# help: ClamAV - connection refused



## LeServal (Mar 16, 2010)

I/II

Dear forum members,

I am experimenting around a bit in creating a mailserver with Postfix. It is, so far, local, bearing the name dove.flying. Everything else being fine, I cannot receive any e-mails when I turn on clamav. If I comment out the corresponding lines in main.cf and master.cf which activate clamav, everything is working - mail that I locally send I can also locally retrieve; but not so if clamav shall run as well, then no mail is received. I have installed clamav from the binary packages.

Please let me know what information you need to further analyse the problem. Below you can find the content of some files; I just removed the #-lines manually to enease reading, hope I did not erase anything important. Please let me know what error you deem I am making; I have been intensely fighting with this now for over two weeks.

uname -a:


```
FreeBSD dove.flying 8.0-RELEASE FreeBSD 8.0-RELEASE #0: Sat Nov 21 15:48:17 UTC 2009     root@almeida.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC  i386
```

Permissions on clamd:


```
-r-xr-xr-x  1 root  wheel  106692 Oct 21 09:25 /usr/local/sbin/clamd
```

ClamAV's working directory permissions:


```
drwxr-xr-x  2 clamav  clamav  512 Mar 16 08:16 /var/run/clamav/
```

Contents of this directory - PLEASE NOTE, SOMEHOW THERE IS NO clamd.ctl:


```
total 2
-rw-rw----  1 clamav  clamav  3 Mar 16 08:16 clamd.pid
srwxrwxrwx  1 clamav  clamav  0 Mar 16 08:16 clamd.sock
```

postconf -n:


```
biff = no
broken_sasl_auth_clients = yes
command_directory = /usr/local/sbin
config_directory = /usr/local/etc/postfix
content_filter = scan:127.0.0.1:10026
daemon_directory = /usr/local/libexec/postfix
data_directory = /var/db/postfix
debug_peer_level = 2
html_directory = /usr/local/share/doc/postfix
inet_interfaces = all
mail_owner = postfix
mailq_path = /usr/local/bin/mailq
manpage_directory = /usr/local/man
mydomain = flying
myhostname = dove.flying
mynetworks = 127.0.0.0/8
mynetworks_style = host
myorigin = dove.flying
newaliases_path = /usr/local/bin/newaliases
queue_directory = /var/spool/postfix
readme_directory = /usr/local/share/doc/postfix
receive_override_options = no_address_mappings
sample_directory = /usr/local/etc/postfix
sendmail_path = /usr/local/sbin/sendmail
setgid_group = maildrop
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_path = /var/spool/postfix/private/dovecot-auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks
smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/ssl/certs/dovecot.pem
smtpd_tls_key_file = /etc/ssl/private/dovecot.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
unknown_local_recipient_reject_code = 550
```

master.cf:


```
smtp      inet  n       -       n       -       -       smtpd -o content-filter=spamm:

scan  unix  -  -  n  -  16  smtp -o smtp_send_xforward_command=yes

127.0.0.1:10025  inet  n  -  n  -  16  smtpd
  -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
  -o smtpd_recipient_restrictions=permit_mynetworks,reject
  -o mynetworks_style=host
  -o smtpd_authorized_xforward_hosts=127.0.0.0/8

pickup    fifo  n       -       n       60      1       pickup
cleanup   unix  n       -       n       -       0       cleanup
qmgr      fifo  n       -       n       300     1       qmgr
tlsmgr    unix  -       -       n       1000?   1       tlsmgr
rewrite   unix  -       -       n       -       -       trivial-rewrite
bounce    unix  -       -       n       -       0       bounce
defer     unix  -       -       n       -       0       bounce
trace     unix  -       -       n       -       0       bounce
verify    unix  -       -       n       -       1       verify
flush     unix  n       -       n       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
proxywrite unix -       -       n       -       1       proxymap
smtp      unix  -       -       n       -       -       smtpd -o content-filter=spamm:
relay     unix  -       -       n       -       -       smtp
	-o smtp_fallback_relay=
showq     unix  n       -       n       -       -       showq
error     unix  -       -       n       -       -       error
retry     unix  -       -       n       -       -       error
discard   unix  -       -       n       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       n       -       -       lmtp
anvil     unix  -       -       n       -       1       anvil
scache    unix  -       -       n       -       1       scache

spamm      unix  -       n       n       -       -       pipe flags=Rq user=spamd argv=/usr/local/bin/spamm.sh -f ${sender} -- ${recipient}
```

