Kaspersky Lab KASPERSKY ANTI-VIRUS-SMTP-GATEWAY 5.0 ADMINISTRATOR GUIDE

KASPERSKY LAB
Kaspersky® SMTP-Gateway 5.0 for
Linux/Unix
ADMINISTRATOR’S GUIDE
KASPERSKY® SMTP-GATEWAY 5.0
FOR LINUX/UNIX
Administrator’s Guide
© Kaspersky Lab Ltd.
http://www.kaspersky.com
Revision date: August 2004
Contents
CHAPTER 1. KASPERSKY® SMTP-GATEWAY 5.0..................................................... 6
1.1. Licensing policy ..................................................................................................... 7
1.2. Hardware and software requirements .................................................................. 7
1.3. Distribution kit ........................................................................................................ 8
1.4. Help desk for registered users .............................................................................. 9
1.5. Conventions........................................................................................................... 9
CHAPTER 2. APPLICATION DEPLOYMENT SCENARIOS...................................... 11
2.1. Application architecture ....................................................................................... 11
2.2. How Kaspersky SMTP-Gateway works ............................................................. 12
2.3. Typical deployment scenarios............................................................................. 14
2.3.1. Installing the application at the network perimeter....................................... 15
2.3.2. Installing the application inside your mail system........................................ 17
CHAPTER 3. INSTALLING KASPERSKY ANTI-VIRUS SMTP-GATEWAY.............. 19
3.1. Installing Kaspersky SMTP-Gateway under Linux............................................. 19
3.2. Installing KAV SMTP-Gateway on a server running FreeBSD or OpenBSD ... 20
3.3. Installation steps .................................................................................................. 21
3.4. Configuring Kaspersky SMTP-Gateway............................................................. 22
CHAPTER 4. UNINSTALLING KASPERSKY SMTP-GATEWAY .............................. 25
CHAPTER 5. USING KASPERSKY SMTP-GATEWAY APPLICATION.................... 26
5.1. Updating anti-virus database .............................................................................. 26
5.1.1. Automatic anti-virus database updating....................................................... 28
5.1.2. Manual updating of the anti-virus database................................................. 28
5.1.3. Creating a shared directory for storing and sharing database updates...... 29
5.2. Anti-virus protection of email traffic..................................................................... 30
5.2.1. Creating groups of recipients/senders ......................................................... 30
5.2.2. General message processing algorithm ...................................................... 33
5.2.3. Main tasks..................................................................................................... 35
5.2.3.1. Deliver messages without changes ...................................................... 35
5.2.3.2. Deliver only clean and disinfected messages....................................... 36
4 Kaspersky
®
SMTP-Gateway 5.0
5.2.3.3. Delete infected attachments.................................................................. 37
5.2.3.4. Replace infected attachments with messages created using
templates................................................................................................. 38
5.2.4. Additional tasks............................................................................................. 38
5.2.4.1. Block messages delivery to recipients .................................................. 39
5.2.4.2. Deliver infected messages .................................................................... 40
5.2.4.3. Notify senders, administrator, and recipients........................................ 41
5.2.4.4. Filter messages by attachment types ................................................... 42
5.2.4.5. Backing up (quarantine, backup storage) ............................................. 43
5.2.4.6. Automatically add incoming and outgoing mail to archives.................. 44
5.3. Protection from hacker attacks and spam.......................................................... 45
5.4. Managing license keys........................................................................................ 46
5.4.1. Viewing information about license keys....................................................... 46
5.4.2. Renewing your license .................................................................................48
5.4.3. Removing a license key ............................................................................... 49
CHAPTER 6. ADVANCED SETTINGS ........................................................................ 50
6.1. Configuring anti-virus protection of mail traffic.................................................... 50
6.1.1. Scanning and disinfecting messages .......................................................... 50
6.1.2. iChecker technology ..................................................................................... 51
6.1.3. Setting up application timeouts .................................................................... 51
6.1.4. Setting performance restrictions .................................................................. 53
6.2. Setting up connection receiving interfaces ......................................................... 54
6.3. Setting up the routing table ................................................................................. 55
6.4. Managing the application .................................................................................... 56
6.5. Customizing date and time formats .................................................................... 58
6.6. Reporting options ................................................................................................ 58
CHAPTER 7. FREQUENTLY ASKED QUESTIONS................................................... 61
CHAPTER 8. TESTING APPLICATION OPERABILITY ............................................. 66
