KASPERSKY LAB Kaspersky® SMTP-Gateway 5.
KASPERSKY® SMTP-GATEWAY 5.0 FOR LINUX/UNIX Administrator’s Guide © Kaspersky Lab Ltd. http://www.kaspersky.
Contents CHAPTER 1. KASPERSKY® SMTP-GATEWAY 5.0..................................................... 6 1.1. Licensing policy ..................................................................................................... 7 1.2. Hardware and software requirements .................................................................. 7 1.3. Distribution kit ........................................................................................................ 8 1.4. Help desk for registered users .........
Kaspersky® SMTP-Gateway 5.0 5.2.3.3. Delete infected attachments.................................................................. 37 5.2.3.4. Replace infected attachments with messages created using templates................................................................................................. 38 5.2.4. Additional tasks............................................................................................. 38 5.2.4.1. Block messages delivery to recipients ...............................
Contents 5 A.4. Management files................................................................................................ 86 A.5. Application statistics............................................................................................ 87 A.6. Command line options for the smtpgw component ........................................... 92 A.7. Smtpgw return codes.......................................................................................... 93 A.8.
CHAPTER 1. KASPERSKY® SMTP-GATEWAY 5.0 Kaspersky® SMTP-Gateway for Linux/Unix (hereinafter referred to as Kaspersky SMTP-Gateway or the application) is designed for processing and scanning SMTP mail traffic for viruses. The application is a full-featured mail relay (compliant with IETF RFC internet standards) that runs under Linux, FreeBSD and OpenBSD operating systems.
Kaspersky® SMTP-Gateway 5.0 7 Remember that new viruses appear every day. To keep your network constantly protected from the latest threats, we recommend that you update your anti-virus database every 3 hours. • Configure and manage Kaspersky SMTP-Gateway either from a remote location using Webmin web interface, or locally, using standard OS tools such as command line options, signals, by creating special command files or by modifying the configuration file of the application.
Kaspersky® SMTP-Gateway 5.0 8 • at least 128 МB RAM • 100 MB available space on your hard drive to install the application Note that the backup storage, quarantine, and logs of incoming and outgoing mail are not included in the hard disk space required. If your network security policy requires the use of the above features, extra disk space will be needed.
Kaspersky® SMTP-Gateway 5.0 9 license key will either be included into the distribution kit or will be sent to you by email after receiving your payment. The License Agreement is a legal agreement between you and the manufacturer (Kaspersky Lab Ltd.) that stipulates the terms and conditions under which you may use the anti-virus product you have purchased.
Kaspersky® SMTP-Gateway 5.0 10 Convention Meaning Bold font Menu titles, commands, window titles, dialog elements, etc. Note. Attention! To do this, 1. Step 1. 2.
CHAPTER 2. APPLICATION DEPLOYMENT SCENARIOS This chapter contains a detailed discussion of the application’s architecture and operating principles as well as typical scenarios of its deployment. 2.1. Application architecture The review of the functionality of the application must be preceded by a description of its internal architecture. Kaspersky SMTP-Gateway is a full-featured Mail Transfer Agent (MTA) able to receive and route email traffic scanning email messages for viruses.
Kaspersky® SMTP-Gateway 5.0 12 • keepup2date – components that updates the anti-virus database by downloading the updates from the Kaspersky Lab’s update server. • Webmin – a module for remote administration of the application using a web interface (optional installation). This component allows to configure and manage the anti-virus database updates, specify actions to be performed on the objects depending on their status and monitor the results of the application’s operation.
Application deployment scenarios 13 • compliance of the email message size (as well as the mail session and the total number of messages within the session) with the specified limits specified in the application settings. • compliance of the number of open sessions (from all IP addresses or a single IP address)with the specified limits specified in the application settings. If the message satisfies the preliminary processing, it is sent to the working queue to be processed by the anti-virus engine. 3.
Kaspersky® SMTP-Gateway 5.0 14 6. If your network security policy requires logging of all outgoing e-mail traffic, scanned messages will be automatically saved to the log concurrently with sending them to the working queue. Figure 3. Saving messages to the backup storage or the quarantine. 2.3.
Application deployment scenarios 15 The application, being a mail relay, does not include a local delivery agent. Therefore, no matter which of the deployment scenarios is used, a mail system (or mail systems) that delivers e-mail messages to the local users within the protected domains is required! 2.3.1.
Kaspersky® SMTP-Gateway 5.0 16 where:company.com – protected company’s domain; host – name of the mail server of the company. • Change the settings of the existing mail system for receiving messages from the application via port 1025. This will ensure receipt, anti-virus scanning of all incoming mail messages and delivery of these messages to the local users within the protected domains of the company.
Application deployment scenarios 17 symbols "*" and "?" can be used). Mail messages for the specified domains will be scanned and licensed. This deployment scenario is the most convenient, especially if the installation of Kaspersky SMTP-Gateway is performed concurrently with the deployment of the network and of the company’s mail system. 2.3.2.
