1clamsmtpd(8)              BSD System Manager's Manual             clamsmtpd(8)
2

NAME

4     clamsmtpd — an SMTP server for scanning viruses via clamd
5

SYNOPSIS

7     clamsmtpd [-d level] [-f configfile] [-p pidfile]
8     clamsmtpd -v
9

DESCRIPTION

11     clamsmtpd is an SMTP filter that allows you to check for viruses using
12     the ClamAV anti-virus software. It accepts SMTP connections and forwards
13     the SMTP commands and responses to another SMTP server.
14
15     The DATA email body is intercepted and scanned before forwarding. By
16     default email with viruses are dropped silently and logged without any
17     additional action taken.
18
19     clamsmtpd aims to be lightweight and simple rather than have a myriad of
20     options. The options it does have are configured by editing the
21     clamsmtpd.conf(5) file. See the man page for clamsmtpd.conf(5) for more
22     info on the default location of the configuration file.
23

OPTIONS

25     Previous versions had more options. These still work for now but have
26     equivalents in clamsmtpd.conf(5) and are not documented here. The options
27     are as follows.
28
29     -d          Don't detach from the console and run as a daemon. In addi‐
30                 tion the level argument specifies what level of error mes‐
31                 sages to display. 0 being the least, 4 the most.
32
33     -f          configfile specifies an alternate location for the clamsmtpd
34                 configuration file. See clamsmtpd.conf(5) for more details on
35                 where the configuration file is located by default.
36
37     -p          pidfile specifies a location for the a process id file to be
38                 written to. This file contains the process id of clamsmtpd
39                 and can be used to stop the daemon.
40
41     -v          Prints the clamsmtp version number and exits.
42

LOGGING

44     clamsmtpd logs to syslogd by default under the 'mail' facility. You can
45     also output logs to the console using the -d option.
46

LOOPBACK FEATURE

48     In some cases it's advantageous to consolidate the virus scanning and
49     filtering for several mail servers on one machine.  clamsmtpd allows this
50     by providing a loopback feature to connect back to the IP that an SMTP
51     connection comes in from.
52
53     To use this feature specify only a port number (no IP address) for the
54     OutAddress setting in the configuration file. This will cause clamsmtpd
55     to pass the email back to the said port on the incoming IP address.
56
57     Make sure the MaxConnections setting is set high enough to handle the
58     mail from all the servers without refusing connections.
59

TRANSPARENT PROXY FEATURE

61     A transparent proxy is a configuration on a gateway that routes certain
62     types of traffic through a proxy server without any changes on the client
63     computers.  clamsmtpd has support for transparent proxying of SMTP traf‐
64     fic by enabling the TransparentProxy setting. This type of setup usually
65     involves firewall rules which redirect traffic to clamsmtpd and the setup
66     varies from OS to OS. The SMTP traffic will be forwarded to it's original
67     destination after being scanned.
68
69     When doing transparent proxying for outgoing email it's probably a good
70     idea to turn on bounce notifications using the Action: bounce setting.
71     Also note that some features (such as SSL/TLS) will not be available when
72     going through the transparent proxy.
73
74     Make sure that the MaxConnections setting is set high enough for your
75     transparent proxying. Because clamsmtpd is not being used as a filter
76     inside a queue, which usually throttles the amount of email going
77     through, this setting may need to be higher than usual.
78

VIRUS ACTIONS

80     Using the VirusAction option you can run a script or program whenever a
81     virus is found. This may be handy in certain circumstances but it has
82     several drawbacks. For one, the performance of the virus filtering will
83     take a hit, perhaps DOS'ing your machine under heavy load. Secondly as
84     with running any program there are security implications to be consid‐
85     ered.
86
87     Please consider the above carefully before implementing a virus action.
88
89     The script is run without its output being logged, or return value being
90     checked. Because of this you should test it thoroughly. Make sure it runs
91     without problems under the user that clamsmtpd(8) is being run as.
92
93     Various environment variables will be present when your script is run.
94     You may need to escape them properly before use in your favorite script‐
95     ing language. Failure to do this could lead to a REMOTE COMPROMISE of
96     your machine.
97
98     CLIENT      The network address of the SMTP client connected.
99
100     EMAIL       When the Quarantine option is enabled, this specifies the
101                 file that the virus was saved to.
102
103     RECIPIENTS  The email addresses of the email recipients. These are speci‐
104                 fied one per line, in standard address format.
105
106     REMOTE      If clamsmtpd is being used to filter email between SMTP
107                 servers, then this is the IP address of the original client.
108                 In order for this information to be present (a) the SMTP
109                 client (sending server) must an send an XFORWARD command and
110                 (b) the SMTP server (receiving server) must accept that XFOR‐
111                 WARD command without error.
112
113     REMOTE_HELO
114                 If clamsmtpd is being used to filter email between SMTP
115                 servers, then this is the HELO/EHLO banner of the original
116                 client. In order for this information to be present (a) the
117                 SMTP client (sending server) must an send an XFORWARD command
118                 and (b) the SMTP server (receiving server) must accept that
119                 XFORWARD command without error.
120
121     SENDER      The email address for the sender of the email.
122
123     SERVER      The network address of the SMTP server we're connected to.
124
125     TMPDIR      The path to the temp directory in use. This is the same as
126                 the TempDirectory option.
127
128     VIRUS       The name of the virus found.
129

SECURITY

131     There's no reason to run this daemon as root. It is meant as a filter and
132     should listen on a high TCP port. It's probably a good idea to run it
133     using the same user as the clamd(8) daemon. This way the temporary files
134     it writes are accessible to clamd(8)
135
136     Care should be taken with the directory that clamsmtpd writes its tempo‐
137     rary files to. In order to be secure, it should not be a world writeable
138     location. Specify the directory using the TempDirectory setting.
139
140     When using the VirusAction option make sure you understand the security
141     issues involved. Unescaped environment variables can lead to execution of
142     arbitrary shell commands on your machine.
143
144     If running clamsmtpd on a publicly accessible IP address or without a
145     firewall please be sure to understand all the possible security issues.
146     This is especially true if the loopback feature is used (see above).
147

SEE ALSO

149     clamsmtpd.conf(5) clamd(8), clamdscan(1)
150

AUTHOR

152     Stef Walter <stef@memberwebs.com>
153
154clamsmtp                         June 20, 2019                        clamsmtp
Impressum