amavisd-new consists of the daemon, and optionally some helper programs,
which are only needed in setups with certain mail transport agents (MTA).
For Postfix, Exim-V4, and dual-sendmail setups no helper program is needed.
Obtaining the software:
=======================
Fetch the tarball and unpack it:
wget http://www.ijs.si/software/amavisd/amavisd-new-<version>.tar.gz
gzip -d -c amavisd-new-<version>.tar.gz | tar xvf -
cd amavisd-new-<version>
Checking the web page http://www.ijs.si/software/amavisd/ if there are
any any required last-minute patches, fetch and apply them, e.g.:
wget http://www.ijs.si/software/amavisd/amavisd-new-<version>-p1.patch
patch < amavisd-new-<version>-p1.patch
(or grab the tar file with patches already applied, if available).
The most important files thus obtained (and patched if necessary)
are amavisd and amavisd.conf.
Start reading with AAAREADME.first, then RELEASE_NOTES and INSTALL.
Prerequisites:
==============
file(1) utility is required, the most recent version is heartly recommended!
There are a number of security and robustness problems with earlier versions.
Use file(1) 4.06 or later to avoid it crashing upon seeing certain files
and to avoid possible control characters in its output.
Archive::Tar (Archive-Tar-x.xx)
Archive::Zip (Archive-Zip-x.xx) (1.14 or later should be used!)
Compress::Zlib (Compress-Zlib-x.xx)
Convert::TNEF (Convert-TNEF-x.xx)
Convert::UUlib (Convert-UUlib-x.xxx) (stick to the new versions!)
MIME::Base64 (MIME-Base64-x.xx)
MIME::Parser (MIME-Tools-x.xxxx) (latest version from CPAN - currently 5.415)
Mail::Internet (MailTools-1.58 or later have workarounds for Perl 5.8.0 bugs)
Net::Server (Net-Server-x.xx)
Net::SMTP (libnet-x.xx) (use libnet-1.16 or latter for performance)
Digest::MD5 (Digest-MD5-x.xx)
IO::Stringy (IO-stringy-x.xxx)
Time::HiRes (Time-HiRes-x.xx) (use 1.49 or later, some older cause problems)
Unix::Syslog (Unix-Syslog-x.xxx)
BerkeleyDB with bdb library 3.2 or later (4.2 or later preferred)
The following external programs are used for decoding/dearchiving
if they are available:
compress, gzip, bzip2, nomarch (or arc), lha, arj (or unarj),
rar (or unrar), zoo, cpio, lzop, freeze (or unfreeze or melt).
optional Perl modules:
Mail::SpamAssassin for doing spam scanning (recomm. 2.63 or 3.0)
DBI with appropriate DBD::* if using SQL lookups
Net::LDAP if using LDAP lookups
Authen::SASL if authenticating on mail forwarding and DSN
Mail::ClamAV if using Perl module interface to ClamAV library
SAVI if using Perl module interface to Sophos library
optional, but usually desired:
virus scanners external programs for doing virus scanning
External programs are available from:
file: ftp://ftp.astron.com/pub/file/
compress: ftp://ftp.warwick.ac.uk/pub/compression/
gzip: http://www.gzip.org/
bzip2: http://sources.redhat.com/bzip2/
nomarch: http://rus.members.beeb.net/nomarch.html
arc: ftp://ftp.kiarchive.ru/pub/unix/arcers/
lha: http://www2m.biglobe.ne.jp/~dolphin/lha/prog/
unarj: ftp://ftp.kiarchive.ru/pub/unix/arcers/
arj: http://testcase.newmail.ru/files/
rar, unrar: http://www.rarsoft.com/, ftp://ftp.kiarchive.ru/pub/unix/arcers/
zoo: ftp://ftp.kiarchive.ru/pub/unix/arcers/
cpio: ftp://ftp.gnu.org/pub/gnu/cpio
lzop: http://www.lzop.org/download/
freeze: ftp://ftp.warwick.ac.uk/pub/compression/
ClamAV: http://clamav.elektrapro.com/ (open source virus scanner)
SAVI: http://www.csupomona.edu/~henson/www/projects/SAVI-Perl/dist/
dspam: http://www.nuclearelephant.com/projects/dspam/
bdb: http://www.sleepycat.com/ (Berkeley db libr. used via BerkeleyDB)
Installing the daemon:
======================
- Perl version 5.8.2 or later is recommended. While 5.005 may theoretically
still be the lowest usable version, a bunch of problems were resolved in
later Perl versions which were reported to show in certain environments.
