On Wed, Oct 23, 2013 at 01:40:40PM -0000, Michiel van Es wrote: > On Wed, October 23, 2013 1:12 pm, Gilles Chehade wrote: > > On Wed, Oct 23, 2013 at 01:03:32PM -0000, Michiel van Es wrote: > >> > >> I have it working. > >> For people who want to use this: > >> > >> 1) install clamsmtp - it is a clam smtp proxy which accepts incoming and > >> then outgoing connections (putting a message back in the queue) > >> > >> 2) use something similar as setup - adjust to your own needs: > >> > >> table vdomains "/usr/local/etc/vdomains" > >> table vusers "/usr/local/etc/users" > >> listen on lo port 10025 tag CLAM > >> accept tagged CLAM from any for domain <vdomains> virtual <vusers> > >> deliver > >> to mda "procmail -f -" > >> accept tagged CLAM for any relay > >> accept from any for any relay via smtp://127.0.0.1:10026 > >> > > > > The above is working but as an open-relay, you will want to adjust the > > ruleset, something along the lines of: > > > > listen on lo port 10025 tag CLAM_IN > > listen on lo port 10027 tag CLAM_OUT > > > > accept tagged CLAM_IN for domain <vdomains> virtual <vusers> deliver to > > mda "procmail -f -" > > accept tagged CLAM_OUT for any relay > > accept from local for any relay via smtp://127.0.0.1:10026 # will > > reinject in CLAM_IN > > accept from any for any relay via smtp://127.0.0.1:10028 # will reinject > > in CLAM_OUT > > > > There may be better/other ways, that's just from the top of my head > > Hmm I see the open relay problem with my setup as default everything > matches the relay option which is not a vuser/vdomain. > But I don't get the route any more :( > OpenSMTPD listens on 10025 and 10027 > clamstmpd listens on 10026 >
In the example above you'd have clamsmtpd listen on two different ports, one for scanning incoming mails and one for scanning outgoing mails. ie: internet -> smtpd -> clamsmtpd:10026 -> smtpd:10025 (CLAM_IN) internal -> smtpd -> clamsmtpd:10028 -> smtpd:10027 (CLAM_OUT) and so the relay rule would only match for internal connections whereas the mails coming from internet only match the accept rules for your local domains > > but I dont understand what it will do if does not match the above rules? > it will go to CLAM OUT ? and opensmtpd rejects it? (I have to change 10028 > to 10027 then). > When no rule is matched, envelope is rejected. The best way to understand is to run with -T rules as it will display the rule that matched an envelope, this way you can test with local mails and mails from the public interface > Sorry for all the questions and thanks for all the help! :) > NP, also I suspect you're not the only one willing to use ClamAV given how many times I received private mails on that topic ;-) -- Gilles Chehade https://www.poolp.org @poolpOrg -- You received this mail because you are subscribed to [email protected] To unsubscribe, send a mail to: [email protected]
