~2 min read • Updated Jan 27, 2026
1. What is Amavis?
Amavis (Amavisd-new) is a Mail Content Filter. It does not deliver or send email itself. Instead, it:
- Sits between Postfix and security engines
- Inspects email content
- Decides whether a message is clean, spam, or infected
Amavis is the decision-making layer between:
- SpamAssassin (spam detection)
- ClamAV (virus scanning)
2. Amavis in iRedMail Architecture
Inbound Mail Flow
Internet ↓ Postfix (SMTP) ↓ Amavis ↓ ├─ SpamAssassin ├─ ClamAV ↓ Dovecot (Mailbox)
Outbound Mail Flow
User → SMTP Auth → Postfix → Amavis → Internet
Amavis applies policies to both inbound and outbound messages.
3. Amavis Service Structure
Amavis is a daemon-based service that:
- Listens on localhost (usually port 10024)
- Communicates with Postfix via internal SMTP
Service control:
systemctl status amavis
4. Important Amavis Paths
| Path | Description |
|---|---|
| /etc/amavis/conf.d/ | Modular configuration files |
| /etc/amavis/conf.d/50-user | Main user configuration file |
| /var/log/maillog | Logs |
| /var/lib/amavis/ | Cache and temporary data |
In iRedMail, only edit 50-user.
5. Key Amavis Configuration
5.1 Spam Thresholds
$sa_tag_level_deflt = -999; $sa_tag2_level_deflt = 5.0; $sa_kill_level_deflt = 10.0;
Meaning:
- < 5 → Clean
- 5–10 → Spam (tagged)
- >= 10 → Rejected
5.2 Virus Handling
$virus_admin = '[email protected]'; $final_virus_destiny = D_REJECT;
5.3 Outbound Scanning
$policy_bank{'MYNETS'} = {
originating => 1,
virus_checks => 1,
spam_checks => 1,
};
This is essential to prevent outbound spam.
5.4 ClamAV Integration
@av_scanners = (
['ClamAV',
\&ask_daemon,
["CONTSCAN {}\n", "/var/run/clamav/clamd.sock"],
qr/FOUND$/,
qr/^.*ERROR$/,
],
);
5.5 SpamAssassin Integration
Used internally by Amavis. Advanced settings are located in:
/etc/mail/spamassassin/
6. Postfix Integration
| Service | Port |
|---|---|
| Postfix → Amavis | 10024 |
| Amavis → Postfix | 10025 |
Postfix configuration:
content_filter = smtp-amavis:[127.0.0.1]:10024
7. Testing Amavis
Test DKIM/Key Setup
amavisd testkeys
Test Postfix → Amavis
swaks --to [email protected]
8. Logs & Troubleshooting
View logs:
tail -f /var/log/maillog | grep amavis
Common log messages:
- Passed CLEAN
- Blocked INFECTED
- Marked SPAM
9. Important Security Tips
- Keep ClamAV updated
- Do not set spam thresholds too low
- Never disable outbound scanning
- Enable Fail2Ban for Amavis
10. Common Issues
Amavis won’t start
- ClamAV is down
- Socket permissions incorrect
Emails stuck in queue
- Postfix queue blocked
- Port 10024 unreachable
Conclusion
Amavis is the brain of email security in iRedMail. Without it, SpamAssassin and ClamAV become ineffective. It filters both inbound and outbound messages, protects against spam and viruses, and ensures safe message delivery. Understanding its configuration, logs, and integration with Postfix is essential for maintaining a secure and reliable mail server.
Written & researched by Dr. Shahin Siami