KASPERSKY LAB. Kaspersky SMTP-Gateway 5.5 for Linux/Unix ADMINISTRATOR S GUIDE

Transcription

1 KASPERSKY LAB Kaspersky SMTP-Gateway 5.5 for Linux/Unix ADMINISTRATOR S GUIDE

2 KASPERSKY SMTP-GATEWAY 5.5 FOR LINUX/UNIX Administrator s Guide Kaspersky Lab Revision date: July 2005

3 Contents CHAPTER 1. KASPERSKY SMTP-GATEWAY 5.5 FOR LINUX/UNIX What s new in version Licensing policy Hardware and software requirements Distribution kit Help desk for registered users Conventions CHAPTER 2. APPLICATION STRUCTURE AND TYPICAL DEPLOYMENT SCENARIOS Application architecture The algorithm of application functioning Typical deployment scenarios Installing the application along corporate network perimeter Installing the application inside your mail system CHAPTER 3. INSTALLING THE APPLICATION Installing the application on a server running Linux Installing the application on a server running FreeBSD Installation procedure Step 1. Preparing the system Step 2. Copying application files to destination directories on your server Step 3. Post-installation tasks Configuring the application Installing the Webmin module to manage Kaspersky SMTP-Gateway CHAPTER 4. USING THE APPLICATION Updating the anti-virus databases Automatic updating of the anti-virus databases Manual updating of the anti-virus databases Creating a shared directory for storing and sharing database updates Anti-virus protection of traffic... 31

4 4 Kaspersky SMTP-Gateway 5.5 for Linux/Unix Creating groups of recipients/senders General message processing algorithm Main tasks Deliver messages without changes Delivery of clean or disinfected messages only Removing infected attachments Replacement of infected attachments with standard notifications Additional tasks Block delivery of messages to recipients Deliver infected messages Delivery of notifications to the sender, administrator and recipients Additional filtering of objects by name and type Backing up (quarantine, backup storage) Automatically add incoming and outgoing mail to archives Protection from hacker attacks and spam Managing license keys Viewing information about license keys Renewing your license Removing a license key CHAPTER 5. ADVANCED APPLICATION SETTINGS Configuring anti-virus protection of mail traffic Scanning and disinfecting messages Using the ichecker technology Setting up application timeouts Setting performance restrictions Setting up connection receiving interfaces Setting up the routing table Checking the configuration file syntax Syntax check in notification templates Work with backup storage and the quarantine directory Management of application working queue Managing the application Control of application activity Customizing date and time formats Reporting options Additional informational header fields in messages... 66

5 Contents 5 CHAPTER 6. TESTING APPLICATION OPERABILITY Testing the application using Telnet Testing the application using EICAR CHAPTER 7. UNINSTALLING THE APPLICATION CHAPTER 8. FREQUENTLY ASKED QUESTIONS APPENDIX A. SUPPLEMENTARY INFORMATION ABOUT THE PRODUCT 78 A.1. Distribution of the application files in directories A.2. Kaspersky SMTP-Gateway configuration file A.3. Use of external configuration files A.4. Control signals for the smtpgw component A.5. Control files A.6. Application statistics A.7. Command line options for the smtpgw component A.8. Smtpgw return codes A.9. Command line options for licensemanager A.10. Licensemanager return codes A.11. Keepup2date command line options A.12. Keepup2date return codes A.13. Format of messages about template syntax check-up A.14. Return codes for the kltlv utility A.15. Command line options of the klmailq utility A.16. Command line options for the klmaila utility A.17. Return codes for the klmaila and klmailq utilities A.18. Format of messages about anti-virus scanning A.19. Notifications about actions applied to the message APPENDIX B. KASPERSKY LAB B.1. Other Kaspersky Lab Products B.2. Contact Us APPENDIX C. LICENSE AGREEMENT

6 CHAPTER 1. KASPERSKY SMTP-GATEWAY 5.5 FOR LINUX/UNIX Kaspersky SMTP-Gateway for Linux/Unix (hereinafter referred to as Kaspersky SMTP-Gateway or the application) is designed for anti-virus processing of SMTP mail traffic. The application is a full-featured mail relay (compliant with IETF RFC internet standards) that runs under Linux, FreeBSD and OpenBSD operating systems. The application allows the user to: Scan messages for viruses. Detect infected, suspicious, corrupted, and password-protected attachments and message bodies. Perform anti-virus processing (including disinfection) of infected objects revealed in messages by scanning. Provide additional traffic filtering by names, MIME types of attachments, and apply certain processing rules to the filtered objects. Maintain archives of all messages sent and/or received by the application, if this is required by the internal security policy of the company. Use the technology of DNS black lists (RBL) to filter spam. Compose "white" and "black" lists of senders/recipients for use by the application while processing traffic. Enable restrictions for SMTP connections providing protection against hacking attacks and preventing application use as an open mail relay for unsolicited messages. Limit the load on your server by configuring the application settings and SMTP parameters. Notify senders, recipients, and the administrator about messages containing infected, suspicious, or corrupted objects. Quarantine messages identified as spam or probable spam as well as messages containing infected, suspicious, corrupted or passwordprotected objects.

7 Kaspersky SMTP-Gateway 5.5 for Linux/Unix 7 Update the anti-virus databases. The application retrieves updates from the update servers of Kaspersky Lab. The application detects and cures infected objects using the anti-virus databases. During scans, the contents of each file are compared to the sample code of known viruses contained in the database. Please keep in mind that new viruses appear every day and therefore we recommend maintaining the anti-virus databases in an up-to-date state. New updates are made available on Kaspersky Lab update servers every hour. Configure and manage Kaspersky SMTP-Gateway either from a remote location using Webmin web-based interface, or locally, using standard OS tools such as command line options, signals, by creating special command files or by modifying the configuration file of the application. Monitor the anti-virus protection and view the statistics and application logs What s new in version 5.5 Version 5.5 of Kaspersky SMTP-Gateway has been enhanced with the following additional features as compared with version 5.0: Access and routing rules are defined based not only on domain masks, but on recipients address masks also. External files can be included into main configuration file. By administrator s request the application can append to messages (as an extension header field) information about their scan status, antivirus software version, and the date of the anti-virus databases used for scanning. By administrator s request, the application can append to messages a disclaimer text generated according to a template defined by the administrator. Different disclaimer messages may be specified for various groups of recipients. Application working queue management (queue reviewing, message removal from queue, scanning and sending a specified message ahead of the general queue). Management of messages moved to quarantine, backup storage and to archives of received and sent messages (attribute reviewing, message removal, sending the isolated messages to their original recipients). An opportunity to restrict the application working queue size.

8 8 Kaspersky SMTP-Gateway 5.5 for Linux/Unix Support of the DNS Black List technology, an internal client for the DNS service. Monitoring of application status (watсhdog process). Checking the syntax of the application configuration file and notification templates Licensing policy The licensing policy for Kaspersky SMTP-Gateway includes a system of product use limitations based on the following criteria: Number of users protected by the application traffic processed daily (MB/day). Each type of licensing is also limited by a certain period (typically one year or two years after the date of purchase). You can purchase a license limited by one of the above criteria (for example, by the daily mail traffic volume). The application has slightly different configuration parameters, depending on the type of license you have purchased. Thus, if the license is issued for a certain number of users, you will have to create a list of addresses (domains) that will be protected by the application against viruses. The application will notify the administrator when the traffic volume reaches critical values or the number of protected accounts is exceeded and hence the license is about to expire Hardware and software requirements Minimum system requirements for normal operation of Kaspersky SMTP- Gateway are as follows: Intel Pentium processor (Pentium III or Pentium 4 recommended). At least 128 МB of available RAM. At least 100 MB of available space on your hard drive to install the application.

9 Kaspersky SMTP-Gateway 5.5 for Linux/Unix 9 Please note that the application working queue, quarantine directory, and archives of incoming and outgoing are not included in the hard disk space required. If your network security policy requires the use of the above features, additional disk space will be needed. at least 500 MB of available space in the /tmp file system. One of the following operating systems: Red Hat Enterprise Linux Advanced Server 3 Red Hat Linux 9.0 Fedora Core 3 SuSe Linux Enterprise Server 9.0 SuSe Linux Professional 9.2 Debian GNU/Linux 3.0r3 Mandrake Linux 10.1 FreeBSD 4.10 or 5.3 OpenBSD 3.6. Perl interpreter, version 5.0 or higher ( and the which utility to install the application. Webmin version or higher ( to install the remote administration module Distribution kit You can purchase the product either from our dealers (retail box) or at one of our online stores (for example, follow the E-store link). The retail box contains: sealed envelope containing the installation CD with the product a copy of this Administrator s Guide license key file bundled with the distribution package or recorded to a special floppy disk License Agreement.

10 10 Kaspersky SMTP-Gateway 5.5 for Linux/Unix Before you unseal the envelope containing the CD, make sure you have carefully read the License Agreement. If you purchase our application online, you will download it from Kaspersky Lab's website; the copy also contains this manual. Your license key is either included in the installation package or will be sent to you by after payment. The License Agreement constitutes a legal agreement between you and Kaspersky Lab containing the terms and conditions under which you may use the purchased software. Please review the License Agreement carefully! If you do not agree to the terms of the License Agreement, you may return the box containing the software product to your dealer where you have purchased it for a full refund provided that the envelope with the installation CD has not been unsealed. By opening the sealed envelope containing the installation CD, or by installing the application, you confirm that you have accepted all the terms and conditions of the License Agreement Help desk for registered users Kaspersky Lab offers an extensive service package enabling registered customers to boost the productivity of Kaspersky SMTP-Gateway. If you purchase a license you will be provided with the following services for the licensed period: new versions of this software product provided free of charge phone or support on matters related to the installation, configuration, and operation of the product you have purchased notifications about new software products from Kaspersky Lab, and about new virus outbreaks. This service is provided to users who have subscribed to the Kaspersky Lab newsletter service. Kaspersky Lab does not give advice on the performance and use of your operating system or other technologies.

11 Kaspersky SMTP-Gateway 5.5 for Linux/Unix Conventions Various formatting conventions are used throughout the text of this document depending on the purpose of a particular element. The table below lists the formatting conventions used. Style Meaning Bold type Menu titles, menu items, window titles, parts of dialog boxes, etc. Note. Additional information, notes. Attention! In order to perform the action, 1. Step Task, example Solution [key] key purpose. Text of information messages and the command line Information requiring special attention. Procedure description for user's steps and possible actions. Statement of a problem, example for using the software features. Solution to a defined problem. Command line keys. Text of configuration files, information messages and the command line.

12 CHAPTER 2. APPLICATION STRUCTURE AND TYPICAL DEPLOYMENT SCENARIOS Correct application setup and its efficient operation require knowledge of its structure and internal algorithms. It is also important for application deployment within an existing corporate system. This chapter contains a detailed discussion of the application s structure, architecture and operating principles as well as typical scenarios of its deployment Application architecture The review of the application functionality must be preceded by a description of its internal architecture. Kaspersky SMTP-Gateway is a full-featured Mail Transfer Agent (MTA) able to receive and route traffic scanning messages for viruses. Kaspersky SMTP-Gateway uses SMTP protocol commands (RFC 2821), Internet message format (RFC 2822), MIME format (RFC , 2231, 2646), and satisfies the requirements to mail relays (RFC 1123). In compliance with antispam recommendations (RFC 2505 standard), the application employs access control rules for SMTP clients to prevent the use of this application as an open relay. In addition, Kaspersky SMTP-Gateway supports the following SMTP protocol extensions: Pipelining enhances performance of servers supporting this mode of operation (RFC 2920). 8-bit MIME Transport processes national language characters code tables (RFC 1652). Enhanced Error Codes provides more informative explanations of protocol errors (RFC 2034). DSN (Delivery Status Notifications) decreases bandwidth usage and provides more reliable diagnostics (RFC 1891, ). SMTP Message Size decreases the load and increases transfer rate (RFC 1870).

13 Application structure and typical deployment scenarios 13 RFC documents mentioned above are available at: The application includes the following components: smtpgw the main component a full-featured mail relay with built-in anti-virus protection. licensemanager component for managing license keys (installation, removal, viewing statistics). keepup2date component that updates the anti-virus databases by downloading the updates from the Kaspersky Lab s update servers or a local directory. Webmin module for remote administration of the application using a web-based interface (optional installation). This component allows the user to configure and manage the anti-virus database updates, specify actions to be performed on the objects depending on their status and monitor the results of the application s operation. The smtpgw component (see Fig.1), in its turn, consists of the following modules: Receiver (incoming mail receiver), Sender (module for sending scanned messages), and AV module (module implementing the anti-virus scanning and processing. Figure 1. General architecture of Kaspersky SMTP-Gateway 2.2. The algorithm of application functioning The application works as follows (see Fig. 2): 1. The mail agent receives messages via the SMTP protocol and passes them to the Receiver module.

14 14 Kaspersky SMTP-Gateway 5.5 for Linux/Unix Figure 2. The structure of Kaspersky SMTP-Gateway 2. The Receiver module performs preliminary processing using the following criteria: presence of the sender s IP address in the list of blocked and/or trusted addresses including masks compliance with the access restrictions specified for SMTP connections (see section 4.3 on p. 46) compliance of the message size (as well as the mail session in general and the total number of messages within the session) with the limits specified in the application settings compliance of the number of open sessions (both from all IP addresses and a single IP address) with the limits specified in the application settings. If the message satisfies the preliminary processing requirements, it is sent to the working queue to be processed by the AV module. 3. The application disassembles each message received from the working queue into individual components and passes them to the AV module for analysis. 4. The AV module scans the objects and, if this option is enabled, disinfects them, when necessary. 5. The application handles messages according to the status assigned to each object during after the anti-virus scan (blocks message delivery, deletes infected objects, replaces the original infected objects with disinfected ones, adds messages to the quarantine directory, etc.). 6. If saving a backup copy in the backup storage or in the quarantine is specified as the action to be performed on a message, the copy of the scanned message will be saved in the backup storage or in the quarantine concurrently with sending it to the ready-to-send queue (depending on the message status).

15 Application structure and typical deployment scenarios 15 Message addition to backup or quarantine directory does not block its delivery to the recipient. If you want to prevent its delivery to end recipients, you have to specify an additional action blocking it. 7. The Sender module receives each message from the ready-to-send queue and transfers it via the SMTP protocol to the onward mail agent to be delivered to local end users or rerouted to other mail servers. 8. If your network security policy requires logging of all outgoing traffic, a copy of each message will be automatically saved to the archive of sent messages (see Fig. 3). Figure 3. Saving messages to the archives of incoming/outgoing mail Typical deployment scenarios Depending upon the network architecture, the following options for installation of Kaspersky SMTP-Gateway are possible: Install the application at the network perimeter on the same computer with your mail system (recommended for Sendmail, Postfix and Exim mail systems). Install the application at the network perimeter on a dedicated server to operate as an anti-virus filter (recommended for Sendmail, Postfix and Exim mail systems). Install the application inside your existing mail system on the same computer. Install the application inside your mail system on a dedicated server to operate as an anti-virus filter. The sections below discuss in detail the above scenarios and describe their advantages.

16 16 Kaspersky SMTP-Gateway 5.5 for Linux/Unix The application, being a mail relay, does not include a local mail delivery agent (MDA). Therefore, no matter which of the deployment scenarios is used, a mail system (or mail systems) that delivers messages to the local users within the protected domains is required! Installing the application along corporate network perimeter The main advantage of this option is that it improves the overall performance of your mail system because it minimizes the number of transfer cycles for messages. In this case the existing corporate mail server has no connection to the Internet; that means additional protection of your data. Moreover, demilitarized zones (DMZ) may be set up. To install the application and the mail system on the same server, the following algorithm is provided to ensure their joint operation: 1. Configure all interfaces of Kaspersky SMTP-Gateway to listen on port 25 for incoming traffic from all IP addresses matching the relevant MX records for the protected domain. 2. The application will scan traffic and then transfer the processed messages to the corporate mail system via a different port (e.g., 1025). You have to set up restrictions for the mail transfer agent (MTA) receiving mail from Kaspersky SMTP-Gateway via port 1025 so that it accepts messages exclusively from Kaspersky SMTP-Gateway. Otherwise, there will be an opportunity to bypass the protection with a connection established directly from external network through port The mail system, configured to use a local interface, will deliver messages to users. The following steps are to be followed in order to install the application and the mail system on the same server: Configure the application for mail receipt via port 25 on all network interfaces of the server. In order to do this, specify the following value in the [smtpgw.network] section of the configuration file: ListenOn= :25

17 Application structure and typical deployment scenarios 17 Specify in the routing table transfer of all scanned messages to the mail system via port In order to do this, specify the following value in the [smtpgw.forward] section of the application configuration file: [host:1025] where: is the mask for recipient addresses host name of the your corporate mail server. Change the settings of the existing mail system for receiving messages from the application via port This will ensure receipt of all incoming mail messages and delivery of these messages to the local users within the protected domains of the company. Set up the existing mail system to transfer all messages it receives to the application via port 25. This will ensure anti-virus scanning of all outgoing mail messages from the local users. Specify the list of all corporate local domains as a value for the ProtectedDomains option in the [smtpgw.network] section of the application configuration file ("*" and "?" wildcards can be used). Mail messages for the specified domains will be scanned. Application configuration for this deployment scenario will be implemented by default during the installation process. The operation algorithm of the application, when the latter is installed on a dedicated server, is identical to its operation on the same server with an system, but the settings for this scenario will differ. IP address of the server, where the application is installed must be included in MX records corresponding to the protected domain. In order to install the application on a dedicated server: Configure the application for mail receipt via port 25 on all network interfaces of the server. In order to do this, specify the following value in the [smtpgw.network] section of the application configuration file: ListenOn= :25 Specify in the routing table transfer of all scanned messages to the mail system via port 25. In order to do this, specify the following value in the [smtpgw.forward] section of the application configuration file: ForwardRoute=*@company.com [host:25] where: *@company.com is the mask for recipient addresses host name of the your corporate mail server.

18 18 Kaspersky SMTP-Gateway 5.5 for Linux/Unix Specify the list of all corporate local domains as a value for the ProtectedDomains option in the [smtpgw.network] section of the application configuration file ("*" and "?" wildcards can be used). Mail messages for the specified domains will be scanned. This deployment scenario is the most convenient one, especially if the installation of Kaspersky SMTP-Gateway is performed at the same time with the deployment of the network and of the company s mail system Installing the application inside your mail system If the application is installed inside your mail system, there is no access from outside to the information about the application running on the server and its configuration. Besides, if the application is installed inside the mail system on a dedicated server, this provides for the possibility to distribute the load among several servers performing anti-virus scanning. The following algorithm is provided for joint operation of the application and the mail system installed on the same server: 1. Duplicate your mail system and configure one of the copies to listen on port 25 and receive messages via all available interfaces. 2. This mail system forwards all incoming messages through the local interface via a different port (port 1025, for instance) to the application for anti-virus scanning. 3. The application scans the messages for viruses and forwards scanned and processed messages to the second mail system copy, which receives mail on a different port (e.g., port 1026). 4. The second mail system delivers to the local users. This deployment scenario is recommended if you are sure of the reliability of your mail system. The installation of the application will not affect the stability of your mail system. Application setup on a dedicated server is similar to the above procedure. Besides, when installing the application on a dedicated server, you can create and run several copies of the application on different servers. This can help you distribute the anti-virus processing load among several servers. To implement this scenario of application deployment, specify the list of all corporate local domains as a value for the ProtectedDomains option in the [smtpgw.network] section of the application configuration file ("*" and "?" wildcards can be used). Mail messages for the specified domains will be scanned.

19 Application structure and typical deployment scenarios 19 Deploying Kaspersky SMTP-Gateway may require changes of the settings for the mail clients throughout the company so that all outgoing mail messages are delivered to the application, which will transfer the messages to the external network after an anti-virus scan. If the network includes installed firewalls or demilitarized zones (DMZ s), it is necessary to provide mail clients and internal and external networks servers with access to the installed application to ensure joint operation and routing of the mail traffic.

20 CHAPTER 3. INSTALLING THE APPLICATION Before installing Kaspersky SMTP-Gateway, it is necessary to: Make sure that your system meets the hardware and software requirements (see section 1.3 on p. 8). Configure your Internet connection. The application distribution package does not contain the anti-virus databases. They have to be retrieved from the update servers of Kaspersky Lab before you start using the application. Log on to the system as root or as a privileged user Installing the application on a server running Linux For servers running the Linux operating system, Kaspersky SMTP-Gateway is distributed in three different installation packages, depending on the type of your Linux distribution. You can use an rpm package to install the application under Red Hat Linux and SuSE Linux. To initiate installation of Kaspersky SMTP-Gateway from the rpm package, enter the following in the command line: # rpm i smtpgw-linux-<version_number>.i386.rpm If you are installing the application from the rpm package, after the files have been copied to your server, run the postinstall.pl script to perform post-installation configuration. By default, the postinstall.pl script is located in the /opt/kav/5.5/smtpgw/setup/ directory. In Debian Linux, the installation is performed from a deb package. To initiate installation of Kaspersky SMTP-Gateway from the deb package, enter the following command in the command line: # dpkg i smtpgw-linux-<version_number>.deb After you enter the command, the application will be installed automatically.

