KASPERSKY LAB. Kaspersky SMTP-Gateway 5.5 for Linux/Unix ADMINISTRATOR S GUIDE

Transcription

1 KASPERSKY LAB Kaspersky SMTP-Gateway 5.5 for Linux/Unix ADMINISTRATOR S GUIDE

2 KASPERSKY SMTP-GATEWAY 5.5 FOR LINUX/UNIX Administrator s Guide Kaspersky Lab Revision date: July 2005

3 Contents CHAPTER 1. KASPERSKY SMTP-GATEWAY 5.5 FOR LINUX/UNIX What s new in version Licensing policy Hardware and software requirements Distribution kit Help desk for registered users Conventions CHAPTER 2. APPLICATION STRUCTURE AND TYPICAL DEPLOYMENT SCENARIOS Application architecture The algorithm of application functioning Typical deployment scenarios Installing the application along corporate network perimeter Installing the application inside your mail system CHAPTER 3. INSTALLING THE APPLICATION Installing the application on a server running Linux Installing the application on a server running FreeBSD Installation procedure Step 1. Preparing the system Step 2. Copying application files to destination directories on your server Step 3. Post-installation tasks Configuring the application Installing the Webmin module to manage Kaspersky SMTP-Gateway CHAPTER 4. USING THE APPLICATION Updating the anti-virus databases Automatic updating of the anti-virus databases Manual updating of the anti-virus databases Creating a shared directory for storing and sharing database updates Anti-virus protection of traffic... 31

4 4 Kaspersky SMTP-Gateway 5.5 for Linux/Unix Creating groups of recipients/senders General message processing algorithm Main tasks Deliver messages without changes Delivery of clean or disinfected messages only Removing infected attachments Replacement of infected attachments with standard notifications Additional tasks Block delivery of messages to recipients Deliver infected messages Delivery of notifications to the sender, administrator and recipients Additional filtering of objects by name and type Backing up (quarantine, backup storage) Automatically add incoming and outgoing mail to archives Protection from hacker attacks and spam Managing license keys Viewing information about license keys Renewing your license Removing a license key CHAPTER 5. ADVANCED APPLICATION SETTINGS Configuring anti-virus protection of mail traffic Scanning and disinfecting messages Using the ichecker technology Setting up application timeouts Setting performance restrictions Setting up connection receiving interfaces Setting up the routing table Checking the configuration file syntax Syntax check in notification templates Work with backup storage and the quarantine directory Management of application working queue Managing the application Control of application activity Customizing date and time formats Reporting options Additional informational header fields in messages... 66

5 Contents 5 CHAPTER 6. TESTING APPLICATION OPERABILITY Testing the application using Telnet Testing the application using EICAR CHAPTER 7. UNINSTALLING THE APPLICATION CHAPTER 8. FREQUENTLY ASKED QUESTIONS APPENDIX A. SUPPLEMENTARY INFORMATION ABOUT THE PRODUCT 78 A.1. Distribution of the application files in directories A.2. Kaspersky SMTP-Gateway configuration file A.3. Use of external configuration files A.4. Control signals for the smtpgw component A.5. Control files A.6. Application statistics A.7. Command line options for the smtpgw component A.8. Smtpgw return codes A.9. Command line options for licensemanager A.10. Licensemanager return codes A.11. Keepup2date command line options A.12. Keepup2date return codes A.13. Format of messages about template syntax check-up A.14. Return codes for the kltlv utility A.15. Command line options of the klmailq utility A.16. Command line options for the klmaila utility A.17. Return codes for the klmaila and klmailq utilities A.18. Format of messages about anti-virus scanning A.19. Notifications about actions applied to the message APPENDIX B. KASPERSKY LAB B.1. Other Kaspersky Lab Products B.2. Contact Us APPENDIX C. LICENSE AGREEMENT

6 CHAPTER 1. KASPERSKY SMTP-GATEWAY 5.5 FOR LINUX/UNIX Kaspersky SMTP-Gateway for Linux/Unix (hereinafter referred to as Kaspersky SMTP-Gateway or the application) is designed for anti-virus processing of SMTP mail traffic. The application is a full-featured mail relay (compliant with IETF RFC internet standards) that runs under Linux, FreeBSD and OpenBSD operating systems. The application allows the user to: Scan messages for viruses. Detect infected, suspicious, corrupted, and password-protected attachments and message bodies. Perform anti-virus processing (including disinfection) of infected objects revealed in messages by scanning. Provide additional traffic filtering by names, MIME types of attachments, and apply certain processing rules to the filtered objects. Maintain archives of all messages sent and/or received by the application, if this is required by the internal security policy of the company. Use the technology of DNS black lists (RBL) to filter spam. Compose "white" and "black" lists of senders/recipients for use by the application while processing traffic. Enable restrictions for SMTP connections providing protection against hacking attacks and preventing application use as an open mail relay for unsolicited messages. Limit the load on your server by configuring the application settings and SMTP parameters. Notify senders, recipients, and the administrator about messages containing infected, suspicious, or corrupted objects. Quarantine messages identified as spam or probable spam as well as messages containing infected, suspicious, corrupted or passwordprotected objects.

