KASPERSKY Mail Gateway 5.6 User Manual

KASPERSKY LAB

Kaspersky® Mail Gateway 5.6

ADMINISTRATOR’S

GUIDE

KASPERSKY® MA I L GAT E W A Y 5 . 6

Administrator’s Guide

 Kaspersky Lab

http://www.kaspersky.com

Revision date: July, 2008.

Contents

CHAPTER 1. KASPERSKY® MAIL GATEWAY 5.6 ....................................................... 8

1.1. What‟s new in Kaspersky Mail Gateway 5.6 ...................................................... 10

1.2. Licensing policy ................................................................................................... 11

1.3. Hardware and software requirements ................................................................ 12

1.4. Distribution kit ...................................................................................................... 13

1.5. Help desk for registered users ............................................................................ 13

CHAPTER 2. APPLICATION STRUCTURE AND TYPICAL DEPLOYMENT

SCENARIOS .................................................................................................................. 15

2.1. Application architecture ....................................................................................... 15

2.2. The main application‟s algorithm ........................................................................ 17

2.3. Typical deployment scenarios ............................................................................. 20

2.3.1. Installing the application in a demilitarized zone .......................................... 21

2.3.2. Installing the application inside the corporate network‟s perimeter ............. 23

CHAPTER 3. INSTALLING THE APPLICATION ......................................................... 25

3.1. Installing the application on a server running Linux ........................................... 25

3.2. Installing the application on a server running FreeBSD ..................................... 26

3.3. Installation procedure .......................................................................................... 26

3.4. Configuring the application .................................................................................. 28

3.5. Installing the Webmin module to manage Kaspersky Mail Gateway ................ 30

CHAPTER 4. THE PRINCIPLES OF THE APPLICATION‟S OPERATION ............... 33

4.1. Creating groups of recipients/senders ................................................................ 33

4.2. General message processing algorithm ............................................................. 36

4.3. Operation of the anti-spam module .................................................................... 38

4.3.1. Analysis of formal signs ................................................................................ 39

4.3.2. Content filtration ............................................................................................ 40

4.3.3. Checks using external services .................................................................... 41

4.3.4. Urgent Detection System ............................................................................. 41

4.3.5. Recognition results and actions over messages ......................................... 42

4.4. Operation of the anti-virus scanning module ...................................................... 44

4 Kaspersky® Mail Gateway 5.6

CHAPTER 5. ANTI-VIRUS PROTECTION AND SPAM FILTRATION....................... 46

5.1. Updating the anti-virus and anti-spam databases .............................................. 46

5.1.1. Automatic updating of the anti-virus and anti-spam databases .................. 48

5.1.2. Manual updating of the anti-virus and anti-spam databases ...................... 49

5.1.3. Creating a network directory to store and share updates ........................... 50

5.2. Spam filtration ...................................................................................................... 51

5.2.1. Starting and managing the components of the anti-spam module ............. 52

5.2.2. Managing the filtration process .................................................................... 52

5.2.3. Mail filtration using black and white lists....................................................... 54

5.2.4. Managing the UDS service .......................................................................... 55

5.2.5. Managing the list of enabled DNSBL services ............................................ 56

5.2.6. Marking of messages containing spam ....................................................... 57

5.2.7. Blocking delivery of spam messages ........................................................... 57

5.2.8. Storage of spam message copies in the quarantine directory .................... 58

5.3. Anti-virus protection of e-mail traffic .................................................................... 59

5.3.1. Delivery of messages with clean or disinfected objects only ...................... 59

5.3.2. Replacement of infected objects by standard notifications ......................... 60

5.3.3. Blocking delivery for messages containing suspicious objects ................... 61

5.3.4. Delivery of notifications to the sender, administrator and recipients ........... 62

5.3.5. Additional filtering of objects by name and type .......................................... 63

5.3.6. Saving messages in the quarantine directory ............................................. 64

5.4. Combining spam filtration and anti-virus protection ........................................... 65

5.4.1. Maximum speed ........................................................................................... 65

5.4.2. Recommended mode ................................................................................... 67

5.4.3. Maximum protection ..................................................................................... 68

5.5. Additional features of Kaspersky Mail Gateway ................................................. 69

5.5.1. Automatically add incoming and outgoing e-mail to archives ..................... 69

5.5.2. Protection from hacker attacks and spam ................................................... 70

5.6. Managing product keys ....................................................................................... 71

5.6.1. Viewing information about product keys ...................................................... 72

5.6.2. Renewing your product key .......................................................................... 74

5.6.3. Removing a key ............................................................................................ 75

CHAPTER 6. ADVANCED APPLICATION SETTINGS .............................................. 76

6.1. Configuring anti-virus protection of e-mail traffic ................................................ 76

6.1.1. Setting up application timeouts .................................................................... 76

Contents 5

6.1.2. Setting performance restrictions .................................................................. 78

6.2. Setting up connection receiving interfaces ......................................................... 79

6.3. Setting up the routing table ................................................................................. 80

6.4. Checking the configuration file syntax ................................................................ 81

6.5. Syntax check in notification templates ................................................................ 81

6.6. Work with e-mail archives and the quarantine directory .................................... 82

6.7. Management of application working queue ........................................................ 85

6.8. Managing the application .................................................................................... 88

6.9. Control of application activity ............................................................................... 90

6.10. Customizing date and time formats .................................................................. 91

6.11. Reporting options .............................................................................................. 91

