diff --git a/setup/clamsmtpd.sh b/setup/clamsmtpd.sh new file mode 100755 index 00000000..87da96fe --- /dev/null +++ b/setup/clamsmtpd.sh @@ -0,0 +1,69 @@ +#!/bin/bash +# clamsmtpd virus scanning +# ---------------------- + +source setup/functions.sh # load our functions +source /etc/mailinabox.conf # load global vars + +echo "Installing clamsmtpd (ClamAV e-mail virus scanning)..." + + +# Install clamav-daemon & clamsmtpd with additional scanning formats +apt_install clamav-daemon clamav clamsmtp unzip p7zip zip arj bzip2 cabextract cpio file gzip lhasa nomarch pax rar unrar unzip zip zoo + + +# Config /etc/clamsmtpd.conf +# Config edits do the following: +# Default port of 10025 is already in use by <>, using unused port 10028 to pass back from clamsmtpd to postfix. +# Default port of 10026 for listening from postfix is already in use by <>, using unused port 10027 instead. +# Add X-AV-Checked Header +# Adds script to notify destination user only (since sender may be spoofed) that mail was dropped due to virus detection) + +tools/editconf.py /etc/clamsmtpd.conf -s \ + OutAddress:=127.0.0.1:10028 \ + Listen:=127.0.0.1:10027 \ + Header:="X-AV-Checked: ClamAV" \ + VirusAction:="/usr/local/lib/clamsmtpd/email_virus_notify.sh" + +# Configure postfix main.cf + +tools/editconf.py /etc/postfix/main.cf \ +content_filter=scan:127.0.0.1:10027 #\ +#not sure if the below is needed/wanted, RFC - http://www.postfix.org/postconf.5.html#receive_override_options +#receive_override_options=no_address_mappings + +# Configure postfix master.cf +tools/editconf.py /etc/postfix/master.cf -s -w \ + "scan unix - - n - 16 smtp + -o smtp_send_xforward_command=yes" \ + "127.0.0.1:10028 inet n - n - 16 smtpd + -o content_filter= + -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks + -o smtpd_helo_restrictions= + -o smtpd_client_restrictions= + -o smtpd_sender_restrictions= + -o smtpd_recipient_restrictions=permit_mynetworks,reject + -o mynetworks_style=host + -o smtpd_authorized_xforward_hosts=127.0.0.0/8" + +# Config Notification Script +# Inspiration from https://h4des.org/blog/index.php?/archives/308-clamsmtp-informing-recipients-abount-email-virus-infection.html +mkdir -p /usr/local/lib/clamsmtpd +chown clamsmtp:clamsmtp /usr/local/lib/clamsmtpd +cp tools/email_virus_notify.sh /usr/local/lib/clamsmtpd/email_virus_notify.sh +chown clamsmtp:clamsmtp /usr/local/lib/clamsmtpd/email_virus_notify.sh +chmod 700 /usr/local/lib/clamsmtpd/email_virus_notify.sh + +# Force virus def updates +echo "Updating ClamAV Definitions" +echo "" +/usr/bin/freshclam + + +# restart postfix, start clamsmtpd, clamav-daemon, clamav-freshclam +adduser clamsmtp clamav > /dev/null +restart_service postfix +restart_service clamsmtp +restart_service clamav-daemon +restart_service clamav-freshclam + diff --git a/setup/start.sh b/setup/start.sh index 790afe18..03e67a16 100755 --- a/setup/start.sh +++ b/setup/start.sh @@ -104,6 +104,7 @@ source setup/mail-dovecot.sh source setup/mail-users.sh source setup/dkim.sh source setup/spamassassin.sh +source setup/clamsmtpd.sh source setup/web.sh source setup/webmail.sh source setup/owncloud.sh diff --git a/tools/email_virus_notify.sh b/tools/email_virus_notify.sh new file mode 100755 index 00000000..b4c14665 --- /dev/null +++ b/tools/email_virus_notify.sh @@ -0,0 +1,45 @@ +#!/bin/bash +# +# This script will notify users that email was dropped by clamsmtpd. +# +# Original inspiration from this script: https://h4des.org/blog/index.php?/archives/308-clamsmtp-informing-recipients-abount-email-virus-infection.html + +source /etc/mailinabox.conf # load global vars +# For all variables passed when running this script please see "man clamsmtpd.conf" + +#pull list of all emails served by this mailserver +dest_email=$(/usr/bin/sqlite3 /home/user-data/mail/users.sqlite "select distinct source from aliases union all select distinct email from users;") + +# check every single recipient +for i in $RECIPIENTS; do + +# check every single email/alias +for j in $dest_email; do + +#check if email address contains hosted domain name +# $i contains email address +# $j contains hosted email +if [[ "$i" == "$j" ]] +then +{ +echo "Hello $i," +echo "" +echo "This is the email system of $PRIMARY_HOSTNAME." +echo "" +echo "The email from $SENDER to you was infected with a virus ($VIRUS)." +echo "The email was blocked and this notification was sent instead." +echo "" +echo "If you encounter further problems please contact your System Administrator." +echo "" +echo "Regards," +echo "The email server at $PRIMARY_HOSTNAME" +#sending email to recipient that is hosted on this system +} | mail -a "From: postmaster@$PRIMARY_HOSTNAME" -s "Email Virus Scan Notificaton" "$i" +#continue with next recipient + +fi + +done + +done +