Hello everyone! My question is, it's possible to have the email scanner for virus and trojans (clamav) in a different server? This question is from my server have only 1GB of RAM, and 28% is taked by clamav, after I turned it off, the server now uses +-700MB VS >900MB. I have other VPS where I can put the clamav and free the main server. It's true that i can install the mail server in other machine, but so far I only need to take out the clamav from main server to free up a lot of memory.
It should be possible, if you configure postfix to use amavis on a different server, but you have to secure the installation. What you will have to do: 1.) change the amavis config on the second server to listen to the public ip instead of localhost Code: $inet_socket_bind = 'ip_of_server_amavis'; $forward_method = 'smtp:[ip_of_mail_server]:10025'; $notify_method = $forward_method; $myhostname = "your hostname"; 2.) Change the postfix main.cf to use the content filter on the second server Code: content_filter = smtp-amavis:[ip_of_server_amavis]:10024 3.) Change the postfix master.cf Code: ip_of_mail_server:10025 inet n - n - - smtpd Don't forget to modify the mynetworks setting below that, because you have to limit the incoming connections, otherwise you will get a spam-machine. You should limit connections to the amavis server/port and the mail server port 10025 to specific ip addresses via iptables or something similar. Use these things at your own risk and only do it if you understand what it means.
Amavis: Code: $inet_socket_bind ='*'; This does not open amavis for every ip. You define the allowed ips in @inet_acl. (if you did not already set Code: @inet_acl = @mynetworks; ) With Code: $forward_method = 'smtp:*:10025'; amavis sends the mail back to the host who opens the tcp/ip-connect. You can also use * instead of 10025. Amavis adds 1 to it´s listening port (the port amavis receives the mail on) to autodetect the port. This is a very way to create a cluster. Postfix: Make sure, that the transport smtp-amavis exists . ISPConfig uses amavis and not smtp-amaivs.
Thanks for help. But that's for amavis, I already saw it's possible to change the connection IP for amavis, but I want the changes for clamav or both need to be in the same server?
You can run clamav and amavis on different servers. But may leads to a longer run-time. For clamav just define TCPSocket NUMBER and TCPAddr STRING in the clamav.conf and adjust @av_avscanners in amavis to use the remote-connection. And of course open the firewall. I would simply switch to a server with more RAM.
Let me se if I'm right. If I want to change the clamav server location, I need to change the file /etc/clamav/clamad.conf. If I want to change the amavis server location I need to change other configuration files, which I don't know where, maybe in /etc/amavis/conf.d/. I already thought about upgrade the VPS, although I have 2 vps so I can save some money if I split some services between them. And in future it can be helpfull.
If you use clamav with amavis, you must change the amvis-config and not only the clam-config. But i makes no sense (at least in your setup) to move clamav to a different server.
Ok, so if I understand it works like that: "server" calls amvis and amvis call clamav. So if I change the location of clamav, I need to tell amvis where clamav is, right? Oh and need clamav to listen a specific IP not localhost. Let me give one example, I have 3 servers + 1 server all only with 1GB RAM, the 3 ones have every services except clamav and the extra server have clamav, at the end I don't need to upgrade the 3 servers. Why this configuration? The answer is the same as why have 500 HP vehicles?
Yes. If clamav runs on a different server, then it has to listen on the external IP address of that server, otherwise you wont be able to reach it. You will then have to ensure with iptables rules that clamav can only be reached from IP address of your mail server.