SPF (Sender Policy Framework) home : internet : mail : toaster : filtering : content filtering clamav

Content Filtering

Content filtering is done by programs like qmail-scanner or simscan. They gather the message and then pass it through various tests and/or external programs to verify that it's acceptable based on your sites policies.

How do I enable/disable a scanner?

Content scanners are enabled and disabled in one of two ways.

  • 1. Entire mail server: This method affects all SMTP connections to your mail server. You do this on a mail toaster by editing toaster-watcher.conf and setting "filtering_method" to "smtp" and then setting "smtpd_qmail_queue" to the path to your virus scanner ("/var/qmail/bin/qmail-scanner-queue", "/var/qmail/bin/simscan", etc.). Once you've configured toaster-watcher.conf, run toaster-watcher.pl and your settings will take effect.
  • .
  • 2. Per IP (range): The second option is to set QMAILQUEUE in your tcp.smtp file. This is the recommended way because it's easy to test without causing a possible service interruption. To do this, set "filtering_method" to tcpserver, and then edit ~vpopmail/etc/tcp.smtp. That file has some example entries in it to get you started, but basically, you set QMAILQUEUE for the IP addresses you want to have filtered.
  • .
    • 1.2.3.4:allow,QMAILQUEUE="/var/qmail/bin/simscan"
    • 2.3.4.5:allow,QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue"

When using the latter method, you can even have mail from one IP range processed through Qmail-Scanner and mail from another through simscan. I suggest testing your scanner on a private or local IP before enabling it for all connections. When you do enable it, watch the logs for a bit and make sure it's doing what you expect it to. After editing tcp.smtp, run "qmail cdb" to rebuild the file.

Which scanner should I use?

Simscan is recommended and is the default.

Qmail-scanner is available if you choose to use it. It can filter based on external programs (ClamAV, SpamAssassin, etc) as well as things like attachment extensions, keywords, etc. It's very powerful, but has substantial resource requirements so use it with care. If you use qmail-scanner, it is activated at the system level and settings there apply to your entire mail server. If you must employ different policies for different [groups of] users, then you must do one of the following:

  • a) run multiple SMTP servers (on unique IPs) with different policies
  • b) choose a "lowest common denominator" policy

Simscan is small, fast, and solves most of the problems created by using qmail-scanner. It works with ClamAV, SpamAssassin, and Sophie. It has support for attachment extension blocking as well. You can set different options based on the email address or domain the message is destined for. It is the recommended tool.

Simscan can be configured independently for each domain. IE, you can enable spam filtering for one domain, but not others. You can exclude and include virus filtering on a per domain basis. The same goes for attachment blocking. It's very configurable.


sub-sections
clamav
Qscanc
Qmail-Scanner
Simscan
SpamAssassin

Last modified on 4/28/05.