APPENDIX D. THIRD PARTY SOFTWARE..................................................... 129
APPENDIX E. LICENSE AGREEMENT............................................................ 144
CHAPTER 1. KASPERSKY ANTI-
SPAM 3.0
Kaspersky® Anti-Spam3.0 (hereinafter also referred to as Kaspersky AntiSpam or the product) is a software suite filtering e-mail in order to protect mail
system users from unsolicited mass mail (spam).
Kaspersky Anti-Spam uses administrator-defined rules to process received
messages accordingly. Namely, it delivers a message without modifications,
blocks it, generates a notification informing that a message could not be
received, adds or modifies message header and performs other actions specified
by the administrator.
The application checks every e-mail message for the presence of signs typical
for unwanted mass mail (spam).
First, it checks various message parameters: the sender's and recipient's
addresses (envelope), message size and its various headers (including From
and To). In addition, Kaspersky Anti-Spam runs the following checks as a part of
its analysis procedure:
• a check of message sender's address (e-mail and / or IP address) using
black and white lists;
• the presence of the sender's IP address in a DNS-based real time black
hole list (DNSBL);
DNSBL (DNS based black hole list) is a database that lists IP
addresses of mail servers used for uncontrolled mass mailing.
Such servers receive mail from anyone and deliver it further to
arbitrary recipients. Using of DNSBL will allow automatic
blocking of mail receipt from that mail server. Various services
use different policies for generation of such lists. Please
examine carefully the policy of each service before you start
using it for mail filtration.
• availability of a DNS record for the sending server (reverse DNS lookup);
• a check of the sender's IP address for compliance with the list of
addresses allowed for a domain based on the Sender Policy Framework
(SPF);
• a check of addresses and links to sites in message text using the Spam
URL Realtime Blocklists (SURBL) service.
Kaspersky Anti-Spam 3.0 7
Second, the application employs content filtration, i.e. it analyzes the actual
message contents (including the Subject header) and attached files
1
. The
product uses to that effect linguistic algorithms based on comparison with sample
messages and search for typical terms (words and word combinations).
Kaspersky Anti-Spam also scans attached images comparing them to the
signatures of known spam messages. Comparison results are also taken into
account when the application decides whether a message should be identified as
spam.
Messages with certain signs of unsolicited mail will be processed in accordance
with the defined filtration policy (see section 2.3 on page 19).
The administrator can configure the applicable filtration policy using the Control
Center interface (see section 2.6 on page 21).
1.1.What's new in version 3.0
Kaspersky Anti-Spam 3.0 preserves all advantages of the previous version
featuring also a number of improvements and additions:
1. New version of the Spamtest filtering engine.
The new filtering engine included into Kaspersky
Anti-Spam 3.0 offers the following benefits:
• Higher performance and stability.
• Low RAM requirements.
• Low volume of web traffic (updates to the content filtration
databases).
2. Improved filtration methods.
Practically all the spam detection methods employed in earlier versions
have been enhanced, including:
• Improved algorithms used for parsing of HTML objects in mail
messages (increasing the efficiency of detecting various
spammer tricks meant to circumvent filtration systems).
• Extended and improved subsystem that analyzes the headers
of mail messages.
The application scans attachments in plain text, HTML, Microsoft Word, and RTF formats
(see section 2.2.2 on page 16 for details).
8 Kaspersky Anti-Spam 3.0
• Added support for the use of Sender Policy Framework (SPF)
and Spam URL Realtime Blocklists (SURBL) services.
• Included internal Urgent Detection System (UDS), which allows
the user to receive information about certain types of spam in
real time.
3. An absolutely new user interface.
Kaspersky Anti-Spam 3.0 uses Control Center, which allows you to
perform the following operations:
• Configure the product: filtering rules, actions over messages,
performance parameters, etc.
• Manage the licenses to use the product: install license keys,
view the information about the current license.
•Monitor product activity and view statistical data.
4. Convenient configuration of filtration-related settings.
Version 3.0 of the application uses the intuitively understandable Control
Center interface to customize the filtration policies. Its benefits include:
• Easy administration: convenient interface offers the minimum
toolset necessary for system administration while providing a lot
of ways to customize the system for a specific environment.
• Individual settings for user groups: certain scanning methods
can be enabled/disabled individually for every group; you can
also define the actions to be performed over e-mail messages.