21 Installing the application 21 You can also use a universal distribution file for all Linux OS. Use this distribution file if your Linux version does not support the rpm or deb formats or if your administrator does not wish to use (or cannot use) a built-in package manager. The universal Kaspersky SMTP-Gateway distribution file is supplied as an archive (tar.gz). To initiate installation of Kaspersky SMTP-Gateway from the universal distribution file, do the following: 1. Copy the archive of the distribution file to a directory within the file system of your server. 2. Extract the archive using the following command: # tar zxvf smtpgw-linux-<version_number>.tar.gz The archive contains the installer and the file tree of the application files that will be extracted by the above command. 3. Run the following installation script: # cd <package_directory> #./install.sh After you enter the command, the application will be installed automatically. The procedure of application setup under Mandrake Linux distributions has some peculiarities. You might have to perform some additional actions to ensure correct functioning of the application in such systems (please see Chapter 8 on p. 72 for details) Installing the application on a server running FreeBSD The distribution file for installation of Kaspersky SMTP-Gateway on servers running FreeBSD OS is supplied as a pkg package. To initiate installation of Kaspersky SMTP-Gateway from a pkg package, enter the following in the command line, depending upon the version of your FreeBSD distribution: # pkg_add smtpgw-freebsd-4.x-<version_number>.tgz or: or: # pkg_add smtpgw-freebsd-5.x-<version_number>.tgz # pkg_add smtpgw-openbsd-3.4--<version_number>.tgz

22 22 Kaspersky SMTP-Gateway 5.5 for Linux/Unix After you enter the command, the application will be installed automatically Installation procedure Installation errors can occur for a number of reasons. If an error message is displayed, make sure that your computer satisfies the hardware and software requirements (see section 1.3 on p. 8 and that you have logged into the system as a root. To install the application on the server, follow the steps below: Step 1. Preparing the system At this stage, the system creates the system group and user account for the application. The default group is kavusers and the default user account is kavuser. In future, the application will start under this user account (not root) to provide additional security for your system. Step 2. Copying application files to destination directories on your server The installer starts copying the application files to the destination directories on your server. For a detailed description of the directories where the application files will be copied, see section A.1 on p. 78. If you installed the application from an rpm package, then you should run the postinstall.pl script (present by default in the /opt/kav/5.5/smtpgw/setup/ directory) to perform the following steps. Step 3. Post-installation tasks The post-installation configuration includes the following steps: Configuring the smtpgw component (see section 3.4 on p. 23). Installing and registering the license key. If you have no license key at the time of installation (for example, if you purchased the application via the Internet and have not received the license key yet), you can activate the application after installation before its first use. For details see section 4.4 on p. 47. Please note that if the license key is not installed, the anti-virus databases cannot be updated and the smtpgw component cannot be started during the installation process. You will have to do it manually, after the key is installed.

23 Installing the application 23 Configuring the keepup2date component. Installation (updating) of the anti-virus databases. You must install the anti-virus databases before using the application. The procedure of detecting and disinfecting viruses relies on the use of the anti-virus database records that contain description of viruses known at the moment and the methods of disinfecting these viruses. Anti-virus scanning and processing of messages cannot be performed without the anti-virus database. Installing the Webmin module. The Webmin module for remote management of the application can be installed correctly only if the Webmin application is located in the default directory. After the module is installed, you will receive detailed instructions on how to configure it to work with the application. Launching the smtpgw component. If, after installation, Kaspersky SMTP-Gateway has not started working as required, check the configuration settings. Pay special attention to the port number you specified for receiving mail traffic. You may also view the application log file. After you properly complete these steps, a corresponding message on the server console will appear as soon as the installation procedure is over Configuring the application Immediately after the files have been copied to your server, system configuration process will start. Depending on the package manager you use, the configuration process will either be started automatically or (if the package manager does not allow the use of interactive scripts, such as rpm), some additional actions will have to be performed by the administrator. All settings are stored in the smtpgw.conf file installed by default in the /etc/kav/5.5/smtpgw/ directory. If you are using the rpm installation package, enter the following command to start configuration after the files are copied to your server: # /opt/kav/5.5/smtpgw/setup/postinstall.pl The configuration procedure includes the following tasks: Setting up (by the administrator) of the server name that will be used to identify the application in the SMTP commands when creating the DSN and notifications (the Hostname parameter in the [smtpgw.network]

24 24 Kaspersky SMTP-Gateway 5.5 for Linux/Unix section). Full domain name of the server must be specified as the parameter value. Setting up the domain name that will be used to: Assign the Postmaster address ([smtpgw.network] section, Postmaster parameter) Assign the sender s return address for notifications ([smtpgw.options] section, NotifyFromAdress parameter) Define the administrator s address ([smtpgw.options] section, AdminNotifyAddress parameter) Allow incoming mail to this domain ([smtpgw.options] section, RelayRule parameter). Defining the interface and port to listen to the incoming traffic ([smtpgw.network] section, ListenOn parameter). Type the port name and the IP address in the <x.x.x.x:z> format, where: x.x.x.x is the IP address, and z is the port number. Specifying local network identifiers ([smtpgw.access] section, RelayRule parameter). This value is used to assign rules for message delivery and processing, for example, rules specific for your organization concerning mail processing, or blocking messages from specified domains, etc. Enter the values using the following formats: <x.x.x.x> or <x.x.x.x/y.y.y.y>, or <x.x.x.x/y>,where: x.x.x.x is the IP address, and y.y.y.y or y is the subnet mask. Specifying (when necessary) the server to which all processed messages will be forwarded ([smtpgw.forward] section, the ForwardRoute parameter). Type the host name in the format: <x.x.x.x:z>, where: x.x.x.x is the IP address, and z is the port number. Specifying the proxy server name ([updater.options] section, ProxyAddress parameter). This option is necessary for computers connected to the Internet via a proxy server. Modifying the application configuration file. If all the above steps have been successfully completed, the configuration file will contain all settings that are required to start working with the application.

25 Installing the application 25 After the system is installed and configured, it is recommended that you check the settings for Kaspersky SMTP-Gateway and test its performance. For more details, see Chapter 6 on p Installing the Webmin module to manage Kaspersky SMTP- Gateway The activity of Kaspersky SMTP-Gateway can be controlled remotely via a web browser using Webmin. Webmin is a program, which simplifies administration of Linux/Unix systems. The software is based on modular structure and supports connection of new modules as well as development of your own customized ones. You can obtain additional information about Webmin and download its distribution package from the official program web site at: If the default settings have been used, then you can access Webmin from your web browser using HTTP / HTTPS to connect to port as soon as the program installation is finished. In order to install the Webmin module to control Kaspersky SMTP- Gateway: 1. Use your web browser to access Webmin with the privileges of its administrator. 2. Select the Webmin Configuration tab in the program menu, and then proceed to the Webmin Modules section. 3. Select the From Local File option in the Install Module section and click (see Figure 4).

26 26 Kaspersky SMTP-Gateway 5.5 for Linux/Unix Figure 4. Install Module section 4. Enter the path to the Webmin module of the product and click ОК. Webmin module is located in the kavsmtpgw.wbm file installed by default to the /opt/kav/5.5/smtpgw/setup/ directory (in Linux distributions) or the /usr/local/share/kav/5.5/smtpgw/setup directory (for FreeBSD and OpenBSD distributions). If the Webmin module is installed successfully, you will see a corresponding message on the display. You can access the settings of Kaspersky SMTP-Gateway by clicking its icon within the Others tab (see Figure 5). Figure 5. The icon of Kaspersky SMTP-Gateway in the Others tab

27 CHAPTER 4. USING THE APPLICATION Using Kaspersky SMTP-Gateway, you can build a comprehensive anti-virus protection system for messages transferred through the mail server of your organization. The anti-virus protection system is based on the performance of tasks that represent major functionality of the application. The tasks implemented by Kaspersky SMTP-Gateway may be divided into three major groups: 1. Updates of the databases used for anti-virus scanning and disinfection of objects. 2. Anti-virus protection of traffic. Each of the above groups includes more specific tasks. In this chapter, we will discuss the most typical tasks that the administrator can combine and enhance depending on the needs of his/her organization. This guide contains a description of how to locally configure and start tasks from the command line. Issues related to starting and managing tasks from remote computers using the Webmin application are not discussed in this document. In all examples below, it is assumed that the administrator has completed all required post-installation tasks and the application operates correctly Updating the anti-virus databases Kaspersky SMTP-Gateway uses the anti-virus databases during scanning of traffic and disinfection of infected objects; they contain descriptions of all currently known viruses and the methods of disinfection for objects affected by those viruses. The keepup2date component is included into Kaspersky SMTP-Gateway to provide for software updates. The updates are retrieved from the update servers of Kaspersky Lab, e.g.:

28 28 Kaspersky SMTP-Gateway 5.5 for Linux/Unix ftp://downloads1.kaspersky-labs.com/ etc. The updcfg.xml file included in the installation package lists the URLs of all available update servers. The keepup2date component supports NTLM and Basic authentication for connections through a proxy server. To update the anti-virus databases, the keepup2date component selects an address from the list of update servers and tries to download updates from that server. If the server is currently unavailable, the application connects to another server, trying to download updates. After a successful update, a command specified as the value of the PostUpdateCmd parameter in the [updater.options] section of the configuration file will be executed. By default, this command will automatically restart the application. The restart is necessary to make the application use the updated databases. Incorrect modification of that parameter may prevent the application from using the updated databases or even stop its functioning altogether. All settings of the keepup2date component are stored in the [updater.*] sections of the configuration file. If your network has a complicated structure, we recommend that you download updates from Kaspersky Lab s update servers every hour and place them in a network directory. To keep other networked computers constantly updated, configure the local computers to copy the updates from that directory. For detailed instructions on how to implement this updating scenario, see section on p. 30. We strongly recommend that you set up the keepup2date component to update the databases every hour! The updating process can be scheduled to run automatically using the cron utility (see section on p. 29) or started manually from the command line by the administrator (see section on p. 29). Starting the keepup2date component requires root user privileges. All Kaspersky Lab s applications that include keepup2date can be automatically updated by the component. Task: view the list of all Kaspersky Lab s applications that can be updated. Solution: in order to perform this task, enter in the command line: # keepup2date i

29 Using the application 29 This will print to the screen a list of all Kaspersky Lab applications including the keepup2date component, with their Application IDs Automatic updating of the anti-virus databases You can schedule regular automatic updates for the anti-virus databases using the cron utility. Task: Configure the application to update automatically your anti-virus databases every hour. An update server should be selected from the updcfg.xml file by default. Only errors occurring in the component operation should be recorded in the system log. Keep a general log of all task starts. Output no information to the console. Solution: to perform the above task, do the following: 1. In the application configuration file, specify the following values for the parameters below: [updater.options] KeepSilent=true [updater.report] Append=true ReportLevel=1 2. Edit the file that sets the rules for the cron process (crontab e) by entering the following string for the root user (or any other privileged user), add the following line: In Linux: 0 * * * * /opt/kav/5.5/smtpgw/bin/keepup2date In FreeBSD: 0 * * * * /usr/local/share/kav/5.5/smtpgw/bin/keepup2date Manual updating of the anti-virus databases You can start updating your anti-virus databases from the command line at any time.

30 30 Kaspersky SMTP-Gateway 5.5 for Linux/Unix Task: start updating of the anti-virus databases, save updating results in the /tmp/updatesreport.log file. Solution: to accomplish the task, log in as the root (or any other privileged user) and enter in the command line: # keepup2date l /tmp/updatesreport.log If you need to update the anti-virus databases on several servers, it may be more convenient to download the updates from an update server once, save them to a shared directory, and then update the databases on other computers from that directory. Please see section on p. 30 for details related to creation of a shared directory for updates. Task: start the updating of the anti-virus databases from the /home/kavuser/bases shared directory. If the directory is inaccessible or empty, update the databases from Kaspersky Lab s update servers. Save the results to the /tmp/updatesreport.log file. Solution: to accomplish the task, log in as the root (or any other privileged user) and do the following: 1. Mount the network directory containing the database updates to the /home/kavuser/bases local directory. 2. In the application configuration file, specify the following values for the parameters below: [updater.options] UpdateServerUrl=/home/kavuser/bases UseUpdateServerUrl=true UseUpdateServerUrlOnly=false 3. Enter the following in the command line: # keepup2date l /tmp/updatesreport.log You can accomplish these or similar tasks remotely using the Webmin remote administration module Creating a shared directory for storing and sharing database updates To update the anti-virus databases correctly on local computers from the shared directory, you need to reproduce in that directory a file structure that is similar to

31 Using the application 31 that of Kaspersky Lab s update servers. This is a complicated task that deserves a detailed explanation. Task: create a shared local directory, from which the local computers will update their anti-virus databases. Solution: to accomplish the task, log in as the root (or any other privileged user) and do the following: 1. Create a local directory. 2. Run the keepup2date component as follows: # keepup2date u <rdir> where <rdir> is the full path to the directory created. 3. Provide reading access to that directory for local computers on your network Anti-virus protection of traffic Anti-virus protection of mail traffic is the main task of Kaspersky SMTP-Gateway. The application is used to guard users against infected messages, and to deliver only clean or disinfected messages, along with information on scanning results for every message. Additional filtration of messages by names and attachment types decreases the load on the server when scanning traffic for viruses. This represents only a part of the application s functionality. There is an extended discussion of the application s functionality below, in the sections describing specific protection tasks. All smtpgw settings are located in the [smtpgw.*] sections of the application configuration file Creating groups of recipients/senders Recipients/Senders group is defined as pairs of recipient/sender addresses. A particular message may be assigned to a particular group

32 32 Kaspersky SMTP-Gateway 5.5 for Linux/Unix depending on whether this group contains both the sender s and the recipient s addresses present in the MAIL FROM and RCPT TO commands. The administrator can specify individual rules for processing of each mail message depending on the group of recipients/senders. Therefore, it is particularly important that the addresses must be associated with a correct group. While processing a message, the application searches through the list of addresses for each specific group. If it finds a matching combination of the sender/recipient addresses, the rules defined for this group will be applied to the message. The anti-virus functionality of Kaspersky SMTP-Gateway depends on the configuration file settings. You can make configuration changes to the file either locally or remotely (using the Webmin remote administration module). The configuration file contains the [smtpgw.policy] section that implicitly defines the policy group, which determines the default rules for processing of messages. All parameters specified in that section and the section itself are mandatory. The [smtpgw.policy] section does not contain the names of senders and recipients. Rules defined in [smtpgw.policy] are applied to all messages, except for those belonging to other groups explicitly described as [smtpgw.group:group_name] sections. All parameters in [smtpgw.group:group_name] sections are optional. If a parameter value in such section is not specified, it will be taken from an identical option in the [smtpgw.policy] section. If the configuration file included into the application installation package is used, then the mail messages will be processed according to the following rules (defined by the policy group): Scan all mail messages for viruses. Deliver only clean messages to the recipients. Block delivery for messages containing infected, suspicious, passwordprotected objects and objects, which caused errors during their analysis. Notify recipients and the administrator about infected, disinfected, suspicious, protected or filtered objects in messages and the objects, which caused errors during their analysis. You can change the parameters of the policy group or create new groups. If you would like to process messages belonging to different groups of recipients/senders using different rules, you will have to create several groups.

33 Using the application 33 To create a new group of user addresses, 1. Create section [smtpgw.group:group_name] in the configuration file. 2. Specify sender and recipient addresses as the values of Senders and Recipients parameters (masks of addresses). To define masks, you can use the "*" and "?" wildcards. If you do not define the Recipients OR Senders parameters, the default value will be "*@*" At least one of the Senders or Recipients parameters must be specified. If you have added other groups to the configuration file, the application will process messages from these groups as follows: 1. The application first compares the message address(es) with addresses in the groups created by the administrator. If the recipient/senders addresses pair is found in a specific group, the rules defined for that group will be applied to the message. If a sender/recipient address fits the address ranges of several groups, the application will use the rules for the first of those groups. 2. If the message addresses do not match any group, created by the administrator, the message will be processed according to the rules described in the [smtpgw.policy] section. If a message has several recipients belonging to different groups, virtual copies of the initial message will be created to match the number of such groups. Each copy will be processed individually according to the rules specified by the particular group. Figure 6 demonstrates the sequence of actions applied by Kaspersky SMTP- Gateway to a received message.

34 34 Kaspersky SMTP-Gateway 5.5 for Linux/Unix Figure 6. Message processing General message processing algorithm In this section, we shall examine how the application processes messages. When the server receives an message: 1. The program determines the group of recipients this message belongs to. 2. If the message has multiple recipients belonging to different groups, before further anti-virus scan is performed, the application creates several virtual copies of this message to match the number of groups and applies respective group rules to each of such copies.

35 Using the application Using a built-in MIME format identifier (RFC822, MIME, UUE), the application divides the message into its components, such as message body, attachments, etc. 4. If the application is configured to filter objects by name and/or attachment type, it applies the specified filtering rules for this message. If an object meets the filter conditions, the object will be assigned the Filtered status and will not be subjected to further anti-virus scanning. 5. Then each of the received objects will be sent to the AV module that analyzes the received object and returns the status assigned to it. An object may be assigned one of the following statuses in the process of checking: Clean object is clean. Infected object is infected and cannot be disinfected or its disinfection has not been attempted. Disinfected infected object has been successfully disinfected. Suspicious object is suspected of being infected with an unknown virus or with a new modification of a known virus. Protected scanning failed because the object is passwordprotected (e.g., it is an archive). Error object is corrupted or an error occurred during the scan. 6. Depending on the status assigned to each object, the application performs actions as specified in the settings for the respective group. 7. After the anti-virus scan of all message components and execution of basic actions on those components, an additional action can be performed on the message as a whole. The tasks that can be performed with objects are of the following two types: Basic actions: Deliver messages without changes (see section on page 36). Deliver only clean or disinfected messages (see section on page 37). Delete infected attachments (see section on page 38). Replace infected attachments with messages created using templates (see section on page 39).

