1amavisd-milter(8) BSD System Manager's Manual amavisd-milter(8)
2
4 amavisd-milter — sendmail milter for amavisd-new
5
7 amavisd-milter [-Bfhv] [-d debug-level] [-D delivery-care-of]
8 [-m max-conns] [-M max-wait] [-p pidfile] [-P]
9 [-q backlog] [-s socket] [-t timeout] [-S socket]
10 [-T timeout] [-w directory]
11
13 The amavisd-milter is a sendmail milter (mail filter) for amavisd-new
14 2.4.3 and above and sendmail 8.13 and above (limited support for 8.12 is
15 provided).
16
17 Instead of older amavis-milter helper program, full amavisd-new function‐
18 ality is available, including adding spam and virus information header
19 fields, modifying Subject, adding address extensions and removing certain
20 recipients from delivery while delivering the same message to the rest.
21
22 For more information you can visit amavisd-milter website:
23
24 http://amavisd-milter.sourceforge.net/
25
26 and SourceForge project:
27
28 http://sourceforge.net/projects/amavisd-milter
29
30 Options
31 The options are as follows:
32
33 -B Uses {daemon_name} macro as a policy bank name (see POLICY BANKS
34 below).
35
36 -d debug-level
37 Set the debug level to debug-level. Debugging traces become more
38 verbose as the debug level increases. Maximum is 9.
39
40 -D delivery-care-of
41 Set AM.PDP request attribute delivery_care_of to client (default)
42 or server. When client method is used then amavisd-milter is
43 responsible to forward the message to recipients. This method
44 doesn't allow personalized header or body modification.
45
46 When server method is used then amavisd-new is responsible to
47 forward the message to recipients and can provide personalized
48 header and body modification. $forward_method in amavisd.conf
49 must point to some place willing to accept mail without further
50 checking in amavisd-new.
51
52 -f Run amavisd-milter in the foreground (i.e. do not daemonize).
53 Print debug messages to the terminal.
54
55 -h Print help page and exit.
56
57 -m max-conns
58 Maximum concurrent amavisd connections (default 0 - unlimited
59 number of connections). It must agree with the $max_servers
60 entry in amavisd.conf.
61
62 -M max-wait
63 Maximum wait for connection to amavisd in seconds (default 300 =
64 5 minutes). It must be less then sending MTA timeout for a
65 response to the final "." that terminates a message on sending
66 MTA. sendmail has default value 1 hour, postfix 10 minutes and
67 qmail 20 minutes. We suggest to use less than 10 minutes.
68
69 -p pidfile
70 Use this pid file (default /run/amavisd/amavisd-milter.pid).
71
72 -P When amavisd-new fails mail will be passed through unchecked.
73
74 -q backlog
75 Sets the incoming socket backlog used by listen(2). If it is not
76 set or set to zero, the operating system default is used.
77
78 -s socket
79 Communication socket between sendmail and amavisd-milter (default
80 /run/amavisd/amavisd-milter.sock). The protocol spoken over this
81 socket is MILTER (Mail FILTER). It must agree with the
82 INPUT_MAIL_FILTER entry in sendmail.mc
83
84 The socket should be in "proto:address" format:
85 · {unix|local}:/path/to/file - A named pipe.
86 · inet:port@{hostname|ip-address} - An IPV4 socket.
87 · inet6:port@{hostname|ip-address} - An IPV6 socket.
88
89 -S socket
90 Communication socket between amavisd-milter and amavisd-new
91 (default /run/amavisd/amavisd.sock). The protocol spoken over
92 this socket is AM.PDP (AMavis Policy Delegation Protocol). It
93 must agree with the $unix_socketname entry in amavisd.conf.
94
95 The socket should be in "proto:address" format:
96 · {unix|local}:/path/to/file - A named pipe.
97
98 -t timeout
99 sendmail connection timeout in seconds (default 600 = 10 min‐
100 utes). It must agree with the INPUT_MAIL_FILTER entry in send‐
101 mail.mc and must be greater than or equal to the amavisd-new con‐
102 nection timeout. When you use other milters (especially time-
103 consuming), the timeout must be sufficient to process message in
104 all milters.
105
106 -T timeout
107 amavisd-new connection timeout in seconds (default 600 = 10 min‐
108 utes). This timeout must be sufficient for message processing in
109 amavisd-new. It's usually a good idea to adjust them to the same
110 value as sendmail connection timeout.
111
112 -v Report the version number and exit.