5. Enhanced tools for integration of the product and customization of its
infrastructure:
• Redesigned and improved modules for interaction with such email servers as Sendmail and Communigate Pro.
•A new system has been designed for the delivery of updates to
the content filtration databases.
• All settings are combined into a single configuration file making
it easier to configure and administer the system.
1.2.Licensing policy
The licensing policy for Kaspersky Anti-Spam 3.0 implies a system of product
use limitations based on the following criteria:
• Mail traffic volume.
Kaspersky Anti-Spam 3.0 9
• The number of protected mail accounts.
• The number of mail systems users.
The said limitations will only apply to the messages addressed to the senders
within protected domains. The list of protected domains receiving the traffic that
the product will filter can be customized in the Control Center (see section 4.3.4
on page 44). E-mail sent to recipients in domains that are not included into the
list will not be filtered.
Please specify the list of protected domains before you start using
Kaspersky Anti-Spam.
1.3. Hardware and software
requirements
Minimum system requirements for normal operation of Kaspersky Anti-Spam are
as follows:
• Intel Pentium III 500 MHz processor or higher.
• At least 512 МB of available RAM.
• One of the following operating systems:
• RedHat Linux 9.0.
• Fedora Core 3.
• RedHat Enterprise Linux Advanced Server 3.
• SuSe Linux Enterprise Server 9.0.
• SuSe Linux Professional 9.2.
• Mandrake Linux version 10.1.
• Debian GNU/Linux 3.1.
• FreeBSD 4.10.
• FreeBSD 5.4.
• One of the following mail servers:
• Sendmail 8.13.5 with Milter API support.
• Postfix 2.2.2.
• Qmail 1.03.
• Exim 4.50.
• Communigate Pro 4.3.7.
10 Kaspersky Anti-Spam 3.0
• Installed bzip2 and which utilities.
• Perl interpreter.
1.4.Distribution kit
You can purchase Kaspersky Anti-Spam either from our dealers (retail box) or
online (for example, you may visit http://www.kaspersky.com, and go to E-Store
section).
The contents of the retail box package include:
• Sealed envelope with an installation CD, or set of floppy disks, containing
the application files.
• Administrator's Guide.
• License key written on a special floppy disk.
• License Agreement.
Before you open the envelope with the CD (or a set of floppy disks)
make sure that you have carefully read the license agreement.
If you buy Kaspersky Anti-Spam online, you will download the application from
the Kaspersky Lab website. In this case, the distribution kit will include this
User's Guide along with the application. The license key will be emailed to you
upon the receipt of your payment.
The License Agreement is a legal contract between you and Kaspersky Lab that
describes the terms and conditions under which you may use the product that
you have purchased.
Please read the License Agreement carefully!
If you do not agree with the terms and conditions of the License Agreement,
return the retail box to the Kaspersky Anti-Spam dealer you purchased it from
and the money you paid for the product will be refunded to you on the condition
that the envelope with the installation CD (or set of floppy disks) is still sealed.
By opening the sealed envelope with the installation CD (or set of floppy disks),
you confirm that you agree with all the terms and conditions of the License
Agreement.
1.5.Help desk for registered users
Kaspersky Lab offers all registered users an extensive service package enabling
them to use Kaspersky Anti-Spam more efficiently.
Kaspersky Anti-Spam 3.0 11
After purchasing a license you become a registered user and during the license
period you can enjoy the following services:
• application module and anti-virus database updates;
• support on issues related to the installation, configuration and use of the
application. Services will be provided by phone or via email;
• information about new Kaspersky Lab products. You can also subscribe
to the Kaspersky Lab newsletter, which provides information about new
computer viruses as they appear.
Kaspersky Lab does not provide support on issues related to the
performance and the use of operating systems or other technologies.
1.6.Conventions
In this book we use various conventions to emphasize different meaningful parts
of the documentation. The table below lists the conventions used in this
document.
Convention Meaning
Bold font
Step 1.
…
Note
Attention
To run a program:
Task:
Solution
Menu titles, commands, window titles,
dialog elements, etc.
Additional information, notes.
Critical information.
Actions that must be taken to run a
program.
Task statement as an example of
parameter definitions, functions, etc.
Solution to the task formulated.
