How it Works
Kaspersky
Loading...
A
E
I
K
L
M
P
S
Loading...
Loading...
MAIL GATEWAY 5.5
User Manual
154 pgs757.46 Kb0

Kaspersky MAIL GATEWAY 5.5 User Manual

KASPERSKY LAB
Kaspersky® Mail Gateway 5.5
ADMINISTRATOR’S GUIDE
KASPERSKY® MAIL GATEWAY 5.5
Administrator’s Guide
© Kaspersky Lab
http://www.kaspersky.com
Revision date: June, 2006
Contents
CHAPTER 1. KASPERSKY® MAIL GATEWAY 5.5....................................................... 7
1.1. What’s new in Kaspersky Mail Gateway 5.5........................................................ 8
1.2. Licensing policy ..................................................................................................... 9
1.3. Hardware and software requirements .................................................................. 9
1.4. Distribution kit ...................................................................................................... 10
1.5. Help desk for registered users ............................................................................ 11
1.6. Conventions......................................................................................................... 11
CHAPTER 2. APPLICATION STRUCTURE AND TYPICAL DEPLOYMENT
SCENARIOS .............................................................................................................. 13
2.1. Application architecture ....................................................................................... 13
2.2. The algorithm of application functioning ............................................................. 15
2.3. Typical deployment scenarios............................................................................. 17
2.3.1. Installing the application along corporate network perimeter ...................... 17
2.3.2. Installing the application inside your mail system........................................ 19
CHAPTER 3. INSTALLING THE APPLICATION......................................................... 21
3.1. Installing the application on a server running Linux ........................................... 21
3.2. Installing the application on a server running FreeBSD..................................... 22
3.3. Installation procedure .......................................................................................... 23
3.4. Configuring the application.................................................................................. 24
3.5. Installing the Webmin module to manage Kaspersky Mail Gateway ................ 26
CHAPTER 4. THE PRINCIPLES OF PROGRAM OPERATION................................ 29
4.1. Creating groups of recipients/senders................................................................ 29
4.2. General message processing algorithm............................................................. 32
4.3. Operation of the Spamtest filter .......................................................................... 35
4.3.1. Message header analysis ............................................................................ 36
4.3.2. Analysis of message content ....................................................................... 36
4.3.3. Spamtest filter actions .................................................................................. 37
4.4. Operation of the AV module................................................................................ 38
CHAPTER 5. ANTI-VIRUS PROTECTION AND SPAM FILTRATION....................... 40
4 Kaspersky
®
Mail Gateway 5.5
5.1. Updating the anti-virus and content filtration databases .................................... 40
5.1.1. Automatic updating of the anti-virus and content filtration databases ........ 42
5.1.2. Manual updating of the anti-virus and content filtration databases............. 43
5.1.3. Creating a shared directory for storing and sharing database updates...... 44
5.2. Spam filtration...................................................................................................... 44
5.2.1. Marking of messages containing spam ....................................................... 45
5.2.2. Blocking delivery of spam messages........................................................... 46
5.2.3. Storage of spam message copies in the quarantine directory.................... 46
5.3. Anti-virus protection of email traffic ..................................................................... 47
5.3.1. Delivery of messages with clean or disinfected objects only ...................... 48
5.3.2. Replacement of infected objects with standard notifications....................... 49
5.3.3. Blocking delivery for messages containing suspicious objects................... 49
5.3.4. Delivery of notifications to the sender, administrator and recipients........... 50
5.3.5. Additional filtering of objects by name and type .......................................... 51
5.3.6. Saving messages in the quarantine directory.............................................. 52
5.4. Combining spam filtration and anti-virus protection ...........................................54
5.4.1. Maximum speed ........................................................................................... 54
5.4.2. Recommended mode................................................................................... 55
5.4.3. Maximum protection ..................................................................................... 56
5.5. Additional features of Kaspersky Mail Gateway................................................. 58
5.5.1. Automatically add incoming and outgoing mail to archives ........................ 58
5.5.2. Protection from hacker attacks and spam ................................................... 59
5.6. Managing license keys........................................................................................ 60
5.6.1. Viewing information about license keys....................................................... 60
5.6.2. Renewing your license .................................................................................62
5.6.3. Removing a license key ............................................................................... 63
CHAPTER 6. ADVANCED APPLICATION SETTINGS .............................................. 64
6.1. Configuring anti-virus protection of mail traffic.................................................... 64
6.1.1. Using the iChecker™ technology................................................................. 64
6.1.2. Setting up application timeouts .................................................................... 65
6.1.3. Setting performance restrictions .................................................................. 66
6.2. Setting up connection receiving interfaces ......................................................... 67
6.3. Setting up the routing table ................................................................................. 68
6.4. Checking the configuration file syntax ................................................................ 69
6.5. Syntax check in notification templates................................................................ 70
