Appendix A. Esets Setup And Configuration; Setting Esets For Mta Postfix - ESET MAIL SECURITY - FOR LINUX BSD AND SOLARIS Installation Manual

9. Appendix A. ESETS setup and configuration

9.1 Setting ESETS for MTA Postfix

Inbound email message scanning
Warning: This installation is not compatible with SELinux. Either disable SELinux or proceed to the next section.
The objective of this installation is to insert esets_mda before the original Postfix MDA. The MDA to be used (with
arguments) is set in the Postfix parameter 'mailbox_command'.
NOTE: If the 'mailbox_command' value is empty, Postfix alone is delivering mail . You must install and configure a
real MDA (e.g. procmail) and use that first for the 'mailbox_command' and arguments (e.g. /usr/bin/procmail -d
"$USER"). Reload Postfix and make sure it is delivering mail according to your needs. You may then continue with the
ESETS installation.
Take the full path to the current Postfix MDA and set the parameter 'mda_path' in the [mda] section of the ESETS
configuration file to:
mda_path = "/usr/bin/procmail"
Restart the ESETS daemon. Then, replace the path to the current Postfix MDA with esets_mda path and add -- --
recipient="$RECIPIENT" --sender="$SENDER" to the arguments, as in the following example:
mailbox_command = @BINDIR@/esets_mda -d "$USER" -- --recipient="$RECIPIENT" --sender="$SENDER"
To re-read the newly created configuration, reload Postfix.
Bi-directional email message scanning
The objective of this installation is to divert all mail from Postfix to esets_smtp and get them back to Postfix. In the
[smtp] section of the ESETS configuration file, set the following parameters:
agent_enabled = yes
listen_addr = "localhost"
listen_port = 2526
server_addr = "localhost"
server_port = 2525
Restart the ESETS daemon; esets_smtp will be started and will scan all SMTP communication accepted on
'listen_addr:listen_port' and forward it to 'server_addr:server_port'. To divert all mail to esets_smtp set the following in
Postfix:
content_filter = smtp:[127.0.0.1]:2526
NOTE: If the 'content_filter' parameter already has a value, do not follow these instructions. Instead, you must
insert esets_smtp (or other ESETS mail scanning module) before or after your current 'content_filter'.
Lastly, set Postfix to accept mail on port 2525 and continue processing it. To do this, add the following entry to the
Postfix master.cf file:
localhost:2525 inet
-o content_filter=
-o myhostname=esets.yourdomain.com
-o local_recipient_maps=
-o relay_recipient_maps=
-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
-o smtpd_helo_restrictions=
-o smtpd_client_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
Replace yourdomain.com with your hostname. Make sure all but the first line is indented. To re-read the newly
created configuration, reload Postfix.
NOTE: If you have SELinux enabled, it will prevent Postfix from listening on 2525 (e.g. Fedora Core >= 5), In this
case, run the following command:
semanage -a -t smtp_port_t -p tcp 2525
24
n - n - - smtpd