Integration with MTA as a Filter |
In this section •Examples of Settings for Some MTA This method of integration implies the connection of Dr.Web MailD directly to the mail server as an external filter for email messages scanning. Any mail server (for example, Exim, Sendmail, Postfix) that uses the Milter, Spamd, or Rspamd interface is supported. When using the Postfix mail server, the component can also operate in SMTP mode (for more on the principles of SMTP mode operation, see Integration with Dr.Web vxCube). Configuring Dr.Web MailD Parameters 1. Connection via Milter, Spamd, Rspamd To integrate Dr.Web MailD with your mail server, edit the values of the following parameters in the [MailD] of the configuration file: •Integration parameters of Dr.Web MailD with MTA. To start with, it is necessary to determine the interface (Milter, Spamd or Rspamd) and specify the parameters of the MTA connection and parameters of email scanning received via the selected interface. All parameters of Dr.Web MailD that control its integration with MTA via a certain interface have the respective prefixes in their names (Milter*, Spamd* or Rspamd*). 1.<interface>Socket is a UNIX or network socket that will be used by Dr.Web MailD to get scanned email messages from MTA via the corresponding interface. 2.Parameters that limit the length and resource intensity of email message scanning (ScanTimeout, HeuristicAnalysis, PackerMaxLevel, ArchiveMaxLevel, MailMaxLevel, ContainerMaxLevel, MaxCompressionRatio). If you do not need detailed tuning, do not change the values of these parameters. 3.For a more detailed configuration of email filtering rules, edit the default email scanning procedure code in Lua. •General operation parameters of Dr.Web MailD during email message scanning. In the TemplateContacts parameter, specify the address of the mail server administrator to whom the messages will be sent if threats or spam are detected. In the ReportLanguages parameter, specify the language to be used when generating service reports. After all settings are adjusted, restart Dr.Web for UNIX Mail Servers with the following command:
You can also restart the configuration daemon Dr.Web ConfigD with the following command:
2. Connection in SMTP mode To integrate Dr.Web MailD with your mail server, edit the values of the following parameters in the [MailD] section of the configuration file: 1.SmtpSocket—UNIX or network socket that will be used by Dr.Web MailD to get email messages to be checked from MTA. 2.SmtpSenderRelay—UNIX or network socket that will be used by Dr.Web MailD to send processed email messages. 3.Additional parameters (time-out, available communication protocols, output to debug log). The parameters have the Smtp prefix . If you do not need detailed tuning, do not change the values of these parameters. 4.For a more detailed configuration of email filtering rules, edit the default email scanning procedure code in Lua. After all settings are adjusted, restart Dr.Web for UNIX Mail Servers with the following command:
You can also restart the configuration daemon Dr.Web ConfigD with the following command:
1. Connection via Milter, Spamd, Rspamd To enable the interaction between MTA and Dr.Web MailD, edit the configuration of the mail server: 1.Indicate the interface used for interaction of MTA with Dr.Web MailD when scanning email messages (Milter, Spamd, Rspamd). 2.Indicate parameters for connection of MTA to Dr.Web MailD via the chosen interface (used socket must match with the one indicated in the <interface> Socket parameter for the corresponding interface in the settings of Dr.Web MailD). 3.Specify the actions the MTA will perform after receiving the results of email scanning via the interaction interface. After changing the settings, restart your MTA. 2. Connection in SMTP mode To enable the interaction between MTA and Dr.Web MailD, edit the configuration of the mail server: 1.Set the client parameters for sending email messages to Dr.Web MailD. 2.Set the MTA parameters for sending messages checked by Dr.Web MailD. 3.Set the parameters of the MTA connection to Dr.Web MailD via the specified socket. Examples of Settings for popular MTA Below are the typical example cases of settings for MTA Postfix, Sendmail, Exim and CommuniGate Pro for connection of Dr.Web MailD as an external filter of email messages via the following interfaces: Milter, Spamd and Rspamd, as well as in SMTP mode.
1. Postfix •Milter: Add the following lines to the MTA setting file main.cf:
In SMTP mode: ▫Add the following lines to the MTA setting file main.cf:
▫Add the following lines to the MTA setting file main.cf:
2. Sendmail •Milter: Add the following line to the MTA prototype setting file sendmail.mc:
After changing the sample file sendmail.mc, modify it into the active configuration file sendmail.cf by any of the following commands:
3. Exim •Spamd: Add the following lines to the MTA configuration file exim.conf:
•Rspamd: Add the following lines to the MTA configuration file exim.conf:
4. CommuniGate Pro •Rspamd: 1.You need a special module to interact with CommunigatePro. It is included in Dr.Web repository and can be installed via the standard package manager. For Debian, Ubuntu, Mint:
For Red Hat Enterprise Linux and CentOS:
For Fedora:
2.The module will be installed in /opt/drweb.com/share/cgp/. Go to this directory and make the file CgpDrweb_AS_AV.py executable:
3.Configure CommuniGate Pro using the web interface: ▫Go to Settings → General → Helpers. Connect the module to CommuniGate Pro: ▪in the Content Filtering section, set the new filter and toggle it to Enabled, ▪specify the filter name (for example, CgpDrweb_AS_AV); ▪in the Program Path parameter, specify the path to the script file (for GNU/Linux, /opt/drweb.com/share/cgp/CgpDrweb_AS_AV.py) and the options the script will be launched with (-r—the address and the port of the socket, -u or --rspamd-unix-socket—path to UNIX socket, --debug—launch in debug mode). Activate the Expert or Advanced view mode so that the Helpers be available (Preferences→Interface in CommunigatePro settings).
▪Save changes. ▫Go to Settings → Mail → Rules. ▪Specify the new rule name (for example, CgpDrweb_AS_AV) and click Add Rule. ▪Select the Highest rule preference, save changes. ▪Click Edit on the right-hand side from the rule name. ▪In the Data drop-down menu, select Message Size; in the Operation field, select less than, and in the Parameter field, specify 40960000. ▪In the Action field, select ExternalFilter; in Parameter, select the name of the previously created filter (CgpDrweb_AS_AV in this case). ▪Save changes. ▫Add a threat detection response rule, specify its name (for example, Drweb_threats), and click Add Rule. ▪Specify the rule priority 5, save changes. ▪Click Edit on the right-hand side from the rule. Add the conditions for the rule twice: ·In the Data drop-down list, select Header Field, in the Operation field, select is, and in the Parameter field, specify X-Spam-Action: reject. ·In the Data drop-down list, select Header Field, in the Operation field, select is, and in the Parameter field, specify X-Spam-Symbol-1: threat*. In the Action field, select Reject with; in Parameter, specify text (for example, The message contains threat(s)). Save changes. ▫Add a threat detection response rule, specify its name (for example, Drweb_spam), and click Add Rule. ▪Specify the rule priority 5, save changes. ▪Click Edit on the right-hand side from the rule. Add the conditions for the rule: ·select Header Field in the drop-down menu Data; ·in the field Operation, select is, ·and in the field Parameter, select X-Spam-Action: tag. ▪In the field Action, select Tag Subject, and specify a header prefix (for example, [SPAM]) in Parameter. ▪Save changes. 4.Copy the content of the file below and save it as hook.lua:
5.Perform the following commands:
If you edit the code of the hook you should restart Dr.Web ConfigD after making changes:
|