7 Kaspersky SMTP-Gateway 5.5 for Linux/Unix 7 Update the anti-virus databases. The application retrieves updates from the update servers of Kaspersky Lab. The application detects and cures infected objects using the anti-virus databases. During scans, the contents of each file are compared to the sample code of known viruses contained in the database. Please keep in mind that new viruses appear every day and therefore we recommend maintaining the anti-virus databases in an up-to-date state. New updates are made available on Kaspersky Lab update servers every hour. Configure and manage Kaspersky SMTP-Gateway either from a remote location using Webmin web-based interface, or locally, using standard OS tools such as command line options, signals, by creating special command files or by modifying the configuration file of the application. Monitor the anti-virus protection and view the statistics and application logs What s new in version 5.5 Version 5.5 of Kaspersky SMTP-Gateway has been enhanced with the following additional features as compared with version 5.0: Access and routing rules are defined based not only on domain masks, but on recipients address masks also. External files can be included into main configuration file. By administrator s request the application can append to messages (as an extension header field) information about their scan status, antivirus software version, and the date of the anti-virus databases used for scanning. By administrator s request, the application can append to messages a disclaimer text generated according to a template defined by the administrator. Different disclaimer messages may be specified for various groups of recipients. Application working queue management (queue reviewing, message removal from queue, scanning and sending a specified message ahead of the general queue). Management of messages moved to quarantine, backup storage and to archives of received and sent messages (attribute reviewing, message removal, sending the isolated messages to their original recipients). An opportunity to restrict the application working queue size.

8 8 Kaspersky SMTP-Gateway 5.5 for Linux/Unix Support of the DNS Black List technology, an internal client for the DNS service. Monitoring of application status (watсhdog process). Checking the syntax of the application configuration file and notification templates Licensing policy The licensing policy for Kaspersky SMTP-Gateway includes a system of product use limitations based on the following criteria: Number of users protected by the application traffic processed daily (MB/day). Each type of licensing is also limited by a certain period (typically one year or two years after the date of purchase). You can purchase a license limited by one of the above criteria (for example, by the daily mail traffic volume). The application has slightly different configuration parameters, depending on the type of license you have purchased. Thus, if the license is issued for a certain number of users, you will have to create a list of addresses (domains) that will be protected by the application against viruses. The application will notify the administrator when the traffic volume reaches critical values or the number of protected accounts is exceeded and hence the license is about to expire Hardware and software requirements Minimum system requirements for normal operation of Kaspersky SMTP- Gateway are as follows: Intel Pentium processor (Pentium III or Pentium 4 recommended). At least 128 МB of available RAM. At least 100 MB of available space on your hard drive to install the application.

9 Kaspersky SMTP-Gateway 5.5 for Linux/Unix 9 Please note that the application working queue, quarantine directory, and archives of incoming and outgoing are not included in the hard disk space required. If your network security policy requires the use of the above features, additional disk space will be needed. at least 500 MB of available space in the /tmp file system. One of the following operating systems: Red Hat Enterprise Linux Advanced Server 3 Red Hat Linux 9.0 Fedora Core 3 SuSe Linux Enterprise Server 9.0 SuSe Linux Professional 9.2 Debian GNU/Linux 3.0r3 Mandrake Linux 10.1 FreeBSD 4.10 or 5.3 OpenBSD 3.6. Perl interpreter, version 5.0 or higher ( and the which utility to install the application. Webmin version or higher ( to install the remote administration module Distribution kit You can purchase the product either from our dealers (retail box) or at one of our online stores (for example, follow the E-store link). The retail box contains: sealed envelope containing the installation CD with the product a copy of this Administrator s Guide license key file bundled with the distribution package or recorded to a special floppy disk License Agreement.

10 10 Kaspersky SMTP-Gateway 5.5 for Linux/Unix Before you unseal the envelope containing the CD, make sure you have carefully read the License Agreement. If you purchase our application online, you will download it from Kaspersky Lab's website; the copy also contains this manual. Your license key is either included in the installation package or will be sent to you by after payment. The License Agreement constitutes a legal agreement between you and Kaspersky Lab containing the terms and conditions under which you may use the purchased software. Please review the License Agreement carefully! If you do not agree to the terms of the License Agreement, you may return the box containing the software product to your dealer where you have purchased it for a full refund provided that the envelope with the installation CD has not been unsealed. By opening the sealed envelope containing the installation CD, or by installing the application, you confirm that you have accepted all the terms and conditions of the License Agreement Help desk for registered users Kaspersky Lab offers an extensive service package enabling registered customers to boost the productivity of Kaspersky SMTP-Gateway. If you purchase a license you will be provided with the following services for the licensed period: new versions of this software product provided free of charge phone or support on matters related to the installation, configuration, and operation of the product you have purchased notifications about new software products from Kaspersky Lab, and about new virus outbreaks. This service is provided to users who have subscribed to the Kaspersky Lab newsletter service. Kaspersky Lab does not give advice on the performance and use of your operating system or other technologies.

