NAME¶
clamsmtpd
—
an SMTP server for scanning viruses via clamd
SYNOPSIS¶
clamsmtpd |
[ -d
level ]
[-f
configfile ]
[-p
pidfile ] |
DESCRIPTION¶
clamsmtpd
is an SMTP filter that allows you
to check for viruses using the ClamAV anti-virus software. It accepts SMTP
connections and forwards the SMTP commands and responses to another SMTP
server.
The DATA email body is intercepted and scanned before forwarding. By default
email with viruses are dropped silently and logged without any additional
action taken.
clamsmtpd
aims to be lightweight and simple
rather than have a myriad of options. The options it does have are configured
by editing the
clamsmtpd.conf(5) file. See the
man page for
clamsmtpd.conf(5) for more info on
the default location of the configuration file.
OPTIONS¶
Previous versions had more options. These still work for now but have
equivalents in
clamsmtpd.conf(5) and are not
documented here. The options are as follows.
-d
- Don't detach from the console and run as a daemon. In addition the
level argument specifies what level of
error messages to display. 0 being the least, 4 the most.
-f
- configfile specifies an alternate
location for the
clamsmtpd
configuration file. See clamsmtpd.conf(5) for
more details on where the configuration file is located by default.
-p
- pidfile specifies a location for the a
process id file to be written to. This file contains the process id of
clamsmtpd
and can be used to stop the
daemon.
-v
- Prints the clamsmtp version number and exits.
LOGGING¶
clamsmtpd
logs to
syslogd by default under the 'mail' facility. You
can also output logs to the console using the
-d
option.
LOOPBACK FEATURE¶
In some cases it's advantageous to consolidate the virus scanning and filtering
for several mail servers on one machine.
clamsmtpd
allows this by providing a
loopback feature to connect back to the IP that an SMTP connection comes in
from.
To use this feature specify only a port number (no IP address) for the
OutAddress setting in the configuration file.
This will cause
clamsmtpd
to pass the email
back to the said port on the incoming IP address.
Make sure the
MaxConnections setting is set
high enough to handle the mail from all the servers without refusing
connections.
TRANSPARENT PROXY FEATURE¶
A transparent proxy is a configuration on a gateway that routes certain types of
traffic through a proxy server without any changes on the client computers.
clamsmtpd
has support for transparent
proxying of SMTP traffic by enabling the
TransparentProxy setting. This type of setup
usually involves firewall rules which redirect traffic to
clamsmtpd
and the setup varies from OS to
OS. The SMTP traffic will be forwarded to it's original destination after
being scanned.
When doing transparent proxying for outgoing email it's probably a good idea to
turn on bounce notifications using the
Action:
bounce setting. Also note that some features (such as SSL/TLS) will not
be available when going through the transparent proxy.
Make sure that the
MaxConnections setting is
set high enough for your transparent proxying. Because
clamsmtpd
is not being used as a filter
inside a queue, which usually throttles the amount of email going through,
this setting may need to be higher than usual.
VIRUS ACTIONS¶
Using the
VirusAction option you can run a
script or program whenever a virus is found. This may be handy in certain
circumstances but it has several drawbacks. For one, the performance of the
virus filtering will take a hit, perhaps DOS'ing your machine under heavy
load. Secondly as with running any program there are security implications to
be considered.
Please consider the above carefully before implementing a virus action.
The script is run without its output being logged, or return value being
checked. Because of this you should test it thoroughly. Make sure it runs
without problems under the user that
clamsmtpd(8)
is being run as.
Various environment variables will be present when your script is run. You may
need to escape them properly before use in your favorite scripting language.
Failure to do this could lead to a REMOTE COMPROMISE of your machine.
- CLIENT
- The network address of the SMTP client connected.
- EMAIL
- When the Quarantine option is enabled,
this specifies the file that the virus was saved to.
- RECIPIENTS
- The email addresses of the email recipients. These are specified one per
line, in standard address format.
- REMOTE
- If
clamsmtpd
is being used to filter
email between SMTP servers, then this is the IP address of the original
client. In order for this information to be present (a) the SMTP client
(sending server) must an send an XFORWARD command and (b) the SMTP server
(receiving server) must accept that XFORWARD command without error.
- REMOTE_HELO
- If
clamsmtpd
is being used to filter
email between SMTP servers, then this is the HELO/EHLO banner of the
original client. In order for this information to be present (a) the SMTP
client (sending server) must an send an XFORWARD command and (b) the SMTP
server (receiving server) must accept that XFORWARD command without
error.
- SENDER
- The email address for the sender of the email.
- SERVER
- The network address of the SMTP server we're connected to.
- TMPDIR
- The path to the temp directory in use. This is the same as the
TempDirectory option.
- VIRUS
- The name of the virus found.
SECURITY¶
There's no reason to run this daemon as root. It is meant as a filter and should
listen on a high TCP port. It's probably a good idea to run it using the same
user as the
clamd(8) daemon. This way the
temporary files it writes are accessible to
clamd(8)
Care should be taken with the directory that
clamsmtpd
writes its temporary files to. In
order to be secure, it should not be a world writeable location. Specify the
directory using the
TempDirectory setting.
When using the
VirusAction option make sure you
understand the security issues involved. Unescaped environment variables can
lead to execution of arbitrary shell commands on your machine.
If running
clamsmtpd
on a publicly accessible
IP address or without a firewall please be sure to understand all the possible
security issues. This is especially true if the loopback feature is used (see
above).
SEE ALSO¶
clamsmtpd.conf(5)
clamd(8),
clamdscan(1)
AUTHOR¶
Stef Walter
⟨stef@memberwebs.com⟩