Skip to navigation
Setup ClamAV virus protection for outgoing and incoming emails to a Postfix mail server on a debian server
05.12.19
1. after you have a running mail server like postfix install: apt-get install clamav clamav-freshclam clamsmtp 2. config /etc/clamsmtpd.conf change OutAddress: 10025 127.0.0.1:10026 to: OutAddress: 10026 127.0.0.1:10025 3. may restart the servers so the new port will be active 4. edit /etc/postfix/main.cf by adding 2 lines to the end: content_filter = scan:127.0.0.1:10025 receive_override_options = no_address_mappings 5. edit /etc/postfix/master.cf by adding 2 entries to the end #5.1 # AV scan filter (used by content_filter) scan unix - - n - 16 smtp -o smtp_send_xforward_command=yes #5.2 # For injecting mail back into postfix from the filter 127.0.0.1:10026 inet n - n - 16 smtpd -o content_filter= -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks -o smtpd_helo_restrictions= -o smtpd_client_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks_style=host -o smtpd_authorized_xforward_hosts=127.0.0.0/8 6. restart postfix and check the log with tail /var/log/mail.log -f if no errors show up by receiving and sending emails the virus protection is on place 7. update the virus program ClamAV with freshclam on a regular basis with your cronjobs: you can place a file into /etc/cron.d/clamav and add the following content: 11 11 * * * root /usr/bin/freshclam –quiet > /dev/null 8 restart cron with /etc/init.d/cron restart and check the /var/log/syslog if cron shows no error source: Installation The installation of ClamAV couldn’t be any easier. All you need to do is follow these steps: Open up a terminal window (or log into your mail server if you are using a GUI-less Ubuntu installation). Issue the command sudo apt-get install clamav clamav-freshclam clamsmtp Type your sudo password and hit Enter. Okay any dependencies (if necessary) and hit Enter. Watch the installation fly by. That’s it! ClamAV is now installed. You don’t even need to start the ClamAV daemon, as the installation will take care of that for you. Upon completion of the configuration you will have to manually restart the daemon (as well as the Postfix daemon). When that time comes, the command to restart ClamAV is: sudo /etc/init.d/clamsmtpd restart Just in case you have forgotten, the command to restart the Postfix daemon is: sudo /etc/init.d/postfix restart Now, let’s begin the configuration. Configuration There are three files that will need to be configured: /etc/clamsmtpd.conf /etc/postfix/main.cf /etc/postfix/master.cf Only the first file is a ClamAV file, so let’s start with that configuration first. Open up the /etc/clamsmtpd.conf file in your favorite editor and look for the lines: OutAddress: 10025 127.0.0.1:10026 These two lines need to be changed to: OutAddress: 10026 127.0.0.1:10025 This will change the ports according to the needs of Postfix. That is all you need to do with the ClamAV configuration file. Save and close that file and we will now move on to configure Postfix. Open up the file /etc/postfix/main.cf. Scroll to the bottom of this file and add the following two lines: content_filter = scan:127.0.0.1:10025 receive_override_options = no_address_mappings Save and close that file. Now, open up the /etc/postfix/master.cf file. Scroll down to the bottom of this file and add the following lines (you might just want to copy/paste this section because it is rather long). # AV scan filter (used by content_filter) scan unix - - n - 16 smtp -o smtp_send_xforward_command=yes # For injecting mail back into postfix from the filter 127.0.0.1:10026 inet n - n - 16 smtpd -o content_filter= -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks -o smtpd_helo_restrictions= -o smtpd_client_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks_style=host -o smtpd_authorized_xforward_hosts=127.0.0.0/8 Make sure the above section is exact. Save and close that file. Now it’s time to restart both daemons with the commands I showed you above. Restart both daemons and Postfix will now begin filtering your email with the help of ClamAV. Updating the Definitions Your antivirus will eventually become worthless if you do not update your definitions. Fortunately, ClamAV has a built in tool just for that purpose. The tool in question is (aptly named) freshclam. To update your signatures you would issue the command: sudo freshclam
https://www.linux.com/tutorials/using-clamav-kill-viruses-postfix/
Reply
Anonymous
Information Epoch 1760909480
Think hierarchically.
Home
Notebook
Contact us
