Part 11. ClamAV Email Anti-Virus configuring
- Details
- Category: Mail Server
- Published: Thursday, 18 July 2019 14:27
- Written by Super User
- Hits: 2037
Install the antivirus system for the mail server:
#apt install clamsmtp
Open the configuration file /etc/clamsmtpd.conf and write down the required settings there:
OutAddress: 10026
Listen: 127.0.0.1:10025
ClamAddress: /var/run/clamav/clamd.ctl
Header: X-AV-Checked: ClamAV using ClamSMTP
TempDirectory: /var/spool/clamsmtp
PidFile: /var/run/clamsmtp/clamsmtpd.pid
Quarantine: on
User: clamsmtp
#VirusAction: /etc/clamav/script.sh
In fact, there are many parameters in this file, but only the necessary ones are specified here. For a more detailed study, I recommend reading me clamsmtpd.conf.
To apply the changes, you must restart the antivirus service:
#service clamsmtp restart
Configure an email server to work with antivirus
Add 2 lines to the file /etc/postfix/main.cf:
content_filter = scan:[127.0.0.1]:10025
receive_override_options = no_address_mappings
The first one tells postfix that it is necessary to forward all mail through the service (filter) scan to the 10025 port where clamsmtpd is. The second line tells postfix do not make any address manipulation before the mail reaches the content_filter. So filter works with real mailing addresses, and not with the results of translating into virtual aliases, masquerades, etc.
You need to add the following lines to the /etc/postfix/master.cf file:
# AV scan filter (used by content_filter)
scan unix - - n - 16 smtp
-o smtp_send_xforward_command=yes
# For injecting mail back into postfix from the filter
127.0.0.1:10026 inet n - n - 16 smtpd
-o content_filter=
-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
-o smtpd_helo_restrictions=
-o smtpd_client_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks_style=host
-o smtpd_authorized_xforward_hosts=127.0.0.0/8
There is no need to restart Postfix service:
#service postfix restart
Antivirus basic configuration is complete.
Configure antivirus notifications
Now the last thing to do is to configure the antivirus notifications sending. To do this, create a script.sh file:
#nano /etc/clamav/script.sh
We will write to it:
#!/bin/sh
DOMAIN=study.local
# Email address to send alerts to
ADMIN=This email address is being protected from spambots. You need JavaScript enabled to view it.
# formail should be in PATH
PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin
LINE="-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-"
if [ X`echo $SENDER | egrep $DOMAIN` != "X" ];
then MAILTO=$SENDER,$ADMIN
else MAILTO=`echo "$RECIPIENTS" | egrep $DOMAIN | tr '\n' ','`$ADMIN
fi
(echo "Virus name: $VIRUS"
echo "Sender: $SENDER"
echo "Recipient(s): $RECIPIENTS"
echo
if [ "x$EMAIL" != "x" ] && [ -f $EMAIL ]
then
echo "Quarantined to: $EMAIL"
fi
) | cat -v | mail -s "$VIRUS found on mailserver" $MAILTO
Uncomment string VirusAction: /etc/clamav/script.sh in the file /etc/clamsmtpd.conf and restart the service clamsmtp:
#service clamsmtp restart
Now our antivirus not only checks the mail, but also quarantines infected letters and sends a notification to the administrator and users of our domain.
You must install the mailutils package for notification sending,
# apt install mailutils
You can buy the book "Mail server based on Postfix, Dovecot and RoundCube" in electronic form in the store