I am running a Debian based Email server with Exim4 MTA, Courier IMAP,
Squirrelmail, CLamAV & Spamassassin. I could not get the Clamav to
scan any of my incoming mails. advice, pls, thks.
I could do manual scanning with clamdscan though.
My configurations are:
/etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs/
# Just for reference and scripts.
# On Debian systems, the main binary is installed as exim4 to avoid
# conflicts with the exim 3 packages.
exim_path = /usr/sbin/exim4
# Macro defining the main configuration directory.
# We do not use absolute paths.
.ifndef CONFDIR
CONFDIR = /etc/exim4
.endif
# debconf-driven macro definitions get inserted after this line
UPEX4CmacrosUPEX4C = 1
# Create domain and host lists for relay control
# '@' refers to 'the name of the local host'
# List of domains considered local for exim. Domains not listed here
# need to be deliverable remotely.
domainlist local_domains = MAIN_LOCAL_DOMAINS
# List of recipient domains to relay _to_. Use this list if you're -
# for example - fallback MX or mail gateway for domains.
domainlist relay_to_domains = MAIN_RELAY_TO_DOMAINS
# List of sender networks (IP addresses) to _unconditionally_ relay
# _for_. If you intend to be SMTP AUTH server, you do not need to
enter
# anything here.
hostlist relay_from_hosts = MAIN_RELAY_NETS
# Decide which domain to use to add to all unqualified addresses.
# If MAIN_PRIMARY_HOSTNAME_AS_QUALIFY_DOMAIN is defined, the primary
# hostname is used. If not, but MAIN_QUALIFY_DOMAIN is set, the value
# of MAIN_QUALIFY_DOMAIN is used. If both macros are not defined,
# the first line of /etc/mailname is used.
.ifndef MAIN_PRIMARY_HOSTNAME_AS_QUALIFY_DOMAIN
.ifndef MAIN_QUALIFY_DOMAIN
qualify_domain = ETC_MAILNAME
.else
qualify_domain = MAIN_QUALIFY_DOMAIN
.endif
.endif
# listen on all all interfaces?
.ifdef MAIN_LOCAL_INTERFACES
local_interfaces = MAIN_LOCAL_INTERFACES
.endif
.ifndef LOCAL_DELIVERY
# The default transport, set in /etc/exim4/update-exim4.conf.conf,
# defaulting to mail_spool. See CONFDIR/conf.d/transport/ for
possibilities
LOCAL_DELIVERY=mail_spool
.endif
# The gecos field in /etc/passwd holds not only the name. see
passwd(5).
gecos_pattern = ^([^,:]*)
gecos_name = $1
# define macros to be used in acl/30_exim4-config_check_rcpt to check
# recipient local parts for strange characters.
# This macro definition really should be in
# acl/30_exim4-config_check_rcpt but cannot be there due to
# http://www.exim.org/bugzilla/show_bug.cgi?id=101 as of exim 4.62.
# These macros are documented in acl/30_exim4-config_check_rcpt,
# can be changed here or overridden by a locally added configuration
# file as described in README.Debian chapter 2.1.2
.ifndef CHECK_RCPT_LOCAL_LOCALPARTS
CHECK_RCPT_LOCAL_LOCALPARTS = ^[.] : ^.*[@%!/|`#&?]
