Amavis Content Filter

Amavis is a high-performance interface between Postfix, SpamAssassin, and ClamAV. Amavis has been the gold standard used by large email providers for over a decade.

  • Supports the amavisd-milter which allows you to reject spam and viruses at the SMTP level.
  • Block spam, viruses, banned attachments, and even messages with non-compliant email headers.
  • Can call one or more anti-virus scanners. There are more than 40 different anti-virus scanners supported.
  • Does not let mail pass unchecked when there are server issues or when mail is too big. Mail will stay in the Postfix queue.
  • Check MIME types, file names and content types of decoded mail parts against a list of banned names and content types..
  • Check the mail header for invalid characters and other common violations of rfc2822.
  • Unpack multiple formats: MIME, uuencode, xxencode, BinHex, compress, gzip, bzip, bzip2, zip, 7-zip, freeze, lzop, tar, cpio, rpm, deb, rar, arc, arj, zoo, lha, tnef, ole, cab.
  • SpamAssassin check is called only once per message regardless of the number of recipients.
  • Standards compliant and adheres tightly to multiple RFC specifications.

SpamAssassin Anti-spam

Warden super charges SpamAssassin by providing deep integration with Plesk and enabling all of the most effective SpamAssassin plugins.

  • Antivirus - Simple antivirus tests to check if an email contains an executable attachment.
  • ASN - Add metadata to the Bayesian filtering process, allowing the Bayesian filters to learn information based on the ASN of the connecting IP address.
  • AWL - Track scores from messages previously received and adjusts the message score by boosting or penalizing messages from senders who send ham or spam.
  • DCC - DCC is a system of servers counting checksums of millions of mail messages to determine of a message is bulk email or not.
  • DKIM - Perform DKIM lookups as well as historical DomainKeys lookups.
  • FreeMail - Check the headers for indication that a senders domain is that of a site offering free email services.
  • FromNameSpoof - Perform various tests to detect spoof attempts using the From: header name section.
  • HashBL - Search email addresses in the blacklists.
  • OLEMacro - Use several methods to search attached documents for evidence of an OLE Macro.
  • PDFInfo - Use several methods to detect a PDF files ham and spam traits.
  • Phishing - Check URIs against Openphish and PhishTank phishing feeds.
  • Pyzor - A collaborative, networked system to detect and block spam using identifying digests of messages.
  • Razor2 - A distributed, collaborative, spam detection and filtering network based on user submissions of spam.
  • RelayCountry - Add metadata to the Bayesian filtering process, allowing the Bayesian filters to learn information based on countries.
  • ResourceLimits - Limit the memory / CPU usage of child spamd processes.
  • Rule2XSBody - Compile SpamAssassin ruleset into native code.
  • SH - The Spamhaus data query service is a set of DNSBLs with real-time updates operated by by Spamhaus Technology.
  • SPF - Check SPF records published by the domain owners in DNS to fight email address forgery and make it easier to identify spams.
  • TextCat - Score messages based on which language the email was written in.
  • TxRep - Normalize scores with sender reputation records.
  • URILocalBL - Blacklist URIs using local country and CIDR information.
  • VBounce - Aid in rescuing genuine bounces.
  • WhiteListSubject - Whitelist or blacklist by Subject: header.

ClamAV Anti-virus

The ClamAV open source multi-threaded scanner daemon detects trojans, viruses, malware and other malicious threats. Extended signatures provide protection against Phishing, Scam, Casino, porn and other general spam.

  • Advanced database updater with support for scripted updates and digital signatures.
  • The virus signatures are updated multiple times per day.
  • Built-in support for various archive formats, including Zip, RAR, Dmg, Tar, Gzip, Bzip2, OLE2, Cabinet, CHM, BinHex, SIS and others.
  • Built-in support for ELF executables and Portable Executable files packed with UPX, FSG, Petite, NsPack, wwpack32, MEW, Upack and obfuscated with SUE, Y0da Cryptor and others.
  • Built-in support for popular document formats including MS Office and MacOffice files, HTML, Flash, RTF and PDF.
  • Supports third-party signature databases provided by Sanesecurity, FOXHOLE, OITC, Scamnailer, BOFHLAND, CRDF, Porcupine, MalwarePatrol, or the Yara-Rules Project.