Kaspersky® SMTP-Gateway 5.0 symbols "*" and "?" can be used). Mail messages for the specified domains will be scanned and licensed. Deploying Kaspersky SMTP-Gateway may require changes of all settings within the mail clients throughout the company so that all outgoing mail messages will be delivered to the application that will pass the messages to the external network after an anti-virus scan.
CHAPTER 3. INSTALLING KASPERSKY ANTI-VIRUS SMTP-GATEWAY Before installing Kaspersky SMTP-Gateway, it is necessary to: • Make sure that your system meets the minimum system requirements (see section 1.2 on page 7). • Configure your Internet connection (optional; it is necessary for updating the anti-virus database). • Log in to the system as root or as a privileged user. 3.1.
Kaspersky® SMTP-Gateway 5.0 20 After you enter the command, Kaspersky SMTP-Gateway will be installed automatically. You can also use a universal distribution file for all Linux OS. Use this distribution file if your Linux version does not support the rpm or deb formats or if your network administrator does not wish to use (or cannot use) a built-in package manager. The universal Kaspersky SMTP-Gateway distribution file is supplied as an archive (tar.gz).
Installing Kaspersky Anti-Virus SMTP-Gateway 21 To initiate installation of Kaspersky SMTP-Gateway from a pkg package, enter the following in the command line: pkg_add smtpgw-freebsd-4.x-5.0.x.yy.tgz or: pkg_add smtpgw-freebsd-5.x-5.0.x.yy.tgz or: pkg_add smtpgw-openbsd-3.4-5.0.x.yy.tgz After you enter the command, Kaspersky SMTP-Gateway will be installed automatically. 3.3. Installation steps Installation errors can occur for a number of reasons.
Kaspersky® SMTP-Gateway 5.0 22 • Configuring the smtpgw component (see section 3.4 page 22). • Installing and registering the license key. • If you have no license key at the time of installation (for example, if you purchased the application via the Internet and have not received the license key yet), you can activate the application after installation before its first use. For details see section 5.4, page 46.
Installing Kaspersky Anti-Virus SMTP-Gateway 23 allow the use of interactive scripts, such as rpm), some additional actions will have to be performed by the administrator. If you are using the rpm installation package, enter the following command to start configuration after the files are copied to your server: /opt/kav/5.0/smtpgw/setup/postinstall.
Kaspersky® SMTP-Gateway 5.0 24 • Specifying the server to which all processed messages will be forwarded ([smtpgw.forward] section, the ForwardRoute parameter). Type the host name in the format , where: x.х.х.x is the IP address, and z is the port number. • Modifying the application configuration file If all the above steps have been successfully completed, the configuration file will have all settings that are required to start working with the application.
Installing Kaspersky Anti-Virus SMTP-Gateway 25 CHAPTER 4. UNINSTALLING KASPERSKY SMTPGATEWAY To uninstall Kaspersky SMTP-Gateway, you should have root privileges. If you are currently logged under a user account with lesser privileges, log on as a root. The uninstallation process will automatically stop the application! When you are uninstalling Kaspersky SMTP-Gateway, the application will be stopped, and all files and directories created during installation will be deleted.
CHAPTER 5. USING KASPERSKY SMTP-GATEWAY APPLICATION Using Kaspersky SMTP-Gateway, you can build a comprehensive anti-virus protection system for email messages transferred through the mail server of your organization. The anti-virus protection system is based on the performance of tasks that represent major functionality of the application. All tasks implemented by the application may be divided into two major groups: 1. Anti-virus protection of email messages. 2.
Using Kaspersky SMTP-Gateway application 27 ftp://downloads1.kaspersky-labs.com/updates/, etc. The updcfg.xml file included in the installation package lists the URLs of all available Kaspersky Lab’s update servers. To update the anti-virus database or application modules, the keepup2date component first selects an address from the list of update servers and tries to download updates from this server.
Kaspersky® SMTP-Gateway 5.0 28 5.1.1. Automatic anti-virus database updating You can schedule the application to automatically update the anti-virus database using the cron program. Task: Configure the application to automatically update your anti-virus database every day at 07.00 a.m. An update server should be selected from the updcfg.xml file. Only errors encountered in the component operation should be recorded in the system log. Keep a general log of all task executions.
Using Kaspersky SMTP-Gateway application 29 Task: To start updating of the database and save updating results in the /tmp/updatesreport.log file. Solution: To accomplish the task, log in as a root user (or as any other user that have the rights of a privileged user) and enter in the command line: #keepup2date –l /tmp/updatesreport.
Kaspersky® SMTP-Gateway 5.0 30 of Kaspersky Lab’s update servers. This is a complicated task that deserves a detailed explanation. Task: Create a shared local directory from which the local computers will be able to update the anti-virus database. Solution: To accomplish this task, log in as a root user (or as any other user that have the rights of a privileged user) and do the following: 1. Create a local directory. 2.
