Man Page: clamsmtpd(8)

clamsmtpd(8)              BSD System Manager's Manual             clamsmtpd(8)

NAME
     clamsmtpd - an SMTP server for scanning viruses via clamd

SYNOPSIS
     clamsmtpd [-d level] [-f configfile] [-p pidfile]
     clamsmtpd -v

DESCRIPTION
     clamsmtpd is an SMTP filter that allows you to check for viruses using
     the ClamAV anti-virus software. It accepts SMTP connections and forwards
     the SMTP commands and responses to another SMTP server.

     The DATA email body is intercepted and scanned before forwarding. By
     default email with viruses are dropped silently and logged without any
     additional action taken.

     clamsmtpd aims to be lightweight and simple rather than have a myriad of
     options. The options it does have are configured by editing the
     clamsmtpd.conf(5) file. See the man page for clamsmtpd.conf(5) for more
     info on the default location of the configuration file.

OPTIONS
     Previous versions had more options. These still work for now but have
     equivalents in clamsmtpd.conf(5) and are not documented here. The options
     are as follows.

     -d          Don't detach from the console and run as a daemon. In addi-
                 tion the level argument specifies what level of error mes-
                 sages to display. 0 being the least, 4 the most.

     -f          configfile specifies an alternate location for the clamsmtpd
                 configuration file. See clamsmtpd.conf(5) for more details on
                 where the configuration file is located by default.

     -p          pidfile specifies a location for the a process id file to be
                 written to. This file contains the process id of clamsmtpd
                 and can be used to stop the daemon.

     -v          Prints the clamsmtp version number and exits.

LOGGING
     clamsmtpd logs to syslogd by default under the 'mail' facility. You can
     also output logs to the console using the -d option.

LOOPBACK FEATURE
     In some cases it's advantageous to consolidate the virus scanning and
     filtering for several mail servers on one machine.  clamsmtpd allows this
     by providing a loopback feature to connect back to the IP that an SMTP
     connection comes in from.

     To use this feature specify only a port number (no IP address) for the
     OutAddress setting in the configuration file. This will cause clamsmtpd
     to pass the email back to the said port on the incoming IP address.

     Make sure the MaxConnections setting is set high enough to handle the
     mail from all the servers without refusing connections.

TRANSPARENT PROXY FEATURE
     A transparent proxy is a configuration on a gateway that routes certain
     types of traffic through a proxy server without any changes on the client
     computers.  clamsmtpd has support for transparent proxying of SMTP traf-
     fic by enabling the TransparentProxy setting. This type of setup usually
     involves firewall rules which redirect traffic to clamsmtpd and the setup
     varies from OS to OS. The SMTP traffic will be forwarded to it's original
     destination after being scanned.

     When doing transparent proxying for outgoing email it's probably a good
     idea to turn on bounce notifications using the Action: bounce setting.
     Also note that some features (such as SSL/TLS) will not be available when
     going through the transparent proxy.

     Make sure that the MaxConnections setting is set high enough for your
     transparent proxying. Because clamsmtpd is not being used as a filter
     inside a queue, which usually throttles the amount of email going
     through, this setting may need to be higher than usual.

VIRUS ACTIONS
     Using the VirusAction option you can run a script or program whenever a
     virus is found. This may be handy in certain circumstances but it has
     several drawbacks. For one, the performance of the virus filtering will
     take a hit, perhaps DOS'ing your machine under heavy load. Secondly as
     with running any program there are security implications to be consid-
     ered.

     The script is run without its output being logged, or return value being
     checked. Because of this you should test it thoroughly. Make sure it runs
     without problems under the user that clamsmtpd(8) is being run as.

     Various environment variables will be present when your script is run.
     You may need to escape them properly before use in your favorite script-
     ing language. Failure to do this could lead to a REMOTE COMPROMISE of
     your machine.

     CLIENT      The network address of the SMTP client connected.

     EMAIL       When the Quarantine option is enabled, this specifies the
                 file that the virus was saved to.

     RECIPIENTS  The email addresses of the email recipients. These are speci-
                 fied one per line, in standard address format.

     REMOTE      If clamsmtpd is being used to filter email between SMTP
                 servers, then this is the IP address of the original client.
                 In order for this information to be present (a) the SMTP
                 client (sending server) must an send an XFORWARD command and
                 (b) the SMTP server (receiving server) must accept that XFOR-
                 WARD command without error.

     REMOTE_HELO
                 If clamsmtpd is being used to filter email between SMTP
                 servers, then this is the HELO/EHLO banner of the original
                 client. In order for this information to be present (a) the
                 SMTP client (sending server) must an send an XFORWARD command
                 and (b) the SMTP server (receiving server) must accept that
                 XFORWARD command without error.

     SENDER      The email address for the sender of the email.

     SERVER      The network address of the SMTP server we're connected to.

     TMPDIR      The path to the temp directory in use. This is the same as
                 the TempDirectory option.

     VIRUS       The name of the virus found.

SECURITY
     There's no reason to run this daemon as root. It is meant as a filter and
     should listen on a high TCP port. It's probably a good idea to run it
     using the same user as the clamd(8) daemon. This way the temporary files
     it writes are accessible to clamd(8)

     Care should be taken with the directory that clamsmtpd writes its tempo-
     rary files to. In order to be secure, it should not be a world writeable
     location. Specify the directory using the TempDirectory setting.

     When using the VirusAction option make sure you understand the security
     issues involved. Unescaped environment variables can lead to execution of
     arbitrary shell commands on your machine.

     If running clamsmtpd on a publicly accessible IP address or without a
     firewall please be sure to understand all the possible security issues.
     This is especially true if the loopback feature is used (see above).

SEE ALSO
     clamsmtpd.conf(5) clamd(8), clamdscan(1)

AUTHOR
     Stef Walter <stef@thewalter.net>

clamsmtp                         June 30, 2008                        clamsmtp
   [ back | home ]