email scanner

Discussion in 'ISPConfig 3 Priority Support' started by luisdaniel, May 11, 2015.

  1. luisdaniel

    luisdaniel New Member

    Hello everyone!
    My question is, it's possible to have the email scanner for virus and trojans (clamav) in a different server?
    This question is from my server have only 1GB of RAM, and 28% is taked by clamav, after I turned it off, the server now uses +-700MB VS >900MB. I have other VPS where I can put the clamav and free the main server.
    It's true that i can install the mail server in other machine, but so far I only need to take out the clamav from main server to free up a lot of memory.
  2. Croydon

    Croydon ISPConfig Developer ISPConfig Developer

    It should be possible, if you configure postfix to use amavis on a different server, but you have to secure the installation.
    What you will have to do:
    1.) change the amavis config on the second server to listen to the public ip instead of localhost
    $inet_socket_bind = 'ip_of_server_amavis';
    $forward_method = 'smtp:[ip_of_mail_server]:10025';
    $notify_method  = $forward_method;
    $myhostname = "your hostname";
    2.) Change the postfix to use the content filter on the second server
    content_filter = smtp-amavis:[ip_of_server_amavis]:10024
    3.) Change the postfix
    ip_of_mail_server:10025 inet n  -       n       -       -  smtpd
    Don't forget to modify the mynetworks setting below that, because you have to limit the incoming connections, otherwise you will get a spam-machine.

    You should limit connections to the amavis server/port and the mail server port 10025 to specific ip addresses via iptables or something similar. Use these things at your own risk and only do it if you understand what it means.
  3. florian030

    florian030 Well-Known Member HowtoForge Supporter

    $inet_socket_bind ='*';
    This does not open amavis for every ip. You define the allowed ips in @inet_acl. (if you did not already set
    @inet_acl = @mynetworks;

    $forward_method = 'smtp:*:10025';
    amavis sends the mail back to the host who opens the tcp/ip-connect. You can also use * instead of 10025. Amavis adds 1 to it´s listening port (the port amavis receives the mail on) to autodetect the port. This is a very way to create a cluster.

    Make sure, that the transport smtp-amavis exists . ISPConfig uses amavis and not smtp-amaivs.
  4. luisdaniel

    luisdaniel New Member

    Thanks for help.
    But that's for amavis, I already saw it's possible to change the connection IP for amavis, but I want the changes for clamav or both need to be in the same server?
  5. florian030

    florian030 Well-Known Member HowtoForge Supporter

    You can run clamav and amavis on different servers. But may leads to a longer run-time. For clamav just define TCPSocket NUMBER and TCPAddr STRING in the clamav.conf and adjust @av_avscanners in amavis to use the remote-connection. And of course open the firewall.
    I would simply switch to a server with more RAM.
    Croydon likes this.
  6. luisdaniel

    luisdaniel New Member

    Let me se if I'm right. If I want to change the clamav server location, I need to change the file /etc/clamav/clamad.conf. If I want to change the amavis server location I need to change other configuration files, which I don't know where, maybe in /etc/amavis/conf.d/.
    I already thought about upgrade the VPS, although I have 2 vps so I can save some money if I split some services between them. And in future it can be helpfull.
  7. florian030

    florian030 Well-Known Member HowtoForge Supporter

    If you use clamav with amavis, you must change the amvis-config and not only the clam-config. But i makes no sense (at least in your setup) to move clamav to a different server.
  8. luisdaniel

    luisdaniel New Member

    Ok, so if I understand it works like that: "server" calls amvis and amvis call clamav. So if I change the location of clamav, I need to tell amvis where clamav is, right? Oh and need clamav to listen a specific IP not localhost.
    Let me give one example, I have 3 servers + 1 server all only with 1GB RAM, the 3 ones have every services except clamav and the extra server have clamav, at the end I don't need to upgrade the 3 servers. Why this configuration? The answer is the same as why have 500 HP vehicles?
  9. till

    till Super Moderator Staff Member ISPConfig Developer


    If clamav runs on a different server, then it has to listen on the external IP address of that server, otherwise you wont be able to reach it. You will then have to ensure with iptables rules that clamav can only be reached from IP address of your mail server.

Share This Page