main.cf:


```
queue_directory = /var/spool/postfix
command_directory = /usr/local/sbin
daemon_directory = /usr/local/libexec/postfix
data_directory = /var/db/postfix
mail_owner = postfix
unknown_local_recipient_reject_code = 550
mynetworks_style = host
smtpd_banner = $myhostname ESMTP $mail_name
biff = no
debug_peer_level = 2
debugger_command =
	 PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
	 ddd $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/local/sbin/sendmail
newaliases_path = /usr/local/bin/newaliases
mailq_path = /usr/local/bin/mailq
setgid_group = maildrop
html_directory = /usr/local/share/doc/postfix
manpage_directory = /usr/local/man
sample_directory = /usr/local/etc/postfix
readme_directory = /usr/local/share/doc/postfix
mydomain = flying
myhostname = dove.flying
mynetworks_style = host
myorigin = dove.flying
mynetworks = 127.0.0.0/8
smtpd_tls_cert_file = /etc/ssl/certs/dovecot.pem
smtpd_tls_key_file = /etc/ssl/private/dovecot.pem
smtpd_use_tls = yes
smtpd_tls_auth_only = yes
smtpd_tls_received_header = yes
smtpd_tls_loglevel = 1
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
inet_interfaces = all
smtpd_sasl_auth_enable = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = /var/spool/postfix/private/dovecot-auth
smtpd_sasl_authenticated_header = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
broken_sasl_auth_clients = yes
smtp_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks
tls_random_source = dev:/dev/urandom
content_filter=scan:127.0.0.1:10026
receive_override_options = no_address_mappings
```

clamd.conf:

```
LogFile /var/log/clamav/clamd.log

LogFileMaxSize 10M
PidFile /var/run/clamav/clamd.pid
DatabaseDirectory /var/db/clamav
LocalSocket /var/run/clamav/clamd.sock
FixStaleSocket yes
TCPSocket 3310
TCPAddr 127.0.0.1
User clamav
AllowSupplementaryGroups yes
ScanMail yes
```

clamsmtpd.conf:


```
OutAddress: 10026
Listen: 127.0.0.1:10025
ClamAddress: /var/run/clamav/clamd.sock
User: clamav
```

rc.conf:


```
gateway_enable="YES"
hostname="dove.flying"
ifconfig_sis0="DHCP"
keymap="german.iso"
moused_enable="YES"
moused_flags="-3"
sshd_enable="YES"
sendmail_enable="NONE"
sendmail_submit_enable="NO"
sendmail_outbound_enable="NO"
sendmail_msp_queue_enable="NO"
postfix_enable="YES"
dovecot_enable="YES"
clamd_enable="YES"
clamav_clamd_enable="YES"
clamav_clamd_socket="/var/run/clamav/clamd.sock"
apache22_enable="YES"
apache22_http_accept_enable="YES"
spamd_enable="YES"
spamd_flags="-u spamd -H /var/spool/spamd"


# -- sysinstall generated deltas -- # Sat Mar  6 08:55:36 2010
ifconfig_sis0="DHCP"
hostname="dove.flying"
# -- sysinstall generated deltas -- # Sat Mar  6 21:38:12 2010
ifconfig_sis0="DHCP"
hostname="dove.flying"
```

I would be extremely gratefuly for any help with this. Thank you in advance for looking at it.


