When interacting with CGP, drweb-cgp-sender module of Dr.Web MailD performs functions of Sender. The module is started with privileges of the mail group to enable writing to the cgp directory. drweb-cgp-receiver module of Dr.Web MailD performs functions of Receiver. The module is started by CGP mail system with root privileges.
To assure proper operation of Dr.Web MailD in this configuration, explicitly specify the name of the user with whose privileges other Dr.Web MailD modules are started. This name can be set in the ChownToUser parameter from the [CgpReceiver] settings section in the Dr.Web MailD configuration file, or you can specify an empty parameter value and run the whole suite with root privileges.
Interaction between Dr.Web MailD and CGP mail system has the following features: it is performed locally (via the PIPE mechanism), Dr.Web MailD performs functions of a content filter and, thus, cannot modify message headers. Therefore, when Dr.Web MailD needs to change message headers, for example, to mark a message as spam (usually by adding the "[SPAM]" string to the message subject), the following method is used: Dr.Web MailD sends CGP a notification with request to reject the original message and simultaneously adds the modified message to the queue of incoming email. The message is checked by Dr.Web MailD for the second time and the following actions are applied to prevent looping:
•The drweb-cgp-receiver module skips all messages received via PIPE without check. As drweb-cgp-sender loads new messages to CGP via PIPE, the repeated check is prevented. However, this results in skipping all other messages queued by any program via PIPE.
•To avoid skipping such messages, it is recommended to add a special header to them. This is configured by UseSecureHash and SecureHash parameters in the [CgpSender] section of the Dr.Web MailD configuration file. If the UseSecureHash parameter value is set to Yеs, such header with the X-DrWeb-Hash name is added to a message when being assigned to the queue of CGP incoming email. The SecureHash parameter value determines the text of the header.
•In this case, messages received from the mail system are transmitted for delivery bypassing the check if they both were queued via PIPE and contain the X-DrWeb-Hash header with the value specified in the SecureHash parameter. The drweb-cgp-receiver module transmits the messages for final delivery after the value is cleared (by substituting characters with white spaces). Messages without such header are transmitted for check.
Note that Dr.Web MailD operating as a content filter cannot remove headers; so, if a message was repeatedly checked, its end users receive the message with an empty (filled with white spaces) X-DrWeb-Hash header, which does not influence display of the message content.
|
Note that this parameter is used by both Sender and Receiver, so after the parameter value is changed, sending a SIGHUP signal to Dr.Web Monitor component is not enough (that instructs only Sender to reread its configuration). To instruct Receiver to reread the changed value, restart CGP, as this mail system runs the component. |
All settings that manage operation of Dr.Web MailD with CGP are collected in the [CgpReceiver] and [CgpSender] sections of the Dr.Web MailD configuration file and are described in the [CgpReceiver] and [CgpSender] sections respectively.
When Dr.Web MailD is working with CGP, the following modules must be running in the system (this is specified in mmc file of the Dr.Web Monitor):
•drweb-notifier
•drweb-cgp-sender
•drweb-maild
Also it is additionally necessary to make, that the Dr.Web Monitor component has been launched with the root privileges (to provide this, specify root value for User and Group parameters in the [Monitor] section of monitor.conf configuration file).