What changes does Warden make to the postfix configuration files to enable Amavis?

Important

Warden will configure postfix differently depending if you selected to install the amavisd-milter during setup. (amavisd-milter support was added as of Warden 2.03-1). When the amavisd-milter is installed Amavis will be configured as a before queue milter. When the amavisd-milter is not installed or if your operating system does not support the new amavisd-milter (Ubuntu 16) then Amavis will be configured as an after queue content filter.

Amavisd-milter Installed (Before-queue Milter - recommended)

Warden makes changes to the following lines in /etc/postfix/master.cf:

Before (lines may vary according to your servers operating system):

# SMTPS port (465)
smtps      inet  n       -       n       -       -       smtpd -o smtpd_tls_wrappermode=yes

# submission port (587) (if enabled)
submission inet  n       -       n       -       -       smtpd -o smtpd_enforce_tls=yes -o smtpd_tls_security_level=may -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination

After:

# SMTPS port (465)
smtps      inet  n       -       n       -       -       smtpd
    -o smtpd_tls_wrappermode=yes
    -o milter_macro_daemon_name=SUBMISSION

# submission port (587) (if enabled)
submission inet  n       -       n       -       -       smtpd
    -o smtpd_enforce_tls=yes
    -o smtpd_tls_security_level=may
    -o smtpd_sasl_auth_enable=yes
    -o smtpd_client_restrictions=permit_sasl_authenticated,reject
    -o smtpd_sender_restrictions=
    -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination
    -o milter_macro_daemon_name=SUBMISSION

# postfix-reentry
127.0.0.1:10025 inet n   -       -       -       -       smtpd
    -o syslog_name=postfix-reentry
    -o content_filter=
    -o local_recipient_maps=
    -o relay_recipient_maps=
    -o smtpd_restriction_classes=
    -o smtpd_delay_reject=no
    -o smtpd_client_restrictions=permit_mynetworks,reject
    -o smtpd_helo_restrictions=
    -o smtpd_sender_restrictions=
    -o smtpd_recipient_restrictions=permit_mynetworks,reject
    -o smtpd_data_restrictions=reject_unauth_pipelining
    -o smtpd_end_of_data_restrictions=
    -o mynetworks=127.0.0.0/8
    -o strict_rfc821_envelopes=yes
    -o smtpd_error_sleep_time=0
    -o smtpd_soft_error_limit=1001
    -o smtpd_hard_error_limit=1000
    -o smtpd_client_connection_count_limit=0
    -o smtpd_client_connection_rate_limit=0
    -o smtp_tls_security_level=none
    -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters

Warden also adds the following lines in /etc/postfix/main.cf. The amavisd-mitler will be added to the start of the smtp_milters and non_smtp_milters options (Any existing milters will be listed after). It is important that the amavisd-milter be listed first (inet:127.0.0.1:10024 is the amavisd-milter).

smtpd_milters = inet:127.0.0.1:10024,inet:127.0.0.1:12768
non_smtpd_milters = inet:127.0.0.1:10024
milter_connect_macros = j {client_name} {daemon_name} v
milter_default_action = accept


Amavisd-milter is not installed (After-Queue Content Filter - not supported)

Warden makes changes to the following lines in /etc/postfix/master.cf:

Before (lines may vary according to your servers operating system):

# pickup
pickup     fifo  n       -       n       60      1       pickup

# SMTPS port (465)
smtps      inet  n       -       n       -       -       smtpd -o smtpd_tls_wrappermode=yes

# submission port (587) (if enabled)
submission inet  n       -       n       -       -       smtpd -o smtpd_enforce_tls=yes -o smtpd_tls_security_level=may -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination

After:

# pickup
pickup     fifo  n       -       n       60      1       pickup
    -o content_filter=smtp-amavis:[127.0.0.1]:10027

# SMTPS port (465)
smtps      inet  n       -       n       -       -       smtpd -o smtpd_tls_wrappermode=yes -o content_filter=smtp-amavis:[127.0.0.1]:10026

# submission port (587) (if enabled)
submission inet  n       -       n       -       -       smtpd
    -o smtpd_enforce_tls=yes
    -o smtpd_tls_security_level=may
    -o smtpd_sasl_auth_enable=yes
    -o smtpd_client_restrictions=permit_sasl_authenticated,reject
    -o smtpd_sender_restrictions=
    -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination
    -o content_filter=smtp-amavis:[127.0.0.1]:10026

# amavis 
smtp-amavis unix -       -       -       -       2       smtp
    -o smtp_data_done_timeout=1200
    -o smtp_send_xforward_command=yes
    -o disable_dns_lookups=yes
    -o max_use=20
    -o smtp_tls_security_level=none

# postfix-reentry
127.0.0.1:10025 inet    n       -       -       -       -       smtpd
        -o syslog_name=postfix-reentry
        -o content_filter=
        -o local_recipient_maps=
        -o relay_recipient_maps=
        -o smtpd_restriction_classes=
        -o smtpd_delay_reject=no
        -o smtpd_client_restrictions=permit_mynetworks,reject
        -o smtpd_helo_restrictions=
        -o smtpd_sender_restrictions=
        -o smtpd_recipient_restrictions=permit_mynetworks,reject
        -o smtpd_data_restrictions=reject_unauth_pipelining
        -o smtpd_end_of_data_restrictions=
        -o mynetworks=127.0.0.0/8
        -o strict_rfc821_envelopes=yes
        -o smtpd_error_sleep_time=0
        -o smtpd_soft_error_limit=1001
        -o smtpd_hard_error_limit=1000
        -o smtpd_client_connection_count_limit=0
        -o smtpd_client_connection_rate_limit=0
        -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks
        -o smtp_tls_security_level=none

Warden also adds the following lines in /etc/postfix/main.cf:

content_filter = smtp-amavis:[127.0.0.1]:10024
receive_override_options = no_address_mappings

Repair Installation

If you want the Warden installer to try and repair these files you can run the Warden installer from the command line. The installer will detect if the amavisd-milter is installed or not and should configure everything for you:

/usr/local/psa/admin/bin/modules/warden/install.sh
  • postfix, amavis, master.cf, main.cf
  • 0 Users Found This Useful
這篇文章有幫助嗎?

相關文章

How can I change the interface language of the extension?

You can change the interface language under Settings -> Application Settings -> Locale...

Why isn't autolearning working for me (autolearn=no) ?

Lots of people seem to be confused by the "autolearn=no" statement in the default X-Spam-Status...

How can I disable admin email notifications in Amavis?

Amavis has different default options for controlling where virus, spam, banned file attachments,...

Where are the configuration files for Warden located?

Centos/RHEL/CloudLinux/AlmaLinux Configuration files: // amavis (Content Filter Settings)...

How can I override the score for a specific rule in Warden?

To Override a Rule Score Navigate to Warden -> Rules -> Click on Add then select the...