", clear, uid, gid, homedir, maildir, quota, "", "" FROM postfix_users WHERE email = 'jayanta.ghosh at rpsg.in'  AND (access='y')

Sep  3 14:22:52 dctest1 authdaemond: authmysql: sysusername=<null>, sysuserid=502, sysgroupid=503, homedir=/home/jayanta.ghosh/Maildir/, address=jayanta.ghosh at rpsg.in, fullname=<null>, maildir=/home/jayanta.ghosh/Maildir/, quota=209715200, options=<null>

Sep  3 14:22:52 dctest1 authdaemond: authmysql: clearpasswd=cesc, passwd=<null>

Sep  3 14:22:52 dctest1 authdaemond: Authenticated: sysusername=<null>, sysuserid=502, sysgroupid=503, homedir=/home/jayanta.ghosh/Maildir/, address=jayanta.ghosh at rpsg.in, fullname=<null>, maildir=/home/jayanta.ghosh/Maildir/, quota=209715200, options=<null>

Sep  3 14:22:52 dctest1 authdaemond: Authenticated: clearpasswd=cesc, passwd=<null>

Sep  3 14:22:52 dctest1 postfix/smtpd[17664]: C4551D008A: client=unknown[10.50.81.45], sasl_method=LOGIN, sasl_username=jayanta.ghosh at rpsg.in

Sep  3 14:22:52 dctest1 postfix/cleanup[17671]: C4551D008A: message-id=<EC0E1A1683AD4284825799D639BD4AE1 at JayantaGhosh>

Sep  3 14:22:52 dctest1 postfix/qmgr[8009]: C4551D008A: from=<jayanta.ghosh at rpsg.in>, size=1348, nrcpt=1 (queue active)

Sep  3 14:22:52 dctest1 postfix/smtpd[17664]: disconnect from unknown[10.50.81.45]

Sep  3 14:22:52 dctest1 spamd[8987]: spamd: connection from localhost.localdomain [127.0.0.1] at port 41998

Sep  3 14:22:52 dctest1 spamd[8987]: spamd: setuid to spamuser succeeded

Sep  3 14:22:52 dctest1 spamd[8987]: spamd: processing message <EC0E1A1683AD4284825799D639BD4AE1 at JayantaGhosh> for spamuser:504

Sep  3 14:22:55 dctest1 spamd[8987]: spamd: clean message (-1.0/5.0) for spamuser:504 in 2.5 seconds, 1346 bytes.

Sep  3 14:22:55 dctest1 spamd[8987]: spamd: result: . 0 - ALL_TRUSTED,HTML_MESSAGE,TVD_SPACE_RATIO scantime=2.5,size=1346,user=spamuser,uid=504,required_score=5.0,rhost=localhost.localdomain,raddr=127.0.0.1,rport=41998,mid=<EC0E1A1683AD4284825799D639BD4AE1 at JayantaGhosh>,autolearn=ham

Sep  3 14:22:55 dctest1 postfix/pickup[17220]: 6F649D008C: uid=504 from=<jayanta.ghosh at rpsg.in>

Sep  3 14:22:55 dctest1 postfix/cleanup[17671]: 6F649D008C: message-id=<EC0E1A1683AD4284825799D639BD4AE1 at JayantaGhosh>

Sep  3 14:22:55 dctest1 postfix/pipe[17672]: C4551D008A: to=<jayanta.ghosh at rpsg.in>, relay=spamassassin, delay=2.7, delays=0.12/0.01/0/2.5, dsn=2.0.0, status=sent (delivered via spamassassin service)

Sep  3 14:22:55 dctest1 postfix/qmgr[8009]: C4551D008A: removed

Sep  3 14:22:55 dctest1 postfix/qmgr[8009]: 6F649D008C: from=<jayanta.ghosh at rpsg.in>, size=1680, nrcpt=1 (queue active)

Sep  3 14:22:55 dctest1 spamd[8980]: prefork: child states: II

Sep  3 14:22:55 dctest1 amavis[6217]: (06217-13) (!!)WARN: all primary virus scanners failed, considering backups

Sep  3 14:22:57 dctest1 postfix/smtpd[17679]: connect from unknown[127.0.0.1]

Sep  3 14:22:57 dctest1 postfix/smtpd[17679]: EE0DFD008A: client=unknown[127.0.0.1]

Sep  3 14:22:57 dctest1 postfix/cleanup[17671]: EE0DFD008A: message-id=<VAb2tpskwyuuMR at dctest1.cesc.co.in>

Sep  3 14:22:57 dctest1 postfix/qmgr[8009]: EE0DFD008A: from=<virusalert at localhost.rpsg.in>, size=3100, nrcpt=1 (queue active)

Sep  3 14:22:57 dctest1 postfix/smtpd[17679]: disconnect from unknown[127.0.0.1]

Sep  3 14:22:57 dctest1 amavis[6217]: (06217-13) Blocked INFECTED (Eicar-Test-Signature), [10.50.81.45] <jayanta.ghosh at rpsg.in> -> <jayanta.ghosh at rpsg.in>, quarantine: virus-b2tpskwyuuMR, Message-ID: <EC0E1A1683AD4284825799D639BD4AE1 at JayantaGhosh>, mail_id: b2tpskwyuuMR, Hits: -, size: 1680, 2531 ms

Sep  3 14:22:58 dctest1 authdaemond: received userid lookup request: virusalert at localhost.rpsg.in

 

Please help.  

 

Regards,

Jayanta Ghosh
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.amavis.org/pipermail/amavis-users/attachments/20120905/8dd47571/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: main.cf
Type: application/octet-stream
Size: 5618 bytes
Desc: not available
URL: <http://lists.amavis.org/pipermail/amavis-users/attachments/20120905/8dd47571/attachment.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: master.cf
Type: application/octet-stream
Size: 9408 bytes
Desc: not available
URL: <http://lists.amavis.org/pipermail/amavis-users/attachments/20120905/8dd47571/attachment-0001.obj>


More information about the amavis-users mailing list