6.12. Adding supplementary information to messages ............................................. 93

6.13. Control of application activity via SNMP ........................................................... 94

CHAPTER 7. TESTING APPLICATION OPERABILITY ............................................. 97

7.1. Testing mail receipt and delivery using Telnet ................................................... 97

7.2. Testing the anti-spam filtration ............................................................................ 99

7.3. Testing the application using EICAR ................................................................ 100

CHAPTER 8. UNINSTALLING THE APPLICATION ................................................. 102

CHAPTER 9. FREQUENTLY ASKED QUESTIONS ................................................. 103

APPENDIX A. KASPERSKY MAIL GATEWAY CONFIGURATION FILE ................ 107

A.1. Section [path] .................................................................................................... 107

A.2. Section [locale] .................................................................................................. 108

A.3. Section [options] ................................................................................................ 108

A.4. Section [mailgw.access] ................................................................................... 109

A.5. Section [mailgw.antispam] ................................................................................ 114

A.6. Section [mailgw.forward] ................................................................................... 115

A.7. Section [mailgw.limits] ....................................................................................... 116

A.8. Section [mailgw.network] .................................................................................. 117

A.9. Section [mailgw.options] ................................................................................... 119

A.10. Section [mailgw.path] ...................................................................................... 121

A.11. Section [mailgw.timeouts] ............................................................................... 122

A.12. Section [mailgw.archive] ................................................................................. 124

A.13. Section [mailgw.snmp] .................................................................................... 125

A.14. Section [mailgw.policy] .................................................................................... 126

6 Kaspersky® Mail Gateway 5.6

A.15. Section [path mailgw.group:group_name] ..................................................... 136

A.16. Section [updater.path] ..................................................................................... 145

A.17. Section [updater.options] ................................................................................ 146

A.18. Section [updater.report] .................................................................................. 148

APPENDIX B. SUPPLEMENTARY INFORMATION ABOUT THE PRODUCT ....... 149

B.1. Distribution of the application files in directories .............................................. 149

B.2. Use of external configuration files..................................................................... 153

B.3. Control signals for the main application daemon ............................................. 155

B.4. Command line application management ......................................................... 155

B.5. Application statistics .......................................................................................... 156

B.6. SNMP traps for interaction with the application via SNMP .............................. 163

B.7. Mailgwd command line options ........................................................................ 164

B.8. Mailgwd return codes ........................................................................................ 165

B.9. Licensemanager command line options .......................................................... 167

B.10. Licensemanager return codes ........................................................................ 167

B.11. Keepup2date command line options.............................................................. 168

B.12. Keepup2date return codes ............................................................................. 169

B.13. Templates........................................................................................................ 170

B.14. Mailgw-tlv utility return codes .......................................................................... 180

B.15. Mailgw-mailq utility command line options ..................................................... 180

B.16. Mailgw-maila utility command line options ..................................................... 181

B.17. Mailgw-maila and mailgw-mailq return codes ................................................ 182

B.18. Special headers added by the anti-spam module ......................................... 183

B.19. Format of messages about anti-virus scanning and spam filtration .............. 185

B.20. Notifications about actions applied to the message ...................................... 187

APPENDIX C. SENDING SPAM TO THE GROUP OF SPAM ANALYSTS ............ 191

APPENDIX D. KASPERSKY LAB............................................................................... 193

D.1. Other Kaspersky Lab Products ........................................................................ 194

D.2. Contact Us ........................................................................................................ 205

APPENDIX E. LICENSE AGREEMENT ..................................................................... 206

APPENDIX F. SOFTWARE COMPONENTS FROM THIRD-PARTY VENDORS .. 212

F.1. Berkeley DB 1.85 library ................................................................................... 212

F.2. Libjpeg 6b library ............................................................................................... 213

Contents 7

F.3. Libungif library ................................................................................................... 215

F.4. Libevent library .................................................................................................. 215

F.5. Libspf2 library .................................................................................................... 216

F.6. Libpatricia library................................................................................................ 217

F.7. Pcre library ......................................................................................................... 218

F.8. Zlib library .......................................................................................................... 219

F.9. Expat library ....................................................................................................... 220

F.10. STLport library ................................................................................................. 220

F.11. OpenSSL library .............................................................................................. 221

F.12. FreeBSD libc library ........................................................................................ 223

F.13. Mcpp preprocessor program .......................................................................... 224

F.14. Libbind library .................................................................................................. 225

F.15. Snmp++v3.2.22 library .................................................................................... 226

F.16. Libdes-l-4.01a library ....................................................................................... 226

F.17. Crypt-1.02 library ............................................................................................. 227

F.18. AgentX++v1.4.16 library ................................................................................. 227

F.19. Agent++v3.5.28a library .................................................................................. 233

F.20. Universal Charset Detector (Mozilla) library ................................................... 235

Note
DNSBL (DNS based black hole list) is a database that lists IP

addresses of mail servers used for uncontrolled mass mailing. Such
servers receive mail from anyone and deliver it further to arbitrary
recipients. Use of DNSBL allows automatic blocking of mail from such
mail servers. Various services use different policies for generation of
such lists. Please examine carefully the policy of each service before you
start using it for mail filtration.