11 Kaspersky SMTP-Gateway 5.5 for Linux/Unix Conventions Various formatting conventions are used throughout the text of this document depending on the purpose of a particular element. The table below lists the formatting conventions used. Style Meaning Bold type Menu titles, menu items, window titles, parts of dialog boxes, etc. Note. Additional information, notes. Attention! In order to perform the action, 1. Step Task, example Solution [key] key purpose. Text of information messages and the command line Information requiring special attention. Procedure description for user's steps and possible actions. Statement of a problem, example for using the software features. Solution to a defined problem. Command line keys. Text of configuration files, information messages and the command line.

12 CHAPTER 2. APPLICATION STRUCTURE AND TYPICAL DEPLOYMENT SCENARIOS Correct application setup and its efficient operation require knowledge of its structure and internal algorithms. It is also important for application deployment within an existing corporate system. This chapter contains a detailed discussion of the application s structure, architecture and operating principles as well as typical scenarios of its deployment Application architecture The review of the application functionality must be preceded by a description of its internal architecture. Kaspersky SMTP-Gateway is a full-featured Mail Transfer Agent (MTA) able to receive and route traffic scanning messages for viruses. Kaspersky SMTP-Gateway uses SMTP protocol commands (RFC 2821), Internet message format (RFC 2822), MIME format (RFC , 2231, 2646), and satisfies the requirements to mail relays (RFC 1123). In compliance with antispam recommendations (RFC 2505 standard), the application employs access control rules for SMTP clients to prevent the use of this application as an open relay. In addition, Kaspersky SMTP-Gateway supports the following SMTP protocol extensions: Pipelining enhances performance of servers supporting this mode of operation (RFC 2920). 8-bit MIME Transport processes national language characters code tables (RFC 1652). Enhanced Error Codes provides more informative explanations of protocol errors (RFC 2034). DSN (Delivery Status Notifications) decreases bandwidth usage and provides more reliable diagnostics (RFC 1891, ). SMTP Message Size decreases the load and increases transfer rate (RFC 1870).

13 Application structure and typical deployment scenarios 13 RFC documents mentioned above are available at: The application includes the following components: smtpgw the main component a full-featured mail relay with built-in anti-virus protection. licensemanager component for managing license keys (installation, removal, viewing statistics). keepup2date component that updates the anti-virus databases by downloading the updates from the Kaspersky Lab s update servers or a local directory. Webmin module for remote administration of the application using a web-based interface (optional installation). This component allows the user to configure and manage the anti-virus database updates, specify actions to be performed on the objects depending on their status and monitor the results of the application s operation. The smtpgw component (see Fig.1), in its turn, consists of the following modules: Receiver (incoming mail receiver), Sender (module for sending scanned messages), and AV module (module implementing the anti-virus scanning and processing. Figure 1. General architecture of Kaspersky SMTP-Gateway 2.2. The algorithm of application functioning The application works as follows (see Fig. 2): 1. The mail agent receives messages via the SMTP protocol and passes them to the Receiver module.

14 14 Kaspersky SMTP-Gateway 5.5 for Linux/Unix Figure 2. The structure of Kaspersky SMTP-Gateway 2. The Receiver module performs preliminary processing using the following criteria: presence of the sender s IP address in the list of blocked and/or trusted addresses including masks compliance with the access restrictions specified for SMTP connections (see section 4.3 on p. 46) compliance of the message size (as well as the mail session in general and the total number of messages within the session) with the limits specified in the application settings compliance of the number of open sessions (both from all IP addresses and a single IP address) with the limits specified in the application settings. If the message satisfies the preliminary processing requirements, it is sent to the working queue to be processed by the AV module. 3. The application disassembles each message received from the working queue into individual components and passes them to the AV module for analysis. 4. The AV module scans the objects and, if this option is enabled, disinfects them, when necessary. 5. The application handles messages according to the status assigned to each object during after the anti-virus scan (blocks message delivery, deletes infected objects, replaces the original infected objects with disinfected ones, adds messages to the quarantine directory, etc.). 6. If saving a backup copy in the backup storage or in the quarantine is specified as the action to be performed on a message, the copy of the scanned message will be saved in the backup storage or in the quarantine concurrently with sending it to the ready-to-send queue (depending on the message status).

