KASPERSKY LAB Kaspersky® SMTP-Gateway 5.
KASPERSKY® SMTP-GATEWAY 5.5 FOR LINUX/UNIX Administrator’s Guide © Kaspersky Lab http://www.kaspersky.
Contents CHAPTER 1. KASPERSKY® SMTP-GATEWAY 5.5 FOR LINUX/UNIX...................... 6 1.1. What’s new in version 5.5 ..................................................................................... 7 1.2. Licensing policy ..................................................................................................... 8 1.3. Hardware and software requirements .................................................................. 8 1.4. Distribution kit .................................................
Kaspersky® SMTP-Gateway 5.5 for Linux/Unix 4.2.1. Creating groups of recipients/senders ......................................................... 31 4.2.2. General message processing algorithm ...................................................... 34 4.2.3. Main tasks..................................................................................................... 36 4.2.3.1. Deliver messages without changes ...................................................... 36 4.2.3.2.
Contents 5 CHAPTER 6. TESTING APPLICATION OPERABILITY ............................................. 67 6.1. Testing the application using Telnet ................................................................... 67 6.2. Testing the application using EICAR .................................................................. 69 CHAPTER 7. UNINSTALLING THE APPLICATION ................................................... 71 CHAPTER 8. FREQUENTLY ASKED QUESTIONS...................................................
CHAPTER 1. KASPERSKY® SMTP-GATEWAY 5.5 FOR LINUX/UNIX Kaspersky® SMTP-Gateway for Linux/Unix (hereinafter referred to as Kaspersky SMTP-Gateway or the application) is designed for anti-virus processing of SMTP mail traffic. The application is a full-featured mail relay (compliant with IETF RFC internet standards) that runs under Linux, FreeBSD and OpenBSD operating systems. The application allows the user to: • Scan email messages for viruses.
Kaspersky® SMTP-Gateway 5.5 for Linux/Unix • 7 Update the anti-virus databases. The application retrieves updates from the update servers of Kaspersky Lab. The application detects and cures infected objects using the anti-virus databases. During scans, the contents of each file are compared to the sample code of known viruses contained in the database. Please keep in mind that new viruses appear every day and therefore we recommend maintaining the anti-virus databases in an up-to-date state.
Kaspersky® SMTP-Gateway 5.5 for Linux/Unix 8 • Support of the DNS Black List technology, an internal client for the DNS service. • Monitoring of application status (watсhdog process). • Checking the syntax of the application configuration file and notification templates. 1.2.
Kaspersky® SMTP-Gateway 5.5 for Linux/Unix 9 Please note that the application working queue, quarantine directory, and archives of incoming and outgoing email are not included in the hard disk space required. If your network security policy requires the use of the above features, additional disk space will be needed. • at least 500 MB of available space in the /tmp file system. • One of the following operating systems: • Red Hat Enterprise Linux Advanced Server 3 • Red Hat Linux 9.
Kaspersky® SMTP-Gateway 5.5 for Linux/Unix 10 Before you unseal the envelope containing the CD, make sure you have carefully read the License Agreement . If you purchase our application online, you will download it from Kaspersky Lab's website; the copy also contains this manual. Your license key is either included in the installation package or will be sent to you by e-mail after payment.
Kaspersky® SMTP-Gateway 5.5 for Linux/Unix 11 1.6. Conventions Various formatting conventions are used throughout the text of this document depending on the purpose of a particular element. The table below lists the formatting conventions used. Style Bold type Meaning Menu titles, menu items, window titles, parts of dialog boxes, etc. Note. Attention! In order to perform the action, 1. Step 1. 2. … Task, example Solution Additional information, notes. Information requiring special attention.
CHAPTER 2. APPLICATION STRUCTURE AND TYPICAL DEPLOYMENT SCENARIOS Correct application setup and its efficient operation require knowledge of its structure and internal algorithms. It is also important for application deployment within an existing corporate email system. This chapter contains a detailed discussion of the application’s structure, architecture and operating principles as well as typical scenarios of its deployment. 2.1.
Application structure and typical deployment scenarios RFC documents http://www.ietf.org. mentioned above are available at: The application includes the following components: • smtpgw – the main component – a full-featured mail relay with built-in anti-virus protection. • licensemanager – component for managing license keys (installation, removal, viewing statistics).
Kaspersky® SMTP-Gateway 5.5 for Linux/Unix 14 Figure 2. The structure of Kaspersky SMTP-Gateway 2. The Receiver module performs preliminary email processing using the following criteria: • presence of the sender’s IP address in the list of blocked and/or trusted addresses including masks • compliance with the access restrictions specified for SMTP connections (see section 4.3 on p.
Application structure and typical deployment scenarios 15 Message addition to backup or quarantine directory does not block its delivery to the recipient. If you want to prevent its delivery to end recipients, you have to specify an additional action blocking it. 7. The Sender module receives each message from the ready-to-send queue and transfers it via the SMTP protocol to the onward mail agent to be delivered to local end users or rerouted to other mail servers. 8.
Kaspersky® SMTP-Gateway 5.5 for Linux/Unix 16 The application, being a mail relay, does not include a local mail delivery agent (MDA). Therefore, no matter which of the deployment scenarios is used, a mail system (or mail systems) that delivers email messages to the local users within the protected domains is required! 2.3.1.
Application structure and typical deployment scenarios • Specify in the routing table transfer of all scanned messages to the mail system via port 1025. In order to do this, specify the following value in the [smtpgw.forward] section of the application configuration file: ForwardRoute=*@company.com [host:1025] where: *@company.com is the mask for recipient addresses host – name of the your corporate mail server.
Kaspersky® SMTP-Gateway 5.5 for Linux/Unix 18 • Specify the list of all corporate local domains as a value for the ProtectedDomains option in the [smtpgw.network] section of the application configuration file ("*" and "?" wildcards can be used). Mail messages for the specified domains will be scanned.
Application structure and typical deployment scenarios 19 Deploying Kaspersky SMTP-Gateway may require changes of the settings for the mail clients throughout the company so that all outgoing mail messages are delivered to the application, which will transfer the messages to the external network after an anti-virus scan.
