Introduction
I'm so very surprised at myself for NOT knowing about this little diddy years
sooner however all along there's been a nice little package called clamsmtp
that fits nicely into your Postfix MTA backend that will use your ClamAV
to scan both incoming AND outgoing emails for viri. With the recent news about
Avast scanning your drive not just for viri but for data to sell about you
around the globe I'm sure folks will be looking for a nice alternative for
viri scanning their systems and their emails. After all it's best to catch a
viri PRIOR to you opening mail than trying to clean things up after the fact.
This "how-to" will show you how to add this with an AmprNet axMail-FAX mail
system.
Let's begin the fun!
Since most (not all) are Debian or Debian based installs that are using the
axMail-FAX system this will be designed to guide those with such systems. I'm
sure if you're using something else such as Fedora you can translate things to
RedHat lingo. Also I'm going to assume you have ClamAV installed along with
FreshClam and my ClamScan system. If you don't have ClamAV installed stop now
and install clam and freshclam - and while at it my ClamScan package. You may
check by issuing the command:
ps ax|grep clam
If its not install it use apt-get to install them. ClamScan you'll have to
get from my ftp server.
Get ClamSMTP and configure it for AmprNet mail
As root, execute:
apt-get install clamsmtp
It will grab this package from the repository and install it with a very
basic installation. The trick will be to configure it for our usage which
is actually easier than I thought. Next as root using your favorite text
editor edit the file: /etc/clamsmtpd.conf
Change 2 lines to the following:
OutAddress: 10025
to
OutAddress: 10026
NEXT change
Listen: 127.0.0.1:10026
to
Listen 0.0.0.0:10025
You may uncomment the Header: line if you desire. Save the file!
Postfix configuration
There's 2 files in /etc/postfix you will need to edit:
main.cf and master.cf
You may copy and paste in the following lines in each file for ease of
use. First let's visit the easier one: main.cf
Using your favorite text editor open the file up and you may scroll all
the way to the bottom of the file and add these 2 lines:
content_filter = scan:44.x.x.x:10025
receive_override_options = no_address_mappings
Insure to replace 44.x.x.x with your postfix's AmprNet IP that's bound to
mail ports. Most of us are required to do this because our ISPs filter outbound
port 25 sending to the global internet in an attempt to halt you from being
used by spammers as relay stations. Save your main.cf file and next open
your master.cf file with your editor. At the bottom of your master.cf file
you may copy and paste the following lines in:
# AV scan filter (used by content_filter)
scan unix - - n - 16 smtp
-o smtp_send_xforward_command=yes
# For injecting mail back into postfix from the filter
44.x.x.x:10026 inet n - n - 16 smtpd
-o content_filter=
-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
-o smtpd_helo_restrictions=
-o smtpd_client_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks_style=host
-o smtpd_authorized_xforward_hosts=44.x.x.x/32
Change 44.x.x.x to your 44-net IP as with main.cf above. Save this file. Now
put on a hat and hold onto your hat as we're going to go for a ride.
Start it up
Now restart both clamsmtp AND postfix. Login to your axMail and send yourself
a simple email to: clamsmtp and in the body you can leave it empty or just type
something simple like "test". Logoff axmail, then log back in. You should have
new mail waiting:
axMail-Fax v2.10
You have 1 messages (1 new).
n1uro@n1uro.ampr.org
Current message 0 of 1
=> l
St Num From Subject Date Size
N 1 Brian n1uro@n1uro.ampr.o clamsmtp Thu, 30 Jan 2020 1014
n1uro@n1uro.ampr.org
Current message 0 of 1
Now read the mail in verbose mode with the "v #: command"
=> v 1
Message 1: (New)
Return-Path: <n1uro@n1uro.ampr.org>
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on n1uro.ampr.org
X-Spam-Level:
X-Spam-Status: No, score=-100.7 required=3.0 tests=RCVD_IN_DNSWL_LOW,
SPF_HELO_PASS,SPF_PASS,USER_IN_WHITELIST autolearn=ham version=3.3.2
X-Original-To: n1uro@n1uro.ampr.org
Delivered-To: n1uro@n1uro.ampr.org
Received: from n1uro.ampr.org (n1uro [44.88.0.9])
by n1uro.ampr.org (Postfix) with ESMTP id A03CD227CC
for <n1uro@n1uro.ampr.org>; Thu, 30 Jan 2020 23:39:40 -0500 (EST)
Received: by n1uro.ampr.org (Postfix, from userid 1000)
id 85C512287A; Thu, 30 Jan 2020 23:39:40 -0500 (EST)
From: Brian <n1uro@n1uro.ampr.org>
To: n1uro@n1uro.ampr.org
X-Priority: 3 (Normal)
Subject: clamsmtp
Message-Id: <20200131043940.85C512287A@n1uro.ampr.org>
Date: Thu, 30 Jan 2020 23:39:40 -0500 (EST)
X-AV-Checked: ClamAV using ClamSMTP
view headers.
---
73 de Brian, N1URO - supporting packet radio since 1995.
sent via axMail-FAX by N1URO.
--- end of message #1 ---
n1uro@n1uro.ampr.org
Current message 1 of 1
You'll notice the header under the Date: shows that it was processed by
ClamSMTP just fine! If you have questions, please email the uronode support
list as others may run into problems as well and answers may help others before
they need to ask questions.
Updated information for a newer MTA
If you have postfix version 2.3 or newer, you should use Clamav-Milter. This
does things a LOT more automatically for you and your postfix configurations
are only 2 lines total and only in main.cf! Here's what you do:
apt -y remove --purge clamsmtp #if installed
apt -y install clamav-milter
cd /etc/postfix
nano main.cf... and add at the bottom (after removing clamsmtp configs):
smtpd_milters = unix:/var/run/clamav/clamav-milter.ctl
milter_default_action = accept
save and remove all you may have put in master.cf.
service postfix restart (or systemctl if you're sadly using systemd)
You will see your mail was scanned in the headers. Enjoy!
I do hope this page helps get you going with ClamAV scanning for mail! --73