36 36 Kaspersky SMTP-Gateway 5.5 for Linux/Unix Additional actions: Block messages delivery to the recipients (see section on page 40). Deliver all messages, including infected messages (see section on page 41). Create and send alerts to the sender, administrator, and recipient (see section on page 42). Quarantine infected messages or place them to the backup storage (see section on page 44). Examples of these actions are demonstrated further by specific practical tasks Main tasks The tasks considered in this section implement the core of the Kaspersky SMTP- Gateway anti-virus functionality. The configuration file included into the installation package by default implements processing rules that are optimal for most of cases Deliver messages without changes Tasks: Scan for viruses all incoming and outgoing traffic on the server. Deliver all messages to recipients, regardless of message status. Notify the recipients and administrator about infected, suspicious, and corrupted objects in messages and about objects the application failed to scan. Solution: To perform the above tasks, do the following: Specify the following parameter values in the [smtpgw.policy] section of the configuration file: [smtpgw.policy] Check=true ActionDisinfected=pass ActionInfected=pass ActionSuspicious=pass

37 Using the application 37 ActionProtected=pass ActionError=pass ActionFiltered=pass BlockMessage= NotifyAdmin=disinfected, infected, suspicious, protected, error NotifyRecipient=disinfected, infected, suspicious, protected, error Delivery of clean or disinfected messages only Task: Scan for viruses all incoming and outgoing mail traffic on the server; cure all infected objects in mail messages. Remove from mail messages all infected objects, which could not be cured and suspicious, password-protected objects as well as objects, which caused errors during scan. Deliver to recipients messages containing clean and disinfected objects only. Notify the recipients and administrator about infected, suspicious, and corrupted objects in messages and about objects the application failed to scan. Solution: to perform the above task, do the following: 1. Enable the cure mode for infected objects. To do so, specify the following parameter value in the [smtpgw.ave] section of the configuration file: [smtpgw.ave] Cure=true 2. Specify the following parameter values in the [smtpgw.policy] section of the configuration file: Check=true ActionDisinfected=cure ActionInfected=remove ActionSuspicious=remove

38 38 Kaspersky SMTP-Gateway 5.5 for Linux/Unix ActionProtected=remove ActionError=remove BlockMessage=infected NotifyAdmin=infected, suspicious, protected, error NotifyRecepient=infected, suspicious, protected, error Removing infected attachments Task: Scan for viruses all incoming and outgoing on the server and cure all infected objects in mail messages. Deliver to the recipients messages containing clean and disinfected objects only. Delete infected, corrupted, or password-protected attachments upon detection and deliver the message without these attachments. Solution: to perform the above task, do the following: 1. Specify the following parameter value in the [smtpgw.ave] section of the configuration file: [smtpgw.ave] Cure=true 2. Specify the following parameter values in the [smtpgw.policy] section of the configuration file: [smtpgw.policy] Check=true ActionDisinfected=cure ActionInfected=remove ActionSuspicious=remove ActionProtected=remove ActionError=remove BlockMessage= NotifyAdmin= NotifySender=

39 Using the application 39 NotifyRecepient= Replacement of infected attachments with standard notifications Task: Scan for viruses all incoming and outgoing on the server and cure all infected objects in mail messages. Deliver to the recipients messages containing clean and disinfected objects only. Infected objects, which cannot be cured, must be deleted and replaced with a standard notification as well as suspicious, damaged or password-protected objects. Solution: to perform the above task, do the following: 1. Enable the cure mode for infected objects. To do so, specify the following parameter value in the [smtpgw.ave] section of the configuration file: [smtpgw.ave] Cure=true 2. Specify the following parameter values in the [smtpgw.policy] section of the configuration file: [smtpgw.policy] Check=true ActionDisinfected=cure ActionInfected=placeholder ActionSuspicious=placeholder ActionProtected=placeholder ActionError=placeholder BlockMessage= NotifyAdmin= NotifySender= NotifyRecepient=

40 40 Kaspersky SMTP-Gateway 5.5 for Linux/Unix Additional tasks A discussion of additional tasks helps understand enhanced functionality of the application. The examples below help the administrator tune up the application for performing particular tasks to extend the functionality of the application and to tailor the application for the conditions and requirements of a particular organization Block delivery of messages to recipients Sometimes, the administrator needs to block delivery of certain messages to the recipients. For example, a message containing important information, that needs to be saved, may be flagged as suspicious. This important information may be corrupted or lost during disinfection. In this case, it is recommended that you block this message and send it to Kaspersky Lab for analysis. Task: Scan for viruses all incoming and outgoing on the server and cure all infected objects in mail messages. Block messages containing suspicious, corrupted, and password-protected objects and infected objects, which the application failed to cure. Notify senders, recipients, and administrator about infected, suspicious, and corrupted objects in messages and about objects the application failed to scan. Solution: to perform the above task, do the following: Specify the following parameter values in the [smtpgw.policy] section of the configuration file: [smtpgw.policy] ActionDisinfected=cure ActionInfected=pass ActionSuspicious=pass ActionProtected=pass ActionError=pass BlockMessage=infected, suspicious, protected, error

41 Using the application 41 NotifyAdmin=disinfected, infected, suspicious, protected, error NotifySender=disinfected, infected, suspicious, protected, error NotifyRecepient=disinfected, infected, suspicious, protected, error Deliver infected messages In some situations you may wish to deliver all messages, including infected ones, to certain groups of users. Task: Scan for viruses all incoming and outgoing on the server. Deliver all messages, including infected ones, to users from the urgent group, adding obligatory notifications about message status assigned after anti-virus scanning. Solution: to perform the above task, do the following: Create group urgent in the configuration file (section [smtpgw.group:urgent]) and assign parameter values as follows: [smtpgw.group:urgent] ActionDisinfected=pass ActionInfected=pass ActionSuspicious=pass ActionProtected=pass ActionError=pass BlockMessage= NotifyAdmin= NotifyRecipient=disinfected, infected, suspicious,protected, error NotifySender=

42 42 Kaspersky SMTP-Gateway 5.5 for Linux/Unix Delivery of notifications to the sender, administrator and recipients Task: Scan for viruses all mail traffic on the server and cure all infected objects. Deliver to the recipients messages containing clean and disinfected objects only. Block messages containing infected, suspicious, corrupted, and password-protected objects as well as objects, which the application failed to scan because of an error. Notify the senders, recipients and the administrator about infected, suspicious and damaged objects in messages and about objects, which the application failed to scan because of an error. Solution: to perform the above task, do the following: 1. Enable the cure mode for infected objects. To do so, specify the following parameter value in the [smtpgw.ave] section of the configuration file: [smtpgw.ave] Cure=true 2. Specify the following parameter values in the [smtpgw.policy] section of the configuration file: [smtpgw.policy] ActionDisinfected=cure ActionInfected=pass ActionSuspicious=pass ActionProtected=pass ActionError=pass BlockMessage=infected, suspicious, protected, error NotifyAdmin=disinfected, infected, suspicious, protected, error NotifyRecipient=disinfected, infected, suspicious, protected, error

43 Using the application 43 NotifySender=disinfected, infected, suspicious, protected, error Additional filtering of objects by name and type messages frequently contain objects where virus infection is highly probable (e.g., executable files). To avoid infection, we recommend that you configure the application to filter by name and/or attachment types and save such objects in a separate directory. There are also objects, which cannot be infected with viruses (e.g., plain text files). To reduce the load on the server during anti-virus scanning of messages we recommend that you specify the types and/or the names of such attachments in advance so that the application does not scan them. Filtering of objects is performed using name masks (IncludeByName, ExcludeByName parameters) and MIME types (IncludeByMime, ExcludeByMime parameters) in the [smtp.policy] or [smtp.group:group_name] sections of the application configuration file. Task: Scan all group messages for viruses. Filter with.exe attachments and block the delivery of messages, containing such files. Block the delivery of messages containing suspicious, damaged or password-protected objects as well as objects, which the application failed to disinfect. Notify senders, recipients, and administrators about messages with.exe attachments, cured, deleted, and suspicious objects and objects, which the application failed to scan because of an error. Solution: to perform the above task, do the following: Specify the following parameter values in the [smtpgw.policy] section of the configuration file: [smtpgw.policy] IncludeByName=*.exe ActionDisinfected=cure ActionInfected=pass ActionSuspicious=pass ActionProtected=pass ActionError=pass

44 44 Kaspersky SMTP-Gateway 5.5 for Linux/Unix ActionFiltered=pass BlockMessage=infected, suspicious, protected, error, filtered NotifyAdmin=infected, suspicious, protected, error, filtered NotifyRecipient=infected, suspicious, protected, error, filtered NotifySender=infected, suspicious, protected, error, filtered Backing up (quarantine, backup storage) You can configure Kaspersky SMTP-Gateway to move messages with certain statuses to a separate storage, such as quarantine or backup storage. This feature may be used, for example, if an infected attachment that contains important data was detected during anti-virus scanning. A disinfection attempt may corrupt a part of the data. The message can also be isolated in a separate directory and then sent to Kaspersky Lab for analysis. Our experts will probably be able to disinfect the file and preserve the integrity of data in it. Messages, containing objects that were flagged as Error or Suspicious during scan, are saved to the quarantine directory. Other messages, containing infected, protected or filtered objects, are copied into the backup storage. Task: 1. Scan all messages for viruses and disinfect all infected messages. 2. Deliver to the recipients messages containing clean and disinfected objects only. 3. Block delivery for messages containing incurable, suspicious, damaged or password-protected objects; such messages must be placed into the /opt/quarantine directory. 4. Notify senders, recipients, and administrators about infected, suspicious, damaged objects and about objects that the application failed to scan because of an error. Solution: to perform the above task, do the following: 1. Create the /opt/quarantine directory where the blocked messages will be stored; enable the write access to the directory for the user

45 Using the application 45 account employed by the application for its operation (kavuser by default). 2. In the [smtpgw.ave] section of the configuration file assign parameter value as follows: [smtpgw.ave] Cure=true 3. In the [smtpgw.policy] section of the configuration file assign parameter value as follows: [smtpgw.policy] ActionDisinfected=cure ActionInfected=pass ActionSuspicious=pass ActionProtected=pass ActionError=pass BlockMessage=infected, suspicious, protected, error NotifyAdmin=disinfected, infected, suspicious, protected, error NotifyRecipient=disinfected, infected, suspicious, protected, error NotifySender=disinfected, infected, suspicious, protected, error SaveInQB=infected, suspicious, protected, error BackupPath=/opt/quarantine/ QuarantinePath=/opt/quarantine/ Before you set up copying of messages to backup, make sure that there is sufficient disk space in the server file system containing the quarantine and backup storage. Do not forget to purge this directory from time to time to remove old messages and compress necessary files (the frequency of that procedure depends on the mail traffic intensity within your network) Automatically add incoming and outgoing mail to archives If the security policy of your organization includes archiving traffic processed by the server, you can set the application to add automatically messages to archives. If necessary, the administrator can view all messages in archives.

46 46 Kaspersky SMTP-Gateway 5.5 for Linux/Unix If the auto archiving option is enabled, copies of the following messages will be archived: All incoming messages, including infected objects, without additionally notifying the administrator. Archiving of such messages is enabled when the path to the archive directory is specified as the value of the IncomingArchivePath parameter in the [smtpgw.path] section). Outgoing messages, including those delivered to recipients, blocked because of a virus, and notifications generated by the application. Archiving of such messages is enabled when the path to the archive directory is specified as the value of the OutgoingArchivePath parameter in section [smtpgw.path]). Before you enable automatic archiving, make sure that there is enough space in your server s file system to accommodate the archive. Do not forget to purge this directory from time to time to remove old messages and compress necessary files (the frequency of that procedure depends on the mail traffic intensity within your network) Protection from hacker attacks and spam To provide the highest level of security for your mail system, we recommend that you modify the Kaspersky SMTP-Gateway configuration file to extend the antivirus functionality of the application. To protect your server from hacker attacks or, for example, to prevent spam being relayed through your server, configure the following options: ConnectRule in the [smtpgw.access] section. The parameter defines application behaviour during establishment of an SMTP session. HeloRule in the [smtpgw.access] section. The parameter defines application response to HELO/EHLO command received from a client. MailfromRule in the [smtpgw.access] section. The parameter defines application behaviour at an attempt to send a message from a source (passed with MAIL FROM command) with a domain name, which does not match the actual IP address or MX host corresponding to that domain. RelayRule in the [smtpgw.access] section. The parameter defines the rules for client access to gateway. Correct settings of that option are essential for prevention of application use as a publicly open mail relay. A detailed discussion of the syntax of these parameters is provided in the description of the configuration file (see A.2 on p. 82).

47 Using the application 47 You are also advised to enable restrictions for SMTP connections (see section 5.3 on p. 53). Furthermore, application version 5.5 supports the technology of DNS black lists (RBL). That technology allows blocking of mail receipt from unsafe servers registered in the RBL database as servers sending spam. The list of DNS Black List services is specified in the DNSBlackList parameter, [smtpgw.access] section of the application configuration file. DNS black list service (RBL, real time black hole list) is a database of IP addresses of mail servers performing unchecked mail delivery. If a certain address is constantly being used for sending spam and administration of the server used for spam distribution takes no steps to prevent that, you can inform RBL about the spammer. The latter will be added to the database and the record will allow automatic blocking of mail receipt from that mail server. Various RBL services use different policies for generation of such lists. Please examine carefully the policy of each service before you start using it for mail filtration Managing license keys The right to use Kaspersky SMTP-Gateway is determined by the license key. The key is included in the product s distribution kit and entitles you to use the application from the day you have purchased it and installed the key. Kaspersky SMTP-Gateway WILL NOT work without a license key! After the license expires, the functionality of the application will still be preserved except for the possibility to update the anti-virus databases. You will still be able to scan messages for viruses and disinfect infected objects, but you will be unable to use the databases issued after your license expiration date. Therefore, you may not be protected against new viruses that have appeared after your license expired. In order to protect your computer against new viruses, we recommend that you renew the license to use Kaspersky SMTP-Gateway. The license key gives you the right to use the application. It contains all information related to the license you have purchased, including the type of license, license expiry date, information about dealers, etc. In addition to the right to use the application during the license period, you will have the following benefits: twenty-four-hour technical support hourly updates of the anti-virus databases timely notifications about new virus threats.

48 48 Kaspersky SMTP-Gateway 5.5 for Linux/Unix Therefore it is essential to extend in time your license to use Kaspersky SMTP- Gateway. You can also install an additional key. The application will start using it as soon as the current active key expires (see section on p. 49) Viewing information about license keys You can view information about the installed license keys in the reports of the smtpgw component. Each time the component starts, smtpgw loads the license key information and displays it in the report. A more detailed information about the status of the license keys may be obtained using licensemanager, a special component of the application. All information about keys may be viewed either on the server s console, or remotely from any networked computer that has access to the Webmin module. To view information about all installed license keys, enter the following in the command line: # licensemanager s In the server console, you will see information similar to the following: Kaspersky license manager. Version /RELEASE Copyright (C) Kaspersky Lab Active key info: Product name: Kaspersky SMTP-Gateway 1 month Key file 00053BC3.key Type: Commercial Expiration date: , expires in 60 days Serial: 02B BC Additional key info: Product name: Kaspersky Anti-Virus 5 Business Optimal 1 month Key file 00053E3D.key Type: Commercial Expiration date: expired Serial: 02B E3 To view information about a license key, enter, for example, the following in the command line: # licensemanager -k 00053E3D.key where 00053E3D.key is the name of the license key file.

49 Using the application 49 In the server console, you will see information similar to the following: Kaspersky license manager. Version /RELEASE Copyright (C) Kaspersky Lab Product name: Kaspersky SMTP-Gateway 1 month Creation date: Expiration date: Serial 02B E3 Type: Commercial Lifespan: Renewing your license Renewal of the license to use Kaspersky SMTP-Gateway will give you the right to re-enable full product functionality. Besides, additional services listed in section 4.4 on p. 47 will be resumed. The license term depends on the product you bought and the type of the license you purchased. The license for Kaspersky SMTP-Gateway is usually issued for one year. To renew the license for Kaspersky SMTP-Gateway: Contact the company that sold you the product and renew your license for Kaspersky SMTP-Gateway. or: Purchase a license directly from Kaspersky Lab. Write a letter of request to the Sales Department of our company at [email protected] or fill in the corresponding form on our website ( section E-Store Renew Your License. After your payment is received, we will send a license key to the address indicated in the corresponding field of your license renewal form. After you have purchased the license key, you will have to copy it to the directory specified as the value of the LicensePath parameter in section [path] of the application configuration file and to install it using the licensemanager utility. To install a new license key, enter, for example, the following in the command line: # licensemanager -a 00053E3D.key where 00053E3D.key is the name of the license key file.

50 50 Kaspersky SMTP-Gateway 5.5 for Linux/Unix If the installation is successful, the following (or similar) information will be displayed on the server console: Kaspersky license manager. Version /RELEASE Copyright (C) Kaspersky Lab Key file 00053E3D.key is successfully registered We recommend that you update the anti-virus databases after the installation. If you want to install a new license key before the current license key expires, you can add it as a backup license key. The backup key will be activated immediately after the current one expires. The term of validity for the additional key starts from the activation date. You can install only one backup key. If you have installed two keys (the current and an additional one), you can view information about the installed active and backup keys in the server console Removing a license key To remove the current license key, enter the following in the command line: # licensemanager da If the component removes the license key successfully, the following (or similar) information will be displayed on the server console: Kaspersky license manager. Version /RELEASE Copyright (C) Kaspersky Lab Active key was successfully removed If you have installed two keys (the current and an additional one), then removal of the current key causes automatic removal of the additional one as well. To remove a backup key, enter the following in the command line: # licensemanager dr The server console will display the following (or similar) information: Kaspersky license manager. Version /RELEASE Copyright (C) Kaspersky Lab Additional key was successfully removed

51 CHAPTER 5. ADVANCED APPLICATION SETTINGS This chapter discusses in detail the advanced settings of Kaspersky SMTP- Gateway. In contrast to main settings (see section 4.2 on page 31), that provide the application functionality, advanced settings can be configured optionally at the administrator s discretion Configuring anti-virus protection of mail traffic Application settings in the [smtpgw.ave] section define the mode of message scanning and disinfection, configure the use of the ichecker technology for acceleration of anti-virus processing and enable or disable scanning of archives or databases (as determined by the ScanArchives and ScanMailBases options respectively) Scanning and disinfecting messages By default, the application only scans your traffic for viruses. If a virus is detected, the application can delete such infected object, rename it, block messages, deliver message containing such object and/or send notifications to the sender, recipient, and administrator. To enable disinfection, set the Cure parameter to true. To have Kaspersky SMTP-Gateway disinfect infected messages, specify the Cure=true value. If disinfection has been successful, the object is assigned the Disinfected status Using the ichecker technology While performing anti-virus scan, the application may use the ichecker technology (UseIChecker parameter, section [smtpgw.ave]) that eliminates the need to scan identical objects each time they are detected in the flow of messages and, if possible, perform only one comparison with the existing data. The object anti-virus scan algorithm will be changed as follows:

52 52 Kaspersky SMTP-Gateway 5.5 for Linux/Unix When a message is scanned for the first time (if it has been flagged as Clean), data about the message (name, checksum, date) is saved to the ichecker database. The database path is defined by the ICheckerDBFilename option in the [smtpgw.options] section. Next time the message is sent to the AV module for scanning, the application first looks for that file in the ichecker database. If it finds a match, the current object is compared with the database record. If the current status of the object and its description in the database are fully identical, then the object is considered to be unchanged and is not scanned for viruses. To have the application use the ichecker technology, set the UseIChecker parameter in the [smtpgw.ave] section of the configuration file to true Setting up application timeouts All timeout settings are located in the [smtpgw.timeouts] section of the application configuration file. By setting up various timeouts, the administrator can: Limit the maximum period after which the application will attempt to deliver outgoing messages that have not been sent yet (MaximalBackoffTime parameter, in seconds). Limit the minimum time, which should elapse before the application will attempt to send again an undelivered message (MinimalBackoffTime parameter). Specify the interval during which the application will try to deliver a message with the frequency defined by the MinimalBackoffTime and MaximalBackoffTime parameters (MaximalQueueLifetime option). After this period elapses, the unsent message will be removed from the ready-to-send queue. If necessary, a DSN message about the initial message delivery failure will be generated. Specify timeouts for intercepting various network operations (for the Sender and Receiver modules), such as: Network reading timeout (ReadTimeout option). The default timeout specified in the configuration file of the application is the optimal value for most cases and it is not recommended to alter it. Network writing timeout (WriteTimeout option). The default timeout specified in the configuration file of the application is the

53 Advanced application settings 53 optimal value for most cases and it is not recommended to alter it. Specify timeouts used by the application to send messages: Maximum time for receiving data from the remote server when establishing an SMTP session (SendingInitialTimeout option). Maximum time to start a mail session (command HELO/EHLO) (SendingHelloTimeout option). Timeout for waiting for the response from the remote server to the MAIL FROM command (SendingMailTimeout option). Timeout for defining the recipient (RCPT TO command) (SendingRcptTimeout option). Timeout for initiating data transfer (DATA command) (SendingDataInitiationTimeout option). Timeout for stopping the data transfer (CRLF.CRLF sequence) to a remote server (SendingDataTerminationTimeout option). Timeout for quitting the current mail session (QUIT command) (SendingQuitTimeout option). Specify timeouts used by the application to receive messages: Timeout for starting the DATA command (ReceivingDataInitiationTimeout option). Timeout for stopping the data transfer by the remote server (ReceivingDataTerminationTimeout option). Timeout for waiting for the HELO/EHLO, MAIL FROM, RCPT TO, QUIT commands from a remote server (ReceivingCommandTimeout option). Besides, you can configure time-related parameters of internal DNS client operation in the [smtpgw.resolve] section (see section A.2 on p. 82) Setting performance restrictions Kaspersky SMTP-Gateway provides the administrator with the possibility to setup certain limits when working with the application. In some cases, this may help reduce the load on your server and increase performance. In addition, using network restrictions, it is possible to prevent some types of virus outbreaks and

54 54 Kaspersky SMTP-Gateway 5.5 for Linux/Unix DOS attacks aimed at paralyzing your mail server with huge volumes of mail traffic. You can find all restriction settings in the [smtpgw.limits] section of the application configuration file. You can set the following restrictions: Number of objects simultaneously processed by the Receiver, Sender and the AV modules (the IncomingSessions, OutgoingSessions, and AntiviralSessions options, respectively). Maximum number of message hops (MaximalIncomingHops option). Set this parameter to avoid looping due to incorrect configuration of the routing table. Limit the maximum size for messages received by the server (Maximal- IncomingMessageSize option) and the total number of messages received during one mail session (MaximalIncomingMessagesPer- Session option). Limit the number of recipients of a single message (MaximalIncoming- RcptsPerMessage option). This parameter prevents spam addressed to your users). Maximum size of a single mail session (MaximalIncomingSessionSize option). Maximum number of simultaneous connections from the same IP address (or host) that are processed by the Receiver and by the Sender modules (MaximalIncomingSessionsPerlP and MaximalOutgoingSessionsPerHost options respectively). If the mail traffic transferred by your server exceeds the specified limits, we recommend that you decrease the number of objects simultaneously processed by the AV module (AntiviralSessions parameter) and the number of hops for a single message (MaximalIncomingMessageSize option). This increases application performance and message processing speed. If your server has a low-speed Internet connection, the following actions are recommended: Decrease the number of objects simultaneously processed by the Receiver and Sender modules (IncomingSessions and OutgoingSessions options). Decrease the maximum number of incoming messages received during a single session (MaximalIncomingMessagesPerSession option).

