Mailman + postfix + amavisd-new HOWTO -------------------------------------
by Fil <fil AT rezo.net> 8/04/2004 - This is a first draft. Comments are welcome. This file is released under the GNU Free Documentation License (FDL, see below). INTRODUCTION: Installing the antispam/antivirus amavisd-new on a mailing-list server poses a serious performance issue: when the server sends out thousands of emails to the mailing-list subscribers, some of these subscribers return bounce messages, which can number in the hundreds and might clog the antivirus daemon if you're not careful. Here's how we do it on http://listes.rezo.net/ 1) Before all, make sure you run postfix v2.x, otherwise the FILTER feature will not be here. Configure postfix so that it accepts scanned messages from amavisd-new on localhost:10025 Add to /etc/postfix/master.cf the following lines: localhost:10025 inet n - n - - smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_client_restrictions= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks=127.0.0.0/8 -o strict_rfc821_envelopes=yes -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 2) Configure amavisd-new the usual way, so that it accepts incoming mail on localhost:10024 (or any other port you choose) and sends it back into the mail queue via localhost:10025; this is very standard, but I guess the settings is as follows, in /etc/amavis/amavis.log: $inet_socket_port = 10024; @inet_acl = qw( 127.0.0.1 ); $max_servers = 2; # two servers max at the same time 3) Define a smtp-amavis service on postfix, so that it can be invoked later: Add to /etc/postfix/master.cf: smtp-amavis unix - - n - 2 lmtp -o smtp_data_done_timeout=1200 Note here that the maximum number of processes running in parallel (2) is the same as in the amavisd-new configuration. You can increase both a bit if you experience delays in delivery because of amavis, but that's out of the scope of this HOWTO. 2 is fine for us, with a daily average of 10 emails to check per minute (and a powerful computer). 4) Test your filter by sending messages locally through SMTP:10024 5) Configure postfix to send all emails through the filter EXCEPT those messages that are only addressed to a list-bounces address : Create the address regexp in /etc/postfix/amavis_check (do 'man regexp_table' to get more information): !/-bounces@(my\.domain\.tld|other\.domain\.net)$/i FILTER smtp-amavis:[127.0.0.1]:10024 Modify /etc/postfix/main.cf to have the check_recipient_access use this regexp table: smtpd_recipient_restrictions = permit_mynetworks check_client_access hash:$config_directory/access reject_unauth_destination check_recipient_access regexp:$config_directory/amavis_check # other UCE checks here 6) You're done. Check your log files and enjoy an almost spam- and virus-free server. 7) Now you can focus on the viruses and politics that kill people in the real world, and read "Global Aids: Myths and Facts" by Alec Irwin and Joyce Millen, published by South End Press. REFERENCES: Amavisd-new: http://www.amavis.org/ Mailman: http://www.list.org/ postfix: http://www.postfix.org/ Copyright (c) 2004 PHILIPPE RIVIERE. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts. _______________________________________________ Mailman-Developers mailing list [EMAIL PROTECTED] http://mail.python.org/mailman/listinfo/mailman-developers Unsubscribe: http://mail.python.org/mailman/options/mailman-developers/archive%40jab.org