15 Application structure and typical deployment scenarios 15 Message addition to backup or quarantine directory does not block its delivery to the recipient. If you want to prevent its delivery to end recipients, you have to specify an additional action blocking it. 7. The Sender module receives each message from the ready-to-send queue and transfers it via the SMTP protocol to the onward mail agent to be delivered to local end users or rerouted to other mail servers. 8. If your network security policy requires logging of all outgoing traffic, a copy of each message will be automatically saved to the archive of sent messages (see Fig. 3). Figure 3. Saving messages to the archives of incoming/outgoing mail Typical deployment scenarios Depending upon the network architecture, the following options for installation of Kaspersky SMTP-Gateway are possible: Install the application at the network perimeter on the same computer with your mail system (recommended for Sendmail, Postfix and Exim mail systems). Install the application at the network perimeter on a dedicated server to operate as an anti-virus filter (recommended for Sendmail, Postfix and Exim mail systems). Install the application inside your existing mail system on the same computer. Install the application inside your mail system on a dedicated server to operate as an anti-virus filter. The sections below discuss in detail the above scenarios and describe their advantages.

16 16 Kaspersky SMTP-Gateway 5.5 for Linux/Unix The application, being a mail relay, does not include a local mail delivery agent (MDA). Therefore, no matter which of the deployment scenarios is used, a mail system (or mail systems) that delivers messages to the local users within the protected domains is required! Installing the application along corporate network perimeter The main advantage of this option is that it improves the overall performance of your mail system because it minimizes the number of transfer cycles for messages. In this case the existing corporate mail server has no connection to the Internet; that means additional protection of your data. Moreover, demilitarized zones (DMZ) may be set up. To install the application and the mail system on the same server, the following algorithm is provided to ensure their joint operation: 1. Configure all interfaces of Kaspersky SMTP-Gateway to listen on port 25 for incoming traffic from all IP addresses matching the relevant MX records for the protected domain. 2. The application will scan traffic and then transfer the processed messages to the corporate mail system via a different port (e.g., 1025). You have to set up restrictions for the mail transfer agent (MTA) receiving mail from Kaspersky SMTP-Gateway via port 1025 so that it accepts messages exclusively from Kaspersky SMTP-Gateway. Otherwise, there will be an opportunity to bypass the protection with a connection established directly from external network through port The mail system, configured to use a local interface, will deliver messages to users. The following steps are to be followed in order to install the application and the mail system on the same server: Configure the application for mail receipt via port 25 on all network interfaces of the server. In order to do this, specify the following value in the [smtpgw.network] section of the configuration file: ListenOn= :25

17 Application structure and typical deployment scenarios 17 Specify in the routing table transfer of all scanned messages to the mail system via port In order to do this, specify the following value in the [smtpgw.forward] section of the application configuration file: [host:1025] where: is the mask for recipient addresses host name of the your corporate mail server. Change the settings of the existing mail system for receiving messages from the application via port This will ensure receipt of all incoming mail messages and delivery of these messages to the local users within the protected domains of the company. Set up the existing mail system to transfer all messages it receives to the application via port 25. This will ensure anti-virus scanning of all outgoing mail messages from the local users. Specify the list of all corporate local domains as a value for the ProtectedDomains option in the [smtpgw.network] section of the application configuration file ("*" and "?" wildcards can be used). Mail messages for the specified domains will be scanned. Application configuration for this deployment scenario will be implemented by default during the installation process. The operation algorithm of the application, when the latter is installed on a dedicated server, is identical to its operation on the same server with an system, but the settings for this scenario will differ. IP address of the server, where the application is installed must be included in MX records corresponding to the protected domain. In order to install the application on a dedicated server: Configure the application for mail receipt via port 25 on all network interfaces of the server. In order to do this, specify the following value in the [smtpgw.network] section of the application configuration file: ListenOn= :25 Specify in the routing table transfer of all scanned messages to the mail system via port 25. In order to do this, specify the following value in the [smtpgw.forward] section of the application configuration file: ForwardRoute=*@company.com [host:25] where: *@company.com is the mask for recipient addresses host name of the your corporate mail server.

