In this section
•Examples of Settings for Some MTA
This method of integration implies the connection of Dr.Web MailD directly to the mail server as an external filter for email messages scanning. Any mail server (for example, Exim, Sendmail, Postfix) that uses the Milter, Spamd, or Rspamd interface is supported. When using the Postfix mail server, the component can also operate in SMTP mode (for more on the principles of SMTP mode operation, see Integration with Dr.Web vxCube).
Configuring Dr.Web MailD Parameters
1. Connection via Milter, Spamd, Rspamd
To integrate Dr.Web MailD with your mail server, edit the values of the following parameters in the [MailD] of the configuration file:
•Integration parameters of Dr.Web MailD with MTA. To start with, it is necessary to determine the interface (Milter, Spamd or Rspamd) and specify the parameters of the MTA connection and parameters of email scanning received via the selected interface. All parameters of Dr.Web MailD that control its integration with MTA via a certain interface have the respective prefixes in their names (Milter*, Spamd* or Rspamd*).
1.<interface>Socket is a UNIX or network socket that will be used by Dr.Web MailD to get scanned email messages from MTA via the corresponding interface.
2.Parameters that limit the length and resource intensity of email message scanning (ScanTimeout, HeuristicAnalysis, PackerMaxLevel, ArchiveMaxLevel, MailMaxLevel, ContainerMaxLevel, MaxCompressionRatio). If you do not need detailed tuning, do not change the values of these parameters.
3.For a more detailed configuration of email filtering rules, edit the default email scanning procedure code in Lua.
•General operation parameters of Dr.Web MailD during email message scanning. In the TemplateContacts parameter, specify the address of the mail server administrator to whom the messages will be sent if threats or spam are detected. In the ReportLanguages parameter, specify the language to be used when generating service reports.
In the RepackPassword parameter value, specify the method of password generation for protected archives with threats to be added to email messages when they get repacked. See a more detailed descriptions of these parameters in the corresponding section.
After all settings are adjusted, restart Dr.Web for UNIX Mail Servers with the following command:
# drweb-ctl reload |
You can also restart the configuration daemon Dr.Web ConfigD with the following command:
# service drweb-configd restart |
|
When interacting with the MTA via Milter the Lua script returns the action to be applied to the message. When interacting via Spamd the Lua script returns the report variable that contains the word SPAM or THREAT. The result will be processed in accordance with the MTA settings (for example, ACL for Exim): the message will be rejected or the sender will receive a warning. When interacting via Rspamd, the Lua script returns returns the action variable that can have one of the following values: ADD_HEADER or REJECT. The result will be processed in accordance with the MTA settings (for example, ACL for Exim): either a header will be added to the result (and then it will be sent to the recipient), or it will be rejected. |
2. Connection in SMTP mode
To integrate Dr.Web MailD with your mail server, edit the values of the following parameters in the [MailD] section of the configuration file:
1.SmtpSocket—UNIX or network socket that will be used by Dr.Web MailD to get email messages to be checked from MTA.
2.SmtpSenderRelay—UNIX or network socket that will be used by Dr.Web MailD to send processed email messages.
3.Additional parameters (time-out, available communication protocols, output to debug log). The parameters have the Smtp prefix . If you do not need detailed tuning, do not change the values of these parameters.
4.For a more detailed configuration of email filtering rules, edit the default email scanning procedure code in Lua.
After all settings are adjusted, restart Dr.Web for UNIX Mail Servers with the following command:
# drweb-ctl reload |
You can also restart the configuration daemon Dr.Web ConfigD with the following command:
# service drweb-configd restart |
1. Connection via Milter, Spamd, Rspamd
To enable the interaction between MTA and Dr.Web MailD, edit the configuration of the mail server:
1.Indicate the interface used for interaction of MTA with Dr.Web MailD when scanning email messages (Milter, Spamd, Rspamd).
