Hi Ken,
I know we can implement Auth-SMTP on the actual ClamAV server and that
this is more a sendmail config question than a Clamav one.
Sendmail can authenticate via LDAP, RADIUS, Kerboros or a number of
other auth protocols. However what we require is that the
CLAMAV(sendmail) system use SMTP-AUTH (i.e. it starts a SMTP session
with the terminating MX and checks the authentication of the user that
way via ESMTP) the system that holds the user database is propritary and
does not support any other way of authenticating the users (i.e. LDAP).
---------- 1.ESMTP ------------- 2.ESMTP ------------------
| Client |---------->|CLAMAV |------------>|Terminating MX |
| | |(Sendmail) | |(that holds |
| |<----------| |<------------| User Database) |
---------- ------------- ------------------
4. Allow to relay 3.ESMTP Auth response
1. Client connects to CLAMav and sends auth info
2. CLAMav sets up a new ESMTP port 25 connection to the terminating MX
and test user details for validity
3. Terminating MX that holds Authentication database (propriety
database) sends response via ESMTP either authenticated or rejected
4. CLAMav based on response from terminating MX allows or denies the
user the ability to relay thru the server.
Regards
Dave
-----Original Message-----
From: Ken Jones [mailto:[EMAIL PROTECTED]
Sent: 11 November 2004 13:17
To: ClamAV users ML
Subject: Re: [Clamav-users] Using Clam-AV with a SMTP-Auth proxy
> Hi,
>
> We are putting in place an in-line av scanner for a public domain
> using clamav. the ClamAV is running under sendmail 8.12 on the server
Good idea.
>
> We have got everything working however we need to provide support for
> Authenticated SMTP. Is there any way to get sendmail to proxy the
> Authenticated SMTP to the final destination server?
Well, this is a sendmail, not a clamav issue. That said sendmail has the
ability to auth against many different mechimesims. You would need to
look at what mechimesims are available on the remote server and see if
sendmail supports it.
>
> Example:
>
> 1. User makes a connection to Clamav(sendmail)on port 25.
connect to sendmail
> 2. The user then sends their auth details using ESMTP to the AV
> scanner system. 3. Sendmail on the ClamAV system would try this user &
> password pair on the terminating MX server which holds the auth
> details for all users.(a different server)
on a single server providing auth, not a bank of servers providing auth
for different users.
> 4. If Sendmail recieves a positive response regaring the
> authentication from the terminating MX, Sendmail will add the IP
> address of the client into the local IP access list to allow the
> system to relay through the clam system.
Once authorized, they can relay through this host. That is the point of
authorization.
Here is a link for using Cyrus SASL2 for sendmail auth.
http://www.jonfullmer.com/smtpauth/
>
> Thanks
>
> Dave
>
> ______________________________________________________________________
> This email has been scanned by the MessageLabs Email Security System.
> For more information please visit http://www.messagelabs.com/email
> ______________________________________________________________________
> _______________________________________________
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
-- Ken
--
Ken Jones
[EMAIL PROTECTED]
_______________________________________________
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
______________________________________________________________________
______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
______________________________________________________________________
_______________________________________________
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
