Cart

    Sorry, we could not find any results for your search querry.

    Postfix antivirus protection with ClamAV

    Bots and infected servers send many viruses via email. It is therefore important for the security of your mail server to use an antivirus scanner. In this tutorial, we show how to use ClamAV as a virus scanner for a mail server with Postfix and Dovecot.

     

     

    Step 1

    Connect to your VPS via SSH or the VPS console in the TransIP control panel.


     

    Step 2

    To allow PostFix to use ClamAV, we use Amavisd. This is an interface between MTAs and content checkers such as ClamAV:

    Ubuntu & Debian:

    apt -y install amavisd-new

    CentOS Stream, AlmaLinux & Rocky Linux:
     

    dnf --enablerepo=PowerTools
    dnf -y install amavisd-new

     

    Step 3

    Open the Amavisd configuration:

    Ubuntu & Debian:

    nano /etc/amavis/conf.d/15-content_filter_mode

    CentOS Stream, AlmaLinux & Rocky Linux:

    nano /etc/amavisd/amavisd.conf

     

    Step 4

    Uncomment/adjust the lines below in the file.

    Ubuntu & Debian:

    @bypass_virus_checks_maps = (
       \%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re);
    
    @bypass_spam_checks_maps = (
       \%bypass_spam_checks, @bypass_spam_checks_acl, $bypass_spam_checks_re);

    CentOS Stream, AlmaLinux & Rocky Linux:

    In the comments (starting with #), it is indicated on which line number you (at the time of writing) can find the option:

    # line 23
    $mydomain = 'example.com';
    line 155
    
    $myhostname = 'mail.example.com';
    lines 157 & 158
    
    $notify_method = 'smtp:[127.0.0.1]:10025';
    $forward_method = 'smtp:[127.0.0.1]:10025'; 

    For $mydomain, replace the value example.com with the domain you use as the hostname, but without the prefix, and for $myhostname, replace the value with your hostname.

    Save the changes and close the file (ctrl + x > y > enter).


     

    Step 5

    A new service for Amavisd is needed in the Postfix configuration. Open the Postfix configuration with:

    nano /etc/postfix/master.cf

     

    Step 6

    Add the following code at the bottom of the file.

    smtp-amavis unix -    -    n    -    2 smtp
        -o smtp_data_done_timeout=1200
        -o smtp_send_xforward_command=yes
        -o disable_dns_lookups=yes
    127.0.0.1:10025 inet n    -    n    -    - smtpd
        -o content_filter=
        -o local_recipient_maps=
        -o relay_recipient_maps=
        -o smtpd_restriction_classes=
        -o smtpd_client_restrictions=
        -o smtpd_helo_restrictions=
        -o smtpd_sender_restrictions=
        -o smtpd_recipient_restrictions=permit_mynetworks,reject
        -o mynetworks=127.0.0.0/8
        -o strict_rfc821_envelopes=yes
        -o smtpd_error_sleep_time=0
        -o smtpd_soft_error_limit=1001
        -o smtpd_hard_error_limit=1000
    

    Then save the changes and close the file (ctrl + x > y > enter).


     

    Step 7

    To work with Amavisd, Dovecot needs a 'statistics' service and a dh-key. For this, open the Dovecot configuration:

    nano /etc/dovecot/dovecot.conf

     

    Step 8

    Add the following code at the bottom of the file:

    service stats {
        unix_listener stats-reader {
            user = vmail
            group = vmail
            mode = 0660
        }
    
    unix_listener stats-writer {
        user = vmail
        group = vmail
        mode = 0660
    }
    
    }
    
    ssl_dh = </etc/dovecot/dh.pem

    Then save the changes and close the file (ctrl + x > y > enter).


     

    Step 9

    Generate the required dh.pem certificate (this takes a while):

    openssl dhparam -out /etc/dovecot/dh.pem 4096

     

    Step 10

    Finally, restart the necessary services and enable Amavisd:

    systemctl enable amavisd
    systemctl restart amavisd
    systemctl restart postfix
    systemctl restart dovecot

     

    This brings us to the end of this article. We recommend adding a spam scanner to your mail server in addition to an antivirus scanner. In this guide, we explain how to do this.

    If you have any questions based on this tutorial, do not hesitate to contact our support department. You can reach them via the 'Contact us' button at the bottom of this page.

    Need help?

    Receive personal support from our supporters

    Contact us