CHAPTER 1. KASPERSKY

®

MAIL

GATEWAY 5.6

Kaspersky® Mail Gateway 5.6, (henceforth referred to as Kaspersky Mail Gate-
way or the application), filters SMTP e-mail traffic to protect e-mail system users

against viruses and unwanted messages (spam). The application is a full­featured mail relay (compliant with IETF RFC internet standards) that runs under
the Linux and FreeBSD operating systems.

The application allows the user to:

 Scan e-mail messages for viruses, including both attached objects and

message bodies.

 Detect infected, suspicious, and password-protected attachments and

message bodies.

 Perform anti-virus processing (including disinfection) of infected objects

detected in e-mail messages by scanning.

 Filter e-mail traffic by the names and MIME types of attachments, and

apply specified processing rules to the filtered objects.

 Check each message including attached objects for signs typical of

spam.

 Check during anti-spam analysis the addresses of mail sender and re-

cipient (envelope), message size and various headers (including From
and To).

 Perform the following checks as a part of the anti-spam mail analysis:

 Presence of the sender‟s IP address in a DNS-based real time

black hole list (DNSBL).

Kaspersky® Mail Gateway 5.6 9

Attention!

Please remember that new viruses appear every day, and therefore
you are advised to maintain the anti-virus databases in an up-to-date

state. New updates are made available on Kaspersky Lab‟s update

servers every hour.

 availability of a DNS record for the sending server (reverse DNS

lookup);

 a check of the sender's IP address for compliance with the list of

addresses allowed for a domain, based on the Sender Policy
Framework (SPF);

 a check of addresses and links to web sites in the message text us-

ing the Spam URL Real-time Blocklists (SURBL) service.

 Scan also attached images, comparing them to the signatures of known

spam messages, and take the comparison results into account to de­termine the status of the message.

 Maintain archives of all e-mail messages sent and/or received by the

application, if required by the internal security policy of the company.

 Enable restrictions for SMTP connections, to provide protection against

hacking attacks and to prevent the application being used as an open e­mail relay for unsolicited e-mail messages.

 Limit the load on your server by configuring the application‟s settings

and SMTP parameters.

 Create white and black lists of senders and recipients applied during

processing of e-mail traffic.

 Notify senders, recipients, and the administrator about disinfected let-

ters, about messages containing infected, suspicious, or protected ob­jects, and also about errors that have occurred during mail scanning.

 Quarantine messages identified as spam or probable spam, formal or

blacklisted mail as well as messages containing infected and suspicious
objects.

 Update the anti-virus and anti-spam databases of Kaspersky Mail

Gateway. The application retrieves updates from Kaspersky Lab‟s up­date servers. You can also configure the application to update the data­bases from a local directory.

The application detects and cures infected objects using the anti-virus
database. During scans, the contents of each file are compared to the
sample code of known viruses contained in the database.

10 Kaspersky® Mail Gateway 5.6

Attention!

Kaspersky Lab‟s Linguistic Laboratory continues to work on improving

and supplementing the corpus of data used for spam detection. Effi-

cient spam fighting requires that you regularly update the application‟s

anti-spam databases. Updates for the databases are made available
on Kaspersky Lab‟s update servers every three minutes.

The anti-spam databases are used during analysis of message contents
(including Subject and other headers) and attached files. The applica­tion uses linguistic algorithms which compare the analyzed text with
sample messages, and search for typical words and word combinations.

The keepup2date component‟s function is to update the anti-virus and
anti-spam databases (see section 5.1 on p. 46).

 Configure and manage Kaspersky Mail Gateway, either from a remote

location using the Webmin web-based interface, or locally using stan­dard operating system tools such as using command line options, sig­nals, special command files or by modifying the application‟s configura­tion file.

 Monitor the antivirus protection, spam filtering status, application statis-

tics and logs both locally and remotely using the Webmin interface.

 Obtain configuration data and statistics on application activity via SNMP

and configure the application to generate and send SNMP traps upon
occurrence of certain events.

1.1. What’s new in Kaspersky Mail

Gateway 5.6

Kaspersky Mail Gateway has the following additional features as compared to
Kaspersky SMTP-Gateway 5.6:

 The application includes anti-spam module with the following features:

 Increased performance and stability.
 Low RAM requirements.
 Low level of Internet traffic (updates to Kaspersky Mail Gateway da-

tabases).

Kaspersky® Mail Gateway 5.6 11

 Improved filtration methods are used, namely:

 Algorithms for parsing of HTML objects in e-mail messages (in-

creasing the efficiency of protection against various spammer tricks
devised to bypass filtration systems).

 System for analysis of e-mail message headers.
 System for analysis of graphical attachments (GSG).
 Sender Policy Framework (SPF) and Spam URL Realtime Block-

lists (SURBL) services.

 Internal Urgent Detection System (UDS) service, which allows ob-

taining information about certain types of spam in real time.

 Individual settings available for user groups: certain scanning methods

can be enabled/disabled separately for every group; you can also define
the actions to be performed over e-mail messages.

 Collection of configuration data and statistics of application activity via

SNMP; the application can be configured to send SNMP traps when
certain events occur.

 Redesigned subsystem accepting incoming mail consumes fewer re-

sources and supports more simultaneous incoming connections.