Using Kaspersky SMTP-Gateway application 31 depending on whether this group contains either the sender’s or the recipient’s address from commands MAIL FROM and RCPT TO. The administrator can specify individual rules for processing each mail messages depending on the recipients/senders group. Therefore it is particularly important that the addresses are associated with the correct groups. The application searches through the list of addresses for a specific address.
Kaspersky® SMTP-Gateway 5.0 32 To create a new group of addresses: 1. Create section [smtpgw.group:group_name] in the configuration file. 2. In the Senders and Recipients fields, specify sender and recipient addresses (masks of addresses) separated with commas. To define masks, use the "*" and "?" symbols. If you do not define the Recipients OR Senders parameters, the default value will be "*@*" It is required to set at least one of parameters Senders or Recipients.
Using Kaspersky SMTP-Gateway application 33 Figure 4. Message processing 5.2.2. General message processing algorithm In this section, we describe how Kaspersky SMTP-Gateway processes email messages. When the server receives an email message AV-module: 1. determines the group this message belongs to. 2.
Kaspersky® SMTP-Gateway 5.0 34 5. Then each of the received objects will be sent to the anti-virus engine that processes the received object and returns it with the status assigned to it. A message may be assigned one of the following statuses in the process of checking: o Clear – Message is clean. o Infected – Message is infected and cannot be disinfected or disinfection has not been attempted. o Disinfected – Infected object has been successfully disinfected.
Using Kaspersky SMTP-Gateway application 35 • Create and send alerts to the sender, administrator, and recipient (see section 5.2.4.3 on page 41). • Quarantine infected messages or place it to the backup storage (see section 5.2.4.5 on page 43). Examples of these actions are presented below. 5.2.3. Main tasks The tasks considered in this section implement the core of the Kaspersky SMTP-Gateway anti-virus functionality.
Kaspersky® SMTP-Gateway 5.0 36 NotifyAdmin=disinfected, infected, suspicious, protected, error, filtered NotifyRecipient=disinfected, infected, suspicious, protected, error, filtered NotifySender=disinfected, infected, suspicious, protected, error, filtered 5.2.3.2.
Using Kaspersky SMTP-Gateway application 37 NotifyAdmin=infected, suspicious, protected, error, filtered NotifySender=infected, suspicious, protected, error, filtered NotifyRecepient=infected, suspicious, protected, error, filtered 5.2.3.3.
Kaspersky® SMTP-Gateway 5.0 38 5.2.3.4. Replace infected attachments with messages created using templates Task: • Scan for viruses all incoming and outgoing email on the server and disinfect all infected messages; • Deliver only disinfected messages; • Replace infected, suspicious, corrupted, or password protected attachments with a standard message and deliver the email message without attachments. Solution: To configure the above tasks, do the following: 1. In the [smtpgw.
Using Kaspersky SMTP-Gateway application 39 tailor the application for the conditions and requirements of a particular organization. 5.2.4.1. Block messages delivery to recipients Sometimes, the administrator needs block delivery of certain messages to the recipients. For example, a message that may contain important information, that needs to be saved, is flagged as suspicious. This important information may be corrupted or lost during disinfection.
Kaspersky® SMTP-Gateway 5.0 40 NotifyRecepient=disinfected, infected, suspicious, protected, error, filtered 5.2.4.2. Deliver infected messages In some situations you may wish to deliver all messages, including infected ones, to certain groups of users.
Using Kaspersky SMTP-Gateway application 41 5.2.4.3.
Kaspersky® SMTP-Gateway 5.0 42 5.2.4.4. Filter messages by attachment types There are types of files, such as exe files, in which infection is highly probable. To avoid problems, we recommend that you configure the application to filter email by name and/or attachment types and save such objects in a separate directory. There are objects that cannot be infected with viruses.
Using Kaspersky SMTP-Gateway application 43 NotifyAdmin=infected, suspicious, protected, error, filtered NotifyRecipient=infected, suspicious, protected, error, filtered NotifySender=infected, suspicious, protected, error, filtered 5.2.4.5. Backing up (quarantine, backup storage) You can configure Kaspersky SMTP-Gateway to move messages with certain statuses to a separate storage, such as quarantine or backup storage.
Kaspersky® SMTP-Gateway 5.
Using Kaspersky SMTP-Gateway application 45 Before you enable this option, make sure that there is enough space in your server’s file system to accommodate the archive. Do not forget to periodically purge this directory to remove old messages and compress necessary files (the purging frequency depends on the mail traffic intensity within your network). 5.3.