6.6. Work with email archive and the quarantine directory ....................................... 70
Contents 5
6.7. Management of application working queue........................................................ 73
6.8. Managing the application .................................................................................... 75
6.9. Control of application activity............................................................................... 77
6.10. Customizing date and time formats .................................................................. 77
6.11. Reporting options .............................................................................................. 78
6.12. Additional informational header fields in messages......................................... 80
CHAPTER 7. TESTING APPLICATION OPERABILITY ............................................. 81
7.1. Testing the application using Telnet ................................................................... 81
7.2. Testing the Spamtest filter................................................................................... 83
7.3. Testing the application using EICAR ..................................................................84
CHAPTER 8. UNINSTALLING THE APPLICATION ................................................... 86
CHAPTER 9. FREQUENTLY ASKED QUESTIONS................................................... 88
APPENDIX A. SUPPLEMENTARY INFORMATION ABOUT THE PRODUCT......... 95
A.1. Distribution of the application files in directories................................................. 95
A.2. Kaspersky Mail Gateway configuration file ........................................................ 99
A.3. Use of external configuration files..................................................................... 116
A.4. Control signals for the smtpgw component...................................................... 117
A.5. Control files........................................................................................................ 118
A.6. Application statistics.......................................................................................... 118
A.7. Command line options for the smtpgw component ......................................... 124
A.8. Smtpgw return codes........................................................................................ 125
A.9. Command line options for licensemanager ..................................................... 126
A.10. Licensemanager return codes........................................................................ 127
A.11. Keepup2date command line options ............................................................. 128
A.12. Keepup2date return codes ............................................................................. 129
A.13. Format of messages about template syntax check-up.................................. 129
A.14. Return codes for the kltlv utility....................................................................... 131
A.15. Command line options of the klmailq utility.................................................... 132
A.16. Command line options for the klmaila utility................................................... 133
A.17. Return codes for the klmaila and klmailq utilities ........................................... 134
A.18. Special headers added by the Spamtest filter ............................................... 134
A.19. Format of messages about anti-virus scanning and spam filtration.............. 136
A.20. Notifications about actions applied to the message ...................................... 137
6 Kaspersky
®
Mail Gateway 5.5
APPENDIX B. KASPERSKY LAB............................................................................... 140
B.1. Other Kaspersky Lab Products ........................................................................ 141
B.2. Contact Us......................................................................................................... 148
APPENDIX C. LICENSE AGREEMENT .................................................................... 150
CHAPTER 1. KASPERSKY® MAIL
GATEWAY 5.5

Kaspersky® Mail Gateway 5.5 is designed to filter SMTP mail traffic protecting mail system users from viruses and unwanted messages (spam). The application is a full-featured mail relay (compliant with IETF RFC internet standards) that runs under Linux and FreeBSD operating systems.

The application allows the user to:
Check email messages for presence of spam signs, including attached objects and message bodies.
Use the technology of DNS black lists (RBL) to filter spam.
Create white lists and black lists of senders/recipients for use by the
application while processing email traffic.
Scan email messages for viruses, including attached objects and message bodies.
Detect infected, suspicious, corrupted, and password-protected attachments and message bodies.
Perform anti-virus processing (including disinfection) of infected objects revealed in email messages by scanning.
Provide additional email traffic filtering by names and MIME types of attachments and apply certain processing rules to the filtered objects.
Maintain archives of all email messages sent and/or received by the application, if this is required by the internal security policy of the company.
Enable restrictions for SMTP connections providing protection against hacking attacks and preventing application use as an open mail relay for unsolicited email messages.
Limit the load on your server by configuring the application settings and SMTP parameters.
Notify senders, recipients, and the administrator about messages containing infected, suspicious, or corrupted objects.
Quarantine messages identified as spam or probable spam as well as messages containing infected, suspicious or corrupted objects.
Update the anti-virus and content filtration databases. The application retrieves updates from the update servers of Kaspersky Lab. You can also set the application up to update the databases from a local directory.
8 Kaspersky
The application detects and cures infected objects using the anti-virus database. During scans, the contents of each file are compared to the sample code of known viruses contained in the database.
Please keep in mind that new viruses appear every day and therefore we recommend maintaining the anti-virus databases in an up-to-date state. New updates are made available on Kaspersky Lab update servers every hour.
The content filtration databases are employed for analysis of message contents (including Subject and other headers) and attached files. The application uses to that effect linguistic algorithms based on comparison with sample messages and search for typical terms (words and word combinations).
The linguistic laboratory continues to work on improving and supplementing the corpus of data used for spam detection. Efficient spam fighting requires regular updating of the content filtration databases. Updates for the databases are made available on Kaspersky Lab update servers every 20 minutes.
The keepup2date component serves for updating of the anti-virus and content filtration databases (see section 5.1 on p. 40).
