Paul Koufalas
2005-Jul-02 01:58 UTC
Port redirection on standalone pc to pop3 proxy AV scanner
G''day all. I''m trying to set up Clam AV scanning of incoming POP3 email to my Thunderbird mail client; I have a standalone laptop with a 56k dialup connection to my ISP. I can''t seem to get port redirection working: I''m trying to redirect incoming POP3 mail from my ISP''s mail server to p3scan which is listening on 127.0.0.1:8110 and will do the AV checking with the Clam AV daemon. For the port redirection, I have put in my /etc/shorewall/rules the line DNAT net fw:127.0.0.1:8110 tcp pop3 - !127.0.0.1 p3scan is listening on 127.0.0.1:8110, and I''ve confirmed that using ''lsof -i''. I''ve also tried changing pop3 from dst port to src port in the rule (after ''tcpdump -i ppp0'' showed that port 110 was associated with my ISP''s mail server, and this server was sending email to a different (high numbered) port on my Thunderbird client.) I''ve also checked shorewall.conf, /etc/network/options and /proc/sys/net/ipv4/ip_forward and ip_dynaddr (?) to make sure that IP forwarding is enabled (and it wasn''t to begin with). I''ve also checked via ''ifconfig lo'' that interface lo is up (it wasn''t to begin with). The output of ''shorewall show nat'' shows zero packets against the redirection rule no matter what I seem to do. I''ve had a look at the shorewall FAQ but that only gave me the idea to append !127.0.0.1 to the rule, which didn''t help. So I also tried substituting the DHCP assigned IP address on ppp0 local into the redirection rule (in place of !127.0.0.1) but that didn''t help either. Can anyone point me in the right direction? At risk of information overload, here is the output from ''shorewall show'', Chain INPUT (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 0 0 DROP !icmp -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID 0 0 ppp0_in all -- ppp0 * 0.0.0.0/0 0.0.0.0/0 0 0 ath0_in all -- ath0 * 0.0.0.0/0 0.0.0.0/0 0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:INPUT:REJECT:'' 0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0 Chain FORWARD (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 DROP !icmp -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID 0 0 ppp0_fwd all -- ppp0 * 0.0.0.0/0 0.0.0.0/0 0 0 ath0_fwd all -- ath0 * 0.0.0.0/0 0.0.0.0/0 0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:FORWARD:REJECT:'' 0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0 Chain OUTPUT (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0 0 0 DROP !icmp -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID 0 0 ACCEPT udp -- * ath0 0.0.0.0/0 0.0.0.0/0 udp dpts:67:68 0 0 fw2net all -- * ppp0 0.0.0.0/0 0.0.0.0/0 0 0 fw2net all -- * ath0 0.0.0.0/0 0.0.0.0/0 0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:OUTPUT:REJECT:'' 0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0 Chain Drop (1 references) pkts bytes target prot opt in out source destination 0 0 RejectAuth all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 dropBcast all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 dropInvalid all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 DropSMB all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 DropUPnP all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 dropNotSyn all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 DropDNSrep all -- * * 0.0.0.0/0 0.0.0.0/0 Chain DropDNSrep (2 references) pkts bytes target prot opt in out source destination 0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:53 Chain DropSMB (1 references) pkts bytes target prot opt in out source destination 0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:135 0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpts:137:139 0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:445 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:135 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:139 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:445 Chain DropUPnP (2 references) pkts bytes target prot opt in out source destination 0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:1900 Chain Reject (4 references) pkts bytes target prot opt in out source destination 0 0 RejectAuth all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 dropBcast all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 dropInvalid all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 RejectSMB all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 DropUPnP all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 dropNotSyn all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 DropDNSrep all -- * * 0.0.0.0/0 0.0.0.0/0 Chain RejectAuth (2 references) pkts bytes target prot opt in out source destination 0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:113 Chain RejectSMB (1 references) pkts bytes target prot opt in out source destination 0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:135 