8.1. Testing the application using Telnet ................................................................... 66
8.2. Testing the application using EICAR ..................................................................68
APPENDIX A. SUPPLEMENTARY INFORMATION ABOUT THE PRODUCT......... 70
A.1. Location of the application files in directories..................................................... 70
A.2. Kaspersky SMTP-Gateway configuration file .................................................... 74
A.3. Control signals for the smtpgw component........................................................ 86
Contents 5
A.4. Management files................................................................................................ 86
A.5. Application statistics............................................................................................ 87
A.6. Command line options for the smtpgw component ........................................... 92
A.7. Smtpgw return codes.......................................................................................... 93
A.8. Command line options for licensemanager ....................................................... 94
A.9. Kaspersky licensemanager return codes........................................................... 95
A.10. Keepup2date command line options ............................................................... 95
A.11. Keepup2date return codes ............................................................................... 96
A.12. Anti-virus scan information format.................................................................... 97
A.13. Messages about actions applied to the message ........................................... 98
APPENDIX B. KASPERSKY LAB............................................................................... 101
B.1. Other Kaspersky Lab Products ........................................................................ 102
B.2. Contact Us......................................................................................................... 106
APPENDIX C. LICENSE AGREEMENT .................................................................... 107
CHAPTER 1. KASPERSKY
®
SMTP-GATEWAY 5.0
Kaspersky® SMTP-Gateway for Linux/Unix (hereinafter referred to as Kaspersky SMTP-Gateway or the application) is designed for processing and
scanning SMTP mail traffic for viruses. The application is a full-featured mail relay (compliant with IETF RFC internet standards) that runs under Linux, FreeBSD and OpenBSD operating systems.
Kaspersky SMTP-Gateway allows to perform the following functions:
Scan email traffic for viruses, including attached files and message bodies.
Detect infected, suspicious, corrupted, and password-protected at- tachments and message bodies.
Disinfect infected objects detected in email messages by scanning.
Provide additional email traffic filtering by names and MIME types of
attachments and apply certain processing rules to the filtered objects.
Maintain logs of all email messages sent and/or received by the appli­cation, if this is required by the internal security policy of the company;
Provide protection against hacking attacks, block unwanted email messages, provide the functions of an open mail relay of unsolicited email messages;
Limit the load on your server by configuring the application settings and SMTP parameters.
Notify senders, recipients, and the administrator of messages contain- ing infected, suspicious, or corrupted objects.
Automatically place infected, suspicious, and corrupted objects to the quarantine or to the backup storage .
Automatically update the anti-virus database from the Kaspersky Lab’s update servers.
The application detects and disinfects infected objects using the anti-virus database. During scans, the contents of each file are compared with the sample code of known viruses contained in the database.
Kaspersky® SMTP-Gateway 5.0 7
Remember that new viruses appear every day. To keep your network constantly protected from the latest threats, we recom­mend that you update your anti-virus database every 3 hours.
Configure and manage Kaspersky SMTP-Gateway either from a re- mote location using Webmin web interface, or locally, using standard OS tools such as command line options, signals, by creating special command files or by modifying the configuration file of the application.
Monitor the antivirus protection status and view the statistics and ap­plication logs.
1.1. Licensing policy
The licensing policy for Kaspersky SMTP-Gateway imposes limitations on the use of the product by the following criteria:
Number of users protected by the application
Email traffic (MB/day)
Each type of licensing is also limited by a certain period (typically one year or two years from the date of purchase).
You can purchase a license limited by one of the above criteria (for example, by the daily mail traffic).
The application has slightly different configuration parameters, depending on the type of license you have purchased. Thus, if the license is issued for a certain number of users, you will have to create a list of addresses (domains) that will be protected by Kaspersky SMTP-Gateway. If the license allows protection of the limited amount of email traffic, the application can be configured to notify the administrator when the traffic volume reaches critical values and hence the license is about to expire.
1.2. Hardware and software requirements
Minimum system requirements for normal operation of Kaspersky SMTP­Gateway are as follows:
Hardware requirements:
Intel Pentium® processor (Pentium III or Pentium 4 recom-
mended)
8 Kaspersky
at least 128 МB RAM
100 MB available space on your hard drive to install the appli-
cation
Note that the backup storage, quarantine, and logs of incoming and outgoing mail are not included in the hard disk space re­quired. If your network security policy requires the use of the above features, extra disk space will be needed.
at least 500 MB available space in the /tmp file system
Software requirements:
One of the following operating systems:
o Linux RedHat (version 7.3, 8.0 or 9.0), Linux SuSE (version
8.1, 8.2 or 9.0), or Linux Debian (version 3.0)
o FreeBSD versions 4.9 or 5.2.1
o OpenBSD version 3.4
Perl interpreter, version 5.0 or higher (www.perl.org the application.