Hierarchical Policies

Policies are hierarchical meaning that you can set server wide, domain, and mailbox level filter policies. All child policies will inherit from the parent unless they are overwritten at the child level.

  • Supports blacklisting and whitelisting at the server, domain, and mailbox levels.
  • The spam filter policy supports move, quarantine, block, or tag subject spam actions.
  • Customers can disable the spam filter, virus filter, banned attachment filter, and bad header filter at the domain or mailbox levels.
  • Customers can easily revert back to defaults. Pressing the default button will apply parent defaults for that level.

Quarantine Support

Quarantine spam, viruses, banned attachments, and mail with non-compliant email headers. Customers can login to manage their quarantined messages. False positives can easily be trained and released back to the original recipients mailbox.

  • View incoming and outgoing quarantine totals for each domain and mailbox.
  • Customers can set policies to quarantine spam, viruses, banned attachments, or mail with bad headers.
  • Customers can suppress quarantining if a spam score is above a configured level.
  • Customers can train the spam filter by marking quarantined items as spam, ham, or even release the message back to the recipient in the case of a false positive.
  • Customers can view the mail headers and message body of each quarantined message. Hyperlinks and images are automatically disabled and messages are viewed in a secure manner.
  • Administrators can set the the number of days to keep quarantined items before they are purged.

Statistics and Reporting

An anti-spam and anti-virus system is only as good as its reporting. We have written 50 of the most detailed spam, ham, and virus reports anywhere.

  • Dedicated statistics area to see incoming and outgoing totals for each domain and mailbox.
  • View which countries are sending you the most spam.
  • View which mailboxes are over their disk limits.
  • Filter reports by specific date ranges.
  • Over 50 pre-built reports included and more are being written.
  • Write your own reports. Line, area, scatter, bar, pie, table, and map render types are supported.
  • Export report data to CSV file so you can import into a spreadsheet.

Learning and Reputation

Tracks scores from previously received messages and adjust the message score, either by boosting messages from senders who send ham or penalizing senders who have sent spam previously.

  • Real-time spam and ham learning using the dovecot IMAP service. Messages are trained automatically when the customer moves them to and from their spam folder.
  • Learning and reputation data uses SQL and stored in the Warden database for increased performance.
  • Customers can perform spam and ham training from quarantined messages.
  • Administrators can perform one off spam training directly from a message.
  • View and export reports on learning and reputation statistics.

Custom Rule Builder

Add custom SpamAssassin rules right though the Warden interface. Apply rules matching the message header, subject, body or even specific URIs.

  • Supports adding the name, description, type, value and score for each rule.
  • Supports advanced rule types (body, header, rawbody, meta, URI).
  • Supports advanced scoring with up to four different parameters.
  • Debug SpamAssassin right though the web interface to check for any errors.
  • Supports adding custom rules individually or in bulk.
  • Pre-defined templates allow you to add custom rules with ease.

Database Logging

Every message processed by Amavis is logged to the Warden database.

  • The Amavis log shows you the sender, recipient, client addr, from addr, subject, content type, delivery status, size, spam level and direction of each message.
  • The message log allows users to filter by Amavis policy banks. Filter by MYNETS (your networks), SUBMISSION (ports 587, 465) or SENDMAIL (PHP mail) policy banks.
  • The message log allows users to filter by direction. Filter by inbound, outbound, internal, or open relay types.
  • The Postfix mail logs are automatically processed and displayed in an easily readable format.
  • The Postfix mail rejection logs show you which emails were rejected by the server.
  • The POP3/IMAP log shows you the protocol, user, client IP, geographical location of each mail client.
  • The SMTP Auth log shows you the method, user, client IP, client rDNS, and geographical location of each authenticated mail client.
  • Set the retention period to keep for your logs. The database is automatically pruned making sure you always have the logs you need without taking up too much space.