1.2. Licensing policy

The licensing policy for Kaspersky Mail Gateway 5.6 limits product use based on
these criteria:

 Number of users protected by the application.
 E-mail traffic processed daily (MB/day).

Each type of license also has a time limit, typically one or two years from the
date of purchase.

At the time of purchase, you can specify which type of license limitation you re­quire (for example, by the daily e-mail traffic volume).

In addition, you can choose during product purchase whether your copy of
Kaspersky Mail Gateway will only perform anti-virus scanning of e-mail traffic, or
if it will also filter spam.

The application has slightly different configuration parameters depending on the
type of license you purchased. For instance, if the license is issued for a certain
number of users, you will have to create a list of addresses (domains) that will
be protected by the application against viruses and spam. The application will

12 Kaspersky® Mail Gateway 5.6

Attention!

Please note that the application‟s working queue, quarantine di­rectory, and archives of incoming and outgoing e-mail are not
included in the hard disk space required. If your network security
policy requires the use of these features, additional disk space will
be needed.

notify the administrator when the license limitations are reached: in this case,
when the number of protected accounts is exceeded.

1.3. Hardware and software

requirements

The minimum system requirements for normal operation of Kaspersky Mail
Gateway are as follows:

 Hardware requirements:

 Intel Pentium® processor (Pentium III or Pentium IV recom-

mended).

 At least 256 МB of available RAM.
 At least 100 MB of available space on your hard drive to install the

application.

 At least 500 MB of available space in the /tmp file system.

 Software requirements:

 One of the following operating systems for 32-bit platforms:

o Red Hat Enterprise Linux Server 5.
o Fedora 7.
o SUSE Linux Enterprise Server 10.
o OpenSUSE Linux 10.3.
o Debian GNU/Linux 4 r1.
o Mandriva 2007.
o Ubuntu 7.10 Server Edition.
o FreeBSD 5.5, 6.2.

Kaspersky® Mail Gateway 5.6 13

 One of the following operating systems for 64-bit platforms:

o Red Hat Enterprise Linux Server 5.
o Fedora 7.
o SUSE Linux Enterprise Server 10.
o OpenSUSE Linux 10.3.

 Perl interpreter, version 5.0 or higher (www.perl.org), bzip2 utility

for unpack spam filtration bases, and the which utility for application
installation.

 Webmin version 1.070 or higher (www.webmin.com) to install the

remote administration module (optional).

1.4. Distribution kit

You can purchase the product either from our dealers or at one of our online
stores (for example, www.kaspersky.com/store – follow the E-store link).

If you purchase our application online, you will download it from Kaspersky Lab's
website. Your product key will be sent to you by e-mail after payment.

The License Agreement constitutes a legal agreement between you and Kasper­sky Lab, containing the terms and conditions under which you may use the pur­chased software.

1.5. Help desk for registered users

Kaspersky Lab offers an extensive service package enabling registered custom­ers to boost the productivity of Kaspersky Mail Gateway.

After purchasing the product key, you become entitled to receive the following
services for the validity period of your key:

 new versions of the application provided free of charge.
 phone or e-mail support on matters related to the installation, configura-

tion, and operation of the product you have purchased. You can contact
the Technical Support service for consulting using any of the following
methods:

 Make a phone call to Technical Support.

14 Kaspersky® Mail Gateway 5.6

Note

Kaspersky Lab does not give advice on the performance and use of your operat­ing system, third party applications or other technologies.

 Create and send a request using the Technical Support web site

(http://www.kaspersky.com/helpdesk) or your personal user cabi­net.

 notifications about new software products from Kaspersky Lab, and

about new virus outbreaks. This service is provided to users who sub­scribe to Kaspersky Lab‟s e-mail newsletter service.

CHAPTER 2. APPLICATION

STRUCTURE AND TYPICAL
DEPLOYMENT SCENARIOS

The correct configuration of the application, and its efficient operation, require
knowledge of its structure and internal algorithms. It is also important for the ap-

plication‟s deployment within an existing corporate e-mail system. This chapter
discusses in detail the application‟s structure, architecture and operating princi-

ples, as well as typical deployment scenarios.

2.1. Application architecture

A review of the application‟s functionality must be preceded by a description of its

internal architecture.
Kaspersky Mail Gateway is a fully-featured Mail Transfer Agent (MTA), able to

receive and route e-mail traffic, which also scans e-mail messages for viruses,
and filters spam.

The application uses SMTP protocol commands (RFC 2821), the Internet mes­sage format (RFC 2822), MIME format (RFC 2045-2049, 2231, 2646), and satis­fies the requirements for e-mail relays (RFC 1123). In compliance with anti-spam
recommendations (RFC 2505 standard), the application uses access control
rules for SMTP clients to prevent the use of this application as an open relay. In
addition, Kaspersky Mail Gateway supports the following SMTP protocol exten­sions:

 Pipelining – enhances performance of servers supporting this mode of

operation (RFC 2920).

 8-bit MIME Transport – processes code tables of national language

characters (RFC 1652).

 Enhanced Error Codes – provides more informative explanations of pro-

tocol errors (RFC 2034).

 DSN (Delivery Status Notifications) – decreases bandwidth usage and

provides more reliable diagnostics (RFC 1891, 3461-3464).