CHAPTER 3. INSTALLING THE APPLICATION Before installing Kaspersky SMTP-Gateway, it is necessary to: • Make sure that your system meets the hardware and software requirements (see section 1.3 on p. 8). • Configure your Internet connection. The application distribution package does not contain the anti-virus databases. They have to be retrieved from the update servers of Kaspersky Lab before you start using the application. • Log on to the system as root or as a privileged user. 3.1.
Installing the application 21 You can also use a universal distribution file for all Linux OS. Use this distribution file if your Linux version does not support the rpm or deb formats or if your administrator does not wish to use (or cannot use) a built-in package manager. The universal Kaspersky SMTP-Gateway distribution file is supplied as an archive (tar.gz). To initiate installation of Kaspersky SMTP-Gateway from the universal distribution file, do the following: 1. 2.
Kaspersky® SMTP-Gateway 5.5 for Linux/Unix 22 After you enter the command, the application will be installed automatically. 3.3. Installation procedure Installation errors can occur for a number of reasons. If an error message is displayed, make sure that your computer satisfies the hardware and software requirements (see section 1.3 on p. 8 and that you have logged into the system as a root. To install the application on the server, follow the steps below: Step 1.
Installing the application • Configuring the keepup2date component. • Installation (updating) of the anti-virus databases. 23 You must install the anti-virus databases before using the application. The procedure of detecting and disinfecting viruses relies on the use of the anti-virus database records that contain description of viruses known at the moment and the methods of disinfecting these viruses.
Kaspersky® SMTP-Gateway 5.5 for Linux/Unix 24 section). Full domain name of the server must be specified as the parameter value. • • Setting up the domain name that will be used to: • Assign the Postmaster address ([smtpgw.network] section, Postmaster parameter) • Assign the sender’s return address for notifications ([smtpgw.options] section, NotifyFromAdress parameter) • Define the administrator’s address ([smtpgw.
Installing the application After the system is installed and configured, it is recommended that you check the settings for Kaspersky SMTP-Gateway and test its performance. For more details, see Chapter 6 on p. 67. 3.5. Installing the Webmin module to manage Kaspersky SMTPGateway The activity of Kaspersky SMTP-Gateway can be controlled remotely via a web browser using Webmin. Webmin is a program, which simplifies administration of Linux/Unix systems.
Kaspersky® SMTP-Gateway 5.5 for Linux/Unix 26 Figure 4. Install Module section 4. Enter the path to the Webmin module of the product and click ОК. Webmin module is located in the kavsmtpgw.wbm file installed by default to the /opt/kav/5.5/smtpgw/setup/ directory (in Linux distributions) or the /usr/local/share/kav/5.5/smtpgw/setup directory (for FreeBSD and OpenBSD distributions). If the Webmin module is installed successfully, you will see a corresponding message on the display.
CHAPTER 4. USING THE APPLICATION Using Kaspersky SMTP-Gateway, you can build a comprehensive anti-virus protection system for email messages transferred through the mail server of your organization. The anti-virus protection system is based on the performance of tasks that represent major functionality of the application. The tasks implemented by Kaspersky SMTP-Gateway may be divided into three major groups: 1. Updates of the databases used for anti-virus scanning and disinfection of objects. 2.
Kaspersky® SMTP-Gateway 5.5 for Linux/Unix 28 ftp://downloads1.kaspersky-labs.com/ etc. The updcfg.xml file included in the installation package lists the URLs of all available update servers. The keepup2date component supports NTLM and Basic authentication for connections through a proxy server. To update the anti-virus databases, the keepup2date component selects an address from the list of update servers and tries to download updates from that server.
Using the application 29 This will print to the screen a list of all Kaspersky Lab applications including the keepup2date component, with their Application IDs. 4.1.1. Automatic updating of the anti-virus databases You can schedule regular automatic updates for the anti-virus databases using the cron utility. Task: Configure the application to update automatically your anti-virus databases every hour. An update server should be selected from the updcfg.xml file by default.
Kaspersky® SMTP-Gateway 5.5 for Linux/Unix 30 Task: start updating of the anti-virus databases, save updating results in the /tmp/updatesreport.log file. Solution: to accomplish the task, log in as the root (or any other privileged user) and enter in the command line: # keepup2date –l /tmp/updatesreport.
Using the application that of Kaspersky Lab’s update servers. This is a complicated task that deserves a detailed explanation. Task: create a shared local directory, from which the local computers will update their anti-virus databases. Solution: to accomplish the task, log in as the root (or any other privileged user) and do the following: 1. Create a local directory. 2. Run the keepup2date component as follows: # keepup2date –u where is the full path to the directory created. 3.
Kaspersky® SMTP-Gateway 5.5 for Linux/Unix 32 depending on whether this group contains both the sender’s and the recipient’s addresses present in the MAIL FROM and RCPT TO commands. The administrator can specify individual rules for processing of each mail message depending on the group of recipients/senders. Therefore, it is particularly important that the addresses must be associated with a correct group.
Using the application To create a new group of user addresses, 1. Create section [smtpgw.group:group_name] in the configuration file. 2. Specify sender and recipient addresses as the values of Senders and Recipients parameters (masks of addresses). To define masks, you can use the "*" and "?" wildcards. If you do not define the Recipients OR Senders parameters, the default value will be "*@*" At least one of the Senders or Recipients parameters must be specified.
Kaspersky® SMTP-Gateway 5.5 for Linux/Unix Figure 6. Message processing 4.2.2. General message processing algorithm In this section, we shall examine how the application processes email messages. When the server receives an email message: 1. The program determines the group of recipients this message belongs to. 2.
Using the application 3. Using a built-in MIME format identifier (RFC822, MIME, UUE), the application divides the message into its components, such as message body, attachments, etc. 4. If the application is configured to filter objects by name and/or attachment type, it applies the specified filtering rules for this message. If an object meets the filter conditions, the object will be assigned the Filtered status and will not be subjected to further anti-virus scanning. 5.