Kaspersky® SMTP-Gateway 5.0 46 5.4. Managing license keys The right to use Kaspersky SMTP-Gateway is determined by the license key. The key is included in the product’s distribution kit and entitles you to use the application from the day you have purchased it and installed the key. Kaspersky SMTP-Gateway will not work without a license key! After the license expires, the functionality of the application will still be preserved except for the possibility to update the anti-virus database.
Using Kaspersky SMTP-Gateway application 47 All information about keys may be viewed either on the server’s console, or remotely from any networked computer that has access to the Webmin remote administration module. To view information about installed license keys: Type the following string in the command line: #licensemanager –s In the server console, you will see information similar to the following: Kaspersky license manager. Version 5.0.0.0/RELEASE Copyright (C) Kaspersky Lab. 1998-2003.
Kaspersky® SMTP-Gateway 5.0 48 Product name: Kaspersky Anti-Virus 5 Business Optimal 1 month Creation date: 23-07-2003 Expiration date: 21-11-2003 Serial 02B1-000454-00053E3 Type: Commercial Lifespan: 30 5.4.2. Renewing your license Renewal of the license for Kaspersky SMTP-Gateway will give you the right to re-enable full product functionality. Besides, additional services listed in section 5.4 on page 46 will be resumed.
Using Kaspersky SMTP-Gateway application 49 where 00053E3D.key is the name of the license key file. In the server console, you will see information similar to the following: Kaspersky license manager. Version 5.0.0.0/RELEASE Copyright (C) Kaspersky Lab. 1998-2003. Key file 00053E3D.key is successfully registered We recommend that you update the anti-virus database after the installation.
CHAPTER 6. ADVANCED SETTINGS This chapter discusses in detail the advanced settings of Kaspersky SMTPGateway. In contrast to main settings (see section 5.2 on page 30) that provide the application functionality, advanced settings can be configured optionally at the administrator’s discretion. 6.1. Configuring anti-virus protection of mail traffic All mail traffic anti-virus protection settings are grouped in section [smtpgw.ave] of the application configuration file.
Advanced settings 51 6.1.2. iChecker technology While performing anti-virus scan, the application may use iChecker technology (parameter UseIChecker section [smtpgw.ave]) that eliminates the need to scan identical objects each time they are detected in the flow of email messages and, if possible, perform only one comparison with the existing data.
Kaspersky® SMTP-Gateway 5.0 52 • Define the timeout for refreshing the MX record in the application cache (MXCacheRefreshPeriod option, in seconds). During this period of time the application will not perform DNS-inquiries on the domains information on which is stored by MX-records. • Determine the time for storing information about hosts with unresolved name (parameter UnresolvedCacheRefreshPeriod).
Advanced settings 53 • Timeout for starting the DATA command (ReceivingDataInitiationTimeout option). • Timeout for stopping the DATA transfer by the remote server (ReceivingDataTerminationTimeout option). • Timeout for waiting for commends HELO/EHLO, MAIL FROM, RCPT TO, QUIT of the remote server (SendingDataInitiationTimeout option). 6.1.4.
Kaspersky® SMTP-Gateway 5.0 54 sender (parameters MaximalIncomingSessionsPerlP and MaximalOutgoingSessionsPerHost) If the mail traffic at your server exceeds the specified limits, we recommend that you: • Limit the number of objects simultaneously processed by the anti-virus kernel (AntiviralSessions parameter) and the number of hops for a single message (MaximalIncomingMessageSize option).
Advanced settings Configure the application to wait for connection on port 25, interfaces 192.168.0.1 и 10.0.0.1 In order to do this, modify the value of parameter ListenOn, section [smtpgw.network] as follows: ListenOn=192.168.0.1:25 ListenOn=10.0.0.1:25 6.3. Setting up the routing table The application does not include a local agent used message delivery, therefore all incoming mail messages must be transferred to the local host that is equipped with such agent.
Kaspersky® SMTP-Gateway 5.0 56 will mean the following processing rules: • forward all email messages for domain domain1.com to port 1025 of the local host after the messages have been scanned for viruses • forward all email messages for domain domain2.com to port 25 of host somehost.somedomain.com after the messages have been scanned for viruses • forward all email messages for domain domain3.com to MX-host of domain otherdomain.
Advanced settings For OpenBSD, to run the management script, enter the following string: /usr/local/share/kav/5.0/smtpgw/setup/smtpgw.sh where the parameter can take one of the following values: Parameter Value start Start the application. stop Stop the application. restart Stop and then start the application. reload Reinitialize the application and reload the antivirus database and the configuration file reloadbases Reload the anti-virus database.
Kaspersky® SMTP-Gateway 5.0 58 6.5. Customizing date and time formats Kaspersky SMTP-Gateway generates reports for every component. This information always contains the date and time of creation. By default, Kaspersky SMTP-Gateway displays the date and time according to the strftime standard: %H:%M:%S – Date format %d/%m/%y – Time format The administrator can customize how the time and date are displayed in the [locale] section of the application configuration file.
