Setting Esets For Mta Sendmail; Setting Esets For Mta Qmail - ESET MAIL SECURITY - FOR LINUX BSD AND SOLARIS Installation Manual

9.2 Setting ESETS for MTA Sendmail

Inbound email message scanning
Warning: This installation is not compatible with SELinux. Either disable SELinux or proceed to the next section.
The objective of this installation is to insert esets_mda before Sendmail's original MDA.
NOTE: On FreeBSD, Sendmail may be communicating with MDA using LMTP. However, esets_mda does not
understand LMTP. If you have FEATURE(local_lmtp) in 'hostname'.mc, comment it out now and recreate sendmail.cf.
The currently used MDA can be found in the file sendmail.cf in section Mlocal: parameters 'P' (executable) and 'A' (its
name and arguments).
First, set the 'mda_path' in the [mda] section of the ESETS configuration file to the currently used MDA executable
(Sendmail's 'P' parameter). Then restart the ESETS daemon.
Next, add the lines below to the sendmail.mc file (or `hostname`.mc on FreeBSD and Solaris) before all MAILER
definitions:
define(`LOCAL_MAILER_PATH', `@BINDIR@/esets_mda')dnl
define(`LOCAL_MAILER_ARGS', `esets_mda original_arguments -- --sender $f --recipient $u@$j')dnl
In the example above, original_arguments is Sendmail's 'A' parameter without the name (first word).
Lastly, recreate sendmail.cf and restart Sendmail.
Bi-directional email message scanning
The objective of this installation is to scan all mail in Sendmail using the esets_smfi filter. In the [smfi] section of the
ESETS configuration file, set the following parameters:
agent_enabled = yes
smfi_sock_path = "/var/run/esets_smfi.sock"
Restart the ESETS daemon. Then, add the lines below to the sendmail.mc file (or `hostname`.mc on FreeBSD)
before all MAILER definitions:
INPUT_MAIL_FILTER(`esets_smfi', `S=local:/var/run/esets_smfi.sock, F=T, T=S:2m;R:2m;E:5m')dnl
With these settings, Sendmail will communicate with esets_smfi via unix socket '/var/run/esets_smfi.sock'. Flag 'F=T'
will result in a temporary failed connection if the filter is unavailable. 'S:2m' defines a 2 minute timeout for sending
information from MTA to the filter, 'R:2m' defines a 2 minute timeout for reading replies from the filter and 'E:5m' sets
an overall 5 minute timeout between sending end-of-message to the filter and waiting for final acknowledgment.
If the timeouts for the esets_smfi filter are too short, Sendmail can temporarily defer the message to the queue and
attempt to pass it through later. However, this may lead to continuous deferral of the same messages. To avoid this
problem, the timeouts should be set properly. You can experiment with Sendmail's 'confMAX_MESSAGE_SIZE'
parameter, which is the maximum accepted message size in bytes. Taking into account this value and the approximate
maximum time for MTA to process a message of that size (this can be measured), you can determine the most
effective timeout settings for the esets_smfi filter.
Lastly, recreate sendmail.cf and restart Sendmail.

9.3 Setting ESETS for MTA Qmail

Inbound email message scanning
The objective of this installation is to insert esets_mda before Qmail's local delivery agent. Assuming Qmail is
installed in the /var/qmail directory, in the [mda] section of the ESETS configuration file, set the following parameter:
mda_path = "/var/qmail/bin/qmail-esets_mda"
Restart the ESETS daemon. Create the file /var/qmail/bin/qmail-esets_mda with the following content and run
'chmod a+x' on it:
#!/bin/sh
exec qmail-local -- "$USER" "$HOME" "$LOCAL" "" "$EXT" "$HOST" "$SENDER" "$1"
This will cause esets_mda to call Qmail's local delivery agent. Next, create the file /var/qmail/bin/qmail-start.esets
with the following content and also run 'chmod a+x' on it:
25