Clement

Clement is a completely free and open source command-line/web-based software project implemented in C and designed from the offset to work as an e-mail server firewall, with the main purpose of trapping most of the unwanted messages (also known as spam) at the earliest possible stage, so they won’t reach your users’ inboxes.

Operates in two distinct modes

The application is engineered in such a way that it can operate in two distinct modes, either as a smart spam filtering device that transmits email messages to another SMTP (Simple Mail Transfer Protocol) server, or as a standard MTA (Mail Transfer Agent) that stores e-mail messages in the recipient's own area.

Supports popular Mail Transfer Agents

When working as Mail Transfer Agent, it is good to know that Clement supports popular MTAs, such as Sendmail, Exim, Postfix, Exchange, and many others. It filters e-mails while the SMTP session is still pending.

Designed for Red Hat Enterprise Linux

Clement is a software designed for the Red Hat Enterprise Linux (RHEL) operating system. It works, of course, with its open source derivatives, such as the popular CentOS and Scientific Linux distributions. It is compatible with both 32 and 64-bit flavors of the aforementioned distributions.

Detailed installation instructions are provided for all supported GNU/Linux OSes on the https://www-prod2.clemsafe.net//download.php?&lang=eng web page. A source RPM package is also available for download for those of you who want to inspect and hack Clement’s source code.

What is new in this release:

• This version fixes an authentication problem which posting email from Mac OS 7.1 (the authentication was never successful, the password was never seen).
• It is also able to define a specific IP as not relayable within a range of relayable IPs.

What is new in version 2.6-4.2:

• This is mainly a bugfix release, fixing a core dump event in banned/trusted server list generation.
• It fixes a local MX problem that caused email error rebounces to be lost if the domain was without a secondary MX.

What is new in version 2.6-3.8:

• This version fixed a problem where the number of "checker" processes within the configuration file was not used.
• This caused slow email processing if the number of incoming email binding was set to a high value (with over 100 emails received at the same time).
• All "checker" process were too busy making sure that received emails were good.
• The number of checkers must be roughly one for every ten incoming channels.
• Statistics for received, rejected, and quarantined emails were improved and can be displayed by site, group, domain, or user, and as pie charts.

What is new in version 2.6-3.4:

• It is compatible with Fedora 18 and its systemd init process.
• User-selected display setup (log page size) is now kept within all clement display part.
• A MySQL cron process impairing the spam detection learning process has been fixed.

What is new in version 2.6-2.16:

• The Clement email admin can now select a batch of in-transit email to be resent or cancelled. This can be done via the Web interface by clicking on all selected recipients.

What is new in version 2.6-2.11:

• This release's main improvement is the ability to define a user alias a piped process.
• This can be easily defined via the Web interface (domains manag. -> click user domain -> aliases -> New alias).
• A pipedemo.sh shell script can be used as a starting point.

What is new in version 2.6-1.1.1:

• This version's main improvement is the LDAP interface.
• It can now probe an LDAP server to check if a user exists (no need to define all users within Clement if you already have an LDAP server).
• This version adds list capabilities to find out which users are sending or receiving most of the email traffic (numbers or volumes).
• The email transit interface is improved, and allows you to select one email to be re-sent within a list of delayed messages.
• Current clement users can do an 'rpm update'; previous configurations are kept.

What is new in version 2.5-148.10:

• This production release fixes a small bug within Authentication (AUTH PLAIN) on the SMTP channel (working now with an LG smartphone type).

What is new in version 2.5-148.9:

• The local plain alias email is set as the good originator when working in smart relaying mode.
• bl.ipv6.spameatingmonkey.net was removed from the IPv6 default SBL server list, as it is no longer responding.

What is new in version 2.5-148.8:

• An improvement in smart relaying (taking care of re-bounced email).
• Fixes a bug within the B64 routine that could make one of the listening process crash in the SMTP authentication sequence.

What is new in version 2.5-148.5:

• This version adds a smart relaying improvement: when an IP is within the relayed list, "envelope from:" is checked to verify that the originator is known and still active.
• If the originator wants to use an external email reference (Hotmail, Gmail, etc.), this external email address must be found within a "multi-path" list and linked to an active known user.
• This is to avoid relay spam when the end user workstation is compromised and an unrelated "envelope from:" is used by the bots.
• Various small bugfixes and log improvements have been added.

What is new in version 2.5-148.2:

• This version supports TLS-encrypted authentication on POP3 and IMAP channels (used to check user credentials while posting email messages), and fixes a bug within a SQL call which made all SMTP input freeze once in a while (timing-dependant). Users are strongly advised to upgrade.

What is new in version 2.5-147.9:

• IP_banned email status can be overridden by standard users now.
• The banned list scan process was staying in zombie state, locking out the next scan; such updates were not transmitted to trusted remote (major bug).
• Group interface and cron activation days can all be unselected (if at least one day was not selected, saving this new configuration was not working).
• When a quarantined email is recalled, this release uses E-From domain instead of H-from domain.
• If both domains were not the same, the override directive was not working correctly with the next email

What is new in version 2.5-147.7:

• This version improves trusted/banned remote SMTP site detection speed.
• The banned list is now shared among trusted SMTP servers.

What is new in version 2.5-147.3:

• This version added support for PHP versions older than 5.2, which were missing a time zone list.
• For CentOS 5.2 to 5.8, PHP 5.3 is provided if the "extra" repository is enabled in your Clement repository.
• Upgrading is strongly recommended.

What is new in version 2.5.0-145.10:

• Relayed IP/mask are now linked to a groupid.
• Bubble help to major configuration interfaces.
• An updated Clement FAQ.
• Better journalling when a remote server is sending a request with a syntax error.
• Support script bugfixes. Works with clamav 0.97-3.
• A repo is available for clement-el6.2.rpm.

What is new in version 2.5-143.2:

• This version include one bugfix at the first install procedure.
• The install procedure now detects the server as improperly configured if the server name can't be resolved to (at least) one IPV4 IP number.

What is new in version 2.5.0.142-15:

• Various bugs were fixed.
• A sending trace is now available for each email to help the system administrator diagnose problems with delayed transmissions.

What is new in version 2.5-142.5:

• This version makes many improvements regarding posting email.
• Mail logs now include exchange traces with remote systems for every email set with trouble status (remote recipient unknown, mail rejected under various conditions).
• It now possible to access those logs from the Web interface.