Advanced settings Level description Letter symbol Fatal errors F only information on fatal errors that result in termination of the application due to a failure to perform a certain action. For example, the component is infected, a scan error occurred, errors activating database updates or license keys. 1 Errors E information about other errors that may or may not lead to application shutdown, for example, file scan errors.
Kaspersky® SMTP-Gateway 5.0 60 • Other messages (component start, loading anti-virus database, return code, etc.
CHAPTER 7. FREQUENTLY ASKED QUESTIONS This chapter contains a detailed discussion of questions most frequently asked by our users regarding the installation, configuration and operation of Kaspersky SMTP-Gateway.
Kaspersky® SMTP-Gateway 5.0 62 first scan. During subsequent scans the file is not scanned for viruses provided that it has remained unchanged since the last scan. Thus, the anti-virus application performance increases dramatically after the first file scanning. Question: Do I need a license key ? Will the application work without it? Kaspersky SMTP-Gateway will not work without a properly installed license key.
Frequently asked questions 63 1. Please indicate in the subject of your message, the operating system of your server, the name of the component you are having problems with, and briefly describe the problem. For example: Linux, Webmin, no access to settings of the licensed users’ list. 2. Please use plain text messages. Avoid sending messages in HTML format as it is hard to read. 3.
Kaspersky® SMTP-Gateway 5.0 64 correspond to the one assigned at the Kaspersky Lab, or the date of the database is later than that of the license expiry, Kaspersky SMTPGateway will not use it. Question: The application cannot be started, the Sender task does not work, etc. What should I do? If, due to incorrect settings, the number of running processes (threads) exceeds the maximum number permitted by the system, the application performance may be affected or your system will freeze.
Frequently asked questions 65 should be modified like: _default /usr/{share,X11R6,X11,contrib,gnu,\ local}/{man,man/old,share/kav/5.0/smtpgw/man}/ o For FreeBSD distributions the following line should be added to /etc/manpath.config file: MANDATORY_MANPATH \ /usr/local/share/kav/5.
CHAPTER 8. TESTING APPLICATION OPERABILITY After you install and configure Kaspersky SMTP-Gateway, it is recommended that you test its operability by using the following two methods: • Telnet program, • EICAR test virus 8.1. Testing the application using Telnet To test the application operation using Telnet it is necessary to: 1. Configure the connection to the server and the application using Telnet.
Testing application operability 67 250-SIZE 10485760 250 DSN where: smtpgw.company.com is the name of the server being tested user is the client host name [127.0.0.1] is the client IP address. In the terminal line, enter: MAIL FROM: You will see the following message: 250 2.1.0 OK Type the following line: RCPT TO: You will see the following: 250 2.1.0 OK Type the command: DATA You will see the following: 354 Start mail input; end with .
Kaspersky® SMTP-Gateway 5.0 8.2. Testing the application using EICAR This test "virus" has been developed by (The European Institute for Computer Anti-Virus Research) specifically for the purpose of verification of the anti-virus software operation. The test "virus" IS NOT A VIRUS and contains no code that may harm your computer. However, most products of anti-virus vendors identify it as a virus.
Testing application operability Table 1. Test "virus" modifications Prefix Object type No prefix, standard test "virus" Infected. An error occurs during disinfection. The object will then be deleted. CORR– Corrupted. SUSP– Suspicious (unknown virus code). WARN– Suspicious (modified code of a known virus). ERRO– Error when scanning the object. CURE– Infected. The object will be disinfected and the text in the infected file will be changed to CURED. DELE– Infected.
APPENDIX A. SUPPLEMENTARY INFORMATION ABOUT THE PRODUCT The default distribution kit of Kaspersky SMTP-Gateway includes the configuration file containing all necessary parameters of the application’s operation. This appendix contains a detail description each section of the parameters provided in the file. If a parameter has a default value, it will be specified. A.1.
Appendix A 71 /var/db/kav/5.0/smtpgw/bases.backup – directory where the KeepUp2Date component saves the anti-virus database that are up-to-date until the next update: /var/db/kav/5.0/smtpgw/licences – directory where the license key files are installed; /var/db/kav/5.0/smtpgw/patches/ – directory where the updates of the application components are saved; /var/db/kav/5.0/smtpgw/quarantine/ – the default quarantine directory; /var/db/kav/5.
Kaspersky® SMTP-Gateway 5.0 /usr/local/etc/rc.d/ – directory containing scripts used for controlling the application. /etc/kav/5.0/smtpgw/ – directory containing the default application configuration file smtpgw.conf; /var/db/kav/5.0/smtpgw/ – directory containing application data: /var/db/kav/5.0/smtpgw/bases/ – directory where the anti-virus database and updcfg.xml – configuration file of the KeepUp2Date component are installed /var/db/kav/5.0/smtpgw/bases.