 SMTP Message Size – Decreases the server load and increases trans-

fer rate (RFC 1870).

16 Kaspersky® Mail Gateway 5.6

Note

The RFC documents mentioned above are available at: http://www.ietf.org.

The application includes these components:

 mailgw – the main application component – a fully-featured e-mail relay

with built-in anti-virus protection and spam filtering.

 licensemanager – the component which manages product keys (their

installation, removal, and statistics).

 keepup2date – the component that updates the anti-virus and anti-spam

databases, by downloading the updates either from Kaspersky Lab‟s

update servers or from a local directory.

 Webmin module – for remote administration of the application using a

web-based interface (optional installation). This component allows the
user to configure and manage the database updating process, specify
the actions to be performed on detected objects, and monitor the appli­cation‟s operation.

The main application component (see Fig.1), in turn, consists of these modules:

 Receiver, which receives incoming e-mail.
 Sender, which sends out messages which have passed anti-virus scan-

ning and spam filtering.

 AS module which performs anti-spam analysis of e-mail, its classifica-

tion and processing.

 AV module, the anti-virus engine.
 Scanning module, which acts with the AS and AV modules to process

messages, providing anti-virus scanning and spam filtering of e-mail
traffic.

Figure 1. General architecture of Kaspersky Mail Gateway

Application structure and typical deployment scenarios 17

2.2. The main application’s

algorithm

The application works as follows (see Fig. 2):

1. The e-mail agent receives e-mail messages via the SMTP protocol, and
passes them to the Receiver module.

Figure 2. Working queue of Kaspersky Mail Gateway

2. The Receiver module performs preliminary e-mail processing using the
following criteria:

 presence of the sender‟s IP address in the list of blocked and/or

trusted addresses including masks;

 compliance with the access restrictions specified for SMTP connec-

tions (see section 5.5.2 on p. 70);

 compliance of the message size (and the total number of messages

within the session) with the limits specified in the application‟s set­tings;

 compliance of the number of open sessions (both the total number

from all IP addresses, and from a single IP address) with the limits
specified in the application‟s settings.

If the message satisfies the preliminary processing requirements, it is
sent to the working queue to be processed by the scanning module.

If the option to archive all incoming e-mail has been selected, a copy of
any message added to the working queue will be automatically pre­served in the archive of received messages.

Blind carbon copies of each message can also be sent to a specified list
of e-mail addresses before scanning of the received mail.

18 Kaspersky® Mail Gateway 5.6

3. The Scanning module receives a message from the working queue and
transfers it to the anti-spam module for inspection.

The anti-spam module consists of the following components:
 Filtration master process and filtering processes which perform ac-

tual mail analysis.

 Licensing daemon which verifies the presence of a valid key file

and compliance with the restrictions defined in the key.

 Daemon processing SPF requests.
 Auxiliary programs and scripts including the script compiling the

anti-spam databases.

The main component of the anti-spam module is the filtering master
process (mailgw-process-server) performing the following functions:

 Monitoring of requests for connection to filtering processes from the

application Scanning module.

 Launch of new filtering processes when there are no more avail-

able ones.

 Control of the status of running filtering processes.
 Termination of child processes upon an appropriate signal.

Filtering process (ap-mailfilter) receives at launch message header and
body, scans them and returns the results.

If message sender should be checked for compliance with the existing
SPF policy, the filtering process sends a request to SPF daemon
(mailgw-spfd), which performs necessary queries to DNS server and re­turns the results to the filtering process.

Message analysis and application of rules defined by the parameters in
configuration file are only performed when a valid product key is pre­sent.

All license-related checks are performed by the licensing module (kas-
license) upon request from a filtering process.

Having finished message processing, a filtering process keeps running
expecting a new request. A filtering process is terminated after it has
handled the maximum number of messages specified for a single proc­ess (usually 300) or if it remains idle for a long time.

The AS module assigns to message a certain status based on the in­spection results, and returns the message to the Scanning module,

Application structure and typical deployment scenarios 19

Attention!
If you have only purchased a license for anti-virus scanning of e-

mail traffic, spam filtering will not be performed. Messages will be
delivered directly to the AV module for scanning, and any configura­tion parameters which apply to the anti-spam module are ignored.

Note

The creation of a copy of a message in backup storage or the quaran­tine directory does not block delivery of the original message to the
recipient. An additional action blocking its delivery must be specified
to prevent message delivery to the recipient.

which breaks it into its components and passes them to the AV module
for analysis.

4. The AV module scans the objects and, if this option is enabled, disin­fects them when necessary.

5. The Scanning module handles messages according to the status (see
section 4.2 on p. 36) assigned to each part of the message during
analysis by the AS and AV modules. Possible actions include blocking
message delivery, deleting infected objects, modifying message head­ers, and moving the message to the quarantine directory. The actions to

be applied are specified in the application‟s configuration file. Each

processed message is then added to the ready-to -send message
queue.

6. If the application‟s configuration specifies that detected messages are to
be saved in quarantine, a copy of the scanned message will be saved in
the quarantine directory concurrently with its transfer to the ready-to­send queue. The application creates separate quarantine directories for
messages identified as spam or probable spam (after anti-spam analy­sis), and for messages containing infected or suspicious objects (after
anti-virus scanning).

