Articles December 20, 2004 at 4:30 pm

Updated Spam/Virus controls for OS X Server

These instructions have been successfully followed and tested on the following OSXS Versions

10.2.6, 10.2.8, 10.3.0, 10.3.4, 10.3.5, 10.3.6, 10.3.7, 10.4-DEV

With so many Articles out there, it’s hard to find one that contains all of the instructions required to do an install without problems so I have put this together in the hopes that it makes the installation as easy and painless as possible.

This is an updated version of Joel's Article and was used as the starting point for what I hope includes all of the required installation instructions and related information.

Updated 12/20/2004

The use of fink to install modules and libraries has not been considered due the non-canonical locations that software is stored.

These instructions work if they are followed as described, the author warrants no merchantability or fitness for a particular purpose and is not meant to be educational material for those who do not understand the instructions as they are provided.



    1. – Introduction and Prerequisites

    2. – Getting the archives
    3. – Unpacking the archives
    4. – Building BerkeleyDB
    5. – Building gmp
    6. – Building ClamAV
    7. – Installing amavisd-new with SpamAssassin
    8. – Installing the Startup Item
    9. – (Optional) Installing the Log Roll Item



  1. – Introduction and Prerequisites
  2. This article covers using amavisd to provide spam and virus controls to Postfix. This method will provide server-wide spam and virus filters for all incoming and outgoing mail. It’s a very robust system and can be easily configured to provide a number of different site-specific options for your users. However, combating unwanted e-mail is an ongoing war and not just a single engagement. This article will describe a good beginning to a full-featured mail system, but you should not stop here.

    This process works as a content filter for postfix. This means that Postfix will receive the e-mail and then pass it off, using an SMTP connection to port 10024 on the local machine, to amavisd before doing any actual processing of it. Amavisd will then run the mail through ClamAV, for virus detection, and then SpamAssassin, for spam detection. If the e-mail passes both sets of tests amavisd will then return the e-mail to Postfix by using an SMTP connection to port 10025 on the local machine. At this point Postfix will then deliver the mail to the POP/IMAP server that you are using.

    If you are using OS X 10.2 you’ll need to first upgrade your installation of Perl to 5.8 or higher.

    I opted to build Perl from source just to see what was involved and it’s a fairly complex install so I wont be going into details on it’s install process.

    If you don’t want to build Perl from source, you can grab an installer from Aron Faby’s site at http://www.serverlogistics.com/downloads-jag.php#perl.

    Also note that if you have Perl support enabled in Apache under Mac OS X Server 10.2.x, you must disable it, as Faby’s Perl 5.8 is not compatible with Apple’s supplied Perl modules.

    Download the Perl updater and double-click to install.

    Examine the Macintosh.tar.gz tarball included with amavisd-new and ClamAV for updated files and installation instruction, these files will be updated to correspond with it’s released version as required.

    The files included in the Macintosh tarball provide a way to start the service without logging in as well as a way to manually start, stop and reload the service and include a ‘log-rolling’ option that is easy to implement.

    Setting up the user/group. (10.3.x can use method a or b)

    a).
    % sudo dscl localhost -create /NetInfo/root/Groups/mailtransport

    % sudo dscl localhost -create /NetInfo/root/Groups/mailtransport gid 30

    % sudo dscl localhost -create /NetInfo/root/Users/mailtransport

    % sudo dscl localhost -create /NetInfo/root/Users/mailtransport uid 30

    % sudo dscl localhost -create /NetInfo/root/Users/mailtransport gid 30

    % sudo dscl localhost -create /NetInfo/root/Users/mailtransport shell /bin/tcsh

    % sudo dscl localhost -create /NetInfo/root/Users/mailtransport home /tmp

    % sudo dscl localhost -create /NetInfo/root/Users/mailtransport passwd "*"

    b). (10.2.x only)
    % sudo niutil -create . /groups/mailtransport

    % sudo niutil -createprop . /groups/mailtransport gid 30

    % sudo niutil -create . /users/mailtransport

    % sudo niutil -createprop . /users/mailtransport uid 30

    % sudo niutil -createprop . /users/mailtransport gid 30

    % sudo niutil -createprop . /users/mailtransport shell /bin/tcsh

    % sudo niutil -createprop . /users/mailtransport home /tmp

    % sudo niutil -createprop . /users/mailtransport passwd "*"

    Setting up the folders.