Appendix A 73 smtpgw – executable file of the main (anti-virus protection) component; keepup2date – executable file of the Kaspersky KeepUp2Date component responsible for updating the anti-virus database; licencemanager – executable file of the component responsible for dealing with licensing issues. /usr/local/share/kav/5.0/smtpgw/setup/ – directory containing scripts and executable files used during the installation, initial configuration and removal of the application. /etc/kav/5.
Kaspersky® SMTP-Gateway 5.0 74 /usr/local/share/kav/5.0/smtpgw/man – directory containing application manual pages. A.2. Kaspersky SMTP-Gateway configuration file The Kaspersky SMTP-Gateway default installation package smtpgw.conf file that contains configuration settings for the application. includes This configuration file is divided into sections that describe parameters/options of the operation of a separate application functional groups.
Appendix A 75 The [smtpgw.access] section includes the following options used to control the access of SMTP clients: DenyUnresolvedConnect=true|false – Defines the rules for connecting to SMTP clients whose hosts are not listed in DNS records. The default value is false. To reject such connections, set the option to true. DenyUnresolvedMailfrom=true|false – Defines the rules for receiving messages from recipients whose hosts are not explicitly listed in DNS records in the MAIL FROM field (SMTP command).
Kaspersky® SMTP-Gateway 5.0 The [smtpgw.forward] section contains the following options for relaying messages through the application: ForwardRoute – Routing table containing message routing options. It explicitly defines the mail server for specified domains to which the application will send messages that should be sent to listed domains. The values include the domain mask (special symbols "*" and "?" can be used).
Appendix A 77 The [smtpgw.network] section includes options applications network settings: ListenOn – this option is presented as a table (list of values) that defines interfaces and ports used by the Receiver module to receive email traffic. The default value is "0.0.0.0:25" (all available interfaces, port 25). Hostname – Host name that identifies the server where the application is installed. Required parameter. Postmaster– Mail address used as the address. Required parameter.
Kaspersky® SMTP-Gateway 5.0 compliant with the standards, after which certain actions as per the configuration file settings will be performed. If the option is set to true, then the messages that do not comply with the standards, will not be delivered. The [smtpgw.path] section contains paths to archives, management files and the working queue of the application: IncomingArchivePath – Path to the directory where the archive with all incoming messages is stored.
Appendix A 79 application will not send DNS requests about the domains whose MX records have been cached. The default value: 1200. UnreachableCacheRefreshPeriod=60…64800 – Period (in seconds) for storing information about unavailable hosts. If an attempt to connect to a remote host fails, this information will be stored in the cache during the period specified as the value for UnreachableCacheRefreshPeriod. During this period, the application will not try to connect to this host.
Kaspersky® SMTP-Gateway 5.0 SendingDataInitiationTimeout=1…2400– Timeout (in seconds) for waiting for the response from a remote server to the DATA command of the SMTP protocol. The default value is: 600. SendingDataTerminationTimeout=1…7200 – Timeout (in seconds) for termination of the data transfer (CRLF.CRLF sequences). The default value is 300. SendingQuitTimeout=1…1200 – Timeout (in seconds) for waiting for the response from a remote server to the QUIT command of the SMTP protocol.
Appendix A 81 NotifyRecipientTemplate – Path to the template file used to generate notifications to be sent to the recipient. Required parameter. NotifySenderTemplate – Path to the template file used to generate notifications to be sent to the sender. Required parameter. PlaceholderTemplate – Path to the file the content of which is used to replace infected attached objects. Required parameter. ActionDisinfected=cure|pass|remove|placeholder – Actions to be applied to disinfected objects.
Kaspersky® SMTP-Gateway 5.0 The [smtpgw.group:group_name] section contains the settings for processing email messages for particular groups of recipients/senders: Check=true|false – Defines the anti-virus scanning mode for all mail messages included into the particular group of recipients/senders. The default value is: true. To disable the mode (i. e., configure the application to bypass the scanning of messages), set the option to false. Required parameter.
Appendix A 83 IncludeByMime – Defines masks for filtering by MIME type. The application will filter the objects if their names match the specified masks and do not match the masks used to define exclusions from scanning. If this option is not defined, the application will use the value <*> – any type. ExcludeByMime – Defines masks for filtering out MIME types. The application will filter the objects whose names do not match these masks and match the masks used to define inclusions into scanning.
Kaspersky® SMTP-Gateway 5.0 BlockMessage=disinfected, infected, suspicious, protected, error, filtered | all | none – List of statuses assigned to objects based on the scan results. Original messages with these statuses are blocked. If this parameter is not defined, the value of the same parameter from section [smtpgw. policy] will be used. NotifyAdmin=disinfected, infected, suspicious, protected, error, filtered | all | none – List of statuses assigned to objects based on the scan results.