7. The Sender module receives each message from the ready-to-send
queue, and transfers it via the SMTP protocol to the onward e-mail
agent to be delivered to local end users or rerouted to other mail serv­ers.

8. If your network security policy requires logging of all outgoing e-mail
traffic, a copy of each message will be automatically stored in the ar­chive of sent messages after it is dispatched (see Fig. 3).

20 Kaspersky® Mail Gateway 5.6

Attention!
The application, being an e-mail relay, does not include a local e-mail delivery

agent (MDA). Therefore, all deployment scenarios require an e-mail system
(or e-mail systems) to deliver e-mail messages to local users within protected
domains.

Figure 3. Saving messages to the archives of received / sent messages

2.3. Typical deployment scenarios

Depending upon the network architecture, there are two options for installing
Kaspersky Mail Gateway:

 install the application within a demilitarized zone (DMZ) acting as a

buffer between the internal corporate LAN and the external network;

 install the application inside the perimeter of the corporate network, as

part of your existing e-mail system.

In each of the above cases the application can be installed:

 on the same server as the running e-mail system;
 on a dedicated server.

The sections below discuss these scenarios in detail and describe their advan­tages.

Application structure and typical deployment scenarios 21

Attention!
You must set up restrictions for the e-mail transfer agent (MTA) re-

ceiving e-mail from Kaspersky Mail Gateway via port 1025, so that it
accepts messages exclusively from Kaspersky Mail Gateway (e.g.,
configure mail receipt from the localhost (127.0.0.1) interface only).
Otherwise, it will be possible to bypass the application with a connec­tion established directly from the external network through port 1025.

2.3.1. Installing the application in a

demilitarized zone

The main advantage of this deployment option is that it improves the overall per­formance of your e-mail system, by minimizing the number of transfer cycles for
e-mail messages. It also provides additional protection for data, because the
existing corporate mail server in that case has no connection to the Internet.

This is an overview of how to install the application and the e-mail system on the
same server, so that they work together:

1. Configure all interfaces of Kaspersky Mail Gateway to listen on port 25
for incoming e-mail traffic from all IP addresses which match the
relevant MX records for the protected domain.

2. The application will filter spam and scan e-mail, and then transfer
processed messages to the corporate e-mail system via a different port
(e.g., 1025).

3. The e-mail system, configured to use a local interface, delivers
messages to users.

Follow these steps to install the application and the e-mail system on the same
server:

 Configure the application to receive e-mail via port 25 on all the server‟s

network interfaces. To do this, specify the following value in the
[mailgw.network] section of the configuration file:

ListenOn=0.0.0.0:25

 Specify in the routing table that all scanned messages will be trans-

ferred to the e-mail system via port 1025. To do this, specify the follow­ing value in the [mailgw.forward] section of the application‟s configura­tion file:

ForwardRoute=<company_mask> [localhost:1025]

where: <company_mask> is the mask for recipient addresses.

22 Kaspersky® Mail Gateway 5.6

Attention!
These are the default application configuration settings for this deployment

scenario, which will be stored in the configuration file by the installation proc­ess.

 Change the settings of the existing e-mail system to receive messages

only from the application via port 1025. This will ensure that all incoming
e-mail messages are received, and that they are delivered to local users
within the protected domains of the company.

 Set up the existing e-mail system to transfer all the messages it re-

ceives to the application via port 25. This will ensure anti-virus scanning
and anti-spam filtering of all outgoing e-mail messages from local users.

 Specify a list of all corporate local domains as the value for the Pro-

tectedDomains option in the [mailgw.forward] section of the applica-

tion configuration file ("*" and "?" wildcards can be used). E-mail mes­sages for the specified domains will be scanned.

When the application is installed on a dedicated server, its operation algorithm is
identical to when it is installed on the same server as the e-mail system, but the
settings will differ. The IP address of the server on which the application is in­stalled, must be included in MX records corresponding to the protected domain.

To install the application on a dedicated server:

 Configure the application to receive mail via port 25 on all the server‟s

network interfaces, by specifying the following value in the
[mailgw.network] section of the application‟s configuration file:

ListenOn=0.0.0.0:25

 Specify in the routing table that all scanned messages must be trans-

ferred to the e-mail system via port 25, by setting the following value in
the [mailgw.forward] section of the application‟s configuration file:

ForwardRoute=<company_mask> [host:25]

where: <company_mask> is the mask for recipient addresses, and will
generally be of the form *@company.com

host – name of your corporate e-mail server.

 Specify the list of all local corporate domains as the value for the Pro-

tectedDomains option in the [mailgw.network] section of the applica-

tion configuration file ("*" and "?" wildcards can be used). e-mail mes­sages for the specified domains will be scanned.

Application structure and typical deployment scenarios 23

Attention!
This is the most convenient deployment scenario, especially if Kaspersky Mail

Gateway is installed at the same time as the network is deployed and the com­pany‟s e-mail system is installed.

Attention!
This deployment scenario is recommended if you are sure of the reliability of

your e-mail system. Installing the application in this configuration will not affect
the stability of your e-mail system.

2.3.2. Installing the application inside the

corporate network’s perimeter

One advantage of installing the application inside the corporate perimeter is that
there is no external access to the information that the application is running on
the server, or to its configuration. Additionally, if the application is installed on a
dedicated server, the load of performing anti-virus scanning can be distributed
amongst several servers.

