Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
clamsmtpd(8)		FreeBSD	System Manager's Manual		  clamsmtpd(8)

NAME
     clamsmtpd -- an SMTP server for scanning viruses via clamd

SYNOPSIS
     clamsmtpd [-d level] [-f configfile] [-p pidfile]
     clamsmtpd -v

DESCRIPTION
     clamsmtpd is an SMTP filter that allows you to check for viruses using
     the ClamAV	anti-virus software. It	accepts	SMTP connections and forwards
     the SMTP commands and responses to	another	SMTP server.

     The DATA email body is intercepted	and scanned before forwarding. By de-
     fault email with viruses are dropped silently and logged without any ad-
     ditional action taken.

     clamsmtpd aims to be lightweight and simple rather	than have a myriad of
     options. The options it does have are configured by editing the
     clamsmtpd.conf(5) file. See the man page for clamsmtpd.conf(5) for	more
     info on the default location of the configuration file.

OPTIONS
     Previous versions had more	options. These still work for now but have
     equivalents in clamsmtpd.conf(5) and are not documented here. The options
     are as follows.

     -d		 Don't detach from the console and run as a daemon. In addi-
		 tion the level	argument specifies what	level of error mes-
		 sages to display. 0 being the least, 4	the most.

     -f		 configfile specifies an alternate location for	the clamsmtpd
		 configuration file. See clamsmtpd.conf(5) for more details on
		 where the configuration file is located by default.

     -p		 pidfile specifies a location for the a	process	id file	to be
		 written to. This file contains	the process id of clamsmtpd
		 and can be used to stop the daemon.

     -v		 Prints	the clamsmtp version number and	exits.

LOGGING
     clamsmtpd logs to syslogd by default under	the 'mail' facility. You can
     also output logs to the console using the -d option.

LOOPBACK FEATURE
     In	some cases it's	advantageous to	consolidate the	virus scanning and
     filtering for several mail	servers	on one machine.	 clamsmtpd allows this
     by	providing a loopback feature to	connect	back to	the IP that an SMTP
     connection	comes in from.

     To	use this feature specify only a	port number (no	IP address) for	the
     OutAddress	setting	in the configuration file. This	will cause clamsmtpd
     to	pass the email back to the said	port on	the incoming IP	address.

     Make sure the MaxConnections setting is set high enough to	handle the
     mail from all the servers without refusing	connections.

TRANSPARENT PROXY FEATURE
     A transparent proxy is a configuration on a gateway that routes certain
     types of traffic through a	proxy server without any changes on the	client
     computers.	 clamsmtpd has support for transparent proxying	of SMTP	traf-
     fic by enabling the TransparentProxy setting. This	type of	setup usually
     involves firewall rules which redirect traffic to clamsmtpd and the setup
     varies from OS to OS. The SMTP traffic will be forwarded to it's original
     destination after being scanned.

     When doing	transparent proxying for outgoing email	it's probably a	good
     idea to turn on bounce notifications using	the Action: bounce setting.
     Also note that some features (such	as SSL/TLS) will not be	available when
     going through the transparent proxy.

     Make sure that the	MaxConnections setting is set high enough for your
     transparent proxying. Because clamsmtpd is	not being used as a filter in-
     side a queue, which usually throttles the amount of email going through,
     this setting may need to be higher	than usual.

VIRUS ACTIONS
     Using the VirusAction option you can run a	script or program whenever a
     virus is found. This may be handy in certain circumstances	but it has
     several drawbacks.	For one, the performance of the	virus filtering	will
     take a hit, perhaps DOS'ing your machine under heavy load.	Secondly as
     with running any program there are	security implications to be consid-
     ered.

     The script	is run without its output being	logged,	or return value	being
     checked. Because of this you should test it thoroughly. Make sure it runs
     without problems under the	user that clamsmtpd(8) is being	run as.

     Various environment variables will	be present when	your script is run.
     You may need to escape them properly before use in	your favorite script-
     ing language. Failure to do this could lead to a REMOTE COMPROMISE	of
     your machine.

     CLIENT	 The network address of	the SMTP client	connected.

     EMAIL	 When the Quarantine option is enabled,	this specifies the
		 file that the virus was saved to.

     RECIPIENTS	 The email addresses of	the email recipients. These are	speci-
		 fied one per line, in standard	address	format.

     REMOTE	 If clamsmtpd is being used to filter email between SMTP
		 servers, then this is the IP address of the original client.
		 In order for this information to be present (a) the SMTP
		 client	(sending server) must an send an XFORWARD command and
		 (b) the SMTP server (receiving	server)	must accept that XFOR-
		 WARD command without error.

     REMOTE_HELO
		 If clamsmtpd is being used to filter email between SMTP
		 servers, then this is the HELO/EHLO banner of the original
		 client. In order for this information to be present (a) the
		 SMTP client (sending server) must an send an XFORWARD command
		 and (b) the SMTP server (receiving server) must accept	that
		 XFORWARD command without error.

     SENDER	 The email address for the sender of the email.

     SERVER	 The network address of	the SMTP server	we're connected	to.

     TMPDIR	 The path to the temp directory	in use.	This is	the same as
		 the TempDirectory option.

     VIRUS	 The name of the virus found.

SECURITY
     There's no	reason to run this daemon as root. It is meant as a filter and
     should listen on a	high TCP port. It's probably a good idea to run	it us-
     ing the same user as the clamd(8) daemon. This way	the temporary files it
     writes are	accessible to clamd(8)

     Care should be taken with the directory that clamsmtpd writes its tempo-
     rary files	to. In order to	be secure, it should not be a world writeable
     location. Specify the directory using the TempDirectory setting.

     When using	the VirusAction	option make sure you understand	the security
     issues involved. Unescaped	environment variables can lead to execution of
     arbitrary shell commands on your machine.

     If	running	clamsmtpd on a publicly	accessible IP address or without a
     firewall please be	sure to	understand all the possible security issues.
     This is especially	true if	the loopback feature is	used (see above).

SEE ALSO
     clamsmtpd.conf(5) clamd(8), clamdscan(1)

AUTHOR
     Stef Walter <stef@memberwebs.com>

clamsmtp			 May 11, 2021			      clamsmtp

NAME | SYNOPSIS | DESCRIPTION | OPTIONS | LOGGING | LOOPBACK FEATURE | TRANSPARENT PROXY FEATURE | VIRUS ACTIONS | SECURITY | SEE ALSO | AUTHOR

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=clamsmtpd&sektion=8&manpath=FreeBSD+12.2-RELEASE+and+Ports>

home | help