Installation manual
Table Of Contents
- Introduction
- Terminology and abbreviations
- System requirements
- Installation
- Architecture Overview
- Integration with Email Messaging System
- Important ESET Mail Security mechanisms
- ESET Security system update
- Let us know
- Appendix A. ESETS setup and configuration
- Setting ESETS for MTA Postfix
- Setting ESETS for MTA Sendmail
- Setting ESETS for MTA Qmail
- Setting ESETS for MTA Exim version 3
- Setting ESETS for MTA Exim version 4
- Setting ESETS for MTA ZMailer
- Setting ESETS for MTA Novell GroupWise
- Setting ESETS for outbound email message scanning
- Setting ESETS for scanning of POP3 communication
- Setting ESETS for scanning of IMAP communication
- Appendix B. PHP License
33
10. Appendix A. ESETS setup and configuration
10.1 Setting ESETS for MTA Postfix
Inbound email message scanning
Warning: This installation is not compatible with SELinux. Either disable SELinux or proceed to the next section.
The objective of this installation is to insert esets_mda before the original Postfix MDA. The MDA to be used (with arguments) is
set in the Postfix parameter ‘mailbox_command’.
Note: If the ‘mailbox_command‘ value is empty, Postfix alone is delivering mail . You must install and configure a real MDA (e.g.
procmail) and use that first for the ‘mailbox_command’ and arguments (e.g. /usr/bin/procmail -d "$USER"). Reload Postfix and
make sure it is delivering mail according to your needs. You may then continue with the ESETS installation.
Take the full path to the current Postfix MDA and set the parameter ‘mda_path’ in the [mda] section of the ESETS configuration file
to:
mda_path = "/usr/bin/procmail"
Restart the ESETS daemon. Then, replace the path to the current Postfix MDA with esets_mda path and add -- --
recipient="$RECIPIENT" --sender="$SENDER" to the arguments, as in the following example:
mailbox_command = @BINDIR@/esets_mda -d "$USER" -- --recipient="$RECIPIENT" --sender="$SENDER"
To re-read the newly created configuration, reload Postfix.
Bi-directional email message scanning
The objective of this installation is to divert all mail from Postfix to esets_smtp and get them back to Postfix. In the [smtp] section
of the ESETS configuration file, set the following parameters:
agent_enabled = yes
listen_addr = "localhost"
listen_port = 2526
server_addr = "localhost"
server_port = 2525
Restart the ESETS daemon; esets_smtp will be started and will scan all SMTP communication accepted on ‘listen_addr:listen_port’
and forward it to ‘server_addr:server_port’. To divert all mail to esets_smtp set the following in Postfix:
content_filter = smtp:[127.0.0.1]:2526
Note: If the ‘content_filter’ parameter already has a value, do not follow these instructions. Instead, you must insert esets_smtp
(or other ESETS mail scanning module) before or after your current ‘content_filter’.
Lastly, set Postfix to accept mail on port 2525 and continue processing it. To do this, add the following entry to the Postfix
master.cf file:
localhost:2525 inet n - n - - smtpd
-o content_filter=
-o myhostname=esets.yourdomain.com
-o local_recipient_maps=
-o relay_recipient_maps=
-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
-o smtpd_helo_restrictions=
-o smtpd_client_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
Replace yourdomain.com with your hostname. Make sure all but the first line is indented. To re-read the newly created
configuration, reload Postfix.
Note: If you have SELinux enabled, it will prevent Postfix from listening on 2525 (e.g. Fedora Core >= 5), In this case, run the
following command:
semanage -a -t smtp_port_t -p tcp 2525