Amavisd-new 2.4.x on Debian problems

What's the deal with amavisd-new 2.4.2 on Debian?

Let me start by saying "absolutely no warranty" and "use entirely at your own risk". I encourage you to first inspect any files for malicious content prior to downloading them. Most of this document only applies to the Debian version of amavisd-new 1:2.4.2-1 (and quite likely newer versions).

If you install the 1:2.4.2-1 version of amavisd-new via the Debian package, you are in for a few (possibly unpleasant) surprises. Actually, if you are installing it for the first time there is no problem but if you are accustomed to using amavisd.conf to configure amavisd-new then there is. This long awaited package is now available in the 'testing' (etch) branch of Debian. To start with, this new version requires libcompress-zlib-perl (Compress::Zlib) version 1.35 or later, but the latest version in 'stable' (sarge) is 1.34. If you upgrade this module to the testing version (which you must do), it may also upgrade libc6, libc6-dev, locales, libdb4.3, perl, perl-base and perl-modules. This may not be desirable and can be avoided by manually installing Compress::Zlib or better yet, install libcompress-zlib-perl from http://www.backports.org/dokuwiki/doku.php?id=instructions. In fact, installing programs from 'testing' or 'unstable' could potentially remove your kernel. If you are running a 2.6.8 or earlier kernel at the present time, and you wish to install programs from 'testing' or 'unstable' that depend on a newer version of libc6 at any time in the future, it is quite possible you are going to have to migrate to one of the new linix-image kernels. See http://verchick.com/mecham/public_html/spam/kernel.html

The new 2.3.3+ Debian versions of amavisd-new are designed to no longer use amavisd.conf. If you have an existing amavisd.conf (you are upgrading from 20030616p10 for example), your existing amavisd.conf will be renamed amavisd.conf.disabled during installation of 2.4.2. Most likely amavisd-new will not start after the upgrade. If you try to start it from the command line with 'amavisd-new start' it will start, but it WILL NOT USE any of your settings in amavisd.conf. If you try to start it with '/etc/init.d/amavis start' it may fail to start. It may say "Found incompatible config file flag! Due to safety concerns, amavisd-new will not be started". Your old amavisd.conf has been renamed amavisd.conf.disabled. Make sure you do not get rid of this file! Make a couple backup copies! I suggest mv'ing this file to /etc/amavis/amavisd.conf-backup (or similar). Doing so will allow you to start amavisd-new using "/etc/init.d/amavis start". Regardless of how you start amavisd-new, at this point you are reading your configuration from Debian supplied files located in /usr/share/amavis/conf.d and /etc/amavis/conf.d directories and you ARE NOT USING amavisd.conf. The package maintainers want you to completely reconfigure your system using the new configuration files. The new configuration files located in /usr/share/amavis/conf.d are:


10-debian_scripts

20-package

and in /etc/amavis/conf.d there are:


01-debian

05-domain_id

05-node_id

15-av_scanners

15-content_filter_mode

20-debian_defaults

25-amavis_helpers

30-template_localization

50-user

It appears the files are read sequentially, with the files located in /usr/share/amavis/conf.d read first. Settings you place in the '50-user' file should override previous settings (there are exceptions, but the exceptions are complex enough and rare enough that we will not discuss them here). The package maintainers want you to place the majority (if not all) your personal settings in the 50-user file.

The standard (original) versions of amavisd-new use the default English version of notification templates which are included in the body of the amavisd-new executable itself. These templates change with different versions of amavisd-new. The Debian versions of amavisd-new are configured to use external language specific notification template files located in subdirectories of /etc/amavis. Those directories are (or at least were) en_US, de_DE, it_IT and pt_BR. Each directory has a list of files:


charset

template-dsn.txt

template-spam-admin.txt

template-spam-sender.txt

template-virus-admin.txt

template-virus-recipient.txt

template-virus-sender.txt

all of which are required when using external template files in this manner. The external template files are controlled by the setting:
read_l10n_templates('en_US', '/etc/amavis');
in amavisd.conf (this example uses US English templates). To discontinue use of the external files, you can comment out this setting in amavisd.conf (or now it's located in /etc/amavis/conf.d/30-template_localization). When you upgrade from 20030616p10 to greater than 2.3.2, due to the fact that the old templates are outdated for this new amavisd-new version, the files in /etc/amavis/en_US are all replaced with newer versions. No one has translated the remaining templates, so the package maintainers simply renamed the directories so they cannot be used:


de_DE.outdated_for_2.3.3-2

it_IT.outdated_for_2.3.3-2

pt_BR.outdated_for_2.3.3-2

The /etc/init.d/amavis init script supplied with the new Debian package cannot not be used with the original version of amavisd-new (the version you would download from http://www.ijs.si/software/amavisd/).