Kaspersky® SMTP-Gateway 5.5 for Linux/Unix 36 • Additional actions: • Block messages delivery to the recipients (see section 4.2.4.1 on page 40). • Deliver all messages, including infected messages (see section 4.2.4.2 on page 41). • Create and send alerts to the sender, administrator, and recipient (see section 4.2.4.3 on page 42). • Quarantine infected messages or place them to the backup storage (see section 4.2.4.5 on page 44).
Using the application 37 ActionProtected=pass ActionError=pass ActionFiltered=pass BlockMessage= NotifyAdmin=disinfected, infected, suspicious, protected, error NotifyRecipient=disinfected, infected, suspicious, protected, error 4.2.3.2. Delivery of clean or disinfected messages only Task: • Scan for viruses all incoming and outgoing mail traffic on the server; cure all infected objects in mail messages.
Kaspersky® SMTP-Gateway 5.5 for Linux/Unix 38 ActionProtected=remove ActionError=remove BlockMessage=infected NotifyAdmin=infected, suspicious, protected, error NotifyRecepient=infected, suspicious, protected, error 4.2.3.3. Removing infected attachments Task: • Scan for viruses all incoming and outgoing email on the server and cure all infected objects in mail messages. • Deliver to the recipients messages containing clean and disinfected objects only.
Using the application 39 NotifyRecepient= 4.2.3.4. Replacement of infected attachments with standard notifications Task: • Scan for viruses all incoming and outgoing email on the server and cure all infected objects in mail messages. • Deliver to the recipients messages containing clean and disinfected objects only. • Infected objects, which cannot be cured, must be deleted and replaced with a standard notification as well as suspicious, damaged or password-protected objects.
Kaspersky® SMTP-Gateway 5.5 for Linux/Unix 40 4.2.4. Additional tasks A discussion of additional tasks helps understand enhanced functionality of the application. The examples below help the administrator tune up the application for performing particular tasks to extend the functionality of the application and to tailor the application for the conditions and requirements of a particular organization. 4.2.4.1.
Using the application 41 NotifyAdmin=disinfected, infected, suspicious, protected, error NotifySender=disinfected, infected, suspicious, protected, error NotifyRecepient=disinfected, infected, suspicious, protected, error 4.2.4.2. Deliver infected messages In some situations you may wish to deliver all messages, including infected ones, to certain groups of users. Task: • Scan for viruses all incoming and outgoing email on the server.
Kaspersky® SMTP-Gateway 5.5 for Linux/Unix 42 4.2.4.3. Delivery of notifications to the sender, administrator and recipients Task: • Scan for viruses all mail traffic on the server and cure all infected objects. • Deliver to the recipients messages containing clean and disinfected objects only. • Block messages containing infected, suspicious, corrupted, and password-protected objects as well as objects, which the application failed to scan because of an error.
Using the application 43 NotifySender=disinfected, infected, suspicious, protected, error 4.2.4.4. Additional filtering of objects by name and type Email messages frequently contain objects where virus infection is highly probable (e.g., executable files). To avoid infection, we recommend that you configure the application to filter email by name and/or attachment types and save such objects in a separate directory. There are also objects, which cannot be infected with viruses (e.g., plain text files).
Kaspersky® SMTP-Gateway 5.5 for Linux/Unix 44 ActionFiltered=pass BlockMessage=infected, suspicious, protected, error, filtered NotifyAdmin=infected, suspicious, protected, error, filtered NotifyRecipient=infected, suspicious, protected, error, filtered NotifySender=infected, suspicious, protected, error, filtered 4.2.4.5. Backing up (quarantine, backup storage) You can configure Kaspersky SMTP-Gateway to move messages with certain statuses to a separate storage, such as quarantine or backup storage.
Using the application 45 account employed by the application for its operation (kavuser by default). 2. In the [smtpgw.ave] section of the configuration file assign parameter value as follows: [smtpgw.ave] Cure=true 3. In the [smtpgw.policy] section of the configuration file assign parameter value as follows: [smtpgw.
Kaspersky® SMTP-Gateway 5.5 for Linux/Unix 46 If the auto archiving option is enabled, copies of the following messages will be archived: • All incoming messages, including infected objects, without additionally notifying the administrator. Archiving of such messages is enabled when the path to the archive directory is specified as the value of the IncomingArchivePath parameter in the [smtpgw.path] section).
Using the application 47 You are also advised to enable restrictions for SMTP connections (see section 5.3 on p. 53). Furthermore, application version 5.5 supports the technology of DNS black lists (RBL). That technology allows blocking of mail receipt from unsafe servers registered in the RBL database as servers sending spam. The list of DNS Black List services is specified in the DNSBlackList parameter, [smtpgw.access] section of the application configuration file.
Kaspersky® SMTP-Gateway 5.5 for Linux/Unix 48 Therefore it is essential to extend in time your license to use Kaspersky SMTPGateway. You can also install an additional key. The application will start using it as soon as the current active key expires (see section 4.4.2 on p. 49). 4.4.1. Viewing information about license keys You can view information about the installed license keys in the reports of the smtpgw component.
Using the application 49 In the server console, you will see information similar to the following: Kaspersky license manager. Version 5.5.0.0/RELEASE Copyright (C) Kaspersky Lab. 1998-2005. Product name: Kaspersky SMTP-Gateway 1 month Creation date: 23-07-2004 Expiration date: 21-11-2004 Serial 02B1-000454-00053E3 Type: Commercial Lifespan: 30 4.4.2. Renewing your license Renewal of the license to use Kaspersky SMTP-Gateway will give you the right to re-enable full product functionality.
Kaspersky® SMTP-Gateway 5.5 for Linux/Unix 50 If the installation is successful, the following (or similar) information will be displayed on the server console: Kaspersky license manager. Version 5.5.0.0/RELEASE Copyright (C) Kaspersky Lab. 1998-2005. Key file 00053E3D.key is successfully registered We recommend that you update the anti-virus databases after the installation. If you want to install a new license key before the current license key expires, you can add it as a backup license key.