55 Advanced application settings Setting up connection receiving interfaces The set of interfaces and ports, used by the application to receive the connections, is defined by ListenOn parameter in the [smptgw.network] section of the application configuration file. By default, Kaspersky SMTP- Gateway listens for connection on port 25 using all available interfaces. If a particular interface is to be used rather than all available interfaces or if it is necessary to use a port other than 25, additional settings configuration must be performed. To make the application wait for connection on port 1025 of interface : assign the following value to the ListenOn parameter in the [smtpgw.network] section: ListenOn= :1025 In order to use several particular interfaces, create several ListenOn parameter records in the configuration file. E.g.: ListenOn= :25 ListenOn= : Setting up the routing table The application does not include a local agent used for message delivery, therefore all incoming mail messages must be transferred to the local host where such an agent in installed. The rules for transferring (routing) are set by the ForwardRoute parameter in the [smtpgw.forward] section. This parameter is specified using one of the following formats: ForwardRoute=<address_mask> recipient ForwardRoute=<address_mask> [<recipient>] ForwardRoute=<address_mask> [<recipient>:<port>] where: <address_mask> the address of the recipient of the messages (wildcards "*" and "?" can be used; if the parameter is assigned any value, then any recipient s address may be used).

56 56 Kaspersky SMTP-Gateway 5.5 for Linux/Unix <recipient> is the name of the domain containing the mail server, where (according to MX records) the must be sent. [<recipient>:<port>] is the delivery point (IP address or host name, port). For example, if you create the following record in section [smtpgw.forward]: [localhost:1025] then all mail messages to domain.com will be sent to port 1025 of the local host after an anti-virus scan. If several routing rules must be specified, create several copies of the ForwardRoute parameter in the configuration file. For example, record created in section [smtpgw.forward]: [localhost:1025] [somehost.somedomain.com] otherdomain.com will mean the following processing rules: forward all messages for domain domain1.com to port 1025 of the local host after anti-virus scanning forward all messages for domain domain2.com to port 25 of host somehost.somedomain.com after anti-virus scanning forward all messages for domain domain3.com to MX-host of domain otherdomain.com after anti-virus scanning (the domain will be determined at the time the message is sent forward all other messages to the corresponding MX-hosts after anti-virus scanning. When determining the routing rules the first record will be used out of those where the specified domain matches the domain of message recipient Checking the configuration file syntax Use the -k or --check-config key in the application command line to check the syntax of its configuration file. If the configuration file contains no errors, the following line will be displayed in the server console: Config OK!

57 Advanced application settings 57 If the check reveals errors, the following line will appear in the server console: Config is invalid see log for detail Syntax check in notification templates Version 5.5. of the application allows syntax checks of notification templates accomplished using the kltlv utility installed by default in the /opt/kav/5.5/smtpgw/bin directory (in Linux distributions) or in /usr/local/share/kav/5.5/smtpgw/bin (for FreeBSD distributions)). The kltlv utility can be started by a privileged user (root) only. To check the syntax of a notification template, enter the following in the command line: # /opt/kav/5.5/smtpgw/bin/kltlv./dsn.tmpl The utility will output to server console a report similar to the example below: Kaspersky Template Language Verifier for Linux GLIBC 2.2 version /RELEASE, Copyright (C) Kaspersky Lab, Parsing error: Unexpected end of line in the declaration, line 63 If a template check is successful, the utility will report that template syntax is correct. In case of errors it will display a description of possible failure causes (see section A.13 on p. 111). Utility return codes are described in section A.14 on p Work with backup storage and the quarantine directory The klmaila utility allows management of objects preserved in the quarantine directories, backup storage and the archives of incoming/outgoing messages. The klmaila utility can be started by a privileged user (root) only.

58 58 Kaspersky SMTP-Gateway 5.5 for Linux/Unix It offers the following opportunities: Reviewing of the whole storage contents or information on certain messages, e.g.: #./klmaila --show-all --archivepath=/var/db/kav/5.0/smtpgw/arch_in Kaspersky Mail Archives Manager for Linux GLIBC 2.2 version /RELEASE, Copyright (C) Kaspersky Lab, QueueID--Status-Size ArrivalTime Sender.../Recipient... icmnf8ax05033 RCV 6375 Tue, 28 Dec :22: > icmmf84m00443 RCV 5050 Tue, 28 Dec :22: > Total: 2 archived messages, bytes. The application outputs information about messages preserved in storage directory in the following format: ID STATUS SIZE DATE IP <SENDER> -> <RECIPIENT> where: ID identification number of a stored message STATUS message status reflecting its current state. A stored message may have any of the following statuses: RCV message from incoming mail archive SNT message from outgoing mail archive CLN message with the Clean status in quarantine directory CRD message with the Cured status in quarantine directory SSP message with the Suspicious status in quarantine directory PRT message with the Protected status in quarantine directory ERR message with the Error status in quarantine directory FLT message with the Filtered status in quarantine directory INF message with the Infected status in quarantine directory.

59 Advanced application settings 59 SIZE message size (may be specified in bytes, kilobytes, and megabytes as determined by the respective prefixes) DATE time and date of message receipt by the application IP IP address of message sender SENDER message sender s address RECIPIENT message recipient s address (the field may contain several values). Removal of all messages or a specified message from storage, e.g.,: #./klmaila --remove-all --archivepath=/var/db/kav/5.0/smtpgw/arch_in Kaspersky Mail Archives Manager for Linux GLIBC 2.2 version /RELEASE, Copyright (C) Kaspersky Lab, Total: 4586 archived messages have been removed. Sending of all or certain messages from storage directories to their original recipients, e.g.: #./klmaila --send-id=jhrwpc7s archivepath=/var/db/kav/5.5/smtpgw/arch_in Kaspersky Mail Archives Manager for Linux GLIBC 2.2 version /RELEASE, Copyright (C) Kaspersky Lab, Message with QueueID jhrwpc7s86253 will be sent asap. Descriptions of command line options for klmaila utility can be found in section A.16 on p. 114, its return codes are described in section A.17 on p Management of application working queue While the application is running, it creates a working queue of messages for processing by the AV module. The klmailq utility allows management of messages in working queue.

60 60 Kaspersky SMTP-Gateway 5.5 for Linux/Unix The klmailq utility can be started by a privileged user (root) only. It offers the following opportunities: Reviewing the contents of working queue or information on specific messages in it. To display the information about all messages in the working queue, enter the following in the command line: #./klmailq --show-all below: The utility will output to server console a report similar to the example Kaspersky Mail Queue Manager for Linux GLIBC 2.2 version /RELEASE, Copyright (C) Kaspersky Lab, QueueID--Status-Size ArrivalTime Sender.../Recipient... iaguf4oi21098 WFS 1570 Tue, 12 Feb :42: <[email protected]> -> <[email protected]> iagvf4qs38118 WFC 897 Tue, 12 Feb :42: <[email protected]> -> <[email protected]> iagtf45y97588 SND 1048 Tue, 12 Feb :42: <[email protected]> -> <[email protected]> Total: 3 queued messages, 3515 bytes. The application outputs information about messages in working queue in the following format: ID STATUS SIZE DATE IP <SENDER> -> <RECIPIENT> where: ID identification number of a queued message STATUS message status reflecting its current state.

61 Advanced application settings 61 A message in working queue may have any of the following statuses: WFC message waiting for anti-virus scanning CHK message being scanned for virus presence WFS message waiting for creation of its virtual copies SPL message being used for creation of virtual copies QUE message waiting to be sent to its recipient SND message being sent. SIZE message size (may be specified in bytes, kilobytes, and megabytes as determined by the respective prefixes) DATE time and date of message addition into the queue IP IP address of message sender SENDER message sender s address RECIPIENT message recipient s address (the field may contain several values). Removal of all messages or a specified message from working queue. To remove all messages from the working queue, enter the following in the command line: #./klmailq --remove-all below: The utility will output to server console a report similar to the example Kaspersky Mail Queue Manager for Linux GLIBC 2.2 version /RELEASE, Copyright (C) Kaspersky Lab, Total: 12 queued messages have been removed. A message can be removed from queue if it has WFC, WFS or QUE status only. Send all or selected messages ahead of the general queue, e.g.: #./klmailq --send-id=jhrwpc7s86253 Kaspersky Mail Queue Manager for Linux GLIBC 2.2 version /RELEASE, Copyright (C) Kaspersky Lab,

62 62 Kaspersky SMTP-Gateway 5.5 for Linux/Unix Message with QueueID jhrwpc7s86253 will be sent asap. A message can be sent ahead of the general queue only if it has QUE status (expects delivery to the recipient). Descriptions of command line options for klmailq utility can be found in section A.15 on p. 113, its return codes are described in section A.17 on p Managing the application While Kaspersky SMTP-Gateway is running, you can manage the application using scripts, signals, and special control files. This section describes how to manage the application using scripts (about management options using signals, see section A.3 on p. 98; about using files see A.5 on p. 100). Application management using scripts requires privileged user (root) rights. If you use Linux distribution package (except for installations made using the tar.gz package), to run the management script, enter the following in the command line: # /opt/kav/5.5/smtpgw/init.d/smtpgw <action> or use the link: # /etc/init.d/smtpgw <action> If you use FreeBSD distribution package, to run the management script, enter the following: # /usr/local/etc/rc.d/smtpgw.sh <action> For OpenBSD distribution package, to run the management script, enter the following string: # /usr/local/share/kav/5.5/smtpgw/setup/smtpgw.sh <action> The /etc/init.d/smtpgw will not be created if you install the application from a tar.gz package. You will have to create manually the link pointing to the /opt/kav/5.5/smtpgw/init.d/smtpgw management script. The <action> parameter can take one of the following values:

63 Advanced application settings 63 Value start stop restart reload reloadbases status stats recv-off recv-on send-off send-on avir-off avir-on Meaning Start the application. Stop the application. Stop and then start the application. Reinitialize the smtpgw component and reload the anti-virus database and the configuration file. Reload the anti-virus databases. Request the application status. Request the application statistics. Suspend the operation of the Receiver module. Resume the operation of the Receiver module. Suspend the operation of the Sender module. Resume the operation of the Sender module. Suspend the operation of the AV module. Resume the operation of the AV module Control of application activity A special watchdog process controls correct functioning of individual application modules while the software is running. As soon as the application starts, it creates a child process monitoring the application. If upon a specified interval the parent process receives no confirmation of correct operation from any module, the watchdog process restarts the application. You can control timeouts of the watchdog process using the application command line options. See section A.7 on p. 106 for details.

64 64 Kaspersky SMTP-Gateway 5.5 for Linux/Unix Customizing date and time formats Kaspersky SMTP-Gateway generates reports on the activity of every component. This information always contains the date and time of report generation. By default, Kaspersky SMTP-Gateway displays the date and time according to the strftime standard: %H:%M:%S displayed time format. %d/%m/%y displayed date format. The administrator can customize how the time and date are displayed in the [locale] section of the application configuration file. You can specify one of the following formats : %I:%M:%S %P display time in 12-hour format (TimeFormat parameter). %y/%m/%d or %m/%d/%y display date (DateFormat parameter) as yy/mm/dd or mm/dd/yy, respectively) Reporting options The performance of the smtpgw component is recorded in the report file that is output into the application log file in plain text format (LogFilename option in the [smtpgw.options] section) or in the system log (syslog). The data is not logged if the LogFilename option is not defined (LogFilename=). To customize the output data, change the report detail level (LogLevel option in the [smtpgw.options] section). Report detail level is a number that defines the level of reported details for application performance data. Each subsequent level of detail contains all the details from the previous level and adds some new information. The table below lists possible report detail levels. Level Letter symbol Level Meaning description 0 Fatal Errors F Only information regarding critical errors (that terminate the program due to impossibility of executing an action). For example, the component is infected, or scanning, database loading, or license key loading failed.

65 Advanced application settings 65 Level Level description Letter symbol Meaning 1 Errors E Information about other errors that may or may not lead to application shutdown, for example, file scan errors. 2 Warning W Notifications about errors that may lead to the application shutdown (license key expiration warning, out-of-disk-space warning, etc.). 3 Info, Notice I Important informational messages, such as whether a component is running or inactive, the path to the configuration file, latest changes in scan area, database updates, license keys, statistics summary. 4 Activity A Messages on scanning of files according to the report detail level. 9 Debug D All debug messages. Information about fatal errors is always displayed, regardless of the report detail level. The optimal level is level 4, which is also the default level. Information messages may be divided into the following types: Messages about the actions applied to messages Notifications about system events Other messages (component start, loading of databases, return codes, etc.). The output format for each of the detail level listed above is as follows: for messages about the actions applied to messages: [date time detail_level] envelope-id: MESSAGE; for all other types of messages: [date time detail_level]: MESSAGE, where: [date time detail_level] is the parameter that contains the date and the time (in the format specified by the

66 66 Kaspersky SMTP-Gateway 5.5 for Linux/Unix administrator in the [locale]) section and the first letter of the report detail level. envelope-id message identifier in the working queue of the application, to which the message corresponds. MESSAGE message text that may have different formats depending on the type of the message. For the text of messages containing information about actions applied to messages see section A.19 on p Additional informational header fields in messages Version 5.5. of the application allows addition of some supplementary information to mail messages. Let us examine closer two methods of adding new informational header fields to a message: Add extension header field to mail message. The information may describe application version, date when the antivirus databases were last updated, time and result of message scanning (determined by the AddXHeader parameter in the [smtpgw.policy] section of the application configuration file). Header format: X-Anti-Virus: <product name and version>, bases: <date of the last update to anti-virus databases in YYYYMMDD format> #<the number of records in AV databases>, check: <scan date in YYYYMMDD format> <scanning status or not_checked> E.g.: X-Anti-Virus:Kaspersky SMTP-Gateway for Linux GLIBC 2.2 version /RELEASE, bases: #102746, check: clean Add disclaimer text to mail message body. The information will be added as plain text; it may contain any statement generated in accordance with the security policy (or other rules) of a specific organization (the AddDisclaimer parameter in the [smtpgw.policy] section). The default message text notifies that the message has been scanned by Kaspersky SMTP-Gateway. Upon administrator s demand the application can modify the information format (e.g., generate disclaimer message as a HTML text).

67 CHAPTER 6. TESTING APPLICATION OPERABILITY After you install and configure Kaspersky SMTP-Gateway, it is recommended that you test its settings and operability by using the following two methods: Telnet program EICAR test virus Testing the application using Telnet To test the application operation using Telnet it is necessary to: 1. Configure the connection to the server with the installed application using Telnet. To do so, enter the following in the command line: telnet <smtpgw host address> <port> where the host address and port are values assigned to the ListenOn option in the [smtpgw.network] section of the application configuration file. 2. After the connection is established, wait for a response from the smtpgw component. You will see the following information: 220 smtpgw.company.com ESMTP where smtpgw.company.com is the name of the server being tested. 3. After the connection to the server is confirmed, type the following in the command line: EHLO <fqdn> where <fqdn> stands for a full qualified domain name of the host, which establishes connection. You will see the following (or similar) information: 250-smtpgw.company.com hello user [ ] 250-ENHANCEDSTATUSCODES

68 68 Kaspersky SMTP-Gateway 5.5 for Linux/Unix 250-PIPELINING 250-8BITMIME 250-SIZE DSN where: smtpgw.company.com is the name of the server being tested user is the client host name [ ] is the client IP address. Enter in the command line: MAIL FROM: <sender_address> You will see the following (or similar) information: OK Enter in the command line: RCPT TO: <recipient_address> You will see the following (or similar) information: OK Enter in the command line: DATA You will see the following (or similar) information: 354 Start mail input; end with <CRLF>.<CRLF> Enter in the command line: Subject: test test. You will see the following (or similar) information: OK 4. If the response is OK, the test message has been successfully accepted by the server. After this, the message must be scanned for viruses and then sent to the recipient in accordance with the routing table. It is recommended that you check message delivery. To verify the results, view the application statistics. One message will be added to the totals of scanned and sent messages.

69 Testing application operability Testing the application using EICAR This test "virus" recommended for application testing has been developed by (The European Institute for Computer Anti-Virus Research) specifically for the purpose of verification of the anti-virus software operation. It IS NOT A VIRUS and contains no code that may harm your computer. However, most products of anti-virus vendors identify it as a virus (The European Institute for Computer Antivirus Research). Never use real viruses to test the operation of your anti-virus application! The test "virus" can be downloaded from the official site of EICAR at: If you have no Internet access, you can create a test "virus" manually. To do so, enter the line below in any text editor and save the file as eicar.com: X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H* The file that you downloaded from the EICAR site or created in a text editor as described above, contains the body of a standard test "virus". The anti-virus application will detect it, flag it as Infected and perform the specified action for objects with this status. To test the application's response to other types of objects, modify the body of the standard test "virus" by adding one of the prefixes below (see Table 1). You can verify the proper operation of Kaspersky SMTP-Gateway using modifications of the EICAR "virus" only if your anti-virus databases were last updated on or after October 24, 2003, or has the cumulative updates for October Table 1. Test "virus" modifications Prefix No prefix, standard test "virus"" CORR SUSP WARN Object type Infected. An error occurs during disinfection. The object will then be deleted. Corrupted. Suspicious (unknown virus code). Suspicious (modified code of a known virus).

70 70 Kaspersky SMTP-Gateway 5.5 for Linux/Unix Prefix ERRO CURE DELE Object type Error when scanning the object. Infected. The object will be disinfected and the text in the infected file will be changed to CURE. Infected. The object will be deleted automatically. The first column of the table contains the prefixes that should be added to the beginning of the line in the standard test "virus" file (e.g., DELE After adding a prefix to the test virus, save it to a file with another name, for example eicar_dele.com; assign names to all the modified viruses in the same manner. The second column contains the types of objects identified by the anti-virus application after you added a prefix. The actions for each type of object are defined by the application's settings customized by the administrator.

71 CHAPTER 7. UNINSTALLING THE APPLICATION To uninstall Kaspersky SMTP-Gateway from server, you must be a privileged (root) user. If you are currently logged under a user account with lesser privileges, log on as root. The uninstallation process will automatically stop the application! When you are uninstalling the product, the application will be stopped, and all files and directories created during installation will be deleted. However, files and directories created or modified by the administrator, such as the application configuration file, notification templates, the quarantine directories, archives of received and sent messages, anti-virus databases, license key file, will remain. There are several different ways to run the uninstall procedure, depending on the package manager you used. Below is a detailed description of these options. If you installed the application from the rpm package, type the following in the command line to uninstall Kaspersky SMTP-Gateway: # rpm -e <package_name> If you installed the application from the deb package, type the following in the command line to uninstall Kaspersky SMTP-Gateway: # dpkg -P <package_name> If you installed the application from the universal package (tar.gz), type the following in the command line to uninstall Kaspersky SMTP- Gateway: # /opt/kav/5.5/smtpgw/setup/uninstall.pl If you installed the application from the pkg package, type the following in the command line to uninstall Kaspersky SMTP-Gateway: # pkg_delete <package_name> After the application has been successfully removed from your server, you will see a corresponding message on your screen.

72 CHAPTER 8. FREQUENTLY ASKED QUESTIONS This chapter contains a detailed discussion of questions most frequently asked by our users regarding the installation, configuration and operation of the application. Question: Is it possible to use Kaspersky SMTP-Gateway with anti-virus products of other vendors? No. We recommend uninstalling anti-virus products of other vendors prior to installation of Kaspersky SMTP-Gateway to avoid software conflicts. Question: Kaspersky Anti-Virus does not rescan files that have been scanned earlier. Why? This is true. The application does not rescan files that have not changed since the last scan. That has become possible due to new ichecker. The technology is implemented in the program using a database of file checksums. Question: Why does Kaspersky Anti-Virus cause a certain decrease in server performance, noticeably loading the CPU? Virus detection is a computationally intensive mathematical problem requiring structural analysis, checksum calculation and mathematical data conversions. Processor time is therefore the main resource consumed by the program, and each new virus added to the anti-virus database increases the overall scanning time. This is a necessary sacrifice for the security and safety of your data. Other anti-virus products speed up scanning by excluding both viruses, which are less easily detectable or less frequent in the geographic location of the anti-virus vendor, and file formats that require complicated analysis (e.g. PDF) from their databases. In contrast, Kaspersky Lab believes that the purpose of its products is to establish real and complete security for its users. Kaspersky SMTP-Gateway gives its users maximum protection. Experienced users can accelerate anti-virus scanning to the detriment

73 Frequently asked questions 73 of overall security by disabling scanning of various file types, but we do not recommend doing so for users who want the best protection. For maximum user protection, Kaspersky SMTP-Gateway recognizes more than 700 formats of archived and compressed files. This is essential for anti-virus security, because harmful executable code may be hidden inside files of any recognized format. However, despite the daily growth in the number of viruses detected by Kaspersky SMTP- Gateway (approximately 30 new viruses appear daily) as well as the ever increasing number of recognized file formats, each subsequent version of our product functions faster than the previous one. That is achieved through the use of new, exclusive technologies, such as ichecker, developed at Kaspersky Lab. Question: Why do I need the key file? Will my Kaspersky SMTP- Gateway work without it? No, Kaspersky SMTP-Gateway does not work without a license key. If you are still deciding whether or not to purchase Kaspersky SMTP- Gateway, we can provide you with a temporary key file (trial key), which will only work either for two weeks or for a month. When this period expires, the key will be blocked. Question: What happens when the license expires? After expiration of the license, Kaspersky SMTP-Gateway will continue operating, but updating of the anti-virus databases will be disabled. Kaspersky SMTP-Gateway will continue cleaning infected objects but only using the old anti-virus databases. If such a situation arises, notify your system administrator and contact the company where you have purchased Kaspersky SMTP-Gateway or Kaspersky Lab directly for license renewal. Question: Kaspersky SMTP-Gateway does not work. What should I do? First, check if a solution for your problem is provided in this documentation, especially in this section or on our website. In addition, we recommend that you apply for support to the distributor from whom you purchased Kaspersky SMTP-Gateway or write to our Technical support service ([email protected]) or to the address contained in the license key information.

