In this section
•Configuring Dr.Web MailD Parameters
•Configuring the Transparent Proxy Parameters
|
This option is available only in the product distributions for GNU/Linux OSs. |
If your mail server cannot be integrated with Dr.Web for UNIX Mail Servers via Milter, Spamd or Rspamd interfaces or via the ClamAV protocol, you can protect it with the Dr.Web Firewall for Linux. You need to configure Dr.Web Firewall for Linux so that all data coming to the server with Dr.Web for UNIX Mail Servers installed be checked by the SpIDer Gate network connections monitor (transparent proxy mode).
Configuring Dr.Web MailD Parameters
To configure Dr.Web for UNIX Mail Servers, edit the values of the following parameters in the [MailD] section) in the configuration file:
•using TemplateContacts and ReportLanguages parameters, specify the parameters of email generation when repacking email messages with threats and/or spam;
•for the TemplateContacts parameter specify the address of the mail server administrator to whom the messages will be sent if threats or spam are detected;
•in the RepackPassword parameter value, specify the method of passwords generation for protected archives with threats to be added to email messages when being repacked.
Configuring the Transparent Proxy Parameters
To configure the Transparent Proxy Mode, change the values in the [LinuxFirewall] section in the configuration file:
Parameter |
Required value |
|---|---|
InspectSmtp |
•On if it is required to intercept data that is transferred via SMTP (data transfer between MUA and MTA or between MTA and MTA); •Off if it is not required to intercept data that is transferred via SMTP |
InspectPop3 |
•On if it is required to intercept data that is transferred via POP3 (data transfer between MUA and MDA); •Off if it is not required to intercept data that is transferred via POP3 |
InspectImap |
•On if it is required to intercept data that is transferred via IMAP (data transfer between MUA and MDA); •Off if it is not required to intercept data that is transferred via IMAP |
AutoconfigureIptables |
Yes |
AutoconfigureRouting |
Yes |
LocalDeliveryMark |
Auto |
ClientPacketsMark |
Auto |
ServerPacketsMark |
Auto |
TproxyListenAddress |
127.0.0.1:0 If a special IP address or port are used for the Dr.Web Firewall for Linux operation, specify them here |
OutputDivertEnable |
•Yes if it is required to intercept outgoing connections (connections that are initiated on the current host, e.g., connections that are initiated by MTA); •No if it is not required to intercept outgoing connections |
OutputDivertNfqueueNumber |
Auto |
OutputDivertConnectTransparently |
No |
InputDivertEnable |
•Yes if it is required to intercept incoming connections (connections that are initiated on the remote host and which server side is an application that works on the current host, e.g., MTA); •No if it is not required to intercept incoming connections |
InputDivertNfqueueNumber |
Auto |
InputDivertConnectTransparently |
Yes |
To view and to change the settings of Dr.Web Firewall for Linux, you can use the following means:
•The command-line-based management tool—Dr.Web Ctl (use the drweb-ctl cfshow and drweb-ctl cfset commands).
•The management web interface of Dr.Web for UNIX Mail Servers (by default, you can access it via a web browser at https://127.0.0.1:4443/).
To provide integration of Dr.Web for UNIX Mail Servers into the channels of email delivery that use the SSL/TLS secure connection:
1.Enable scanning of the traffic transmitted via SSL/TLS by indicating the value of the corresponding parameter by executing the command:
# drweb-ctl cfset LinuxFirewall.UnwrapSsl Yes |
It is recommended that the command cfset of the tool drweb-ctl or management web interface is used, because in this case the scanning rules will change automatically. They depend on this parameter.
2.Export the certificate, which will be used by Dr.Web for UNIX Mail Servers for SSL/TLS connection:
$ drweb-ctl certificate > <cert_name>.pem |
3.Add the obtained certificate to the system list of trusted certificates and specify it as the trusted certificate for mail clients and server. For details, see Appendix E. Generating SSL certificates section.
Setting the Scanning Parameters
Set the values of the following parameters in the [LinuxFirewall]section in the configuration file:
1.Parameters that limit the length and resource intensity of email message scanning (ScanTimeout, HeuristicAnalysis, PackerMaxLevel, ArchiveMaxLevel, MailMaxLevel, ContainerMaxLevel, MaxCompressionRatio). If you do not need detailed tuning, do not change the values of these parameters.
2.The Block* parameters specifying the settings for scanning links and files in email messages.
3.The BlockUnchecked, specifying the action for Dr.Web MailD to take in case of impossibility to scan the received email message. If this parameter is set to Yes, the message is to be rejected.
For a more detailed configuration of the filtering rules edit the Lua procedure or the RuleSet rules.
After all settings are adjusted, restart Dr.Web for UNIX Mail Servers with the following command:
# drweb-ctl reload |
You can also restart the configuration daemon Dr.Web ConfigD with the following command:
# service drweb-configd restart |