CHAPTER 2. ARCHITECTURE OF
KASPERSKY ANTI-SPAM
AND PRINCIPLES OF SPAM
FILTERING
This section contains descriptions of the main product components and the
principles of filtering as well as the Control Center, the main tool for Kaspersky
Anti-Spam administration and configuration.
2.1.Product structure
Kaspersky Anti-Spam 3.0 is a spam recognition and filtering system functioning
as an integral part of an appropriate mail server. Kaspersky Anti-Spam 3.0 is not
a full-featured mail server able to receive mail, relay it or deliver e-mail to the
mailboxes of end recipients. The architecture of Kaspersky Anti-Spam is shown
in Fig. 1.
Kaspersky Anti-Spam consists of the following components:
• Client plug-in modules intended for product integration with mail server.
• Anti-Spam Engine – the filtration server component that analyzes e-mail
messages rating and processing them. Filtration server includes a
number of auxiliary modules, which provide for its functioning and
integration with mail servers:
• Filtration module – the module filtering spam.
• Licensing module – the module that manages product licenses
and the list of protected domains.
• Content filtration databases – a corpus of data that the filtration
server uses to rate messages; updates to the content filtration
databases are published on the servers of Kaspersky Lab every
20 minutes.
• Updater module for the content filtration databases – a system
that provides for automatic downloading of new content filtration
databases from updating servers and their installation for further
use by the anti-spam engine.
Architecture of Kaspersky Anti-Spam and principles of spam filtering 13
Figure 1. The architecture of Kaspersky Anti-Spam
• Control Center – web-based interface that administrators can
use to configure the product, analyze its status and
functionality.
• Monitoring system – a system that tracks the status of
Kaspersky Anti-Spam and its individual components and
notifies system administrator about various problems in product
operation.
Client plug-in modules are designed for Kaspersky Anti-Spam integration with
various mail servers. Every client plug-in takes into account the peculiarities of a
specific mail server and the selected integration method.
14 Kaspersky Anti-Spam 3.0
The distribution package of Kaspersky Anti-Spam includes client plug-ins for
Sendmail, Postfix, Exim, Qmail and Communigate Pro.
As a rule, a client plug-in must be installed as a filter providing for receipt of
messages to be analyzed from the mail server and for the subsequent return of
modified e-mail.
Client plug-in modules are started by their respective mail servers. The sole
exception is Sendmail, which does not launch a client plug-in. Mail server can
start several client plug-ins for parallel processing of several letters. Please refer
to Appendix A.2 on page 84 for details on client plug-in modules and the
methods of their integration.
Irrespectively of the individual peculiarities of client modules, each module
interacts with the filtration server via a network or a local socket using internal
data exchange protocol.
Anti-Spam Engine responds to the requests of clients accessing it, receives
from them messages for analysis and returns the results.
The standard installation procedure assumes that the mail server with an
integrated client plug-in and the filtration server are installed on the same
computer.
However, the anti-spam engine of Kaspersky Anti-Spam can also be installed to
a separate server. In that case client modules running on another computer
(server) will exchange data with the filtration server through local network using
TCP.
Anti-Spam Engine running on a dedicated computer can serve several mail
servers at once provided that the performance of the computer it uses is
sufficient to process all that e-mail traffic.
Anti-Spam Engine consists of the following components:
• filtration module that performs message analysis
• licensing module, which checks the availability of a valid license key file
and compliance with the limitations specified in the purchased license
• daemon processing SPF requests
• script, which performs automatic downloads of content filtration databases
and compiles them
• Control Center
• Auxiliary programs and scripts.
Filtration master process (ap-process-server) is the main component of the
filtering module; it performs the following tasks:
• monitoring of requests from client modules for connection to the filtering
process
Architecture of Kaspersky Anti-Spam and principles of spam filtering 15
• initiation of new filtering processes when there are no available processes
left
• monitoring the status of running processes
• termination of child processes upon an appropriate signal (e.g., SIGHUP).
If traffic volume is considerable, the number of running filtration processes can
reach several dozens. When the mail server load becomes lower, idle filtering
processes will terminate. Maximum and minimum number of running filtration
processes are defined by the anti-spam engine settings (see Appendix A.3.1 on
page 101).
When the filtering process (ap-mailfilter) starts, it loads the existing filtration
policies and the content filtration databases. As soon as a connection to a client
module is established, the filtering process receives from the module message
headers and body, performs their analysis and returns the results to client
module.
