#1  
Old 14th July 2007, 20:31
dazblade dazblade is offline
Junior Member
 
Join Date: Jul 2007
Posts: 12
Thanks: 3
Thanked 0 Times in 0 Posts
Default Exim MTA

I am currently using the excellent article "The Perfect Server - Fedora 7" to set up my Fedora 7 desktop as a server.

I am using exim as my MTA. Here is a test I just ran:
Code:
[root@HostBlade ~]# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 HostBlade.example.com ESMTP Exim 4.66 Sat, 14 Jul 2007 18:51:28 +0100
helo test
250 HostBlade.example.com Hello localhost [127.0.0.1]
mail from: <nobody@howhere.com>
250 OK
rcpt to: <postmaster@example.com>
250 Accepted
data
354 Enter message, ending with "." on a line by itself
From: nobody@howhere.com
To: postmaster@example.com
Subject: a test mail

testing

.
451 Temporary local problem - please try later
So I check Exim main.log:
Code:
[root@HostBlade ~]# tail -2 /var/log/exim/main.log
2007-07-14 18:53:42 1I9lnK-0004g9-Qd malware acl condition: clamd: unable to connect to UNIX socket /var/run/clamd.exim/clamd.sock (No such file or directory)
2007-07-14 18:53:42 1I9lnK-0004g9-Qd H=localhost (test) [127.0.0.1] F=<nobody@howhere.com> temporarily rejected after DATA
With regards to the "/var/run/clamd.exim/clamd.sock (No such file or directory)" part, if I actually create the file clamd.sock then the error changes to "unable to connect to UNIX socket /var/run/clamd.exim/clamd.sock (Permission denied)" and additonally the Clamd Log will state that "clamd.sock already exists, please remove it" - which is the reason I removed it to do the above test. I seem to be caught in some kind of paradox here, lol.

Additonally, I created a user called clamexim and set User clamexim in the clamd.conf file. Also, to overcome the permission denied with clamd.sock I CHOWNed it to clamexim.exim and I think the permissions where set to 711 so I have the following users in /etc/passwd
Code:
exim:x:93:93::/var/spool/exim:/sbin/nologin
clamav:x:498:497:Clamav database update user:/var/lib/clamav:/sbin/nologin
clamexim:x:503:93:Clam Antivirus Scanner:/home/clamexim:/bin/bash
All help greatly appreciated.
Reply With Quote
Sponsored Links
  #2  
Old 15th July 2007, 13:43
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,722 Times in 2,563 Posts
Default

What's the output of
Code:
updatedb
locate clamd.sock
? What's in /etc/clamd.conf?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
The Following User Says Thank You to falko For This Useful Post:
dazblade (16th July 2007)
  #3  
Old 16th July 2007, 00:11
dazblade dazblade is offline
Junior Member
 
Join Date: Jul 2007
Posts: 12
Thanks: 3
Thanked 0 Times in 0 Posts
Default

Hi Falko,

There is no output from:
Code:
updatedb
locate clamd.sock
Not heard of the command, updatedb, it just seemed to frap my HDD for while and then dropped to the next line. The locate command did not find anything because I deleted the the clamd.sock file which I originally created with vi. But prior to deleting I got this message: "unable to connect to UNIX socket /var/run/clamd.exim/clamd.sock (Permission denied)" and additonally the Clamd Log will state that "clamd.sock already exists, please remove it"

Here is my /etc/clamd.conf
Code:
##
## Example config file for the Clam AV daemon
## Please read the clamd.conf(5) manual before editing this file.
##


# Comment or remove the line below.
#Example

# Uncomment this option to enable logging.
# LogFile must be writable for the user running daemon.
# A full path is required.
# Default: disabled
  LogFile /var/log/clamav/clamd.log

# By default the log file is locked for writing - the lock protects against
# running clamd multiple times (if want to run another clamd, please
# copy the configuration file, change the LogFile variable, and run
# the daemon with --config-file option).
# This option disables log file locking.
# Default: no
#LogFileUnlock yes

# Maximum size of the log file.
# Value of 0 disables the limit.
# You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes)
# and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes). To specify the size
# in bytes just don't use modifiers.
# Default: 1M
#LogFileMaxSize 2M

# Log time with each message.
# Default: no
  LogTime yes

# Also log clean files. Useful in debugging but drastically increases the
# log size.
# Default: no
#LogClean yes

# Use system logger (can work together with LogFile).
# Default: no
#LogSyslog yes

# Specify the type of syslog messages - please refer to 'man syslog'
# for facility names.
# Default: LOG_LOCAL6
#LogFacility LOG_MAIL

# Enable verbose logging.
# Default: no
  LogVerbose yes

# This option allows you to save a process identifier of the listening
# daemon (main thread).
# Default: disabled
PidFile /var/run/clamav/clamd.pid

# Optional path to the global temporary directory.
# Default: system specific (usually /tmp or /var/tmp).
#TemporaryDirectory /var/tmp

