Before-queue integration

When "before-queue" integration is used and messages are forwarded to Kaspersky Security 8 for Linux Mail Server for scanning and then returned to the Postfix mail server, the following conditions must be satisfied:

• The filter must be configured to intercept messages from the Postfix mail server via socket-in. This socket must be specified in the configuration of the program.
• The filter must forward messages to Scan Logic for scanning via the scanner socket. This socket must be specified in the configuration of the program.
• The filter must return messages to the Postfix mail server via socket-out. This socket must be specified in the configuration of the program.

When Kaspersky Security 8 for Linux Mail Server is integrated with the Postfix mail server, socket-in, scanner, and socket-out can point to a network socket or to a local one.

To perform before-queue integration of Kaspersky Security 8 for Linux Mail Server with Postfix:

1. Open the configuration file master.cf.
2. In the master.cf file, after the line

   smtp inet n - n - - smtpd

   add the following lines:

   #klms-postfix-prequeue-start

   -o smtpd_proxy_filter=$sock_postfix_format

   -o smtpd_proxy_options=speed_adjust (for integration with Postfix 2.7 or higher)

   #klms-postfix-prequeue-end

   where $sock_postfix_format stands for the IP address and port number or the UNIX socket that the filter uses to listen for incoming connections as follows: inet:<IP address>:<port> (for a network socket) or unix:<path to UNIX socket> (for UNIX sockets).

3. Add the following strings at the end of the master.cf configuration file:

   #klms-begin

   klms_postfix-prequeue unix - - n - 10 smtp

   -o smtp_send_xforward_command=yes

   127.0.0.1:$forward_port\tinet\tn - n - 10 smtpd

   -o receive_override_options=no_unknown_recipient_checks, \

   no_header_body_checks,no_address_mappings

   -o smtpd_helo_restrictions=

   -o smtpd_client_restrictions=

   -o smtpd_sender_restrictions=

   -o smtpd_recipient_restrictions=permit_mynetworks,reject

   -o mynetworks=127.0.0.0/8,[::1]/128

   -o smtpd_authorized_xforward_hosts=127.0.0.0/8,[::1]/128

   #klms-end

   where the string

   127.0.0.1:$forward_port\tinet\tn - n - 10 smtpd is required to enable the Postfix mail server to accept processed messages from the filter and listen for data on $forward_port.

4. Open the file /var/opt/kaspersky/klms/installer.dat (under Linux) or /var/db/kaspersky/klms/installer.dat (under FreeBSD).
5. Add the following lines to the file:

   POSTFIX_INTEGRATION_TYPE= prequeue

   START_SMTP_PROXY =1

6. Open the file /etc/opt/kaspersky/klms/klms_filters.conf (under Linux) or /usr/local/etc/kaspersky/klms/klms_filters.conf (under FreeBSD).
7. In the [global] section, set the false value for the header-guard setting.
8. In the [smtp_proxy] section, specify the following settings:

   socket-in=<IP address and port number> or <UNIX socket> specified at Step 2 of the wizard for $sock_postfix_format

   socket-out=inet: $forward_port@127.0.0.1

   in the format inet:<port>@<IP address> (for a network socket) or unix:<path to UNIX socket> (for a UNIX socket).

   Example: socket-in=inet:10025@127.0.0.1 socket-out=inet: 10026@127.0.0.1

9. Restart the klms service.
10. Restart the Postfix mail server.