If message sender has to be checked for compliance with the SPF policy, the
filtering process transmits a request to the SPF daemon (ap-spfd), which sends
necessary queries to a DNS server and returns the results to the filtering
process.
The application analyzes messages and applies to them rules defined in the
filtration policies only if there is a valid license key available.
All licensing checks are performed by the licensing module (kas-license) upon a
request from a filtration process.
Having finished processing a message, the filtering process does not terminate.
Instead, it keeps waiting for a new request. A filtering process terminates after it
processes the maximum number of messages specified for a single process (as
a rule, 300) or remains idle for a long time.
The script for automated downloading of updates (sfupdates) runs according
to its schedule (using the cron service) and provides for downloads of the latest
version of the content filtration databases from the update servers, it also builds
the current database version and installs it for further use by the filtration server.
Control Center is a web-based interface, which allows the administrator to
configure the product and spam filtration policies.
Monitoring system controls the status of Kaspersky Anti-Spam components
and notifies system administrator about problems occurring in the operation of
the filtration server and other product components.
Kaspersky Anti-Spam 3.0 processes e-mail traffic using the following algorithm:
1. Client plug-in module integrates with an installed mail server.
2. Mail server transfers to the client module messages for analysis by the
filtration server.
16 Kaspersky Anti-Spam 3.0
3. Filtration server checks messages scanning them for signs of spam
and, depending upon the result, modifies them in accordance with the
existing rules.
4. Client plug-in module returns processed messages to the mail server for
delivery.
2.2.Recognition technology
Kaspersky Anti-Spam offers powerful tools for spam detection in e-mail traffic.
This section contains a brief overview of spam recognition technologies
implemented in the product.
2.2.1.Analysis of formal signs
The method uses a set of rules based on examination of certain message
headers and their comparison with sets of headers typical of spam messages. In
addition to header analysis, the application takes into account message
structure, size, presence of attachments and other similar signs.
The method also provides for analysis of data transmitted by the sender during
an SMTP session. In particular, the following information is estimated:
• IP address of the server that has sent the message, and whether it is
included into white or black lists of recipients
• IP addresses of intermediate relay servers obtained from the Received
headers
• e-mail address of message sender and recipients transmitted in SMTP
session commands
• presence of the sender's and recipients' addresses in white or black lists
• conformity of the addresses transmitted during SMTP session to the set
of addresses specified in message headers and a number of other
checks.
2.2.2.Content filtration
Message analysis employs the algorithms of content filtering: the application
uses artificial intelligence technologies to analyze the actual message content
(including the Subject header), and its attachments (attached files) in the
following formats:
• plain text (ASCII, non-multibyte)
Architecture of Kaspersky Anti-Spam and principles of spam filtering 17
• HTML (2.0, 3.0, 3.2, 4.0, XHTML 1.0)
• Microsoft Word (versions 6.0, 95/97/2000/XP)
• RTF.
The purpose of spam filtering is to decrease the volume of unwanted
messages in the mailboxes of your users. It is impossible to guarantee
detection of all spam messages because too strict criteria would
inevitably cause filtering of some normal messages as well.
The application uses three main methods to detect messages with suspicious
content:
•Text comparison with semantic samples of various categories (based
on the search for key terms (words and word combinations) in message
body and their subsequent probabilistic analysis). The method provides
for heuristic search for typical phrases and expressions in text.
• Fuzzy comparison of a message being examined with a collection of
sample messages based on comparison of their signatures. The method
helps detect modified spam messages.
•Analysis of attached images.
All the data employed by Kaspersky Anti-Spam for content filtering: classification index (a hierarchical list of categories), typical terms, etc. are stored in its content
filtration databases.
The group of spam analysts at Kaspersky Lab works nonstop to
supplement and improve the content filtration databases. Therefore,
you are advised to update the databases regularly (see section 4.4 on
page 52).
You can also send to Kaspersky Lab samples of spam messages,
which Kaspersky Anti-Spam has failed to recognize as well as the
samples of messages erroneously classified as spam. The data will
help us improve the content filtration databases and react in a timely
manner to new types of spam. Please refer to Appendix B for details
on forwarding sample messages.