Configure and manage Kaspersky Mail Gateway either from a remote location using Webmin web-based interface, or locally, using standard OS tools such as command line options, signals, by creating special command files or by modifying the configuration file of the application.
Monitor the antivirus protection, and spam filtering status, view the application statistics and logs both locally and remotely using Webmin interface.
®
Mail Gateway 5.5
1.1. What’s new in Kaspersky Mail Gateway 5.5
Kaspersky Mail Gateway has been enhanced with the following additional features as compared with Kaspersky SMTP-Gateway 5.5:
Checking email traffic for spam presence using the content filtration databases with an opportunity to specify the degree of filtering intensity.
Marking of messages identified as spam or probable spam using special headers including an opportunity to use different methods with various groups of senders/recipients.
9
Storage of messages identified as spam or probable spam in the quarantine directory.
Blocking of delivery to recipients for messages identified as spam or probable spam.
1.2. Licensing policy
The licensing policy for Kaspersky Mail Gateway includes a system of product use limitations based on the following criteria:
Number of users protected by the application
Email traffic processed daily (MB/day).
Each type of licensing is also limited by a certain period (typically one year or two years after the date of purchase).
You can purchase a license limited by one of the above criteria (for example, by the daily mail traffic volume).
In addition, you can define during product purchase whether your Kaspersky Mail Gateway will only perform anti-virus scanning of email traffic or it will also filter spam.
The application has slightly different configuration parameters, depending on the type of license you have purchased. Thus, if the license is issued for a certain number of users, you will have to create a list of addresses (domains) that will be protected by the application against viruses and spam The application will notify the administrator when the traffic volume reaches critical values or the number of protected accounts is exceeded.
1.3. Hardware and software requirements
Minimum system requirements for normal operation of Kaspersky Mail Gateway are as follows:
Intel Pentium
At least 256 МB of available RAM
At least 100 MB of available space on your hard drive to install the
application.
®
processor (Pentium III or Pentium IV recommended).
Please note that the application working queue, quarantine directory, and archives of incoming and outgoing email are not included in the hard disk space required. If your network
10 Kaspersky
security policy requires the use of the above features, additional disk space will be needed.
at least 500 MB of available space in the /tmp file system.
One of the following operating systems:
Red Hat Enterprise Linux Advanced Server 4.
Red Hat Linux 9.0.
Fedora Core 4.
SuSE Linux Enterprise Server 9.0 (SP3).
SuSE Linux Professional 10.0.
Debian GNU/Linux 3.1r1.
Mandriva 2006.
FreeBSD 4.11, 5.4, 6.0.
Perl interpreter, version 5.0 or higher (www.perl.org
) and the which utility
to install the application.
Webmin version 1.070 or higher (www.webmin.com
) to install the remote
administration module (optional.
1.4. Distribution kit
®
Mail Gateway 5.5
You can purchase the product either from our dealers (retail box) or at one of our online stores (for example, www.kaspersky.com
– follow the E-store link).
The retail box contains:
sealed envelope containing the installation CD with the product
a copy of this Administrator’s Guide
license key file bundled with the distribution package or recorded to a
special floppy disk
License Agreement.
Before you unseal the envelope containing the CD, make sure you have carefully read the License Agreement .
If you purchase our application online, you will download it from Kaspersky Lab's website; the copy also contains this manual. Your license key is either included in the installation package or will be sent to you by email after payment.
11
The License Agreement constitutes a legal agreement between you and Kaspersky Lab containing the terms and conditions under which you may use the purchased software.
Please review the License Agreement carefully!
If you do not agree to the terms of the License Agreement, you may return the box containing Kaspersky Mail Gateway to your dealer where you have purchased it for a full refund provided that the envelope with the installation CD has not been unsealed.
By opening the sealed envelope containing the installation CD, or by installing the application, you confirm that you have accepted all the terms and conditions of the License Agreement.
1.5. Help desk for registered users
Kaspersky Lab offers an extensive service package enabling registered customers to boost the productivity of Kaspersky Mail Gateway.
If you purchase a subscription you will be provided with the following services for the period of your subscription:
new versions of this software product provided free of charge
phone or email support on matters related to the installation,
configuration, and operation of the product you have purchased
notifications about new software products from Kaspersky Lab, and about
new virus outbreaks. This service is provided to users who have subscribed to the Kaspersky Lab email newsletter service.
Kaspersky Lab does not give advice on the performance and use of your operating system or other technologies.
1.6. Conventions
Various formatting conventions are used throughout the text of this document depending on the purpose of a particular element. Table 1 below lists the formatting conventions used.
12 Kaspersky
Table 1. Conventions
Style Meaning
®
Mail Gateway 5.5
Bold type
Note.
Attention!
In order to perform the action,
1. Step 1.
2. …
Task, example
Solution
[key] – key purpose.
