Mail gateway server with amavis on CentOS 8

Thu Dec 17 14:05:12 CET 2020

 Hello Nikolaos,
My setup is rather old too (a few years). 
I too am using amavis as the filter and let 
amavis call spamassassin as a library, that 
way spamassassin doesn't have to run in the 
background doing nothing, it will only be 
called when there's something to scan.

1. You can use sa directly from postfix.The downside of this is that you won't beable to have recipient-based rules.

2. people reported poor auto-learning experience.If you have successfully configured this in thepast, please share !
3. on debian, you set CRON=1 in 
/etc/default/spamassassin/. There will be a 
cron script doing the update.

-- Yassine.

    On Thursday, December 17, 2020, 11:38:11 AM GMT+1, Nikolaos Milas <nmilas at noa.gr> wrote:  

 Hello,

I have been using a mail gateway with postfix/amavis/clamav/spamassassin 
for many years on CentOS 6.

I am now struggling to build a new system on CentOS 8 with the same 
components (and the same configuration) to replace the original one, but 
it is quite different from the original, so I will appreciate your guidance.

(Packages were installed from EPEL.)

I am trying to follow online tutorials, which are different between them 
and differ from my original setup as well, so I am confused.

Some important questions:

1. Originally, I have used amavis as the interface to spamassassin. 
However, current tutorials seem to suggest a direct call of spamassassin 
by postfix using spamass-milter.

Here is an example of such a tutorial:

    https://www.linuxbabe.com/mail-server/amavis-clamav-centos-8-rhel-8

    https://www.linuxbabe.com/redhat/spamassassin-centos-rhel-block-email-spam

So, what is the suggested practice? In my original amavisd.conf (which I 
am now migrating), I had:

    $sa_tag_level_deflt  = -999;
    $sa_tag2_level_deflt = 3.4;
    $sa_kill_level_deflt = 5.2;
    $sa_dsn_cutoff_level = 9;
    $sa_crediblefrom_dsn_cutoff_level = 10;
    $sa_mail_body_size_limit = 400*1024;
    $sa_spam_subject_tag = '* Spam ? * ';

It seems to me architecturally better to use spamassassin from within 
amavis (because amavis remains the main/central control point).

Does this incur a penalty in SA functionality, effectiveness or performance?

2. If I use spamassassin through amavis, how do I enable bayes filtering?

Since $MYHOME = '/var/spool/amavisd', would it be enough to create 
therein a .spamassassin directory (with amavis:amavis owner) and train 
filter?

In my original (CentOS 6) system, I would do:

# su amavis
sh-4.1$
sh-4.1$ sa-learn --dbpath '/var/amavis/var/.spamassassin' --spam 
/var/amavis/reported-spam

In CentOS 8 I would attempt the same (with adjusted paths) but I cannot 
even change user (which is required, since operations and db should be 
owned by amavis:

    # su amavis
    This account is currently not available.

How should I proceed?

Please advise.

3. I think I should enable sa-update. Shouldn't I?

    If the answer is yes, then would it be enough to set:

        SAUPDATE=yes

    in /etc/sysconfig/sa-update

    ...?

How does this work? I don't see any cron job nor any active sa-update 
service. There exists an sa-update service and I can start it:

    systemctl start sa-update

but it cannot get enabled (for auto start with OS); If we try to enable, 
a message states: "The unit files have no installation config" etc..

Yet, in /etc/sysconfig/sa-update, we read about the SAUPDATE=yes 
setting: "Run sa-update even if no daemon is detected".

Does this daemon refer to sa-update (which means that we don't have to 
run it)?

Please help me with the above!

Thanks in advance,
Nick

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.amavis.org/pipermail/amavis-users/attachments/20201217/41289391/attachment.htm>