18 18 Kaspersky SMTP-Gateway 5.5 for Linux/Unix Specify the list of all corporate local domains as a value for the ProtectedDomains option in the [smtpgw.network] section of the application configuration file ("*" and "?" wildcards can be used). Mail messages for the specified domains will be scanned. This deployment scenario is the most convenient one, especially if the installation of Kaspersky SMTP-Gateway is performed at the same time with the deployment of the network and of the company s mail system Installing the application inside your mail system If the application is installed inside your mail system, there is no access from outside to the information about the application running on the server and its configuration. Besides, if the application is installed inside the mail system on a dedicated server, this provides for the possibility to distribute the load among several servers performing anti-virus scanning. The following algorithm is provided for joint operation of the application and the mail system installed on the same server: 1. Duplicate your mail system and configure one of the copies to listen on port 25 and receive messages via all available interfaces. 2. This mail system forwards all incoming messages through the local interface via a different port (port 1025, for instance) to the application for anti-virus scanning. 3. The application scans the messages for viruses and forwards scanned and processed messages to the second mail system copy, which receives mail on a different port (e.g., port 1026). 4. The second mail system delivers to the local users. This deployment scenario is recommended if you are sure of the reliability of your mail system. The installation of the application will not affect the stability of your mail system. Application setup on a dedicated server is similar to the above procedure. Besides, when installing the application on a dedicated server, you can create and run several copies of the application on different servers. This can help you distribute the anti-virus processing load among several servers. To implement this scenario of application deployment, specify the list of all corporate local domains as a value for the ProtectedDomains option in the [smtpgw.network] section of the application configuration file ("*" and "?" wildcards can be used). Mail messages for the specified domains will be scanned.

19 Application structure and typical deployment scenarios 19 Deploying Kaspersky SMTP-Gateway may require changes of the settings for the mail clients throughout the company so that all outgoing mail messages are delivered to the application, which will transfer the messages to the external network after an anti-virus scan. If the network includes installed firewalls or demilitarized zones (DMZ s), it is necessary to provide mail clients and internal and external networks servers with access to the installed application to ensure joint operation and routing of the mail traffic.

20 CHAPTER 3. INSTALLING THE APPLICATION Before installing Kaspersky SMTP-Gateway, it is necessary to: Make sure that your system meets the hardware and software requirements (see section 1.3 on p. 8). Configure your Internet connection. The application distribution package does not contain the anti-virus databases. They have to be retrieved from the update servers of Kaspersky Lab before you start using the application. Log on to the system as root or as a privileged user Installing the application on a server running Linux For servers running the Linux operating system, Kaspersky SMTP-Gateway is distributed in three different installation packages, depending on the type of your Linux distribution. You can use an rpm package to install the application under Red Hat Linux and SuSE Linux. To initiate installation of Kaspersky SMTP-Gateway from the rpm package, enter the following in the command line: # rpm i smtpgw-linux-<version_number>.i386.rpm If you are installing the application from the rpm package, after the files have been copied to your server, run the postinstall.pl script to perform post-installation configuration. By default, the postinstall.pl script is located in the /opt/kav/5.5/smtpgw/setup/ directory. In Debian Linux, the installation is performed from a deb package. To initiate installation of Kaspersky SMTP-Gateway from the deb package, enter the following command in the command line: # dpkg i smtpgw-linux-<version_number>.deb After you enter the command, the application will be installed automatically.

21 Installing the application 21 You can also use a universal distribution file for all Linux OS. Use this distribution file if your Linux version does not support the rpm or deb formats or if your administrator does not wish to use (or cannot use) a built-in package manager. The universal Kaspersky SMTP-Gateway distribution file is supplied as an archive (tar.gz). To initiate installation of Kaspersky SMTP-Gateway from the universal distribution file, do the following: 1. Copy the archive of the distribution file to a directory within the file system of your server. 2. Extract the archive using the following command: # tar zxvf smtpgw-linux-<version_number>.tar.gz The archive contains the installer and the file tree of the application files that will be extracted by the above command. 3. Run the following installation script: # cd <package_directory> #./install.sh After you enter the command, the application will be installed automatically. The procedure of application setup under Mandrake Linux distributions has some peculiarities. You might have to perform some additional actions to ensure correct functioning of the application in such systems (please see Chapter 8 on p. 72 for details) Installing the application on a server running FreeBSD The distribution file for installation of Kaspersky SMTP-Gateway on servers running FreeBSD OS is supplied as a pkg package. To initiate installation of Kaspersky SMTP-Gateway from a pkg package, enter the following in the command line, depending upon the version of your FreeBSD distribution: # pkg_add smtpgw-freebsd-4.x-<version_number>.tgz or: or: # pkg_add smtpgw-freebsd-5.x-<version_number>.tgz # pkg_add smtpgw-openbsd-3.4--<version_number>.tgz

22 22 Kaspersky SMTP-Gateway 5.5 for Linux/Unix After you enter the command, the application will be installed automatically Installation procedure Installation errors can occur for a number of reasons. If an error message is displayed, make sure that your computer satisfies the hardware and software requirements (see section 1.3 on p. 8 and that you have logged into the system as a root. To install the application on the server, follow the steps below: Step 1. Preparing the system At this stage, the system creates the system group and user account for the application. The default group is kavusers and the default user account is kavuser. In future, the application will start under this user account (not root) to provide additional security for your system. Step 2. Copying application files to destination directories on your server The installer starts copying the application files to the destination directories on your server. For a detailed description of the directories where the application files will be copied, see section A.1 on p. 78. If you installed the application from an rpm package, then you should run the postinstall.pl script (present by default in the /opt/kav/5.5/smtpgw/setup/ directory) to perform the following steps. Step 3. Post-installation tasks The post-installation configuration includes the following steps: Configuring the smtpgw component (see section 3.4 on p. 23). Installing and registering the license key. If you have no license key at the time of installation (for example, if you purchased the application via the Internet and have not received the license key yet), you can activate the application after installation before its first use. For details see section 4.4 on p. 47. Please note that if the license key is not installed, the anti-virus databases cannot be updated and the smtpgw component cannot be started during the installation process. You will have to do it manually, after the key is installed.

