Integration using the Milter protocol

When integrating Kaspersky Security 8 for Linux Mail Server with the Postfix mail server over the Milter protocol, the forwarding of messages to Kaspersky Security 8 for Linux Mail Server for scanning and their return to the Postfix mail server requires that the following conditions are met:

• The filter must be configured to intercept messages from the Postfix mail server via socket. This socket is specified in the configuration file of the program at step 7 of the instructions below.
• The filter must forward messages to Scan Logic for scanning via the scanner socket. This socket is specified while running the initial configuration script.

When Kaspersky Security 8 for Linux Mail Server is integrated with the Postfix mail server, socket and scanner can point to a network socket or to a local one.

To integrate Kaspersky Security 8 for Linux Mail Server with Postfix using the Milter protocol:

1. Enter the following command:

   postconf -e smtpd_milters=$milter_socket

   where $milter_socket stands for the IP address and port number or the UNIX socket that the filter uses to listen for incoming connections as follows: inet:<IP address>:<port> (for a network socket) or unix:<path to UNIX socket> (for UNIX sockets).

2. Open the configuration file main.cf.
3. Add the following strings to the end of the main.cf file:

   #lms-milter-begin

   milter_connect_macros = j _ {daemon_name} {if_name} {if_addr}

   milter_helo_macros = {tls_version} {cipher} {cipher_bits} {cert_subject} {cert_issuer}

   milter_mail_macros = i {auth_type} {auth_authen} {auth_ssf} {auth_author} {mail_mailer} {mail_host} {mail_addr}

   milter_rcpt_macros = {rcpt_mailer} {rcpt_host} {rcpt_addr}

   milter_default_action = $fail_type

   milter_protocol = 3

   milter_connect_timeout=180

   milter_command_timeout=180

   milter_content_timeout=600

   #lms-milter-end

   where $fail_type can take the values: reject, accept or tempfail.

   ${fail_type} defines the action to be taken by the Postfix mail server on messages if the filter works incorrectly.

   • reject – reject the message.
   • accept – skip without scanning.
   • tempfail – send a temporary error notification to the mail sender.

     The recommended option is tempfail.

4. Open the file /var/opt/kaspersky/klms/installer.dat (under Linux) or /var/db/kaspersky/klms/installer.dat (under FreeBSD).
5. Add the following lines to the file:

   POSTFIX_INTEGRATION_TYPE= milter

   START_MILTER=1

6. Open the file /etc/opt/kaspersky/klms/klms_filters.conf (under Linux) or /usr/local/etc/kaspersky/klms/klms_filters.conf (under FreeBSD).
7. Specify the IP address and port number or UNIX socket that the filter will use to listen for incoming connections in the following string of the [milter] section:

   socket=<IP address and port number> or <UNIX socket> specified at Step 1 for $milter_socket

   in the format inet:<port>@<IP address> (for a network socket) or unix:<path to UNIX socket> (for a UNIX socket).

   Example: socket=inet:10025@127.0.0.1

8. In the [global] section, set the false value for the header-guard setting.
9. Restart the klms service.
10. Restart the Postfix mail server.

Page top