"SfR Fresh" - the SfR Freeware/Shareware Archive 
As a special service "SfR Fresh" has tried to format the requested source page into HTML format using source code syntax highlighting with prefixed line numbers.
Alternatively you can here view or download the uninterpreted source code file.
That can be also achieved for any archive member file by clicking within an archive contents listing on the first character of the file(path) respectively on the according byte size field.
1 amavisd-new consists of a daemon 'amavisd', and (in some setups) a helper
2 program, which is only needed with certain mail transport agents (MTA).
3 For Postfix, Exim-V4, and dual-sendmail setups no helper program is needed
4 for interfacing MTA with amavisd daemon .
5
6 Obtaining the software:
7 =======================
8
9 Fetch the tarball and unpack it:
10 curl -O http://www.ijs.si/software/amavisd/amavisd-new-<version>.tar.gz
11 gzip -d -c amavisd-new-<version>.tar.gz | tar xvf -
12 cd amavisd-new-<version>
13
14 The most important files thus obtained are amavisd and amavisd.conf.
15
16 Start reading with AAAREADME.first, then RELEASE_NOTES if upgrading,
17 and INSTALL and README_FILES/<your-MTA> for new installations.
18
19 Check also the on-line documentation at:
20 http://www.ijs.si/software/amavisd/
21 and http://www.ijs.si/software/amavisd/amavisd-new-docs.html
22
23
24 Prerequisites:
25 ==============
26
27 file(1) utility is required, the most recent version is heartly recommended
28 (current version is 4.24 at the time of a release). There are a number of
29 security and robustness problems with older versions.
30
31 Archive::Zip (Archive-Zip-x.xx) (1.14 or later, currently 1.23)
32 Compress::Zlib (Compress-Zlib-x.xx) (1.35 or later, currently 2.008)
33 Convert::TNEF (Convert-TNEF-x.xx)
34 Convert::UUlib (Convert-UUlib-x.xxx) (1.08 or later, stick to new versions!)
35 MIME::Base64 (MIME-Base64-x.xx)
36 MIME::Parser (MIME-Tools-x.xxxx) (latest version from CPAN - currently 5.425)
37 Mail::Internet (MailTools-1.58 or later have workarounds for Perl 5.8.0 bugs)
38 Net::Server (Net-Server-x.xx) (version 0.88 finally does setuid right)
39 Digest::MD5 (Digest-MD5-x.xx) (2.22 or later)
40 IO::Stringy (IO-stringy-x.xxx)
41 Time::HiRes (Time-HiRes-x.xx) (use 1.49 or later, older can cause problems)
42 Unix::Syslog (Unix-Syslog-x.xxx)
43 BerkeleyDB with bdb library (preferably 4.4.20 or later)
44 Mail::DKIM (Mail-DKIM-0.31 or later)
45
46 The following external programs are used for decoding/dearchiving
47 if they are available:
48 compress, gzip, bzip2, nomarch (or arc), lha, arj (or unarj), rar (or unrar),
49 unzoo (or zoo), pax, cpio, lzop, freeze (or unfreeze or melt), ripole,
50 tnef, cabextract.
51 Self-extracting archives (executables) can be of types zip, rar, lha or arj,
52 and are only recognized when the corresponding dearchiver is available.
53
54 optional Perl modules:
55 Mail::SpamAssassin for doing spam scanning (latest version)
56 DBI with appropriate DBD::* if using SQL lookups or SQL logging/quarantining
57 Net::LDAP if using LDAP lookups
58 Authen::SASL authenticating on mail forwarding and on submitting DSN
59 Mail::ClamAV Perl module interface to ClamAV library
60 SAVI Perl module interface to Sophos library (0.30 or later)
61
62 optional, but usually desired:
63 virus scanners external programs for doing virus scanning, like ClamAV
64
65 Some external programs may already be provided with the system, but it is
66 worth checking that their version is recent. The following lists the programs
67 and their distribution sites (not necessarily the only or the official).
