Using Dr.Web Mail Security Suite in Transparent Proxy Mode

In this section

Configuring Dr.Web MailD Settings

Configuring Transparent Proxy Parameters

Configuring Scan Settings

This feature is available only for distributions designed for OSes of the GNU/Linux family.

If your mail server cannot be integrated with Dr.Web Mail Security Suite via Milter, Spamd or Rspamd interfaces or via the ClamAV protocol, you can protect it with the Dr.Web Firewall for Linux component. You need to configure it so that all data being received by the server having Dr.Web Mail Security Suite installed are scanned by the SpIDer Gate network connection monitor (a transparent proxy mode).

Configuring Dr.Web MailD Settings

To integrate Dr.Web MailD with your mail server, edit the values of the following parameters in the [MailD] section of the configuration file:

as the TemplateContacts parameter value, specify an address of a UNIX mail server administrator to whom messages with detected threats will be sent;

as the ReportLanguages parameter value, specify a language to be used when generating service email messages;

as the RepackPassword parameter value, specify a method for generating passwords for protected archives with threats added in the process of repacking.

Configuring Transparent Proxy Parameters

To configure the transparent proxy mode, change the values of the parameters provided in the Dr.Web Firewall for Linux settings section of the configuration file (the [LinuxFirewall] section):

Parameter

Required value

InspectSmtp

On if it is required to intercept SMTP traffic (data transfer between a MUA and an MTA or between an MTA and an MTA);

Off if it is not required to intercept SMTP traffic

InspectPop3

On if it is required to intercept POP3 traffic (data transfer between a MUA and an MDA);

Off if it is not required to intercept POP3 traffic

InspectImap

On if it is required to intercept IMAP traffic (data transfer between a MUA and an MDA);

Off if it is not required to intercept IMAP traffic

AutoconfigureIptables

Yes

AutoconfigureRouting

Yes

LocalDeliveryMark

Auto

ClientPacketsMark

Auto

ServerPacketsMark

Auto

TproxyListenAddress

127.0.0.1:0

If a custom IP address or port is used in Dr.Web Firewall for Linux operation, specify them here.

OutputDivertEnable

Yes if it is required to intercept outgoing connections (connections initiated on the current host, for example, connections initiated by your MTA);

No if it is not required to intercept outgoing connections

OutputDivertNfqueueNumber

Auto

OutputDivertConnectTransparently

No

InputDivertEnable

Yes if it is required to intercept incoming connections (that is, connections initiated on a remote host and whose server side is an application that works on the current host, for example, an MTA);

No if it is not required to intercept incoming connections

InputDivertNfqueueNumber

Auto

InputDivertConnectTransparently

Yes

To view and change the settings of Dr.Web Firewall for Linux, use the following:

Dr.Web Ctl command-line management tool (use the drweb-ctl cfshow and drweb-ctl cfset commands);

Dr.Web Mail Security Suite management web interface (by default, you can access it via a web browser at https://127.0.0.1:4443).

To enable integration of Dr.Web Mail Security Suite into channels of email delivery that use an SSL/TLS secure connection

1.Enable scanning of SSL/TLS traffic:

# drweb-ctl cfset LinuxFirewall.UnwrapSsl Yes

It is recommended to use the cfset command of the drweb-ctl tool or the management web interface, because in this case the scanning rules depending on this parameter will change automatically.

2.Export the certificate to be used for establishing SSL/TLS connections:

$ drweb-ctl certificate > <cert_name>.pem

3.Add the obtained certificate to the system list of trusted certificates and specify it as a trusted certificate for your mail clients and mail server. For details, see the Appendix E. Generating SSL Certificates section.

Configuring Scan Settings

Set the values of the following parameters in the Dr.Web Firewall for Linux settings section (the [LinuxFirewall] section) of the configuration file:

1.Parameters of scanning email messages and attachments detected in them that limit a time interval and resource intensity of email message scanning (ScanTimeout, HeuristicAnalysis, PackerMaxLevel, ArchiveMaxLevel, MailMaxLevel, ContainerMaxLevel and MaxCompressionRatio). If you do not need to adjust the parameters in detail, do not change their values.

2.Block* parameters specifying the settings for scanning links and files in email messages.

3.BlockUnchecked parameter specifying actions to be applied by Dr.Web MailD in case it is impossibile to scan a received email message. If this parameter is set to Yes, such message will be rejected.

For more detailed configuration of the filtering rules, edit the Lua procedure or the RuleSet rules.

After the settings are adjusted, reload the Dr.Web Mail Security Suite configuration using the command:

# drweb-ctl reload

You can also restart Dr.Web Mail Security Suite by restarting the Dr.Web ConfigD configuration management daemon using the command:

# service drweb-configd restart