113
114 -w directory
115 Set working directory (default /var/spool/amavisd/tmp).
116
117 Limited support for sendmail 8.12
118 · smfi_addheader() is used instead of smfi_insheader() for insheader
119 and addheader AM.PDP responses. This works well with amavisd-new
120 2.4.3 or newer.
121 · smfi_progress() isn't called when amavisd-milter wait for amavisd-new
122 communication socket.
123 · AM.PDP response quarantine isn't implemented.
124
126 /run/amavisd/amavisd-milter.pid
127 The default process-id file.
128
129 /run/amavisd/amavisd-milter.sock
130 The default sendmail communication socket.
131
132 /run/amavisd/amavisd.sock
133 Th default amavisd-new communication socket.
134
135 /var/spool/amavisd/tmp
136 The default working directory.
137
139 If the option -B is enabled, amavisd-milter uses the value of the milter
140 macro {daemon_name} as a name of the amavisd-new policy bank. Usualy this
141 milter macro is set to name of the MTA.
142
143 When remote client is authenticated, amavisd-milter uses this information
144 as a name of the amavisd-new policy banks:
145
146 SMTP_AUTH
147 Indicate that the remote client is authenticated.
148
149 SMTP_AUTH_<MECH>
150 Remote client authentication mechanism.
151
152 SMTP_AUTH_<MECH>_<BITS>
153 The number of bits used for the key of the symmetric cipher when
154 authentication mechanism use it.
155
157 Configuring amavisd-new
158 In amavisd.conf file change protocol and socket settings to:
159
160 $protocol = "AM.PDP"; # Use AM.PDP protocol
161 $unix_socketname = "$MYHOME/amavisd.sock"; # Listen on Unix socket
162 ### $inet_socket_port = 10024; # Don't listen on TCP port
163
164 Then (re)start amavisd daemon.
165
166 Configuring sendmail
167 To the sendmail.mc file add the following entries:
168
169 define(`confMILTER_MACROS_ENVFROM',
170 confMILTER_MACROS_ENVFROM`, r, b')
171 INPUT_MAIL_FILTER(`amavisd-milter',
172 `S=local:/run/amavisd/amavisd-milter.sock,
173 F=T, T=S:10m;R:10m;E:10m')
174
175 Then rebuild your sendmail.cf file, install it (usually to
176 /etc/mail/sendmail.cf) and (re)start sendmail daemon.
177
178 Running amavisd-milter
179 This example assume that amavisd-new is running as user amavis. It must
180 agree with the entry $daemon_user in amavisd.conf.
181
182 First create working directory:
183
184 mkdir /var/spool/amavisd/tmp
185 chmod 750 /var/spool/amavisd/tmp
186 chown amavis /var/spool/amavisd/tmp
187
188 Then start amavisd-milter as non-priviledged user amavis:
189
190 su - amavis -c "amavisd-milter -w /var/spool/amavisd/tmp"
191
192 Limiting maximum concurrent connections to amavisd
193 To limit concurrent connections to 4 and fail after 10 minutes (10*60
194 secs) of waiting run amavisd-milter with this options:
195
196 su - amavis -c "amavisd-milter -w /var/spool/amavisd/tmp -m 4 -M
197 600"
198
199 Troubleshooting
200 For troubleshooting run amavisd-milter on the foreground and set debug
201 level to appropriate level:
202
203 su - amavis -c "amavisd-milter -w /var/spool/amavisd/tmp -f -d
204 level"
205
206 where debug levels are:
207
208 1 Not errors but unexpected states (connection abort etc).
209
210 2 Main states in message processing.
211
212 3 All amavisd-milter debug messages.
213
214 4-9 Milter communication debugging (smfi_setdbg 1-6).
215
217 http://amavisd-milter.sourceforge.net
218 http://www.ijs.si/software/amavisd/
219 http://www.milter.org/developers
220 http://www.sendmail.org
221
223 This manual page was written by Petr Rehor <rx@rx.cz> and is based on
224 Jerzy Sakol <jerzy.sakol@commgraf.pl> initial work.
225
227 A community mailing lists are available at:
228
229 http://sourceforge.net/mail/?group_id=138169
230
231 Enhancements, requests and problem reports are welcome.
232
233 If you run into problems first check the users mailing list archive
234 before asking questions on the list. It's highly likely somebody has
235 already come across the same problem and it's been solved.
236
237BSD Januar 23, 2006 BSD