Scanserver Milter is a mail filter proxy for postfix and sendmail. Any incoming mail message will be sent to scanserver and depending on the result the proxy will filter out the message.
This guide will use postfix. To install it run:
sudo apt update
sudo apt upgrade
sudo apt install postfix
sudo apt install mailutils
After installation:
cd /var/spool/postfix/
and create a milter directory. This is required, as postfix run chrooted in this directory.
sudo mkdir milter
sudo chown user:user milter/
Be sure to replace "user" with your own username.
Now copy the files in this directory to a location of your choice. In this example we create a folder scanserver_milter in our home directory:
cd ~
mkdir scanserver_milter
... copy the files into "scanserver_milter".
Now navigate into this folder and edit scanserver-milter.json:
error-is-infected: How to react if an error occurs or scanserver is not reachable. If this is true, then an error is seen as infected. Mails only pass if scanserver confirms that it is clean.host: Hostname, where scanserver is hosted.port: Listening port of scanserverclean-action: Can be:
ACCEPT: Mail will be forwarded to the recipient, even if it is infected.REJECT: Mail will be rejected and the sender notified.DISCARD: Mail will be discarded. The sender will NOT be notified.QUARANTINE: Mail will be put on quarantine. In postfix the mail will stay on HOLD (meaning it will stay in queue until the recipient requests it from quarantine)DEFER: Mail will be rejected and the sender will be notified with a temporary failure message.Adjust the config by your scanserver setup.
Now edit /etc/postfix/main.cf and add:
smtpd_milters = unix:/milter/scanserver.sock
at the end of the file.
Restart postfix:
sudo postfix stop
sudo postfix start
Note: Replace localhost with your hostname, and root with your username.
telnet localhost 25
EHLO localhost
MAIL FROM:root@localhost
RCPT TO:root@localhost
DATA
Subject: EICAR
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
.
QUIT
If you have logging enabled, then you can view the mail logs with
journalctl -u postfix@-.service
You should see now that postfix reacts to the filter (depending on what "clean-action" you have chosen)