    % sudo mkdir /var/amavis

    % sudo mkdir /var/amavis/tmp

    % sudo mkdir /var/amavis/db

    % sudo chown -R mailtransport:mailtransport /var/amavis

    % sudo chmod -R 750 /var/amavis

    % sudo mkdir /var/virusmails

    % sudo chown mailtransport:mailtransport /var/virusmails

    % sudo chmod 750 /var/virusmails

    % sudo touch /var/amavis/whitelist_sender

    % sudo mkdir /var/clamav

    % sudo chown mailtransport:mailtransport /var/clamav

    % sudo chmod 0750 /var/clamav

    % sudo mkdir /var/log/mailtransport

    % sudo touch /var/log/mailtransport/clamd.log

    % sudo touch /var/log/mailtransport/freshclam.log

    % sudo chmod 0644 /var/log/mailtransport/clamd.log

    % sudo chmod 0644 /var/log/mailtransport/freshclam.log

    % sudo chown mailtransport /var/log/mailtransport/clamd.log

    % sudo chown mailtransport /var/log/mailtransport/freshclam.log



  3. – Getting the archives
  4. Download amavisd-new, ClamAV, db (BerkeleyDB), gmp.

    The official URLs for these libraries are:

    amavisd-new
    http://www.ijs.si/software/amavisd/
    ClamAV
    http://sourceforge.net/projects/clamav/
    BerkeleyDB
    http://www.sleepycat.com/download/db/
    gmp
    ftp://ftp.gnu.org/gnu/gmp/

    You can choose to download either Gzipped (.gz or .tgz extensions) or Bzipped (.bz2 extension) archives, since the latter are smaller. In any case, I advise to locally compute and compare MD5 checksums, if the distribution home lists them. You do that by executing:

    % md5 <filename>



  5. – Unpacking the archives
  6. With all archives in the same directory, do:

    % ls *.gz | xargs -n 1 tar zxvf

    (I know, xargs is evil). If you downloaded any Bzipped archives, do:

    % ls *.bz2 | xargs -n 1 tar jxvf

    (when done it would be helpful to reduce the folder names without the version numbers)

    ex.
    % mv ./clamav-0.80 ./clamav

    Now for a little cleanup.

    % sudo rm -r *.gz



  7. – Building BerkeleyDB
  8. Don’t install BerkeleyDB using an installer package, build it from source using the following instructions

    % cd ../db/build_unix

    % ../dist/configure --prefix=/usr --mandir=/usr/share/man --sysconfdir=/etc

    % make; sudo make install

    % cd ../



  9. – Building gmp
  10. % cd ../gmp

    % ./configure --prefix=/usr --mandir=/usr/share/man --sysconfdir=/etc --enable-devel

    % make; sudo make install



  11. – Building ClamAV
  12. % cd ../clamav

    % ./configure --prefix=/usr --mandir=/usr/share/man --sysconfdir=/etc --enable-bigstack --with-user=mailtransport --with-group=mailtransport

    % make; sudo make install

    Open /etc/freshclam.conf and make the following changes.
    (“Example” is an actual line to be deleted or commented out)

    # Example

    UpdateLogFile /var/log/mailtransport/freshclam.log

    LogVerbose

    PidFile /var/clamav/freshclam.pid

    DatabaseOwner mailtransport

    DNSDatabaseInfo current.cvd.clamav.net

    DatabaseMirror database.clamav.net

    MaxAttempts 5

    Checks 24

    Open /etc/clamd.conf and make the following changes.
    (“Example” is an actual line to be deleted or commented out)

    # Example

    LogTime

    LogFile /var/log/mailtransport/clamd.log

    LogVerbose

    PidFile /var/clamav/clamd.pid

    LocalSocket /var/clamav/clamd.sock

    MaxThreads 20

    SelfCheck 1800

    User mailtransport



  13. – Installing amavisd-new with SpamAssassin
  14. % cd ../amavisd

    Next we need to move the files to their working locations.

    % sudo cp amavisd.conf-sample /etc/amavisd.conf/

    % sudo chown root /etc/amavisd.conf

    % sudo chmod 644 /etc/amavisd.conf

    % sudo cp amavisd /usr/bin/

    % sudo chown root /usr/bin/amavisd

    % sudo chmod 755 /usr/bin/amavisd

    Now we need to get some perl modules installed. CPAN makes this easy, but we will have to force one or two of them to go. I haven’t come across any problems with this in testing, but do keep an eye on things. Also, when you are installing these perl modules you may run across dependencies that you don’t have installed yet. Please respond in the affirmative when it asks you if you want them installed too.

    % sudo perl -MCPAN -e shell

    Now you are in the CPAN system. You will then type in the next four commands which will install the modules. Some of these modules may ask if you want to install the dependencies., say "yes" to this.

    cpan> install Archive::Tar Archive::Zip BerkeleyDB Compress::Zlib Convert::UUlib Digest::MD5

    cpan> install IO::Stringy Mail::ClamAV Mail::Internet Mail::SpamAssassin MIME::Base64 MIME::Parser

    cpan> install Net::SMTP Net::Server Time::HiRes Unix::Syslog Digest::SHA1

    cpan> force install Convert::TNEF Net::SMTP

    Finally exit out of CPAN.

    cpan> quit

    If you experience problems building any of the perl modules, you probably have CPAN configured to not follow dependancies and any module that requires another module to be installed will fail to install, reconfigure your perl to prompt for dependent modules rather than ignore them.