23 Installing the application 23 Configuring the keepup2date component. Installation (updating) of the anti-virus databases. You must install the anti-virus databases before using the application. The procedure of detecting and disinfecting viruses relies on the use of the anti-virus database records that contain description of viruses known at the moment and the methods of disinfecting these viruses. Anti-virus scanning and processing of messages cannot be performed without the anti-virus database. Installing the Webmin module. The Webmin module for remote management of the application can be installed correctly only if the Webmin application is located in the default directory. After the module is installed, you will receive detailed instructions on how to configure it to work with the application. Launching the smtpgw component. If, after installation, Kaspersky SMTP-Gateway has not started working as required, check the configuration settings. Pay special attention to the port number you specified for receiving mail traffic. You may also view the application log file. After you properly complete these steps, a corresponding message on the server console will appear as soon as the installation procedure is over Configuring the application Immediately after the files have been copied to your server, system configuration process will start. Depending on the package manager you use, the configuration process will either be started automatically or (if the package manager does not allow the use of interactive scripts, such as rpm), some additional actions will have to be performed by the administrator. All settings are stored in the smtpgw.conf file installed by default in the /etc/kav/5.5/smtpgw/ directory. If you are using the rpm installation package, enter the following command to start configuration after the files are copied to your server: # /opt/kav/5.5/smtpgw/setup/postinstall.pl The configuration procedure includes the following tasks: Setting up (by the administrator) of the server name that will be used to identify the application in the SMTP commands when creating the DSN and notifications (the Hostname parameter in the [smtpgw.network]

24 24 Kaspersky SMTP-Gateway 5.5 for Linux/Unix section). Full domain name of the server must be specified as the parameter value. Setting up the domain name that will be used to: Assign the Postmaster address ([smtpgw.network] section, Postmaster parameter) Assign the sender s return address for notifications ([smtpgw.options] section, NotifyFromAdress parameter) Define the administrator s address ([smtpgw.options] section, AdminNotifyAddress parameter) Allow incoming mail to this domain ([smtpgw.options] section, RelayRule parameter). Defining the interface and port to listen to the incoming traffic ([smtpgw.network] section, ListenOn parameter). Type the port name and the IP address in the <x.x.x.x:z> format, where: x.x.x.x is the IP address, and z is the port number. Specifying local network identifiers ([smtpgw.access] section, RelayRule parameter). This value is used to assign rules for message delivery and processing, for example, rules specific for your organization concerning mail processing, or blocking messages from specified domains, etc. Enter the values using the following formats: <x.x.x.x> or <x.x.x.x/y.y.y.y>, or <x.x.x.x/y>,where: x.x.x.x is the IP address, and y.y.y.y or y is the subnet mask. Specifying (when necessary) the server to which all processed messages will be forwarded ([smtpgw.forward] section, the ForwardRoute parameter). Type the host name in the format: <x.x.x.x:z>, where: x.x.x.x is the IP address, and z is the port number. Specifying the proxy server name ([updater.options] section, ProxyAddress parameter). This option is necessary for computers connected to the Internet via a proxy server. Modifying the application configuration file. If all the above steps have been successfully completed, the configuration file will contain all settings that are required to start working with the application.

25 Installing the application 25 After the system is installed and configured, it is recommended that you check the settings for Kaspersky SMTP-Gateway and test its performance. For more details, see Chapter 6 on p Installing the Webmin module to manage Kaspersky SMTP- Gateway The activity of Kaspersky SMTP-Gateway can be controlled remotely via a web browser using Webmin. Webmin is a program, which simplifies administration of Linux/Unix systems. The software is based on modular structure and supports connection of new modules as well as development of your own customized ones. You can obtain additional information about Webmin and download its distribution package from the official program web site at: If the default settings have been used, then you can access Webmin from your web browser using HTTP / HTTPS to connect to port as soon as the program installation is finished. In order to install the Webmin module to control Kaspersky SMTP- Gateway: 1. Use your web browser to access Webmin with the privileges of its administrator. 2. Select the Webmin Configuration tab in the program menu, and then proceed to the Webmin Modules section. 3. Select the From Local File option in the Install Module section and click (see Figure 4).