Webmin version 1.070 or higher (www.webmin.com the remote administration module (optional).
®
SMTP-Gateway 5.0
) to install
) to install
1.3. Distribution kit
You can purchase Kaspersky SMTP-Gateway either from our dealers (retail box) or online at one of our online stores (for example, www.kaspersky.com follow the E-store link).
The retail box includes:
a sealed envelope containing the installation CD
a copy of this User Guide
a license key file on the installation CD
a license agreement
Before you unseal the envelope containing the CD, make sure you have carefully read the license agreement.
If you buy the product online, you will download the installation file from the Kaspersky Lab website. This installation file also includes this User Guide. The
Kaspersky® SMTP-Gateway 5.0 9
license key will either be included into the distribution kit or will be sent to you by email after receiving your payment.
The License Agreement is a legal agreement between you and the manufacturer (Kaspersky Lab Ltd.) that stipulates the terms and conditions under which you may use the anti-virus product you have purchased.
Carefully review the License Agreement!
If you do not agree to the terms of the License Agreement, you may return the product to your Kaspersky Anti-Virus dealer for a full refund provided that the envelope with the installation CD has not been unsealed.
By opening the sealed envelope containing the installation CD, or by installing the application, you confirm that you have accepted all the terms and conditions of the License Agreement.
1.4. Help desk for registered users
Kaspersky Lab offers an extensive service package enabling registered customers to boost the productivity of Kaspersky
If you register and purchase a subscription you will be provided with the following services for the period of your subscription:
new versions of this anti-virus software product provided free of charge;
phone or email support on matters related to the installation, configu­ration, and operation of the product you have purchased;
information about new Kaspersky Lab products and about new com­puter viruses (available to subscribers of the Kaspersky Lab’s newslet­ter).
Kaspersky Lab does not provide information related to operation and use of operating systems or other technologies.
SMTP-Gateway.
1.5. Conventions
Various formatting conventions are used throughout the text of this document depending on the purpose of a particular element. The table below lists the formatting conventions used.
10 Kaspersky
Convention Meaning
®
SMTP-Gateway 5.0
Bold font
Note.
Attention!
To do this,
1. Step 1.
2. …
Task or example
Solution
[option] – Function of the op-
tion
Text of information messages and the com­mand line
Menu titles, commands, window titles, dialog elements, etc.
Additional information, notes
Critical information
Description of the sequence to actions to be performed by the user
A task or an example of how to use the product
A solution of the problem stated
Command line options
Text of configuration files, information messages, and the command line.
CHAPTER 2. APPLICATION
DEPLOYMENT SCENARIOS
This chapter contains a detailed discussion of the application’s architecture and operating principles as well as typical scenarios of its deployment.
2.1. Application architecture
The review of the functionality of the application must be preceded by a description of its internal architecture.
Kaspersky SMTP-Gateway is a full-featured Mail Transfer Agent (MTA) able to receive and route email traffic scanning email messages for viruses. Kaspersky SMTP-Gateway uses SMTP protocol options (RFC 2821), Internet message format (RFC 2822), MIME format (RFC 2045-2049, 2231, 2646), and satisfies the requirements to mail relays (RFC 1123). In accordance with anti-spam recommendations (RFC 2505), the application uses its own relaying table to prevent using of this application as an open relay. In addition, Kaspersky SMTP- Gateway supports the following SMTP protocol extensions:
Pipelining – Enhances performance of servers supporting this mode of operation (RFC 2920).
8-bit MIME Transport – Processes national language characters code tables (RFC 1652).
Enhanced Error Codes – Provides more informative explanations of protocol errors (RFC 2034).
DSN (Delivery Status Notifications) – Decreases bandwidth usage and provides more reliable diagnostics (RFC 1891, 3461-3464).
SMTP Message Size Declaration – Decreases the load and increases transfer rate (RFC 1870).
Kaspersky SMTP-Gateway includes the following components:
smtpgw - the main component – a full-featured mail relay with in-built anti-virus protection;
licensemanager – component for managing license keys (installation, removal, viewing statistics).
12 Kaspersky
keepup2date – components that updates the anti-virus database by downloading the updates from the Kaspersky Lab’s update server.
Webmin – a module for remote administration of the application using a web interface (optional installation). This component allows to con­figure and manage the anti-virus database updates, specify actions to be performed on the objects depending on their status and monitor the results of the application’s operation.
The smtpgw component (see Figure 1), in its turn, consists of the following modules: Receiver (incoming mail receiver), Sender (module for sending scanned messages), and AV module (module implementing the anti-virus functionality).