    You now need to edit your amavisd config file. You can find it at /etc/amavisd.conf. This file contains a huge number of options that will pretty much determine your spam and virus policies for your server. You should familiarize yourself with this file so that you get the desired results from this system. It’s rather well commented so you shouldn’t need to mess with it too much. Although there are a few directives that you will need to change before you are able to launch amavisd.

    In Section I you’ll need to change

    $MYHOME to “/var/amavis

    $mydomain to your main e-mail domain.

    $myhostname to your FQDN.

    $daemon_user should be set to “mailtransport

    $daemon_group should be set to “mailtransport

    $pid_file to “$MYHOME/amavisd.pid

    $lock_file to “$MYHOME/amavisd.lock

    $unix_socketname to “$MYHOME/amavisd.sock

    Section II and III you can leave alone.

    Section IV will require you to make some decisions. This section determines what happens when an e-mail is determined to be a spam or virus e-mail. Here you can specify the notification templates for what your bounce messages say. More importantly you an determine what you’ll do with spam and virus e-mails.

    The final destiny variables are what you are interested in here. By default amavisd will bounce all spam back to the sender. You may find that this clogs up your mail system attempting to be nice to spammers. If that’s the case you can set this to D_DISCARD which will effectively delete the mail in question.

    You will also want to set your $virus_admin and $spam_admin settings where the respective notifications will be sent.

    The quarantine settings allow you to specify where the spam and virus e-mails will be stored. If you are interested in keeping the e-mails you can direct them to an e-mail address or folder, otherwise you can set these to “undef” which will delete the mails. If you do keep them, make sure you clean the folder out on a regular basis or else you’ll fill your drive up.

    Section V sets up white and black lists for amavis. Use these to add in any domains that you know are good or bad.

    Section VI you can leave alone.

    Section VII is where you specify when e-mail is tagged as spam. The sa_tag levels determine when to quarantine spam mails and when to kill them. Also in this section you’ll want to uncomment and ammend the clamd section to look something like this when done:

    ['Clam Antivirus-clamd',
    \&ask_daemon, ["CONTSCAN {}n", "/var/clamav/clamd.sock"],
    qr/bOK$/, qr/bFOUND$/,
    qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],

    Section VIII and IX you can leave alone.

    Now we can edit the Postfix files, first you need to add the following lines to /etc/postfix/main.cf it will tell Postfix to run amavisd as a content filter before delivery.

    <pre><code>
    # =====================================================
    #                    amavis-new/ClamAV
    # =====================================================
    #
    content_filter=smtp-mailtransport:[127.0.0.1]:10024</code>

    Once these changes have been made you can save and close this file.

    Now add the following to /etc/postfix/master.cf:

    <pre><code>#
    # =====================================================
    #                    amavis-new/ClamAV
    # =====================================================
    #
    smtp-mailtransport unix -       -       y       -       2       smtp
       -o smtp_data_done_timeout=1200
       -o smtp_send_xforward_command=yes
       -o disable_dns_lookups=yes
    127.0.0.1:10025 inet n       -       y       -       -       smtpd
       -o content_filter=
       -o local_recipient_maps=
       -o relay_recipient_maps=
       -o smtpd_restriction_classes=
       -o smtpd_client_restrictions=
       -o smtpd_helo_restrictions=
       -o smtpd_sender_restrictions=
       -o smtpd_recipient_restrictions=permit_mynetworks,reject
       -o mynetworks=127.0.0.0/8
       -o strict_rfc821_envelopes=yes
       -o smtpd_error_sleep_time=0
       -o smtpd_soft_error_limit=1001
       -o smtpd_hard_error_limit=1000
       -o receive_override_options=no_header_body_checks</code>

    Once these changes have been made you can save and close this file.



  15. – Installing the Startup Item
  16. Move the "MAILTRANSPORT" folder to “/System/Library/StartupItems/".

    % sudo mv MAILTRANSPORT /System/Library/StartupItems/

    % sudo chown root:admin /System/Library/StartupItems/MAILTRANSPORT/*

    % sudo chmod 0755 /System/Library/StartupItems/MAILTRANSPORT/MAILTRANSPORT

    Note: You can also place the folder in /Library/StartupItems/

    Open /etc/hostconfig with an editor and insert the following line:

    "MAILTRANSPORT=-YES-"

    With the flag set to "-YES-", the service will be enabled at startup.

    If you wish to disable auto startup at any time, set "MAILTRANSPORT=-NO-" in /private/etc/hostconfig and it will disable this service and prevent manually starting it.

    With the service enabled, you can start, stop and reload the service manually at any time from terminal with one of the following commands:

    % sudo SystemStarter start "MAILTRANSPORT"

    % sudo SystemStarter stop "MAILTRANSPORT"

    % sudo SystemStarter restart "MAILTRANSPORT"

    A safety has been built in preventing you from starting the service if you have disabled it in the /private/etc/hostconfig file.



