In this section
•Sample Settings for Specific MTAs
This method of integration implies connecting Dr.Web MailD directly to a mail server as an external filter for scanning email messages. Any mail server (such as Exim, Sendmail, Postfix and so on) that uses the Milter, Spamd or Rspamd interface is supported. When using the Postfix mail server, the component can also operate in SMTP mode (for more on operation principles in SMTP mode, refer to Integration with Dr.Web vxCube).
1.Connecting via the Milter, Spamd or Rspamd interface
To integrate Dr.Web MailD with your mail server, edit the values of the following parameters in the [MailD] section of the configuration file:
•Parameters for integrating Dr.Web MailD with an MTA. Select an interface for the integration (Milter, Spamd or Rspamd) and specify MTA connection parameters and parameters for scanning email messages received via this interface. All Dr.Web MailD parameters for the integration via a specific interface have respective prefixes in their names (Milter*, Spamd* or Rspamd*).
1.<interface>Socket—UNIX socket or a network socket to be used by Dr.Web MailD to receive messages being scanned from the MTA via the corresponding interface.
2.Parameters that limit the duration and resource intensity of email message scanning (ScanTimeout, HeuristicAnalysis, PackerMaxLevel, ArchiveMaxLevel, MailMaxLevel, ContainerMaxLevel and MaxCompressionRatio). If you do not need detailed configuration, do not change the values of these parameters.
3.Depending on conditions, for more detailed configuration of email filtering rules, edit the default Lua procedure code for their processing.
•General operation parameters of Dr.Web MailD during email message scanning. In the TemplateContacts parameter, specify an address of the UNIX mail server administrator to whom the messages with detected threats will be sent. In the ReportLanguages parameter, specify a language to be used to generate service email messages.
In the RepackPassword parameter, specify a method of password generation for protected archives with threats to be added to email messages when they get repacked. For a more detailed description of these parameters, refer to the corresponding section.
After the settings are adjusted, reload the Dr.Web Mail Security Suite configuration using the command:
# drweb-ctl reload |
You can also restart Dr.Web Mail Security Suite by restarting the Dr.Web ConfigD configuration management daemon using the command:
# service drweb-configd restart |
|
When interacting with the MTA via the Milter interface, the Lua script returns an action to be applied to the message to the MTA. When interacting via the Spamd interface, the Lua script returns the report variable that contains the SPAM or THREAT word. The received result is processed in accordance with MTA settings (for example, in ACL for Exim): either the message is rejected or the sender receives a warning. When interacting via the Rspamd interface, the Lua script returns the action variable that can have one of the following values: ADD_HEADER or REJECT. The result is processed in accordance with the MTA settings (for example, in ACL for Exim): either a header is added to the message before sending it to the recipient, or the message is rejected. |
2.Connecting in SMTP mode
To integrate Dr.Web MailD with your mail server, edit the values of the following parameters in the [MailD] section of the configuration file:
1.SmtpSocket—socket to be used by Dr.Web MailD to receive messages being scanned from the MTA. A UNIX or network socket can be used.
2.SmtpSenderRelay—MTA socket to be used by Dr.Web MailD to send scanned messages. A UNIX or network socket can be used.
3.Additional parameters (timeout, available connection protocols, output to debug log). The parameters have the Smtp prefix. If you do not need detailed configuration, do not change the values of these parameters.
4.Depending on conditions, for more detailed configuration of email filtering rules, edit the default Lua procedure code for their processing.
After the settings are adjusted, reload the Dr.Web Mail Security Suite configuration using the command:
# drweb-ctl reload |
You can also restart Dr.Web Mail Security Suite by restarting the Dr.Web ConfigD configuration management daemon using the command:
# service drweb-configd restart |
1.Connecting via the Milter, Spamd or Rspamd interface
To enable the interaction between the MTA and Dr.Web MailD, edit the mail server configuration:
1.Specify an interface to be used for the interaction of the MTA with Dr.Web MailD when scanning email messages (Milter, Spamd or Rspamd).