2.2.3.Checks using external services
In addition to the analysis of message text and headers, Kaspersky Anti-Spam
allows a number of the following checks involving external network services:
18 Kaspersky Anti-Spam 3.0
• availability of a DNS record for message sender's IP (reverse DNS
lookup);
• the presence of the sender's IP address in a DNS-based real time black
hole list or lists (DNSBL);
• a check of the sender's address for compliance with SPF (Sender Policy
Framework) policy for the domain containing the server used to send the
message;
• a check of addresses and links to sites in message text for the presence
in the Spam URL Realtime Blocklists database – www.surbl.org.
• recognition of e-mail messages using the UDS (Urgent Detection System)
technology.
All the checks listed above, except for UDS, are based on the use of the DNS
protocol and as a rule they require no additional network configuration.
2.2.4.Urgent Detection System
Urgent Detection System is an original technology of spam detection developed
and supported by Kaspersky Lab. It is based on the following principles:
1. A message being analyzed is used to select a collection of properties,
which can be used to identify the message. The set of properties may
include header information, text fragments and other information about
the message being processed.
2. Filtration server uses the properties thus collected to generate a small
UDS request and sends it to one of UDS servers of Kaspersky Lab.
Since the product does not transmit to external servers any
data that could allow viewing the recipients or the text of the
processed mail, the use of this method does not pose any risk
to the safety or confidentiality of your information.
3. The UDS server checks the received request against a database of
known spam. If the request matches a known spam sample, a message
will be sent to the filtration server informing that the e-mail is very likely
to be spam. The information will be taken into account during
assignment of a certain status to e-mail.
The UDS technology allows filtering of known spam before
updates to the content filtration databases become available.
Architecture of Kaspersky Anti-Spam and principles of spam filtering 19
A filtration server interacts with UDS servers of Kaspersky Lab via UDP using
port 7060 for communication. In order to use UDS, a filtration server must be
able to establish outgoing connections through that port.
Information about available UDS servers is added to the content filtration
databases. The choice of an individual UDS to be used for message analysis is
performed automatically on the basis of the response time of accessible UDS
servers.
2.3. Recognition results and actions
over messages
The analysis procedure results in assignment of one of the following statuses to
a message:
• Spam – message recognized as spam with a high degree of reliability.
• Probable Spam – message contains some spam signs; however, it
cannot be unambiguously identified as spam.
•Formal – message is formal. E.g., it is a mail server notification informing
about mail delivery or inability to deliver it or about message infection with
a virus. The category includes messages sent automatically by mail
clients. Such messages are usually not considered to be spam.
•Trusted – message received from trusted sources, for example, from
internal mail servers. The administrator must create a list of trusted
sources (a white list of senders). Trusted status is also assigned to
messages addressed to users whose mail the product does not scan in
accordance with the corresponding group policy settings.
•Blacklisted – message received from an address present in a black list.
The administrator must create the black list.
•Not detected – a message that has not been recognized as spam.
Each e-mail message can be assigned just one of the above statuses. The
application records the status assigned to a message after analysis to a special
X-Spamtest-Status-Extended header. Please refer to section A.5 on page 112
for details about the headers added to mail messages after filtering.
After recognition, the application may perform one of the following actions over a
message:
• accept the message
• relay the message or a copy thereof to another address
• add a text mark in the message subject field
20 Kaspersky Anti-Spam 3.0
• append a special header to the message
• delete message
• reject message.
System administrator can define which of the listed actions will be performed
over messages with a specific status.
Preservation of all useful mail must be the top priority for the system
administrator because the loss of a single important message may
cause more trouble for the end user than receipt of a dozen of spam
messages. To avoid the loss of necessary mail, you are advised to use
only non-destructive actions with mail identified after content analysis
as spam or probable spam. E.g., append to the Subject header labels,
such as [!! SPAM].
2.4.Content filtration databases
The application recognizes spam messages using the records of its regularly
updated content filtration databases. These databases contain the sets of rules,
terms and message signatures used in the process of filtering.
Content filtration databases can be downloaded from the updating servers of
Kaspersky Lab using the updater module. During the procedure, the system
reduces the volume of downloaded data loading only those files, which have
changed.
Since new samples of spam messages appear every day, normal product
functioning requires regular updates to its content filtration databases.
Recommended updating frequency: every twenty minutes.