74 74 Kaspersky SMTP-Gateway 5.5 for Linux/Unix To make sure your request is answered as soon as possible, follow these suggestions: 1. In the message header, specify your operating system, the name of Kaspersky Lab product you are experiencing problems with, and briefly describe the problem. For example: OpenBSD 3.6, Kaspersky SMTP-Gateway 5.5 for Linux/Unix, updating of the anti-virus databases does not function. 2. Compose your messages in plain text format. 3. At the beginning of the message, specify the exact versions of the operating system and Kaspersky SMTP-Gateway distribution package and provide the number of your license key file. 4. Clearly describe the problem in brief. Keep in mind that, when reading your mail, the technical support service officers do not yet know about your problem. They can only help after fully understanding and reproducing it. 5. Send the following data, packed into one archive, to the Technical Support Service: all configuration files of your mail agent (MTA) mail system log file application log file your license key file. 6. Make sure to specify in your mail if your computer system contains any of the following: a very old or very new processor, or more than one processor less than 64 MB or more than 2 GB of RAM. 7. Specify the approximate amount of daily traffic and whether or not the server has peak loads. Question: What are the regular updates for? A few years ago viruses were transmitted on floppy disks, and adequate computer protection could be achieved by installation of an anti-virus program followed by rare updates to its anti-virus database. However, recent virus epidemics spread around the world in several hours, and anti-virus protection with old databases may be helpless against a new threat. In order to resist new viruses, you should update the anti-virus databases every hour.

75 Frequently asked questions 75 Every year Kaspersky Lab increases the frequency of its updates issued for the anti-virus databases. Currently they are updated every hour. Updating of the application modules is an additional feature that allows both correction of discovered vulnerabilities and addition of new functions. Question: What are the changes to the updating service since version 5.0? The Kaspersky Lab 5.0 product suite features a new updating service, which has been developed in accordance with the requests of our users. It automates the whole updating procedure, from the preparation of updates in Kaspersky Lab to the moment that relevant files are updated on clients' computers. Advantages of the new updating service include: Ability to resume downloading of files after disconnection. Upon reconnection only files which have not been downloaded are retrieved. Cumulative updates are now half the size. A cumulative update contains the whole anti-virus database, therefore its size exceeds considerably the size of typical updates. The new service employs a special technology which allows using already existing anti-virus database for a cumulative update. Accelerated downloading from the Internet. Kaspersky SMTP- Gateway picks up a Kaspersky Lab's updates server located in your region. Furthermore, servers are allocated according to their performance, so you will not be sent to an overloaded server while there is another idle server available. Use of key «black lists». Unlicensed and illegal users of Kaspersky SMTP-Gateway are now prevented from using the updating service. Licensed users therefore do not suffer from inability to contact overloaded updates servers. Corporate enterprises can now create a local updates' server. This feature is designed for organizations where a single LAN unites computers protected by Kaspersky Lab products. Any computer on the LAN can be turned into an updates server that retrieves updates from the Internet and shares them with the other networked computers.

76 76 Kaspersky SMTP-Gateway 5.5 for Linux/Unix Question: Can an intruder deliberately replace the anti-virus databases? Every anti-virus database has a unique signature verified by Kaspersky products while accessing the database. If the signature does not correspond to the one assigned at the Kaspersky Lab, or the date of the database is later than that of the license expiry, Kaspersky SMTP- Gateway will not use it. Question: The application cannot be started, the Sender module does not work, etc. What should I do? If, due to incorrect settings, the number of running processes (threads) exceeds the maximum number permitted by the system, the application performance may be affected or your system will freeze. To solve this problem, it is recommended to decrease the number of concurrently active incoming and outgoing mail sessions and the number of objects scanned simultaneously by the AV module (AntiviralSessions, IncomingSessions, and OutgoingSessions parameters in the [smtpgw.limits] section of the application configuration file). The second solution for the problem would be to decrease the stack size. This command works in Linux operating system only. Enter the following in the command line: # ulimit s The maximum stack size will be displayed on the console. Set the new value equal to the quarter of the current value by entering the following: # ulimit s <number> where <number> is a new maximum stack size. Question: What should I do to make man pages of the application available by the command man <name>? To make application man pages available using man <name> command at each restart of your system, do the following: For Debian and SuSE Linux distributions, the following line should be added to the /etc/manpath.config file: MANDATORY_MANPATH /opt/kav/5.5/smtpgw/man

77 Frequently asked questions 77 For RedHat Linux distributions, the following line should be added to the /etc/man.config file: MANPATH /opt/kav/5.5/smtpgw/man For OpenBSD distributions, the following line in the /etc/man.conf file: _default /usr/{share,x11r6,x11,contrib,gnu,\local}/{man,man/ old}/ should be supplemented as follows: _default /usr/{share,x11r6,x11,contrib,gnu,\local}/{man,man/ old,share/kav/5.5/smtpgw/man}/ For FreeBSD distributions, the following line should be added to the /etc/manpath.config file: MANDATORY_MANPATH /usr/local/share/kav/5.5/smtpgw/man Question: What should I do if error LibKAVEngine Init error: err_no=3 occurs during operation of the application or the following message appears at application startup: "smtpgw could not be started", accompanied by return codes 46 or 48? The error may occur if you are using a non-standard directory for storage of temporary files (by setting the values of the TMP or TEMP environment variables) and user account employed by the application (kavuser by default) is not allowed to access that directory for writing. E.g., such error may be encountered when the application is installed under Mandrake Linux distribution (which uses /root/tmp/ as the default directory for storage of temporary files of root user). To resolve the problem, you should either change access rights for the directory or redefine/delete the TMP and TEMP environment variables to force the use of another directory (e.g., /tmp/) with the access rights necessary for normal operation of the application.

78 APPENDIX A. SUPPLEMENTARY INFORMATION ABOUT THE PRODUCT This annex describes the distribution of the application files after installation including a detailed description of the configuration file, command line keys for every component and their return codes, and generation of operational statistics. A.1. Distribution of the application files in directories After the installation of Kaspersky SMTP-Gateway, is complete, the application files will be located in the following directories, provided that the default paths have been accepted during the installation: Linux distribution kit: /opt/kav/5.5/smtpgw/ main application directory. This directory includes: /bin/ directory containing executable files of the application components: smtpgw executable file of the anti-virus protection component. keepup2date executable file of the component responsible for updating the anti-virus databases. licensemanager executable file of the component responsible for management of license keys. kltlv utility employed for template syntax checks. klmailq utility for management of the application working queue. klmaila utility for management of message archives. /setup/ directory containing scripts and executable files used during the installation, post-install setup and removal of the application. /init.d/ directory containing scripts used to control the application. Link to controlling script is also added to the /etc/init.d/ directory. /man/ directory containing application manual pages.

79 Appendix A 79 /etc/kav/5.5/smtpgw/ directory containing the smtpgw.conf default application configuration file. /var/db/kav/5.5/smtpgw/ directory containing application data and including the following subdirectories and files: /bases/ directory containing the anti-virus databases and the updcfg.xml configuration file of the keepup2date component. /bases.backup/ directory where the keepup2date component saves backup copies of the anti-virus databases. /licenses/ directory where the license key files are installed. /patches/ directory where the updates for the application components are saved. /quarantine/ the default quarantine directory. /arch_in/ directory for storing the archive of all received messages. /arch_out/ directory for storing the archive of all sent messages. /stat/ directory for storing the statistics file. /templates/ directory where the default application template files are installed: notify.tmpl template for notification messages. placeholder.tmpl template used for replacing an infected object with a message. dsn.tmpl template used for DSN messages generated by the application. disclaimer.tmpl template used for generation of the disclaimer text appended to mail messages. /ichecker/ directory for storing the working files of the ichecker database. /smtpgw/ default directory used by the application to store the working queue of messages. /var/log/kav/5.5/smtpgw/ directory for storing log files. FreeBSD distribution kit: /usr/local/share/kav/5.5/smtpgw/ main application directory. This directory includes: /bin/ directory containing executable files of the application components:

80 80 Kaspersky SMTP-Gateway 5.5 for Linux/Unix smtpgw executable file of the anti-virus protection component; keepup2date executable file of the component responsible for updating the anti-virus databases. licensemanager executable file of the component responsible for management of license keys. kltlv utility employed for template syntax checks. klmailq utility for management of the application working queue. klmaila utility for management of message archives. /setup/ directory containing scripts and executable files used during the installation, post-install setup and removal of the application. /man/ directory containing application manual pages. /usr/local/etc/rc.d/ directory containing scripts used to control the application. /etc/kav/5.5/smtpgw/ directory containing the smtpgw.conf default application configuration file. /var/db/kav/5.5/smtpgw/ directory that contains application data including the following directories and files: /bases/ directory containing the anti-virus databases and the updcfg.xml configuration file of the keepup2date component. /bases.backup/ directory where the keepup2date component saves backup copies of the anti-virus databases. /licenses/ directory where the license key files are installed. /patches/ directory where the updates for the application components are saved. /quarantine/ the default quarantine directory. /arch_in/ directory for storing the archive of all received messages. /arch_out/ directory for storing the archive of all sent messages. /stat/ directory for storing the statistics file. /templates/ directory where the default application template files are installed: notify.tmpl template for notification messages. placeholder.tmpl template used for replacing an infected object with a message.

81 Appendix A 81 dsn.tmpl template used for DSN messages generated by the application. disclaimer.tmpl template used for generation of the disclaimer text appended to mail messages. /ichecker/ directory for storing the working files of the ichecker database. /var/spool/kav/5.5/smtpgw/ default directory used by the application to store the working queue of messages. /var/log/kav/5.5/smtpgw/ directory for storing log files. OpenBSD distribution kit: /usr/local/share/kav/5.5/smtpgw/ main application directory. This directory includes: /bin/ directory containing executable files of the application components: smtpgw executable file of the main (anti-virus protection) component. keepup2date executable file of the component responsible for updating the anti-virus databases. licensemanager executable file of the component responsible for management of license keys. kltlv utility employed for template syntax checks. klmailq utility for management of the application working queue. klmaila utility for management of message archives. /setup/ directory containing scripts and executable files used during the installation, initial configuration and removal of the application, including application controlling script setup.sh. /man/ default directory containing application manual pages. /etc/kav/5.5/smtpgw/ directory containing the smtpgw.conf default application configuration file. /var/db/kav/5.5/smtpgw/ directory containing application data: /bases/ directory containing the anti-virus databases and the updcfg.xml configuration file of the keepup2date component. /bases.backup directory where the keepup2date component saves backup copies of the anti-virus databases. /licenses directory where the license key files are installed. /patches/ directory where the updates of the application components are saved. /quarantine/ the default quarantine directory.

82 82 Kaspersky SMTP-Gateway 5.5 for Linux/Unix /backup/ the default backup storage directory. /arch_in/ default directory for storing the archive of all received messages. /arch_out/ default directory for storing the archive of all sent messages. /stat/ default directory for storing the statistics file. /templates/ directory where the default application templates are installed: notify.tmpl notification messages template. placeholder.tmpl template for replacing an infected object with a message. dsn.tmpl template used for DSN messages generated by the application. disclaimer.tmpl template used for generation of the disclaimer text appended to mail messages. /ichecker/ default directory for storing the working file of the ichecker database. /var/spool/kav/5.5/smtpgw/ default directory for storing the working queue of messages. /var/log/kav/5.5/smtpgw the default directory for storing log files. A.2. Kaspersky SMTP-Gateway configuration file The default installation package of Kaspersky SMTP-Gateway includes the smtpgw.conf file containing the application settings. This configuration file is divided into sections that describe parameters of all individual groups of application features. Each section is described in the following way: first line the heading [section name], then follow the lines containing the description of the parameter represented as parameter=description. The description of each section of the configuration file is completed by the header of the next section. Instead of true false values for Boolean settings in the configuration file, you may also use equivalent values: yes no, y n or 1 0. The options described as required parameters are critical for normal functioning of the application. Without these parameters, the configuration file is invalid!

83 Appendix A 83 The [path] section contains options that define the path to the critical files, which are necessary for the application to work properly: BasesPath full path to the directory containing the anti-virus databases. Required parameter. LicensePath full path to the directory containing license keys. Required parameter. The [locale] section contains date and time formats: DateFormat format used by the components to display date in the report (strftime). You can change the date format to be displayed in messages, e.g.: %y/%m/%d or %m/%d/%y. TimeFormat format used by the components to display time in the report (strftime). You can alter the time presentation to 12-hour format (a.m., p.m.) using the string: %I:%M:%S %P The [smtpgw.access] section includes the following options used to control the access for SMTP clients: ConnectRule defines application behaviour during establishment of an SMTP session. Syntax: ConnectRule=allow deny from in_dnsbl out_dnsbl to <rcpt> <rcpt_mask> or ConnectRule=allow deny from has_name no_name to <rcpt> <rcpt_mask> or ConnectRule=allow deny from any to <rcpt> <rcpt_mask> where has_name no_name corresponds to a situation, when the program can/cannot obtain host name at the specified address, in_dnsbl out_dnsbl corresponds to the situation, when host address is included/not included into the black lists of DNS BL services specified by the DNSBlackList parameter. The <rcpt> <rcpt_mask> value determines the mail recipient or a mask for addresses of recipients. You can use the "*" and "?" wildcards to specify a mask for recipients' mail addresses; "*" stands for any address. The any keyword allows any sender's address. During rule selection from a list the program will use the first one matching the recipient s address mask.

84 84 Kaspersky SMTP-Gateway 5.5 for Linux/Unix If a rule has been applied, the establishment/termination of an session will be determined by the specified allow deny value. HeloRule defines application response to HELO/EHLO command received from a client. Syntax: HeloRule=allow deny from has_ip no_ip to <rcpt> <rcpt_mask> or HeloRule=allow deny from same_ip diff_ip to <rcpt> <rcpt_mask> or HeloRule=allow deny from any to <rcpt> <rcpt_mask> where has_ip no_ip corresponds to a situation, when it is possible/impossible to receive an address from the host name transferred by client as a parameter for the HELO/EHLO SMTP command, while same_ip diff_ip corresponds to a situation, when an address received from that name matches/doesn't match the actual address of the client that has established the connection. The <rcpt> <rcpt_mask>value determines the mail recipient or a mask for addresses of recipients. You can use the "*" and "?" wildcards to specify a mask for recipients' mail addresses; "*" stands for any address. The any keyword allows any sender s address. During rule selection from a list the program will use the first one matching the recipient s address mask. If a rule has been applied, the establishment/termination of an session will be determined by the specified allow deny value. MailfromRule defines application behaviour at an attempt to send a message from a source (MAIL FROM) with a domain name, which does not match the actual IP address of the originating domain or MX host corresponding to that domain. Syntax: MailfromRule=allow deny from has_ip no_ip to <rcpt> <rcpt_mask> or MailfromRule=allow deny from has_mx no_mx to <rcpt> <rcpt_mask> or MailfromRule=allow deny from any to <rcpt> <rcpt_mask> where has_ip no_ip corresponds to a situation, when it is possible/impossible to receive an address from host name, while

85 Appendix A 85 has_mx no_mx corresponds to a situation, when it is possible/impossible to identify MX records for the domain specified in sender s address transferred with the MAIL FROM SMTP command. The <rcpt> <rcpt_mask> value determines the mail recipient or a mask for addresses of recipients. You can use the "*" and "?" wildcards to specify a mask for recipients' mail addresses; "*" stands for any address. The any keyword allows any sender's address. During rule selection from a list the program will use the first one matching the recipient s address mask. If a rule has been applied, the establishment/termination of an session will be determined by the specified allow deny value. RelayRule defines the rules for client access to gateway. Syntax: RelayRule=allow deny from <ip> <mask> any to <rcpt> <rcpt_mask> where ip mask stands for the IP address or a mask for IP addresses of senders (record format x.x.x.x or x.x.x.x/x.x.x.x or x.x.x.x/y). E.g.: or / or /16). The <rcpt> <rcpt_mask> value determines the mail recipient or a mask for addresses of recipients. You can use the "*" and "?" wildcards to specify a mask for recipients' mail addresses; "*" stands for any address The any keyword allows any sender's address. During rule selection from a list the program will use the first one matching the address_or_mask/recipient s_domain pair. If a rule has been applied, then permission/denial of client access to gateway will be determined by the specified allow deny value. E.g.: RelayRule=allow from /16 to * RelayRule=allow from any to *@mydomain.com RelayRule=allow from any to *@myotherdomain.com RelayRule=deny from any to * the rule allows sending of messages for clients from network х.х to any recipient addresses; it allows sending of messages from all clients to recipients from mydomain.com or myotherdomain.com domains, blocking all other actions. Incorrect access settings for clients may allow using the application as an open mail relay. DNSBlackList a list of DNS Black List servers (services). Specify the list of DNS BL services to be used during receipt of messages. If you are using several services, each record must have the following format:

86 86 Kaspersky SMTP-Gateway 5.5 for Linux/Unix DNSBlackList=mail-abuse.org DNSBlackList=bl.spamcop.net DNSBlackList=block.blars.org The [smtpgw.ave] section contains the settings for anti-virus scanning of Cure=true false disinfect infected objects. The default value is: false. To enable this mode, set the option to true. ScanArchives=true false scan archives. The default value is: true. To disable this mode, set the option to false. ScanMailBases=true false scan mail databases. The default value is: true. To disable this mode, set the option to false. ScanTimeout= time (in seconds) during which the AV module can process a single object. If the scan time exceeds the limit, the object is assigned the Error status (scan error). The default value is: 180. UseIChecker=true false use ichecker technology to scan for viruses. The default value is: true. To disable the mode, set the parameter to false. The [smtpgw.forward] section contains the following options for relaying messages through the application: ForwardRoute routing table containing message routing options. It explicitly defines for specified domains or recipient addresses the mail server to which the application will deliver messages addressed to the listed domains. The values include the mask of recipient addresses ("*" and "?" wildcards can be used) and the name / IP address of the mail server the application will connect to for delivery. You may optionally specify the port to be used if it is different from the standard one (port 25). The [smtpgw.limits] section includes options that limit application functionality when mail traffic processing is performed: AntiviralSessions= maximum number of concurrently running anti-virus sessions (it is not recommended to increase the value of this parameter, except for the cases when the application is overloaded). The default value is: 10. IncomingSessions= maximum number of open incoming sessions. The default value is: 100. OutgoingSessions= maximum number of open outgoing sessions. The default value is: 20. MaximalIncomingHops=1 100 maximum number of intermediate hosts for a single message. The default value is: 20.

87 Appendix A 87 MaximalIncomingMessageSize= maximum size (Kb) of an incoming message. The default value is: MaximalIncomingMessagesPerSession= maximum number of messages that can be received during one mail session. The default value is: 100. MaximalIncomingRcptsPerMessage= maximum number of recipients of a single message. The default value is: 100. MaximalIncomingSessionSize= maximum size (KB) of incoming messages transferred within a single mail session. The default value is: MaximalIncomingSessionsPerIP= maximum number of open connections for mail receipt from a single IP address. The maximum value is: 4. MaximalOutgoingSessionsPerHost= maximum number of simultaneous connections for sending messages to a single host. The maximum value is: 4. MinimalQueueFreeSpaceSize= minimum amount of available disk space in the partition, where the application working queue is located (MB). If application activity results in an increase of the queue reducing available space to amount smaller than the specified limit, the application will temporarily suspend receipt of new messages until the value returns to the defined minimum. The default value is: 0 (no limit). The [smtpgw.network] section includes the network settings of the application: ListenOn the interfaces and ports used by the Receiver module to receive traffic. It is specified as a table (list of values). The default value is: " :25" (all available interfaces, port 25). Hostname host name that identifies the server where the application is installed. Required parameter. Postmaster mail address used by the application as the <postmaster> address. Required parameter. ProtectedDomains the list of domains that require anti-virus scanning of traffic (wildcards "*" and "?" can be used). Required parameter. The [smtpgw.options] section contains various settings of the smtpgw component not included in other sections: LogFilename full name (including the path) of the log file where results of smtpgw component operation are written in the text format. If parameter value is an empty string (LogFilename=), operation information is not logged. Information can also be written to system log (LogFilename=syslog).

