Difference between revisions of "ClamSMTP: An SMTP Virus Filter"

From ArchWiki
Jump to: navigation, search
(cat)
(10 intermediate revisions by 5 users not shown)
Line 1: Line 1:
[[Category:Internet applications (English)]]
+
[[Category:Mail Server]]
[[Category:Daemons and system services (English)]]
+
[[Category:Security]]
[[Category:Security (English)]]
+
 
+
 
Clamsmtp is a very simple virus filtering tool for any SMTP server. It is very usable with the Postfix MTA, so the following article applies to this and gives you an example of a simple configuration.
 
Clamsmtp is a very simple virus filtering tool for any SMTP server. It is very usable with the Postfix MTA, so the following article applies to this and gives you an example of a simple configuration.
  
Line 13: Line 11:
 
[[Postfix]]
 
[[Postfix]]
  
 
+
== Installation ==
== INSTALLATION ==
+
 
+
  
 
Before you install Clamsmtp, install and configure Postfix, create users for your SMTP server, and test if it is working. Install Clamav, and test it too.
 
Before you install Clamsmtp, install and configure Postfix, create users for your SMTP server, and test if it is working. Install Clamav, and test it too.
Line 23: Line 19:
 
  # yaourt -S clamsmtpd
 
  # yaourt -S clamsmtpd
  
 +
== Configuration ==
  
== CONFIGURATION ==
+
=== CLAMSMTP ===
  
 
+
Let's see {{ic|/etc/conf.d/clamsmtp}} first
'''CLAMSMTP'''
+
 
+
Let's see {{Filename|/etc/conf.d/clamsmtp}} first
+
  
 
change the line:
 
change the line:
Line 39: Line 33:
 
  START_CLAMSMTP="yes"
 
  START_CLAMSMTP="yes"
  
 
+
Now, we will configure the daemon, by editing {{ic|/etc/clamav/clamsmtpd.conf}}. You can erase the original file or simply make a backup of it. Create a new file with this contents:
Now, we will configure the daemon, by editing {{Filename|/etc/clamav/clamsmtpd.conf}}. You can erase the original file or simply make a backup of it. Create a new file with this contents:
+
  
 
  # Simple clamsmtpd config file
 
  # Simple clamsmtpd config file
Line 48: Line 41:
 
  TempDirectory: /var/spool/clamsmtp
 
  TempDirectory: /var/spool/clamsmtp
 
  User: clamav
 
  User: clamav
 
  
 
Clamsmtp works as a daemon. The workflow is simple, it listens on a port specified in its configuration file, catches the mails, scans them via Clamav, and then it pushes them back to Postfix via another port.
 
Clamsmtp works as a daemon. The workflow is simple, it listens on a port specified in its configuration file, catches the mails, scans them via Clamav, and then it pushes them back to Postfix via another port.
 
Here, the daemon will listen on port 10026, then scan the mails as user clamav, and will send them back to Postfix on port 10025.
 
Here, the daemon will listen on port 10026, then scan the mails as user clamav, and will send them back to Postfix on port 10025.
 
  
 
Next we create the cache for clamsmtp by:
 
Next we create the cache for clamsmtp by:
Line 59: Line 50:
 
  chown clamav:clamav /var/spool/clamsmtp
 
  chown clamav:clamav /var/spool/clamsmtp
  
(for whatever reason, the default TempDirectory: {{Filename|/tmp}} returns permission errors )
+
(for whatever reason, the default TempDirectory: {{ic|/tmp}} returns permission errors )
  
  
'''CLAMAV'''
+
=== CLAMAV ===
  
 
+
check your {{ic|/etc/clamav/clamd.conf}}, and uncomment the line ( normally, it is already done ):
check your {{Filename|/etc/clamav/clamd.conf}}, and uncomment the line ( normally, it is already done ):
+
  
 
  #ScanMail yes
 
  #ScanMail yes
Line 73: Line 63:
 
  ScanMail yes
 
  ScanMail yes
  
 +
=== POSTFIX ===
  
'''POSTFIX'''
+
Now, we have to configure Postfix to work together with Clamsmtp. Edit {{ic|/etc/postfix/main.cf}}, and add this two lines to the end of the file:
 
+
 
+
Now, we have to configure Postfix to work together with Clamsmtp. Edit {{Filename|/etc/postfix/main.cf}}, and add this two lines to the end of the file:
+
  
 
  content_filter = scan:127.0.0.1:10026  
 
  content_filter = scan:127.0.0.1:10026  
Line 85: Line 73:
  
  
Edit {{Filename|/etc/postfix/master.cf}}:
+
Edit {{ic|/etc/postfix/master.cf}}:
  
 
  scan      unix  -      -      n      -      16      smtp  
 
  scan      unix  -      -      n      -      16      smtp  
Line 92: Line 80:
 
  127.0.0.1:10025 inet  n -      n      -      16      smtpd  
 
  127.0.0.1:10025 inet  n -      n      -      16      smtpd  
 
         -o content_filter=  
 
         -o content_filter=  
         -o receive_override_options=no_unknown_recipient_checks,no_header_body_$
+
         -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
 
         -o smtpd_helo_restrictions=  
 
         -o smtpd_helo_restrictions=  
 
         -o smtpd_client_restrictions=  
 
         -o smtpd_client_restrictions=  
Line 102: Line 90:
 
The first two lines create the service „scan”, the others take charge of accepting the already scanned mail from Clamsmtp from port 10025 and delivering them to the recipients.
 
