After-queue integration

When "after-queue" integration is used and messages are forwarded to Kaspersky Security 8 for Linux Mail Server for scanning and then returned to the Postfix mail server, the following conditions must be satisfied:

• The filter must be configured to intercept messages from the Postfix mail server via socket-in. This socket must be specified in the configuration of the program.
• The filter must forward messages to Scan Logic for scanning via the scanner socket. This socket must be specified in the configuration of the program.
• The filter must return messages to the Postfix mail server via socket-out. This socket must be specified in the configuration of the program.

When Kaspersky Security 8 for Linux Mail Server is integrated with the Postfix mail server, socket-in, scanner, and socket-out can point to a network socket or to a local one.

To perform after-queue integration of Kaspersky Security 8 for Linux Mail Server with Postfix:

1. Open the configuration file main.cf.
2. Add the following strings to the end of the main.cf file:

   #klms-begin-afterqueue-filter

   content_filter =klms_postfix-afterqueue:$sock_postfix_format

   #klms-end-afterqueue-filter

   where $sock_postfix_format stands for the IP address and port number or the UNIX socket that the filter uses to listen for incoming connections as follows: inet:<IP address>:<port> (for a network socket) or unix:<path to UNIX socket> (for UNIX sockets).

3. Open the configuration file master.cf.
4. Add the following strings to the end of the master.cf file:

   #klms-begin-afterqueue-filter

   klms_postfix-afterqueue\tunix - - \n - 10 smtp

   -o smtp_send_xforward_command=yes

   127.0.0.1:$forward_port\tinet\tn - n - 10 smtpd

   -o content_filter=

   -o receive_override_options=no_unknown_recipient_checks,\

   no_header_body_checks,no_address_mappings

   -o smtpd_helo_restrictions=

   -o smtpd_client_restrictions=

   -o smtpd_sender_restrictions=

   -o smtpd_recipient_restrictions=permit_mynetworks,reject

   -o mynetworks=127.0.0.0/8,[::1]/128

   -o smtpd_authorized_xforward_hosts=127.0.0.0/8,[::1]/128

   #klms-end-afterqueue-filter

   where the string

   127.0.0.1:$forward_port\tinet\tn - n - 10 smtpd is required to enable the Postfix mail server to accept processed messages from the filter and listen for data on $forward_port.

5. Open the file /var/opt/kaspersky/klms/installer.dat (under Linux) or /var/db/kaspersky/klms/installer.dat (under FreeBSD).
6. Add the following lines to the file:

   POSTFIX_INTEGRATION_TYPE=afterqueue

   START_SMTP_PROXY =1

7. Open the file /etc/opt/kaspersky/klms/klms_filters.conf (under Linux) or /usr/local/etc/kaspersky/klms/klms_filters.conf (under FreeBSD).
8. In the [global] section, set the false value for the header-guard setting.
9. In the [smtp_proxy] section, specify the following settings:

   socket-in=<IP address and port number> or <UNIX socket> specified at Step 2 of the wizard for $sock_postfix_format

   socket-out=inet: $forward_port@127.0.0.1

   in the format inet:<port>@<IP address> (for a network socket) or unix:<path to UNIX socket> (for a UNIX socket).

   Example: socket-in=inet:10025@127.0.0.1 socket-out=inet: 10026@127.0.0.1

10. Restart the klms service.
11. Restart the Postfix mail server.