Appendix A 85 PostUpdateCmd – Defines the command that will be executed immediately after the anti-virus database updating is successfully completed. The value, set in configuration file, included in application distribution kit, will start automatic reloading of the updated anti-virus database. You are not advised to change the value of this parameter. UseUpdateServerUrl=true|false – Use the URL specified by UpdateServerUrl to update the database. The default value is: false.
Kaspersky® SMTP-Gateway 5.0 86 ReportLevel=1…9 –component performance report detail level. The default value is: 4. Append=true|false – Append a new component performance report to the end of the existing report file. If this option is set to false, the previous report will be overwritten with the new report when the file is open. The default value is: true. A.3.
Appendix A .c_db_reload Application restart with anti-virus database reloading. To initiate an action, create a file with the corresponding name in the directory specified as the value for the ControlPath parameter in the [smtpgw.path] section. The application will periodically check this directory for known management files, execute the corresponding command from this file, and then deletes the file. A.5.
Kaspersky® SMTP-Gateway 5.0 mta_sent_recipients Number of recipients of outgoing messages successfully sent by the server since its initialization. mta_stored_messages_current Number of queued messages (at the moment the report was generated). mta_incoming_connections_total Number of incoming connections to the server since its initialization. mta_incoming_connections_curre nt Number of simultaneous incoming connections to the server at the moment the report was generated.
Appendix A mta_outgoing_connections_curre nt Number of simultaneous outgoing connections at the moment the report was generated. mta_outgoing_connections_maxi mum Maximum number of outgoing connections from the server since the server initialization. mta_outgoing_connection_errors Number of outgoing connection errors since the server initialization. mta_outgoing_connections_failed _total Total number of rejected outgoing connections from the server since its initialization.
Kaspersky® SMTP-Gateway 5.0 mta_receivings_refused_for_hops _limit Number of incoming messages rejected by the server since its initialization because of the limit on the number of hops. mta_receivings_refused_for_mes sages_per_session_limit Number of incoming messages rejected by the server since its initialization because of the limited number of messages per session. mta_sendings_failed_total Total number of outgoing rejected messages since its initialization.
Appendix A antiviral_checked_objects_disinfe cted_objects Number of disinfected objects since the server initialization. antiviral_checked_objects_suspic ious_objects Number of suspicious objects detected since the server initialization. antiviral_checked_objects_protect ed_objects Number of protected objects not subject to scan since the server initialization. antiviral_checked_objects_filtered _objects Number of filtered objects since the server initialization.
Kaspersky® SMTP-Gateway 5.0 92 task_antivirus_running Status of the AV module – 0 stopped, 1 running. A.6. Command line options for the smtpgw component The configuration file parameters can be redefined using command line options, when you are launching the application from the command line. The Table below contains a detailed discussion of the command line options.
Appendix A –n Do not use the pid file. or --no–pid–file –u Define the user as the owner of the process. or --user= –o Do not change the user-owner of the process. or --no-change-owner A.7. Smtpgw return codes The smtpgw component may return any of the following return codes: 0 The component started successfully. 1 Error in command line options. 30 A critical system error occurred during the application operation. 41 The PID file already exists.
Kaspersky® SMTP-Gateway 5.0 94 49 Error initializing the debug information display (trace) module. 50 Error loading anti-virus database. 51 The anti-virus database date stamp is not within the license key validity period. 55 Error matching the network name with the socket (bind). 64 License data is missing or no license key was found using the path specified in the configuration file. 65 The configuration file cannot be loaded.
Appendix A –a Install the key file. –d Delete the main current/additional key file. A.9. Kaspersky licensemanager return codes Kaspersky licensemanager may return any of the following return codes: 0 The component operation was successfully completed. 30 Critical system error. 64 Licensing error. 65 Error reading the configuration file. 70 The component executable file is corrupted. A.10.
Kaspersky® SMTP-Gateway 5.0 96 Options for managing license keys: –c Use the alternative configuration file . License key works only if one Kaspersky Lab application is installed on the server, or if the updated application is defined by –p key (otherwise, system message about several installed applications will be displayed). –u Copy the update to the local directory .
Appendix A A.12. Anti-virus scan information format The application provide for a possibility to view separate statistical data of the anti-virus component of the application. In order to create a file that will contain these statistical data about the AVmodule, specify the value for option AVStatistics=file name|TCP-socket in section [smtpgw.options] of the configuration file, where the information on each processed object will be stored.
Kaspersky® SMTP-Gateway 5.0 98 All information in the statistics file is logged after the anti-virus scan of email message is performed. If, for some reason, the output of the report about the processed object is not possible (for example, the statistics server is not available), the information about the object will not be logged. A.13. Messages about actions applied to the message Messages added to the log file, may be different depending on the action performed.
Appendix A group – the name of the group of the recipients (or group policy) to which this message belongs. nrcpt – the number of recipients of this e-mail message (out of recipients that belong to this group). status – status assigned to the message based on the anti-virus scan results. srcid – original message ID. names – names of viruses, if detected, divided by ", ".