2.Indicate parameters for connection of MTA to Dr.Web MailD via the chosen interface (used socket must match with the one indicated in the <interface> Socket parameter for the corresponding interface in the settings of Dr.Web MailD).
3.Specify the actions the MTA will perform after receiving the results of email scanning via the interaction interface.
After changing the settings, restart your MTA.
2. Connection in SMTP mode
To enable the interaction between MTA and Dr.Web MailD, edit the configuration of the mail server:
1.Set the client parameters for sending email messages to Dr.Web MailD.
2.Set the MTA parameters for sending messages checked by Dr.Web MailD.
3.Set the parameters of the MTA connection to Dr.Web MailD via the specified socket.
Examples of Settings for popular MTA
Below are the typical example cases of settings for MTA Postfix, Sendmail, Exim and CommuniGate Pro for connection of Dr.Web MailD as an external filter of email messages via the following interfaces: Milter, Spamd and Rspamd, as well as in SMTP mode.
|
In the examples below, the <MailD socket>, <MailD IP address> and <MailD port> values should be replaced with the parameters of the Dr.Web MailD socket indicated in the Dr.Web MailD settings in the <interface>Socket parameter, where <interface> is the prefix in the name of the parameter corresponding to the selected MTA interface, or in the SmtpSocket parameter (in SMTP mode). SMTP mode also requires the <Postfix socket> value to be replaced with the value of the Postfix socket specified in the Dr.Web MailD settings in the SmtpSocketRelay parameter. For example, if Dr.Web MailD is integrated with MTA via the Milter interface using the network socket, and MTA with Dr.Web MailD both work on a local host, and Dr.Web MailD listens to port 12345 for the connections via Milter, than this value should be specified as the MilterSocket parameter in the [MailD] section of Dr.Web for UNIX Mail Servers configuration file. In the MTA settings, the 127.0.0.1:12345 value should be specified as the <MailD socket> variable, the 127.0.0.1 address as the <MailD IP address> variable, the 12345 value as <MailD port> variable. In some cases, socket address for the connection with Dr.Web MailD should be supplemented with prefix <type> with the type of the used addresses in the MTA settings (inet, inet6, unix). |
1. Postfix
•Milter:
Add the following lines to the MTA setting file main.cf:
smtpd_milters = <type>:<MailD socket> |
|
Only the smtpd_milters and milter_protocol parameters are obligatory. Other parameters can be skipped. |
•In SMTP mode:
▫Add the following lines to the MTA setting file main.cf:
# Client parameters for sending email messages to MailD to be checked scan unix - - n - 10 smtp -o smtp_send_xforward_command=yes -o disable_mime_output_conversion=yes -o smtp_generic_maps=
# MTA parameters for sending messages checked by Dr.Web MailD <Postfix socket> inet n - n - 10 smtpd -o content_filter= -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks,no_milters -o smtpd_helo_restrictions= -o smtpd_client_restrictions= -o smtpd_sender_restrictions= -o smtpd_relay_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks=127.0.0.0/8 -o smtpd_authorized_xforward_hosts=127.0.0.0/8 |
▫Add the following lines to the MTA setting file main.cf:
content_filter = scan:<MailD socket> receive_override_options = no_address_mappings |
|
If Dr.Web MailD and Postfix have different hosts, the values of mynetworks and authorized_xforward_hosts need to be replaced by those of the Dr.Web MailD host. |
2. Sendmail
•Milter:
Add the following line to the MTA prototype setting file sendmail.mc:
INPUT_MAIL_FILTER(`drweb-milter', `S=<MailD socket>, F=T') |
After changing the sample file sendmail.mc, modify it into the active configuration file sendmail.cf by any of the following commands:
make -C /etc/mail |
|
All the commands listed above presume that files of configuration Sendmail are located in the directory /etc/mail. |
3. Exim
•Spamd:
Add the following lines to the MTA configuration file exim.conf:
spamd_address = <MailD socket> deny message = This message scored $spam_score spam points. accept message = This message scored $spam_score spam points. |
•Rspamd:
Add the following lines to the MTA configuration file exim.conf:
spamd_address = <MailD socket> variant=rspamd acl_check_data: # Reject the message with proper description if Rspamd filter tells to do so # Accept the message otherwise |
|
The integration with Dr.Web MailD is available for Exim of version 4.6 (or newer) compiled with the option WITH_CONTENT_SCAN=yes. |
4. CommuniGate Pro
•Rspamd:
1.You need a special module to interact with CommunigatePro. It is included in Dr.Web repository and can be installed via the standard package manager.