Text of information messages and the command line
Menu titles, menu items, window titles, parts of dialog boxes, etc.
Additional information, notes.
Information requiring special attention.
Procedure description for user's steps and possible actions.
Statement of a problem, example for using the software features.
Solution to a defined problem.
Command line keys.
Text of configuration files, information messages and the command line.
CHAPTER 2. APPLICATION
STRUCTURE AND TYPICAL DEPLOYMENT SCENARIOS
Correct application setup and its efficient operation require knowledge of its structure and internal algorithms. It is also important for application deployment within an existing corporate email system. This chapter contains a detailed discussion of the application’s structure, architecture and operating principles as well as typical scenarios of its deployment.
2.1. Application architecture
The review of the application functionality must be preceded by a description of its internal architecture.
Kaspersky Mail Gateway is a full-featured Mail Transfer Agent (MTA) able to receive and route email traffic scanning email messages for viruses and filtering spam.
Kaspersky Mail Gateway uses SMTP protocol commands (RFC 2821), Internet message format (RFC 2822), MIME format (RFC 2045-2049, 2231, 2646), and satisfies the requirements to mail relays (RFC 1123). In compliance with anti­spam recommendations (RFC 2505 standard), the application employs access control rules for SMTP clients to prevent the use of this application as an open relay. In addition, Kaspersky Mail Gateway supports the following SMTP protocol extensions:
Pipelining – enhances performance of servers supporting this mode of
operation (RFC 2920).
8-bit MIME Transport – processes national language characters code
tables (RFC 1652).
Enhanced Error Codes – provides more informative explanations of
protocol errors (RFC 2034).
DSN (Delivery Status Notifications) – decreases bandwidth usage and
provides more reliable diagnostics (RFC 1891, 3461-3464).
SMTP Message Size – Decreases the load and increases transfer rate
(RFC 1870).
14 Kaspersky
®
Mail Gateway 5.5
RFC documents mentioned above are available at: http://www.ietf.org.
The application includes the following components:
smtpgw – the main component – a full-featured mail relay with built-in
anti-virus protection and spam filtering.
licensemanager – component for managing license keys (installation,
removal, viewing statistics).
keepup2date – component that updates the anti-virus and content
filtration databases by downloading the updates from the Kaspersky Lab’s update servers or a local directory.
Webmin module for remote administration of the application using a
web-based interface (optional installation). This component allows the user to configure and manage the anti-virus and content filtration databases updates, specify actions to be performed on the objects depending on their status and monitor the results of the application’s operation.
The smtpgw component (see Fig.1), in its turn, consists of the following modules:
Receiver (incoming mail receiver).
Sender (module for sending scanned messages, which have passed anti-
virus scanning and spam filtering).
Spamtest filter (module filtering spam messages).
AV module (the anti-virus engine).
Scanning module, which acts in combination with the Spamtest filter and
AV module to process messages, including anti-virus scanning and spam filtering of mail traffic.
Figure 1. General architecture of Kaspersky Mail Gateway
Application structure and typical deployment scenarios 15
2.2. The algorithm of application functioning
The application works as follows (see Fig. 2):
1. The mail agent receives email messages via the SMTP protocol and passes them to the Receiver module.
Figure 2. Working queue of Kaspersky Mail Gateway
2. The Receiver module performs preliminary email processing using the following criteria:
presence of the sender’s IP address in the list of blocked and/or trusted addresses including masks;
compliance with the access restrictions specified for SMTP connections (see section 5.5.2 on p. 59);
compliance of the email message size (as well as the mail session in general and the total number of messages within the session) with the limits specified in the application settings;
compliance of the number of open sessions (both from all IP addresses and a single IP address) with the limits specified in the application settings.
If the message satisfies the preliminary processing requirements, it is sent to the working queue to be processed by the scanning module.
If all incoming mail should be archived, a copy of any message added to the working queue will be automatically preserved in the archive of received messages.
3. The scanning module receives a message from the working queue and transfers it to the Spamtest filter for inspection. The filter assigns to it a
16 Kaspersky
®
Mail Gateway 5.5
specific status and returns the message to the scanning module, which then breaks it into individual components and passes them to the AV module for analysis.
If you have only purchased a license for anti-virus scanning of email traffic, spam filtering will not be performed. Messages will be immediately delivered to the AV module for analysis. The application will ignore then configuration parameters, which apply to the Spamtest filter.
4. The AV module scans the objects and, if this option is enabled, disinfects them, when necessary.
5. The scanning module handles messages according to the status (see section 4.2 on p. 32) assigned to each object or message during analysis by the Spamtest filter and the AV module (blocks message delivery, deletes infected objects, modifies message headers, adds messages to the quarantine directory, etc.). The actions to be applied are defined in the application configuration file. Each processed message is then added to the ready-to-send message queue.