26 26 Kaspersky SMTP-Gateway 5.5 for Linux/Unix Figure 4. Install Module section 4. Enter the path to the Webmin module of the product and click ОК. Webmin module is located in the kavsmtpgw.wbm file installed by default to the /opt/kav/5.5/smtpgw/setup/ directory (in Linux distributions) or the /usr/local/share/kav/5.5/smtpgw/setup directory (for FreeBSD and OpenBSD distributions). If the Webmin module is installed successfully, you will see a corresponding message on the display. You can access the settings of Kaspersky SMTP-Gateway by clicking its icon within the Others tab (see Figure 5). Figure 5. The icon of Kaspersky SMTP-Gateway in the Others tab

27 CHAPTER 4. USING THE APPLICATION Using Kaspersky SMTP-Gateway, you can build a comprehensive anti-virus protection system for messages transferred through the mail server of your organization. The anti-virus protection system is based on the performance of tasks that represent major functionality of the application. The tasks implemented by Kaspersky SMTP-Gateway may be divided into three major groups: 1. Updates of the databases used for anti-virus scanning and disinfection of objects. 2. Anti-virus protection of traffic. Each of the above groups includes more specific tasks. In this chapter, we will discuss the most typical tasks that the administrator can combine and enhance depending on the needs of his/her organization. This guide contains a description of how to locally configure and start tasks from the command line. Issues related to starting and managing tasks from remote computers using the Webmin application are not discussed in this document. In all examples below, it is assumed that the administrator has completed all required post-installation tasks and the application operates correctly Updating the anti-virus databases Kaspersky SMTP-Gateway uses the anti-virus databases during scanning of traffic and disinfection of infected objects; they contain descriptions of all currently known viruses and the methods of disinfection for objects affected by those viruses. The keepup2date component is included into Kaspersky SMTP-Gateway to provide for software updates. The updates are retrieved from the update servers of Kaspersky Lab, e.g.:

28 28 Kaspersky SMTP-Gateway 5.5 for Linux/Unix ftp://downloads1.kaspersky-labs.com/ etc. The updcfg.xml file included in the installation package lists the URLs of all available update servers. The keepup2date component supports NTLM and Basic authentication for connections through a proxy server. To update the anti-virus databases, the keepup2date component selects an address from the list of update servers and tries to download updates from that server. If the server is currently unavailable, the application connects to another server, trying to download updates. After a successful update, a command specified as the value of the PostUpdateCmd parameter in the [updater.options] section of the configuration file will be executed. By default, this command will automatically restart the application. The restart is necessary to make the application use the updated databases. Incorrect modification of that parameter may prevent the application from using the updated databases or even stop its functioning altogether. All settings of the keepup2date component are stored in the [updater.*] sections of the configuration file. If your network has a complicated structure, we recommend that you download updates from Kaspersky Lab s update servers every hour and place them in a network directory. To keep other networked computers constantly updated, configure the local computers to copy the updates from that directory. For detailed instructions on how to implement this updating scenario, see section on p. 30. We strongly recommend that you set up the keepup2date component to update the databases every hour! The updating process can be scheduled to run automatically using the cron utility (see section on p. 29) or started manually from the command line by the administrator (see section on p. 29). Starting the keepup2date component requires root user privileges. All Kaspersky Lab s applications that include keepup2date can be automatically updated by the component. Task: view the list of all Kaspersky Lab s applications that can be updated. Solution: in order to perform this task, enter in the command line: # keepup2date i

29 Using the application 29 This will print to the screen a list of all Kaspersky Lab applications including the keepup2date component, with their Application IDs Automatic updating of the anti-virus databases You can schedule regular automatic updates for the anti-virus databases using the cron utility. Task: Configure the application to update automatically your anti-virus databases every hour. An update server should be selected from the updcfg.xml file by default. Only errors occurring in the component operation should be recorded in the system log. Keep a general log of all task starts. Output no information to the console. Solution: to perform the above task, do the following: 1. In the application configuration file, specify the following values for the parameters below: [updater.options] KeepSilent=true [updater.report] Append=true ReportLevel=1 2. Edit the file that sets the rules for the cron process (crontab e) by entering the following string for the root user (or any other privileged user), add the following line: In Linux: 0 * * * * /opt/kav/5.5/smtpgw/bin/keepup2date In FreeBSD: 0 * * * * /usr/local/share/kav/5.5/smtpgw/bin/keepup2date Manual updating of the anti-virus databases You can start updating your anti-virus databases from the command line at any time.