0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpts:137:139 0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:445 0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:135 0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:139 0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:445 Chain all2all (0 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:all2all:REJECT:'' 0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0 Chain ath0_fwd (1 references) pkts bytes target prot opt in out source destination 0 0 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID,NEW 0 0 ACCEPT all -- * ppp0 0.0.0.0/0 0.0.0.0/0 Chain ath0_in (1 references) pkts bytes target prot opt in out source destination 0 0 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID,NEW 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpts:67:68 0 0 net2fw all -- * * 0.0.0.0/0 0.0.0.0/0 Chain dropBcast (2 references) pkts bytes target prot opt in out source destination 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 PKTTYPE = broadcast 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 PKTTYPE = multicast Chain dropInvalid (2 references) pkts bytes target prot opt in out source destination 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID Chain dropNotSyn (2 references) pkts bytes target prot opt in out source destination 0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:!0x16/0x02 Chain dynamic (4 references) pkts bytes target prot opt in out source destination Chain fw2net (2 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 Chain icmpdef (0 references) pkts bytes target prot opt in out source destination Chain net2all (1 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 Drop all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:net2all:DROP:'' 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain net2fw (2 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8 0 0 ACCEPT tcp -- * * 0.0.0.0/0 127.0.0.1 tcp dpt:8110 ctorigdst !127.0.0.1 0 0 net2all all -- * * 0.0.0.0/0 0.0.0.0/0 Chain ppp0_fwd (1 references) pkts bytes target prot opt in out source destination 0 0 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID,NEW 0 0 ACCEPT all -- * ath0 0.0.0.0/0 0.0.0.0/0 Chain ppp0_in (1 references) pkts bytes target prot opt in out source destination 0 0 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID,NEW 0 0 net2fw all -- * * 0.0.0.0/0 0.0.0.0/0 Chain reject (11 references) pkts bytes target prot opt in out source destination 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 PKTTYPE = broadcast 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 PKTTYPE = multicast 0 0 DROP all -- * * 255.255.255.255 0.0.0.0/0 0 0 DROP all -- * * 224.0.0.0/4 0.0.0.0/0 0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 reject-with tcp-reset 0 0 REJECT udp -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable 0 0 REJECT icmp -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-unreachable 0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain shorewall (0 references) pkts bytes target prot opt in out source destination Chain smurfs (0 references) pkts bytes target prot opt in out source destination 0 0 LOG all -- * * 255.255.255.255 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:smurfs:DROP:'' 0 0 DROP all -- * * 255.255.255.255 0.0.0.0/0 0 0 LOG all -- * * 224.0.0.0/4 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:smurfs:DROP:'' 0 0 DROP all -- * * 224.0.0.0/4 0.0.0.0/0
Cristian Rodriguez
2005-Jul-02 02:41 UTC
Re: Port redirection on standalone pc to pop3 proxy AV scanner
2005/7/1, Paul Koufalas <paul.koufalas@senet.com.au>:> > Can anyone point me in the right direction?yes, 1. take a different aproach.. you seems to need fetchmail http://www.catb.org/~esr/fetchmail/ and pass the mail to clamd using any content-filtering software or your MTA. 2. did you read the FAQ 27 ? 3. use an antivirus in you workstation, there are some decent free antivirus,like clamwin, AVG Free edition (tm) or Avast free edition(tm).
Paul Gear
2005-Jul-02 06:30 UTC
Re: Port redirection on standalone pc to pop3 proxy AV scanner
Cristian Rodriguez wrote:> ... > 1. take a different aproach.. > you seems to need fetchmail > http://www.catb.org/~esr/fetchmail/ and pass the mail to clamd using > any content-filtering software or your MTA.I like the combination of postfix, amavisd-new, clamav, and spam assassin as documented here: http://www.fatofthelan.com/articles/articles.php?pid=22> 3. use an antivirus in you workstation, there are some decent free > antivirus,like clamwin, AVG Free edition (tm) or Avast free > edition(tm).Some of us use real operating systems on our workstations, Cristian... ;-) -- Paul <http://paulgear.webhop.net> -- Did you know? If you use two dashes followed by a space as your signature separator, good email programs will chop them off automatically, reducing noise in email replies.