  17. – (Optional) Installing the Log Roll Item
  18. First we move the mailtransport folder to the periodic folder and create some files.

    % cd logroll

    % sudo touch /var/log/mailtransport/amavis.log

    % sudo chmod 0644 /var/log/mailtransport/amavis.log

    % sudo chown mailtransport /var/log/mailtransport/amavis.log

    % sudo mv ./mailtransport /etc/periodic/

    % chmod 0755 /etc/periodic/mailtransport

    % chmod 0755 /etc/periodic/mailtransport/*

    % chown root:wheel /etc/periodic/mailtransport

    % chown root:wheel /etc/periodic/mailtransport/*

    Using your favorite editor, edit /etc/crontab and add the following entry:

    30 4 * * 0 root periodic mailtransport

    Next, we need to create a link to this file for periodic to access it with.

    % cd /etc

    % sudo ln -s periodic/mailtransport/500.mailtransport mailtransport

    % sudo touch /var/log/mailtransport/amavis.log

    Make the following changes to amavisd.conf:

    $LOGFILE to “/var/log/mailtransport/amavis.log

    $DO_SYSLOG to 0

    Finally, we need to add our entry into the periodic config file located
    at /etc/default/periodic.conf using your favorite editor.

    # mailtransport options
    # These options are used by periodic(8) itself to determine what to do
    # with the output of the sub-programs that are run, and where to send
    # that output.
    #
    mailtransport_output="/var/log/mailtransport.out" # user or /file
    mailtransport_show_success="YES" # scripts returning 0
    mailtransport_show_info="YES" # scripts returning 1
    mailtransport_show_badconfig="NO" # scripts returning 2

    This step is not required but I like to be able to see my available options so I have also edited /usr/share/man/man8/periodic.8 and /usr/share/man/cat8/periodic.8.gz to include my added routines.

    To edit the periodic.8.gz you must first unpack it, I recommend you use BBEdit to edit the file since it has an option to show invisible characters and this file is riddled with them.

    After you have made your additions to this file, repack it (gz) and place it back in the /usr/share/man/cat8 folder and your done.

    (It will roll the logs once a week and retain the 8 previous weeks of the logs.)

    The grand finally is to start the service and restart postfix.

    % sudo SystemStarter start "MAILTRANSPORT"

    % sudo postfix reload



    NOTE:

    Additional patch files may be included in the Macintosh archive ‘Macintosh.tar.gz’ for advanced/modified features, please see included ‘README’ for related information.


No Comments

  • I cleary state in the article that you will have to reconfigure cpan if you are not
    set to ask about dependancies, install the missing modules.

    • To be fair though it would appear that for whatever reason cpan won’t
      prompt you to install Inline::C even though it does prompt for all of the other
      modules. Apart from that though, flawless install from my point of view.
      Excellent instructions, thanks!!

  • perhaps you missed a step, looks like some modules aren’t installed.

  • You are receiving this mesage because you didn’t edit the two postfix files as
    directed.

    • Actually they most likely did edit their postfix files but the changes are
      probably being overwritten. If you use server admin to stop and start postfix,
      it will nuke the changes thet you make to the master.cf file. I found that I had
      to delete the master.cf.defaultserver.swap and make the identical changes to
      both the master.cf and master.cf.defaultserver files in order to get the
      modifications to stick.

      This was actually covered in the original article on AFP548.com but for some
      reason this information didn’t carry over to the updated version. http://
      http://www.afp548.com/article.php?story=20040722203023941

  • Is there a way to allow users to train Spamassassin to improve their filtering?
    A GUI would really be the best. Or, perhaps an email address that users
    could forward spam to that would automagically add it to the spam db? Or,
    have sa-learn search their Junk folder every week and train it thereby? You
    know, something relatively easy like that which wouldn’t require them to go
    command line. Thanks!

  • I had no issues on the install of all items, thanks to the great directions in
    this article. The only problem I cam across was in section 8, Installing the
    Strat up item. When was the AMAVISCLAMAV folder created? If it was created
    during an earlier install, where is it located?

  • The instructions for building BerkeleyDB are very clear.

    The installed location is assigned in the configure command so there is
    absolutely no need to generate any links to any folders for this or any other
    software required for this process unless;

    a) you wish to make use of existing software which means you will need to
    make adjustments to these instructions to use your pre-existing software.

    b) you believe you have a better process and thus must make adjustments to
    these instructions to utilize your better process.

  • I thought I had it all worked out, but not quite — so I registered a user name for this and will now find out if I logged in correctly.

    I seem to have it running, though not the latest instructions, but with the user clamav and the startup item AMAVISCLAM. I will go through everything and looke for differences (why change the user and group names? clamav is pretty clear and a lot shorter)

    From my maillog I get some unexpected results, that I don’t understand.
    This is complaining becuase it is looking for a file named partsn that doesn’t exist — there is one called parts. There are some places in the /etc/amavisd.conf where commented out programs would create similar named files, but nothing that explains it.