# Path to the database directory.
# Default: hardcoded (depends on installation options)
#DatabaseDirectory /var/lib/clamav

# The daemon works in a local OR a network mode. Due to security reasons we
# recommend the local mode.

# Path to a local socket file the daemon will listen on.
# Default: disabled (must be specified by a user)
LocalSocket /var/run/clamd.exim/clamd.sock

# Remove stale socket after unclean shutdown.
# Default: no
#FixStaleSocket yes

# TCP port address.
# Default: no
#TCPSocket 3310

# TCP address.
# By default we bind to INADDR_ANY, probably not wise.
# Enable the following to provide some degree of protection
# from the outside world.
# Default: no
#TCPAddr 127.0.0.1

# Maximum length the queue of pending connections may grow to.
# Default: 15
#MaxConnectionQueueLength 30

# Clamd uses FTP-like protocol to receive data from remote clients.
# If you are using clamav-milter to balance load between remote clamd daemons
# on firewall servers you may need to tune the options below.

# Close the connection when the data size limit is exceeded.
# The value should match your MTA's limit for a maximum attachment size.
# Default: 10M
  StreamMaxLength 10M

# Limit port range.
# Default: 1024
#StreamMinPort 30000
# Default: 2048
#StreamMaxPort 32000

# Maximum number of threads running at the same time.
# Default: 10
  MaxThreads 10

# Waiting for data from a client socket will timeout after this time (seconds).
# Value of 0 disables the timeout.
# Default: 120
#ReadTimeout 300

# Waiting for a new job will timeout after this time (seconds).
# Default: 30
#IdleTimeout 60

# Maximum depth directories are scanned at.
# Default: 15
#MaxDirectoryRecursion 20

# Follow directory symlinks.
# Default: no
#FollowDirectorySymlinks yes

# Follow regular file symlinks.
# Default: no
#FollowFileSymlinks yes

# Perform a database check.
# Default: 1800 (30 min)
#SelfCheck 600

# Execute a command when virus is found. In the command string %v will
# be replaced with the virus name.
# Default: no
#VirusEvent /usr/local/bin/send_sms 123456789 "VIRUS ALERT: %v"

# Run as another user (clamd must be started by root to make this option
# working).
# Default: don't drop privileges
# User clamav
User clamexim

# Initialize supplementary group access (clamd must be started by root).
# Default: no
  AllowSupplementaryGroups yes

# Stop daemon when libclamav reports out of memory condition.
#ExitOnOOM yes

# Don't fork into background.
# Default: no
#Foreground yes

# Enable debug messages in libclamav.
# Default: no
#Debug yes

# Do not remove temporary files (for debug purposes).
# Default: no
#LeaveTemporaryFiles yes

# In some cases (eg. complex malware, exploits in graphic files, and others),
# ClamAV uses special algorithms to provide accurate detection. This option
# controls the algorithmic detection.
# Default: yes
#AlgorithmicDetection yes

##
## Executable files
##

# PE stands for Portable Executable - it's an executable file format used
# in all 32 and 64-bit versions of Windows operating systems. This option allows
# ClamAV to perform a deeper analysis of executable files and it's also
# required for decompression of popular executable packers such as UPX, FSG,
# and Petite.
# Default: yes
#ScanPE yes

# Executable and Linking Format is a standard format for UN*X executables.
# This option allows you to control the scanning of ELF files.
# Default: yes
#ScanELF yes

# With this option clamav will try to detect broken executables (both PE and
# ELF) and mark them as Broken.Executable.
# Default: no
#DetectBrokenExecutables yes


##
## Documents
##

# This option enables scanning of OLE2 files, such as Microsoft Office
# documents and .msi files.
# Default: yes
#ScanOLE2 yes

# This option enables scanning within PDF files.
# Default: no
#ScanPDF yes

##
## Mail files
##

# Enable internal e-mail scanner.
# Default: yes
  ScanMail yes

# If an email contains URLs ClamAV can download and scan them.
# WARNING: This option may open your system to a DoS attack.
#          Never use it on loaded servers.
# Default: no
#MailFollowURLs no

# Recursion level limit for the mail scanner.
# Default: 64
#MailMaxRecursion 128

# With this option enabled ClamAV will try to detect phishing attempts by using
# signatures.
# Default: yes
#PhishingSignatures yes


# Scan urls found in mails for phishing attempts.
# (available in experimental builds only) 
# Default: yes
#PhishingScanURLs yes

# Use phishing detection only for domains listed in the .pdb database. It is
# not recommended to have this option turned off, because scanning of all
# domains may lead to many false positives!
# (available in experimental builds only)
# Default: yes
#PhishingRestrictedScan yes

# Always block SSL mismatches in URLs, even if the URL isn't in the database.
# This can lead to false positives.
# (available in experimental builds only)
#
# Default: no
#PhishingAlwaysBlockSSLMismatch no