Be sure to update the content filtration databases immediately after
product setup on your computer!
2.5.Filtration policies
Kaspersky Anti-Spam employs filtration policies to determine the methods
applicable for spam recognition, the actions to be performed over messages and
the black and white lists of senders.
The product uses a double-layered system of filtration policies, which consists of
a default general filtration policy and group filtration policies. The default filtration
policy contains settings common for all groups: methods applicable for spam
recognition, and the black and white lists of senders. Group policies, in addition
to the mentioned settings, also define the actions performed over messages
depending upon their status.
Architecture of Kaspersky Anti-Spam and principles of spam filtering 21
Before configuring group policies, the administrator must create groups
described by the lists of addresses of message recipients.
The product applies its policies in accordance with the following rule: general
filtration policy defines the default settings for all groups while group settings may
either inherit those values or redefine them. Thus, for instance, the product may
employ more sophisticated methods of spam recognition and stricter actions can
be specified for a group of users that requires more thorough filtration of
messages.
The combination of recognition settings is closely connected with the properties
of the content filtration databases; it can be extended and modified as new types
of spam and rules of their recognition appear. Together with the updates to the
content filtration databases, the appropriate settings will be added to the
interface provided by the Kaspersky Anti-Spam Control Center.
2.6.Control Center
Control Center is a web-based application, which allows the administrator to
configure Kaspersky Anti-Spam and control its activity.
Control Center allows performance of the following tasks:
• Monitoring of the current status of the product and its individual
components.
• Installation of license keys and management of the protected domains list.
• Output and export of statistics on processed messages.
• Managing the default and group policies of spam filtering.
• Configuring the filtration server and other product components.
2.7.Monitoring
Kaspersky Anti-Spam includes a monitoring module for control of the filtration
server status.
System status information appears in the Monitoring tab of the Control Center.
22 Kaspersky Anti-Spam 3.0
Figure 2. The Monitoring tab of the Control Center
The section contains parameters tracked by the monitoring system and the
messages from product modules, which you can use to analyze the current
status of Kaspersky Anti-Spam components.
The monitoring system also generates notifications and reports while running.
The monitoring script starts regularly and sends to system administrator a
message informing about detected problems whenever it finds any issues. The
messages are sent once at the moment of problem detection thus ensuring
timely notification about situations, which require administrator's intervention.
Later, if a problem is not resolved, the monitoring will keep sending daily reports
with a summary of all detected pending issues.
The e-mail address where the monitoring system will send its notifications has to
be specified in the Control Center.
CHAPTER 3. INSTALLING
KASPERSKY ANTI-SPAM
This section contains information about the procedure of program installation,
integration of client plug-in modules with the host mail server and configuring
access to the Control Center, the main product management tool.
3.1.Preparing for installation
Before you proceed with Kaspersky Anti-Spam installation, it is necessary to:
• Make sure that your system meets the hardware and software
requirements for Kaspersky Anti-Spam (see section 1.3 on page 9).
• Make sure that you have a license key for Kaspersky Anti-Spam 3.0.
• Ensure that bzip2, perl, and which programs are installed.
• Make sure that the mail server installed in your system functions properly.
• Make backup copies of the mail server configuration file.
• Log on to the system as root.
You are advised to install the product during a period when the mail
server load is lowest.
Kaspersky Anti-Spam installation consists of five steps:
1. Installation of Kaspersky Anti-Spam distribution package.
2. License key installation.
3. Integration of the client plug-in modules with the mail server.
4. Configuration of a HTTP server for access to the Control Center.
5. Configuration of content filtration databases update and UDS service
use.
The sections further contain detailed descriptions of these steps.
24 Kaspersky Anti-Spam 3.0
3.2. Installing Kaspersky Anti-Spam
distribution package
Kaspersky Anti-Spam 3.0 is distributed in several installation packages:
• .rpm package for most versions of the Linux operating system (RedHat,
SuSe, Mandrake, Fedora, etc.)
• .deb package for Debian Linux distribution
• .tgz package for the FreeBSD 4.10 operating system.
• .tbz package for the FreeBSD 5.4 operating system.