88 88 Kaspersky SMTP-Gateway 5.5 for Linux/Unix LogLevel= the level of details in application work report (0 Fatal, 1 Error, 2 Warning, 3 Info, 4 Activity, 9 - Debug). The default value is: 4. StatFilename full name (including the path) of the file that stores the application performance statistics. The default value is: /var/db/kav/5.5/smtpgw/smtpgw.stat. ICheckerDBFilename full name (including the path) of the database file that stores the information about the messages scanned using the ichecker technology. The default value is: /var/db/kav/5.5/smtpgw/smtpgw.sfdb. PrependReceived=true false if this option is enabled, the smtpgw component will add the Received: header to scanned messages. The default value is: true (the header will be added). DSNTemplate full name (including the path) of the file used as a template for Delivery Status Notification messages. Required parameter. DSNEntireMessage=true false if this option is enabled, the original message will be entirely included in the corresponding DSN messages. The default value is: false, i.e., the DSN message will contain only the header of the original message. DSNOnRelaying=true false an option used for generating a DSN message upon successful delivery of a message. The default value is: false. AVStatistics full name of a file or a socket to which the application s statistical data will be logged. If parameter value is an empty string (AVStatistics=), the statistical data will not be logged. DropMalformedMail=true false an option that determines the delivery or removal of mail messages that do not meet the RFC standards. The default value is: false. This also includes an attempt to make the message compliant with the standards, after which certain actions as per the configuration file settings will be performed. If the option is set to true, then the messages that do not comply with the standards, will not be delivered. The [smtpgw.path] section contains paths to archives, control files and the working queue of the application: IncomingArchivePath path to the directory where the archive with all incoming messages is stored. If the option is set to an empty string or if the option is missing altogether, then the received messages will not be archived. OutgoingArchivePath path to the directory where the archive with all outgoing messages is stored. If the option is set to an empty string or if

89 Appendix A 89 the option is missing altogether, then the sent messages will not be archived. QueuePath path to the directory that stores the working queue of objects to be processed by the application. Required parameter. ControlPath path to the application control files. Required parameter. The [smtpgw.timeouts] section contains application timeout options: MaximalBackoffTime= maximum period of time (seconds) that must elapse before the application will try to send an undelivered message next time. The default value is: MinimalBackoffTime= minimum time (seconds) that must elapse before the application will try to send an undelivered message again. The default value is: Please note that the value, set for the UnreachableTTL parameter in the [smtpgw.resolve] section should be less than MinimalBackoffTime. Otherwise, the application may try to send a message before its cache is updated. As a result, the application will find old information about unreachable host in cache and will not attempt to send such a message. MaximalQueueLifetime=1 14 period (days) during which the application will try to send a message that was not delivered. If the message could not be delivered during the specified time, it will be deleted and a notification about failed delivery will be generated for its sender. The default value is: 5. ReadTimeout= timeout (seconds) for reading network data by the Receiver module. The default value is: 120. WriteTimeout= timeout (seconds) for writing network data by the Sender module. The default value is: 120. ReceivingCommandTimeout= timeout (seconds) for waiting the SMTP protocol commands: HELO/EHLO, MAIL FROM, RCPT TO (first such command) and QUIT SMTP protocol from a host. The default value is: 300. ReceivingDataInitiationTimeout= timeout (seconds) for DATA command of the SMTP protocol from a remote host. Note that the timeout for the first command RCPT TO is defined by the above parameter, whereas all the subsequent RCPT TO commands must be transferred by the client within the time specified as ReceivingDataInitiationTimeout. The default value is: 600.

90 90 Kaspersky SMTP-Gateway 5.5 for Linux/Unix ReceivingDataTerminationTimeout= timeout (seconds) for terminating data transfer (CRLF.CRLF sequences). The default value is: 300. SendingInitialTimeout= timeout (seconds) for waiting for the response from a remote server when establishing an SMTP session. The default value is: 300. SendingHelloTimeout= timeout (seconds) for waiting for the response from a remote server to the HELO/EHLO command of the SMTP protocol. The default value is: 300. SendingMailTimeout= timeout (seconds) for waiting for the response from a remote server to the MAIL FROM command. The default value is: 300. SendingRcptTimeout= timeout (seconds) for waiting for the response from a remote server to the RCPT TO command of the SMTP protocol. The default value is: 300. SendingDataInitiationTimeout= timeout (seconds) for waiting for the response from a remote server to the DATA command of the SMTP protocol. The default value is: 600. SendingDataTerminationTimeout= timeout (seconds) for termination of the data transfer (CRLF.CRLF sequences). The default value is: 300. SendingQuitTimeout= timeout (seconds) for waiting for the response from a remote server to the QUIT command of the SMTP protocol. The default value is: 300. The [smtpgw.resolve] section contains the default settings for the internal DNS client: InternalRecursionEnabled=true false an option, which determines whether the internal application DNS client will use its own recursion instead of the recursion routine employed in DNS server for name resolution. The default value is: false. InternalRecursionsLimit=1 100 an option limiting maximum recursion depth (nesting) per single request. The default value is: 32. IONetworkTimeout= timeout (seconds) for waiting during network operations performed by the internal client of the application DNS service for name resolution. The default value is: 5. IPCacheRefreshPeriod= time (seconds), which must elapse before the application removes from its cache records about IP addresses with expired TTL. The default value is: (12 hours).

91 Appendix A 91 Records in application cache are not removed automatically after their TTL expiry (the application at that does not use the outdated records). The frequency used to remove obsolete records from the cache is determined by the IPCacheRefreshPeriod, UnreachableCacheRefreshPeriod, MXCacheRefreshPeriod, and UnresolvedCacheRefreshPeriod parameters. MXCacheRefreshPeriod= time (seconds), which must elapse before the application removes from its cache MX records with expired TTL. The default value is: (12 hours). UnreachableCacheRefreshPeriod= time (seconds), which must elapse before the application removes from its cache records about unreachable hosts with expired TTL. The time-to-live for the records about unreachable hosts is specified by the UnreachableTTL parameter. The default value is: (12 hours). UnresolvedCacheRefreshPeriod= time (seconds), which must elapse before the application removes from its cache information about unresolved hosts not found in DNS. The time-to-live for the records about unresolved hosts is specified by the UnresolvedTTL parameter. The default value is: (12 hours). UnresolvedTTL= time-to-live (seconds) in the application cache for records of unresolved hosts not found in DNS. During this time, the application will not perform repeated DNS requests about this host. The default value is: 600 (10 minutes). UnreachableTTL= time-to-live (in seconds) in the application cache for records of unreachable hosts. During this time, the application will not attempt to connect to this host. The default value is: 600 (10 minutes). Please note that the value, set for the UnreachableTTL parameter should be less than MinimalBackoffTime in the [smtpgw. timeouts] section. Otherwise, the application may try to send a message before the record about an unreachable host in its cache expires. As a result, the application will find old information about unreachable host in cache and will not attempt to send such a message. The [smtpgw.policy] section contains the default settings for processing messages: Check=true false defines the anti-virus scanning mode for all mail messages included into the particular group of recipients/senders. To disable the mode (i.e., configure the application to bypass the anti-virus scanning of messages), set the option to false. Required parameter. AdminNotifyAddress address to which the application will send notifications for the administrator regarding the processing results for

92 92 Kaspersky SMTP-Gateway 5.5 for Linux/Unix messages included into this group. The default value is: Required parameter. NotifyFromAddress address from which the application will send notifications regarding the scan results for messages of this group. The default value is: Required parameter. BackupPath path to the backup storage folder. The default value is: /var/db/kav/5.5/smtpgw/backup. Required parameter. QuarantinePath Path to the quarantine folder. The default value is: /var/db/kav/5.5/smtpgw/quarantine. Required parameter. IncludeByName defines masks for filtering by the attachment name. The application will filter the objects if their names match the specified masks and do not match the masks used to define exclusions from scanning. If the parameter is not defined, the application will use the value <"*"> that stands for any name. If several masks have to be specified for filtering, each record must have the following format: IncludeByName=*exe IncludeByName=*.bat The values for the ExcludeByName, IncludeByMime and ExcludeByMime options are specified in the same manner. ExcludeByName defines masks to exclude from filtering by the attachment name. Objects with names not matching these masks and matching the masks used to define inclusions into scanning, will be filtered. IncludeByMime defines masks for filtering by MIME type. The application will filter the objects if their names match the specified masks and do not match the masks used to define exclusions from scanning. If this parameter is not defined, the application will use the value <"*"> that stands for any type. ExcludeByMime defines masks to exclude from filtering by MIME type. The application will filter the objects with names not matching these masks and matching the masks used to define inclusions into scanning. NotifyAdminTemplate path to the template file used to generate notifications to be sent to the administrator. Required parameter. NotifyRecipientTemplate path to the template file used to generate notifications to be sent to the recipient. Required parameter. NotifySenderTemplate path to the template file used to generate notifications to be sent to the sender. Required parameter. PlaceholderTemplate path to the file the content of which is used to replace infected attached objects. Required parameter. DisclaimerTemplate path to the file used as a template for information added to processed messages.

93 Appendix A 93 Use of the template is defined by the AddDisclaimer option. You should modify the default template included into the distribution package to reflect the security policy of your company. ActionDisinfected=cure pass remove placeholder action to be applied to objects, which should be disinfected. Required parameter. ActionInfected=pass remove placeholder action to be applied to infected objects. Required parameter. ActionSuspicious=pass remove placeholder action to be applied to objects that are suspected of being infected with an unknown virus. Required parameter. ActionProtected=pass remove placeholder action to be applied to objects that the application has failed to scan because they are password-protected. Required parameter. ActionError=pass remove placeholder action to be applied to objects the application failed to scan because of a scan error. Required parameter. ActionFiltered=pass remove placeholder action to be applied to objects filtered by name or MIME type. Required parameter. BlockMessage=disinfected, infected, suspicious, protected, error, filtered all none list of statuses assigned to message objects according to the anti-virus scan results. Original messages with these statuses are blocked. Required parameter. NotifyAdmin=disinfected, infected, suspicious, protected, error, filtered all none list of statuses assigned to objects based on the anti-virus scan results. When these statuses are assigned, the application sends notifications to the administrator. Required parameter. NotifyRecipient=disinfected, infected, suspicious, protected, error, filtered all none list of statuses assigned to objects based on the anti-virus scan results. When these statuses are assigned, the application sends notifications to the recipient of the original message. Required parameter. NotifySender=disinfected, infected, suspicious, protected, error, filtered all none list of statuses assigned to objects based on the anti-virus scan results. When these statuses are assigned, the application sends notifications to the sender of the original message. Required parameter. SaveInQB=disinfected, infected, suspicious, protected, error, filtered all none list of statuses assigned to objects based on the scan results. The objects with these statuses will be moved to the quarantine or to the backup directory. Required parameter.

94 94 Kaspersky SMTP-Gateway 5.5 for Linux/Unix AddXHeader=true false an option to add an informational header to messages processed by the application. AddDisclaimer=true false an option to add disclaimer text generated according to the template specified by the administrator in the DisclaimerTemplate option. The [smtpgw.group:group_name] section contains the settings for processing messages for particular groups of recipients/senders: Check=true false defines the anti-virus scanning mode for all mail messages included into the particular group of recipients/senders. To disable the mode (i. e., configure the application to skip message scanning), set the option to false. Required parameter. Senders masks of addresses of the senders of an message. Enter masks as Senders=mask (one mask per line). You can use the "*" and "?" wildcards (e.g., If this option is not defined, the value is assumed to be (all addresses). Recipients masks of addresses of the recipients of an message. Enter masks as Recipients=mask (one mask per line). You can use the "*" and "?" wildcards (e.g., If this option is not defined, the value is assumed to be (all addresses). At least one of the Senders or Recipients parameters has to be specified. AdminNotifyAddress address to which the application will send notifications to the administrator regarding the scan results for messages included into this group. If this option is not defined, the value of a similar parameter from the [smtpgw.policy] section will be used. NotifyFromAddress address from which the application will send notifications regarding the scan results for messages of this group. If this option is not defined, the value of a similar parameter from the [smtpgw.policy] section will be used. BackupPath path to the backup storage folder. If this message is not defined, the value of the same parameter from section [smtpgw.policy] will be used. QuarantinePath path to the quarantine folder. If this parameter is not specified, the application will use the path defined for the quarantine file specified in the [smtpgw.policy] section. IncludeByName defines masks for filtering by the attachment name. The application will filter the objects if their names match the specified masks and do not match the masks used to define exclusions from scanning. If this option is not defined, the application will use the value

95 Appendix A 95 <"*"> (any name). If several masks have to be specified for filtering, each record must have the following format: IncludeByName=*exe IncludeByName=*.bat The values for the ExcludeByName, IncludeByMime and ExcludeByMime options are specified in the same manner. ExcludeByName defines masks for filtering out attachment names. The application will filter out the objects with names not matching these masks and matching the masks used to define inclusions into scanning. IncludeByMime defines masks for filtering by MIME type. The application will filter the objects if their names match the specified masks and do not match the masks used to define exclusions from scanning. If this option is not defined, the application will use the value <"*"> (any type). ExcludeByMime defines masks for filtering out MIME types. The application will filter out the objects with names not matching these masks and matching the masks used to define inclusions into scanning. NotifyAdminTemplate path to the template file used to generate notifications sent to the administrator. If this option is not defined, the value of a similar parameter from the [smtpgw.policy] section will be used. NotifyRecipientTemplate path to the template file used to generate notifications sent to the recipient. If this option is not defined, the value of a similar parameter from the [smtpgw.policy] section will be used. NotifySenderTemplate path to the template file used to generate notifications sent to the sender. If this option is not defined, the value of a similar parameter from the [smtpgw.policy] section will be used. PlaceholderTemplate path to the file the content of which is used to replace infected attached objects. If this option is not defined, the value of a similar parameter from the [smtpgw.policy] section will be used. DisclaimerTemplate path to the file used as a template for information added to processed messages. Use of the template is defined by the AddDisclaimer option. You should modify the default template included into the distribution package to reflect the security policy of your company. ActionDisinfected=cure pass remove placeholder action to be applied objects, which must be disinfected. If this option is not defined, the value of a similar parameter from the [smtpgw.policy] section will be used.

96 96 Kaspersky SMTP-Gateway 5.5 for Linux/Unix ActionInfected=pass remove placeholder action to be applied to infected objects. If this option is not defined, the value of a similar parameter from the [smtpgw.policy] section will be used. ActionSuspicious=pass remove placeholder action to be applied to objects that are suspected of being infected with an unknown virus. If this option is not defined, the value of a similar parameter from the [smtpgw.policy] section will be used. ActionProtected=pass remove placeholder action to be applied to objects that the application has failed to scan because they are password-protected. If this option is not defined, the value of a similar parameter from the [smtpgw.policy] section will be used. ActionError=pass remove placeholder action to be applied to objects the application failed to scan because of a scan error. If this option is not defined, the value of a similar parameter from the [smtpgw.policy] section will be used. ActionFiltered=pass remove placeholder action to be applied to objects filtered by name or MIME type. If this option is not defined, the value of a similar parameter from the [smtpgw.policy] section will be used. BlockMessage=disinfected, infected, suspicious, protected, error, filtered all none list of statuses assigned to message objects according to the anti-virus scan results. Original messages with these statuses are blocked. If this option is not defined, the value of a similar parameter from the [smtpgw.policy] section will be used. NotifyAdmin=disinfected, infected, suspicious, protected, error, filtered all none list of statuses assigned to objects based on the anti-virus scan results. When these statuses are assigned, the application sends notifications to the administrator. If this option is not defined, the value of a similar parameter from the [smtpgw.policy] section will be used. NotifyRecipient=disinfected, infected, suspicious, protected, error, filtered all none list of statuses assigned to objects based on the anti-virus scan results. When these statuses are assigned, the application sends notifications to the recipient of the original message. If this option is not defined, the value of a similar parameter from the [smtpgw.policy] section will be used. NotifySender=disinfected, infected, suspicious, protected, error, filtered all none list of statuses assigned to objects based on the anti-virus scan results. When these statuses are assigned, the application sends notifications to the sender of the original message. If this option is not defined, the value of a similar parameter from the [smtpgw.policy] section will be used. SaveInQB=disinfected, infected, suspicious, protected, error, filtered all none list of statuses assigned to objects based on the

97 Appendix A 97 scan results. The objects with these statuses will be moved to the quarantine or to the backup directory. If this parameter is not defined, the value of the same parameter from section [smtpgw. policy] will be used. AddXHeader=true false an option to include an informational header to messages processed by the application. AddDisclaimer=true false - an option to add disclaimer text generated according to the template specified by the administrator in the DisclaimerTemplate option. The [updater.path] section contains the paths to directories and files required for the keepup2date component to work: BackUpPath path to the directory that stores the archive of the anti-virus databases during updating. Required parameter. UploadPatchPath path to the directory that stores application patches. The [updater.options] section contains various parameters of the keepup2date component operation: KeepSilent=true false defines console display options for the report of the component work. If set to true, the reports are not output to console. The default value is: false. PostUpdateCmd defines the command that will be executed immediately after updating of the anti-virus databases is successfully completed. The value, set in configuration file, included in application distribution kit, will start automatic reloading of the updated anti-virus database. You are not advised to change the value of this parameter. UseUpdateServerUrl=true false an option making the application use the URL specified by the UpdateServerUrl parameter to update the database. The default value is: false. UseUpdateServerUrlOnly=true false an option making the application use only the URL specified by UpdateServerUrl to update the database. If this option is set to false, then whenever updating from the UpdateServerUrl address fails, the application will use a different address from the list of update servers. The default value is: true. UpdateServerUrl= ftp://url/ /local_path/ defines the path to be used to update the anti-virus databases from a local shared directory. RegionSettings defines the customer region code used to update the anti-virus databases from the nearest Kaspersky Lab's update server. ConnectTimeout network timeout (seconds) for the update of the antivirus databases. If updating is not completed within the specified time,

98 98 Kaspersky SMTP-Gateway 5.5 for Linux/Unix the application will try to download updates from a different server from the list of Kaspersky Lab s update servers. The default value is: 20. UseProxy=true false use a proxy-server to connect to one of Kaspersky Lab s update servers. If the parameter is false proxy server will not be used. If the parameter is true, proxy server address, defined by the ProxyAddress parameter, will be used. If the value of ProxyAddress parameter is not defined, the value of http_proxy environment variable will be used. If the value of environment variable is not defined proxy server will not be used. ProxyAddress the address of proxy server, used for connection. The parameter is to be specified as: Username and/or password can be omitted in proxy server address. If the address is not defined, its value will be taken from http_proxy environment variable. PassiveFtp=true false use passive FTP mode to download updates. The default value is: false. The [updater.report] section contains report output options for the keepup2date component: ReportFilename name of the log file that will store the component performance report. If the option is set to syslog, the component saves the report to the system log. The default value is: TEMP_PATH/keepup2date.log, where TEMP_PATH stands for the value of the TMP environment variable, if TMP is not defined the value of TEMP, and if TEMP is not defined the /tmp directory. ReportLevel= the level of details in component performance report (0 Fatal, 1 Error, 2 Warning, 3 Info, 4 Activity, 9 - Debug). The default value is: 4. Append=true false append a new component performance report to the end of the existing report file. If this option is set to false, the previous report will be overwritten with the new report when the file is open. The default value is: true. A.3. Use of external configuration files You may connect external configuration files to the main configuration file. You may use any of the following methods to that end: using the include directive.

99 Appendix A 99 The task may be accomplished through addition into the configuration file (in any location) of a line that looks like:!include <file_name> where <file_name> stands for an absolute path to the specified external configuration file; the file must exist and be available for reading. The opportunity may be used, e.g., for definition of parameters for a certain group of users in a separate file. In that case, modification of settings for that group would require modification of that file only. You will not have to change the main configuration file. Using a record of the form: file:file_name as the parameter value. E.g.: Senders=file:<file_name> RelayRule=deny from file:<file_name> to * where <file_name> stands for an absolute path to file; the file must exist and be available for reading. In that case, the application will substitute the contents of the external file line by line instead of the file: construction; the result of the substitution will be identical to assigning the same number of values to that parameter. The application also substitutes empty strings, which an external file may contain. Therefore, it is recommended to avoid such strings in a file, because they may cause syntax errors in the application configuration file. Task: enable the use of parameters specified in an external file for client access control. Solution: in order to perform the task, you should do the following: 1. Create my-recipients.list text file with the a list of addresses for users, who should receive the mail using the following format: [email protected] [email protected]... [email protected] 2. Assign the following value for the RelayRule parameter in the configuration file: [smtpgw.access]

100 100 Kaspersky SMTP-Gateway 5.5 for Linux/Unix RelayRule=allow from any to file:<absolute file path>/my-recipients.list RelayRule=deny from any to * or, to enable transfer both of incoming and outgoing mail for those addresses: [smtpgw.access] RelayRule=allow from any to file:<absolute file path>/my-recipients.list RelayRule=allow from file:<absolute file path>/my-recipients.list to * RelayRule=deny from any to * External files cannot be used to define parameters specified in the [updater.*] sections and [path], [locale] sections containing common parameters. In case of remote control via Webmin module, the use of external configuration files is not supported and may cause incorrect application behaviour. A.4. Control signals for the smtpgw component You can manipulate the application using the following special control signals: TERM QUIT INT HUP Stop the application. Restarts the application and reloads the configuration file, allowing new settings to take effect. A.5. Control files In Linux/Unix you can manage an application by creating special control files..c_stats.c_recv_on.c_recv_off Display application status statistics. Start the Receiver module. Stop the Receiver module.