Network Based Tests

Full support for Razor 2, Pyzor, and DCC network based tests. These network based tests can dramatically improve detecting bulk email and spam.

  • Vipuls Razor is a distributed, collaborative, spam detection and filtering network based on user submissions of spam. Detection is done with signatures that efficiently spot mutating spam content and user input is validated through reputation assignments.
  • Pyzor is a collaborative, networked system to detect and block spam using digests of messages.
  • DCC detects unsolicited bulk mail. DCC servers exchange or flood common checksums. The checksums include values that are constant across common variations in bulk messages, including personalization.

Multi-Role Access

Warden fully supports giving resellers, customers, and mail users access to different parts of the Warden application. Enable your customers to help themselves without resorting to costly support calls.

  • Allow or deny access to manage their anti-spam and antivirus policies.
  • Allow or deny access to manage their spam, virus, banned file, and bad header filters.
  • Allow or deny access to manage their quarantine.
  • Allow or deny access to view reports.
  • Allow or deny access to view their own message logs.
  • Mail users can login to manage their own anti-spam and anti-virus settings.

IMAP/POP3 Tracking

Track who is logged into the dovecot service. This makes it easy to see if a customer can access their mailbox.

  • View the username, connections, protocol, IP address, and location of each logged in user.
  • Administrators can disconnect users from the dovecot service though the interface.
  • Filter a large number of users by username, IP address or protocol.

Third Party Rule Support

Boost the performance and efficacy of a stock installation of Amavis using third party rulesets.

  • Built in support for the KAM ruleset used by the McGrail Foundation.
  • Easily add your own third party rule channels by adding their public keys to the /etc/mail/spamassassin/channel.d/ directory.
  • Choose exactly how often you want to check for rule updates though the Warden interface.


Greylisting will tell the mail server to temporarily reject any email from a sender it does not recognize. If the mail is legitimate, the originating server will try again after a delay, and if sufficient time has elapsed, the email will be accepted.

  • Manage your greylisting settings right though the Warden interface.
  • Enable or disable greylisting at the server or domain level.
  • Whitelist or blacklist mail servers from greylisting with just a few clicks.
  • Greylisted email is easily viewable in the reject log.

Extended Signatures

Extend ClamAV using free third-party signature databases provided by Sanesecurity, Securiteinfo, and URLhaus. This can dramatically increase ClamAVs detection rates without costing you anything.

  • Built in support for Sanesecurity, Securiteinfo, and URLhaus signature providers.
  • Block phishing, double attachments, macro malware, javascript malware, zero-day malware and even on zero-hour malware.
  • These signatures can prevent TeslaCrypt, Cryptowall, Cryptolocker and other ransomware which usually starts as a malicious email.
  • Supports both free and commercial signatures.

Queue Management

The queue management area gives admins the tools they need to identify compromised email accounts or PHP forms that are being abused on the server.

  • Admins can attempt re-delivery, expire, delete, hold, and release queued email.
  • View the reason why a message was deferred without having to rely on the command line.
  • View mail headers, PHP script locations, detailed mail logs, and even get a message preview of outgoing messages.

Restriction Management

Manage SMTPD restrictions directly though the Warden interface. Harden Postfix so that the bulk of spam get rejected at the SMTPD level efficiently before it gets processed by Amavis helping to reduce server load.

  • View rejected clients under the Warden reject log.
  • Apply our recommended SMTPD restrictions with a single click.
  • Admins can whitelist clients from these restrictions using our mail server access management area.

Mail Server Access Management

Admins have the ability to whitelist or blacklist at the SMTPD level by client IP address, CIDR, HELO/EHLO hostname, envelope sender, and envelope recipient.

  • Admins can whitelist servers that are being rejected by SMTPD restrictions including any DNSBLs.
  • Admins can easily search the access files using the mail server access dashboard widget.
  • The mail server access grids support editing postmap files directly to make changes in bulk.