    Dec 20 21:40:24 localhost amavis[26690]: (26690-04) ask_av (ClamAV-clamd) FAILED
    – unexpected result: /var/amavis/tmp/amavis-20041220T211558-26690/partsn: Acces
    s denied. ERROR\n

    I also get this message

    Dec 20 21:44:59 localhost amavis[26691]: (26691-04) WARN: all primary virus scanners failed, considering backups

    Yet it seems to be working well. When I sent a virus to myself it was caught and rejected.

    • There is an error in the clam configuration that is placed in amavisd.com

      "CONTSCAN {}n" should read "CONTSCAN {}\n"

      therefore it should appear as follows:

      [‘Clam Antivirus-clamd’,
      \&ask_daemon, ["CONTSCAN {}\n", "/var/clamav/clamd.sock"],
      qr/bOK$/, qr/bFOUND$/,
      qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],

      making this change eliminates the partsn error.

      • Still some backslashes missing before OK and FOUND. The correct form is:

        [‘Clam Antivirus-clamd’,
        \&ask_daemon, ["CONTSCAN {}\n", "/var/clamav/clamd.sock"],
        qr/\bOK$/, qr/\bFOUND$/,
        qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],

  • The omision of the backslash has been corrected, it was placed in the article
    but had to be changed to the ‘& #92;’ to be visible.

    Regarding BerkeleyDB, the instruction install it in ‘/usr’ so there should not be
    an issue with creating any links ‘/usr/local’ unless you don’t install it usng the
    provided instructions.

    If you adhere to the instructions, the installation will go smoethly and without
    conflicts.

    Since no instructions are provided asking you to install CPAN, libnet or LWP
    this should not be an issue.

    Carefull thought went into this installation, it places things in canonical
    locations and other software should not have an issue with locating any of the
    installed software or libraries.

    I have tested and followed these instructions on the listed OS’es and have not
    encountered any problems.

    What amazes me is that the article clearly asks the user to examine amavisd-
    new and ClamAV for a Macintosh.tar.gz archive which contains all of the
    required additional software and updated instructions yet I still see questions
    about locating the ‘AMAVISCLAMAV’ (now ‘MAILTRANSPORT’) folder.

    Biggest problem is people skim over looking for a quick fix and miss out on
    potentially important information, it’s always wise to read and then re-read the
    instructions before attempting any installation.

    • i don’t understand why every couple of weeks the comments are cleared from
      all of serversolutions articles??? most of these questions that are stumping
      people have been answered by people tips, but they seem to disappear.

      • The original article was deleted which deleted the posts then the article was
        recreated, since then, issues regarding the editor have been corrected for IE
        (my choice of browser) so comments shouldn’t be deleted any more however I
        am receiving errors when replying to messages

        Warning:
        Unknown modifier ‘8’ in /Library/WebServer/geeklog/plugins/
        spamx/MTBlackList.Examine.class.php on line 52

        which I’m
        told is due to script changes.

    • How very true. How could anyone not read and re-read a nice article like this that is updated to perfection by putting together segments of instructions from around the web and manuals into a nice one-stop read? Quit being lazy and at least read line for line, and dare I say jimmy with the configs to tailor to your needs!?!
      All works as promised! No problems or hiccups that others are having. If we were on ebay, this would get a positive score!
      Superb.

    • You’d probably get fewer questions about the Macintosh.tar.gz file if you put that reminder in step 3 or step 6, where people are looking at the amavisd folder, instead of step 1, where they haven’t even downloaded it yet.

  • Or… you might consider installing ASSP instead. It’s definitely worth taking a look. The one caveat I should note is that I’ve only done a test install of ASSP on our XServe. We aren’t handling mail from it yet. However, I’ve been running ASSP 1.09 on our Redhat Linux box for over a year with great results (currently running about 10,000 message a day through it, 75% of which is spam, and receiving

    The thing I like about it the most is that ASSP 550 Rejects the spam before it ever clogs the mail queue. Also, while it can be set up to do virus filtering in the latest incarnation, the default settings for rejecting .pif, .scr, .exe etc attachments filter almost all viruses out to start with and take practically no CPU power to do so.

    If you decide to go that route, the two HOW-TOs of specific interest are probably:

    1. ASSP and SIMS on Mac OS X. This has info on making a startup item for ASSP and some other good stuff, but he’s using Stalker’s product, so you also need to look at the postfix config.
    2. ASSP & Postfix which details how to point postfix at a different port number. Note: Use the second post, not the first for best results.

  • I am having problems with parts of the article. In ‘Installing the Startup Item’,
    there is the statement:

    Move the "MAILTRANSPORT" folder to "/System/Library/StartupItems/"

    Where is the ‘MAILTRANSPORT’ folder in the first place. Do I download it from
    somewhere?

