[Mailman-Developers] Mailman + postfix + amavisd-new HOWTO

Fil fil at rezo.net
Thu Apr 8 16:21:43 EDT 2004 

Mailman + postfix + amavisd-new HOWTO
-------------------------------------

by Fil <fil AT rezo.net>

8/04/2004 - This is a first draft. Comments are welcome. This file is
released under the GNU Free Documentation License (FDL, see below).


INTRODUCTION: Installing the antispam/antivirus amavisd-new on a
mailing-list server poses a serious performance issue: when the server sends
out thousands of emails to the mailing-list subscribers, some of these
subscribers return bounce messages, which can number in the hundreds and
might clog the antivirus daemon if you're not careful.

Here's how we do it on http://listes.rezo.net/


1) Before all, make sure you run postfix v2.x, otherwise the FILTER feature
will not be here. Configure postfix so that it accepts scanned messages from
amavisd-new on localhost:10025

Add to /etc/postfix/master.cf the following lines:

localhost:10025 inet n  -       n       -       -       smtpd
        -o content_filter=
        -o local_recipient_maps=
        -o relay_recipient_maps=
        -o smtpd_restriction_classes=
        -o smtpd_client_restrictions=
        -o smtpd_helo_restrictions=
        -o smtpd_sender_restrictions=
        -o smtpd_recipient_restrictions=permit_mynetworks,reject
        -o mynetworks=127.0.0.0/8
        -o strict_rfc821_envelopes=yes
        -o smtpd_error_sleep_time=0
        -o smtpd_soft_error_limit=1001
        -o smtpd_hard_error_limit=1000


2) Configure amavisd-new the usual way, so that it accepts incoming mail on
localhost:10024 (or any other port you choose) and sends it back into the
mail queue via localhost:10025; this is very standard, but I guess the
settings is as follows, in /etc/amavis/amavis.log:

$inet_socket_port = 10024;
@inet_acl = qw( 127.0.0.1 );
$max_servers  =  2; # two servers max at the same time


3) Define a smtp-amavis service on postfix, so that it can be invoked later:

Add to /etc/postfix/master.cf:

smtp-amavis unix -      -       n       -       2       lmtp
        -o smtp_data_done_timeout=1200

Note here that the maximum number of processes running in parallel (2) is
the same as in the amavisd-new configuration. You can increase both a bit if
you experience delays in delivery because of amavis, but that's out of the
scope of this HOWTO. 2 is fine for us, with a daily average of 10 emails to
check per minute (and a powerful computer).


4) Test your filter by sending messages locally through SMTP:10024


5) Configure postfix to send all emails through the filter EXCEPT those
messages that are only addressed to a list-bounces address :

Create the address regexp in /etc/postfix/amavis_check (do 'man
regexp_table' to get more information):

!/-bounces@(my\.domain\.tld|other\.domain\.net)$/i
        FILTER smtp-amavis:[127.0.0.1]:10024

Modify /etc/postfix/main.cf to have the check_recipient_access use this
regexp table:

smtpd_recipient_restrictions = permit_mynetworks 
        check_client_access hash:$config_directory/access
        reject_unauth_destination
        check_recipient_access regexp:$config_directory/amavis_check
        # other UCE checks here


6) You're done. Check your log files and enjoy an almost spam- and
virus-free server.


7) Now you can focus on the viruses and politics that kill people in the
real world, and read "Global Aids: Myths and Facts" by Alec Irwin and Joyce
Millen, published by South End Press.


REFERENCES:

Amavisd-new:  http://www.amavis.org/
Mailman:      http://www.list.org/
postfix:      http://www.postfix.org/


        Copyright (c) 2004 PHILIPPE RIVIERE.
        Permission is granted to copy, distribute and/or modify this document
        under the terms of the GNU Free Documentation License, Version 1.2
        or any later version published by the Free Software Foundation;
        with no Invariant Sections, no Front-Cover Texts, and no Back-Cover
        Texts.

More information about the Mailman-Developers mailing list