6. If saving in the quarantine is specified as the action to be performed on a message, a copy of the scanned message will be saved in the quarantine directory concurrently with its transfer to the ready-to-send queue. The application creates a separate quarantine directory for messages identified as spam or probable spam and messages containing infected, suspicious or corrupted objects.
Creation of message copy in backup storage or quarantine directory does not block delivery of the original message to the recipient. An additional action blocking its delivery has to be specified, if you want to prevent message delivery to the recipient.
7. The Sender module receives each message from the ready-to-send queue and transfers it via the SMTP protocol to the onward mail agent to be delivered to local end users or rerouted to other mail servers.
8. If your network security policy requires logging of all outgoing email traffic, a copy of each message will be automatically saved after its delivery to the archive of sent messages (see Fig. 3).
Application structure and typical deployment scenarios 17
Figure 3. Saving messages to the archives of received / sent messages
2.3. Typical deployment scenarios
Depending upon the network architecture, the following options for installation of Kaspersky Mail Gateway are possible:
install the application along corporate network perimeter in the demilitarized zone (DMZ) acting as a buffer between internal corporate LAN and external network);
install the application inside your existing mail system.
In each of the above cases the application can be installed:
to the same server with a running email system;
to a dedicated server.
The sections below discuss in detail the above scenarios and describe their advantages.
The application, being a mail relay, does not include a local mail delivery agent (MDA). Therefore, no matter which of the deployment scenarios is used, a mail system (or mail systems) that delivers email messages to the local users within the protected domains is required!
2.3.1. Installing the application along corporate network perimeter
The main advantage of this option is that it improves the overall performance of your mail system because it minimizes the number of transfer cycles for email messages.
18 Kaspersky
®
Mail Gateway 5.5
In this case the existing corporate mail server has no connection to the Internet; that means additional protection of your data. Moreover, demilitarized zones (DMZ) may be set up.
To install the application and the mail system on the same server, the following algorithm is provided to ensure their joint operation:
1. Configure all interfaces of Kaspersky Mail Gateway to listen on port 25 for incoming email traffic from all IP addresses matching the relevant MX records for the protected domain.
2. The application filters spam and scans email. Then it transfers the processed messages to the corporate mail system via a different port (e.g., 1025).
You have to set up restrictions for the mail transfer agent (MTA) receiving mail from Kaspersky Mail Gateway via port 1025 so that it accepts messages exclusively from Kaspersky Mail Gateway. Otherwise, there will be an opportunity to bypass the protection with a connection established directly from external network through port 1025.
3. The mail system, configured to use a local interface, will deliver messages to users.
The following steps are to be followed in order to install the application and the mail system on the same server:
Configure the application for mail receipt via port 25 on all network
interfaces of the server. In order to do this, specify the following value in the [smtpgw.network] section of the configuration file:
ListenOn=0.0.0.0:25
Specify in the routing table transfer of all scanned messages to the mail
system via port 1025. In order to do this, specify the following value in the [smtpgw.forward] section of the application configuration file:
ForwardRoute=*@company.com [host:1025]
where: *@company.com is the mask for recipient addresses
host – name of the your corporate mail server.
Change the settings of the existing mail system for receiving messages
from the application via port 1025. This will ensure receipt of all incoming mail messages and delivery of these messages to the local users within the protected domains of the company.
Set up the existing mail system to transfer all messages it receives to the
application via port 25. This will ensure anti-virus scanning and antispam filtering of all outgoing mail messages from the local users.
Application structure and typical deployment scenarios 19
Specify the list of all corporate local domains as a value for the
ProtectedDomains option in the [smtpgw.forward] section of the application configuration file ("*" and "?" wildcards can be used). Mail messages for the specified domains will be scanned.
Application configuration for this deployment scenario will be implemented by default during the installation process.
The operation algorithm of the application, when the latter is installed on a dedicated server, is identical to its operation on the same server with an email system, but the settings for this scenario will differ. IP address of the server, where the application is installed must be included in MX records corresponding to the protected domain.
In order to install the application on a dedicated server:
Configure the application for mail receipt via port 25 on all network
interfaces of the server. In order to do this, specify the following value in the [smtpgw.network] section of the application configuration file:
ListenOn=0.0.0.0:25
Specify in the routing table transfer of all scanned messages to the mail
system via port 25. In order to do this, specify the following value in the [smtpgw.forward] section of the application configuration file:
ForwardRoute=*@company.com [host:25]
where: *@company.com is the mask for recipient addresses
host – name of the your corporate mail server.
Specify the list of all corporate local domains as a value for the
ProtectedDomains option in the [smtpgw.network] section of the application configuration file ("*" and "?" wildcards can be used). Mail messages for the specified domains will be scanned.
This deployment scenario is the most convenient one, especially if the installation of Kaspersky Mail Gateway is performed at the same time with the deployment of the network and of the company’s mail system.