CHAPTER 5. ADVANCED APPLICATION SETTINGS This chapter discusses in detail the advanced settings of Kaspersky SMTPGateway. In contrast to main settings (see section 4.2 on page 31), that provide the application functionality, advanced settings can be configured optionally at the administrator’s discretion. 5.1. Configuring anti-virus protection of mail traffic Application settings in the [smtpgw.
Kaspersky® SMTP-Gateway 5.5 for Linux/Unix 52 When a message is scanned for the first time (if it has been flagged as Clean), data about the message (name, checksum, date) is saved to the iChecker database. The database path is defined by the ICheckerDBFilename option in the [smtpgw.options] section. Next time the message is sent to the AV module for scanning, the application first looks for that file in the iChecker database. If it finds a match, the current object is compared with the database record.
Advanced application settings optimal value for most cases and it is not recommended to alter it. • • Specify timeouts used by the application to send messages: • Maximum time for receiving data from the remote server when establishing an SMTP session (SendingInitialTimeout option). • Maximum time to start a mail session (command HELO/EHLO) (SendingHelloTimeout option). • Timeout for waiting for the response from the remote server to the MAIL FROM command (SendingMailTimeout option).
Kaspersky® SMTP-Gateway 5.5 for Linux/Unix 54 DOS attacks aimed at paralyzing your mail server with huge volumes of mail traffic. You can find all restriction settings in the [smtpgw.limits] section of the application configuration file. You can set the following restrictions: • Number of objects simultaneously processed by the Receiver, Sender and the AV modules (the IncomingSessions, OutgoingSessions, and AntiviralSessions options, respectively).
Advanced application settings 55 5.4. Setting up connection receiving interfaces The set of interfaces and ports, used by the application to receive the connections, is defined by ListenOn parameter in the [smptgw.network] section of the application configuration file. By default, Kaspersky SMTPGateway listens for connection on port 25 using all available interfaces.
Kaspersky® SMTP-Gateway 5.5 for Linux/Unix 56 is the name of the domain containing the mail server, where (according to MX records) the email must be sent. [:] is the delivery point (IP address or host name, port). For example, if you create the following record in section [smtpgw.forward]: ForwardRoute=*@domain.com [localhost:1025] then all mail messages to domain.com will be sent to port 1025 of the local host after an anti-virus scan.
Advanced application settings 57 If the check reveals errors, the following line will appear in the server console: Config is invalid see log for detail. 5.7. Syntax check in notification templates Version 5.5. of the application allows syntax checks of notification templates accomplished using the kltlv utility installed by default in the /opt/kav/5.5/smtpgw/bin directory (in Linux distributions) or in /usr/local/share/kav/5.5/smtpgw/bin (for FreeBSD distributions)).
Kaspersky® SMTP-Gateway 5.5 for Linux/Unix 58 It offers the following opportunities: • Reviewing of the whole storage contents or information on certain messages, e.g.: # ./klmaila --show-all --archivepath=/var/db/kav/5.0/smtpgw/arch_in Kaspersky Mail Archives Manager for Linux GLIBC 2.2 version 5.5.53/RELEASE, Copyright (C) Kaspersky Lab, 1997-2005 --QueueID--Status-Size-------ArrivalTime--------------Sender.../Recipient... iCMnF8AX05033 RCV 6375 Tue, 28 Dec 2004 12:22:49 +0000 172.16.10.
Advanced application settings 59 SIZE – message size (may be specified in bytes, kilobytes, and megabytes as determined by the respective prefixes) DATE – time and date of message receipt by the application IP – IP address of message sender SENDER – message sender’s address RECIPIENT – message recipient’s address (the field may contain several values). • Removal of all messages or a specified message from storage, e.g.,: # ./klmaila --remove-all --archivepath=/var/db/kav/5.
Kaspersky® SMTP-Gateway 5.5 for Linux/Unix 60 The klmailq utility can be started by a privileged user (root) only. It offers the following opportunities: • Reviewing the contents of working queue or information on specific messages in it. To display the information about all messages in the working queue, enter the following in the command line: # ./klmailq --show-all The utility will output to server console a report similar to the example below: Kaspersky Mail Queue Manager for Linux GLIBC 2.
Advanced application settings 61 A message in working queue may have any of the following statuses: WFC – message waiting for anti-virus scanning CHK – message being scanned for virus presence WFS – message waiting for creation of its virtual copies SPL – message being used for creation of virtual copies QUE – message waiting to be sent to its recipient SND – message being sent.
Kaspersky® SMTP-Gateway 5.5 for Linux/Unix 62 Message with QueueID jHrWPC7s86253 will be sent asap. A message can be sent ahead of the general queue only if it has QUE status (expects delivery to the recipient). Descriptions of command line options for klmailq utility can be found in section A.15 on p. 113, its return codes are described in section A.17 on p. 115. 5.10.
Advanced application settings 63 Value Meaning start Start the application. stop Stop the application. restart Stop and then start the application. reload Reinitialize the smtpgw component and reload the anti-virus database and the configuration file. reloadbases Reload the anti-virus databases. status Request the application status. stats Request the application statistics. recv-off Suspend the operation of the Receiver module. recv-on Resume the operation of the Receiver module.
Kaspersky® SMTP-Gateway 5.5 for Linux/Unix 64 5.12. Customizing date and time formats Kaspersky SMTP-Gateway generates reports on the activity of every component. This information always contains the date and time of report generation. By default, Kaspersky SMTP-Gateway displays the date and time according to the strftime standard: %H:%M:%S – displayed time format. %d/%m/%y – displayed date format.
Advanced application settings Level Level description Letter symbol 1 Errors E Information about other errors that may or may not lead to application shutdown, for example, file scan errors. 2 Warning W Notifications about errors that may lead to the application shutdown (license key expiration warning, out-of-disk-space warning, etc.).
Kaspersky® SMTP-Gateway 5.5 for Linux/Unix 66 administrator in the [locale]) section and the first letter of the report detail level. • envelope-id – email message identifier in the working queue of the application, to which the email message corresponds. • MESSAGE – message text that may have different formats depending on the type of the message. For the text of messages containing information about actions applied to email messages see section A.19 on p. 116. 5.14.