Figure 1. Kaspersky SMTP-Gateway general architecture
®
SMTP-Gateway 5.0
The licensemanager components is used to manage license keys.
the keepup2date component updates the anti-virus database used for detecting and disinfecting viruses.
2.2. How Kaspersky SMTP-Gateway works
Kaspersky SMTP-Gateway works as follows (see Figure 2):
1. The mail agent receives email messages via the SMTP protocol and passes them to the Receiver module.
2. The Receiver module performs the preliminary email processing using the following criteria:
presence of the sender’s IP address is in the list of blocked or trusted addresses.
Application deployment scenarios 13
compliance of the email message size (as well as the mail ses­sion and the total number of messages within the session) with the specified limits specified in the application settings.
compliance of the number of open sessions (from all IP ad­dresses or a single IP address)with the specified limits specified in the application settings.
If the message satisfies the preliminary processing, it is sent to the working queue to be processed by the anti-virus engine.
3. The processing (scanning and disinfecting) procedure is as follows:
a. The AV module receives an object to be processed from the
working queue.
b. The AV module scans the object and, if this option is enabled,
disinfects it using the anti-virus database records. Then it passes the scanned object to the ready-to-send message queue along with the return code that indicates the object’s status.
c. The Sender module handles the object depending on the object’s
status, as defined by the settings stored in the configuration file.
4. Scanned messages together with the information on the scan and disinfection results are transferred via the SMTP protocol to the onward mail agent to be delivered to local end users or rerouted to other mail servers.
Figure 2. Kaspersky SMTP-Gateway working queue.
5. If saving a backup copy in the backup storage or in the quarantine is specified as the action to be performed on a message (see Figure 3), the copy of the scanned object will be saved in the backup storage or in the quarantine concurrently with sending it to the ready-to-send queue (depending on the message status).
14 Kaspersky
®
SMTP-Gateway 5.0
6. If your network security policy requires logging of all outgoing e-mail traffic, scanned messages will be automatically saved to the log concurrently with sending them to the working queue.
Figure 3. Saving messages to the backup storage or the quarantine.
2.3. Typical deployment scenarios
Depending on the initial architecture of the mail server the following options of Kaspersky Smtp-Gateway are provided:
Install the application at the network perimeter on the same computer with your mail system (recommended for Sendmail, Postfix and Exim mail sys­tems).
Install the application at the network perimeter on a dedicated server to operate as an anti-virus filter (recommended for Sendmail, Postfix and Exim mail systems).
Install the application inside your existing mail system on the same com- puter.
Install the application inside your mail system on a dedicated server to operate as an anti-virus filter.
The sections below discuss in detail the above scenarios and specify their advantages.
Application deployment scenarios 15
The application, being a mail relay, does not include a local delivery agent. Therefore, no matter which of the deployment scenarios is used, a mail system (or mail systems) that delivers e-mail messages to the local users within the protected domains is required!
2.3.1. Installing the application at the network perimeter
The advantage of this option is that it improves the overall performance of your mail system because it minimizes the number of transfer cycles for email messages.
Besides, in this case the existing mail server of the company has no connection to the Internet, which enhances your data's security. In addition, demilitarized zones (DMZ) may be set up.
To install the application and the mail system on the same server, the following algorithm is provided to ensure their joint operation:
1. Configure all interfaces of Kaspersky SMTP-Gateway to listen on port 25 for incoming email traffic.
2. The application will scan and process email traffic and then pass the processed objects the mail system of the company via a different port (for example port 1025).
3. The mail system, configured to use a local interface, will deliver messages to users.
When implementing this deployment scenario the following settings must be configured:
The following steps are to be followed in order to install the application and the mail system on the same server:
Configure the application for receiving mail via port 25 on all network in­terfaces of the server. In order to do this, specify the following value in section [smtpgw.network] of the configuration file:
ListenOn=0.0.0.0:25
Specify in the routing table transferring all scanned messages to the mail system via port 1025. In order to do this, specify the following value in section [smtpgw.network] of the configuration file:
ForwardRoute=company.com [host:1025]
16 Kaspersky
®
SMTP-Gateway 5.0
where:company.com – protected company’s domain;
host – name of the mail server of the company.
Change the settings of the existing mail system for receiving messages from the application via port 1025. This will ensure receipt, anti-virus scanning of all incoming mail messages and delivery of these messages to the local users within the protected domains of the company.
Specify the transferring of all messages received by the existing mail sys­tem via port 25 to the application. This will ensure anti-virus scanning of all outgoing mail messages from the local users and delivery of such messages to the internet.
