User Specific Configuration; Blacklist And Whitelist - ESET MAIL SECURITY - FOR LINUX BSD AND SOLARIS Installation Manual

6.2 User Specific Configuration

The purpose of the User Specific Configuration mechanism is to provide a higher degree of customization and
functionality. It allows the sytem administrator to define ESETS antivirus scanner parameters based on the user who is
accessing file system objects.
A detailed description of this functionality can be found in the esets.cfg(5) man page; in this section we will provide
only a short example of a user-specific configuration.
Here, the esets_smtp module is used as a content filter for MTA Postfix. The functionality of this module is based on
the [smtp] section in the ESETS configuration file (esets.cfg). See below:
[smtp]
agent_enabled = yes
listen_addr = "localhost"
listen_port = 2526
server_addr = "localhost"
server_port = 2525
action_av = "scan"
To provide individual parameter settings, define a 'user_config' parameter with the path to the special configuration
file where the individual setting will be stored. In the example below, we create a reference to the special configuration
file 'esets_smtp_spec.cfg', which is located in the ESETS configuration directory. See below:
[smtp]
agent_enabled = yes
listen_addr = "localhost"
listen_port = 2526
server_addr = "localhost"
server_port = 2525
action_av = "scan"
user_config = "esets_smtp_spec.cfg"
Once the special configuration file is referenced from within the [smtp] section, create the 'esets_smtp_spec.cfg' file
in the ESETS configuration directory and add the appropriate individual settings. The 'esets_smtp_spec.cfg' file should
look like this:
[rcptuser@rcptdomain.com]
action_av = "reject"
Note that the section header identifies the recipient for which the individual settings have been created, and the
section body contains individual parameters for this recipient. This configuration will allow all other users attempting
to access the file-system to be processed normally. All file system objects accessed by other users will be scanned for
infiltrations, except for the user rcptuser@rcptdomain.com, whose access will be rejected (blocked).

6.3 Blacklist and Whitelist

In the following example we demonstrate blacklist and whitelist creation for the esets_smtp content filter for MTA
Postfix configuration. Note that the configuration described in the previous section is used for this purpose.
To create a blacklist used by esets_smtp, create the following group section within the special configuration file
'esets_smtp_spec.cfg', introduced in the previous section. See below:
[black-list]
action_av = "reject"
Next, add the SMTP server to the 'black-list' group. To do this, the following special section must be created:
[|sndrname1@sndrdomain1.com]
parent_id = "black-list"
In the example above, 'sndrname1@sndrdomain1.com' is the email address of the sender added to the 'black-list'. All
email messages sent from this address will now be rejected. When creating the 'white-list' used by esets_smtp, it is
necessary to create the following group section in the special configuration file 'esets_smtp_spec.cfg'. See below:
[white-list]
action_av = "accept"
action_as = "accept"
Adding the sender's email address to the list is self-explanatory.
15