After-queue integration by rerouting
August 21, 2023
ID 43875
When "after-queue" integration is used and messages are rerouted to Kaspersky Security 8 for Linux Mail Server for scanning and then returned to the Exim mail server, the following conditions must be satisfied:
- The filter must be configured to intercept messages from the Exim mail server via
socket-in.This socket must be specified in the configuration of the program. - The filter must forward messages to Scan Logic for scanning via the
scanner socket.This socket must be specified in the configuration of the program. - The filter must return messages to the Exim mail server via
socket-out.This socket must be specified in the configuration of the program.
When after-queue integration with the Exim mail server is used for rerouting, socket-in, scanner, and socket-out must point to a network socket.
Depending upon the specific distribution of the operating system, you have to modify one or several configuration files of the Exim mail server. For example, in Debian and Ubuntu, the Exim mail server configuration may consist of several files in the /etc/exim/conf.d directory or a single file only.
To perform after-queue integration of Kaspersky Security 8 for Linux Mail Server with Exim by rerouting:
- Make a backup copy of the Exim configuration file (files).
- In the
[routers]section of Exim configuration file(s), add after the linebegin routersadd the following lines:
#klms-filter-begin-2klms_dnslookup:driver = dnslookupdomains = ! +local_domainsignore_target_hosts = 0.0.0.0 : 127.0.0.0/8verify_onlypass_router = smtp_proxyno_moreklms_system_aliases:driver = redirectallow_failallow_deferdata =${lookup{$local_part}lsearch{/etc/aliases}}verify_onlypass_router = smtp_proxyklms_localuser:driver = acceptcheck_local_userverify_onlypass_router = smtp_proxycannot_route_message = Unknown userfailed_address_router:driver = redirectverify_onlycondition = "{0}"allow_faildata = :fail: Failed to deliver to addressno_moresmtp_proxy:driver = manualroutecondition = "${if or {{eq {$interface_port}{$forward_port}} \\{eq {\$received_protocol}{spam-scanned}} \\}{0}{1}}"transport = smtp_proxyroute_list = "* localhost byname"self = send#klms-filter-end-2where
$forward_portis the port number of the socket to which the message will sent after being scanned by Kaspersky Security 8 for Linux Mail Server. - In the
[transports]section of Exim configuration file(s), add after the linebegin transportsadd the following lines:
#klms-filter-begin-3smtp_proxy:driver = smtpport = $scanner_portdelay_after_cutoff = falseallow_localhost#klms-filter-end-3where
$scanner_portstands for the port, which filter uses to wait for messages. - In the main Exim configuration file (exim.conf or update-exim.conf.conf), specify the substring in the form
127.0.0.1.$forward_portas follows:dc_local_interfaces=<IP adress1>.<port1>:127.0.0.1.$forward_portor
local_interfaces=<IP address1>.<port1>:127.0.0.1.$forward_portwhere the
127.0.0.1.$forward_portsubstring is required to enable the Exim mail server to accept processed messages from the filter and listen for data on$forward_port. - Compile the Exim configuration file (files) according to your operating system settings.
- Open the file /var/opt/kaspersky/klms/installer.dat (under Linux) or /var/db/kaspersky/klms/installer.dat (under FreeBSD).
- Add the following lines to the file:
EXIM_INTEGRATION_TYPE= after-queueSTART_SMTP_PROXY=1 - Open the file /etc/opt/kaspersky/klms/klms_filters.conf (under Linux) or /usr/local/etc/kaspersky/klms/klms_filters.conf (under FreeBSD).
- In the
[smtp_proxy]section, specify the following settings:socket-in=inet:$scanner_port@127.0.0.1socket-out=inet: $forward_port@127.0.0.1 - Set the
truevalue in the[global]section for theheader-guardsetting. - Restart the klms service.
- Restart Exim mail server.
