When "after-queue" integration is used and messages are forwarded to Kaspersky Security 8 for Linux Mail Server for scanning and then returned to the Postfix mail server, the following conditions must be satisfied:
socket-in. This socket is specified in the configuration file of the program at step 9 of the instructions below.scanner socket. This socket is specified while running the initial configuration script.socket-out. This socket is specified in the configuration file of the program at step 9 of the instructions below.When Kaspersky Security 8 for Linux Mail Server is integrated with the Postfix mail server, socket-in may point only to a network socket; scanner and socket-out can point to a network socket or to a local socket.
To perform after-queue integration of Kaspersky Security 8 for Linux Mail Server with Postfix:
#klms-begin-afterqueue-filter
content_filter = klms_postfix-afterqueue:$sock_postfix_format
#klms-end-afterqueue-filter
where $sock_postfix_format is the IP address and port number on which the filter listens for incoming connections, in the <IP address>:<port> format (for a network socket).
Example:
|
#klms-begin-afterqueue-filter
klms_postfix-afterqueue unix - - n - - smtp
-o smtp_send_xforward_command=yes
127.0.0.1:$forward_port inet n - n - - smtpd
-o content_filter=
-o receive_override_options=no_unknown_recipient_checks, no_header_body_checks,no_address_mappings
-o smtpd_helo_restrictions=
-o smtpd_client_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8,[::1]/128
-o smtpd_authorized_xforward_hosts=127.0.0.0/8,[::1]/128
-o smtpd_tls_security_level=none
-o message_size_limit=0
#klms-end-afterqueue-filter
where the 127.0.0.1:$forward_port inet n - n - - smtpd string is required to enable Postfix to accept processed messages from the filter and listen for data on $forward_port.
Example:
|
#klms-begin-afterqueue-filter
klms_postfix-afterqueue unix - - n - - smtp
-o smtp_send_xforward_command=yes
$unix_socket_name unix n - n - - smtpd
-o receive_override_options=no_unknown_recipient_checks, no_header_body_checks,no_address_mappings
-o smtpd_helo_restrictions=
-o smtpd_client_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8,[::1]/128
-o smtpd_authorized_xforward_hosts=127.0.0.0/8,[::1]/128
-o smtpd_tls_security_level=none
-o message_size_limit=0
#klms-end
where the $unix_socket_name unix n - n - - smtpd string is required to enable Postfix to accept processed messages from the filter and listen for data on the $unix_socket_name unix socket.
Example:
|
POSTFIX_INTEGRATION_TYPE=afterqueue
START_SMTP_PROXY=1
true value in the [global] section for theheader-guard setting.[smtp_proxy] section, specify the following settings:socket-in=<IP address and port number> specified at Step 2 of the wizard for $sock_postfix_format
socket-out=<IP address and port number> or <UNIX socket> specified at step 4 of the instructions for $forward_port or $unix_socket_name in the inet:<port>@<IP address> format (for a network socket) or unix:<path to the UNIX socket> (for a local socket).
integration=afterqueue
Example 1:
Example 2:
|