File README.postfix of Package clamsmtp

ClamSMTP: Using with Postfix

Postfix supports filtering mail through a filter that acts like an SMTP
server. This is how clamsmtp was designed. Postfix supports before-queue and
after-queue filters. Before-queue filters make a poor choice for anti-virus
scanners so this document will describe the latter. For more details on why
and how this all works, read the above links on the Postfix site.

Put the following lines in your Postfix main.cf file:
content_filter = scan:[127.0.0.1]:10025
 
The content_filter tells Postfix to send all mail through the service called
'scan' on port 10025. We'll set up clamsmtpd to listen on this port later.

Next we add the following to the Postfix master.cf file:

# AV scan filter (used by content_filter)
scan      unix  -       -       n       -       16      smtp
        -o smtp_send_xforward_command=yes
        -o smtp_enforce_tls=no
# For injecting mail back into postfix from the filter
127.0.0.1:10026 inet  n -       n       -       16      smtpd
        -o content_filter=
        -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
        -o smtpd_helo_restrictions=
        -o smtpd_client_restrictions=
        -o smtpd_sender_restrictions=
        -o smtpd_recipient_restrictions=permit_mynetworks,reject
        -o mynetworks_style=host
        -o smtpd_authorized_xforward_hosts=127.0.0.0/8

Make sure there's no spaces around the equal signs or commas in the text you
added. The first 2 lines create the 'scan' service. The rest set up a
service for accepting mail back into postfix. All the options prevent a mail
loop as well as relax address checking and the like, since that's already
been done.

Specify the OutAddress option in /etc/clamsmtpd.conf as 127.0.0.1:10026. Make
sure to run it as the same user as you run clamd or they'll have problems
accessing each other's temporary files. You can use the User option to
accomplish that.

Now start up clamsmtpd like this. 
# rcclamsmtpd start

Make sure clamd (the ClamAV daemon) is running, and its listening on the
socket you specified. You can set this in clamav.conf using the LocalSocket
or TCPSocket directives (only uncomment one). Also make sure the ScanMail
directive is on. And that's all there is to it. If something's not working,
check mail-queues, logs, etc... If you have trouble with clamsmtpd or send
me a bug report, be sure to try the debug log mode which can be a valuable
aid in figuring things out:
# clamsmtpd -d 4 -f /path/to/clamsmtpd.conf


* note: /etc/clamsmtpd.conf comes already preconfigured for a setup where
the postfix server as well als the clamd used are running on the same
machine as clamsmtpd. So, unless you want to have one or both of those on a
different machine than clamsmtpd, you just have to make the changes to your
postfix setup, as described above.