If you have already installed the 2.4.2 package from Debian (actually 2.3.3 or newer), and you don't like the way it's set up and you want to go back to the old way of doing things (configuring amavisd-new by modifying /etc/amavis/amavisd.conf), then this is how I would accomplish the task.
Begin by replacing /etc/init.d/amavis with the old version from 20030616-p10:


cd /etc/init.d

cp amavis /etc/amavis-init-2.4.2

wget http://verchick.com/mecham/public_html/debian/amavis-init-20030616

mv amavis-init-20030616 amavis

chmod +x amavis

The original version of amavisd-new will want to use /etc/amavisd.conf so make a symbolic link (if you don't already have one) that points /etc/amavisd.conf to /etc/amavis/amavisd.conf. If you already have a real file named /etc/amavisd.conf, you can either not perform this step (and use /etc/amavisd.conf as the file you configure) or rename /etc/amavisd.conf to something else before performing this step:




ln -s /etc/amavis/amavisd.conf /etc/amavisd.conf

Download and unpack amavisd-new 2.4.5 and copy a few files:


cd /usr/local/src

wget http://www.ijs.si/software/amavisd/amavisd-new-2.4.5.tar.gz

tar xzvf amavisd-new-2.4.5.tar.gz

cd amavisd-new-2.4.5

cp amavisd amavisd-new

cp /usr/sbin/amavisd-new /usr/sbin/amavisd-new-debian-2.4.2

cp amavisd-new /usr/sbin/amavisd-new-2.4.5

cd /etc/amavis

Stop amavisd-new:
amavisd-new stop

Do one of two things. If you had an amavisd.conf file prior to installing the Debian amavisd-new, it will have been renamed amavisd.conf.disabled. You may have already renamed that to something like amavisd.conf-backup. So if you have an old amavisd.conf like that which you wish to continue to use, copy it to amavisd.conf and place it in the /etc/amavis/ directory if it is not already there. If you currently do not have an amavisd.conf, or would like to start off with a fresh new copy, then get a 2.4.5 Debian specific version from me (and also get Debian specific amavisd.conf-sample). By default, wget should not overwrite existing files, so if you already have an amavisd.conf, the one you wget here should be named amavisd.conf.1:


cd /etc/amavis

wget http://verchick.com/mecham/public_html/amavisd/2.4.5/amavisd.conf

wget http://verchick.com/mecham/public_html/amavisd/2.4.5/amavisd.conf-sample

If you downloaded amavisd.conf from me, you must edit it and at the very least configure $mydomain and $myhostname.

Now (optionally) backup and install version 2.4.5 (en_US) template files. Another option is to disable the use of external templates (on a typical Debian machine you would comment out "read_l10n_templates" in amavisd.conf). A third option is to do nothing:


cp -r /etc/amavis/en_US /etc/amavis/en_US-backup

cd /etc/amavis/en_US

rm charset

rm template-dsn.txt

rm template-spam-admin.txt

rm template-spam-sender.txt

rm template-virus-admin.txt

rm template-virus-recipient.txt

rm template-virus-sender.txt

wget http://verchick.com/mecham/public_html/amavisd/2.4.5/en_US/charset

wget http://verchick.com/mecham/public_html/amavisd/2.4.5/en_US/template-dsn.txt

wget http://verchick.com/mecham/public_html/amavisd/2.4.5/en_US/template-spam-admin.txt

wget http://verchick.com/mecham/public_html/amavisd/2.4.5/en_US/template-spam-sender.txt

wget http://verchick.com/mecham/public_html/amavisd/2.4.5/en_US/template-virus-admin.txt