.endif
.ifndef CHECK_RCPT_REMOTE_LOCALPARTS
CHECK_RCPT_REMOTE_LOCALPARTS = ^[./|] : ^.*[@%!`#&?] : ^.*/\\.\\./
.endif
# always log tls_peerdn as we use TLS for outgoing connects by default
.ifndef MAIN_LOG_SELECTOR
MAIN_LOG_SELECTOR = +tls_peerdn
.endif
# This tells what virus scanner to use
#av_scanner = clamd:/var/run/clamav/clamd.ctl
av_scanner = clamd:/usr/sbin/clamdscan
/etc/exim4/conf.d/main/02_exim4-
config_options
# Defines the access control list that is run when an
# SMTP MAIL command is received.
#
.ifndef MAIN_ACL_CHECK_MAIL
MAIN_ACL_CHECK_MAIL = acl_check_mail
.endif
acl_smtp_mail = MAIN_ACL_CHECK_MAIL
# Defines the access control list that is run when an
# SMTP RCPT command is received.
#
.ifndef MAIN_ACL_CHECK_RCPT
MAIN_ACL_CHECK_RCPT = acl_check_rcpt
.endif
acl_smtp_rcpt = MAIN_ACL_CHECK_RCPT
# Defines the access control list that is run when an
# SMTP DATA command is received.
#
.ifndef MAIN_ACL_CHECK_DATA
MAIN_ACL_CHECK_DATA = acl_check_data
.endif
acl_smtp_data = MAIN_ACL_CHECK_DATA
# Message size limit. The default (used when MESSAGE_SIZE_LIMIT
# is unset) is 50 MB
.ifdef MESSAGE_SIZE_LIMIT
message_size_limit = MESSAGE_SIZE_LIMIT
.endif
# If you are running exim4-daemon-heavy or a custom version of Exim
that
# was compiled with the content-scanning extension, you can cause
incoming
# messages to be automatically scanned for viruses. You have to modify
the
# configuration in two places to set this up. The first of them is
here,
# where you define the interface to your scanner. This example is
typical
# for ClamAV; see the manual for details of what to set for other
virus
# scanners. The second modification is in the acl_check_data access
# control list.
# av_scanner = clamd:/tmp/clamd
#av_scanner = clamd:/var/run/clamav/clamd.ctl
av_scanner = clamd:/usr/sbin/clamdscan
# For spam scanning, there is a similar option that defines the
interface to
# SpamAssassin. You do not need to set this if you are using the
default, which
# is shown in this commented example. As for virus scanning, you must
also
# modify the acl_check_data access control list to enable spam
scanning.
spamd_address = 127.0.0.1 783
# Domain used to qualify unqualified recipient addresses
# If this option is not set, the qualify_domain value is used.
# qualify_recipient = <value of qualify_domain>
# Allow Exim to recognize addresses of the form "user@[10.11.12.13]",
# where the domain part is a "domain literal" (an IP address) instead
# of a named domain. The RFCs require this facility, but it is
disabled
# in the default config since it is seldomly used and frequently
abused.
# Domain literal support also needs a special router, which is
automatically
# enabled if you use the enable macro MAIN_ALLOW_DOMAIN_LITERALS.
# Additionally, you might want to make your local IP addresses (or
@[])