68 The most crucial programs are marked with an asterisk:
69
70 * file: ftp://ftp.astron.com/pub/file/
71 compress: ftp://ftp.warwick.ac.uk/pub/compression/
72 * gzip: http://www.gzip.org/
73 bzip2: http://www.bzip.org/
74 nomarch: http://rus.members.beeb.net/nomarch.html
75 arc: ftp://ftp.kiarchive.ru/pub/unix/arcers/
76 lha: http://www2m.biglobe.ne.jp/~dolphin/lha/lha.htm
77 7z: http://p7zip.sourceforge.net/, http://www.7-zip.org/
78 unarj: ftp://ftp.kiarchive.ru/pub/unix/arcers/
79 arj: http://testcase.newmail.ru/files/ (arj is preferable to unarj)
80 rar, unrar: http://www.rarsoft.com/, http://www.rarsoft.com/rar_add.htm,
81 ftp://ftp.kiarchive.ru/pub/unix/arcers/ (rar preferred to unrar)
82 unzoo: http://critical.ch/distfiles/
83 zoo: ftp://ftp.kiarchive.ru/pub/unix/arcers/ (zoo preferred to unzoo)
84 lzop: http://www.lzop.org/download/
85 freeze: ftp://ftp.warwick.ac.uk/pub/compression/
86 ripOLE: http://www.pldaniels.com/ripole/
87 tnef: http://tnef.sourceforge.net/
88 * pax: http://www.gnu.org/software/paxutils/
89 or: http://heirloom.sourceforge.net/
90 cpio: http://www.gnu.org/software/cpio/
91 or: http://heirloom.sourceforge.net/
92 cabextract: http://www.kyz.uklinux.net/cabextract.php
93 * ClamAV: http://clamav.elektrapro.com/ (open source virus scanner)
94 SAVI: http://www.csupomona.edu/~henson/www/projects/SAVI-Perl/dist/
95 dspam: http://www.nuclearelephant.com/projects/dspam/
96
97 bdb: http://www.sleepycat.com/ (Berkeley db libr. used via BerkeleyDB)
98 p0f: http://lcamtuf.coredump.cx/p0f.shtml
99
100 Optional third-party utilities:
101 MailZu: http://www.mailzu.net/ (quarantine management web UI)
102 amavisd-milter: http://sourceforge.net/projects/amavisd-milter/
103 (alternative sendmail milter helper program supporting the
104 new AM.PDP protocol)
105
106 See also: http://www.ijs.si/software/amavisd/#contrib
107
108
109 Installing the daemon:
110 ======================
111
112 - Perl version 5.8.2 or later is recommended. While 5.6.1 may theoretically
113 still be the lowest usable version, a bunch of problems were resolved in
114 later Perl versions which were reported to show in certain environments.
115 Some examples: taint bugs, socket descriptors not closed on exec,
116 Net::Server looping waiting for a socket connect, problems with handling
117 of UTF8/Unicode in Perl;
118
119 - create (or choose) a Unix group dedicated to run amavisd daemon and
120 possibly virus scanners. This should NOT be one of user or system groups
121 and should NOT be shared with other applications such as mail or www
122 (except possibly virus scanners). It is customary to name the group
123 'amavis' (or perhaps 'vscan' or 'sweep');
124 (edit /etc/group, or use system-specific tools, such as vigr)
125
126 - create (or choose) a Unix account (username and its UID) dedicated to run
127 amavisd daemon and possibly virus scanners. This should NOT be one of user
128 or system accounts and should NOT be shared with other applications such
129 as mail or www (except possibly virus scanners). Most certainly do NOT use
130 "root", and do NOT use "nobody" nor an account used by mailer, such as
131 "postfix", "mail", "smmsp" or "mailnull"). It is customary to name the
132 user "amavis" or "vscan";
133
134 Choose a home directory (e.g. /var/amavis or /var/lib/amavis) for this user.
135
136 (use vipw, or system-specific tools to add a user)
137
138 Create its home directory, unless account creation procedure already did it:
139 mkdir /var/amavis
140
141 Create the following subdirectories:
142 mkdir /var/amavis/tmp /var/amavis/var /var/amavis/db /var/amavis/home
143
144 Check or set the ownership and protection of the directories to be readable
145 and writable by the chosen UID, and not writable by other non-privileged
146 users;
147 chown -R amavis:amavis /var/amavis
148 chmod -R 750 /var/amavis
149
150 - unpack the amavisd-new source distribution (see 'Obtaining the software'
151 above) wherever desired (/usr/local/src or elsewhere), and cd to that
152 directory;
153
154 - copy file amavisd to wherever you want it to reside,
155 such as /usr/local/sbin, and make sure its protection setting allows it
156 to be executed and read, but not overwritten by non-privileged users.
157 This is a Perl source, so it is readable by any text viewer if needed.
158 cp amavisd /usr/local/sbin/
159 chown root /usr/local/sbin/amavisd
160 chmod 755 /usr/local/sbin/amavisd
161
162 - copy file amavisd.conf to wherever you want it to reside such as /etc, and
163 make sure it is not writable by non-privileged users, not even by amavis;
164 cp amavisd.conf /etc/
165 chown root:amavis /etc/amavisd.conf
166 chmod 640 /etc/amavisd.conf
167
168 (if the file contains sensitive information like a password for accessing
169 a SQL database, it should not be world-readable)
170
171 Some sites prefer location /etc/amavis/ or /usr/local/etc/. If using
172 a non-default location, one may use a command line option -c when
173 starting the daemon to specify a non-default configuration file,
174 or provide a soft link at the default location. Multiple -c options
175 are permitted and enable splitting the config file into sections such
176 as site-specific and general sections;
177
178 - create a directory (e.g. /var/virusmails) to be used by amavisd-new
179 as a quarantine area (if quarantining to files is desired).
