Manualshelf

Installation manual

ManualsBrandsESET ManualsSoftwareNOD32 ANTIVIRUS - FOR LINUX MAIL SERVERS
21222324252627282930
25
9. Appendix A. ESETS setup and configuration
9.1 Setting ESETS for MTA Postfix
Inbound email message scanning
W a r ning :
This installation is not compatible with SELinux. Either disable SELinux or proceed to the next section.
The objective of this installation is to insert
esets_m d a
before the original Postfix MDA. The MDA to be used (with arguments)
is set in the Postfix parameter
‘m a ilbox _comma nd
.
NOTE: If the mailbox_command‘ value is empty, Postfix alone is delivering mail . You must install and configure a real MDA
(e.g. procmail) and use that first for the ‘mailbox_command’ and arguments (e.g. /usr/bin/procmail -d "$USER"). Reload Postfix
and make sure it is delivering mail according to your needs. You may then continue with the ESETS installation.
Take the full path to the current Postfix MDA and set the parameter ‘mda_path’ in the
[mda ]
section of the ESETS configuration
file to:
mda_path = "/usr/bin/procmail"
Restart the ESETS daemon. Then, replace the path to the current Postfix MDA with
esets_m d a
path and add -- --
recipient="$RECIPIENT" --sender="$SENDER" to the arguments, as in the following example:
mailbox_command = @BINDIR@/esets_mda -d "$USER" -- --recipient="$RECIPIENT" --sender="$SENDER"
To re-read the newly created configuration, reload Postfix.
Bi-directional email message scanning
The objective of this installation is to divert all mail from Postfix to
esets_smtp
and get them back to Postfix. In the
[smt p]
section of the ESETS configuration file, set the following parameters:
agent_enabled = yes
listen_addr = "localhost"
listen_port = 2526
server_addr = "localhost"
server_port = 2525
Restart the ESETS daemon;
esets_smtp
will be started and will scan all SMTP communication accepted on
‘listen_a ddr:
listen _port
and forward it to
‘server_a dd r:server_po rt’
. To divert all mail to
esets_smtp
set the following in Postfix:
content_filter = smtp:[127.0.0.1]:2526
NOTE: If the
‘co n tent_filter
parameter already has a value, do not follow these instructions. Instead, you must insert
esets_smtp
(or other ESETS mail scanning module) before or after your current ‘content_filter’.
Lastly, set Postfix to accept mail on port 2525 and continue processing it. To do this, add the following entry to the Postfix
master.cf file:
localhost:2525 inet n - n - - smtpd
-o content_filter=
-o myhostname=esets.yourdomain.com
-o local_recipient_maps=
-o relay_recipient_maps=
-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
-o smtpd_helo_restrictions=
-o smtpd_client_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
Replace yourdomain.com with your hostname. Make sure all but the first line is indented. To re-read the newly created
configuration, reload Postfix.
NOTE: If you have SELinux enabled, it will prevent Postfix from listening on 2525 (e.g. Fedora Core >= 5), In this case, run the
following command:
semanage -a -t smtp_port_t -p tcp 2525