    Also, there is a similar reference to ‘logroll’ in the article:

    cd logroll

    WHere is this directory supposed to be found?

    EH

    • simply rename the folder (amavisclamav) to MAILTRANSPORT…also you probably
      have to rename the program and .plist file in the folder.

      or you could put amavisclamav in the instructions instead of MAILTRANSPORT
      for the folder….but the changes add more consistency.

  • … simply marvelous!

    I enjoyed the article as well as the fact that it works!

    I’m seeing Apple in the back end enterprise more and more.

    Thanks for the hard work at putting this together, very much appreciated!

  • thank you for the update. my loggrolling was spawning a whole bunch of processes and consuming my machine up in the old how-to.

    so a couple of question.

    1 how do i unisntall the old user and programs and reinstall this.

    2 how does this differ from apple’s how-to. More complete i guess?

    http://developer.apple.com/server/virusfiltering.html

  • thank you for the update. my loggrolling was spawning a whole bunch of processes and consuming my machine up in the old how-to.

    so a couple of question.

    1 how do i unisntall the old user and programs and reinstall this.

    2 how does this differ from apple’s how-to. More complete i guess?

    http://developer.apple.com/server/virusfiltering.html

  • Great article.

    Questions:
    Will this provide each mail user Bayesian spam filtering and corpus database that can be maintained by himself/herself? In another word, can each mail user have and update his/her own corpus spam database and maintain white/black list?
    Can these be done by modifing the config file?

    Thank you for your answers in advance.

    Mach5

  • This article assumes one of the following:

    1) you have no clue what you are doing you must follow the instructions
    exactly as stated.

    2) you know what your doing and know what changes to make to use
    software/modules installed in other locations.

    3) if you can’t install the perl BerkeleyDB module then you didn’t install the
    BerkeleyDB binary as instructed.

    4) if you have a can’t connect to socket mesage then something isn’t running
    or you didn’t follow the directions.

    5) if you can’t find the logroll or startup item folders then you didn’t read the
    instructions.

    6) if you leave a message as an anonymous user, maybe one of the other
    users might respond to you.

  • I have installed this on a few servers and they all worked fine. Now I am trying
    to reinstall it on a restored server. I donwloaded new binaries and ran the
    installs. But when I try to start amavisd I get the following:
    Problem in Amavis::DB or Amavis::DB::SNMP code:
    BerkeleyDB needs compatible versions of libdb & db.h
    you have db.h version 4.3.21 and libdb version 4.3.27
    Compilation failed in require at (eval 34) line 11.
    BEGIN failed–compilation aborted at (eval 34) line 11.

    The annoying thing is that I checked the header in /usr/include/db.h and it
    says:
    /*
    * Berkeley DB version information.
    */
    #define DB_VERSION_MAJOR 4
    #define DB_VERSION_MINOR 3
    #define DB_VERSION_PATCH 27
    #define DB_VERSION_STRING "Sleepycat Software: Berkeley DB 4.3.27:
    (December 22, 2004)"
    So who or what is claiming that it is a different version?

    Thanks for any help.

    • look in /usr/local/include/db.h, this is occuring becuase /usr/local/include
      is checked before /usr/include and you probably have a different version
      installed there.

      The instructions are explicitly defined and deviation usually doesn’t work
      unless you know exactly what your doing so, if it’s not working you missed a
      step or did something not as described.

      Always download the latest devel of ClamAV or amavisd-new to obtain the
      latest Macintosh.tar.gz file with current instructions.

      In the latest devel, it has been updated to support amavis-stats-0.1.13 which
      should be available for download as soon as Mark can get around to it.
      (you can preview at http://www.daleenterprise.com/amavis-stats )

      I’m also in the process of writing a GUI that will handle all of the main.cf/
      master.cf/hostconfig edits, start and stop the whole process and function
      pretty much like the MySQL Manager GUI but allow you to specify
      configuration options so no manual editing is required.

      — Dale

      • Hmmm. There is, in fact, no other version of db.h on that drive (other than
        the four that are in the db install folder. The only thing I have in my /usr/
        local/include folder is clamav.h. Again, I have followed these instructions
        several times before and they have always worked for me. I have not deviated
        from the installation procedures. This morning I threw away everything in the
        avinstall folder and downloaded new copies, amavisd-new.2.2.1, clamav
        0.81, berkeley db 4.3.27, and gmp 4.1.4. I went line by line again this
        morning and still got the same error. There must be something left over from
        an older version but I don’t know what to delete in order to get a fresh install.
        Is there a list of folders/files that I should remove or rename so that I can get
        a fresh install?

  • Instead of:

    cpan> install Mail::clamAV

    try this:

    cpan> install Mail::ClamAV

    At http://www.clamav.net/doc/0.81/MacOSX/ you will find the
    exact copy of this article, the only difference is, as I could see, this "C" letter.

