Using Dr.Web Mail Security Suite in Transparent Proxy Mode |
•Configuring Dr.Web MailD Settings •Configuring Transparent Proxy Parameters
If your mail server cannot be integrated with Dr.Web Mail Security Suite via Milter, Spamd or Rspamd interfaces or via the ClamAV protocol, you can protect it with the Dr.Web Firewall for Linux component. You need to configure it so that all data being received by the server having Dr.Web Mail Security Suite installed are scanned by the SpIDer Gate network connection monitor (a transparent proxy mode). Configuring Dr.Web MailD Settings To integrate Dr.Web MailD with your mail server, edit the values of the following parameters in the [MailD] section of the configuration file: •as the TemplateContacts parameter value, specify an address of a UNIX mail server administrator to whom messages with detected threats will be sent; •as the ReportLanguages parameter value, specify a language to be used when generating service email messages; •as the RepackPassword parameter value, specify a method for generating passwords for protected archives with threats added in the process of repacking. Configuring Transparent Proxy Parameters To configure the transparent proxy mode, change the values of the parameters provided in the Dr.Web Firewall for Linux settings section of the configuration file (the [LinuxFirewall] section):
To view and change the settings of Dr.Web Firewall for Linux, use the following: •Dr.Web Ctl command-line management tool (use the drweb-ctl cfshow and drweb-ctl cfset commands); •Dr.Web Mail Security Suite management web interface (by default, you can access it via a web browser at https://127.0.0.1:4443). To enable integration of Dr.Web Mail Security Suite into channels of email delivery that use an SSL/TLS secure connection 1.Enable scanning of SSL/TLS traffic:
It is recommended to use the cfset command of the drweb-ctl tool or the management web interface, because in this case the scanning rules depending on this parameter will change automatically. 2.Export the certificate to be used for establishing SSL/TLS connections:
3.Add the obtained certificate to the system list of trusted certificates and specify it as a trusted certificate for your mail clients and mail server. For details, see the Appendix E. Generating SSL Certificates section. Set the values of the following parameters in the Dr.Web Firewall for Linux settings section (the [LinuxFirewall] section) of the configuration file: 1.Parameters of scanning email messages and attachments detected in them that limit a time interval and resource intensity of email message scanning (ScanTimeout, HeuristicAnalysis, PackerMaxLevel, ArchiveMaxLevel, MailMaxLevel, ContainerMaxLevel and MaxCompressionRatio). If you do not need to adjust the parameters in detail, do not change their values. 2.Block* parameters specifying the settings for scanning links and files in email messages. 3.BlockUnchecked parameter specifying actions to be applied by Dr.Web MailD in case it is impossibile to scan a received email message. If this parameter is set to Yes, such message will be rejected. For more detailed configuration of the filtering rules, edit the Lua procedure or the RuleSet rules. After the settings are adjusted, reload the Dr.Web Mail Security Suite configuration using the command:
You can also restart Dr.Web Mail Security Suite by restarting the Dr.Web ConfigD configuration management daemon using the command:
|