Specify the list of all local domains of the company by modifying the value of parameter ProtectedDomains in section [smtpgw.network] of the configuration file of the application (special symbols "*" and "?" can be used). Mail messages for the specified domains will be scanned and li­censed (a detailed description of the configuration file see section A.2, page 74).
Application configuration for this deployment scenario will be imple­mented by default during the process installation.
The application operation algorithm, when the application is installed on a dedicated server, is similar to operation on the same server, but the settings for this scenario will differ.
When installing the application to a dedicated server, follow the below instructions.
Configure the application for receiving mail via port 25 on all network in­terfaces of the server. In order to do this, specify the following value in section [smtpgw.network] of the configuration file:
ListenOn=0.0.0.0:25
Specify in the routing table transferring all scanned messages to the mail system via port 25. In order to do this, specify the following value in sec­tion [smtpgw.network] of the configuration file:
ForwardRoute=company.com [host:25]
where:company.com – protected company’s domain;
host – name of the mail server of the company.
Specify the list of all local domains of the company by modifying the value of parameter ProtectedDomains in section [smtpgw.network] (special
Application deployment scenarios 17
symbols "*" and "?" can be used). Mail messages for the specified do­mains will be scanned and licensed.
This deployment scenario is the most convenient, especially if the in­stallation of Kaspersky SMTP-Gateway is performed concurrently with the deployment of the network and of the company’s mail system.
2.3.2. Installing the application inside your mail system
If you install the application inside your mail system, the advantage is that the information and settings for the anti-virus software installed on the server are not available on the Internet. Besides, if the application is installed inside the mail system on the dedicated server, this provides for the possibility to distribute the load among several servers performing anti-virus scan.
The following algorithm is provided for joint operation of the application and the mail system installed on the same server:
1. Duplicate your mail system and configure one of them to listen to port
25 and receive email messages via all available interfaces.
2. This mail system forwards all incoming messages through the local
interface via a different port (port 1025, for instance) to the application for scanning.
3. The application scans the email messages for viruses and forwards
scanned and processed messages to the second mail system on a different port (for example, port 1026).
4. The second mail system delivers email to the local users.
This deployment scenario is recommended if you are sure of the reli­ability of your mail system. The installation of the application will not affect the stability of your mail system.
In general, installation on a dedicated server is similar to the above procedure. Besides, when installing the application on a dedicated server, you can create and run several copies of the application on different servers. This can help you distribute the anti-virus processing load among several servers.
To implement this scenario:
Specify the list of all local domains of the company by modifying the value of parameter ProtectedDomains in section [smtpgw.network] (special
18 Kaspersky
®
symbols "*" and "?" can be used). Mail messages for the specified do­mains will be scanned and licensed.
Deploying Kaspersky SMTP-Gateway may require changes of all set­tings within the mail clients throughout the company so that all outgoing mail messages will be delivered to the application that will pass the messages to the external network after an anti-virus scan.
If the network includes a firewall or demilitarized zones (DMZ’s), it is necessary to provide mail clients and internal and external networks servers with access to the installed application to ensure joint operation and routing of the mail traffic.
SMTP-Gateway 5.0
CHAPTER 3. INSTALLING
KASPERSKY ANTI-VIRUS SMTP-GATEWAY
Before installing Kaspersky SMTP-Gateway, it is necessary to:
Make sure that your system meets the minimum system requirements (see section 1.2 on page 7).
Configure your Internet connection (optional; it is necessary for updat­ing the anti-virus database).
Log in to the system as root or as a privileged user.
3.1. Installing Kaspersky SMTP­Gateway under Linux
For servers running the Linux operating system, Kaspersky SMTP-Gateway is distributed in three different installation packages, depending on the type of the installation program for your OS.
You can use an rpm package to install Kaspersky SMTP-Gateway under Linux Red Hat and Linux SuSe.
To install Kaspersky SMTP-Gateway from the rpm package, enter the following in the command line:
rpm –i smtpgw-linux-5.0.x-yy.i386.rpm
If you are installing the application from the rpm package, after the files have been copied to your server, run the postinstall.pl script to
perform post-installation configuration.
Under Linux Debian, Kaspersky SMTP-Gateway installation is performed from a
deb package.
To initiate installation of Kaspersky SMTP-Gateway from the deb package, enter the following command in the command line:
dpkg –i smtpgw-linux-5.0.x.yy.deb
20 Kaspersky
After you enter the command, Kaspersky SMTP-Gateway will be installed automatically.
You can also use a universal distribution file for all Linux OS. Use this distribution file if your Linux version does not support the rpm or deb formats or if your network administrator does not wish to use (or cannot use) a built-in package manager.