Cristian Rodriguez
2005-Jul-02 06:37 UTC
Re: Re: Port redirection on standalone pc to pop3 proxy AV scanner
2005/7/2, Paul Gear <paul@gear.dyndns.org>:> Cristian Rodriguez wrote: > > ... > > 1. take a different aproach.. > > you seems to need fetchmail > > http://www.catb.org/~esr/fetchmail/ and pass the mail to clamd using > > any content-filtering software or your MTA. > > I like the combination of postfix, amavisd-new, clamav, and spam > assassin as documented here: > http://www.fatofthelan.com/articles/articles.php?pid=22 > > > 3. use an antivirus in you workstation, there are some decent free > > antivirus,like clamwin, AVG Free edition (tm) or Avast free > > edition(tm). > > Some of us use real operating systems on our workstations, Cristian... ;-) >I also use linux daily on my desktop,no windows here :D If he is worried about virus,seems to be using windows (the OP don''t say what OS is using) IMHO virus on linux are not a real concern .. -- Cristian Rodriguez. "for DVDs in Linux screw the MPAA and ; do dig $DVDs.z.zoy.org ; done | \ perl -ne ''s/\.//g; print pack("H224",$1) if(/^x([^z]*)/)'' | gunzip"
Paul Koufalas
2005-Jul-02 09:49 UTC
Re: Port redirection on standalone pc to pop3 proxy AV scanner
Cristian Rodriguez wrote:> 2005/7/2, Paul Gear <paul@gear.dyndns.org>: > > >> Cristian Rodriguez wrote: >> >> >>> ... >>> 1. take a different aproach.. >>> you seems to need fetchmail >>> http://www.catb.org/~esr/fetchmail/ and pass the mail to clamd using >>> any content-filtering software or your MTA. >>> >> >> I like the combination of postfix, amavisd-new, clamav, and spam >> assassin as documented here: >> http://www.fatofthelan.com/articles/articles.php?pid=22 >> >> >> >>> 3. use an antivirus in you workstation, there are some decent free >>> antivirus,like clamwin, AVG Free edition (tm) or Avast free >>> edition(tm). >>> >> >> Some of us use real operating systems on our workstations, >> Cristian... ;-) >> >> > > > I also use linux daily on my desktop,no windows here :D > If he is worried about virus,seems to be using windows (the OP don''t > say what OS is using) > IMHO virus on linux are not a real concern .. > > > > >Thanks for the replies. My O/S is Ubuntu Hoary Hedgehog 5.04 [based on Debian] and I initially posted this question on an Ubuntu forum (with no success last time I checked). [BTW, I am also running XP on the same pc (laptop), and happily use ClamWin with Thunderbird.] Cheers, Paul.
Paul Koufalas
2005-Jul-04 12:39 UTC
Re: Re: Port redirection on standalone pc to pop3 proxy AV scanner
G''day Cristian and Paul (and everyone else), I just wanted to close this thread off. I now have p3scan working with shorewall and clamav on my standalone linux laptop. I originally had in my /etc/shorewall/rules DNAT net fw:127.0.0.1:8110 tcp pop3 (or equivalently, REDIRECT net 8110 tcp pop3) but what I actually needed to have was REDIRECT fw 8110 tcp pop3 - - - !clamav I''m running the p3scan daemon as user clamav, and have changed uid/guid on /var/spool/p3scan and /var/run/p3scan frrom p3scan to clamav--as user p3scan I was getting permission denied when calling clamdscan. So shorewall + clamav + p3scan is a working configuration. Clamav + p3scan must be popular as config parameters are given in the ClamAV FAQ. Though p3scan also supports spamassassin, I''m happy enough with Thunderbird''s spam filter. Thanks again for your help. Cheers, Paul.
Paul Gear
2005-Jul-05 00:23 UTC
Re: Port redirection on standalone pc to pop3 proxy AV scanner
Paul Koufalas wrote:> G''day Cristian and Paul (and everyone else), > > I just wanted to close this thread off. I now have p3scan working with > shorewall and clamav on my standalone linux laptop.Good to hear!> ... > Clamav + p3scan must be popular as config > parameters are given in the ClamAV FAQ. Though p3scan also supports > spamassassin, I''m happy enough with Thunderbird''s spam filter.It''s funny, but even though Mozilla''s spam filter is quite effective, it still annoys my wife that she gets so much spam. She seems compelled to continue looking at the new spam in the Junk folder. Go figure... ;-) -- Paul Gear, Manager IT Operations, Redlands College 38 Anson Road, Wellington Point 4160, Australia (Please send attachments in portable formats such as PDF, HTML, or OpenOffice.) -- The information contained in this message is copyright by Redlands College. Any use for direct sales or marketing purposes is expressly forbidden. This message does not represent the views of Redlands College.