----------



## LeServal (Mar 16, 2010)

II/II


maillog - if anything works, then only because I turn off clamav:


```
(blah...blah... failing stuff)

Mar 16 07:58:42 dove postfix/smtp[1262]: connect to 127.0.0.1[127.0.0.1]:10026: Connection refused
Mar 16 07:58:42 dove postfix/smtp[1262]: 448BD55347F: to=<root@dove.flying>, orig_to=<root>, relay=none, delay=2228, delays=2228/0.01/0/0, dsn=4.4.1, status=deferred (connect to 127.0.0.1[127.0.0.1]:10026: Connection refused)
Mar 16 08:01:06 dove postfix/postfix-script[1394]: stopping the Postfix mail system
Mar 16 08:01:06 dove postfix/master[999]: terminating on signal 15
Mar 16 08:01:06 dove dovecot: Killed with signal 15 (by pid=0 uid=0 code=unknown 0)
Mar 16 08:01:07 dove spamd[894]: spamd: server killed by SIGTERM, shutting down 
Mar 16 08:01:57 dove spamd[892]: logger: removing stderr method 
Mar 16 08:02:02 dove spamd[894]: spamd: server started on port 783/tcp (running version 3.2.5) 
Mar 16 08:02:02 dove spamd[894]: spamd: server pid: 894 
Mar 16 08:02:02 dove spamd[894]: spamd: server successfully spawned child process, pid 901 
Mar 16 08:02:02 dove spamd[894]: spamd: server successfully spawned child process, pid 902 
Mar 16 08:02:02 dove spamd[894]: prefork: child states: IS 
Mar 16 08:02:02 dove spamd[894]: prefork: child states: II 
Mar 16 08:02:05 dove dovecot: Dovecot v1.2.4 starting up
Mar 16 08:02:06 dove postfix/postfix-script[998]: starting the Postfix mail system
Mar 16 08:02:07 dove postfix/master[999]: daemon started -- version 2.6.5, configuration /usr/local/etc/postfix
Mar 16 08:04:20 dove postfix/pickup[1024]: B33FC553480: uid=0 from=<root>
Mar 16 08:04:20 dove postfix/cleanup[1169]: B33FC553480: message-id=<20100316070420.B33FC553480@dove.flying>
Mar 16 08:04:20 dove postfix/qmgr[1025]: B33FC553480: from=<root@dove.flying>, size=302, nrcpt=1 (queue active)
Mar 16 08:04:20 dove postfix/smtp[1171]: connect to 127.0.0.1[127.0.0.1]:10026: Connection refused
Mar 16 08:04:20 dove postfix/smtp[1171]: B33FC553480: to=<root@dove.flying>, orig_to=<root>, relay=none, delay=0.13, delays=0.1/0.03/0/0, dsn=4.4.1, status=deferred (connect to 127.0.0.1[127.0.0.1]:10026: Connection refused)
Mar 16 08:12:12 dove postfix/qmgr[1025]: B33FC553480: from=<root@dove.flying>, size=302, nrcpt=1 (queue active)
Mar 16 08:12:12 dove postfix/smtp[1241]: connect to 127.0.0.1[127.0.0.1]:10026: Connection refused
Mar 16 08:12:12 dove postfix/smtp[1241]: B33FC553480: to=<root@dove.flying>, orig_to=<root>, relay=none, delay=471, delays=471/0.01/0/0, dsn=4.4.1, status=deferred (connect to 127.0.0.1[127.0.0.1]:10026: Connection refused)
Mar 16 08:13:04 dove postfix/postfix-script[1358]: stopping the Postfix mail system
Mar 16 08:13:04 dove postfix/master[999]: terminating on signal 15
Mar 16 08:13:04 dove dovecot: Killed with signal 15 (by pid=0 uid=0 code=unknown 0)
Mar 16 08:13:04 dove spamd[894]: spamd: server killed by SIGTERM, shutting down 
Mar 16 08:13:54 dove spamd[892]: logger: removing stderr method 
Mar 16 08:13:59 dove spamd[894]: spamd: server started on port 783/tcp (running version 3.2.5) 
Mar 16 08:13:59 dove spamd[894]: spamd: server pid: 894 
Mar 16 08:13:59 dove spamd[894]: spamd: server successfully spawned child process, pid 901 
Mar 16 08:13:59 dove spamd[894]: spamd: server successfully spawned child process, pid 902 
Mar 16 08:13:59 dove spamd[894]: prefork: child states: II 
Mar 16 08:14:02 dove dovecot: Dovecot v1.2.4 starting up
Mar 16 08:14:03 dove postfix/postfix-script[998]: starting the Postfix mail system
Mar 16 08:14:04 dove postfix/master[1005]: daemon started -- version 2.6.5, configuration /usr/local/etc/postfix
Mar 16 08:14:32 dove postfix/pickup[1024]: 7EA82553481: uid=0 from=<root>
Mar 16 08:14:32 dove postfix/cleanup[1156]: 7EA82553481: message-id=<20100316071432.7EA82553481@dove.flying>
Mar 16 08:14:32 dove postfix/qmgr[1025]: 7EA82553481: from=<root@dove.flying>, size=293, nrcpt=1 (queue active)
Mar 16 08:14:32 dove postfix/smtp[1158]: connect to 127.0.0.1[127.0.0.1]:10026: Connection refused
Mar 16 08:14:32 dove postfix/smtp[1158]: 7EA82553481: to=<root@dove.flying>, orig_to=<root>, relay=none, delay=0.08, delays=0.05/0.03/0/0, dsn=4.4.1, status=deferred (connect to 127.0.0.1[127.0.0.1]:10026: Connection refused)
Mar 16 08:15:13 dove postfix/postfix-script[1280]: stopping the Postfix mail system
Mar 16 08:15:13 dove postfix/master[1005]: terminating on signal 15
Mar 16 08:15:13 dove dovecot: Killed with signal 15 (by pid=0 uid=0 code=unknown 0)
Mar 16 08:15:14 dove spamd[894]: spamd: server killed by SIGTERM, shutting down 
Mar 16 08:16:04 dove spamd[892]: logger: removing stderr method 
Mar 16 08:16:09 dove spamd[894]: spamd: server started on port 783/tcp (running version 3.2.5) 
Mar 16 08:16:09 dove spamd[894]: spamd: server pid: 894 
Mar 16 08:16:09 dove spamd[894]: spamd: server successfully spawned child process, pid 901 
Mar 16 08:16:09 dove spamd[894]: spamd: server successfully spawned child process, pid 902 
Mar 16 08:16:09 dove spamd[894]: prefork: child states: II 
Mar 16 08:16:12 dove dovecot: Dovecot v1.2.4 starting up
Mar 16 08:16:13 dove postfix/postfix-script[1004]: starting the Postfix mail system
Mar 16 08:16:13 dove postfix/master[1005]: daemon started -- version 2.6.5, configuration /usr/local/etc/postfix
Mar 16 08:16:28 dove postfix/pickup[1024]: C8C18553482: uid=0 from=<root>
Mar 16 08:16:28 dove postfix/cleanup[1156]: C8C18553482: message-id=<20100316071628.C8C18553482@dove.flying>
Mar 16 08:16:28 dove postfix/qmgr[1025]: C8C18553482: from=<root@dove.flying>, size=293, nrcpt=1 (queue active)
Mar 16 08:16:28 dove postfix/smtp[1158]: connect to 127.0.0.1[127.0.0.1]:10026: Connection refused
Mar 16 08:16:28 dove postfix/smtp[1158]: C8C18553482: to=<root@dove.flying>, orig_to=<root>, relay=none, delay=0.08, delays=0.05/0.03/0/0, dsn=4.4.1, status=deferred (connect to 127.0.0.1[127.0.0.1]:10026: Connection refused)
```