CHAPTER 6. TESTING APPLICATION OPERABILITY After you install and configure Kaspersky SMTP-Gateway, it is recommended that you test its settings and operability by using the following two methods: • Telnet program • EICAR test virus. 6.1. Testing the application using Telnet To test the application operation using Telnet it is necessary to: 1. Configure the connection to the server with the installed application using Telnet.
Kaspersky® SMTP-Gateway 5.5 for Linux/Unix 68 250-PIPELINING 250-8BITMIME 250-SIZE 10485760 250 DSN where: smtpgw.company.com is the name of the server being tested user is the client host name [127.0.0.1] is the client IP address. Enter in the command line: MAIL FROM: You will see the following (or similar) information: 250 2.1.0 OK Enter in the command line: RCPT TO: You will see the following (or similar) information: 250 2.1.
Testing application operability 6.2. Testing the application using EICAR This test "virus" recommended for application testing has been developed by (The European Institute for Computer Anti-Virus Research) specifically for the purpose of verification of the anti-virus software operation. It IS NOT A VIRUS and contains no code that may harm your computer. However, most products of anti-virus vendors identify it as a virus (The European Institute for Computer Antivirus Research).
Kaspersky® SMTP-Gateway 5.5 for Linux/Unix 70 Prefix Object type ERRO– Error when scanning the object. CURE– Infected. The object will be disinfected and the text in the infected file will be changed to CURE. DELE– Infected. The object will be deleted automatically. The first column of the table contains the prefixes that should be added to the beginning of the line in the standard test "virus" file (e.g., DELE–X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*).
CHAPTER 7. UNINSTALLING THE APPLICATION To uninstall Kaspersky SMTP-Gateway from server, you must be a privileged (root) user. If you are currently logged under a user account with lesser privileges, log on as root. The uninstallation process will automatically stop the application! When you are uninstalling the product, the application will be stopped, and all files and directories created during installation will be deleted.
CHAPTER 8. FREQUENTLY ASKED QUESTIONS This chapter contains a detailed discussion of questions most frequently asked by our users regarding the installation, configuration and operation of the application. Question: Is it possible to use Kaspersky SMTP-Gateway with anti-virus products of other vendors? No. We recommend uninstalling anti-virus products of other vendors prior to installation of Kaspersky SMTP-Gateway to avoid software conflicts.
Frequently asked questions 73 of overall security by disabling scanning of various file types, but we do not recommend doing so for users who want the best protection. For maximum user protection, Kaspersky SMTP-Gateway recognizes more than 700 formats of archived and compressed files. This is essential for anti-virus security, because harmful executable code may be hidden inside files of any recognized format.
Kaspersky® SMTP-Gateway 5.5 for Linux/Unix 74 To make sure your request is answered as soon as possible, follow these suggestions: 1. In the message header, specify your operating system, the name of Kaspersky Lab product you are experiencing problems with, and briefly describe the problem. For example: OpenBSD 3.6, Kaspersky SMTP-Gateway 5.5 for Linux/Unix, updating of the anti-virus databases does not function. 2. Compose your messages in plain text format. 3.
Frequently asked questions 75 Every year Kaspersky Lab increases the frequency of its updates issued for the anti-virus databases. Currently they are updated every hour. Updating of the application modules is an additional feature that allows both correction of discovered vulnerabilities and addition of new functions. Question: What are the changes to the updating service since version 5.0? The Kaspersky Lab 5.
Kaspersky® SMTP-Gateway 5.5 for Linux/Unix 76 Question: Can an intruder deliberately replace the anti-virus databases? Every anti-virus database has a unique signature verified by Kaspersky products while accessing the database. If the signature does not correspond to the one assigned at the Kaspersky Lab, or the date of the database is later than that of the license expiry, Kaspersky SMTPGateway will not use it. Question: The application cannot be started, the Sender module does not work, etc.
Frequently asked questions • For RedHat Linux distributions, the following line should be added to the /etc/man.config file: MANPATH /opt/kav/5.5/smtpgw/man • For OpenBSD distributions, /etc/man.conf file: _default old}/ the following line in the /usr/{share,X11R6,X11,contrib,gnu,\local}/{man,man/ should be supplemented as follows: _default /usr/{share,X11R6,X11,contrib,gnu,\local}/{man,man/ old,share/kav/5.
APPENDIX A. SUPPLEMENTARY INFORMATION ABOUT THE PRODUCT This annex describes the distribution of the application files after installation including a detailed description of the configuration file, command line keys for every component and their return codes, and generation of operational statistics. A.1.
Appendix A /etc/kav/5.5/smtpgw/ – directory containing the smtpgw.conf default application configuration file. /var/db/kav/5.5/smtpgw/ – directory containing application data and including the following subdirectories and files: /bases/ – directory containing the anti-virus databases and the updcfg.xml configuration file of the keepup2date component. /bases.backup/ – directory where the keepup2date component saves backup copies of the anti-virus databases.
Kaspersky® SMTP-Gateway 5.5 for Linux/Unix smtpgw – executable file of the anti-virus protection component; keepup2date – executable file of the component responsible for updating the anti-virus databases. licensemanager – executable file of the component responsible for management of license keys. kltlv – utility employed for template syntax checks. klmailq – utility for management of the application working queue. klmaila – utility for management of message archives.
Appendix A dsn.tmpl – template used for DSN messages generated by the application. disclaimer.tmpl – template used for generation of the disclaimer text appended to mail messages. /ichecker/ – directory for storing the working files of the iChecker database. /var/spool/kav/5.5/smtpgw/ – default directory used by the application to store the working queue of messages. /var/log/kav/5.5/smtpgw/ – directory for storing log files. OpenBSD distribution kit: /usr/local/share/kav/5.
