1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82
|
<!doctype html public "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<title>ClamSMTP: Using with Postfix</title>
<link rel="stylesheet" type="text/css" href="../../style.css">
</head>
<body bgcolor="#FFFFFF">
<h1>ClamSMTP: Using with Postfix</h1>
<p><a href="http://www.postfix.org">Postfix</a> supports filtering mail through
a filter that acts like an SMTP server. This is how <tt>clamsmtp</tt> was
designed. Postfix supports
<a href="http://www.postfix.org/SMTPD_PROXY_README.html">before-queue</a> and
<a href="http://www.postfix.org/FILTER_README.html">after-queue</a> filters.
Before-queue filters make a poor choice for anti-virus scanners so this
document will describe the latter. For more details on why and how this all
works, read the above links on the Postfix site.</p>
<p>Put the following lines in your Postfix <tt>main.cf</tt> file:</p>
<pre>content_filter = scan:127.0.0.1:10025
receive_override_options = no_address_mappings</pre>
<p> The <tt>content_filter</tt> tells Postfix to send all mail through the
service called 'scan' on port 10025. We'll set up <tt>clamsmtpd</tt> to listen
on this port later.</p>
<p>Next we add the following to the Postfix <tt>master.cf</tt> file:</p>
<pre># AV scan filter (used by content_filter)
scan unix - - n - 16 smtp
-o smtp_send_xforward_command=yes
# For injecting mail back into postfix from the filter
127.0.0.1:10026 inet n - n - 16 smtpd
-o content_filter=
-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
-o smtpd_helo_restrictions=
-o smtpd_client_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks_style=host
-o smtpd_authorized_xforward_hosts=127.0.0.0/8</pre>
<p>Make sure there's no spaces around the equal signs or commas in the text
you added. The first 2 lines create the 'scan' service. The rest set up
a service for accepting mail back into postfix. All the options prevent a
mail loop as well as relax address checking and the like, since that's
already been done.</p>
<p>Specify the <tt>OutAddress</tt> option in <tt>clamsmtpd.conf</tt> as
<tt>127.0.0.1:10026</tt>. Make sure to run it as the same user as you run
<tt><a href="http://www.clamav.net">clamd</a></tt> or they'll have problems
accessing each other's temporary files. You can use the <tt>User</tt> option
to accomplish that.</p>
<p>Now start up <tt>clamsmtpd</tt> like this. </p>
<pre># clamsmtpd -f /path/to/clamsmtpd.conf</pre>
<p>Make sure <tt>clamd</tt> (the ClamAV daemon) is running, and its listening
on the socket you specified. You can set this in <tt>clamav.conf</tt> using the
<tt>LocalSocket</tt> or <tt>TCPSocket</tt> directives (only uncomment one).
Also make sure the <tt>ScanMail</tt> directive is on.</p>
<p>And that's all there is to it. If something's not working, check mail-queues,
logs, etc... If you have trouble with <tt>clamsmtpd</tt> or send me a bug report,
be sure to try the debug log mode which can be a valuable aid in figuring things
out:</p>
<pre># clamsmtpd <b>-d 4</b> -f /path/to/clamsmtpd.conf</pre>
<p>[Note: You may have to keep
<a href="../../freebsd/jails/docs/jail_postfix.html">this</a> in mind if
you're trying out the above setup in a jail, and change the
<tt>smtpd_authorized_xforward_hosts</tt> line accordingly.]</p>
<h6>Copyright 2002, N. Nielsen [ <a href="./">clamsmtp</a> |
<a href="../../">home page</a> ]</h6>
</body>
</html>
|