Archive for the ‘amavisd-new’ tag

Enabling SNMP support in Amavisd-new  

Posted at 10:13 pm in Uncategorized

If there’s a short and sweet installation document for enabling SNMP support in Amavisd-new, I seem to have failed searching for it today. Instead I made my own, partially for documenting my own setup and partially for the benefit of others.

This brief installation document assumes you’re running a Ubuntu or Debian system. It will also assume that your Amavisd-new service is installed and running as one should expect.

First, install the programs and its dependencies. The Amavisd-new SNMP subagent metrics are available through the regular Net-SNMP software suite. Note: The /etc/default/amavisd-snmp-subagent file says it needs libnet-snmp-perl, but it will also require the libsnmp-perl package.

# apt-get install libnet-snmp-perl libsnmp-perl snmp-mibs-downloader snmp snmpd


Then, download all the MIBs you’ll need (and a few more). Due to distribution restrictions Debian-based systems provide a separate downloader which will save the MIBs to where they should be.

# download-mibs

Downloading documents and extracting MIB files.
This will take some minutes.


When the download process has completed, allow the snmp server and the snmp agent to locate and use the MIBs by commenting out or removing the appropriate lines (in italic) in /etc/default/snmpd and /etc/snmp/snmp.conf respectively:

File: /etc/default/snmpd

# This file controls the activity of snmpd

# Don't load any MIBs by default.
# You might comment this lines once you have the MIBs downloaded.
# export MIBS=



File: /etc/snmp/snmp.conf

# As the snmp packages come without MIB files due to license reasons, loading
# of MIBs is disabled by default. If you added the MIBs you can reenable
# loading them by commenting out the following line.
# mibs :


For MIB support for the Amavisd-new metrics (yes you want this), download the AMAVIS-MIB file into the directory /usr/share/snmp/mibs/:

# wget -O /usr/share/snmp/mibs/AMAVIS-MIB.txt


Enable the Amavisd-new SNMP agent by configuring its default setting file:

File: /etc/default/amavisd-snmp-subagent

# To enable the amavis-snmp-subagent set ENABLED to yes



The Amavisd-new SNMP subagent will register a couple of OIDs with SNMPd using the AgentX protocol. Below is parts of the output from a debug run, indicating which OIDs it will register with SNMPd.

NET-SNMP version 5.7.3 AgentX subagent connected
registering root OID for am.snmp
registering root OID for am.nanny
registering root OID for pf.maildrop
registering root OID for pf.incoming
registering root OID for
registering root OID for pf.deferred


So we will need to tell SNMPd that these should be available. We do that by adding the following line, with an OID base covering all of the above, to /etc/snmp/snmpd.conf:

view systemonly included .


Finally, (re)start all the services involved.

# service snmpd restart
# service amavis restart
# service amavisd-snmp-subagent restart


After a short while you should be able to read Amavis statistics over SNMP!