101 Appendix A 101.c_avir_on.c_avir_off.c_send_on.c_send_off.c_db_reload Start the AV module. Stop the AV module. Start the Sender module. Stop the Sender module. Application restart with anti-virus database reloading. To initiate an action, create a file with the corresponding name in the directory specified as the value for the ControlPath parameter in the [smtpgw.path] section. The application will periodically check this directory for known control files, execute the corresponding command from that file, and then delete the file. A.6. Application statistics Following the stats command (see section 5.10 on p. 62) the application logs its performance statistics (from the moment of application startup until its state in the current moment) to a text file, specified by the StatFilename option in the [smtpgw.options] section. This txt file contains a set of lines in the following format: parameter_name=parameter_value The table below lists the names and values of the application status parameters. Parameter name Parameter value time_initialized Time of the server initialization. time_processing Server operation time (seconds). mta_received_messages Number of incoming messages successfully received by the server since its initialization. mta_received_bytes Number of bytes successfully received by the server since its initialization.

102 102 Kaspersky SMTP-Gateway 5.5 for Linux/Unix Parameter name Parameter value mta_received_recipients Number of recipients of incoming messages successfully received by the server since its initialization. mta_sent_messages Number of outgoing messages successfully sent by the server since its initialization. mta_sent_bytes Number of bytes successfully sent by the server since its initialization. mta_sent_recipients Number of recipients of outgoing messages successfully sent by the server since its initialization. mta_stored_messages_current Number of queued messages (at the moment when the report was generated). mta_incoming_connections_total Number of established incoming connections to the server since its initialization. mta_incoming_connections_current Number of established incoming connections to the server, when the report was generated. mta_incoming_connections_maximum Maximum number of incoming connections to the server since its initialization. mta_incoming_connection_errors Number of incoming connection errors since the server initialization. mta_incoming_connections_refused_total Total number of rejected incoming connections to the server since its initialization. mta_incoming_connections_refused_for_relaying Total number of incoming connections rejected by the server since the server initialization based on the relaying rules.

103 Appendix A 103 Parameter name Parameter value mta_incoming_connections_refused_for_connections_limit Number of incoming connections rejected by the server since its initialization because to the limit on the number of simultaneous incoming connections. mta_incoming_connections_refused_for_connections_per_ip_limit Number of incoming connections rejected by the server since its initialization due to the limit on the number of simultaneous incoming connections from a single IP address. mta_outgoing_connections_total Number of outgoing connections from the server since its initialization. mta_outgoing_connections_current Number of simultaneous outgoing connections at the moment when the report was generated. mta_outgoing_connections_maximum Maximum number of outgoing connections from the server since the server initialization. mta_outgoing_connection_errors Number of outgoing connection errors since the server initialization. mta_outgoing_connections_failed_total Total number of rejected outgoing connections from the server since its initialization. mta_outgoing_connections_failed_through_cache Total number of outgoing connections that were rejected since the server initialization because information about the host was found in the cache of unreachable hosts. mta_routing_queries_total Total number of routing queries since the server initialization. mta_dns_queries_total Total number of DNS queries since the server initialization. mta_dns_queries_failed Number of failed DNS queries since the server initialization.

104 104 Kaspersky SMTP-Gateway 5.5 for Linux/Unix Parameter name Parameter value mta_receivings_refused_total Total number of incoming connections rejected by the server since its initialization. mta_receivings_refused_for_message_size_limit Total number of incoming connections rejected by the server because of the message size since server startup. mta_receivings_refused_for_session_size_limit Number of incoming messages rejected by the server since its initialization because of the session size limit. mta_receivings_refused_for_hops_limit Number of incoming messages rejected by the server since its initialization because of the limit on the number of hops. mta_receivings_refused_for_messages_per_session_limit Number of incoming messages rejected by the server since its initialization because of the limited number of messages per session. mta_sendings_failed_total Total number of outgoing rejected messages since server initialization. mta_sendings_failed_for_message_size_limit Number of outgoing rejected messages because of the size limit (since server initialization. mta_sendings_failed_for_8bitmime Number of outgoing rejected messages since the server initialization because the remote server does not support 8BITMIME SMTP protocol extension. mta_malformed_messages Number of malformed incoming messages received since the server initialization. mta_dsn_generated Number of generated DSN messages since the server initialization. antiviral_checking_sessions_current Number of anti-virus sessions at the moment when the report was generated.

105 Appendix A 105 Parameter name Parameter value antiviral_checking_sessions_maximum Maximum number of anti-virus scanning sessions since the server initialization. antiviral_checked_objects_total Total number of objects checked for virus presence since the server initialization. antiviral_checked_objects_through_ichecker Number of clean objects with status assigned using ichecker since server initialization. antiviral_checked_objects_infected Number of infected objects recognized as incurable since the server initialization. antiviral_checked_objects_disinfected Number of disinfected objects since the server initialization. antiviral_checked_objects_suspicious Number of suspicious objects detected since the server initialization. antiviral_checked_objects_protected Number of protected objects not subject to anti-virus scanning since the server initialization. antiviral_checked_objects_filtered Number of filtered objects since the server initialization. antiviral_checked_objects_error Number of object scanning errors that occurred since the server initialization. antiviral_checked_messages_total Total number of messages checked for virus presence since the server initialization. antiviral_checked_messages_blocked Total number of messages blocked after the anti-virus scanning procedure since the server initialization. antiviral_checked_messages_modified Number of messages modified after the anti-virus scanning procedure since the server initialization.

106 106 Kaspersky SMTP-Gateway 5.5 for Linux/Unix Parameter name Parameter value antiviral_notifications_generated_for_sender Number of sender notifications generated since the server initialization. antiviral_notifications_generated_for_recipients Number of recipient notifications generated since the server initialization. antiviral_notifications_generated_for_admin Number of administrator notifications generated since the server initialization. task_sender_running Status of the Sender module: 0 - stopped, 1 - running. task_receiver_running Status of the Receiver module: 0 - stopped, 1 - running. task_antivirus_running Status of the AV module: 0 - stopped, 1 - running. A.7. Command line options for the smtpgw component The configuration file parameters can be redefined using command line options, when you are launching the application from the command line. Let us examine them closely. Help options -? or --help -v or --version Display on the console reference information about the command line options supported by the component and exit. Display the application version on the console and exit. Configuration options -с <path_to _file> or Use the alternative configuration file <path_to _file>.

107 Appendix A conf file=<path_to _file> -d or --no daemon -p <path_to _file> or --pid file=<path_to_ file> -n or no-pid-file -u <user_name> or --user=<user_name> -o or --no-change-owner -w or --no-watchdog -i <time> or --wd-init-timeout=<time> -b <time> or --wd headrtbeattimeout=<time> -y <time> or --wd headrtbeatdelay=<time> -k or --check-config Do not run the component as a daemon process. Use the alternative PID file <path_to _file>. Do not use the PID file. Define the user <user_name> as the owner of the process. Do not change the user-owner of the process. Do not launch the watchdog process. Timeout for the watchdog process to wait for successful application launch (seconds). Timeout for the watchdog process to wait for a signal about successful operation of application components (seconds). Frequency of application messages sent to the watchdog process to inform about successful operation of application components (seconds). Check configuration file syntax.

108 108 Kaspersky SMTP-Gateway 5.5 for Linux/Unix A.8. Smtpgw return codes The smtpgw component may return any of the following codes while running: 0 The component started successfully. 1 Error in command line options. 30 A critical system error occurred during the application operation. 41 The PID file already exists. 42 The PID file cannot be created. 43 Unable to run the daemon process for the application. 44 The UID and GID of the process owner cannot be changed. 45 The signal handler cannot be identified. 46 IOS could not be closed. 47 IOS could not be rerouted. 48 Error while initializing the anti-virus kernel. 49 Error initializing the debug information display (trace) module. 50 Error loading the anti-virus databases. 51 The anti-virus database date stamp is not within the license key validity period. 55 Error matching the network name with the socket (bind). 64 License data is missing or no license key was found using the path specified in the configuration file. 65 The configuration file cannot be loaded. 66 Error in the configuration file. 67 Error while initializing the log file. 70 Component executable file is corrupted.

109 Appendix A 109 A.9. Command line options for licensemanager Help options -h Display on the console reference information about the command line options supported by the component and exit. Command line options for managing license keys -s Output information about all installed license keys to the console. -c (С) <path_to_file> Use the alternative configuration file <path_to_file>. -k Output to the console information about the current key. -a <path_to_file> Install a license key. -d <a r> Delete the current key (with a reserved one, if installed) /additional key. A.10. Licensemanager return codes The licensemanager component may return any of the following codes while running: 0 The component has successfully completed its operation. 30 Critical system error. 64 Licensing error. 65 Error reading the configuration file. 66 Error in command line options. 70 The component executable file is corrupted.

110 110 Kaspersky SMTP-Gateway 5.5 for Linux/Unix A.11. Keepup2date command line options Help options -h Display on the console reference information about the command line options supported by the component and exit. -v Display the application version on the console and exit. -p <id> Update the application version with a specified <id> only. -i Output to console a list of all installed Kaspersky Lab applications. Update options -c <path_to_file> Use the alternative configuration file <path_to_file>. License key works only if just one Kaspersky Lab application is installed on the server, or if the application being updated is defined by the p key (otherwise, a system message about several installed applications will be displayed). -u <path_to_file> Copy the update to the local directory <path_to_file>. -b <path> When updating, create a backup copy of the current anti-virus databases in the <path> directory. -t <path> Use the <path> directory to store temporary files. -r Cancel the last update. Updated databases will be replaced by their previous versions. Report generation options -l <path_to_file> Log work results in file <path_to_file>. A.12. Keepup2date return codes The keepup2date component may return any of the following codes while running: 0 The anti-virus databases do not need an update.

111 Appendix A The anti-virus databases were updated successfully. 10 A critical error occurred; updating was interrupted. 30 The PostUpdaterCmd command could not be executed after the databases were updated. 60 License information is missing or no license key was found using the path specified in the configuration file. 75 The configuration file cannot be loaded or contains errors. A.13. Format of messages about template syntax check-up While kltlv utility controls the syntax in notification template files, the template language parser generates messages about the check-up results: Cannot open file "filename" An error occurred while template parsing Unexpected escape-char in the declaration, line LN Unexpected char in the declaration, line LN Unexpected '<' in the declaration, line LN Unexpected '>' in the declaration, line LN Unexpected '/' in the declaration, line LN Unexpected '%' in the declaration, line LN File filename cannot be opened. An unknown error occurred while parsing a template. The parser found an unsupported masked character in LN line during template examination. The parser found a character that is not allowed for the current construction in LN line during template examination. The parser found a '<' character that is not allowed for the current construction in LN line during template examination. The parser found a '>' character that is not allowed for the current construction in LN line during template examination. The parser found a '/' character that is not allowed for the current construction in LN line during template examination. The parser found a '%' character that is not allowed for the current construction in LN line during template examination.

112 112 Kaspersky SMTP-Gateway 5.5 for Linux/Unix Unexpected space-char in the declaration, line LN Unexpected '=' in the declaration, line LN Unexpected '\"' in the declaration, line LN Unexpected end of line in the declaration, line LN Macro name too long, line LN Iterator name too long, line LN Iterator value too long, line LN Variable name too long, line LN Variable value too long, line LN Parsing result too long, line LN Number of \"<FOR\" tags is not the same as number of \"</FOR>\" tags The parser found a ' ' character that is not allowed for the current construction in LN line during template examination. The parser found a '=' character that is not allowed for the current construction in LN line during template examination. The parser found a '\' character that is not allowed for the current construction in LN line during template examination. An error occurred in LN line while parsing a template current construction has an incorrect end. During template examination the parser determined in LN line that macro name exceeds 64 characters. During template examination the parser determined in LN line that iterator name exceeds 64 characters. During template examination the parser determined in LN line that the iterator value exceeds 4096 characters. During template examination the parser determined in LN line that variable name exceeds 64 characters. During template examination the parser determined in LN line that the variable value exceeds 4096 characters. The parser revealed an error in LN line during template examination: line parsing result exceeds the allowed value. The numbers of opening and closing tags do not match.

113 Appendix A 113 A.14. Return codes for the kltlv utility The kltlv utility may return the following codes while running: 0 Template has correct syntax. 1 Template name for examination has not been specified. 2 Template file cannot be opened. 3 Template has incorrect syntax. 4 System error in template parser operation. A.15. Command line options of the klmailq utility Help options -? --help -v --version -s --show-all -i QueueID --show-id= QueueID Output to console help information about the utility and exit. Output to console utility version and exit. Output to console information about all messages in the application working queue. Output to console information about message under the QueueID number. Options for work with messages in working queue -q --queue-path= path_to_queue Specify a custom path to the (path_to_queue) directory containing the application working queue. -r Remove all messages in the application working

114 114 Kaspersky SMTP-Gateway 5.5 for Linux/Unix --remove-all -d QueueID --remove-id=queueid -a --send-all -o QueueID --send-id=queueid queue. Remove QueueID message from the application working queue. Send all messages in application working queue to recipients. Send QueueID message from the application working queue to recipients. A.16. Command line options for the klmaila utility Help options -? --help -v --version -s --show-all -i QueueID --show-id= QueueID Output to console help information about the utility and exit. Output to console utility version and exit. Output to console information about all messages in storage. Output to console information about message with number QueueID. Options for work with messages in storage -q --queue-path= path_to_queue -p --archive-path= path_to_archive Specify a custom path to the (path_to_queue) directory containing the application working queue. The option may be necessary, when you have to send an archived message to a specific queue of messages. Specify a custom path to the (path_to_archive) directory containing the archive of messages.

115 Appendix A 115 -r --remove-all -d QueueID --remove-id=queueid -a --send-all -o QueueID --send-id=queueid Remove all messages preserved in storage. Remove QueueID message preserved in storage. Send all messages from storage to their original recipients. Send QueueID message from storage to its original recipients. A.17. Return codes for the klmaila and klmailq utilities The klmaila and klmailq utilities may return the following codes while running: 0 The utility has finished its operation. 1 Error in command line parameters. 2 Directory cannot be read. 3 System error. 4 Requested action has not been performed. A.18. Format of messages about anti-virus scanning The application provides for a possibility to view separately statistical data of the anti-virus component. In order to create a file that will contain the statistical data of the AV module, specify the value for option AVStatistics=file name TCP-socket in the [smtpgw.options] section of the configuration file. The said statistics file will be used to store the information on each processed object. Each line in the statistics file created will contain data about one processed object using the following format:

116 116 Kaspersky SMTP-Gateway 5.5 for Linux/Unix Time\tSize\tSender\tRecipients\tStatus\tVirusList\tIP \tmessage-id The table below contains descriptions of each parameter. If the parameter is optional, the corresponding field in the report line may remain blank. Symbolic name Value Note Time Size Sender Record creation time Record size Sender s address Recipients addresses of recipients. Several addresses can be listed. Status VirusList IP Message-id List of statuses assigned after the anti-virus scan. List of viruses. IP-address of the host from which the message was received. Message ID. Optional Optional Optional All information in the statistics file is logged after the anti-virus scan and spam filtering of message is performed. If, for some reason, the output of the report about the processed object is not possible (for example, the statistics server is not available), the information about the object will not be logged. A.19. Notifications about actions applied to the message Messages added to the log file, may be different depending on the action performed. When a message is delivered, the following line is added to the report file: envelope-id: RECEIVED, from=<...>, nrcpt=..., size=..., client=[...], helo=<...>, message_id=<message id>, flags=... where:

117 Appendix A 117 envelope-id message identifier in the application working queue; from value received from the MAIL FROM command nrcpt number of the recipients of this message (transmitted with the RCPT TO command(s)) size message size client IP address of the client s host helo client s domain name, received from HELLO/EHLO command message_id message ID flags flag(s), that have the following meanings: E used ESMTP D client requested DSN-confirmations. When a message is scanned for viruses, the following line is added to the log file: envelope-id: SCANNED, group=<...>, nrcpt=..., status="...", srcid=..., names="..." where: envelope-id message identifier in the application working queue group the name of the group of the recipients (or policy group) to which this message belongs nrcpt the number of recipients of this message (out of recipients that belong to this group) srcid original message ID status status assigned to the message based on the anti-virus scan results names names of viruses, if any, separated by ", ". When generating system notifications the following line will be added to the log file: envelope-id: CREATED, notify=<admin recipient sender>, nrcpt=..., size=..., srcid=... where: envelope-id message identifier in the application working queue notify account where the notification will be delivered (possible values are admin, recipient, sender) nrcpt the number of recipients of this message size message size

118 118 Kaspersky SMTP-Gateway 5.5 for Linux/Unix srcid original message ID. When a copy of an message is created (for the delivery of that message to different groups of recipients) the following line will be added to the log file: envelope-id: SPLITTED, domain=<...>, nrcpt=..., srcid=... where: envelope-id message identifier in the application working queue domain name of the domain for which a copy of the original message was created nrcpt the number of recipients of this message (out of recipients that belong to this group) srcid original message ID. When an message is delivered, the following line will be added to the log file: envelope-id: DELIVERED, rcpt=<...>, server=..., size=..., status=sent failed where: envelope-id message identifier in the application working queue rcpt address of the message recipient server IP address and name of the server where the message is delivered size message size status delivery status, possible values are: sent message was successfully delivered failed message was not delivered. When an message is blocked, the following line will be added to the log file: envelope-id: BLOCKED, rcpt=..., size=... where: envelope-id message identifier in the application working queue rcpt address of the message recipient size message size.

119 APPENDIX B. KASPERSKY LAB Founded in 1997, Kaspersky Lab has become a recognized leader in information security technologies. It produces a wide range of data security software and delivers high-performance, comprehensive solutions to protect computers and networks against all types of malicious programs, unsolicited and unwanted messages, and hacker attacks. Kaspersky Lab is an international company. Headquartered in the Russian Federation, the company has representative offices in the United Kingdom, France, Germany, Japan, USA (CA), the Benelux countries, China and Poland. A new company department, the European Anti-Virus Research Centre, has recently been established in France. Kaspersky Lab's partner network incorporates more than 500 companies worldwide. Today, Kaspersky Lab employs more than 250 specialists, each of whom is proficient in anti-virus technologies, with 9 of them holding M.B.A. degrees, 15 holding Ph.Ds, and two experts holding membership in the Computer Anti-Virus Researchers Organization (CARO). Kaspersky Lab offers best-of-breed security solutions, based on its unique experience and knowledge, gained over more than 14 years of fighting computer viruses. A thorough analysis of computer virus activities enables the company to deliver comprehensive protection from current and even future threats. Resistance to future attacks is the basic policy implemented in all Kaspersky Lab's products. At all times, the company s products remain at least one step ahead of many other vendors in delivering extensive anti-virus coverage for home users and corporate customers alike. Years of hard work have made the company one of the top security software manufacturers. Kaspersky Lab was one of the first businesses of its kind to develop the highest standards for anti-virus defense. The company s flagship product, Kaspersky Anti-Virus, provides full-scale protection for all tiers of a network, including workstations, file servers, mail systems, firewalls and Internetgateways, hand-held computers. Its convenient and easy-to-use management tools ensure advanced automation for rapid virus protection across an enterprise. Many well-known manufacturers use the Kaspersky Anti-Virus kernel, including Nokia ICG (USA), F-Secure (Finland), Aladdin (Israel), Sybari (USA), G Data (Germany), Deerfield (USA), Alt-N (USA), Microworld (India), BorderWare (Canada), etc. Kaspersky Lab's customers benefit from a wide range of additional services that ensure not only stable operation of the company's products but also compliance with any specific business requirements. Kaspersky Lab's anti-virus database is updated in real-time every 3 hours. The company provides its customers with a 24-hour technical support service, which is available in several languages to accommodate its international clientele.