Kaspersky® SMTP-Gateway 5.5 for Linux/Unix /backup/ – the default backup storage directory. /arch_in/ – default directory for storing the archive of all received email messages. /arch_out/ – default directory for storing the archive of all sent email messages. /stat/ – default directory for storing the statistics file. /templates/ – directory where the default application templates are installed: notify.tmpl – notification messages template. placeholder.
Appendix A The [path] section contains options that define the path to the critical files, which are necessary for the application to work properly: BasesPath – full path to the directory containing the anti-virus databases. Required parameter. LicensePath – full path to the directory containing license keys. Required parameter. The [locale] section contains date and time formats: DateFormat – format used by the components to display date in the report (strftime).
Kaspersky® SMTP-Gateway 5.5 for Linux/Unix 84 If a rule has been applied, the establishment/termination of an email session will be determined by the specified allow|deny value. HeloRule – defines application response to HELO/EHLO command received from a client.
Appendix A has_mx|no_mx corresponds to a situation, when it is possible/impossible to identify MX records for the domain specified in sender’s address transferred with the MAIL FROM SMTP command. The | value determines the mail recipient or a mask for email addresses of recipients. You can use the "*" and "?" wildcards to specify a mask for recipients' mail addresses; "*" stands for any address. The any keyword allows any sender's address.
Kaspersky® SMTP-Gateway 5.5 for Linux/Unix DNSBlackList=mail-abuse.org DNSBlackList=bl.spamcop.net DNSBlackList=block.blars.org The [smtpgw.ave] section contains the settings for anti-virus scanning of email: Cure=true|false – disinfect infected objects. The default value is: false. To enable this mode, set the option to true. ScanArchives=true|false – scan archives. The default value is: true. To disable this mode, set the option to false. ScanMailBases=true|false – scan mail databases.
Appendix A 87 MaximalIncomingMessageSize=64…204800 – maximum size (Kb) of an incoming message. The default value is: 10240. MaximalIncomingMessagesPerSession=1…1024 – maximum number of messages that can be received during one mail session. The default value is: 100. MaximalIncomingRcptsPerMessage=1…1024 – maximum number of recipients of a single message. The default value is: 100. MaximalIncomingSessionSize=64…2048000 – maximum size (KB) of incoming messages transferred within a single mail session.
Kaspersky® SMTP-Gateway 5.5 for Linux/Unix LogLevel=0|1|2|3|4|9 – the level of details in application work report (0 – Fatal, 1 – Error, 2 – Warning, 3 – Info, 4 – Activity, 9 - Debug). The default value is: 4. StatFilename – full name (including the path) of the file that stores the application performance statistics. The default value is: /var/db/kav/5.5/smtpgw/smtpgw.stat.
Appendix A the option is missing altogether, then the sent messages will not be archived. QueuePath – path to the directory that stores the working queue of objects to be processed by the application. Required parameter. ControlPath – path to the application control files. Required parameter. The [smtpgw.
Kaspersky® SMTP-Gateway 5.5 for Linux/Unix ReceivingDataTerminationTimeout=1…7200 – timeout (seconds) for terminating data transfer (CRLF.CRLF sequences). The default value is: 300. SendingInitialTimeout=1…1200 – timeout (seconds) for waiting for the response from a remote server when establishing an SMTP session. The default value is: 300. SendingHelloTimeout=1…1200 – timeout (seconds) for waiting for the response from a remote server to the HELO/EHLO command of the SMTP protocol.
Appendix A 91 Records in application cache are not removed automatically after their TTL expiry (the application at that does not use the outdated records). The frequency used to remove obsolete records from the cache is determined by the IPCacheRefreshPeriod, UnreachableCacheRefreshPeriod, MXCacheRefreshPeriod, and UnresolvedCacheRefreshPeriod parameters. MXCacheRefreshPeriod=60…259200 – time (seconds), which must elapse before the application removes from its cache MX records with expired TTL.
Kaspersky® SMTP-Gateway 5.5 for Linux/Unix 92 messages included into this group. The postmaster@localhost. Required parameter. default value is: NotifyFromAddress – email address from which the application will send notifications regarding the scan results for messages of this group. The default value is: MAILER-DAEMON@localhost. Required parameter. BackupPath – path to the backup storage folder. The default value is: /var/db/kav/5.5/smtpgw/backup. Required parameter.
Appendix A 93 Use of the template is defined by the AddDisclaimer option. You should modify the default template included into the distribution package to reflect the security policy of your company. ActionDisinfected=cure|pass|remove|placeholder – action to be applied to objects, which should be disinfected. Required parameter. ActionInfected=pass|remove|placeholder – action to be applied to infected objects. Required parameter.
Kaspersky® SMTP-Gateway 5.5 for Linux/Unix AddXHeader=true|false – an option to add an informational header to messages processed by the application. AddDisclaimer=true|false – an option to add disclaimer text generated according to the template specified by the administrator in the DisclaimerTemplate option. The [smtpgw.
Appendix A <"*"> (any name). If several masks have to be specified for filtering, each record must have the following format: IncludeByName=*exe IncludeByName=*.bat The values for the ExcludeByName, IncludeByMime ExcludeByMime options are specified in the same manner. and ExcludeByName – defines masks for filtering out attachment names. The application will filter out the objects with names not matching these masks and matching the masks used to define inclusions into scanning.
Kaspersky® SMTP-Gateway 5.5 for Linux/Unix ActionInfected=pass|remove|placeholder – action to be applied to infected objects. If this option is not defined, the value of a similar parameter from the [smtpgw.policy] section will be used. ActionSuspicious=pass|remove|placeholder – action to be applied to objects that are suspected of being infected with an unknown virus. If this option is not defined, the value of a similar parameter from the [smtpgw.policy] section will be used.
Appendix A 97 scan results. The objects with these statuses will be moved to the quarantine or to the backup directory. If this parameter is not defined, the value of the same parameter from section [smtpgw. policy] will be used. AddXHeader=true|false – an option to include an informational header to messages processed by the application. AddDisclaimer=true|false - an option to add disclaimer text generated according to the template specified by the administrator in the DisclaimerTemplate option.
