Provided by: clamsmtp_1.10-17ubuntu1_amd64 bug


     clamsmtpd — an SMTP server for scanning viruses via clamd


     clamsmtpd [-d level] [-f configfile] [-p pidfile]
     clamsmtpd -v


     clamsmtpd is an SMTP filter that allows you to check for viruses using the ClamAV anti-virus
     software. It accepts SMTP connections and forwards the SMTP commands and responses to
     another SMTP server.

     The DATA email body is intercepted and scanned before forwarding. By default email with
     viruses are dropped silently and logged without any additional action taken.

     clamsmtpd aims to be lightweight and simple rather than have a myriad of options. The
     options it does have are configured by editing the clamsmtpd.conf(5) file. See the man page
     for clamsmtpd.conf(5) for more info on the default location of the configuration file.


     Previous versions had more options. These still work for now but have equivalents in
     clamsmtpd.conf(5) and are not documented here. The options are as follows.

     -d          Don't detach from the console and run as a daemon. In addition the level
                 argument specifies what level of error messages to display. 0 being the least, 4
                 the most.

     -f          configfile specifies an alternate location for the clamsmtpd configuration file.
                 See clamsmtpd.conf(5) for more details on where the configuration file is
                 located by default.

     -p          pidfile specifies a location for the a process id file to be written to. This
                 file contains the process id of clamsmtpd and can be used to stop the daemon.

     -v          Prints the clamsmtp version number and exits.


     clamsmtpd logs to syslogd by default under the 'mail' facility. You can also output logs to
     the console using the -d option.


     In some cases it's advantageous to consolidate the virus scanning and filtering for several
     mail servers on one machine.  clamsmtpd allows this by providing a loopback feature to
     connect back to the IP that an SMTP connection comes in from.

     To use this feature specify only a port number (no IP address) for the OutAddress setting in
     the configuration file. This will cause clamsmtpd to pass the email back to the said port on
     the incoming IP address.

     Make sure the MaxConnections setting is set high enough to handle the mail from all the
     servers without refusing connections.


     A transparent proxy is a configuration on a gateway that routes certain types of traffic
     through a proxy server without any changes on the client computers.  clamsmtpd has support
     for transparent proxying of SMTP traffic by enabling the TransparentProxy setting. This type
     of setup usually involves firewall rules which redirect traffic to clamsmtpd and the setup
     varies from OS to OS. The SMTP traffic will be forwarded to it's original destination after
     being scanned.

     When doing transparent proxying for outgoing email it's probably a good idea to turn on
     bounce notifications using the Action: bounce setting. Also note that some features (such as
     SSL/TLS) will not be available when going through the transparent proxy.

     Make sure that the MaxConnections setting is set high enough for your transparent proxying.
     Because clamsmtpd is not being used as a filter inside a queue, which usually throttles the
     amount of email going through, this setting may need to be higher than usual.


     Using the VirusAction option you can run a script or program whenever a virus is found. This
     may be handy in certain circumstances but it has several drawbacks. For one, the performance
     of the virus filtering will take a hit, perhaps DOS'ing your machine under heavy load.
     Secondly as with running any program there are security implications to be considered.

     Please consider the above carefully before implementing a virus action.

     The script is run without its output being logged, or return value being checked. Because of
     this you should test it thoroughly. Make sure it runs without problems under the user that
     clamsmtpd(8) is being run as.

     Various environment variables will be present when your script is run. You may need to
     escape them properly before use in your favorite scripting language. Failure to do this
     could lead to a REMOTE COMPROMISE of your machine.

     CLIENT      The network address of the SMTP client connected.

     EMAIL       When the Quarantine option is enabled, this specifies the file that the virus
                 was saved to.

     RECIPIENTS  The email addresses of the email recipients. These are specified one per line,
                 in standard address format.

     REMOTE      If clamsmtpd is being used to filter email between SMTP servers, then this is
                 the IP address of the original client. In order for this information to be
                 present (a) the SMTP client (sending server) must an send an XFORWARD command
                 and (b) the SMTP server (receiving server) must accept that XFORWARD command
                 without error.

                 If clamsmtpd is being used to filter email between SMTP servers, then this is
                 the HELO/EHLO banner of the original client. In order for this information to be
                 present (a) the SMTP client (sending server) must an send an XFORWARD command
                 and (b) the SMTP server (receiving server) must accept that XFORWARD command
                 without error.

     SENDER      The email address for the sender of the email.

     SERVER      The network address of the SMTP server we're connected to.

     TMPDIR      The path to the temp directory in use. This is the same as the TempDirectory

     VIRUS       The name of the virus found.


     There's no reason to run this daemon as root. It is meant as a filter and should listen on a
     high TCP port. It's probably a good idea to run it using the same user as the clamd(8)
     daemon. This way the temporary files it writes are accessible to clamd(8)

     Care should be taken with the directory that clamsmtpd writes its temporary files to. In
     order to be secure, it should not be a world writeable location. Specify the directory using
     the TempDirectory setting.

     When using the VirusAction option make sure you understand the security issues involved.
     Unescaped environment variables can lead to execution of arbitrary shell commands on your

     If running clamsmtpd on a publicly accessible IP address or without a firewall please be
     sure to understand all the possible security issues. This is especially true if the loopback
     feature is used (see above).


     clamsmtpd.conf(5) clamd(8), clamdscan(1)


     Stef Walter <>