  • I just finished upgrading from the earlier version of this article and it seems
    that I am getting some messages to go through but other seem to be getting
    postfix/qmgr[333]: warning: connect to transport smtp-amavis:
    Connection refused
    errors, I have double checked all the
    information and I think I have everything write, the only thing that I noticed
    was it seemed like clamav is writing it’s socket in /var/clamav/clamav.sock is
    this from the old version’s config file not being overwritten with the new one?
    I changed the amavisd config to point to this sock, or should I remove all the
    old config files and re-install them?

    Sam D

  • Problem: Inline::C refuses to install, saying "Couldn’t find diagnostic data."

    Cause: Inline.pm requires perldiag.pod, which is only installed if you install the XCode Documentation package.

    Solution: Enter the following commands:

    sudo mkdir /System/Library/Perl/5.8.1/pods
    curl -O http://public.activestate.com/gsar/APC/perl-current/pod/perldiag.pod
    sudo mv perldiag.pod /System/Library/Perl/5.8.1/pods/perldiag.pod

    Then install Inline::C via CPAN again.

  • OK – i thought i had followed the steps exactly…. but when I try to start up
    the mailtransport item with the SystemStarter, I get the following:

    Welcome to Macintosh.
    Unable to open parameters file /System/Library/StartupItems/Sendmail/
    StartupParameters.plist for item Sendmail. (No such file or directory)
    Initializing network
    Starting MAILTRANSPORT
    Waiting for MAILTRANSPORT
    Scalar found where operator expected at /etc/amavisd.conf line 84, near
    "$TEMPBASE"
    (Missing semicolon on previous line?)
    Error in config file "/etc/amavisd.conf": syntax error at /etc/amavisd.conf line
    84, near "$TEMPBASE "
    MAILTRANSPORT (6439) did not complete successfully.
    The following StartupItems failed to properly start:
    /Library/StartupItems/MAILTRANSPORT – execution of Startup script
    failedStartup complete.
    Hangup

    So, what’s the syntax error?

    Here’s what I see in TextWrangler from line 83-85:
    #$TEMPBASE = "$MYHOME"; # (must be set if other config vars use is)
    $TEMPBASE = "$MYHOME/tmp"; # prefer to keep home dir /var/
    amavis clean

    Changing the double-quotes to single and so on had no effect.

    Am I just really dense and mis-copied something?

  • Just tried installing this for the first time on a live server, after sucessfuly testing it on a test server, and no joy.

    We get the following:

    Problem in the antispam code: Can’t locate Mail/SpamAssassin.pm in @INC (@INC contains: /System/Library/Perl/5.8.1/darwin-thread-multi-2level /System/Library/Perl/5.8.1 /Library/Perl/5.8.1/darwin-thread-multi-2level /Library/Perl/5.8.1 /Library/Perl /Network/Library/Perl/5.8.1/darwin-thread-multi-2level /Network/Library/Perl/5.8.1 /Network/Library/Perl) at (eval 39) line 13.
    BEGIN failed–compilation aborted at (eval 39) line 13.

    I’m assuming that this is something to do with the CPAN installation. The test server was pretty much out of the box so we just went with the defaults. This server already had had some Perl tools installed for other services – could that be the cause. There doesn’t seem to be a SpamAssassin.pm file in any of the @INC folders, so I’m assuming that’s the problem – I just need to know why it isn’t there and at which point is (should) it (be) created?

    Cheers

    • Ah ah! Spotted what it was – it was in the cpan part and running it again, I kept my eye out for errors. Cpan reports an error of :

      Warning: Cannot install Mail::spamAssassin, don’t know what it is.
      Try the command

      i /Mail::spamAssassin/

      It’s actually after Mail::SpamAssassin. When we ran this on the test, one of us was reading the other typing and automatically typed it with the upper case ‘S’. When doing it for real we copied and pasted!!

      It’s always the little things that get ya!!

  • Hi…

    Excellent article.

    After following this installation everything seemed to be working fine, except
    that some attachments (I’ve noticed PDF’s and JPEGS) are being corrupted.

    Any ideas? I would have thought the e-mail would simply be sent through
    untouched if it was uninfected, rather than being re-encoded.

    Thanks!
    Shay

  • I got most of it running but some questions arose, maybe some of you are
    willing to answer them:

    First I would like to indicate a typo. When adding spamassassin via CPAN the
    author lists mail::spamassassin. However if you look closely you’ll see that it
    can’t find spamassassin. Just write SpamAssassin and you’ll be fine.

    Furthermore I found out I needed the XCode development tools in order to
    successfully compile berkeley and others. May sound obvious to you but I
    didn’t realise it 🙂

    I can’t seem to understand the instructions for the log rolling. The first
    command makes no sense to ma as there is no dir called logroll. Then you
    want to move the mailtransport dir but which mailtransport dir that is is
    unclear to me. It’s *not* the dir with the logs in it, that’s for sure. Could you
    shine a light on this ?

