MAN page from RedHat EL 7 clamsmtp-1.10-14.el7.x86_64.rpm
Section: Maintenance Commands (8)Index
- an SMTP server for scanning viruses via clamd
is an SMTP filter that allows you to check for viruses using the ClamAVanti-virus software. It accepts SMTP connections and forwards the SMTP commandsand responses to another SMTP server.
The DATA email body is intercepted and scanned before forwarding. By default email with viruses are dropped silently and logged without any additional action taken.
aims to be lightweight and simple rather than have a myriad of options. The optionsit does have are configured by editing the clamsmtpd.conf5file. See the man page for clamsmtpd.conf5for more info on the default location of the configuration file.
Previous versions had more options. These still work for now but have equivalents in clamsmtpd.conf5and are not documented here. The options are as follows.
- Don't detach from the console and run as a daemon. In addition the levelargument specifies what level of error messages to display. 0 being the least, 4 the most.
- configfile specifies an alternate location for the configuration file. See clamsmtpd.conf5for more details on where the configuration file is located by default.
- pidfilespecifies a location for the a process id file to be written to. This file contains the process id of and can be used to stop the daemon.
- Prints the clamsmtp version number and exits.
logs to syslogdby default under the 'mail' facility. You can also output logs to the consoleusing the -d
In some cases it's advantageous to consolidate the virus scanning and filtering for several mail servers on one machine.
allows this by providing a loopback feature to connect back to the IP that an SMTP connection comes in from.
To use this feature specify only a port number (no IP address) for the OutAddresssetting in the configuration file. This will cause to pass the email back to the said port on the incoming IP address.
Make sure the MaxConnectionssetting is set high enough to handle the mail from all the servers without refusingconnections.
TRANSPARENT PROXY FEATURE
A transparent proxy is a configuration on a gateway that routes certain types of traffic through a proxy server without any changes on the client computers.
has support for transparent proxying of SMTP traffic by enabling the TransparentProxy
setting. This type of setup usually involves firewall rules which redirect traffic to
and the setup varies from OS to OS. The SMTP traffic will be forwarded to it's original destination after being scanned.
When doing transparent proxying for outgoing email it's probably a good idea to turn on bounce notifications using theAction: bouncesetting. Also note that some features (such as SSL/TLS) will not be availablewhen going through the transparent proxy.
Make sure that theMaxConnections setting is set high enough for your transparent proxying. Because is not being used as a filter inside a queue, which usually throttles the amountof email going through, this setting may need to be higher than usual.
Using the VirusAction
option you can run a script or program whenever a virus is found. This may be handy in certain circumstances but it has several drawbacks. For one, the performance of the virus filtering will take a hit, perhaps DOS'ing your machine under heavy load. Secondly as with running any program there are security implications to be considered.
Please consider the above carefully before implementing a virus action.
The script is run without its output being logged, or return value being checked. Because of this you should test it thoroughly. Make sure it runswithout problems under the user that clamsmtpd(8)is being run as.
Various environment variables will be present when your script is run. You may need to escape them properly before use in your favorite scripting language. Failure to do this could lead to a REMOTE COMPROMISE of your machine.
- The network address of the SMTP client connected.
- When theQuarantineoption is enabled, this specifies the file that the virus was saved to.
- The email addresses of the email recipients. These are specified one per line, in standard address format.
- If is being used to filter email between SMTP servers, then this is the IP address of the original client. In order for this information to be present (a) the SMTP client (sending server) must an send an XFORWARD command and (b) the SMTP server (receiving server) must accept that XFORWARD command without error.
- If is being used to filter email between SMTP servers, then this is the HELO/EHLO banner of the original client. In order for this information to be present (a) the SMTP client (sending server) must an send an XFORWARD command and (b) the SMTP server (receiving server) must accept that XFORWARD command without error.
- The email address for the sender of the email.
- The network address of the SMTP server we're connected to.
- The path to the temp directory in use. This is the same as the TempDirectoryoption.
- The name of the virus found.
There's no reason to run this daemon as root. It is meant as a filter and shouldlisten on a high TCP port. It's probably a good idea to run it using the same user as the clamd
(8)daemon. This way the temporary files it writes are accessible to clamd
Care should be taken with the directory that writes its temporary files to. In order to be secure, it should not be a worldwriteable location. Specify the directory using the TempDirectorysetting.
When using the VirusActionoption make sure you understand the security issues involved. Unescaped environment variables can lead to execution of arbitrary shell commands on your machine.
If running on a publicly accessible IP address or without a firewall please be sure to understand all the possible security issues. This is especially true if the loopback feature is used (see above).
An Stef Walter Aq stefAATTmemberwebs.com
- LOOPBACK FEATURE
- TRANSPARENT PROXY FEATURE
- VIRUS ACTIONS
- SEE ALSO
This document was created byman2html,using the manual pages.