# local domains.
.ifdef MAIN_ALLOW_DOMAIN_LITERALS
allow_domain_literals
.endif
# Do a reverse DNS lookup on all incoming IP calls, in order to get
the
# true host name. If you feel this is too expensive, the networks for
# which a lookup is done can be listed here.
.ifndef DC_minimaldns
.ifndef MAIN_HOST_LOOKUP
MAIN_HOST_LOOKUP = *
.endif
host_lookup = MAIN_HOST_LOOKUP
.endif
# In a minimaldns setup, update-exim4.conf guesses the hostname and
# dumps it here to avoid DNS lookups being done at Exim run time.
.ifdef MAIN_HARDCODE_PRIMARY_HOSTNAME
primary_hostname = MAIN_HARDCODE_PRIMARY_HOSTNAME
.endif
# The settings below, which are actually the same as the defaults in
the
# code, cause Exim to make RFC 1413 (ident) callbacks for all incoming
SMTP
# calls. You can limit the hosts to which these calls are made, and/or
change
# the timeout that is used. If you set the timeout to zero, all RFC
1413 calls
# are disabled. RFC 1413 calls are cheap and can provide useful
information
# for tracing problem messages, but some hosts and firewalls are
# misconfigured to drop the requests instead of either answering or
# rejecting them. This can result in a timeout instead of an immediate
refused
# connection, leading to delays on starting up SMTP sessions. (The
default was
# reduced from 30s to 5s for release 4.61.)
# rfc1413_hosts = *
# rfc1413_query_timeout = 5s
# When using an external relay tester (such as rt.njabl.org and/or the
# currently defunct relay-test.mail-abuse.org, the test may be aborted
# since exim complains about "too many nonmail commands". If you want
# the test to complete, add the host from where "your" relay tester
# connects from to the MAIN_SMTP_ACCEPT_MAX_NOMAIL_HOSTS macro.
# Please note that a non-empty setting may cause extra DNS lookups to
# happen, which is the reason why this option is commented out in the
# default settings.
# MAIN_SMTP_ACCEPT_MAX_NOMAIL_HOSTS = !rt.njabl.org
.ifdef MAIN_SMTP_ACCEPT_MAX_NOMAIL_HOSTS
smtp_accept_max_nonmail_hosts = MAIN_SMTP_ACCEPT_MAX_NOMAIL_HOSTS
.endif
# By default, exim forces a Sender: header containing the local
# account name at the local host name in all locally submitted
messages
# that don't have the local account name at the local host name in the
# From: header, deletes any Sender: header present in the submitted
# message and forces the envelope sender of all locally submitted
# messages to the local account name at the local host name.
# The following settings allow local users to specify their own
envelope sender
# in a locally submitted message. Sender: headers existing in a
locally
# submitted message are not removed, and no automatic Sender: headers
# are added. These settings are fine for most hosts.
# If you run exim on a classical multi-user systems where all users
# have local mailboxes that can be reached via SMTP from the Internet
# with the local FQDN as the domain part of the address, you might
want
# to disable the following three lines for traceability reasons.
.ifndef MAIN_FORCE_SENDER
local_from_check = false
local_sender_retain = true
untrusted_set_sender = *
.endif
# By default, Exim expects all envelope addresses to be fully
qualified, that
# is, they must contain both a local part and a domain. Configure exim
# to accept unqualified addresses from certain hosts. When this is
done,
# unqualified addresses are qualified using the settings of
qualify_domain
# and/or qualify_recipient (see above).
# sender_unqualified_hosts = <unset>
# recipient_unqualified_hosts = <unset>
# Configure Exim to support the "percent hack" for certain domains.
# The "percent hack" is the feature by which mail addressed to x%y@z
# (where z is one of the domains listed) is locally rerouted to x@y
# and sent on. If z is not one of the "percent hack" domains, x%y is
# treated as an ordinary local part. The percent hack is rarely needed
# nowadays but frequently abused. You should not enable it unless you
# are sure that you really need it.
# percent_hack_domains = <unset>
# Bounce handling
.ifndef MAIN_IGNORE_BOUNCE_ERRORS_AFTER
MAIN_IGNORE_BOUNCE_ERRORS_AFTER = 2d
.endif
ignore_bounce_errors_after = MAIN_IGNORE_BOUNCE_ERRORS_AFTER
.ifndef MAIN_TIMEOUT_FROZEN_AFTER
MAIN_TIMEOUT_FROZEN_AFTER = 7d
.endif
timeout_frozen_after = MAIN_TIMEOUT_FROZEN_AFTER
.ifndef MAIN_FREEZE_TELL
MAIN_FREEZE_TELL = postmaster
.endif
freeze_tell = MAIN_FREEZE_TELL
# Define spool directory
.ifndef SPOOLDIR
SPOOLDIR = /var/spool/exim4
.endif
spool_directory = SPOOLDIR
# trusted users can set envelope-from to arbitrary values
.ifndef MAIN_TRUSTED_USERS
MAIN_TRUSTED_USERS = uucp
.endif
trusted_users = MAIN_TRUSTED_USERS
.ifdef MAIN_TRUSTED_GROUPS
trusted_groups = MAIN_TRUSTED_GROUPS
.endif
# users in admin group can do many other things
# admin_groups = <unset>
# SMTP Banner. The example includes the Debian version in the SMTP
dialog
# MAIN_SMTP_BANNER = "${primary_hostname} ESMTP Exim ${version_number}
(Debian package MAIN_PACKAGE_VERSION) ${tod_full}"
# smtp_banner = $smtp_active_hostname ESMTP Exim $version_number
$tod_fu
acl/40_exim4-config_check_data
# This ACL is used after the contents of a message have been received.
This
# is the ACL in which you can test a message's headers or body, and in
# particular, this is where you can invoke external virus or spam
scanners.
