Virus filtering with Postfix and ClamAV in 4 steps :)
Posted by joeblack on Thu 29 Sep 2005 at 11:29
If you're using the postfix mail server you can reject mails which have viral content at SMTP time - meaning they aren't delivered and you don't have to worry about sending bounce messages to the often-faked "From" address. Below are quick details to setting up clamsmtp with postfix. We also setup an up to date version of ClamAV from the new volatile repository.
Before you begin to read, please note I am writing the expecting you have got a working postfix server, if not I suggest get it working correctly and then follow on.
1. Get the correct clam installedThe default clam install are not up to date. Add the following to your /etc/apt/sources.list
deb http://ftp2.de.debian.org/debian-volatile sarge/volatile mainNow Update
apt-get updatenow install :)
apt-get install clamsmtp clamav-freshclam2. Edit the clamsmtp file
Edit the /etc/clamsmtpd.conf file and change OutAddress: 10025 to OutAddress: 10026. also change Listen: 127.0.0.1:10026 to Listen: 127.0.0.1:10025
3. Edit the postfix files
Add the following to /etc/postfix/main.cf
content_filter = scan:127.0.0.1:10025 receive_override_options = no_address_mappings
Add the following to /etc/postfix/master.cf
# AV scan filter (used by content_filter)
scan unix - - n - 16 smtp
-o smtp_send_xforward_command=yes
# For injecting mail back into postfix from the filter
127.0.0.1:10026 inet n - n - 16 smtpd
-o content_filter=
-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
-o smtpd_helo_restrictions=
-o smtpd_client_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks_style=host
-o smtpd_authorized_xforward_hosts=127.0.0.0/8
4. Conclusion
Restart postfix and clamsmtp. Follow the mail.log and check for errors.
Send yourself a virus and see if clam will catch it.
Hope this will help somebody, drop me a line if it did. joeblack at pixelporn dot co dot za.
"This package departs from the default clamsmtpd configuration in the ports it
listens to and forward messages to. The reason for this is partially
historical and partially a compatibility issue. At the time that postfix was
first introducing its filtering capabilities, it quoted the use of Amavisd and
Amavisd-new as possible filtering proxies. In those examples, it showed
postfix using port 10025 as the unfiltered port for returning email from the
proxy. Amavisd-new installs listening to port 10024. Rather than forcing the
Debian systems administrator from having to customize /etc/postfix/master.cf
yet again, I choose to flip clamsmtpd's settings."
As the author of this post has indicated, it's relatively simple to customize clamsmtp+postfix to your environment.
[ Parent | Reply to this comment ]
apt-get install clamav-testfiles
[ Parent | Reply to this comment ]
In step 2 I changed the clamsmtp OutAddress to the full local address:
OutAddress: 127.0.0.1:10026
If you don´t do that, it will connect to postfix from the default network interface. In my setup even that is not a local network to postfix ;)
[ Parent | Reply to this comment ]
[ Parent | Reply to this comment ]
[ Parent | Reply to this comment ]
Joakim Nordberg
[ Parent | Reply to this comment ]
[ Parent | Reply to this comment ]
[ Parent | Reply to this comment ]
http://memberwebs.com/nielsen/software/clamsmtp/postfix.html
For further information go to: http://memberwebs.com/nielsen/software/clamsmtp/
[ Parent | Reply to this comment ]
Feb 1 11:21:41 localhost clamsmtpd: 100001: clamav error: /var/spool/clamsmtp/clamsmtpd.e2ceOK: Access denied. ERROR
So i changed the permission to 777 just for testing. But that doesn't healp really much. Has anybody an idea?
[ Parent | Reply to this comment ]
Feb 16 08:03:55 kampes postfix/smtp[15876]: B87ADA45CF3: to=<box@semusim.info>, relay=127.0.0.1[127.0.0.1], delay=41, status=deferred (host 127.0.0.1[127.0.0.1] said: 451 Local Error (in reply to end of DATA command))
how can i solve that ?
[ Parent | Reply to this comment ]
thanks man
[ Parent | Reply to this comment ]
Building Dependency Tree... Done
Package clamsmtp is not available, but is referred to by another package.
This may mean that the package is missing, has been obsoleted, or
is only available from another source
E: Package clamsmtp has no installation
[ Parent | Reply to this comment ]
Copy and paste your contents of /etc/apt/sources.list
joe
[ Parent | Reply to this comment ]
[ Parent | Reply to this comment ]
Non funziona.
[ Parent | Reply to this comment ]
what do your logs say?
joeblack
[ Parent | Reply to this comment ]
[ Parent | Reply to this comment ]
[ Parent | Reply to this comment ]
[ Parent | Reply to this comment ]
error is showing after installing clamav . I followed the the same steps you given above.
[ Parent | Reply to this comment ]
2) content_filter = scan:[127.0.0.1]:10025
is better
3) The whole thing is more suitable for a smtpd_proxy_filter...
[ Parent | Reply to this comment ]