fixed inconsistencies added EXAMPLE section for milter setup
This commit is contained in:
ensc
parent
44d2450dff
commit
14a7b57d6b
|
|
@ -29,10 +29,10 @@ A clamav-milter setup consists of the following three components:
|
||||||
--> you should know how to install this...
|
--> you should know how to install this...
|
||||||
|
|
||||||
When communicating across unix sockets with the clamav-milter, it is
|
When communicating across unix sockets with the clamav-milter, it is
|
||||||
suggested to use the /var/run/clamav-milter/clamav.sock path. You
|
suggested to use the /var/run/clamav-milter/clamav-milter.socket
|
||||||
have to add something like
|
path. You have to add something like
|
||||||
|
|
||||||
INPUT_MAIL_FILTER(`clamav', `S=local:/var/run/clamav-milter/clamav.sock, F=, T=S:4m;R:4m')dnl
|
INPUT_MAIL_FILTER(`clamav', `S=local:/var/run/clamav-milter/clamav-milter.socket, F=, T=S:4m;R:4m')dnl
|
||||||
|
|
||||||
to your sendmail.mc.
|
to your sendmail.mc.
|
||||||
|
|
||||||
|
|
@ -40,3 +40,79 @@ A clamav-milter setup consists of the following three components:
|
||||||
|
|
||||||
It is suggested that components communicate through TCP sockets as
|
It is suggested that components communicate through TCP sockets as
|
||||||
this eases setup. Please add corresponding packet filter rules!
|
this eases setup. Please add corresponding packet filter rules!
|
||||||
|
|
||||||
|
|
||||||
|
EXAMPLE
|
||||||
|
=======
|
||||||
|
|
||||||
|
For clamav-milter, a possible setup might be created by
|
||||||
|
|
||||||
|
A) On the MTA (assumed hostname 'host-mta')
|
||||||
|
|
||||||
|
1. Add to sendmail.mc
|
||||||
|
|
||||||
|
| INPUT_MAIL_FILTER(`clamav', `S=inet:6666@host-milter, F=, T=S:4m;R:4m')dnl
|
||||||
|
|
||||||
|
2. Rebuild sendmail.cf
|
||||||
|
|
||||||
|
|
||||||
|
B) On the clamav-milter host (assumed hostname 'host-milter')
|
||||||
|
|
||||||
|
1. Install clamav-milter + clamav-milter-upstart packages
|
||||||
|
|
||||||
|
2. Set in /etc/mail/clamav-milter.conf
|
||||||
|
|
||||||
|
| MilterSocket inet:6666
|
||||||
|
| ClamdSocket tcp:host-scanner:6665
|
||||||
|
|
||||||
|
and all the other options which are required on your system
|
||||||
|
|
||||||
|
3. Edit /etc/event.d/clamav-milter and uncomment the both
|
||||||
|
|
||||||
|
| start on starting\ local
|
||||||
|
| start on starting local
|
||||||
|
|
||||||
|
lines. Restart your system or execute
|
||||||
|
|
||||||
|
| initctl emit starting local
|
||||||
|
|
||||||
|
4. Add something like
|
||||||
|
|
||||||
|
| iptables -N IN-cmilt
|
||||||
|
| iptables -A IN-cmilt -s host-mta -j ACCEPT
|
||||||
|
| iptables -A IN-cmilt -j DROP
|
||||||
|
|
||||||
|
| iptables -A INPUT -p tcp --dport 6666 -j IN-cmilt
|
||||||
|
|
||||||
|
to your firewall setup
|
||||||
|
|
||||||
|
C) On the clamav-scanner host (assumed hostname 'host-scanner')
|
||||||
|
|
||||||
|
1. Install clamav-scanner + clamav-scanner-upstart packages
|
||||||
|
|
||||||
|
2. Add to /etc/clamd.d/scan.conf
|
||||||
|
|
||||||
|
| TCPSocket 6665
|
||||||
|
| TCPAddr host-scanner
|
||||||
|
|
||||||
|
comment out possible 'LocalSocket' lines and set all the other
|
||||||
|
options which are required on your system
|
||||||
|
|
||||||
|
3. Edit /etc/event.d/clamav-scanner and uncomment the both
|
||||||
|
|
||||||
|
| start on starting\ local
|
||||||
|
| start on starting local
|
||||||
|
|
||||||
|
lines. Restart your system or execute
|
||||||
|
|
||||||
|
| initctl emit starting local
|
||||||
|
|
||||||
|
4. Add something like
|
||||||
|
|
||||||
|
| iptables -N IN-cscan
|
||||||
|
| iptables -A IN-cscan -s host-milter -j ACCEPT
|
||||||
|
| iptables -A IN-cscan -j DROP
|
||||||
|
|
||||||
|
| iptables -A INPUT -p tcp --dport 6665 -j IN-csan
|
||||||
|
|
||||||
|
to your firewall setup
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue