1clamsmtpd(8) BSD System Manager's Manual clamsmtpd(8)
2
4 clamsmtpd — an SMTP server for scanning viruses via clamd
5
7 clamsmtpd [-d level] [-f configfile] [-p pidfile]
8 clamsmtpd -v
9
11 clamsmtpd is an SMTP filter that allows you to check for viruses using
12 the ClamAV anti-virus software. It accepts SMTP connections and forwards
13 the SMTP commands and responses to another SMTP server.
14 The DATA email body is intercepted and scanned before forwarding. By
16 default email with viruses are dropped silently and logged without any
17 additional action taken.
18 clamsmtpd aims to be lightweight and simple rather than have a myriad of
20 options. The options it does have are configured by editing the
21 clamsmtpd.conf(5) file. See the man page for clamsmtpd.conf(5) for more
22 info on the default location of the configuration file.
23
25 Previous versions had more options. These still work for now but have
26 equivalents in clamsmtpd.conf(5) and are not documented here. The options
27 are as follows.
28 -d Don't detach from the console and run as a daemon. In addi‐
30 tion the level argument specifies what level of error mes‐
31 sages to display. 0 being the least, 4 the most.
32 -f configfile specifies an alternate location for the clamsmtpd
34 configuration file. See clamsmtpd.conf(5) for more details on
35 where the configuration file is located by default.
36 -p pidfile specifies a location for the a process id file to be
38 written to. This file contains the process id of clamsmtpd
39 and can be used to stop the daemon.
40 -v Prints the clamsmtp version number and exits.
42
44 clamsmtpd logs to syslogd by default under the 'mail' facility. You can
45 also output logs to the console using the -d option.
46
48 In some cases it's advantageous to consolidate the virus scanning and
49 filtering for several mail servers on one machine. clamsmtpd allows this
50 by providing a loopback feature to connect back to the IP that an SMTP
51 connection comes in from.
52 To use this feature specify only a port number (no IP address) for the
54 OutAddress setting in the configuration file. This will cause clamsmtpd
55 to pass the email back to the said port on the incoming IP address.
56 Make sure the MaxConnections setting is set high enough to handle the
58 mail from all the servers without refusing connections.
59
61 A transparent proxy is a configuration on a gateway that routes certain
62 types of traffic through a proxy server without any changes on the client
63 computers. clamsmtpd has support for transparent proxying of SMTP traf‐
64 fic by enabling the TransparentProxy setting. This type of setup usually
65 involves firewall rules which redirect traffic to clamsmtpd and the setup
66 varies from OS to OS. The SMTP traffic will be forwarded to it's original
67 destination after being scanned.
68 When doing transparent proxying for outgoing email it's probably a good
70 idea to turn on bounce notifications using the Action: bounce setting.
71 Also note that some features (such as SSL/TLS) will not be available when
72 going through the transparent proxy.
73 Make sure that the MaxConnections setting is set high enough for your
75 transparent proxying. Because clamsmtpd is not being used as a filter
76 inside a queue, which usually throttles the amount of email going
77 through, this setting may need to be higher than usual.
78
80 Using the VirusAction option you can run a script or program whenever a
81 virus is found. This may be handy in certain circumstances but it has
82 several drawbacks. For one, the performance of the virus filtering will
83 take a hit, perhaps DOS'ing your machine under heavy load. Secondly as
84 with running any program there are security implications to be consid‐
85 ered.
86 Please consider the above carefully before implementing a virus action.
88 The script is run without its output being logged, or return value being
90 checked. Because of this you should test it thoroughly. Make sure it runs
91 without problems under the user that clamsmtpd(8) is being run as.
92 Various environment variables will be present when your script is run.
94 You may need to escape them properly before use in your favorite script‐
95 ing language. Failure to do this could lead to a REMOTE COMPROMISE of
96 your machine.
97 CLIENT The network address of the SMTP client connected.
99 EMAIL When the Quarantine option is enabled, this specifies the
101 file that the virus was saved to.
102 RECIPIENTS The email addresses of the email recipients. These are speci‐
104 fied one per line, in standard address format.
105 REMOTE If clamsmtpd is being used to filter email between SMTP
107 servers, then this is the IP address of the original client.
108 In order for this information to be present (a) the SMTP
109 client (sending server) must an send an XFORWARD command and
110 (b) the SMTP server (receiving server) must accept that XFOR‐
111 WARD command without error.
112 REMOTE_HELO
114 If clamsmtpd is being used to filter email between SMTP
115 servers, then this is the HELO/EHLO banner of the original
116 client. In order for this information to be present (a) the
117 SMTP client (sending server) must an send an XFORWARD command
118 and (b) the SMTP server (receiving server) must accept that
119 XFORWARD command without error.
120 SENDER The email address for the sender of the email.
122 SERVER The network address of the SMTP server we're connected to.
124 TMPDIR The path to the temp directory in use. This is the same as
126 the TempDirectory option.
127 VIRUS The name of the virus found.
129
131 There's no reason to run this daemon as root. It is meant as a filter and
132 should listen on a high TCP port. It's probably a good idea to run it
133 using the same user as the clamd(8) daemon. This way the temporary files
134 it writes are accessible to clamd(8)
135 Care should be taken with the directory that clamsmtpd writes its tempo‐
137 rary files to. In order to be secure, it should not be a world writeable
138 location. Specify the directory using the TempDirectory setting.
139 When using the VirusAction option make sure you understand the security
141 issues involved. Unescaped environment variables can lead to execution of
142 arbitrary shell commands on your machine.
143 If running clamsmtpd on a publicly accessible IP address or without a
145 firewall please be sure to understand all the possible security issues.
146 This is especially true if the loopback feature is used (see above).
147
149 clamsmtpd.conf(5) clamd(8), clamdscan(1)
150
152 Stef Walter <stef@memberwebs.com>
153clamsmtp June 20, 2019 clamsmtp