The universal Kaspersky SMTP-Gateway distribution file is supplied as an archive (tar.gz).
To install Kaspersky SMTP-Gateway from the universal distribution file, do the following:
1. Copy the archive of the distribution file to a file system directory on your server.
2. Extract the archive using command
tar -xvf smtpgw-linux-5.0.x.yy.tar.gz
The archive contains the installer and the file tree of the application distribution file that will be extracted by the above command.
3. Run the following installation script:
cd smtpgw-install
./install.sh
After you enter the command, Kaspersky SMTP-Gateway will be installed automatically.
®
SMTP-Gateway 5.0
3.2. Installing KAV SMTP-Gateway on a server running FreeBSD or OpenBSD
The distribution file for installation of Kaspersky SMTP-Gateway on servers running FreeBSD or OpenBSD OS is supplied as a pkg package.
Installing Kaspersky Anti-Virus SMTP-Gateway 21
To initiate installation of Kaspersky SMTP-Gateway from a pkg pack- age, enter the following in the command line:
pkg_add smtpgw-freebsd-4.x-5.0.x.yy.tgz
or:
pkg_add smtpgw-freebsd-5.x-5.0.x.yy.tgz
or:
pkg_add smtpgw-openbsd-3.4-5.0.x.yy.tgz
After you enter the command, Kaspersky SMTP-Gateway will be installed automatically.
3.3. Installation steps
Installation errors can occur for a number of reasons. If an error mes­sage is displayed, make sure that your computer satisfies the minimum system requirements listed in section 1.2 on page 7 and that you have logged on to the system as a root.
To install the application on the server, follow the steps below:
Step 1. Preparing the system
At this stage, the system creates the system group and user account for the ap­plication. The default group is kavusers and the default user account is ka- vuser. In future, the application will start under this user account (not root) to provide additional security to your system.
Step 2. Copying application files to your server
The installer starts copying files to the installation directory on your server: A detailed description of the directories to the application files will be copied, see section A.1, page 70.
For Linux: /opt/kav/5.0/smtpgw
For OpenBSD and FreeBSD: /usr/local/share/kav/5.0/smtpgw
Step 3. Post-installation tasks
The post-installation configuration includes the following steps:
22 Kaspersky
Configuring the smtpgw component (see section 3.4 page 22).
Installing and registering the license key.
If you have no license key at the time of installation (for example, if
you purchased the application via the Internet and have not received the license key yet), you can activate the application after installation before its first use. For details see section 5.4, page 46. Note that if the license key is not installed, the anti-virus database cannot be up­dated and the smtpgw component cannot be run during the installa­tion process. You will have to do it manually, after the key is installed.
Configuring the keepup2date component.
Updating the anti-virus database.
You must install the anti-virus database before using the applica­tion. The procedure of detecting and disinfecting viruses relies on the use of the anti-virus database records that contain description of viruses known at the moment and the methods of disinfecting these viruses. Anti-virus scanning and processing of email mes­sages cannot be performed without the anti-virus database.
Installing the Webmin module.
The Webmin module for remotely managing the application can be installed correctly only if the Webmin application is located in the default directory. Af­ter Webmin is installed, you will receive detailed instructions on how to con­figure the module to work with the application.
Running the smtpgw component.
®
SMTP-Gateway 5.0
If, after installation, Kaspersky SMTP-Gateway has not started working as required, check the configuration settings. Pay special attention to the port number you specified for receiving mail traffic. You may also view the application log file.
After you properly complete these steps, a corresponding message on the server console will appear.
3.4. Configuring Kaspersky SMTP­Gateway
Immediately after the files have been copied to your server, system configuration process will start. Depending on the package manager you use, the configuration process will either be started automatically or (if the package manager does not
Installing Kaspersky Anti-Virus SMTP-Gateway 23
allow the use of interactive scripts, such as rpm), some additional actions will have to be performed by the administrator.
If you are using the rpm installation package, enter the following com­mand to start configuration after the files are copied to your server:
/opt/kav/5.0/smtpgw/setup/postinstall.pl
The configuration process includes the following tasks:
Setting up (by the administrator) of the server name that will be used to identify the application in the SMTP-protocol commands when cre­ating the DNS and notifications (the [smtpgw.network] section, Hostname parameter). Enter the host name using the following for­mat: <*.*>.
Setting up the domain name that will be used to:
Assign the Postmaster address ([smtpgw.network] section,
Postmaster parameter)
Assign the sender’s return address for notifications ([smtpgw.options] section, NotifyFromAdress parameter)
Define the administrator’s address ([smtpgw.options] section, AdminNotifyAddress parameter)
Allow incoming mail to this domain ([smtpgw.options] section, Rule parameter).
