For CentOS 6.4, with Amavisd-new 2.8. Assuming you have ClamAV and SpamAssassin installed already.

Amavisd-new takes a message from Postfix, gives it to content checkers like ClamAV and SpamAssassin, and hands the message back to Postfix, which then decides what to do with it (i.e., reject, keep it in hold, and so on)1.

I learned a lot about this from this excellent guide.


yum install amavisd-new  
chkconfig amavisd on  
service amavisd start

Setting up the Transport

Unless you changed the defaults, the amavisd daemon will run on localhost, on port 10024. Configuration is a two-step process.

Transport Messages from Postfix to Amavis

You can ask Postfix to filter a message through whatever you want after it is queued but before it is delivered to a mailbox. The filter can be a defined as a pipe, a unix socket, or a TCP/IP socket.

We have the Amavis daemon listening on Let’s tell Postfix to filter its messages through that TCP/IP socket. In /etc/postfix/, add the following:

content_filter = amavisd:[]:10024

This is of the form transport:destination. The first part should correspond to a definition in /etc/postfix/ Let’s add it:

amavisd unix    -       -       n       -       2       smtp  
    -o smtp_data_done_timeout=1200  
    -o smtp_send_xforward_command=yes  
    -o disable_dns_lookups=yes  
    -o max_use=20

From Amavis back to Postfix

/etc/amavisd.conf contains two options, notify_method and forward_method. These are the destinations where Amavis will send notifications and/or messages after processing. The default is an SMTP host, listening at We can ask Postfix to listen at that port, thereby letting it get back the messages it sent to Amavis.

This is again the form transport:destination, and must be defined in /etc/postfix/ inet n  -       n       -       -       smtpd  
  -o content_filter=  
  -o local_recipient_maps=  
  -o relay_recipient_maps=  
  -o smtpd_restriction_classes=  
  -o smtpd_delay_reject=no  
  -o smtpd_client_restrictions=permit_mynetworks,reject  
  -o smtpd_helo_restrictions=  
  -o smtpd_sender_restrictions=  
  -o smtpd_recipient_restrictions=permit_mynetworks,reject  
  -o smtpd_data_restrictions=reject_unauth_pipelining  
  -o smtpd_end_of_data_restrictions=  
  -o mynetworks=  
  -o smtpd_error_sleep_time=0  
  -o smtpd_soft_error_limit=1001  
  -o smtpd_hard_error_limit=1000  
  -o smtpd_client_connection_count_limit=0  
  -o smtpd_client_connection_rate_limit=0  
  -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks

Since the usual SMTP server checks were already applied by Postfix, we set up an innocent/dumb/minimal SMTP daemon.

Setting up Amavis

Set the domain and hostnames

$mydomain = '';  
$myhostname = '';

Set the home directory

$MYHOME = '/var/amavis';

Tell Amavis where to look for SpamAssassin data

$helpers_home = '$MYHOME/db'

Uncomment the notify and forward methods

$notify_method  = 'smtp:[]:10025';  
$forward_method = 'smtp:[]:10025';

Uncomment these lines from /etc/amavisd.conf

  \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd.sock"],  
  qr/\bOK$/m, qr/\bFOUND$/m,  
  qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ]

Restart Postfix and Amavis. Profit.




(!)WARN: all primary virus scanners failed, considering backups

Make sure that ClamAV is running, and that you’ve uncommented its definition in /etc/amavisd.conf



  1. A lot of guides online talk about “injection” to Amavisd-new and “reinjection” back to Postfix. ↩︎