Integration using the Milter protocol

Support

Support for business applications

Kaspersky Security 8.0 for Linux Mail Server

Manually integrating Kaspersky Security 8 for Linux Mail Server with the Amavis interface and mail servers

Manual integration with a Postfix mail server

Integration using the Milter protocol

August 21, 2023

ID 43931

When integrating Kaspersky Security 8 for Linux Mail Server with the Postfix mail server over the Milter protocol, the forwarding of messages to Kaspersky Security 8 for Linux Mail Server for scanning and their return to the Postfix mail server requires that the following conditions are met:

The filter must be configured to intercept messages from the Postfix mail server via socket. This socket must be specified in the configuration of the program.
The filter must forward messages to Scan Logic for scanning via the scanner socket. This socket must be specified in the configuration of the program.

When Kaspersky Security 8 for Linux Mail Server is integrated with the Postfix mail server, socket and scanner can point to a network socket or to a local one.

To integrate Kaspersky Security 8 for Linux Mail Server with Postfix using the Milter protocol:

Enter the following command:
postconf -e $milter_socket

where $milter_socket is the IP address and port number or the UNIX socket that the filter uses to listen for incoming connections, written as follows: inet:<port>@<IP address> (for network sockets) or unix:<path to UNIX socket> (for UNIX sockets).
Open the configuration file main.cf.
Add the following strings to the end of the main.cf file:
#lms-milter-begin

milter_connect_macros = j _ {daemon_name} {if_name} {if_addr}

milter_helo_macros = {tls_version} {cipher} {cipher_bits} {cert_subject} \

{cert_issuer}

milter_mail_macros = i {auth_type} {auth_authen} {auth_ssf} {auth_author} \

{mail_mailer} {mail_host} {mail_addr}

milter_rcpt_macros = {rcpt_mailer} {rcpt_host} {rcpt_addr}

milter_default_action = $fail_type

milter_protocol = 3

milter_connect_timeout=180

milter_command_timeout=180

milter_content_timeout=600

#lms-milter-end

where $fail_type can take the values: reject, accept or tempfail.

${fail_type} defines the action to be taken by the Postfix mail server on messages if the filter works incorrectly.
- reject – reject the message.
- accept – skip without scanning.
- tempfail – send a temporary error notification to the mail sender.
  The recommended option is tempfail.
Open the file /var/opt/kaspersky/klms/installer.dat (under Linux) or /var/db/kaspersky/klms/installer.dat (under FreeBSD).
Add the following lines to the file:
POSTFIX_INTEGRATION_TYPE= milter

START_MILTER=1
Open the file /etc/opt/kaspersky/klms/klms_filters.conf (under Linux) or /usr/local/etc/kaspersky/klms/klms_filters.conf (under FreeBSD).
Specify the IP address and port number or UNIX socket that the filter will use to listen for incoming connections in the following string of the [milter] section:
socket=<IP address and port number> or <UNIX socket> specified at Step 1 for $milter_socket

in the format inet:<port>@<IP address> (for a network socket) or unix:<path to UNIX socket> (for a UNIX socket).

Example:

socket=inet:10025@127.0.0.1
In the [global] section, set the false value for the header-guard setting.
Restart the klms service.
Restart the Postfix mail server.

Kaspersky Endpoint Security for Business Advanced: Adaptive security of your company

Web and device controls. Data encryption. Centralized and convenient management from a single console.

Kaspersky Premium Support (MSA): High‑priority incident processing

Telephone and web ticket support. Fast response, monitoring and health check. Submit a request and activate the contract (MSA).

Did you find this article helpful?

What can we do better?

Thank you for your feedback! You're helping us improve.