Using the Product in Proxy Mode

 Top  Previous  Next

This option is available only in the product distributions for GNU/Linux OSes.

If you use a mail server that is unable to communicate with Dr.Web for UNIX Mail Servers via Milter, Spamd or Rspamd, or using the ClamAV protocol (directly using the Dr.Web ClamD component), configure the Dr.Web Firewall for Linux component so that information received via the Internet gateway, with Dr.Web for UNIX Mail Servers installed on it, were scanned by the SpIDer Gate network connections monitor (a transparent proxy mode).

1) Configuring Dr.Web MailD Parameters

To configure Dr.Web for UNIX Mail Servers, first you will need to review the current values of parameters in the configuration file in the settings section of Dr.Web MailD (the [MailD] section) and change them if necessary:

Using parameters TemplateContacts and ReportLanguages, determine parameters of email generation when repacking email messages with threats and/or spam. As the value of parameter RepackPassword, indicate method of generation of passwords for protected archives with threats that are going to be added to email messages once unpacked (value None, indicated by default, allows to abandon the protection of archives with a password, which is permissible but not recommended).

2) Configuring the transparent proxy parameters

To configure the transparent proxy mode, change the value of the InputDivert parameter, which is located in the configuration file, in the section with the settings of Dr.Web Firewall for Linux (the [LinuxFirewall] section):

InputDivert = Auto(interface:<network interface> protected:<list of ports>)

where

<network interface>—is the name of a network interface (eth0, wlan etc.) through which inbound connections that must be checked are accepted by the mail server.

<list of ports>—a list of hosts’ port numbers the connections of which must be aiming in order to be checked (25, 110, 143, etc.).

To view and to change the settings of Dr.Web Firewall for Linux and SpIDer Gate you can use the following means:

The command-line-based management tool—Dr.Web Ctl (use the drweb-ctl cfshow and drweb-ctl cfset commands).

The management web interface of Dr.Web for UNIX Mail Servers (by default, you can access it via a web browser at https://127.0.0.1:4443/).

For example, the following command:

# drweb-ctl cfset LinuxFirewall.InputDivert Auto(interface:eth0 protected:25,110,143)

It will configure Dr.Web Firewall for Linux in such a way that the data received via the eth0 network interface and directed to ports 25 (usually SMTP protocol), 110 (usually POP3 protocol) or 143 (usually IMAP protocol) will be checked by SpIDer Gate that will redirect them for check to the email scanning component Dr.Web MailD.

Moreover, it is necessary to make sure that the scan of corresponding mail protocols by SpIDer Gate is enabled (parameters InspectSmtp, InspectPop3, InspectImap are set to On).

To provide integration of Dr.Web for UNIX Mail Servers into the channels of email delivery that use the SSL/TLS secure connection, the following additional actions are required:

Enable scanning of the traffic transmitted via SSL/TLS by indicating the value of the corresponding parameter by executing the command:

# drweb-ctl cfset LinuxFirewall.UnwrapSsl Yes

It is recommended that the command cfset of the tool drweb-ctl or management web interface is used, because in this case the scanning rules will change automatically. They depend on this parameter.

Export a certificate, which will be used by Dr.Web for UNIX Mail Servers for integration into the protected SSL/TLS channels by executing the command (it is necessary to indicate the name of the file used for saving the certificate in the PEM format):

$ drweb-ctl certificate > <cert_name>.pem

Add an obtained certificate to the system list of trusted certificates and, possible, write it as the trusted certificate for mail clients and server. For details, see Appendix E. Generating SSL certificates section.

3) Setting the Scanning Parameters

It is necessary to indicate the following parameters in the configuration file, in the section of the settings of Dr.Web Firewall for Linux (the [LinuxFirewall]) section):

1.Parameters of scanning of email messages and attachments detected in them (ScanTimeout, HeuristicAnalysis, PackerMaxLevel, ArchiveMaxLevel, MailMaxLevel, ContainerMaxLevel, MaxCompressionRatio) that limit the length and resource intensity of email message scanning. When a fine-grained configuration is not required, it is recommended that values for parameter data are kept in their default state.

2.Parameters of scanning of links and files in email messages by indicating the corresponding parameters Block*.

3.Indicate the parameter of the value BlockUnchecked, that defines the reaction of Dr.Web MailD to impossibility of scanning of the received email message (exceeding the set limits (see previous item), violation of email message structure, anti-virus engine error, availability of attached archives protected with a password, etc.). If this parameter is set to Yes, then in case of impossibility to scan an email message and/or its attachments, MTA will receive a setting to reject this email message.

4.To configure the filtering rules for emails in a more fine-grained way (on the basis of various conditions), you can also edit the rules RuleSet (description of rules is available in Appendix D in Administrator manual).

After all settings are adjusted, restart Dr.Web for UNIX Mail Servers (use the command drweb-ctl reload). You can also restart the configuration daemon Dr.Web ConfigD (use the service drweb-configd restart command).