2.Set parameters for connecting the MTA to Dr.Web MailD via the selected interface (the socket in use must match with the one specified in the <interface>Socket parameter for the corresponding interface in Dr.Web MailD settings).
3.Specify an action to be applied by the MTA after receiving email message scanning results.
Restart the MTA after changing its settings.
2.Connecting in SMTP mode
To enable the interaction between the Postfix MTA and Dr.Web MailD, edit the mail server configuration:
1.Set client parameters for sending email messages to Dr.Web MailD for scanning.
2.Set MTA parameters for sending scanned messages.
3.Set parameters for connecting the MTA to Dr.Web MailD via a specified socket.
Sample Settings for Specific MTAs
Typical sample settings for Postfix, Sendmail, Exim and CommuniGate Pro MTAs for connecting Dr.Web MailD as an external email filter via the Milter, Spamd or Rspamd interface or in SMTP mode are provided below.
|
In the examples below, replace the <MailD socket>, <MailD IP address> and <MailD port> values with the parameters of the Dr.Web MailD socket specified in the Dr.Web MailD settings in the <interface>Socket parameter, where <interface> is the prefix in the name of the parameter corresponding to the selected MTA interface, or in the SmtpSocket parameter (in SMTP mode). The SMTP mode also requires the <Postfix socket> value to be replaced with the value of the Postfix socket specified in the Dr.Web MailD settings in the SmtpSenderRelay parameter. For example, if Dr.Web MailD is to be integrated with the MTA via the Milter interface using the network socket, both the MTA and Dr.Web MailD operate on the local host, and Dr.Web MailD listens to port 12345 for connecting via Milter, specify this value in the MilterSocket parameter in the [MailD] section of the Dr.Web Mail Security Suite configuration file. In the MTA settings, specify the value 127.0.0.1:12345 in place of the <MailD socket> variable, the address 127.0.0.1—in place of the <MailD IP address> variable, the value 12345—in place of the <MailD port> variable. In settings of some MTAs, the socket address to connect to Dr.Web MailD must be preceded with the <type> prefix specifying the type of the connection in use (inet, inet6 or unix). |
1.Postfix
•Milter:
Add the following lines to the main.cf MTA settings file:
smtpd_milters = <type>:<MailD socket> |
|
Only the smtpd_milters and milter_protocol parameters are obligatory; other parameters can be skipped. |
•In SMTP mode:
▫Add the following lines to the master.cf MTA settings file:
# Client parameters for sending email messages to MailD for scanning # Mail server settings for sending scanned messages |
▫Add the following lines to the main.cf MTA settings file:
content_filter = scan:<MailD socket> |
|
If Dr.Web MailD and Postfix operate on different hosts, replace the values of mynetworks and authorized_xforward_hosts with those of the Dr.Web MailD host. |
2.Sendmail
•Milter:
Add the following line to the sendmail.mc sample settings file:
INPUT_MAIL_FILTER(`drweb-milter', `S=<MailD socket>, F=T') |
After changing the sample file sendmail.mc, convert it into an active configuration file sendmail.cf using any of the commands:
make -C /etc/mail |
|
All the commands listed above assume that Sendmail configuration files are located in the /etc/mail directory. |
3.Exim
•Spamd:
Add the following lines to the exim.conf configuration file:
spamd_address = <MailD socket> deny message = This message scored $spam_score spam points. accept message = This message scored $spam_score spam points. |
•Rspamd:
Add the following lines to the exim.conf configuration file:
spamd_address = <MailD socket> variant=rspamd acl_check_data: # Reject the message with proper description if Rspamd filter tells to do so # Accept the message otherwise |
|
The provided configuration examples assume using Exim 4.6 (or later) compiled with the option WITH_CONTENT_SCAN=yes. |
4.CommuniGate Pro
•Rspamd:
1.Communication with CommunigatePro requires the custom module that is included in the Dr.Web repository and can be installed via a standard package manager.