Enter the domain name using the following format: <*.*>.
Defining the interface and port that listens to the incoming email traffic ( [smtpgw.network] section, ListenOn parameter). Type the port name and the IP address in the format <x.х.х.x:y>, where:
x.х.х.x is the IP address, and
y is the port number.
Specifying local network identifiers ([smtpgw.access] section, Rule parameter). This value is used to assign rules for message delivery and processing, for example, rules specific for your organization con­cerning mail processing, or blocking email messages from external servers, etc. Specify the values using the following formats:
<x.х.х.x>, <x.х.х.x/y.y.y.y>, or <x.х.
х.x/y>, where:
x.х.х.x is the IP address, and
y.y.y.y or y is the subnet mask.
24 Kaspersky
®
SMTP-Gateway 5.0
Specifying the server to which all processed messages will be for­warded ([smtpgw.forward] section, the ForwardRoute parameter). Type the host name in the format <x.х.х.x:z>, where:
x.х.х.x is the IP address, and
z is the port number.
Modifying the application configuration file
If all the above steps have been successfully completed, the configuration file will have all settings that are required to start working with the application.
After the system is installed and configured, it is recommended that you check the settings for Kaspersky SMTP-Gateway and test its perform­ance. For more details, see Chapter 8 on page 66.
Installing Kaspersky Anti-Virus SMTP-Gateway 25
CHAPTER 4. UNINSTALLING
KASPERSKY SMTP­GATEWAY
To uninstall Kaspersky SMTP-Gateway, you should have root privileges. If you are currently logged under a user account with lesser privileges, log on as a root.
The uninstallation process will automatically stop the application!
When you are uninstalling Kaspersky SMTP-Gateway, the application will be stopped, and all files and directories created during installation will be deleted. However, files and directories created or modified by the administrator, such as the application configuration file, notification templates, and the quarantine and backup directories, archives of received and sent messages, anti-virus databases, license key file, will remain.
There are several different ways to run the uninstall procedure, depending on the package manager you used. Below is a detailed discussion of these options:
If you installed the application from the rpm package, type the following string to uninstall Kaspersky SMTP-Gateway:
rpm -e <package_name>
If you installed the application from the deb package, type the following string to uninstall Kaspersky SMTP-Gateway:
dpkg -r <package_name>
If you installed the application from the universal package (tar.gz), type the following string to uninstall Kaspersky SMTP-Gateway:
/opt/kav/5.0/smtpgw/setup/uninstall.pl
If you installed the application from the pkg package, type the following string to uninstall Kaspersky SMTP-Gateway:
pkg_delete <package_name>
After the application has been successfully removed from your server, you will see a corresponding message on your screen.
CHAPTER 5. USING KASPERSKY
SMTP-GATEWAY APPLICATION
Using Kaspersky SMTP-Gateway, you can build a comprehensive anti-virus protection system for email messages transferred through the mail server of your organization.
The anti-virus protection system is based on the performance of tasks that represent major functionality of the application.
All tasks implemented by the application may be divided into two major groups:
1. Anti-virus protection of email messages.
2. Updating of the anti-virus database used to detect and disinfect infected objects.
Each of the above groups include more specific tasks. In this chapter, we will discuss tasks that the administrator can combine and enhance depending on the needs of his/her organization.
This guide contains a description of how to locally configure and start tasks from the command line. Issues related to starting and managing tasks from remote computers using the Webmin application are not considered in this document.
In all examples below, it is assumed that the administrator has com­pleted all required post-installation tasks and the application operates correctly.
5.1. Updating anti-virus database
The application detects viruses and disinfect infected objects based on the anti­virus database records that contain description of all viruses known at the moment and the methods used to disinfect objects infected by this viruses.
The keepup2date module is included into the architecture of KasperskySMTP- Gateway to provide various types of updates. The source of updates are Kaspersky Lab’s update servers, such as:
http://downloads1.kaspersky-labs.com/updates/ http://downloads2.kaspersky-labs.com/updates/
Using Kaspersky SMTP-Gateway application 27
ftp://downloads1.kaspersky-labs.com/updates/, etc.
The updcfg.xml file included in the installation package lists the URLs of all available Kaspersky Lab’s update servers.
To update the anti-virus database or application modules, the keepup2date component first selects an address from the list of update servers and tries to download updates from this server. If the server is currently unavailable, the application connects to another server, trying to download updates. After the database has been successfully updated, a command specified as the value of parameter PostUpdateCmd in section [updater.options] of the configuration file will be executed. By default, this command will automatically restart the application; it is not recommended to alter this command.
