Postfix and ClamAV with RHEL/CentOS
- November 2nd, 2009
- Posted in Postfix . Security
- Write comment
Postfix Install
To create a functional SMTP server, first you need to install Postfix by running
———————————————————–
yum install postfix
———————————————————–
Check to make sure that your hostname also has your fully qualified domain name.
———————————————————–
echo $HOSTNAME
———————————————————–
If it does not have your domain, then you must add it to the configuration file.
———————————————————–
myhostname = smtp.example.com
———————————————————–
You must also make your SMTP server listen on an interface besides the localhost. Uncomment:
———————————————————–
inter_interfaces = localhost
-----------------------------------------------------------
To:
-----------------------------------------------------------
inet_interfaces = all
-----------------------------------------------------------
Now edit the configuration to allow trusted networks to relay emails. In most situations uncommenting:
-----------------------------------------------------------
mynetworks_style = subnet
-----------------------------------------------------------
should be sufficient, however if you are allowing a larger network or deal with multiple networks then manually add the networks that will be trusted.
-----------------------------------------------------------
mynetworks = 127.0.0.0/8, 192.168.1.0/24
-----------------------------------------------------------
ClamAV
Download and install clamav, clamav-db, clamd, clamav-milter from http://packages.sw.be/clamav/
Edit the init scripts to allow Postfix to read the clamav-milter socket. Add the following lines in the start, stop, and restart case statements.
-----------------------------------------------------------
chmod 0775 /var/clamav/clmilter.socket
chown clamav.postfix /var/clamav/clmilter.socket
-----------------------------------------------------------
If these settings are not set, Postfix will not be able to correctly communicate with the ClamAV milter and will receive a
warning: connect to Milter service unix:/var/clama/clmilter.socket: Permission denied
in the mail log
Now add:
-----------------------------------------------------------
smtpd_milters = unix:/var/clamav/clmilter.socket
non_smtpd_milters = unix:/var/clamav/clmilter.socket
-----------------------------------------------------------
to the bottom of main.cf and restart the Postfix service.
Now add freshclam to the cron to get automatic updates and everything should be all set.
No comments yet.