2.3.2. Installing the application inside your mail system
If the application is installed inside your mail system, there is no access from outside to the information about the application running on the server and its
20 Kaspersky
®
Mail Gateway 5.5
configuration. Besides, if the application is installed inside the mail system on a dedicated server, this provides for the possibility to distribute the load among several servers performing anti-virus scanning.
The following algorithm is provided for joint operation of the application and the mail system installed on the same server:
1. Duplicate your mail system and configure one of the copies to listen on port 25 and receive email messages via all available interfaces.
2. This mail system forwards all incoming messages through the local interface via a different port (port 1025, for instance) to the application for scanning and spam filtering.
3. The application filters spam, scans the email messages for viruses and forwards scanned and processed messages to the second mail system copy, which receives mail on a different port (e.g., port
1026).
4. The second mail system delivers email to the local users.
This deployment scenario is recommended if you are sure of the reliability of your mail system. The installation of the application will not affect the stability of your mail system.
Application setup on a dedicated server is similar to the above procedure. Besides, when installing the application on a dedicated server, you can create and run several copies of the application on different servers. This can help you distribute the anti-virus processing and spam filtering load among several servers.
To implement this scenario of application deployment:
Specify the list of all corporate local domains as a value for the ProtectedDomains option in the [smtpgw.network] section of the application configuration file ("*" and "?" wildcards can be used). Mail messages for the specified domains will be scanned.
Deploying Kaspersky Mail Gateway may require changes of the settings for the mail clients throughout the company so that all outgoing mail messages are delivered to the application, which will transfer the messages to the external network after an anti-virus scan and spam filtration.
If the network includes installed firewalls or demilitarized zones (DMZ’s), it is necessary to provide mail clients and internal and external networks servers with access to the installed application to ensure joint operation and routing of the mail traffic.
CHAPTER 3. INSTALLING THE
APPLICATION
Before installing Kaspersky Mail Gateway, it is necessary to:
Make sure that your system meets the hardware and software
requirements (see section 1.3 on p. 9).
Configure your Internet connection. The application distribution package
does not contain the anti-virus and content filtration databases required to perform anti-virus protection and filter spam.
Log on to the system as root or as a privileged user.
3.1. Installing the application on a server running Linux
For servers running the Linux operating system, Kaspersky Mail Gateway is distributed in three different installation packages, depending on the type of your Linux distribution.
You can use an rpm package to install the application under Red Hat Linux and SuSE Linux.
To initiate installation of Kaspersky Mail Gateway from the rpm package, enter the following in the command line:
# rpm –i scm-smtpgw-linux-<version_number>.i386.rpm
If you are installing the application from the rpm package, after the files have been copied to your server, run the postinstall.pl script to perform post-installation configuration. By default the postinstall.pl script is located in the /opt/kav/5.5/scm-smtpgw/setup/ directory.
In Debian Linux, the installation is performed from a deb package.
To initiate installation of Kaspersky Mail Gateway from the deb package, enter the following command in the command line:
# dpkg –i scm-smtpgw-linux-<version_number>.deb
After you enter the command, the application will be installed automatically.
22 Kaspersky
You can also use a universal distribution file for all Linux OS. Use this distribution file if your Linux version does not support the rpm or deb formats or if your administrator does not wish to use (or cannot use) a built-in package manager.
The universal Kaspersky Mail Gateway distribution file is supplied as an archive (tar.gz).
To initiate installation of Kaspersky Mail Gateway from the universal distribution file, do the following:
1. Copy the archive of the distribution file to a directory within the file system of your server.
2. Extract the archive using the following command:
# tar zxvf scm-smtpgw-linux-<version_number>.tar.gz
The archive contains the installer and the file tree of the application files that will be extracted by the above command.
3. Run the following installation script:
# cd <package_directory> # ./install.sh
After you enter the command, the application will be installed automatically.
The procedure of application setup under Mandriva 2006 distributions has some peculiarities. You might have to perform some additional actions to ensure correct functioning of the application in such systems (please see Chapter 9 on p. 88 for details).
®
Mail Gateway 5.5
3.2. Installing the application on a server running FreeBSD
The distribution file for installation of Kaspersky Mail Gateway on servers running FreeBSD OS is supplied as a pkg package.
To initiate installation of Kaspersky Mail Gateway from a pkg package, enter the following in the command line, depending upon the version of your FreeBSD distribution:
# pkg_add scm-smtpgw-freebsd-4.x-<version_number>.tgz
or:
# pkg_add scm-smtpgw-freebsd-5.x-<version_number>.tgz
or:
# pkg_add scm-smtpgw-freebsd6.x-<version_number>.tgz
Installing the application 23
After you enter the command, the application will be installed automatically.