180 Set ownership and protection of the directory to be readable and
181 writable by the chosen UID, and not writable by other non-privileged
182 users;
183 mkdir /var/virusmails
184 chown amavis:amavis /var/virusmails
185 chmod 750 /var/virusmails
186
187 - edit file /etc/amavisd.conf and adjust variables $daemon_group
188 and $daemon_user to match the chosen group and user name,
189 adjust variables $MYHOME, $TEMPBASE, $db_home and $QUARANTINEDIR
190 to match the directories just created, then check/adjust other variables,
191 for example:
192
193 $MYHOME = '/var/amavis';
194 $TEMPBASE = "$MYHOME/tmp";
195 $db_home = "$MYHOME/db";
196
197 Optionally, if $MYHOME is preferred uncluttered and for extra security
198 owned by root (not modifyable by user amavis):
199 $MYHOME = '/var/amavis';
200 $helpers_home = "$MYHOME/home";
201 $pid_file = "$helpers_home/amavisd.pid";
202 $lock_file = "$helpers_home/amavisd.lock";
203 in which case the ownership of /var/amavisd should be changed to root
204 and ownership of /var/amavis/home must be amavis:
205 chown root /var/amavis
206 chown -R amavis:amavis /var/amavis/home
207 chmod 750 /var/amavis /var/amavis/home
208
209 If $TEMPBASE resides on a dedicated file system, it may be prudent to
210 specify mount options: noexec,nosuid,nodev.
211
212 - install virus scanners (if they are to be used), and Perl module
213 Mail::SpamAssassin (if desired), and adjust variables in /etc/amavisd.conf.
214 There are several other Perl modules needed by amavisd daemon
215 (see 'Prerequisites') - if they are not yet installed, a list
216 of missing modules will be logged when amavisd is started;
217
218 - some virus scanners run as daemons or change UID when checking files.
219 It is easiest to run such virus scanners under the same UID/GID (or at least
220 within the same group) as amavisd, to avoid file permission problems
221 when virus scanner reads files prepared for checking by amavisd daemon.
222 Some virus scanners may require write permission to the $TEMPBASE directory
223 to be able to create auxiliary files there.
224
225 If a different UID is preferred for an AV scanner, a solution for ClamAV
226 is to add user clamav to the amavis group (e.g.: vscan:*:110:clamav
227 in a file /etc/group), and then add: AllowSupplementaryGroups yes
228 to clamd.conf.
229
230 - start the program 'amavisd', either as root (possibly with option
231 -u user), or with su(1) as the user chosen above. It should
232 start up, and (if root) change its GID/UID to the setting provided.
233 It is wise to start it up for the first time with a 'debug' option:
234 /usr/local/sbin/amavisd -u vscan debug
235 or:
236 /usr/local/sbin/amavisd debug
237 When checking SpamAssassin operations, the following can be useful:
238 /usr/local/sbin/amavisd debug-sa
239
240 - later when everything has been tested and works, a shell script
241 amavisd_init.sh or similar may be made to run at system startup/shutdown
242 time;
243
244 - depending on the mailer used, read the appropriate README.* file
245 and follow instructions there. With some mailers (Postfix, Exim V4
246 or a dual-MTA setup with any SMTP-capable mailers, including sendmail)
247 no helper program is needed.
248
249 With some other mailers (sendmail milter, or historical sendmail invoking
250 content filter via local delivery agent) one of the supplied helper
251 programs is needed: amavisd-milter.c, or amavis.c respectively. These are
252 available from the helper-progs subdirectory. The helper-progs/config.h.in
253 may need to be adjusted to match the system and amavisd configuration
254 settings. See also alternative sendmail milter supporting the new AM.PDP
255 protocol at http://sourceforge.net/projects/amavisd-milter/ .
256
257
258 NOTE:
259 Check amavisd-new web page at http://www.ijs.si/software/amavisd/
260 if there are any patches needed for external components, such as
261 Net::Server module or Razor agents.
262
263
264
265 Testing the daemon:
266 ===================
267
268 Initial checkout is described in MTA-specific README.* file,
269 please follow instructions there.
270
271 The subdirectory test-messages contains a couple of sample mail messages,
272 and brief instructions for testing are in file README there.