The choice of a specific installation package depends upon the operating system
installed on your computer:
To initiate installation of Kaspersky Anti-Spam from the .rpm package, enter the
following in the command line:
# rpm –i kas-3-<package version>.i386.rpm
To initiate installation of Kaspersky Anti-Spam from the .deb package, enter the
following in the command line:
# dpkg –i
To initiate installation of Kaspersky Anti-Spam from the .tgz package, enter the
following in the command line:
# pkg_add
To initiate installation of Kaspersky Anti-Spam from the .tbz package, enter the
following in the command line:
# pkg_add kas-3-<package version>.tbz
The installer performs the following actions during the procedure:
• Creation of the mailflt3 user account and group with appropriate
privileges that will be used to run Kaspersky Anti-Spam.
• Installation of all programs included into the Kaspersky Anti-Spam suite to
the /usr/local/ap-mailfilter3 directory.
• Creation and installation of a script, which will perform automatic launch
of the filtration master process (ap-process-server), SPF daemon (ap-spfd), licensing module (kas-license) and HTTP server (kas-thttpd) at the
operating system start-up.
• Launch of necessary programs and services
kas-3-<package version>.i386.deb
kas-3-<package version>.tgz
Installing Kaspersky Anti-Spam 25
• Creation of a сron task for the mailflt3 account to run automatically the
script downloading updates to the content filtration databases and the
script monitoring the filtration server activity.
Having completed the filtration server setup, install the license key and integrate
the host mail server with Kaspersky Anti-Spam.
3.3. Configuring access to the
Control Center
Upon completion of product setup, the installer runs the kas-thttpd service, which
provides local access to the Control Center. The following settings are used by
default:
• Address: http://127.0.0.1:3080/
• User name: admin
• Password: admin
Be sure to change the user name and password for access to the
Control Center after Kaspersky Anti-Spam installation. Use of default
values may pose a threat to the security of your system.
You are also advised to change the port used to connect to the Control
Center.
User name and password are preserved in the .htpasswd file of the /usr/local/ap-mailfilter3/control/www/ Control Center directory for CGI scripts.
You can create a new user or change an existing password using the kas-htpasswd utility included into Kaspersky Anti-Spam. At the utility start, you should
specify the path to the file containing passwords and the name of the user being
created or an existing user whose password must be modified:
Password changes become effective immediately after modification of the
.htpasswd file.
26 Kaspersky Anti-Spam 3.0
Passwords for access to the Control Center are stored in the .htpasswd
file in an encrypted form.
The interface and port number to be used for connection to the Control Center
are specified in the /usr/local/ap-mailfilter3/etc/kas-thttpd.conf file using the host
and port parameters respectively. E.g., the following values:
host=0.0.0.0
port=3080
mean that the Control Center will listen on port 3080 of all server interfaces
expecting incoming connections. By default, the Control Center can only be
accessed from the server where Kaspersky Anti-Spam is installed (the host
parameter is set to 127.0.0.1).
After modification of port number, reload the Control Center configuration. In
Linux distributions, run the following command:
# /etc/init.d/kas3-control-center restart
In FreeBSD distributions, run the following command:
Your license key corresponding to the purchased license is bundled with the
distribution package of Kaspersky Anti-Spam.
If for some reason you have no license key, contact the Technical
Support service of Kaspersky Lab (see section Services/Technical Support of Kaspersky Lab website).
In order to install a new license key using the Control Center, perform
the following steps:
1. Use your web browser to connect to the Control Center by entering
http://localhost:3080/ in its address line. Enter admin as the user
name for connection, and admin as the password.
2. Open the license keys management page at
License → License Keys.
3. Use the field in the lower part of the page under the Install a New License Key section to specify the path to a license key file or
press the Choose button to select the necessary file.
4. Press the Apply button.
Installing Kaspersky Anti-Spam 27
In order to install a new license key locally using the command line, run
the following command:
# /usr/local/ap-mailfilter3/bin/install-key <key>
where key stands for a path to the file containing the license key.
If a license key has not been installed or the installed key is invalid, Kaspersky
Anti-Spam will not filter mail. Mail server performance will not be affected; its email traffic will just be transferred without analysis.
Please keep in mind that the product will only filter mail for those recipients,
whose accounts are added into the list of protected domains.
Before you start using Kaspersky Anti-Spam, be sure to create the list
of protected domains.
Please refer to section 4.3.4 on page 44 for details.