In order to function correctly in FreeBSD 5.x and 6.x distributions, the Spamtest filter needs the following line in the configuration file of the working kernel:
options COMPAT_FREEBSD4
3.3. Installation procedure
Installation errors can occur for a number of reasons. If an error message is displayed, make sure that your computer satisfies the hardware and software requirements (see section 1.3 on p. 9) and that you have logged into the system as a root.
To install the application on the server, follow the steps below:
Step 1. Preparing the system
At this stage, the system creates the system group and user account for the application. The default group is kavusers and the default user account is kavuser. In future, the application will start under this user account (not root) to provide additional security for your system.
Step 2. Copying application files to destination directories
on your server
The installer starts copying the application files to the destination directories on your server. For a detailed description of the directories where the application files will be copied, see section A.1 on p. 95.
If you installed the application from an rpm package, then you should run the postinstall.pl script (present by default in the /opt/kav/5.5/scm- smtpgw/setup/ directory) to perform the following steps.
Step 3. Post-installation tasks
The post-installation configuration includes the following steps:
Configuring the smtpgw component (see section 3.4 on p. 24).
Installing and registering the license key.
If you have no license key at the time of installation (for example, if you purchased the application via the Internet and have not received the
24 Kaspersky
®
Mail Gateway 5.5
license key yet), you can activate the application after installation before its first use. For details see section 5.6 on p. 60. Please note that if the license key is not installed, the anti-virus and content filtration databases cannot be updated and the smtpgw component cannot be started during the installation process. You will have to do it manually, after the key is installed.
Configuring the keepup2date component.
Installation (updating) of the anti-virus and content filtering databases.
You must install the anti-virus and content filtration databases before using the application. The procedure of detecting and disinfecting viruses relies on the use of the anti-virus database records that contain description of viruses known at the moment and the methods of disinfecting these viruses. Anti-virus scanning and processing of email messages cannot be performed without the anti-virus database. The application employs its content filtering database for spam detection (analysis of message contents and attached files used to identify the signs of unsolicited mail).
Installing the Webmin module.
The Webmin module for remote management of the application can be installed correctly only if the Webmin application is located in the default directory. After the module is installed, you will receive detailed instructions on how to configure it to work with the application.
Launching the smtpgw component.
If, after installation, Kaspersky Mail Gateway has not started working as required, check the configuration settings. Pay special attention to the port number you specified for receiving mail traffic. You may also view the application log file.
After you properly complete these steps, a corresponding message on the server console will appear as soon as the installation procedure is over.
3.4. Configuring the application
Immediately after the files have been copied to your server, system configuration process will start. Depending on the package manager you use, the configuration process will either be started automatically or (if the package manager does not allow the use of interactive scripts, such as rpm), some additional actions will have to be performed by the administrator. All settings are stored in the
smtpgw.conf file installed by default in the /etc/kav/5.5/scm-smtpgw/ directory.
Installing the application 25
If you are using the rpm installation package, enter the following command to start configuration after the files are copied to your server:
# /opt/kav/5.5/scm-smtpgw/setup/postinstall.pl
The configuration procedure includes the following tasks:
Setting up (by the administrator) of the server name that will be used to
identify the application in the SMTP commands when creating the DSN and notifications (the Hostname parameter in the [smtpgw.network] section of the smtpgw.conf configuration file). Full domain name of the server must be specified as the parameter value.
Setting up the domain name that will be used to:
Assign the Postmaster address ([smtpgw.network] section,
Postmaster parameter)
Assign the sender’s return address for notifications
([smtpgw.policy] section, NotifyFromAdress parameter)
Define the administrator’s address ([smtpgw.policy] section, AdminNotifyAddress parameter)
Allow incoming mail to this domain ([smtpgw.options] section, RelayRule parameter).
Defining the interface and port to listen to the incoming email traffic
([smtpgw.network] section, ListenOn parameter). Type the port name and the IP address in the <x.x.x.x:z> format, where:
x.x.x.x is the IP address, and
z is the port number.
Specifying local network identifiers ([smtpgw.access] section,
RelayRule parameter). This value is used to assign rules for message
delivery and processing, for example, rules specific for your organization concerning mail processing, or blocking email messages from certain domains, etc. Specify the values using the following formats: <x.x.x.x> or <x.x.x.x/y.y.y.y>, or <x.x.x.x/y>,where:
x.x.x.x is the IP address, and
y.y.y.y or y is the subnet mask.
Specifying (when necessary) the server to which all processed messages
will be forwarded ([smtpgw.forward] section, the ForwardRoute parameter). Type the host name in the format: <x.x.x.x:z>, where:
x.x.x.x is the IP address, and
z is the port number.
26 Kaspersky
Specifying the proxy server name ([updater.options] section, ProxyAddress parameter). This option is necessary for computers
connected to the Internet via a proxy server.
Modifying the application configuration file to fine-tune the operation of the
AV module and the Spamtest filter (optional).