wget http://verchick.com/mecham/public_html/amavisd/2.4.5/en_US/template-virus-recipient.txt

wget http://verchick.com/mecham/public_html/amavisd/2.4.5/en_US/template-virus-sender.txt

cd /etc/amavis

Once you have amavisd.conf configured, we can copy amavisd-new-2.4.5 over the top of amavisd-new and start it up:


cp /usr/sbin/amavisd-new-2.4.5 /usr/sbin/amavisd-new

amavisd-new start

To prevent future accidental upgrades during 'apt-get upgrade', place the amavisd-new package on hold:

echo "amavisd-new hold" | dpkg --set-selections

If in the future, you would like to take amavisd-new off hold:
echo "amavisd-new install" | dpkg --set-selections

Aaaaahhhhh Darn it! Those guys! Debconf wants to fix things up (revert to the Debian amavisd-new) every time you install a new program! I guess we better remove the Debian amavisd-new. I shouldn't have to say this, but don't even think about purging amavisd-new. Oops, now you thought about it, but don't do it. Have a backup copy of amavisd.conf in case of some unforeseen problem (and place it somewhere other than /etc/amavis/), then run this to make sure amavisd-new is the only thing that will be removed:
apt-get -s remove amavisd-new

If it is not the only thing that will be removed, then make a note of any other programs that will get removed (because you will have to reinstall them) and proceed with extreme caution - at your own risk. Hopefully, only amavisd-new will be removed. If that is true, then you can remove it:
mkdir /etc/ambackup cp /etc/amavis/amavisd.conf /etc/ambackup apt-get remove amavisd-new

Now amavisd-new will be broken (the guts are missing), but it's easy to fix:


cp /usr/sbin/amavisd-new-2.4.5 /usr/sbin/amavisd-new

ln -s /etc/amavis/amavisd.conf /etc/amavisd.conf

cd /etc/init.d

wget http://verchick.com/mecham/public_html/debian/amavis-init-20030616

mv amavis-init-20030616 amavis

chmod +x amavis

Check that you still have an /etc/amavis/amavisd.conf (if you are doing this after the fact it will have been renamed amavisd.conf.disabled again) and then you can start up amavisd-new:
/etc/init.d/amavis start

If you would like to use the Debian package the way the package maintainers intended, then things will go much better if you manually transfer your current settings over to the new configuration files prior to upgrading. You can grab a set of files from me if you like. I suggest putting them in a staging area, editing them as needed, and then place them in /etc/amavis/conf.d before or after you upgrade. I also suggest stopping amavisd-new and renaming amavisd.conf to amavisd.conf-backup prior to upgrading (if possible). If you choose to have the new files in place prior to upgrading, remember to not overwrite them during installation.


mkdir /etc/amavis/stage

cd /etc/amavis/stage

wget http://verchick.com/mecham/public_html/debian/2.4.2/01-debian

wget http://verchick.com/mecham/public_html/debian/2.4.2/05-domain_id

wget http://verchick.com/mecham/public_html/debian/2.4.2/05-node_id

wget http://verchick.com/mecham/public_html/debian/2.4.2/15-av_scanners

wget http://verchick.com/mecham/public_html/debian/2.4.2/15-content_filter_mode

wget http://verchick.com/mecham/public_html/debian/2.4.2/20-debian_defaults

wget http://verchick.com/mecham/public_html/debian/2.4.2/25-amavis_helpers

wget http://verchick.com/mecham/public_html/debian/2.4.2/30-template_localization

wget http://verchick.com/mecham/public_html/debian/2.4.2/50-user

By default, virus and spam checks are disabled. To re-enable checks, edit 15-content_filter_mode and follow the directions there.

If you are running a Sarge stable system and want to avoid libc6 upgrade problems, it is possible to install amavisd-new without upgrading libc6 if you install it like so (this requires the backports source and a testing source in /etc/apt/sources and /etc/apt/preferences should be properly configured):


apt-get -t sarge-backports install libcompress-zlib-perl

apt-get install libmime-perl/testing

amavisd-new stop

apt-get install amavisd-new/testing

Read the prompts carefully, you WILL want it to replace your template files and /etc/init.d/amavis during the upgrade.

Gary V
mr88talent at yahoo dot com
27 AUG 2006