# snmpwalk -m +AMAVIS-MIB -c public -v2c
AMAVIS-MIB::inMsgs.0 = Counter32: 41
AMAVIS-MIB::inMsgsOpenRelay.0 = Counter32: 41
AMAVIS-MIB::inMsgsStatusAccepted.0 = Counter32: 35
AMAVIS-MIB::inMsgsStatusRejected.0 = Counter32: 6
AMAVIS-MIB::inMsgsSize.0 = Counter64: 456221
AMAVIS-MIB::inMsgsSizeOpenRelay.0 = Counter64: 456221
AMAVIS-MIB::inMsgsRecips.0 = Counter32: 41
AMAVIS-MIB::inMsgsRecipsOpenRelay.0 = Counter32: 41
AMAVIS-MIB::inMsgsBounce.0 = Counter32: 9
AMAVIS-MIB::inMsgsBounceNullRPath.0 = Counter32: 2
AMAVIS-MIB::inMsgsBounceUnverifiable.0 = Counter32: 9
AMAVIS-MIB::outMsgs.0 = Counter32: 15
AMAVIS-MIB::outMsgsSubmit.0 = Counter32: 15
AMAVIS-MIB::outMsgsSubmitQuar.0 = Counter32: 9
AMAVIS-MIB::outMsgsSubmitNotif.0 = Counter32: 6
AMAVIS-MIB::outMsgsProtoLocal.0 = Counter32: 9
AMAVIS-MIB::outMsgsProtoLocalSubmit.0 = Counter32: 9
AMAVIS-MIB::outMsgsProtoSMTP.0 = Counter32: 6
AMAVIS-MIB::outMsgsProtoSMTPSubmit.0 = Counter32: 6
AMAVIS-MIB::outMsgsDelivers.0 = Counter32: 15
AMAVIS-MIB::outMsgsSize.0 = Counter64: 87735
AMAVIS-MIB::outMsgsSizeSubmit.0 = Counter64: 87735
AMAVIS-MIB::outMsgsSizeSubmitQuar.0 = Counter64: 87729
AMAVIS-MIB::outMsgsSizeSubmitNotif.0 = Counter64: 6
AMAVIS-MIB::outMsgsSizeProtoLocal.0 = Counter64: 87729
AMAVIS-MIB::outMsgsSizeProtoLocalSubmit.0 = Counter64: 87729
AMAVIS-MIB::outMsgsSizeProtoSMTP.0 = Counter64: 6
AMAVIS-MIB::outMsgsSizeProtoSMTPSubmit.0 = Counter64: 6
AMAVIS-MIB::quarMsgs.0 = Counter32: 9
AMAVIS-MIB::quarBadHdrMsgs.0 = Counter32: 3
AMAVIS-MIB::quarSpamMsgs.0 = Counter32: 6
AMAVIS-MIB::quarMsgsSize.0 = Counter64: 87729
AMAVIS-MIB::quarBadHdrMsgsSize.0 = Counter64: 8273
AMAVIS-MIB::quarSpamMsgsSize.0 = Counter64: 79456
AMAVIS-MIB::contentCleanMsgs.0 = Counter32: 32
AMAVIS-MIB::contentCleanMsgsOpenRelay.0 = Counter32: 32
AMAVIS-MIB::contentBadHdrMsgs.0 = Counter32: 3
AMAVIS-MIB::contentBadHdrMsgsOpenRelay.0 = Counter32: 3
AMAVIS-MIB::contentSpamMsgs.0 = Counter32: 6
AMAVIS-MIB::contentSpamMsgsOpenRelay.0 = Counter32: 6
AMAVIS-MIB::outConnNew.0 = Counter32: 6


You should now be able to throw different kinds of monitoring software on Amavisd-new.


Written by bjorn on January 22nd, 2017

Tagged with , , ,

Icinga/Nagios check for Sophos antivirus signature freshness  

Posted at 9:19 pm in Uncategorized

I’ve been running Amavisd-new with scanner components like ClamAV and SpamAssassin on the mail relay for my personal mail for several years. Lately I’ve been thinking that since Amavis supports multiple content scanners I should add another antivirus product. Unfortunately there’s a limited number of free (for home/individual use) antivirus products running on Linux, and quite a few of them are not being maintained, but I found a very promising candidate from Sophos.

Adding Sophos antivirus for Linux to Amavisd-new wasn’t all that difficult (and is covered by other articles elsewhere), but one thing was missing to complete the picture: An automated method for checking whether Sophos is running with updated antivirus signature files. I was hoping to find or write something that could be used with Icinga (or Nagios).

Conveniently, Sophos provides an XML URL containing the file name and md5sum of the latest signature file. Below is the status file at the time of writing:

<?xml version="1.0" encoding="utf-8"?>


Having found the status file, writing a short script didn’t take long. I’m using xmlstarlet for better readability. The script is stored as /usr/local/bin/check_sophos.



/usr/bin/GET | \
/usr/bin/xmlstarlet fo | \
/usr/bin/awk -F \(\<\|\>\) '{print $2" "$3}' | \
while read attribute value; do
  if [ "$attribute" = "name" ]; then
  elif [ "$attribute" = "md5" ]; then
  if [ "x$FILE" != "x" -a "y$MD5SUM" != "y" ]; then
    if [ ! -e "${SOPHOSDIR}/${FILE}" ]; then
      echo "WARNING: Sophos has not yet downloaded its latest signature file."
      exit 1
    CHECKSUM=$(/usr/bin/md5sum "${SOPHOSDIR}/${FILE}" | /usr/bin/awk '{ print $1 }')
    if [ "$CHECKSUM" = "$MD5SUM" ]; then
      echo "OK: Newest signature file ${FILE} has the correct checksum ($MD5SUM)"
      exit 0
      echo "WARNING: ${FILE} seems to be outdated."
      exit 1
    # Cleanup
    FILE=""; MD5SUM="";


As those fluent in shell scripting will easily see, the script reads the XML status URL and extracts the file name and md5sum of the most recent antivirus signature file. Then the script checks for the file’s existence, and triggers a warning if the file isn’t there. If the file is present, its md5sum is compared to what should be expected from the XML status URL.

After testing the script I added it to Icinga via NRPE, so now I’ll be getting a notice if something’s wrong with Sophos’ antivirus update.

Written by bjorn on January 18th, 2017

Tagged with , , , , , , , , ,