If all the above steps have been successfully completed, the configuration file will contain all settings that are required to start working with the application.
After the system is installed and configured, it is recommended that you check the settings for Kaspersky Mail Gateway and test its performance. For more details, see Chapter 7 on page 81.
®
Mail Gateway 5.5
3.5. Installing the Webmin module to manage Kaspersky Mail Gateway
The activity of Kaspersky Mail Gateway can be controlled remotely via a web browser using Webmin.
Webmin is a program, which simplifies administration of Linux/Unix systems. The software is based on modular structure and supports connection of new modules as well as development of your own customized ones. You can obtain additional information about Webmin and download its distribution package from the official program web site at: www.webmin.com.
The distribution package of Kaspersky Mail Gateway includes a Webmin module that you can either connect during application setup following its installation (see section 3.3 on p. 23) if your system already has Webmin installed, or at any time later as soon as you install Webmin.
The following part of this manual contains a detailed description of the procedure necessary to connect the Webmin module for administration of Kaspersky Mail Gateway.
If the default settings have been used during Webmin installation, then you can access the program from your web browser using HTTP / HTTPS to connect to port 10000 as soon as the installation procedure is finished.
Installing the application 27
In order to install the Webmin module to control Kaspersky Mail Gateway:
1. Use your web browser to access Webmin with the privileges of its administrator.
2. Select the Webmin Configuration tab in the program menu, and then proceed to the Webmin Modules section.
3. Select the From Local File option in the Install Module section
and click (see Figure 4).
Figure 4. Install Module section
4. Enter the path to the Webmin module of the product and click ОК.
Webmin module is located in the scm-smtpgw.wbm file installed by default to the /opt/kav/5.5/scm-smtpgw/setup/ directory (in Linux distributions) or the /usr/local/share/kav/5.5/scm-smtpgw/setup directory (for FreeBSD distributions).
If the Webmin module is installed successfully, you will see a corresponding message on the display.
You can access the settings of Kaspersky Mail Gateway by clicking its icon within the Others tab (see Figure 5).
28 Kaspersky
Figure 5. The icon of Kaspersky Mail Gateway in the Others tab
®
Mail Gateway 5.5
CHAPTER 4. THE PRINCIPLES
OF PROGRAM OPERATION
This chapter contains information necessary for better understanding of the algorithm of application functioning and interaction between its components as well as information required for correct software setup.
4.1. Creating groups of recipients/senders
Recipients/Senders group is defined as pairs of recipient/sender email addresses. A particular email message may be assigned to a particular group depending on whether this group contains the sender’s or the recipient’s address present in the MAIL FROM and RCPT TO commands.
The administrator can specify individual rules for processing of each mail message depending on the group of recipients/senders. Therefore, it is particularly important that the addresses must be associated with a correct group.
While processing a message, the application searches through the list of addresses for each specific group. If it finds a matching combination of the sender/recipient addresses, the rules defined for this group will be applied to the email message.
The anti-virus and spam filtering functionality of Kaspersky Mail Gateway depends on the configuration file settings. You can make configuration changes to the file either locally or remotely (using the Webmin remote administration module).
The configuration file contains the [smtpgw.policy] section that implicitly defines the policy group, which determines the default rules for processing of email messages.
All parameters specified in that section and the section itself are mandatory.
The [smtpgw.policy] section does not contain the names of senders and recipients. Rules defined in [smtpgw.policy] are applied to all messages, except for those belonging to other groups explicitly described as [smtpgw.group:group_name] sections.
30 Kaspersky
®
Mail Gateway 5.5
All parameters in [smtpgw.group:group_name] sections are optional. If a parameter value in such section is not specified, it will be taken from an identical option in the [smtpgw.policy] section.
If the configuration file included into the application installation package is used, then the mail messages will be processed according to the following rules (defined by the policy group):
Check all mail messages for presence of spam signs.
Modify the Subject field for messages identified as spam or probable
Scan all mail messages for viruses.
Deliver to the recipients messages containing clean or disinfected objects
spam
1
.
only.
Infected objects and objects, which caused errors during their analysis,
must be removed from messages as well as suspicious, password­protected and damaged objects.
Notify recipients and the administrator about infected, suspicious,
corrupted, protected or filtered objects in messages and the objects, which caused errors during their analysis.
You can change the parameters of the policy group or create new groups. If you would like to process email messages belonging to different groups of recipients/senders using different rules, you will have to create several groups.
To create a new group of user addresses,
1. Create section [smtpgw.group:group_name] in the configuration
file.
2. Specify sender and recipient addresses as the values of Senders and Recipients parameters (masks of addresses). In order to define several addresses or address masks, use the following construction:
Senders=user1@example.com Senders=*@internal.local
1
A special label is added to the Subject field depending upon the status and identified
content category. Please see section 4.3.3 on page 37 for details.
Loading...
+ 124 hidden pages
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use