Merge 97b3207392 into 2a72c800f6

2025-04-21 03:02:09 +00:00 · 2018-07-01 13:02:44 +00:00 · 2018-07-01 13:02:44 +00:00 · 47a795dd42
commit 47a795dd42
parent 2a72c800f6 97b3207392
3 changed files with 115 additions and 0 deletions
--- a/setup/clamsmtpd.sh
+++ b/setup/clamsmtpd.sh
@ -0,0 +1,68 @@
+#!/bin/bash
+# clamsmtpd virus scanning
+# ----------------------
+
+source setup/functions.sh # load our functions
+source /etc/mailinabox.conf # load global vars
+
+echo "Installing clamsmtpd (ClamAV e-mail virus scanning)..."
+
+
+# Install clamav-daemon & clamsmtpd with additional scanning formats
+apt_install sqlite clamav-daemon clamav clamsmtp unzip p7zip zip arj bzip2 cabextract cpio file gzip lhasa nomarch pax rar unrar unzip zip zoo
+
+
+# Config /etc/clamsmtpd.conf
+# Config edits do the following:
+# Default port of 10025 is already in use by <>, using unused port 10028 to pass back from clamsmtpd to postfix.
+# Default port of 10026 for listening from postfix is already in use by <>, using unused port 10027 instead.
+# Add X-AV-Checked Header
+# Adds script to notify destination user only (since sender may be spoofed) that mail was dropped due to virus detection)
+
+tools/editconf.py /etc/clamsmtpd.conf -s \
+                OutAddress:=127.0.0.1:10028 \
+                Listen:=127.0.0.1:10027 \
+                Header:="X-AV-Checked: ClamAV" \
+                VirusAction:="/usr/local/lib/clamsmtpd/email_virus_notify.sh"
+
+# Configure postfix main.cf
+
+tools/editconf.py /etc/postfix/main.cf \
+content_filter=scan:127.0.0.1:10027 #\
+#not sure if the below is needed/wanted, RFC - http://www.postfix.org/postconf.5.html#receive_override_options
+#receive_override_options=no_address_mappings
+
+# Configure postfix master.cf
+tools/editconf.py /etc/postfix/master.cf -s -w \
+        "scan=unix  -       -       n       -       16      smtp
+          -o smtp_send_xforward_command=yes" \
+        "127.0.0.1:10028=inet  n -       n       -       16      smtpd
+          -o content_filter=
+          -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
+          -o smtpd_helo_restrictions=
+          -o smtpd_client_restrictions=
+          -o smtpd_sender_restrictions=
+          -o smtpd_recipient_restrictions=permit_mynetworks,reject
+          -o mynetworks_style=host
+          -o smtpd_authorized_xforward_hosts=127.0.0.0/8"
+
+# Config Notification Script
+# Inspiration from https://h4des.org/blog/index.php?/archives/308-clamsmtp-informing-recipients-abount-email-virus-infection.html
+mkdir -p /usr/local/lib/clamsmtpd
+chown clamsmtp:clamsmtp /usr/local/lib/clamsmtpd
+cp tools/email_virus_notify.sh /usr/local/lib/clamsmtpd/email_virus_notify.sh
+chown clamsmtp:clamsmtp /usr/local/lib/clamsmtpd/email_virus_notify.sh
+chmod 700 /usr/local/lib/clamsmtpd/email_virus_notify.sh
+
+# Force virus def updates
+echo "Updating ClamAV Definitions"
+echo ""
+/usr/bin/freshclam
+
+
+# restart postfix, start clamsmtpd, clamav-daemon, clamav-freshclam
+adduser clamsmtp clamav > /dev/null
+restart_service postfix
+restart_service clamsmtp
+restart_service clamav-daemon
+restart_service clamav-freshclam
--- a/setup/start.sh
+++ b/setup/start.sh
@ -104,6 +104,7 @@ source setup/mail-dovecot.sh
 source setup/mail-users.sh
 source setup/dkim.sh
 source setup/spamassassin.sh
+source setup/clamsmtpd.sh
 source setup/web.sh
 source setup/webmail.sh
 source setup/owncloud.sh
--- a/tools/email_virus_notify.sh
+++ b/tools/email_virus_notify.sh
@ -0,0 +1,46 @@
+#!/bin/bash
+#
+# This script will notify users that email was dropped by clamsmtpd.
+#
+# Original inspiration from this script: https://h4des.org/blog/index.php?/archives/308-clamsmtp-informing-recipients-abount-email-virus-infection.html
+
+source /etc/mailinabox.conf # load global vars
+# For all variables passed when running this script please see "man clamsmtpd.conf"
+
+#pull list of all emails served by this mailserver
+dest_email=$(/usr/bin/sqlite3 /home/user-data/mail/users.sqlite "select distinct source from aliases union all select distinct email from users;")
+
+# check every single recipient
+for i in $RECIPIENTS; do
+
+# check every single email/alias
+for j in $dest_email; do
+
+#check if email address contains hosted domain name
+# $i contains email address
+# $j contains hosted email
+if [[ "$i" == "$j" ]]
+then
+{
+echo "Subject: Email Virus Scan Notification"
+echo ""
+echo "Hello $i,"
+echo ""
+echo "This is the email system of $PRIMARY_HOSTNAME."
+echo ""
+echo "The email from $SENDER to you was infected with a virus ($VIRUS)."
+echo "The email was blocked and this notification was sent instead."
+echo ""
+echo "If you encounter further problems please contact your System Administrator."
+echo ""
+echo "Regards,"
+echo "The email server at $PRIMARY_HOSTNAME"
+#sending email to recipient that is hosted on this system
+} | sendmail -f "postmaster@$PRIMARY_HOSTNAME" "$i"
+#continue with next recipient
+
+fi
+
+done
+
+done