What changes does Warden make to the postfix configuration files to enable Amavis?

Important

Warden will configure postfix differently depending if you selected to install the amavisd-milter during setup. (amavisd-milter support was added as of Warden 2.03-1). When the amavisd-milter is installed Amavis will be configured as a before queue milter. When the amavisd-milter is not installed or if your operating system does not support the new amavisd-milter (Ubuntu 16) then Amavis will be configured as an after queue content filter.

Amavisd-milter Installed (Before-queue Milter - recommended)

Warden makes changes to the following lines in /etc/postfix/master.cf:

Before (lines may vary according to your servers operating system):

# SMTPS port (465)
smtps      inet  n       -       n       -       -       smtpd -o smtpd_tls_wrappermode=yes

# submission port (587) (if enabled)
submission inet  n       -       n       -       -       smtpd -o smtpd_enforce_tls=yes -o smtpd_tls_security_level=may -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination

After:

# SMTPS port (465)
smtps      inet  n       -       n       -       -       smtpd
    -o smtpd_tls_wrappermode=yes
    -o milter_macro_daemon_name=SUBMISSION

# submission port (587) (if enabled)
submission inet  n       -       n       -       -       smtpd
    -o smtpd_enforce_tls=yes
    -o smtpd_tls_security_level=may
    -o smtpd_sasl_auth_enable=yes
    -o smtpd_client_restrictions=permit_sasl_authenticated,reject
    -o smtpd_sender_restrictions=
    -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination
    -o milter_macro_daemon_name=SUBMISSION

# postfix-reentry
127.0.0.1:10025 inet n   -       -       -       -       smtpd
    -o syslog_name=postfix-reentry
    -o content_filter=
    -o local_recipient_maps=
    -o relay_recipient_maps=
    -o smtpd_restriction_classes=
    -o smtpd_delay_reject=no
    -o smtpd_client_restrictions=permit_mynetworks,reject
    -o smtpd_helo_restrictions=
    -o smtpd_sender_restrictions=
    -o smtpd_recipient_restrictions=permit_mynetworks,reject
    -o smtpd_data_restrictions=reject_unauth_pipelining
    -o smtpd_end_of_data_restrictions=
    -o mynetworks=127.0.0.0/8
    -o strict_rfc821_envelopes=yes
    -o smtpd_error_sleep_time=0
    -o smtpd_soft_error_limit=1001
    -o smtpd_hard_error_limit=1000
    -o smtpd_client_connection_count_limit=0
    -o smtpd_client_connection_rate_limit=0
    -o smtp_tls_security_level=none
    -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters

Warden also adds the following lines in /etc/postfix/main.cf. The amavisd-mitler will be added to the start of the smtp_milters and non_smtp_milters options (Any existing milters will be listed after). It is important that the amavisd-milter be listed first (inet:127.0.0.1:10024 is the amavisd-milter).

smtpd_milters = inet:127.0.0.1:10024,inet:127.0.0.1:12768
non_smtpd_milters = inet:127.0.0.1:10024
milter_connect_macros = j {client_name} {daemon_name} v
milter_default_action = accept


Amavisd-milter is not installed (After-Queue Content Filter - not supported)

Warden makes changes to the following lines in /etc/postfix/master.cf:

Before (lines may vary according to your servers operating system):

# pickup
pickup     fifo  n       -       n       60      1       pickup

# SMTPS port (465)
smtps      inet  n       -       n       -       -       smtpd -o smtpd_tls_wrappermode=yes

# submission port (587) (if enabled)
submission inet  n       -       n       -       -       smtpd -o smtpd_enforce_tls=yes -o smtpd_tls_security_level=may -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination

After:

# pickup
pickup     fifo  n       -       n       60      1       pickup
    -o content_filter=smtp-amavis:[127.0.0.1]:10027

# SMTPS port (465)
smtps      inet  n       -       n       -       -       smtpd -o smtpd_tls_wrappermode=yes -o content_filter=smtp-amavis:[127.0.0.1]:10026

# submission port (587) (if enabled)
submission inet  n       -       n       -       -       smtpd
    -o smtpd_enforce_tls=yes
    -o smtpd_tls_security_level=may
    -o smtpd_sasl_auth_enable=yes
    -o smtpd_client_restrictions=permit_sasl_authenticated,reject
    -o smtpd_sender_restrictions=
    -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination
    -o content_filter=smtp-amavis:[127.0.0.1]:10026

# amavis 
smtp-amavis unix -       -       -       -       2       smtp
    -o smtp_data_done_timeout=1200
    -o smtp_send_xforward_command=yes
    -o disable_dns_lookups=yes
    -o max_use=20
    -o smtp_tls_security_level=none

# postfix-reentry
127.0.0.1:10025 inet    n       -       -       -       -       smtpd
        -o syslog_name=postfix-reentry
        -o content_filter=
        -o local_recipient_maps=
        -o relay_recipient_maps=
        -o smtpd_restriction_classes=
        -o smtpd_delay_reject=no
        -o smtpd_client_restrictions=permit_mynetworks,reject
        -o smtpd_helo_restrictions=
        -o smtpd_sender_restrictions=
        -o smtpd_recipient_restrictions=permit_mynetworks,reject
        -o smtpd_data_restrictions=reject_unauth_pipelining
        -o smtpd_end_of_data_restrictions=
        -o mynetworks=127.0.0.0/8
        -o strict_rfc821_envelopes=yes
        -o smtpd_error_sleep_time=0
        -o smtpd_soft_error_limit=1001
        -o smtpd_hard_error_limit=1000
        -o smtpd_client_connection_count_limit=0
        -o smtpd_client_connection_rate_limit=0
        -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks
        -o smtp_tls_security_level=none

Warden also adds the following lines in /etc/postfix/main.cf:

content_filter = smtp-amavis:[127.0.0.1]:10024
receive_override_options = no_address_mappings

Repair Installation

If you want the Warden installer to try and repair these files you can run the Warden installer from the command line. The installer will detect if the amavisd-milter is installed or not and should configure everything for you:

/usr/local/psa/admin/bin/modules/warden/install.sh
  • postfix, amavis, master.cf, main.cf
  • 0 Users Found This Useful
この回答はお役に立ちましたか?

Related Articles

How can I change the interface language of the extension?

You can change the interface language under Settings -> Application Settings -> Locale...

How can I disable admin email notifications in Amavis?

Amavis has different default options for controlling where virus, spam, banned file attachments,...

How can I whitelist or blacklist a mail server from greylisting?

To Whitelist a Mail Server From Greylisting Navigate to Warden -> Settings ->...

How can I enable third party anti-virus signatures within Warden to improve the ClamAV detection rate?

Warden supports enabling third party anti-virus signatures to improve the detection rate. These...

How can I setup a local caching DNS resolver to speed up DNS queries used by Amavis?

Run the following command to check if local DNS caching is enabled: host -tTXT...