All settings of the keepup2date component are stored in the [updater.*] sections of the configuration file.
If your network has a complicated structure, we recommend that you download updates from Kaspersky Lab’s update servers every three hours and place them to a network directory. To keep other networked computers constantly updated, configure the local computers to copy the updates from this directory. For detailed instructions on how to implement this updating scenario, see section 5.1.3 on page 29.
We urgently recommend that you set the application to update your anti-virus database every 3 hours!
You can also configure the updating process to run at a certain time by using the cron utility (see section 0 on page 27) or manually, from the command line (see section 5.1.2 no page 28).
All Kaspersky Lab’s applications that have the keepup2date component can be automatically updated.
: view the list of all Kaspersky Lab’s applications that can be up-
Task dated.
Solution
: in order to implement this task, enter in the command line:
keepup2date –i
This will print to the screen the list that includes the names of all Kaspersky Lab’s applications that include the keepup2date component as well as their application ID’s.
28 Kaspersky
®
SMTP-Gateway 5.0
5.1.1. Automatic anti-virus database updating
You can schedule the application to automatically update the anti-virus database using the cron program.
Task
: Configure the application to automatically update your anti-virus database every day at 07.00 a.m. An update server should be selected from the updcfg.xml file. Only errors encountered in the component operation should be recorded in the system log. Keep a general log of all task executions. Output no information to the console.
Solution
1. In the configuration file, specify the appropriate values for the
2. Edit the file that sets the rules for the cron process (crontab –e) by
For Linux:
For FreeBSD and OpenBSD:
: To accomplish the above tasks, do the following:
following parameters, for example:
[updater.options] KeepSilent=yes [updater.report] Append=yes ReportLevel=1
entering the following string for the root user:
0 7 * * * /opt/kav/5.0/smtpgw/bin/keepup2date
0 7 * * * /usr/local/share/kav/5.0/smtpgw/bin/keepup2date
5.1.2. Manual updating of the anti-virus database
You can start updating your anti-virus database from the command line at any time.
Using Kaspersky SMTP-Gateway application 29
: To start updating of the database and save updating results in the
Task /tmp/updatesreport.log file.
Solution user that have the rights of a privileged user) and enter in the command line:
#keepup2date –l /tmp/updatesreport.log
If you need to update the anti-virus database on several server, it may be more convenient to download the updates from an update server once, save them to a shared directory, and then update the databases on other computers from this directory.
Task
/home/kavuser/bases
or empty, update the database from Kaspersky Lab’s update servers. Save the results to file /tmp/updatesreport.log.
Solution user that have the rights of a privileged user) and do the following:
1. In the application configuration file, enter the appropriate values for
2. Enter the following string in the command line:
: To accomplish the task, log in as a root user (or as any other
: Start the updating of the anti-virus database from the
shared directory. If this directory is inaccessible
: To accomplish the task, log in as a root user (or as any other
the following parameters:
[updater.options]
UpdateServerUrl=/home/kavuser/bases
UseUpdateServerUrl=yes
UseUpdateServerUrlOnly=no
#keepup2date –l /tmp/updatesreport.log
You can accomplish these or similar tasks remotely using the Webmin remote administration module.
5.1.3. Creating a shared directory for storing and sharing database updates
To update the anti-virus databases correctly on local computers from the shared directory, you need to create in this directory a file structure that is similar to that
30 Kaspersky
of Kaspersky Lab’s update servers. This is a complicated task that deserves a detailed explanation.
: Create a shared local directory from which the local computers
Task will be able to update the anti-virus database.
®
SMTP-Gateway 5.0
Solution user that have the rights of a privileged user) and do the following:
1. Create a local directory.
2. Run the keepup2date component as follows:
3. Allow local computers on your network to access this directory.
: To accomplish this task, log in as a root user (or as any other
keepup2date –u rdir
where rdir is the full path to the directory created.
5.2. Anti-virus protection of email
traffic
Anti-virus filtering of mail traffic is the most main task of Kaspersky SMTP­Gateway.
The application is used to protect users against infected messages, and to deliver only clean or disinfected messages, along with information on scanning results for every message.
Additional filtration of messages by names and attachment types decrease the load on the server when scanning email traffic for viruses. This represents only a part of the application’s functionality. There is an extended discussion of the application’s functionality below, in the sections describing specific protection tasks.
All smtpgw settings are located in the [smtpgw.*] sections of the appli­cation configuration file.
5.2.1. Creating groups of recipients/senders
Recipients/Senders group is defined as pairs of recipient/sender email addresses. A particular email message may be assigned to a particular group
Loading...
+ 82 hidden pages