Kaspersky® SMTP-Gateway 5.0 100 When the e-mail message is delivered, the following line will be added to the log file: envelope-id: DELIVERED, rcpt=<...>, server=..., size=..., status=sent|failed where: envelope-id – message identifier in the application’s working queue. rcpt – address of the message recipient. server – ip-address and name of the server where the message is delivered. size – message size. status – delivery status, poossible values are: sent – message was successfully devivered.
APPENDIX B. KASPERSKY LAB Founded in 1997, Kaspersky Lab has become a recognized leader in information security technologies. It produces a wide range of data security software and delivers high-performance, comprehensive solutions to protect computers and networks against all types of malicious programs, unsolicited and unwanted email messages, and hacker attacks. Kaspersky Lab is an international company.
Kaspersky® SMTP-Gateway 5.0 102 B.1. Other Kaspersky Lab Products Kaspersky Anti-Virus® Personal Kaspersky Anti-Virus Personal protects home computers running Windows 98/ME/2000/NT/XP from all types of known viruses, including Riskware. The application constantly checks all possible sources of virus penetration, such as email, Internet, floppy disks, CDs, etc. Unknown viruses are efficiently detected and processed by a unique heuristic data analysis system.
Appendix B detects even unknown viruses. Kaspersky Anti-Virus Personal includes many interface enhancements, making it easier than ever to use the application.
Kaspersky® SMTP-Gateway 5.0 104 files, and from databases. This software package includes an optimal combination of the following anti-virus tools: • anti-virus scanner to scan the data stored on both the PDA and extension card on demand; • anti-virus monitor to intercept viruses in files that are either copied from other handhelds or are transferred using HotSync™ technology.
Appendix B system that is fully compatible with the specific needs of your network configuration. Kaspersky Corporate Suite provides comprehensive anti-virus protection for: • Workstations running Windows 98/ME, Windows NT/2000/XP, and Linux; • File and application servers running Windows NT 4.0 Server, Windows 2000, 2003 Server/Advanced Server, Novell Netware, FreeBSD, OpenBSD and Linux; • E-mail systems, including Microsoft Exchange Server 5.
Kaspersky® SMTP-Gateway 5.0 106 Kaspersky Anti-Spam Personal software package is a powerful tool that ensures detection of spam in the flow of e-mail messages incoming via POP3 and IMAP4 protocol (only for Microsoft Outlook). The filtering process involves the analysis of all attributes of the message (sender's and recipient's addresses and headers), content filtration (analysis of the content of the letter, including the Subject and attached files), as well as unique linguistic and heuristic algorithms.
APPENDIX C. LICENSE AGREEMENT Standard End User Licence Agreement NOTICE TO ALL USERS: CAREFULLY READ THE FOLLOWING LEGAL AGREEMENT ("AGREEMENT") FOR THE LICENCE OF SPECIFIED SOFTWARE ("SOFTWARE") PRODUCED BY KASPERSKY LABS. ("KASPERSKY LABS"). IF YOU HAVE PURCHASED THIS SOFTWARE VIA THE INTERNET BY CLICKING THE ACCEPT BUTTON, YOU (EITHER AN INDIVIDUAL OR A SINGLE LEGAL ENTITY) CONSENT TO BE BOUND BY AND BECOME PARTY TO THIS AGREEMENT.
Kaspersky® SMTP-Gateway 5.0 usage terms specified on the applicable price list or product packaging that apply to any such Software products individually. 1.1 Use. The Software is licensed as a single product; it may not be used on more than one Client Device or by more than one user at a time, except as set forth in this Section. 1.1.1 The Software is "in use" on a Client Device when it is loaded into the temporary memory (i.e., random-access memory or RAM) or installed into the permanent memory (e.
Appendix C 109 "multiplexing" or "pooling" software or hardware) does not reduce the number of licences required (i.e., the required number of licences would equal the number of distinct inputs to the multiplexing or pooling software or hardware "front end").
Kaspersky® SMTP-Gateway 5.0 and you explicitly consent to the transfer of data to other countries outside your own as set out in the Privacy Policy. (iv) "Support Services" means (a) Daily updates of the anti-virus database; (b) Free software updates, including version upgrades; (c) Extended technical support via e-mail and phone hotline provided by Vendor and/or Reseller; (d) Virus detection and disinfection updates 24 hours per day. 4. Ownership Rights. The Software is protected by copyright laws.
Appendix C 111 warranty period.
Kaspersky® SMTP-Gateway 5.0 (iii) Subject to paragraph (i), the liability of Kaspersky Lab (whether in contract, tort, restitution or otherwise) arising out of or in connection with the supply of the Software shall in no circumstances exceed a sum equal to the amount equally paid by you for the Software. 8. The construction and interpretation of this Agreement shall be governed in accordance with the laws of England and Wales.