30 30 Kaspersky SMTP-Gateway 5.5 for Linux/Unix Task: start updating of the anti-virus databases, save updating results in the /tmp/updatesreport.log file. Solution: to accomplish the task, log in as the root (or any other privileged user) and enter in the command line: # keepup2date l /tmp/updatesreport.log If you need to update the anti-virus databases on several servers, it may be more convenient to download the updates from an update server once, save them to a shared directory, and then update the databases on other computers from that directory. Please see section on p. 30 for details related to creation of a shared directory for updates. Task: start the updating of the anti-virus databases from the /home/kavuser/bases shared directory. If the directory is inaccessible or empty, update the databases from Kaspersky Lab s update servers. Save the results to the /tmp/updatesreport.log file. Solution: to accomplish the task, log in as the root (or any other privileged user) and do the following: 1. Mount the network directory containing the database updates to the /home/kavuser/bases local directory. 2. In the application configuration file, specify the following values for the parameters below: [updater.options] UpdateServerUrl=/home/kavuser/bases UseUpdateServerUrl=true UseUpdateServerUrlOnly=false 3. Enter the following in the command line: # keepup2date l /tmp/updatesreport.log You can accomplish these or similar tasks remotely using the Webmin remote administration module Creating a shared directory for storing and sharing database updates To update the anti-virus databases correctly on local computers from the shared directory, you need to reproduce in that directory a file structure that is similar to

31 Using the application 31 that of Kaspersky Lab s update servers. This is a complicated task that deserves a detailed explanation. Task: create a shared local directory, from which the local computers will update their anti-virus databases. Solution: to accomplish the task, log in as the root (or any other privileged user) and do the following: 1. Create a local directory. 2. Run the keepup2date component as follows: # keepup2date u <rdir> where <rdir> is the full path to the directory created. 3. Provide reading access to that directory for local computers on your network Anti-virus protection of traffic Anti-virus protection of mail traffic is the main task of Kaspersky SMTP-Gateway. The application is used to guard users against infected messages, and to deliver only clean or disinfected messages, along with information on scanning results for every message. Additional filtration of messages by names and attachment types decreases the load on the server when scanning traffic for viruses. This represents only a part of the application s functionality. There is an extended discussion of the application s functionality below, in the sections describing specific protection tasks. All smtpgw settings are located in the [smtpgw.*] sections of the application configuration file Creating groups of recipients/senders Recipients/Senders group is defined as pairs of recipient/sender addresses. A particular message may be assigned to a particular group

32 32 Kaspersky SMTP-Gateway 5.5 for Linux/Unix depending on whether this group contains both the sender s and the recipient s addresses present in the MAIL FROM and RCPT TO commands. The administrator can specify individual rules for processing of each mail message depending on the group of recipients/senders. Therefore, it is particularly important that the addresses must be associated with a correct group. While processing a message, the application searches through the list of addresses for each specific group. If it finds a matching combination of the sender/recipient addresses, the rules defined for this group will be applied to the message. The anti-virus functionality of Kaspersky SMTP-Gateway depends on the configuration file settings. You can make configuration changes to the file either locally or remotely (using the Webmin remote administration module). The configuration file contains the [smtpgw.policy] section that implicitly defines the policy group, which determines the default rules for processing of messages. All parameters specified in that section and the section itself are mandatory. The [smtpgw.policy] section does not contain the names of senders and recipients. Rules defined in [smtpgw.policy] are applied to all messages, except for those belonging to other groups explicitly described as [smtpgw.group:group_name] sections. All parameters in [smtpgw.group:group_name] sections are optional. If a parameter value in such section is not specified, it will be taken from an identical option in the [smtpgw.policy] section. If the configuration file included into the application installation package is used, then the mail messages will be processed according to the following rules (defined by the policy group): Scan all mail messages for viruses. Deliver only clean messages to the recipients. Block delivery for messages containing infected, suspicious, passwordprotected objects and objects, which caused errors during their analysis. Notify recipients and the administrator about infected, disinfected, suspicious, protected or filtered objects in messages and the objects, which caused errors during their analysis. You can change the parameters of the policy group or create new groups. If you would like to process messages belonging to different groups of recipients/senders using different rules, you will have to create several groups.

33 Using the application 33 To create a new group of user addresses, 1. Create section [smtpgw.group:group_name] in the configuration file. 2. Specify sender and recipient addresses as the values of Senders and Recipients parameters (masks of addresses). To define masks, you can use the "*" and "?" wildcards. If you do not define the Recipients OR Senders parameters, the default value will be "*@*" At least one of the Senders or Recipients parameters must be specified. If you have added other groups to the configuration file, the application will process messages from these groups as follows: 1. The application first compares the message address(es) with addresses in the groups created by the administrator. If the recipient/senders addresses pair is found in a specific group, the rules defined for that group will be applied to the message. If a sender/recipient address fits the address ranges of several groups, the application will use the rules for the first of those groups. 2. If the message addresses do not match any group, created by the administrator, the message will be processed according to the rules described in the [smtpgw.policy] section. If a message has several recipients belonging to different groups, virtual copies of the initial message will be created to match the number of such groups. Each copy will be processed individually according to the rules specified by the particular group. Figure 6 demonstrates the sequence of actions applied by Kaspersky SMTP- Gateway to a received message.