User Guide

16 Kaspersky

SMTP-Gateway 5.5 for Linux/Unix

2.3.1. Installing the application along

corporate network perimeter

The main advantage of this option is that it improves the overall performance of

your mail system because it minimizes the number of transfer cycles for email

messages.

In this case the existing corporate mail server has no connection to the Internet;

that means additional protection of your data. Moreover, demilitarized zones

(DMZ) may be set up.

To install the application and the mail system on the same server, the following

algorithm is provided to ensure their joint operation:

1. Configure all interfaces of Kaspersky SMTP-Gateway to listen on

port 25 for incoming email traffic from all IP addresses matching the

relevant MX records for the protected domain.

2. The application will scan email traffic and then transfer the

processed messages to the corporate mail system via a different

port (e.g., 1025).

You have to set up restrictions for the mail transfer agent

(MTA) receiving mail from Kaspersky SMTP-Gateway via port

1025 so that it accepts messages exclusively from Kaspersky

SMTP-Gateway. Otherwise, there will be an opportunity to

bypass the protection with a connection established directly

from external network through port 1025.

3. The mail system, configured to use a local interface, will deliver

messages to users.

The following steps are to be followed in order to install the application

and the mail system on the same server:

• Configure the application for mail receipt via port 25 on all network

interfaces of the server. In order to do this, specify the following value in

the [smtpgw.network] section of the configuration file:

ListenOn=0.0.0.0:25

The application, being a mail relay, does not include a local mail

delivery agent (MDA). Therefore, no matter which of the deployment

scenarios is used, a mail system (or mail systems) that delivers email

messages to the local users within the protected domains is required!