# Always block cloaked URLs, even if URL isn't in database.
# This can lead to false positives.
# (available in experimental builds only)
#
# Default: no
#PhishingAlwaysBlockCloak no

##
## HTML
##

# Perform HTML normalisation and decryption of MS Script Encoder code.
# Default: yes
#ScanHTML yes


##
## Archives
##

# ClamAV can scan within archives and compressed files.
# Default: yes
#ScanArchive yes

# The options below protect your system against Denial of Service attacks
# using archive bombs.

# Files in archives larger than this limit won't be scanned.
# Value of 0 disables the limit.
# Default: 10M
#ArchiveMaxFileSize 15M

# Nested archives are scanned recursively, e.g. if a Zip archive contains a RAR
# file, all files within it will also be scanned. This options specifies how
# deeply the process should be continued.
# Value of 0 disables the limit.
# Default: 8
#ArchiveMaxRecursion 10

# Number of files to be scanned within an archive.
# Value of 0 disables the limit.
# Default: 1000
#ArchiveMaxFiles 1500

# If a file in an archive is compressed more than ArchiveMaxCompressionRatio
# times it will be marked as a virus (Oversized.ArchiveType, e.g. Oversized.Zip)
# Value of 0 disables the limit.
# Default: 250
#ArchiveMaxCompressionRatio 300

# Use slower but memory efficient decompression algorithm.
# only affects the bzip2 decompressor.
# Default: no
#ArchiveLimitMemoryUsage yes

# Mark encrypted archives as viruses (Encrypted.Zip, Encrypted.RAR).
# Default: no
#ArchiveBlockEncrypted no

# Mark archives as viruses (e.g. RAR.ExceededFileSize, Zip.ExceededFilesLimit)
# if ArchiveMaxFiles, ArchiveMaxFileSize, or ArchiveMaxRecursion limit is
# reached.
# Default: no
#ArchiveBlockMax no

# Enable support for Sensory Networks' NodalCore hardware accelerator.
# Default: no
#NodalCoreAcceleration yes


##
## Clamuko settings
## WARNING: This is experimental software. It is very likely it will hang
##          up your system!!!
##

# Enable Clamuko. Dazuko (/dev/dazuko) must be configured and running.
# Default: no
#ClamukoScanOnAccess yes

# Set access mask for Clamuko.
# Default: no
#ClamukoScanOnOpen yes
#ClamukoScanOnClose yes
#ClamukoScanOnExec yes

# Set the include paths (all files inside them will be scanned). You can have
# multiple ClamukoIncludePath directives but each directory must be added
# in a seperate line.
# Default: disabled
#ClamukoIncludePath /home
#ClamukoIncludePath /students

# Set the exclude paths. All subdirectories are also excluded.
# Default: disabled
#ClamukoExcludePath /home/bofh

# Don't scan files larger than ClamukoMaxFileSize
# Value of 0 disables the limit.
# Default: 5M
#ClamukoMaxFileSize 10M

Last edited by dazblade; 16th July 2007 at 00:14.
Reply With Quote
  #4  
Old 16th July 2007, 14:30
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,722 Times in 2,563 Posts
Default

Can you restart Clamd? Do you get any error messages? What's the output of
Code:
ls -l /var/run/clamd.exim/clamd.sock
afterwards?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
The Following User Says Thank You to falko For This Useful Post:
dazblade (16th July 2007)
  #5  
Old 16th July 2007, 18:42
dazblade dazblade is offline
Junior Member
 
Join Date: Jul 2007
Posts: 12
Thanks: 3
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by falko
Can you restart Clamd? Do you get any error messages?
How foolish do I feel I restarted clamd.exim and you know what, it couldn't stop coz it wasn't running, Doh! But started ok.

My telnet test seemed to go thru without error, although not yet checked email, the main thing is it worked.

Quote:
Originally Posted by falko
What's the output of
Code:
ls -l /var/run/clamd.exim/clamd.sock
afterwards?
Here is my result now:
Code:
ls -l /var/run/clamd.exim/clamd.sock
srwxrwxrwx 1 exim exim 0 2007-07-16 17:21 /var/run/clamd.exim/clamd.sock
I think I had got myself so wrapped up in it all that I probably was forgetting what I started and what I hadn't and forgetting changes I made etc.

Thanks very much Falko, you made me address the issue from a different stance, that I probably would not of thought of.... I better go and check the actual email now to see if it was scanned etc....
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
sending e-mail using mail() function linuxuser1 HOWTO-Related Questions 38 21st April 2009 12:20
Exim Arricc Tips/Tricks/Mods 3 28th November 2006 22:22
Change MTA from Postfix to Sendmail in ISPConfig denmaus Installation/Configuration 8 10th July 2006 13:01
MTA Postfix, Courier, etc signature16 Server Operation 2 1st July 2006 12:35
Help understanding how mail server should be setup micko_escalade Server Operation 51 12th February 2006 07:25


All times are GMT +2. The time now is 15:34.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.