Installation manual

Table Of Contents

10.2 Setting ESETS for MTA Sendmail

Inbound email message scanning

Warning: This installation is not compatible with SELinux. Either disable SELinux or proceed to the next section.

The objective of this installation is to insert esets_mda before Sendmail’s original MDA.

Note: On FreeBSD, Sendmail may be communicating with MDA using LMTP. However, esets_mda does not understand LMTP. If

you have FEATURE(local_lmtp) in ‘hostname’.mc, comment it out now and recreate sendmail.cf.

The currently-used MDA can be found in the file sendmail.cf in section Mlocal: parameters ‘P’ (executable) and ‘A’ (its name and

arguments).

First, set the ‘mda_path’ in the [mda] section of the ESETS configuration file to the currently used MDA executable (Sendmail’s ‘P’

parameter). Then restart the ESETS daemon.

Next, add the lines below to the sendmail.mc file (or `‘hostname’.mc on FreeBSD and Solaris) before all MAILER definitions:

define('LOCAL_MAILER_PATH', '@BINDIR@/esets_mda')dnl

define('LOCAL_MAILER_ARGS', 'esets_mda original_arguments -- --sender $f --recipient $u@$j')dnl

In the example above, original_arguments is Sendmail’s ‘A’ parameter without the name (first word).

Lastly, recreate sendmail.cf and restart Sendmail.

Bi-directional email message scanning

The objective of this installation is to scan all mail in Sendmail using the esets_smfi filter. In the [smfi] section of the ESETS

configuration file, set the following parameters:

agent_enabled = yes

smfi_sock_path = "/var/run/esets_smfi.sock"

Restart the ESETS daemon. Then, add the lines below to the sendmail.mc file (or ‘hostname’.mc on FreeBSD) before all MAILER

definitions:

INPUT_MAIL_FILTER('esets_smfi', 'S=local:/var/run/esets_smfi.sock, F=T, T=S:2m;R:2m;E:5m')dnl

With these settings, Sendmail will communicate with esets_smfi via unix socket ‘/var/run/esets_smfi.sock’. Flag ‘F=T’ will result

in a temporary failed connection if the filter is unavailable. ‘S:2m’ defines a 2 minute timeout for sending information from MTA

to the filter, ‘R:2m’ defines a 2 minute timeout for reading replies from the filter and ‘E:5m’ sets an overall 5 minute timeout

between sending end-of-message to the filter and waiting for final acknowledgment.

If the timeouts for the esets_smfi filter are too short, Sendmail can temporarily defer the message to the queue and attempt to

pass it through later. However, this may lead to continuous deferral of the same messages. To avoid this problem, the timeouts

should be set properly. You can experiment with Sendmail’s ‘confMAX_MESSAGE_SIZE’ parameter, which is the maximum

accepted message size in bytes. Taking into account this value and the approximate maximum time for MTA to process a message

of that size (this can be measured), you can determine the most effective timeout settings for the esets_smfi filter.

Lastly, recreate sendmail.cf and restart Sendmail.

10.3 Setting ESETS for MTA Qmail

Inbound email message scanning

The objective of this installation is to insert esets_mda before Qmail’s local delivery agent. Assuming Qmail is installed in the /

var/qmail directory, in the [mda] section of the ESETS configuration file, set the following parameter:

mda_path = "/var/qmail/bin/qmail-esets_mda"

Restart the ESETS daemon. Create the file /var/qmail/bin/qmail-esets_mda with the following content and run ‘chmod a+x’ on it:

#!/bin/sh

exec qmail-local -- "$USER" "$HOME" "$LOCAL" "" "$EXT" "$HOST" "$SENDER" "$1"

This will cause esets_mda to call Qmail’s local delivery agent. Next, create the file /var/qmail/bin/qmail-start.esets with the

following content and also run 'chmod a+x' on it:

#!/bin/sh

A="$1"; shift

exec qmail-start.orig "|@BINDIR@/esets_mda '$A'"' -- --sender="$SENDER" --recipient="$RECIPIENT"' "$@"