File: postfix.html

package info (click to toggle)
clamsmtp 1.10-7
links: PTS
area: main
in suites: squeeze
size: 1,352 kB
ctags: 333
sloc: sh: 3,919; ansic: 3,286; makefile: 20
file content (82 lines) | stat: -rw-r--r-- 3,602 bytes
parent folder | download | duplicates (9)
<!doctype html public "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<title>ClamSMTP: Using with Postfix</title>
<link rel="stylesheet" type="text/css" href="../../style.css">
</head>

<body bgcolor="#FFFFFF">
<h1>ClamSMTP: Using with Postfix</h1>

<p><a href="http://www.postfix.org">Postfix</a> supports filtering mail through
a filter that acts like an SMTP server. This is how <tt>clamsmtp</tt> was 
designed. Postfix supports 
<a href="http://www.postfix.org/SMTPD_PROXY_README.html">before-queue</a> and 
<a href="http://www.postfix.org/FILTER_README.html">after-queue</a> filters. 
Before-queue filters make a poor choice for anti-virus scanners so this 
document will describe the latter. For more details on why and how this all
works, read the above links on the Postfix site.</p>

<p>Put the following lines in your Postfix <tt>main.cf</tt> file:</p>

<pre>content_filter = scan:127.0.0.1:10025
receive_override_options = no_address_mappings</pre>

<p> The <tt>content_filter</tt> tells Postfix to send all mail through the 
service called 'scan' on port 10025. We'll set up <tt>clamsmtpd</tt> to listen
on this port later.</p>

<p>Next we add the following to the Postfix <tt>master.cf</tt> file:</p>

<pre># AV scan filter (used by content_filter)
scan      unix  -       -       n       -       16      smtp
        -o smtp_send_xforward_command=yes
# For injecting mail back into postfix from the filter
127.0.0.1:10026 inet  n -       n       -       16      smtpd
        -o content_filter=
        -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
        -o smtpd_helo_restrictions=
        -o smtpd_client_restrictions=
        -o smtpd_sender_restrictions=
        -o smtpd_recipient_restrictions=permit_mynetworks,reject
        -o mynetworks_style=host
        -o smtpd_authorized_xforward_hosts=127.0.0.0/8</pre>

<p>Make sure there's no spaces around the equal signs or commas in the text
you added. The first 2 lines create the 'scan' service. The rest set up 
a service for accepting mail back into postfix. All the options prevent a 
mail loop as well as relax address checking and the like, since that's
already been done.</p>

<p>Specify the <tt>OutAddress</tt> option in <tt>clamsmtpd.conf</tt> as 
<tt>127.0.0.1:10026</tt>. Make sure to run it as the same user as you run 
<tt><a href="http://www.clamav.net">clamd</a></tt> or they'll have problems 
accessing each other's temporary files. You can use the <tt>User</tt> option 
to accomplish that.</p>

<p>Now start up <tt>clamsmtpd</tt> like this. </p>

<pre># clamsmtpd -f /path/to/clamsmtpd.conf</pre>

<p>Make sure <tt>clamd</tt> (the ClamAV daemon) is running, and its listening
on the socket you specified. You can set this in <tt>clamav.conf</tt> using the
<tt>LocalSocket</tt> or <tt>TCPSocket</tt> directives (only uncomment one).
Also make sure the <tt>ScanMail</tt> directive is on.</p>

<p>And that's all there is to it. If something's not working, check mail-queues, 
logs, etc... If you have trouble with <tt>clamsmtpd</tt> or send me a bug report, 
be sure to try the debug log mode which can be a valuable aid in figuring things
out:</p>

<pre># clamsmtpd <b>-d 4</b> -f /path/to/clamsmtpd.conf</pre>

<p>[Note: You may have to keep 
<a href="../../freebsd/jails/docs/jail_postfix.html">this</a> in mind if 
you're trying out the above setup in a jail, and change the 
<tt>smtpd_authorized_xforward_hosts</tt> line accordingly.]</p>

<h6>Copyright 2002, N. Nielsen&nbsp;&nbsp;&nbsp;[ <a href="./">clamsmtp</a> | 
<a href="../../">home page</a> ]</h6>

</body>
</html>