The first two lines create the service „scan”, the others take charge of accepting the already scanned mail from Clamsmtp from port 10025 and delivering them to the recipients.
  
 
+
== Testing ==
== TESTING ==
+
 
+
  
 
Now, test your server:
 
Now, test your server:
Line 111: Line 97:
 
  /etc/rc.d/postfix restart
 
  /etc/rc.d/postfix restart
 
  /etc/rc.d/clamsmtp restart
 
  /etc/rc.d/clamsmtp restart
 
  
 
Send yourself a mail, without any viruses
 
Send yourself a mail, without any viruses
  
If you don't have any arriving mails, check {{Filename|/var/log/mail.log}} for errors
+
If you do not have any arriving mails, check {{ic|/var/log/mail.log}} for errors
 
+
  
 
Then, download a test-virus
 
Then, download a test-virus
Line 125: Line 109:
  
 
Check your server's logfile again, you should get something similar to this:
 
Check your server's logfile again, you should get something similar to this:
 
  
 
<span style="color: #e30f0f"> ''May 23 00:04:08 servername postfix/smtp[2415]: A9B941F911: to=<user@your.postfix.server>, relay=127.0.0.1[127.0.0.1]:10026, delay=0.13, delays=0.08/0/0.04/0, dsn=2.0.0, status=sent (250 Virus Detected; Discarded Email)''
 
<span style="color: #e30f0f"> ''May 23 00:04:08 servername postfix/smtp[2415]: A9B941F911: to=<user@your.postfix.server>, relay=127.0.0.1[127.0.0.1]:10026, delay=0.13, delays=0.08/0/0.04/0, dsn=2.0.0, status=sent (250 Virus Detected; Discarded Email)''
  
 
+
== See also ==
 
+
* http://memberwebs.com/stef/software/clamsmtp/
Sources:
+
* http://www.postfix.org/
 
+
http://memberwebs.com/stef/software/clamsmtp/
+
 
+
http://www.postfix.org/
+

Revision as of 03:00, 28 November 2012

Clamsmtp is a very simple virus filtering tool for any SMTP server. It is very usable with the Postfix MTA, so the following article applies to this and gives you an example of a simple configuration.

The basic requirements are a working Postfix installation with a bunch of users and a working Clamav daemon, so be sure you have installed and configured them properly.

See:

Clamav

Postfix

Installation

Before you install Clamsmtp, install and configure Postfix, create users for your SMTP server, and test if it is working. Install Clamav, and test it too.

If both of your tools work well, you can install clamsmtp from AUR, by makepkg or by yaourt:

# yaourt -S clamsmtpd

Configuration

CLAMSMTP

Let's see /etc/conf.d/clamsmtp first

change the line:

START_CLAMSMTP="no" 

to

START_CLAMSMTP="yes"

Now, we will configure the daemon, by editing /etc/clamav/clamsmtpd.conf. You can erase the original file or simply make a backup of it. Create a new file with this contents:

# Simple clamsmtpd config file

OutAddress: 10025 
Listen: 127.0.0.1:10026 
TempDirectory: /var/spool/clamsmtp
User: clamav

Clamsmtp works as a daemon. The workflow is simple, it listens on a port specified in its configuration file, catches the mails, scans them via Clamav, and then it pushes them back to Postfix via another port. Here, the daemon will listen on port 10026, then scan the mails as user clamav, and will send them back to Postfix on port 10025.

Next we create the cache for clamsmtp by:

mkdir /var/spool/clamsmtp
chown clamav:clamav /var/spool/clamsmtp

(for whatever reason, the default TempDirectory: /tmp returns permission errors )


CLAMAV

check your /etc/clamav/clamd.conf, and uncomment the line ( normally, it is already done ):

#ScanMail yes

to

ScanMail yes

POSTFIX

Now, we have to configure Postfix to work together with Clamsmtp. Edit /etc/postfix/main.cf, and add this two lines to the end of the file:

content_filter = scan:127.0.0.1:10026 
receive_override_options = no_address_mappings 

Postfix will send mails to localhost on port 10026.


Edit /etc/postfix/master.cf:

scan      unix  -       -       n       -       16      smtp 
        -o smtp_send_xforward_command=yes 
# For injecting mail back into postfix from the filter 
127.0.0.1:10025 inet  n -       n       -       16      smtpd 
       -o content_filter= 
       -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
       -o smtpd_helo_restrictions= 
       -o smtpd_client_restrictions= 
       -o smtpd_sender_restrictions= 
       -o smtpd_recipient_restrictions=permit_mynetworks,reject 
       -o mynetworks_style=host 
       -o smtpd_authorized_xforward_hosts=127.0.0.0/8 

The first two lines create the service „scan”, the others take charge of accepting the already scanned mail from Clamsmtp from port 10025 and delivering them to the recipients.

Testing

Now, test your server:

/etc/rc.d/clamav restart
/etc/rc.d/postfix restart
/etc/rc.d/clamsmtp restart

Send yourself a mail, without any viruses

If you do not have any arriving mails, check /var/log/mail.log for errors

Then, download a test-virus

wget http://eicar.org/download/eicar_com.zip

and send it as an attachment.

Check your server's logfile again, you should get something similar to this:

May 23 00:04:08 servername postfix/smtp[2415]: A9B941F911: to=<user@your.postfix.server>, relay=127.0.0.1[127.0.0.1]:10026, delay=0.13, delays=0.08/0/0.04/0, dsn=2.0.0, status=sent (250 Virus Detected; Discarded Email)

See also