For Debian, Ubuntu or Mint:
# apt-get install drweb-cgp-plugin |
For Red Hat Enterprise Linux or CentOS:
# yum install drweb-cgp-plugin |
For Fedora:
# dnf install drweb-cgp-plugin |
|
If Dr.Web Mail Security Suite was installed from a universal package, then the drweb-cgp-plugin module is already installed; there is not need to install it individually. |
2.The module is installed in the directory /opt/drweb.com/share/cgp/ on GNU/Linux or /usr/local/libexec/drweb.com/share/cgp/ on FreeBSD. After the installation is complete, go to this directory and make the CgpDrweb_AS_AV.py file executable:
# cd /opt/drweb.com/share/cgp/ |
|
The module must be installed on the same server on which CommuniGate Pro is started. Module operation requires Python 3.6.1 or later. |
3.Make the Helpers section of the CommunigatePro web interface available. Enable the Advanced or Expert view mode (see the settings: Preferences → Interface).
4.Configure CommuniGate Pro in the management web interface:
▫Go to Settings → General → Helpers and connect the module to CommuniGate Pro:
▪In the Content Filtering section, set a new filter and toggle it to Enabled.
▪Specify the filter name (for example, CgpDrweb_AS_AV).
▪In the Program Path parameter, specify a path to the script file (/opt/drweb.com/share/cgp/CgpDrweb_AS_AV.py for GNU/Linux or /usr/local/libexec/drweb.com/share/cgp/CgpDrweb_AS_AV.py for FreeBSD) and the options with which the script will be started (-r—socket address and port, -u or --rspamd-unix-socket—path to the UNIX socket, --debug—enable the debug mode). For detailed information about available options, run the command:
$ ./CgpDrweb_AS_AV.py --help |
▪Save changes.
▫Go to Settings → Mail → Rules.
▪Specify a new rule name (for example, CgpDrweb_AS_AV) and click Add Rule.
▪Select the Highest rule priority and save changes.
▪Click Edit to the right of the rule name.
▪From the Data drop-down list, select Message Size; in the Operation field, select less than, and in the Parameter field, specify 40960000.
▪In the Action field, select ExternalFilter; in Parameter, select the name of the previously created filter (CgpDrweb_AS_AV in this case).
▪Save changes.
▫Add a threat detection response rule, specify its name (for example, Drweb_threats) and click Add Rule.
▪Specify 5 as the rule priority, save changes.
▪Click Edit to the right of the rule. Add the conditions for the rule twice:
·From the Data drop-down list, select Header Field; in the Operation field, select is, and in the Parameter field, specify X-Spam-Action: reject.
·From the Data drop-down list, select Header Field; in the Operation field, select is, and in the Parameter field, specify X-Spam-Symbol-1: threat*.
▪In the Action field, select Reject with; in Parameter, specify a text message (for example, The message contains threat(s)).
▪Save changes.
▫Add a threat detection response rule, specify its name (for example, Drweb_spam) and click Add Rule.
▪Specify 5 as the rule priority, save changes.
▪Click Edit to the right of the rule. Add the conditions for the rule:
·from the Data drop-down list, select Header Field;
·in the Operation field, select is;
·in the Parameter field, select X-Spam-Action: tag.
▪In the Action field, select Tag Subject; in Parameter, specify a header prefix (for example, [SPAM]).
▪Save changes.
5.Copy the content of the file below to a text document and save it as hook.lua.
-- Scanning procedure for messages function rspamd_hook(ctx) -- Scanning the message for threats -- Scanning the message for spam return { |
6.Specify a socket address and a port to receive connections from the MTA:
# drweb-ctl cfset MailD.RspamdHttpSocket <socket address>:<port> |
7.Specify a path to the hook:
# drweb-ctl cfset MailD.RspamdHook <path to hook> |
If you edit the code of the hook, restart Dr.Web ConfigD after making changes:
# service drweb-configd restart |
Dr.Web MailD configuration parameters are described in detail in the corresponding section.