3.5. Integrating Kaspersky
Anti-Spam with your mail server
Kaspersky Anti-Spam integration with the host mail server is accomplished
through installation of a client plug-in module and addition of necessary changes
to the configuration files.
These actions are carried out automatically by the universal configuration script.
If integration using the universal script is impossible (e.g., when the mail server
has a non-standard configuration) you can use to that effect configuration scripts
of that specific e-mail server.
Please refer to the Appendix A.2 on page 84 for details about applicable
methods for integration of client plug-in modules into each of the supported mail
servers and about the changes introduced into their configuration files.
In order to integrate Kaspersky Anti-Spam with the mail server installed
on your server, run the universal configuration script:
# /usr/local/ap-mailfilter3/bin/MTA-config.pl
The script will identify the type of the mail server and add necessary changes to
its configuration files.
However, if your mail server is installed in a non-standard location or uses a
configuration different from the default, the MTA-config.pl script may fail to find its
configuration files. In such case, use the individual configuration script for your
specific mail server:
• To integrate Kaspersky Anti-Spam with Sendmail, run the following
where path stands for the path to the Exim configuration file.
Integration of Kaspersky Anti-Spam with Exim mail server has a
few peculiarities in Debian Linux distribution. For correct
integration, use the /usr/local/ap-mailfilter3/bin/config-exim-debian.pl script. Please refer to section A.2.4.2 on page 92 for
details.
• To integrate Kaspersky Anti-Spam with Qmail, run the following command
where path stands for the path to the Qmail configuration file.
Correct integration with Qmail by running the config-qmail.pl
script is possible only if Qmail uses the qmailq account and the
qmail group (used by default).
Kaspersky Anti-Spam integration with Exim (using the kas-exim client plug-in
module) and with Communigate Pro has to be performed by the administrator
manually.
Detailed descriptions of peculiarities for each of the client modules and available
integration methods can be found in section A.2 on page 84.
Please refer to Chapter 5 on page 77 for details on rolling back the integration
and restoring the original mail server settings.
Installing Kaspersky Anti-Spam 29
3.6. Configuring updates of content
filtration databases and UDS
use
By default after installation of Kaspersky Anti-Spam updates to the content
filtration databases and UDS are disabled. In order to allow updating of the
databases and activate UDS, run the enable-updates.sh script:
# /usr/local/ap-mailfilter3/bin/enable-updates.sh
Restarting as mailflt3
Enabling UDS...
uds-rtts finished successfully
Enabling automatic updates...
Install crontab for user mailflt3 - ok
===========================================================
You can adjust automatic updates settings via control
center.
===========================================================
Automatic updates and UDS are now enabled.
You can also use the Control Center interface to enable updates of the content
filtration databases (see section 4.4 on page 52) and activate the UDS service
(see section 4.5.4 on page 60).
CHAPTER 4. MANAGING THE
SPAM FILTRATION SERVER
You can use Kaspersky Anti-Spam to protect e-mail traffic from unwanted spam
mail. The system of protection is based on performance of tasks representing the
main features of the application. The tasks performed by Kaspersky
Anti-Spam can be subdivided into three main groups:
• Mail traffic protection against spam.
• Updates of the content filtration databases used for spam detection.
• Monitoring of the anti-spam engine activity.
Each group includes smaller tasks. In this chapter we shall describe in detail the
most typical of them. Administrators can then combine these tasks and enhance
them in accordance with the needs of their specific organizations.
This document describes configuration and task performance locally from the
command line as well as product management using the Control Center.
4.1. Starting and managing
Kaspersky Anti-Spam
components
The main components of the filtration server including the filtering master
process (ap-process-server), licensing module (kas-license) and the SPF
daemon (ap-spfd) are launched at the operating system start-up by a special
script, which is named and located differently in Linux and FreeBSD operating
systems. The Linux operating system uses the kas3 script located in the
/etc/init.d directory while the FreeBSD operating system employs the kas3.sh
script in the /usr/local/etc/rc.d directory.
The administrator can use the said scripts with the command line parameters
described below to start, stop or restart the main components of the filtration
server:
start – start the main components of the filtration server.
stop – stop operation of the main components of the filtration server.
restart – restart the main components of the filtration server; the action is
identical to running the stop and start actions one after another.
Loading...
+ 119 hidden pages
You need points to download manuals.
1 point = 1 manual.
You can buy points or you can get point for every manual you upload.