    Along the process I made some typos myself but was able to correct them all
    and everything (except the log rolling) seems to work now. In the incoming
    email I notice a header from amavis and in the SMTP log I can see than an
    email was found to be clean but I don’t see anything that indicates a spam
    check has been issued and/or processed. Did I miss something ?

    Last but not least…

    • I noticed the same thing.

      In my mail header, I have:

      X-Virus-Scanned: amavisd-new at domain.com

      But no mention of it passing a spam filter.

      How can we verify that the spam filter is working? I just got some spam, it is
      also missing the header info.

      Thanks!

      • Double check your @local_domains_maps = setting. If this isn’t correct then
        then SpamAssassin tags will never be added because this only happens if
        amavisd determines that the message is for a local user.

  • I had spamassassin running with procmail, and following these instructions to add amavisd and clamav worked great, thank you for the good summary – would have been crawling through READMEs for days without this.

    Some notes:

    I prefer to install 3rd party stuff in /usr/local – putting symlinks in /usr/bin and /usr/sbin to the appropriate daemons under /usr/local works fine for me:

    /usr/bin/amavisd@ -> /usr/local/bin/amavisd
    /usr/bin/freshclam@ -> /usr/local/bin/freshclam
    /usr/sbin/clamd@ -> /usr/local/sbin/clamd

    I put my MAILTRANSPORT startup item in /Library/StartupItems and was not able to use the SystemStarter method of starting it up. But running ‘/Library/StartupItems/MAILTRANSPORT/MAILTRANSPORT start’ worked.

    HUP’ing (soft reset) postfix does not seem to work and/or load master.cf – actually I’m not sure what it’s not doing. Errors were to the effect of ‘smtp-mailtransport not found’ (which I see some others are experiencing). When did a hard shutdown and restart of postfix, it works fine, and is delivering mail to amavisd. This might be because of the way my /etc/hostconfig file was setup – for some reason in OSX Panther (10.3.x), MAILSERVER is set to -NO-. I’ve changed this to YES, but things are working right now (and it’s a production server), so leaving well enough alone for the moment. 🙂

  • For those of you who may be unfamiliar with how to patch files, this is how to
    apply the three patches for Berkeley DB 4.3.27. The patch files may not show up
    depending on where you try and download BDB from. If you go here http://
    http://www.sleepycat.com/download/index.shtml as of 4.3.27 there will be three
    patch files. Save the patch files to your BDB directory. Now just run patch -p0 <
    patchfile where patchfile is the name of the file itself. For example patch -p0 <
    patch.4.3.27.1

  • Very nice stuff! Thanks for posting this. One small tip; when executing
    multiple commands that are dependent on each other in a single shell line,
    use && (logical AND) rather than “;” to separate them. For eample:

    
    # make && sudo make install
    

    Doing it this way, the “make install” will not execute if the first “make”
    returns failure. Usually not a big deal, but can save you problems if the
    makefile is poorly written.

    • Another quick note: the GNU GMP library should not be installed without
      doing “make check” first. So:

      
      
      make && make check && make install
      
      

      Thanks again!

  • I want to do this with buildsmart. Does anyone know how to remove this setup
    as I did it sometime ago?

  • On a clean 10.3.9 install, I got this error when trying the first format for
    Setting up the user/group, while the second worked. Does this indicate a
    problem?
    ——-

    mail:~ admin$ sudo dscl localhost -create /NetInfo/root/Groups/
    mailtransport

    We trust you have received the usual lecture from the local System
    Administrator. It usually boils down to these three things:

    #1) Respect the privacy of others.
    #2) Think before you type.
    #3) With great power comes great responsibility.

    Password:
    <main> attribute status: eDSPermissionError
    mail:~ admin$ sudo niutil -create . /groups/mailtransport
    Password:
    mail:~ admin$ sudo niutil -createprop . /groups/mailtransport gid 30

  • Your master.cf modifications probably got overwritten by server admin. You’ll need to check this file and see if it’s missing the necessary modifications. If it is, stop the mail server using sudo serveradmin stop mail and modify master.cf. Make a copy of this and leave it in that directory because this will probably happen again. Then sudo serveradmin start mail and you should be good to go.

  • Hello everybody. I instaled all thinks thru this manual. All seems to be OK, but when i tried to configure startup item i saw folowing error.

    I puted comman:

    sudo mv MAILTRANSPORT /System/Library/StartupItems/

    ..and terminal tald me:

    mv: rename MAILTRANSPORT to /System/Library/StartupItems/MAILTRANSPORT: No such file or directory

    …so and what now?

    i tried to locate MAILTRANSPORT and i didnt find anything (only log Folders founds) on my server.
    Anybody knows where could be problem?
    I have 10.3.9 server.

    Thank you everybody for you advices.

    Iceman

Leave a reply

You must be logged in to post a comment.