This is how the application and the e-mail system work together if they are in­stalled on the same server:

1. Duplicate your e-mail system and configure one of the copies to listen
on port 25, and receive e-mail messages via all available interfaces.

2. This e-mail system forwards all incoming messages through the local in­terface via a different port (port 1025, for instance) to the application for
scanning and spam filtering.

3. The application filters spam, scans the e-mail messages for viruses and
forwards scanned and processed messages to the second e-mail sys­tem copy, which receives e-mail on a different port (e.g., port 1026).

4. The second e-mail system delivers e-mail to the local users.

Installing the application on a dedicated server is similar to the above procedure.
Additionally when installing the application on a dedicated server, you can create
and run several copies of the application on different servers, enabling you to
distribute the load of anti-virus processing and spam filtering amongst these sev­eral servers.

To deploy the application on a dedicated server:

Specify the list of all local corporate domains as a value for the Protect­edDomains option in the [mailgw.network] section of the application

24 Kaspersky® Mail Gateway 5.6

Attention!
Deploying Kaspersky Mail Gateway may require changes to the settings for e-

mail clients throughout company, to ensure that all outgoing e-mail messages
are delivered to the application. These messages will be transferred to the exter­nal network after an anti-virus scan and spam filtration.

Attention!

If the network includes installed firewalls or demilitarized zones (DMZ‟s), it is

necessary to provide e-mail clients and internal and external network servers
with access to the installed application to ensure joint operation and routing of
the e-mail traffic.

configuration file ("*" and "?" wildcards can be used). E-mail messages
for the specified domains will be scanned.

Attention!
After installing the application from the rpm package, you must run the postin-

stall.pl script to perform post-installation configuration. The default location of
the postinstall.pl script is in the /opt/kaspersky/mailgw/lib/bin/setup/ directory (in
Linux) and in the
/usr/local/libexec/kaspersky/mailgw/setup directory (in FreeBSD).

CHAPTER 3. INSTALLING THE

APPLICATION

Before installing Kaspersky Mail Gateway, it is necessary to:

 Make sure that your system meets the hardware and software require-

ments (see section 1.3 on p. 12).

 Configure your Internet connection. The application distribution package

does not contain the anti-virus and anti-spam databases, which are re­quired to perform anti-virus protection and filter spam.

 Log on to the system as root, or as a privileged user.

3.1. Installing the application on a

server running Linux

For servers running the Linux operating system, Kaspersky Mail Gateway is dis­tributed in two different installation packages, depending on the type of your
Linux distribution.

To install the application under Linux Red Hat, Linux SUSE or Linux Mandriva,
use the rpm package.

To initiate installation of Kaspersky Mail Gateway from the rpm package, enter
the following at the command line:

# rpm -i <distribution_package_file_name>

In Linux Debian and Linux Ubuntu, the installation is performed from a deb pack­age.

To initiate installation of Kaspersky Mail Gateway from the deb package, enter
the following at the command line:

# dpkg -i <distribution_package_file_name>

26 Kaspersky® Mail Gateway 5.6

Attention!
The procedure of application setup under Mandriva distributions has some pe-

culiarities. You might have to perform some additional configuration to ensure
the correct functioning of the application on such systems (please see Chapter 9
on p. 103 for details).

Attention!
Installation errors can occur for a number of reasons. If an error message is

displayed, firstly make sure that your computer satisfies the hardware and
ware requirements (see section 1.3 on p. 12) and that you have logged on to the
system as root.

After you enter the command, the application will be installed automatically.

3.2. Installing the application on a

server running FreeBSD

The distribution file for installing Kaspersky Mail Gateway on servers running
FreeBSD OS is supplied as a pkg package.

To initiate installation of Kaspersky Mail Gateway from a pkg package, enter one
of the following at the command line:

# pkg_add <package_name>

After you enter the command, the application will be installed automatically.

3.3. Installation procedure

The application installer script applies these steps:

Step 1. Preparing the system

At this stage, the installation script creates the system group and user account
for the application. The default group is klusers and the default user account is
kluser. In future, the application will start under this user account (not root) to
provide additional security for your system.

Installing the application 27

Attention!
If you installed the application from an rpm package, you should run the postin-

stall.pl script (present by default in the /opt/kaspersky/mailgw/lib/bin/setup/ direc­tory in Linux and in /usr/local/libexec/kaspersky/mailgw/setup in FreeBSD) to
perform the next step, Post-installation tasks.

Step 2. Copying application files to destination directories

on your server

The installer starts copying the application files to the destination directories on

your server. For a detailed description of the application‟s directories, see section

B.1 on p. 149.

Step 3. Post-installation tasks

The post-installation configuration includes these steps:

 Configuring the main application component (see section 3.4 on p. 28).
 Installing and registering the product key.

If you do not have a product key at the time of installation (for example,
if you purchased the application via the Internet and have not yet re­ceived the license key), you can activate the application after installation
and before its first use: for details, see section 5.6 on p. 71. Please note
that if the key is not installed, the anti-virus and anti-spam databases
cannot be updated and the main application component cannot be
started during the installation process. In this case it must be done
manually, after the license key is installed.

