Installation manual
26
9.2 Setting ESETS for MTA Sendmail
Inbound email message scanning
W a r ning :
This installation is not compatible with SELinux. Either disable SELinux or proceed to the next section.
The objective of this installation is to insert
esets_m d a
before Sendmail’s original MDA.
NOTE: On FreeBSD, Sendmail may be communicating with MDA using LMTP. However, esets_mda does not understand LMTP. If
you have FEATURE(local_lmtp) in ‘hostname’.mc, comment it out now and recreate sendmail.cf.
The currently used MDA can be found in the file sendmail.cf in section Mlocal: parameters ‘P’ (executable) and ‘A’ (its name
and arguments).
First, set the ‘mda_path’ in the
[m d a ]
section of the ESETS configuration file to the currently used MDA executable (Sendmail’s
‘P’ parameter). Then restart the ESETS daemon.
Next, add the lines below to the sendmail.mc file (or `‘hostname’.mc on FreeBSD and Solaris) before all MAILER definitions:
define('LOCAL_MAILER_PATH', '@BINDIR@/esets_mda')dnl
define('LOCAL_MAILER_ARGS', 'esets_mda original_arguments -- --sender $f --recipient $u@$j')dnl
In the example above, original_arguments is Sendmail’s ‘A’ parameter without the name (first word).
Lastly, recreate sendmail.cf and restart Sendmail.
Bi-directional email message scanning
The objective of this installation is to scan all mail in Sendmail using the
esets_smfi
filter. In the
[smfi]
section of the ESETS
configuration file, set the following parameters:
agent_enabled = yes
smfi_sock_path = "/var/run/esets_smfi.sock"
Restart the ESETS daemon. Then, add the lines below to the sendmail.mc file (or ‘hostname’.mc on FreeBSD) before all MAILER
definitions:
INPUT_MAIL_FILTER('esets_smfi', 'S=local:/var/run/esets_smfi.sock, F=T, T=S:2m;R:2m;E:5m')dnl
With these settings, Sendmail will communicate with
esets_smfi
via unix socket ‘/var/run/esets_smfi.sock’. Flag ‘F=T’ will
result in a temporary failed connection if the filter is unavailable. ‘S:2m’ defines a 2 minute timeout for sending information
from MTA to the filter, ‘R:2m’ defines a 2 minute timeout for reading replies from the filter and ‘E:5m’ sets an overall 5 minute
timeout between sending end-of-message to the filter and waiting for final acknowledgment.
If the timeouts for the
esets_smfi
filter are too short, Sendmail can temporarily defer the message to the queue and attempt to
pass it through later. However, this may lead to continuous deferral of the same messages. To avoid this problem, the timeouts
should be set properly. You can experiment with Sendmail’s
‘co n fM A X _M ESSA G E_SIZE’
parameter, which is the maximum
accepted message size in bytes. Taking into account this value and the approximate maximum time for MTA to process a message
of that size (this can be measured), you can determine the most effective timeout settings for the
esets_smfi
filter.
Lastly, recreate sendmail.cf and restart Sendmail.
9.3 Setting ESETS for MTA Qmail
Inbound email message scanning
The objective of this installation is to insert
esets_m d a
before Qmail’s local delivery agent. Assuming Qmail is installed in the
/var/qmail directory, in the
[mda ]
section of the ESETS configuration file, set the following parameter:
mda_path = "/var/qmail/bin/qmail-esets_mda"
Restart the ESETS daemon. Create the file /var/qmail/bin/qmail-esets_mda with the following content and run ‘chmod a+x’ on
it:
#!/bin/sh
exec qmail-local -- "$USER" "$HOME" "$LOCAL" "" "$EXT" "$HOST" "$SENDER" "$1"
This will cause esets_mda to call Qmail’s local delivery agent. Next, create the file /var/qmail/bin/qmail-start.esets with the
following content and also run 'chmod a+x' on it:
#!/bin/sh
A="$1"; shift
exec qmail-start.orig "|@BINDIR@/esets_mda '$A'"' -- --sender="$SENDER" --recipient="$RECIPIENT"' "$@"