Some examples: taint bugs, socket descriptors not closed on exec,
Net::Server looping waiting for a socket connect, problems with handling
of UTF8/Unicode in Perl;
- create (or choose) a Unix group dedicated to run amavisd daemon
and possibly virus scanners. This should NOT be one of the
user or system groups, and not shared with mailer. It is customary
to name the group 'amavis' (or perhaps 'vscan' or 'sweep');
(edit /etc/group, or use system-specific tools, such as vigr)
- create (or choose) a Unix account (username and its UID) dedicated to run
amavisd daemon and possibly virus scanners. This should NOT be one
of the system or regular user accounts, and not shared with mailer
(most certainly do not use "root", and do not use "nobody" or an account
used by mailer, such as "postfix", "smmsp" or "mailnull"). It is customary
to name the user 'amavis' or 'vscan';
Choose a home directory (e.g. /var/amavis or /var/lib/amavis) for this user.
(use vipw, or system-specific tools to add a user)
Create its home directory, unless account creation procedure already did it:
mkdir /var/amavis
Create three subdirectories there, which may be needed in certain setups:
mkdir /var/amavis/tmp /var/amavis/var /var/amavis/db
Check or set the ownership and protection of the directories to be readable
and writable by the chosen UID, and not writable by other non-privileged
users;
chown -R amavis:amavis /var/amavis
chmod -R 750 /var/amavis
- unpack the source distribution (see 'Obtaining the software' above)
wherever desired (/usr/local/src or elsewhere), and cd to the directory;
- copy file amavisd to wherever you want it to reside,
such as /usr/local/sbin, and make sure its protection setting allows it
to be executed, but not overwritten by non-privileged users.
This is a Perl source, so it is readable by any text viewer if needed.
It is commented to provide setup information and some examples.
cp amavisd /usr/local/sbin/
chown root /usr/local/sbin/amavisd
chmod 755 /usr/local/sbin/amavisd
- copy file amavisd.conf to wherever you want it to reside such as /etc,
and make sure it is not writable by non-privileged users;
cp amavisd.conf /etc/
chown root /etc/amavisd.conf
chmod 644 /etc/amavisd.conf
Some sites prefer location /etc/amavis/ or /usr/local/etc/. If using
a non-default location, one may use the command line option -c when
starting the daemon to specify a non-default configuration file,
or provide a soft link at the default location.
- create a directory (e.g. /var/virusmails) to be used by amavisd-new
as a quarantine area (if a virus or spam quarantine is desired).
Set the ownership and protection of the directory to be readable and
writable by the chosen UID, and not writable by other non-privileged
users;
mkdir /var/virusmails
chown amavis:amavis /var/virusmails
chmod 750 /var/virusmails
- edit file /etc/amavisd.conf and adjust variables $daemon_group
and $daemon_user to match the chosen group and user name,
adjust variables $MYHOME, $TEMPBASE, $db_home and $QUARANTINEDIR
to match the directories just created, then check/adjust other variables,
for example:
$MYHOME = '/var/amavis';
$TEMPBASE = "$MYHOME/tmp";
$db_home = "$MYHOME/db";
Optionally, if $MYHOME is preferred uncluttered
and owned by root for extra security:
$helpers_home = "$MYHOME/var";
$pid_file = "$MYHOME/var/amavisd.pid";
$lock_file = "$MYHOME/var/amavisd.lock";
in which case the ownership of /var/amavisd may be changed to root
(not writable by the amavisd process).
- install virus scanners (if they are to be used), and Perl module
SpamAssassin (if desired), and adjust variables in /etc/amavisd.conf.
There are several other Perl modules needed by amavisd daemon
(see 'Prerequisites') - if they are not yet installed, a list
of missing modules will be logged when amavisd is started;
- some virus scanners run as daemons or change UID when checking files.
It is easiest to run such virus scanners under the same UID/GID (or at least
within the same group) as amavisd, to avoid file permission problems
when virus scanner reads files prepared for checking by amavisd daemon.
Some virus scanners may require write permission to the $TEMPBASE directory
to be able to create auxiliary files there.
- start the program 'amavisd', either as root (perhaps with option
-u user), or with su(1) as the user chosen above. It should
start up and (if root) change its GID/UID to the setting provided.
It is wise to start it up for the first time with a 'debug' option:
/usr/local/sbin/amavisd -u vscan debug
or:
/usr/local/sbin/amavisd debug
- later when everything has been tested and works, a shell script
amavisd_init.sh or similar may be made to run at system startup/shutdown
time;
- depending on the mailer used, read the appropriate README.* file
and follow instructions there. With some mailers (Postfix, Exim V4
or a dual-MTA setup with any SMTP-capable mailers, including sendmail)
no helper program is needed.
With some other mailers (sendmail milter, or historical sendmail invoking
content filter via local delivery agent) one of the supplied helper
programs is needed: amavisd-milter.c, or amavis.c respectively. They are
available from the helper-progs subdirectory. The helper-progs/config.h.in
may need to be adjusted to match the system and amavisd configuration
settings.
NOTE:
Check amavisd-new web page at http://www.ijs.si/software/amavisd/
for any patches needed for external components, such as Net::Server
module and Razor agents!
Testing the daemon:
===================
Initial checkout is described in MTA-specific README.* file,
please follow the instructions there.
The subdirectory test-messages contains a couple of sample mail messages,
and brief instructions for testing are in file README there.