 Configuring the keepup2date component.
 Installation (updating) of the anti-virus and anti-spam databases.

You must install the anti-virus and anti-spam databases before using
the application (see section 5.6 on p. 71). The procedure of detecting
and disinfecting viruses relies on the anti-virus database which contains
the descriptions of all currently known viruses, and the methods of disin­fecting these viruses. Anti-virus scanning and processing of e-mail
messages cannot be performed without the anti-virus database. The
anti-spam database is used for spam detection, which analyzes the
contents of messages and attached files to identify the signs of unsolic­ited e-mail.

 Installing the Webmin module.

The Webmin module for remote management of the application can be
installed correctly only if the Webmin application is located in the default

28 Kaspersky® Mail Gateway 5.6

Attention!
If after installation, Kaspersky Mail Gateway has not started working as required,

check the configuration settings. Pay special attention to the port number you
specified for receiving e-mail traffic. You should also view the application log file
for error messages.

Attention!
If you are using the rpm installation package, enter the following command to

start post-installation configuration (in Linux):

# /opt/kaspersky/mailgw/lib/bin/setup/postinstall.pl

In FreeBSD:

# /usr/local/libexec/kaspersky/mailgw/setup/postinstall.pl

directory. After the module is installed, you will receive detailed instruc­tions on how to configure it to work with the application.

 Launching the main application component.

After these steps are properly completed, a message on the server console will
indicate that installation has been successful.

3.4. Configuring the application

Immediately after the application‟s files have been copied to your server, the
system configuration process will start. The configuration process will either be
started automatically or, if the package manager (such as rpm) does not allow
the use of interactive scripts, some additional actions will have to be performed
by the administrator. All settings are stored in the mailgw.conf file which is in­stalled by default in the /etc/opt/kaspersky/ directory in Linux, and in the
/usr/local/etc/kaspersky/ directory in FreeBSD.

The configuration procedure includes the following tasks:

 Specifying (by the administrator) the full domain name of the server that

will be used to identify the application in SMTP commands when creat­ing the DSN and notifications: this is the Hostname parameter in the
[mailgw.network] section of the mailgw.conf configuration file.

 Assigning addresses to be used by the application:

 Assign the Postmaster address ([mailgw.network] section,

Postmaster parameter).

Installing the application 29

 Assign the sender‟s return address for notifications

([mailgw.policy] section, NotifyFromAddress parameter).

 Define the administrator‟s address ([mailgw.policy] section, Ad-

minNotifyAddress parameter).

 Allow incoming e-mail to the specified domain ([mailgw.access]

section, RelayRule parameter).

 Defining the interface and port on which to listen for incoming e-mail

traffic ([mailgw.network] section, ListenOn parameter). The port name
and the IP address should be entered in the format <x.x.x.x:z>,

where:

x.x.x.x is the IP address, and
z is the port number.

 Specifying local network identifiers. This value is used to assign rules

for message delivery and processing ([mailgw.access] section, Re-
layRule parameter), for example, rules specific to your organization
concerning e-mail processing, or blocking e-mail messages from certain
domains. Specify the values using the following formats: <x.x.x.x> or
<x.x.x.x/y.y.y.y>, or <x.x.x.x/y>,

where:

x.x.x.x is the IP address, and
y.y.y.y or y is the subnet mask.

 Specifying (when necessary) the server to which all processed mes-

sages will be forwarded ([mailgw.forward] section, the ForwardRoute
parameter). Type the host name in the format: <x.x.x.x:z>,

where:

x.x.x.x is the IP address, and
z is the port number.

 Specifying the proxy server name ([updater.options] section,

ProxyAddress parameter). This option is necessary for computers

connected to the Internet via a proxy server.

 Confirmation of UDS installation and use.

UDS service allows blocking spam in a timely manner before updates to
Kaspersky Mail Gateway databases are downloaded. You are advised
to disable UDS checks only if the method considerably decreases the
filtration server performance or if the server cannot contact the UDS

30 Kaspersky® Mail Gateway 5.6

Attention!
To increase UDS efficiency, specify regular launch of the task that

determines the time for access to UDS servers (see section 5.2.4 on
page 55).

Attention!
After the system is installed and configured, it is recommended that you check

the settings for Kaspersky Mail Gateway and test its performance. For more
details, see Chapter 7 on page 97.

servers of Kaspersky Lab. Please refer to section 4.3.4 on page 41 for
details on UDS service.

 Modifying the application configuration file to fine-tune the operation of

the AV and AS modules (optional).

If all the above steps have been successfully completed, the configuration file will
contain all settings that are required to start working with the application.

During Kaspersky Mail Gateway 5.6 installation you can choose to use saved
settings of previous product version 5.5.139 installed earlier. In that case you will
be offered to:

 Specify the path to the configuration file of an earlier version.
 Move or copy files from the queue, archives and Quarantine of the ear-

lier version to the corresponding directories of the new one.

 Use UDS because that feature was introduced in version 5.6 (see

above).

Application databases will be downloaded as well.
If the configuration file of an earlier version is not available or if you do not wish

to use it, post-install setup will consist of the steps described above.

3.5. Installing the Webmin module to

manage Kaspersky Mail
Gateway

The activity of Kaspersky Mail Gateway can be controlled remotely via a web
browser using Webmin.