Kaspersky® SMTP-Gateway 5.5 for Linux/Unix 98 the application will try to download updates from a different server from the list of Kaspersky Lab’s update servers. The default value is: 20. UseProxy=true|false – use a proxy-server to connect to one of Kaspersky Lab’s update servers. If the parameter is false – proxy server will not be used. If the parameter is true, proxy server address, defined by the ProxyAddress parameter, will be used.
Appendix A The task may be accomplished through addition into the configuration file (in any location) of a line that looks like: !include where stands for an absolute path to the specified external configuration file; the file must exist and be available for reading. The opportunity may be used, e.g., for definition of parameters for a certain group of users in a separate file. In that case, modification of settings for that group would require modification of that file only.
Kaspersky® SMTP-Gateway 5.5 for Linux/Unix 100 RelayRule=allow from any to file:/my-recipients.list RelayRule=deny from any to * or, to enable transfer both of incoming and outgoing mail for those addresses: [smtpgw.access] RelayRule=allow from any to file:/my-recipients.list RelayRule=allow from file:/my-recipients.list to * RelayRule=deny from any to * External files cannot be used to define parameters specified in the [updater.
Appendix A .c_avir_on Start the AV module. .c_avir_off Stop the AV module. .c_send_on Start the Sender module. .c_send_off Stop the Sender module. .c_db_reload Application restart with anti-virus database reloading. To initiate an action, create a file with the corresponding name in the directory specified as the value for the ControlPath parameter in the [smtpgw.path] section.
Kaspersky® SMTP-Gateway 5.5 for Linux/Unix Parameter name Parameter value mta_received_recipients Number of recipients of incoming messages successfully received by the server since its initialization. mta_sent_messages Number of outgoing messages successfully sent by the server since its initialization. mta_sent_bytes Number of bytes successfully sent by the server since its initialization.
Appendix A 103 Parameter name Parameter value mta_incoming_connections_refused_for_connections_limit Number of incoming connections rejected by the server since its initialization because to the limit on the number of simultaneous incoming connections. mta_incoming_connections_refused_for_connections_per_ip_limit Number of incoming connections rejected by the server since its initialization due to the limit on the number of simultaneous incoming connections from a single IP address.
Kaspersky® SMTP-Gateway 5.5 for Linux/Unix Parameter name Parameter value mta_receivings_refused_total Total number of incoming connections rejected by the server since its initialization. mta_receivings_refused_for_message_size_limit Total number of incoming connections rejected by the server because of the message size since server startup. mta_receivings_refused_for_session_size_limit Number of incoming messages rejected by the server since its initialization because of the session size limit.
Appendix A 105 Parameter name Parameter value antiviral_checking_sessions_maximum Maximum number of anti-virus scanning sessions since the server initialization. antiviral_checked_objects_total Total number of objects checked for virus presence since the server initialization. antiviral_checked_objects_through_ichecker Number of clean objects with status assigned using iChecker™ since server initialization.
Kaspersky® SMTP-Gateway 5.5 for Linux/Unix 106 Parameter name Parameter value antiviral_notifications_generated_for_sender Number of sender notifications generated since the server initialization. antiviral_notifications_generated_for_recipients Number of recipient notifications generated since the server initialization. antiviral_notifications_generated_for_admin Number of administrator notifications generated since the server initialization.
Appendix A --conf–file= -d or --no–daemon Do not run the component as a daemon process. -p Use the alternative PID file . or --pid–file= -n Do not use the PID file. or –no-pid-file -u or Define the user as the owner of the process. --user= -o Do not change the user-owner of the process. or --no-change-owner -w Do not launch the watchdog process.
Kaspersky® SMTP-Gateway 5.5 for Linux/Unix 108 A.8. Smtpgw return codes The smtpgw component may return any of the following codes while running: 0 The component started successfully. 1 Error in command line options. 30 A critical system error occurred during the application operation. 41 The PID file already exists. 42 The PID file cannot be created. 43 Unable to run the daemon process for the application. 44 The UID and GID of the process owner cannot be changed.
Appendix A A.9. Command line options for licensemanager Help options -h Display on the console reference information about the command line options supported by the component and exit. Command line options for managing license keys -s Output information about all installed license keys to the console. -c (С) Use the alternative configuration file . -k Output to the console information about the current key. -a Install a license key.
Kaspersky® SMTP-Gateway 5.5 for Linux/Unix 110 A.11. Keepup2date command line options Help options -h Display on the console reference information about the command line options supported by the component and exit. -v Display the application version on the console and exit. -p Update the application version with a specified only. -i Output to console a list of all installed Kaspersky Lab applications.
Appendix A 1 The anti-virus databases were updated successfully. 10 A critical error occurred; updating was interrupted. 30 The PostUpdaterCmd command could not be executed after the databases were updated. 60 License information is missing or no license key was found using the path specified in the configuration file. 75 The configuration file cannot be loaded or contains errors. A.13.
Kaspersky® SMTP-Gateway 5.5 for Linux/Unix 112 Unexpected space-char in the declaration, line LN The parser found a ' ' character that is not allowed for the current construction in LN line during template examination. Unexpected '=' in declaration, line LN the The parser found a '=' character that is not allowed for the current construction in LN line during template examination.
Appendix A A.14. Return codes for the kltlv utility The kltlv utility may return the following codes while running: 0 Template has correct syntax. 1 Template name for examination has not been specified. 2 Template file cannot be opened. 3 Template has incorrect syntax. 4 System error in template parser operation. A.15. Command line options of the klmailq utility Help options -? Output to console help information about the utility and exit.
Kaspersky® SMTP-Gateway 5.5 for Linux/Unix 114 --remove-all queue. -d QueueID Remove QueueID message from the application working queue. --remove-id=QueueID -a Send all messages in application working queue to recipients. --send-all -o QueueID --send-id=QueueID Send QueueID message from the application working queue to recipients. A.16. Command line options for the klmaila utility Help options -? Output to console help information about the utility and exit.