acl_check_data:
# Deny unless the address list headers are syntactically correct.
#
# If you enable this, you might reject legitimate mail.
# .ifdef CHECK_DATA_VERIFY_HEADER_SYNTAX
# deny
# message = Message headers fail syntax check
# !acl = acl_local_deny_exceptions
# !verify = header_syntax
# .endif
# require that there is a verifiable sender address in at least
# one of the "Sender:", "Reply-To:", or "From:" header lines.
.ifdef CHECK_DATA_VERIFY_HEADER_SENDER
deny
message = No verifiable sender address in message headers
!acl = acl_local_deny_exceptions
!verify = header_sender
.endif
# Deny if the message contains malware. Before enabling this check,
you
# must install a virus scanner and set the av_scanner option in the
# main configuration.
#
# exim4-daemon-heavy must be used for this section to work.
#
# deny
# malware = *
# message = This message was detected as possible malware
($malware_name).
# Add headers to a message if it is judged to be spam. Before
enabling this,
# you must install SpamAssassin. You also need to set the
spamd_address
# option in the main configuration.
#
# exim4-daemon-heavy must be used for this section to work.
#
# Please note that this is only suiteable as an example. There are
# multiple issues with this configuration method. For example, if
you go
# this way, you'll give your spamassassin daemon write access to the
# entire exim spool which might be a security issue in case of a
# spamassassin exploit.
#
# See the exim docs and the exim wiki for more suitable examples.
#
# warn
# spam = Debian-exim:true
# message = X-Spam_score: $spam_score\n\
# X-Spam_score_int: $spam_score_int\n\
# X-Spam_bar: $spam_bar\n\
# X-Spam_report: $spam_report
# This hook allows you to hook in your own ACLs without having to
# modify this file. If you do it like we suggest, you'll end up with
# a small performance penalty since there is an additional file
being
# accessed. This doesn't happen if you leave the macro unset.
.ifdef CHECK_DATA_LOCAL_ACL_FILE
.include CHECK_DATA_LOCAL_ACL_FILE
.endif
#Reject messages that have serious MIME errors.
# This calls the demime condition again, but it
# will return cached results.
#deny message = Serious MIME defect detected ($demime_reason)
#demime = *
#condition = ${if >{$demime_errorlevel}{2}{1}{0}}
# Reject file extensions used by worms.
# Note that the extension list may be incomplete.
# deny message = This domain has a policy of not accepting certain
types of attachments \
in mail as they may contain a virus. This mail has a
file with a .$found_extension \
attachment and is not accepted. If you have a
legitimate need to send \
this particular attachment, send it in a compressed
archive, and it will \
then be forwarded to the recipient.
# demime = exe:com:vbs:bat:pif:scr
# .ifdef TEERGRUBE
# delay = TEERGRUBE
# .endif
# Reject messages containing malware.
# deny message = This message contains a virus ($malware_name) and
has been rejected
# malware = *
deny message = Message contains malware or a virus ($malware_name).
log_message = $sender_host_address tried sending $malware_name
demime =
malware =
# accept otherwise
accept
This should be:
av_scanner = clamd:/var/run/clamav/clamd.ctl
(this is the socket with which exim communicates with clamd)
> conf
> # av_scanner = clamd:/tmp/clamd
> #av_scanner = clamd:/var/run/clamav/clamd.ctl
Again, use clamd:/var/run/clamav/clamd.ctl
This file should generate the one you quoted above!
> av_scanner = clamd:/usr/sbin/clamdscan
>
The other thing you have to do is make sure that clamd uses the same
socket. That is defined by LocalSocket in /etc/clamav/clamd.conf but you
generally generate it through debconf by running:
dpkg-reconfigure clamav-base
Also, make sure that user Debian-exim is in group clamav
I hope that helps.
Robert