120 120 Kaspersky SMTP-Gateway 5.5 for Linux/Unix B.1. Other Kaspersky Lab Products Kaspersky Anti-Virus Personal Kaspersky Anti-Virus Personal protects home computers running Windows 98/ME/2000/NT/XP from all types of known viruses, including Riskware. The application constantly checks all possible sources of virus penetration, such as , Internet, floppy disks, CDs, etc. Unknown viruses are efficiently detected and processed by a unique heuristic data analysis system. The two distinct modes of the application's operation (that can be used either separately or jointly) are: Real-Time Protection anti-virus scan of all files being run, opened or saved on the protected computer. On-Demand Scan scanning and disinfection of the entire computer or individual disks, files or folders. You can launch a scan manually using the graphical interface or set up a regular scheduled scan. Kaspersky Anti-Virus Personal does not re-scan objects that have not been modified. This rule applies now not only to the real-time protection but also to the on-demand scan. This feature greatly improves the speed and performance of the application. Kaspersky Anti-Virus Personal provides reliable protection against viruses that attempt to penetrate computers via messages. The application provides automatic scanning and disinfection of all incoming (POP3) and outgoing (SMTP) messages and efficiently detects viruses in databases. Kaspersky Anti-Virus Personal supports over 700 formats of archived and compressed files and ensures automatic anti-virus scanning of their content and removal of malicious code from files within ZIP, CAB, RAR and ARJ archives. The application's settings can easily be adjusted to one of the three pre-defined levels: Maximum Protection, Recommended Protection and Maximum Speed. The anti-virus database is updated every three hours. Database delivery is guaranteed even if during the download process the internet connection was interrupted or switched. Kaspersky Anti-Virus Personal Pro This package has been designed to deliver comprehensive anti-virus protection to home computers running Windows 98/ME/2000/NT/XP as well as MS Office 2000 applications. Kaspersky Anti-Virus Personal Pro includes an easy-to-use application for automatic retrieval of daily updates to the anti-virus database and the application modules. A second-generation heuristic analyzer efficiently detects even unknown viruses. Kaspersky Anti-Virus Personal includes many interface enhancements, making it easier than ever to use the application.

121 Appendix B 121 Kaspersky Anti-Virus Personal Pro features: on-demand scans of local disks to detect all known, and many unknown, kinds of viruses; automatic real-time protection of all files from viruses; mail filter that scans all incoming and outgoing messages in background mode; behavior blocker that guarantees 100% protection against macro viruses. Kaspersky Anti-Hacker Kaspersky Anti-Hacker is a personal firewall that is designed to safeguard a computer running any Windows operating system. It protects your computer against unauthorized access and external hacker attacks from either the Internet or the local network. Kaspersky Anti-Hacker monitors the TCP/IP network activity of all applications running on your machine. When it detects a suspicious action, the application blocks the suspicious application from accessing the network. This helps deliver enhanced privacy and 100% security of confidential data stored on your computer. The product s SmartStealth technology prevents hackers from detecting your computer from the outside. In this stealthy mode, the application works seamlessly to keep your computer protected while you are on the Web. The application provides conventional transparency and accessibility of information. Kaspersky Anti-Hacker also blocks most common network hacker attacks and monitors for attempts to scan computer ports. Configuration of the application is simply a matter of choosing one of five security levels. By default, the application starts in self-learning mode, which will automatically configure your security system depending on your responses to various events. This makes your personal guard adjustable to your specific preferences and your particular needs. Kaspersky Security for PDA Kaspersky Security for PDA provides reliable anti-virus protection of data stored on PDAs running Palm OS or Windows CE. It also offers anti-virus protection from any corrupted files transferred from a PC or an extension card, from ROM files, and from databases. This software package includes an optimal combination of the following anti-virus tools: anti-virus scanner to scan the data stored on both the PDA and extension card on demand; anti-virus monitor to intercept viruses in files that are either copied from other handhelds or are transferred using HotSync technology.

122 122 Kaspersky SMTP-Gateway 5.5 for Linux/Unix Kaspersky Security for PDA protects your handheld (PDA) from unauthorized intrusion by encrypting both access to the device and data stored on memory cards. Kaspersky Anti-Virus Business Optimal This package provides a configurable security solution for small- and mediumsized corporate networks. Kaspersky Anti-Virus Business Optimal includes full-scale anti-virus protection 1 for: Workstations running Windows 98/ME, Windows NT/2000/XP Workstation, and Linux; File and application servers running Windows NT 4.0 Server, Windows 2000, 2003 Server/Advanced Server, Windows 2003 Server, Novell Netware, FreeBSD and OpenBSD, and Linux; systems, namely Microsoft Exchange 5.5/2000/2003, Lotus Notes/Domino, Postfix, Exim, Sendmail, and Qmail; Internet-gateways: CheckPoint Firewall 1; MS ISA Server. The Kaspersky Anti-Virus Business Optimal distribution kit includes Kaspersky Administration Kit, a unique tool for automated deployment and administration. You are free to choose from any of these anti-virus applications, according to the operating systems and applications you use. Kaspersky Corporate Suite This package provides corporate networks of any size and complexity with comprehensive, scalable anti-virus protection. The package components have been developed to protect every tier of a corporate network, even in mixed computer environments. Kaspersky Corporate Suite supports the majority of operating systems and applications installed across an enterprise. All package components are managed from one console and have a unified user interface. Kaspersky Corporate Suite delivers a reliable, high-performance protection system that is fully compatible with the specific needs of your network configuration. Kaspersky Corporate Suite provides comprehensive anti-virus protection for: Workstations running Windows 98/ME, Windows NT/2000/XP, and Linux; File and application servers running Windows NT 4.0 Server, Windows 2000, 2003 Server/Advanced Server, Novell Netware, FreeBSD, OpenBSD and Linux; 1 Depending on the type of distribution kit.

123 Appendix B 123 systems, including Microsoft Exchange Server 5.5/2000/2003, Lotus Notes/Domino, Sendmail, Postfix, Exim and Qmail; Internet-gateways: CheckPoint Firewall 1; MS ISA Server; Hand-held computers (PDAs), running Windows CE and Palm OS. The Kaspersky Corporate Suite distribution kit includes Kaspersky Administration Kit, a unique tool for automated deployment and administration. You are free to choose from any of these anti-virus applications, according to the operating systems and applications you use. Kaspersky Anti-Spam Kaspersky Anti-Spam is a cutting-edge software suite that is designed to help organizations with small- and medium-sized networks wage war against the onslaught of undesired (spam). The product combines the revolutionary technology of linguistic analysis with modern methods of filtration, including RBL lists and formal letter features. Its unique combination of services allows users to identify and wipe out up to 95% of unwanted traffic. Installed at the entrance to a network, where it monitors incoming traffic streams for spam, Kaspersky Anti-Spam acts as a barrier to unsolicited . The product is compatible with any mail system and can be installed on either an existing mail server or a dedicated one. Kaspersky Anti-Spam s high performance is ensured by daily updates to the content filtration database by samples provided by the Company s linguistic laboratory specialists. Kaspersky Anti-Spam Personal Kaspersky Anti-Spam Personal is designed to protect users of mail client programs Microsoft Outlook and Microsoft Outlook Express against unwanted messages (spam). Kaspersky Anti-Spam Personal software package is a powerful tool that ensures detection of spam in the flow of messages incoming via POP3 and IMAP4 protocol (only for Microsoft Outlook). The filtering process involves the analysis of all attributes of the message (sender's and recipient's addresses and headers), content filtration (analysis of the content of the letter, including the Subject and attached files), as well as unique linguistic and heuristic algorithms. The application's high performance is enhanced by daily updates to the content filtration database by samples provided by the Company s linguistic laboratory specialists.

124 124 Kaspersky SMTP-Gateway 5.5 for Linux/Unix B.2. Contact Us If you have any questions, comments, or suggestions, please refer them to one of our distributors or directly to Kaspersky Lab. We will be glad to advise you on any matters related to our product by phone or via . Rest assured that all of your recommendations and suggestions will be thoroughly reviewed and considered. Technical support General information User documentation design group Please find the technical support information at WWW: (for opinions about documentation and online help system only)

125 APPENDIX C. LICENSE AGREEMENT End User License Agreement NOTICE TO ALL USERS: CAREFULLY READ THE FOLLOWING LEGAL AGREEMENT ("AGREEMENT") FOR THE LICENSE OF SPECIFIED SOFTWARE ("SOFTWARE") PRODUCED BY KASPERSKY LAB ("KASPERSKY LAB"). IF YOU HAVE PURCHASED THIS SOFTWARE VIA THE INTERNET BY CLICKING THE ACCEPT BUTTON, YOU (EITHER AN INDIVIDUAL OR A SINGLE LEGAL ENTITY) CONSENT TO BE BOUND BY AND BECOME PARTY TO THIS AGREEMENT. IF YOU DO NOT AGREE TO ALL OF THE TERMS OF THIS AGREEMENT, CLICK THE BUTTON THAT INDICATES THAT YOU DO NOT ACCEPT THE TERMS OF THIS AGREEMENT, AND DO NOT INSTALL THE SOFTWARE. IF YOU HAVE PURCHASED THIS SOFTWARE ON A PHYSICAL MEDIUM, HAVING BROKEN THE CD'S SLEEVE YOU (EITHER AN INDIVIDUAL OR A SINGLE ENTITY) ARE CONSENTING TO BE BOUND BY THIS AGREEMENT. IF YOU DO NOT AGREE TO ALL OF THE TERMS OF THIS AGREEMENT DO NOT BREAK THE CD's SLEEVE, DOWNLOAD, INSTALL OR USE THIS SOFTWARE. IN ACCORDANCE WITH THE LEGISLATION, REGARDING KASPERSKY SOFTWARE INTENDED FOR INDIVIDUAL CONSUMERS (KASPERSKY ANTI-VIRUS PERSONAL, KASPERSKY ANTI-VIRUS PERSONAL PRO, KASPERSKY ANTI-HACKER, KASPERSKY SECURITY FOR PDA) PURCHASED ON LINE FROM THE KASPERSKY LAB INTERNET WEB SITE, CUSTOMER SHALL HAVE A PERIOD OF 7 WORKING DAYS AS FROM THE DELIVERY OF PRODUCT TO MAKE RETURN OF IT TO THE MERCHANT FOR EXCHANGE OR REFUND, PROVIDED THE SOFTWARE IS NOT UNSEALED. REGARDING THE KASPERSKY SOFTWARE INTENDED FOR INDIVIDUAL CONSUMERS (KASPERSKY ANTI-VIRUS PERSONAL, KASPERSKY ANTI-VIRUS PERSONAL PRO, KASPERSKY ANTI- HACKER, KASPERSKY SECURITY FOR PDA) NOT PURCHASED ONLINE VIA INTERNET, THIS SOFTWARE NEITHER WILL BE RETURNED NOR EXCHANGED EXCEPT FOR CONTRARY PROVISIONS FROM THE PARTNER WHO SELLS THE PRODUCT. IN THIS CASE, KASPERSKY LAB WILL NOT BE HELD BY THE PARTNER'S CLAUSES.

126 126 Kaspersky SMTP-Gateway 5.5 for Linux/Unix THE RIGHT TO RETURN AND REFUND EXTENDS ONLY TO THE ORIGINAL PURCHASER. All references to "Software" herein shall be deemed to include the software activation key ("Key Identification File") with which you will be provided by Kaspersky Lab as part of the Software. 1. License Grant. Subject to the payment of the applicable license fees, and subject to the terms and conditions of this Agreement, Kaspersky Lab hereby grants you the non-exclusive, non-transferable right to use one copy of the specified version of the Software and the accompanying documentation (the "Documentation") for the term of this Agreement solely for your own internal business purposes. You may install one copy of the Software on one computer, workstation, personal digital assistant, or other electronic device for which the Software was designed (each a "Client Device"). If the Software is licensed as a suite or bundle with more than one specified Software product, this license applies to all such specified Software products, subject to any restrictions or usage terms specified on the applicable price list or product packaging that apply to any such Software products individually. 1.1 Use. The Software is licensed as a single product; it may not be used on more than one Client Device or by more than one user at a time, except as set forth in this Section The Software is "in use" on a Client Device when it is loaded into the temporary memory (i.e., random-access memory or RAM) or installed into the permanent memory (e.g., hard disk, CD-ROM, or other storage device) of that Client Device. This license authorizes you to make only as many back-up copies of the Software as are necessary for its lawful use and solely for back-up purposes, provided that all such copies contain all of the Software's proprietary notices. You shall maintain records of the number and location of all copies of the Software and Documentation and will take all reasonable precautions to protect the Software from unauthorized copying or use If you sell the Client Device on which the Software is installed, you will ensure that all copies of the Software have been previously deleted You shall not decompile, reverse engineer, disassemble or otherwise reduce any part of this Software to a humanly readable form nor permit any third party to do so. The interface information necessary to achieve interoperability of the Software with independently created computer programs will be provided by Kaspersky Lab by request on payment of its reasonable costs and expenses for procuring and supplying such information. In the event that Kaspersky Lab notifies you that it does not intend to make such information available for any reason, including (without limitation) costs, you shall be permitted to take such steps to achieve interoperability, provided that you only reverse engineer or decompile the Software to the extent permitted by law.

127 Appendix C You shall not make error corrections to, or otherwise modify, adapt, or translate the Software, nor create derivative works of the Software, nor permit any third party to copy the Software (other than as expressly permitted herein) You shall not rent, lease or lend the Software to any other person, nor transfer or sub-license your license rights to any other person You shall not use this Software in automatic, semi-automatic or manual tools designed to create virus signatures, virus detection routines, any other data or code for detecting malicious code or data. 1.2 Server-Mode Use. You may use the Software on a Client Device or on a server ("Server") within a multi-user or networked environment ("Server-Mode") only if such use is permitted in the applicable price list or product packaging for the Software. A separate license is required for each Client Device or "seat" that may connect to the Server at any time, regardless of whether such licensed Client Devices or seats are concurrently connected to or actually accessing or using the Software. Use of software or hardware that reduces the number of Client Devices or seats directly accessing or utilizing the Software (e.g., "multiplexing" or "pooling" software or hardware) does not reduce the number of licenses required (i.e., the required number of licenses would equal the number of distinct inputs to the multiplexing or pooling software or hardware "front end"). If the number of Client Devices or seats that can connect to the Software exceeds the number of licenses you have obtained, then you must have a reasonable mechanism in place to ensure that your use of the Software does not exceed the use limits specified for the license you have obtained. This license authorizes you to make or download such copies of the Documentation for each Client Device or seat that is licensed as are necessary for its lawful use, provided that each such copy contains all of the Documentation s proprietary notices. 1.3 Volume Licenses. If the Software is licensed with volume license terms specified in the applicable product invoicing or packaging for the Software, you may make, use or install as many additional copies of the Software on the number of Client Devices as the volume license terms specify. You must have reasonable mechanisms in place to ensure that the number of Client Devices on which the Software has been installed does not exceed the number of licenses you have obtained. This license authorizes you to make or download one copy of the Documentation for each additional copy authorized by the volume license, provided that each such copy contains all of the Document's proprietary notices. 2. Duration. This Agreement is effective for the period specified in the Key File (the unique file which is required to fully enable the Software, please see Help/ about Software or Software about, for Unix/Linux version of the Software see the notification about expiration date of the Key File) unless and until earlier terminated as set forth herein. This Agreement will terminate automatically if you fail to comply with any of the conditions, limitations or other requirements described herein. Upon any termination or expiration of this Agreement, you must immediately destroy all copies of the Software and the Documentation. You

128 128 Kaspersky SMTP-Gateway 5.5 for Linux/Unix may terminate this Agreement at any point by destroying all copies of the Software and the Documentation. 3. Support. (i) Kaspersky Lab will provide you with the support services ("Support Services") as defined below for a period of one year following: (a) Payment of its then current support charge, and: (b) Successful completion of the Support Services Subscription Form as provided to you with this Agreement or as available on the Kaspersky Lab website, which will require you to produce the Key Identification File which will have been provided to you by Kaspersky Lab with this Agreement. It shall be at the absolute discretion of Kaspersky Lab whether or not you have satisfied this condition for the provision of Support Services. (ii) Support Services will terminate unless renewed annually by payment of the then-current annual support charge and by successful completion of the Support Services Subscription Form again. (iii) By completion of the Support Services Subscription Form you consent to the terms of the Kaspersky Lab Privacy Policy, which is deposited on ww.kaspersky.com/privacy, and you explicitly consent to the transfer of data to other countries outside your own as set out in the Privacy Policy. (iv) "Support Services" means: (a) Daily updates of the anti-virus database; (b) Free software updates, including version upgrades; (c) Extended technical support via and phone hotline provided by Vendor and/or Reseller; (d) Virus detection and disinfection updates 24 hours per day. 4. Ownership Rights. The Software is protected by copyright laws. Kaspersky Lab and its suppliers own and retain all rights, titles and interests in and to the Software, including all copyrights, patents, trademarks and other intellectual property rights therein. Your possession, installation, or use of the Software does not transfer any title to the intellectual property in the Software to you, and you will not acquire any rights to the Software except as expressly set forth in this Agreement. 5. Confidentiality. You agree that the Software and the Documentation, including the specific design and structure of individual programs and the Key Identification File, constitute confidential proprietary information of Kaspersky Lab. You shall not disclose, provide, or otherwise make available such confidential information in any form to any third party without the prior written consent of Kaspersky Lab. You shall implement reasonable security measures to protect such confidential information, but without limitation to the foregoing shall use best endeavours to maintain the security of the Key Identification File.

129 Appendix C Limited Warranty. (i) Kaspersky Lab warrants that for six (6) months from first download or installation the Software purchased on a physical medium will perform substantially in accordance with the functionality described in the Documentation when operated properly and in the manner specified in the Documentation. (ii) You accept all responsibility for the selection of this Software to meet your requirements. Kaspersky Lab does not warrant that the Software and/or the Documentation will be suitable for such requirements nor that any use will be uninterrupted or error free. (iii) Kaspersky Lab does not warrant that this Software identifies all known viruses, nor that the Software will not occasionally erroneously report a virus in a title not infected by that virus. (iv) Your sole remedy and the entire liability of Kaspersky Lab for breach of the warranty at paragraph (i) will be at Kaspersky Lab option, to repair, replace or refund of the Software if reported to Kaspersky Lab or its designee during the warranty period. You shall provide all information as may be reasonably necessary to assist the Supplier in resolving the defective item. (v) The warranty in (i) shall not apply if you (a) make or cause to be made any modifications to this Software without the consent of Kaspersky Lab, (b) use the Software in a manner for which it was not intended, or (c) use the Software other than as permitted under this Agreement. (vi) The warranties and conditions stated in this Agreement are in lieu of all other conditions, warranties or other terms concerning the supply or purported supply of, failure to supply or delay in supplying the Software or the Documentation which might but for this paragraph (vi) have effect between the Kaspersky Lab and you or would otherwise be implied into or incorporated into this Agreement or any collateral contract, whether by statute, common law or otherwise, all of which are hereby excluded (including, without limitation, the implied conditions, warranties or other terms as to satisfactory quality, fitness for purpose or as to the use of reasonable skill and care). 7. Limitation of Liability. (i) Nothing in this Agreement shall exclude or limit Kaspersky Lab's liability for (a) the tort of deceit, (b) death or personal injury caused by its breach of a common law duty of care or any negligent breach of a term of this Agreement, or (c) any other liability which cannot be excluded by law. (ii) Subject to paragraph (i) above, the Supplier shall bear no liability (whether in contract, tort, restitution or otherwise) for any of the following losses or damage (whether such losses or damage were foreseen, foreseeable, known or otherwise): (a) Loss of revenue; (b) Loss of actual or anticipated profits (including for loss of profits on contracts); (c) Loss of the use of money;

130 130 Kaspersky SMTP-Gateway 5.5 for Linux/Unix (d) Loss of anticipated savings; (e) Loss of business; (f) Loss of opportunity; (g) Loss of goodwill; (h) Loss of reputation; (i) Loss of, damage to or corruption of data, or: (j) Any indirect or consequential loss or damage howsoever caused (including, for the avoidance of doubt, where such loss or damage is of the type specified in paragraphs (ii), (a) to (ii), (i). (iii) Subject to paragraph (i), the liability of Kaspersky Lab (whether in contract, tort, restitution or otherwise) arising out of or in connection with the supply of the Software shall in no circumstances exceed a sum equal to the amount equally paid by you for the Software. 8. (i) This Agreement contains the entire understanding between the parties with respect to the subject matter hereof and supersedes all and any prior understandings, undertakings and promises between you and Kaspersky Lab, whether oral or in writing, which have been given or may be implied from anything written or said in negotiations between us or our representatives prior to this Agreement and all prior agreements between the parties relating to the matters aforesaid shall cease to have effect as from the Effective Date. Save as provided in paragraphs (ii) - (iii) below, you shall not have any remedy in respect of an untrue statement made to you upon which you relied in entering into this Agreement ("Misrepresentation") and Kaspersky Lab shall not have any liability to the other than pursuant to the express terms of this Agreement. (ii) Nothing in this Agreement shall exclude or limit Kaspersky Lab's liability for any Misrepresentation made thereby if aware that it was untrue. (iii) The liability of Kaspersky Lab for Misrepresentation as a fundamental matter, including a matter fundamental to the maker's ability to perform its obligations under this Agreement, shall be subject to the limitation of liability set out in paragraph 7(iii).