Appendix A -r Remove all messages preserved in storage. --remove-all -d QueueID Remove QueueID message preserved in storage. --remove-id=QueueID -a Send all messages from storage to their original recipients. --send-all -o QueueID --send-id=QueueID Send QueueID message from storage to its original recipients. A.17. Return codes for the klmaila and klmailq utilities The klmaila and klmailq utilities may return the following codes while running: 0 The utility has finished its operation.
Kaspersky® SMTP-Gateway 5.5 for Linux/Unix 116 Time\tSize\tSender\tRecipients\tStatus\tVirusList\tIP \tMessage-id The table below contains descriptions of each parameter. If the parameter is optional, the corresponding field in the report line may remain blank. Symbolic name Value Note Time Record creation time Size Record size Sender Sender’s email address Recipients Email addresses of recipients. Several addresses can be listed. Status List of statuses assigned after the anti-virus scan.
Appendix A envelope-id – message identifier in the application working queue; from – value received from the MAIL FROM command nrcpt – number of the recipients of this email message (transmitted with the RCPT TO command(s)) size – message size client – IP address of the client’s host helo – client’s domain name, received from HELLO/EHLO command message_id – message ID flags – flag(s), that have the following meanings: • E – used ESMTP • D – client requested DSN-confirmations.
Kaspersky® SMTP-Gateway 5.5 for Linux/Unix 118 srcid – original message ID. When a copy of an email message is created (for the delivery of that message to different groups of recipients) the following line will be added to the log file: envelope-id: SPLITTED, domain=<...>, nrcpt=..., srcid=...
APPENDIX B. KASPERSKY LAB Founded in 1997, Kaspersky Lab has become a recognized leader in information security technologies. It produces a wide range of data security software and delivers high-performance, comprehensive solutions to protect computers and networks against all types of malicious programs, unsolicited and unwanted email messages, and hacker attacks. Kaspersky Lab is an international company.
Kaspersky® SMTP-Gateway 5.5 for Linux/Unix 120 B.1. Other Kaspersky Lab Products Kaspersky Anti-Virus® Personal Kaspersky Anti-Virus Personal protects home computers running Windows 98/ME/2000/NT/XP from all types of known viruses, including Riskware. The application constantly checks all possible sources of virus penetration, such as email, Internet, floppy disks, CDs, etc. Unknown viruses are efficiently detected and processed by a unique heuristic data analysis system.
Appendix B 121 Kaspersky Anti-Virus Personal Pro features: • on-demand scans of local disks to detect all known, and many unknown, kinds of viruses; • automatic real-time protection of all files from viruses; • mail filter that scans all incoming and outgoing messages in background mode; • behavior blocker that guarantees 100% protection against macro viruses.
Kaspersky® SMTP-Gateway 5.5 for Linux/Unix 122 Kaspersky Security for PDA protects your handheld (PDA) from unauthorized intrusion by encrypting both access to the device and data stored on memory cards. ® Kaspersky Anti-Virus Business Optimal This package provides a configurable security solution for small- and mediumsized corporate networks.
Appendix B 123 • Email systems, including Microsoft Exchange Server 5.5/2000/2003, Lotus Notes/Domino, Sendmail, Postfix, Exim and Qmail; • Internet-gateways: CheckPoint Firewall –1; MS ISA Server; • Hand-held computers (PDAs), running Windows CE and Palm OS. The Kaspersky Corporate Suite distribution kit includes Kaspersky Administration Kit, a unique tool for automated deployment and administration.
Kaspersky® SMTP-Gateway 5.5 for Linux/Unix 124 B.2. Contact Us If you have any questions, comments, or suggestions, please refer them to one of our distributors or directly to Kaspersky Lab. We will be glad to advise you on any matters related to our product by phone or via email. Rest assured that all of your recommendations and suggestions will be thoroughly reviewed and considered. Technical support Please find the technical support information at http://www.kaspersky.com/supportinter.
APPENDIX C. LICENSE AGREEMENT End User License Agreement NOTICE TO ALL USERS: CAREFULLY READ THE FOLLOWING LEGAL AGREEMENT ("AGREEMENT") FOR THE LICENSE OF SPECIFIED SOFTWARE ("SOFTWARE") PRODUCED BY KASPERSKY LAB ("KASPERSKY LAB"). IF YOU HAVE PURCHASED THIS SOFTWARE VIA THE INTERNET BY CLICKING THE ACCEPT BUTTON, YOU (EITHER AN INDIVIDUAL OR A SINGLE LEGAL ENTITY) CONSENT TO BE BOUND BY AND BECOME PARTY TO THIS AGREEMENT.
Kaspersky® SMTP-Gateway 5.5 for Linux/Unix THE RIGHT TO RETURN AND REFUND EXTENDS ONLY TO THE ORIGINAL PURCHASER. All references to "Software" herein shall be deemed to include the software activation key ("Key Identification File") with which you will be provided by Kaspersky Lab as part of the Software. 1. License Grant.
Appendix C 127 1.1.4 You shall not make error corrections to, or otherwise modify, adapt, or translate the Software, nor create derivative works of the Software, nor permit any third party to copy the Software (other than as expressly permitted herein). 1.1.5 You shall not rent, lease or lend the Software to any other person, nor transfer or sub-license your license rights to any other person. 1.1.
Kaspersky® SMTP-Gateway 5.5 for Linux/Unix may terminate this Agreement at any point by destroying all copies of the Software and the Documentation. 3. Support.
Appendix C 129 6. Limited Warranty. (i) Kaspersky Lab warrants that for six (6) months from first download or installation the Software purchased on a physical medium will perform substantially in accordance with the functionality described in the Documentation when operated properly and in the manner specified in the Documentation. (ii) You accept all responsibility for the selection of this Software to meet your requirements.
Kaspersky® SMTP-Gateway 5.5 for Linux/Unix (d) Loss of anticipated savings; (e) Loss of business; (f) Loss of opportunity; (g) Loss of goodwill; (h) Loss of reputation; (i) Loss of, damage to or corruption of data, or: (j) Any indirect or consequential loss or damage howsoever caused (including, for the avoidance of doubt, where such loss or damage is of the type specified in paragraphs (ii), (a) to (ii), (i).