6.12. Mailman + postfix + amavisd-new HOWTO (anti-spam)
2004-04-08 - This is a first draft. Comments are welcome. This file is released under the GNU Free Documentation License (FDL, see below).
2004-06-28 - See also the amavisd-new page at http://www.ijs.si/software/amavisd/, and the various "HowTo" documents and other information available, further down the page at http://www.ijs.si/software/amavisd/#doc.
2004-07-14 - Note that this example uses the postfix "after-queue content filter" technique. See http://www.postfix.org/FILTER_README.html. This means that you have to accept the spam, process is through amavisd-new & SpamAssassin, and if the message is to be rejected, then the MTA (or amavisd) has to generate a bounce back to the envelope sender address. An alternative method is to use the postfix "before-queue content filter" technique (see http://www.postfix.org/SMTPD_PROXY_README.html) , a.k.a., "smtpd proxy". The after-queue method is more scalable and more robust in the face of high loads, but has the problem that you're left trying to bounce garbage once you've accepted it. The before-queue method is less scalable and easier to get into situations where you effectively cause a DoS attack on yourself when loaded, but rejects the spam outright so that the sending machine has to try to deal with any bounce. This is generally considered to be better behaviour, so that your server is more secure against being abused as a "joe-job" amplifier.
2004-09-13 - Alt.: reinject mail via port 10025
INTRODUCTION: Installing the antispam/antivirus amavisd-new on a mailing-list server poses a serious performance issue: when the server sends out thousands of emails to the mailing-list subscribers, some of these subscribers return bounce messages, which can number in the hundreds and might clog the antivirus daemon if you're not careful.
Here's how we do it on http://listes.rezo.net/
1) Before all, make sure you run postfix v2.x, otherwise the FILTER feature will not be here. Configure postfix so that it accepts scanned messages from amavisd-new on localhost:10025
Add to /etc/postfix/master.cf the following lines:
2) Configure amavisd-new the usual way, so that it accepts incoming mail on localhost:10024 (or any other port you choose) and sends it back into the mail queue via localhost:10025; this is very standard, but I guess the settings is as follows, in /etc/amavis/amavis.log:
3) Define a smtp-amavis service on postfix, so that it can be invoked later:
Add to /etc/postfix/master.cf:
Note here that the maximum number of processes running in parallel (2) is the same as in the amavisd-new configuration. You can increase both a bit if you experience delays in delivery because of amavis, but that's out of the scope of this HOWTO. 2 is fine for us, with a daily average of 10 emails to check per minute (and a powerful computer).
4) Test your filter by sending messages locally through SMTP:10024
5) Configure postfix to send all emails through the filter EXCEPT those messages that are only addressed to a list-bounces address :
Create the address regexp in /etc/postfix/amavis_check (do 'man regexp_table' to get more information):
Modify /etc/postfix/main.cf to have the check_recipient_access use this regexp table:
An alternative could be to place this line into mm_cfg.py:
This way Mailman will use the same port as amavisd-new when returning scanned mail to Postfix.
6) You're done. Check your log files and enjoy an almost spam- and virus-free server.
7) Now you can focus on the viruses and politics that kill people in the real world, and read "Global Aids: Myths and Facts" by Alec Irwin and Joyce Millen, published by South End Press.
Last changed on Tue Oct 2 00:29:08 2007 by Brad Knowles
Converted from the Mailman FAQ Wizard
This is one of many Frequently Asked Questions.