Port 20024: Amavis Content Filter (Alternative Instance) — The Backup Scanner

Port 20024 sits in the registered ports range (1024-49151), the middle territory between the famous well-known ports and the chaos of ephemeral ports. It has no official IANA assignment, but it has a specific, observable use in the wild.

What Runs Here

Port 20024 is used as an alternative listening port for Amavis (amavisd-new), a high-performance interface between mail servers and content checkers like ClamAV virus scanners and SpamAssassin.¹²

The standard port for Amavis is 10024. Port 20024 appears in configurations where administrators run multiple instances of Amavis or multiple content filters in parallel. Same service, different port number.

How It Works

In a typical mail filtering setup:

1. Your mail server (Postfix, Sendmail) receives an email
2. Instead of delivering it immediately, it forwards the message to Amavis on port 20024 (or 10024 for the primary instance)
3. Amavis runs the email through virus scanners and spam filters
4. If the email passes inspection, Amavis sends it back to the mail server on a different port (typically 10025 or 20025)
5. The mail server then delivers the clean email

Port 20024 typically uses LMTP (Local Mail Transfer Protocol), which is similar to SMTP but optimized for local mail delivery. LMTP allows the server to report different status codes for different recipients in the same message, and Postfix can reuse the same connection for multiple messages.³⁴

Why Use Port 20024 Instead of 10024?

Multi-instance filtering. Some mail systems run multiple Amavis instances for performance or redundancy. One instance listens on 10024, another on 20024. This is common in high-volume email environments where a single scanner instance would become a bottleneck.

Multiple content filters. Systems running different filtering policies (one for internal mail, one for external mail, for example) might use separate Amavis instances on different ports.

MailGate and similar systems. Some content filtering appliances listen on port 20024 and forward filtered mail through port 20025, keeping their traffic separate from standard Amavis instances.⁵

Security Considerations

Port 20024 should only accept connections from localhost or your mail server, never from the public Internet. Amavis is a content filter, not a public-facing mail server.

If port 20024 is exposed externally, an attacker could:

• Bypass your primary mail security by sending directly to the filter
• Overload your virus scanning infrastructure
• Probe for vulnerabilities in Amavis or the underlying scanners

Check what's listening:

sudo lsof -i :20024
# or
sudo netstat -tulpn | grep 20024

The output should show amavisd listening only on 127.0.0.1 (localhost), not 0.0.0.0 (all interfaces).

The Registered Ports Range

Port 20024 belongs to the registered ports range (1024-49151). These ports can be registered with IANA for specific services, but registration is optional and not enforced. Many ports in this range have commonly observed uses (like port 20024 for secondary Amavis instances) without official assignments.

This flexibility allows system administrators to deploy multiple instances of services without port conflicts, as long as everyone on the same system coordinates which ports they're using.

Related Ports

Port 10024 — The standard LMTP port for Amavis primary instance Port 10025 — Return path for filtered mail from Amavis (primary instance) Port 20025 — Return path for filtered mail from secondary Amavis instance Port 2525 — Alternative SMTP submission port, sometimes used in mail filtering chains

Checking This Port

To see if anything is listening on port 20024:

# Linux/macOS
sudo lsof -i :20024
sudo netstat -tulpn | grep 20024

# Check if it's accepting connections
telnet localhost 20024

If Amavis is running on this port, you'll see a connection open (though it will expect LMTP commands, not casual conversation).