----------



## graudeejs (Mar 16, 2010)

I've yet to read your post, but you could take a look at this
http://forums.freebsd.org/showthread.php?t=10728


----------



## graudeejs (Mar 16, 2010)

I think you need to add something like this in master.cf

```
# For injecting mail back into postfix from the filter
IP_of_jail:10026 inet  n -       n       -       16      smtpd
        -o content_filter=
        -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
        -o smtpd_helo_restrictions=
        -o smtpd_client_restrictions=
        -o smtpd_sender_restrictions=
        -o smtpd_recipient_restrictions=permit_mynetworks,reject
        -o mynetworks_style=host
        -o smtpd_authorized_xforward_hosts=IP_of_jail
```


----------



## LeServal (Mar 16, 2010)

Thank you.

I think I have such a line as you mentioned, do I not?

But in the very interesting link you passed, I noticed I had forgotten to set

clamsmtpd_enable="YES"

in rc.conf...

If anything else is discovered, please mention it; this evening I shall attempt another configuration experiment.


----------



## LeServal (Mar 16, 2010)

Thank you.

I think I have such a line as you mentioned, do I not?

But in the very interesting link you passed, I noticed I had forgotten to set


```
clamsmtpd_enable="YES"
```

in rc.conf...

If anything else is discovered, please mention it; this evening I shall attempt another configuration experiment.


----------



## graudeejs (Mar 16, 2010)

in your config you have port 10025, I have 10026...


----------



## LeServal (Mar 16, 2010)

It did NOT work. Starting clamsmtpd in rc.conf resulted either it it telling me on startup that the port 10025 was already used, or, if in master.cf I am using port 10026, it started fine, but when I tried to send a message it was returned (i.e., failed to be delivered) with the notice that it needed too many hops. Any ideas what to do now?


----------



## graudeejs (Mar 16, 2010)

well, postfix is trying to connect to port 10026
from your logs

```
Mar 16 08:16:28 dove postfix/smtp[1158]: connect to 127.0.0.1[127.0.0.1]:10026: Connection refused
```


----------



## graudeejs (Mar 16, 2010)

and in your original mail.cf you have
content_filter = scan:127.0.0.1:10026


----------



## LeServal (Mar 16, 2010)

Dear Killasmurf,

Maybe I am misunderstanding this whole re-injection scheme, so could you please clarify:

I have the following statements across the config files, _x_, _y_, _z_ & _q_ being numbers:

master.cf:
127.0.0.1:_x_ inet ...

main.cf:
content_filter = scan:127.0.0.1:_y_

clamsmtpd.conf:
OutAddress:_z_
Listen: 127.0.0.1:_q_

Now, if I understood correctly, y and q are the same, as that is how postfix sends the mail to clamsmtpd, and then z and x are the same, because that is how clamsmtpd sends the scanned mail back to postfix - or did I misunderstand anything?! And if I put x and y as being the same, do I not "short-circuit" it, so that clamsmtpd never actually sees the mail? - This is all very new to me, so please accept my apology if my assumptions are entirely wrong.


----------



## LeServal (Mar 17, 2010)

Yippie, IT IS ALIVE! 

OK, first thing: yes, 10026 as you and several other tutorials said, mea culpa; second thing: when I did it, it started to bounce giving me "too many hops" errors - and then I understood that actually I do need that empty -o content_filter in master.cf, otherwise it would just continue to resubmit it...

Thank you for looking at it.


----------

