Invalid license: Your evaluation license of RefinedTheme expired.

Recently I needed to turn off Amavis / Spamassassin on a server...

The server was running Postfix with DBMail and some custom extensions. Due to a botched FreeBSD PKG update, Spamassassin and Amavis were no longer installed or installable. So I really needed to turn them off as a first step of restoring mail functionality.


There's a nice howto about disabling / bypassing Amavis at this url:

The problem is it explains 12 cases of how to turn it off for specific cases. There's no single letter about how to just NOT USE IT NOW RIGHT AWAY. For all non-emergency cases, go with the howto, it's the very best I could find.


Should you be here for this more urgent case though, just read on.


Steps to do simply disable it:

  1. Identify amavis connection errors in the _right_ logfile (I didn't the day before because it was a jailed system)
  2. Notify customer to alert users of increased chance of receiving spam / virus
  3. Stop the leftovers of the broken Amavis setup
  4. in, disable the call to Amavisd. More trivial setups are just having 2 lines in!
  5. check using postconf -n there's no remaining amavisd config
  6. reload/restart postfix (i.e. service postfix reload)
  7. run postsuper -R to rerun all queued messages
  8. watch the log for the amavis errors
  9. since they still occurred, search some more and find dbmail sql hook script referenced in
  10. disable that, repeat steps 6,7,8
  11. Start dealing with the actual problem of broken software




What I disabled
# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
# ==========================================================================
smtp      inet  n       -       n       -       -       smtpd
smtps     inet  n       -       n       -       -       smtpd -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
submission inet n       -       n       -       -       smtpd -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes
#628      inet  n       -       n       -       -       qmqpd
pickup    fifo  n       -       n       60      1       pickup
cleanup   unix  n       -       n       -       0       cleanup
# amavisd-new content filter
# I had to comment all of the following lines!!!
smtp-amavis unix -      -       n       -       -       lmtp
    -o lmtp_data_done_timeout=400
    -o lmtp_send_xforward_command=yes
    -o lmtp_line_length_limit=0
    -o disable_dns_lookups=yes
    -o max_use=20 inet n  -       n     -      -  smtpd
    -o content_filter=
    -o local_recipient_maps=
    -o relay_recipient_maps=
    -o smtpd_restriction_classes=
    -o smtpd_delay_reject=no
    -o smtpd_client_restrictions=permit_mynetworks,reject
    -o smtpd_helo_restrictions=
    -o smtpd_sender_restrictions=
    -o smtpd_recipient_restrictions=permit_mynetworks,reject
    -o mynetworks_style=host
    -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks


Notice I did NOT need to change anything in the smtp / lmtp line at start of!



If it's configured directly from, you'll need to disable the following line:



If its' a more complex multi-tenant setup, you might need to remove the line calling the SQL function to return the right spamfilter instance
smtpd_recipient_restrictions =  reject_non_fqdn_recipient,
                                check_recipient_access mysql:/usr/local/etc/postfix/, # <- removed this line




I hope this will help you get your services back online!


As for the actual amavis fix, I updated my ports tree and manually built all the missing packages so PKG would no further shred through this (not arguing this) horribly dated server. I just think it's not really helpful to have a package manager that destroys the whole box when you're trying to carefully update it :)



Once you re-enabled also check out the dcc-servers project who are doing a distributed spam hunt!