Friday, February 6, 2015

OpenBSD Mail Server - Part 3, ClamAV and ClamSMTP

1. Install clamav and clamsmtp from packages.

2. Edit /etc/freshclam.conf -- comment out the “Example” line and uncomment the "DatabaseMirror" line and add the relevant country code in place of the "XY."

# cat /etc/freshclam.conf
#Example
...
DatabaseMirror db.us.clamav.net
...

Run ‘freshclam’ to update the database.  Add a freshclam command to root’s crontab to have periodic updates:

20 * * * * /usr/local/bin/freshclam >/dev/null 2>&1

3. Once freshclam has updated the database, edit /etc/clamd.conf.  Comment out the “Example” line, uncomment “TCPSocket” and “TCPAddr” lines and change them so clamd listens on port 3310 at 127.0.0.1.

# cat /etc/clamd.conf
#Example
...
TCPSocket 3310
...
TCPAddr 127.0.0.1
...

Add “clamd” to pkg_scripts in /etc/rc.conf.local and then start clamd.  Check netstat -na -f inet to see if clamd is running on 127.0.0.1:3310.  Check out both /etc/freshclam.conf and /etc/clamd.conf to look at logging options or actions (in VirusEvent) to take when a virus is found.  Can set it up so it drops an email into root's mailbox when a virus is found.

4.  Now, set up clamsmtp, which is a proxy for clamd.  Two config files will be used, one for incoming mail and one for outgoing mail.  OpenSMTPD will accept mail, send it to clamsmtp on one port for incoming mail (10025) and a different port (10027) for outgoing mail.  Clamsmtp will run the mail through clamd, and then return it to OpenSMTPD for incoming mail (10026) or outgoing mail (10028).  Depending on which port the mail is returned to, OpenSMTPD will tag it CLAM_IN or CLAM_OUT.

So copy /etc/clamsmtpd.conf and create /etc/clamsmtpd-in.conf and /etc/clamsmtpd-out.conf.  Modify the files like so:

# cat /etc/clamsmtpd-in.conf
OutAddress: 10026
...
Listen: 0.0.0.0:10025
...
ClamAddress: 127.0.0.1:3310
...

# cat /etc/clamsmtpd-out.conf
OutAddress: 10028
...
Listen: 0.0.0.0:10027
...
ClamAddress: 127.0.0.1:3310
...

5. Start them both:

# /usr/local/sbin/clamsmtpd -f /etc/clamsmtpd-in.conf
# /usr/local/sbin/clamsmtpd -f /etc/clamsmtpd-out.conf

(add something similar to /etc/rc.local so they start at boot)

6.  Edit /etc/mail/smtpd.conf so it looks like this:

# cat /etc/mail/smtpd.conf

pki mail.example.com certificate "/etc/ssl/mail.example.com.crt"
pki mail.example.com key "/etc/ssl/private/mail.example.com.key"

listen on lo0
listen on lo0 port 10026 tag CLAM_IN # incoming mail
listen on lo0 port 10028 tag CLAM_OUT # outgoing mail
listen on egress tls pki mail.example.com auth-optional
listen on egress port submission tls-require pki mail.example.com auth

table aliases db:/etc/mail/aliases.db
table vusers file:/etc/mail/vusers
table vdomains file:/etc/mail/vdomains

accept for local alias <aliases> deliver to maildir

# tagged mail returned from clamsmtpd either deliver or relay
accept tagged CLAM_IN for domain <vdomains> virtual <vusers> deliver to maildir
accept tagged CLAM_OUT for any relay

# start here - untagged mail is sent to clamsmtpd
accept from any for domain <vdomains> relay via smtp://127.0.0.1:10025 # incoming mail
accept from local for any relay via smtp://127.0.0.1:10027 # outgoing mail

So here is what's happening:

Incoming mail:

pf -> relay to spamd -> send to opensmtpd on lo0 -> relay untagged mail to clamsmtpd on port 10025 -> relay to clamd on port 3310 -> return to clamsmtpd -> return to opensmtpd on lo0 port 10026 and tag it CLAM_IN -> deliver to maildir

Outoing mail:

opensmtpd on lo0 -> relay untagged mail to clamsmtpd on port 10027 -> relay to clamd on port 3310 -> return to clamsmtpd -> return to opensmtpd on lo0 port 10028 and tag it CLAM_OUT -> relay out

7.  Send some emails both ways.  This should be in the header:

X-Virus-Scanned: ClamAV using ClamSMTP

No comments:

Post a Comment