Integration with an MTA as a filter |
•Sample Settings for Specific MTAs This method of integration implies connecting Dr.Web MailD directly to a mail server as an external filter for scanning email messages. Any mail server (such as Exim, Sendmail, Postfix and so on) that uses the Milter, Spamd or Rspamd interface is supported. When using the Postfix mail server, the component can also operate in SMTP mode (for more on operation principles in SMTP mode, refer to Integration with Dr.Web vxCube). 1.Connecting via the Milter, Spamd or Rspamd interface To integrate Dr.Web MailD with your mail server, edit the values of the following parameters in the [MailD] section of the configuration file: •Select an interface for the integration (Milter, Spamd or Rspamd) and specify MTA connection parameters and parameters for scanning email messages received via this interface. All Dr.Web MailD parameters for the integration via a specific interface have respective prefixes in their names (Milter*, Spamd* or Rspamd*). 1.<interface>Socket—UNIX socket or a network socket to be used by Dr.Web MailD to receive messages being scanned from the MTA via the corresponding interface. 2.Parameters that limit the duration and resource intensity of email message scanning (ScanTimeout, HeuristicAnalysis, PackerMaxLevel, ArchiveMaxLevel, MailMaxLevel, ContainerMaxLevel and MaxCompressionRatio). If you do not need detailed configuration, do not change the values of these parameters. 3.Depending on conditions, for more detailed configuration of email filtering rules, edit the default Lua procedure code for their processing. • In the TemplateContacts parameter, specify an address of the UNIX mail server administrator to whom the messages with detected threats will be sent. In the ReportLanguages parameter, specify a language to be used to generate service email messages. In the RepackPassword parameter, specify a method of password generation for protected archives with threats to be added to email messages when they get repacked. For a more detailed description of these parameters, refer to the corresponding section. After the settings are adjusted, reload the Dr.Web Mail Security Suite configuration using the command:
You can also restart Dr.Web Mail Security Suite by restarting the Dr.Web ConfigD configuration management daemon using the command:
2.Connecting in SMTP mode To integrate Dr.Web MailD with your mail server, edit the values of the following parameters in the [MailD] section of the configuration file: 1.SmtpSocket—socket to be used by Dr.Web MailD to receive messages being scanned from the MTA. A UNIX or network socket can be used. 2.SmtpSenderRelay—MTA socket to be used by Dr.Web MailD to send scanned messages. A UNIX or network socket can be used. 3.Additional parameters (timeout, available connection protocols, output to debug log). The parameters have the Smtp prefix. If you do not need detailed configuration, do not change the values of these parameters. 4.Depending on conditions, for more detailed configuration of email filtering rules, edit the default Lua procedure code for their processing. After the settings are adjusted, reload the Dr.Web Mail Security Suite configuration using the command:
You can also restart Dr.Web Mail Security Suite by restarting the Dr.Web ConfigD configuration management daemon using the command:
1.Connecting via the Milter, Spamd or Rspamd interface To enable the interaction between the MTA and Dr.Web MailD, edit the mail server configuration: 1.Specify an interface to be used for the interaction of the MTA with Dr.Web MailD when scanning email messages (Milter, Spamd or Rspamd). 2.Set parameters for connecting the MTA to Dr.Web MailD via the selected interface (the socket in use must match with the one specified in the <interface>Socket parameter for the corresponding interface in Dr.Web MailD settings). 3.Specify an action to be applied by the MTA after receiving email message scanning results. Restart the MTA after changing its settings. 2.Connecting in SMTP mode To enable the interaction between the Postfix MTA and Dr.Web MailD, edit the mail server configuration: 1.Set client parameters for sending email messages to Dr.Web MailD for scanning. 2.Set MTA parameters for sending scanned messages. 3.Set parameters for connecting the MTA to Dr.Web MailD via a specified socket. Sample Settings for Specific MTAs Typical sample settings for Postfix, Sendmail, Exim and CommuniGate Pro MTAs for connecting Dr.Web MailD as an external email filter via the Milter, Spamd or Rspamd interface or in SMTP mode are provided below.
1.Postfix •Milter: Add the following lines to the main.cf MTA settings file:
•In SMTP mode: ▫Add the following lines to the master.cf MTA settings file:
▫Add the following lines to the main.cf MTA settings file:
2.Sendmail •Milter: Add the following line to the sendmail.mc sample settings file:
After changing the sample file sendmail.mc, convert it into an active configuration file sendmail.cf using any of the commands:
3.Exim •Spamd: Add the following lines to the exim.conf configuration file:
•Rspamd: Add the following lines to the exim.conf configuration file:
4.CommuniGate Pro •Rspamd: 1.Communication with CommunigatePro requires the custom module that is included in the Dr.Web repository and can be installed via a standard package manager. For Debian, Ubuntu or Mint:
For Red Hat Enterprise Linux or CentOS:
For Fedora:
2.The module is installed in the directory /opt/drweb.com/share/cgp/ on GNU/Linux or /usr/local/libexec/drweb.com/share/cgp/ on FreeBSD. After the installation is complete, go to this directory and make the CgpDrweb_AS_AV.py file executable:
3.Make the section of the CommunigatePro web interface available. Enable the or view mode (see the settings: → ). 4.Configure CommuniGate Pro in the management web interface: ▫Go to → → and connect the module to CommuniGate Pro: ▪In the section, set a new filter and toggle it to . ▪Specify the filter name (for example, CgpDrweb_AS_AV). ▪In the parameter, specify a path to the script file (/opt/drweb.com/share/cgp/CgpDrweb_AS_AV.py for GNU/Linux or /usr/local/libexec/drweb.com/share/cgp/CgpDrweb_AS_AV.py for FreeBSD) and the options with which the script will be started (-r—socket address and port, -u or --rspamd-unix-socket—path to the UNIX socket, --debug—enable the debug mode). For detailed information about available options, run the command:
▪Save changes. ▫Go to → → . ▪Specify a new rule name (for example, CgpDrweb_AS_AV) and click . ▪Select the rule priority and save changes. ▪Click to the right of the rule name. ▪From the drop-down list, select ; in the field, select , and in the field, specify 40960000. ▪In the field, select ; in , select the name of the previously created filter ( in this case). ▪Save changes. ▫Add a threat detection response rule, specify its name (for example, Drweb_threats) and click . ▪Specify 5 as the rule priority, save changes. ▪Click to the right of the rule. Add the conditions for the rule twice: ·From the drop-down list, select ; in the field, select , and in the field, specify X-Spam-Action: reject. ·From the drop-down list, select ; in the field, select , and in the field, specify X-Spam-Symbol-1: threat*. ▪In the field, select ; in , specify a text message (for example, The message contains threat(s)). ▪Save changes. ▫Add a threat detection response rule, specify its name (for example, Drweb_spam) and click . ▪Specify 5 as the rule priority, save changes. ▪Click to the right of the rule. Add the conditions for the rule: ·from the drop-down list, select ; ·in the field, select ; ·in the field, select X-Spam-Action: tag. ▪In the field, select ; in , specify a header prefix (for example, [SPAM]). ▪Save changes. 5.Copy the content of the file below to a text document and save it as hook.lua.
6.Specify a socket address and a port to receive connections from the MTA:
7.Specify a path to the hook:
If you edit the code of the hook, restart Dr.Web ConfigD after making changes:
Dr.Web MailD configuration parameters are described in detail in the corresponding section. |