For Debian, Ubuntu, Mint:
# apt-get install drweb-cgp-plugin |
For Red Hat Enterprise Linux and CentOS:
# yum install drweb-cgp-plugin |
For Fedora:
# dnf install drweb-cgp-plugin |
2.The module will be installed in /opt/drweb.com/share/cgp/. Go to this directory and make the file CgpDrweb_AS_AV.py executable:
# cd /opt/drweb.com/share/cgp/ |
3.Configure CommuniGate Pro using the web interface:
▫Go to Settings → General → Helpers. Connect the module to CommuniGate Pro:
▪in the Content Filtering section, set the new filter and toggle it to Enabled,
▪specify the filter name (for example, CgpDrweb_AS_AV);
▪in the Program Path parameter, specify the path to the script file (for GNU/Linux, /opt/drweb.com/share/cgp/CgpDrweb_AS_AV.py) and the options the script will be launched with (-r—the address and the port of the socket, -u or --rspamd-unix-socket—path to UNIX socket, --debug—launch in debug mode).
Activate the Expert or Advanced view mode so that the Helpers be available (Preferences→Interface in CommunigatePro settings).
To see the list of all possible options, perform the command:
# ./CgpDrweb_AS_AV.py --help |
▪Save changes.
▫Go to Settings → Mail → Rules.
▪Specify the new rule name (for example, CgpDrweb_AS_AV) and click Add Rule.
▪Select the Highest rule preference, save changes.
▪Click Edit on the right-hand side from the rule name.
▪In the Data drop-down menu, select Message Size; in the Operation field, select less than, and in the Parameter field, specify 40960000.
▪In the Action field, select ExternalFilter; in Parameter, select the name of the previously created filter (CgpDrweb_AS_AV in this case).
▪Save changes.
▫Add a threat detection response rule, specify its name (for example, Drweb_threats), and click Add Rule.
▪Specify the rule priority 5, save changes.
▪Click Edit on the right-hand side from the rule. Add the conditions for the rule twice:
·In the Data drop-down list, select Header Field, in the Operation field, select is, and in the Parameter field, specify X-Spam-Action: reject.
·In the Data drop-down list, select Header Field, in the Operation field, select is, and in the Parameter field, specify X-Spam-Symbol-1: threat*.
In the Action field, select Reject with; in Parameter, specify text (for example, The message contains threat(s)).
Save changes.
▫Add a threat detection response rule, specify its name (for example, Drweb_spam), and click Add Rule.
▪Specify the rule priority 5, save changes.
▪Click Edit on the right-hand side from the rule. Add the conditions for the rule:
·select Header Field in the drop-down menu Data;
·in the field Operation, select is,
·and in the field Parameter, select X-Spam-Action: tag.
▪In the field Action, select Tag Subject, and specify a header prefix (for example, [SPAM]) in Parameter.
▪Save changes.
4.Copy the content of the file below and save it as hook.lua:
--Message scanning procedure, function rspamd_hook(ctx) --Message scanning to detect threats --Message scanning to detect spam return { |
5.Perform the following commands:
# drweb-ctl cfset MailD.RspamdHttpSocket <socket address>:<port> |
If you edit the code of the hook you should restart Dr.Web ConfigD after making changes:
# service drweb-configd restart |