Content Filtering In Mta Sendmail; Content Filtering In Mta Exim 3 - ESET NOD32 ANTIVIRUS - FOR LINUX-BSD MAIL SERVER Installation Manual

4.3.2. Content filtering in MTA Sendmail

The nod32smfi module is a third-party program with the purpose to serve as a content filter for MTA Sendmail.
Using Sendmail's Milter interface the nod32smfi accesses all e-mail messages being processed by MTA Sendmail. In
order to enable filtering, enter the following lines into the [smfi] section of main NOD32 configuration file.
agent_enabled = yes
smfi_sock_path = "/var/run/nod32smfi.sock"
In the next step, modify the '/etc/mail/sendmail.cf' file by entering the following specification into the section MAIL
FILTER DEFINITIONS:
Xnod32smfi, S=local:/var/run/nod32smfi.sock, F=T, T=S:2m;R:2m;E:5m
With these settings the MTA Sendmail will communicate with the nod32smfi module via unix socket '/var/run/
nod32smfi.sock' . Flag F=T will result in temporary fail connection if the filter is unavailable. Flag T=S:2m defines
timeout 2 minutes for sending information from MTA to filter. Flag T=R:2m defines timeout 2 minutes for reading reply
from the filter. Flag T=E:5m means overall timeout 5 minutes between sending end-of-message to filter and waiting
for the final acknowledgment.
Note that in case the timeouts for the nod32smfi filter are set too small, the Sendmail can temporarily reject the
message which will attempt to pass through at a later time. This will lead to the continuous rejection of one and the
same message later. In order to avoid the problem, the timeouts have to be set properly. Thus one has to get into
account ' c onfMAX_MESSAGE_SIZE' parameter defined in a sendmail.mc file that will provide not accepting messages
bigger than the appropriate parameter value (given in bytes). Taking into account this value and the maximum time
for processing of this amount of data by MTA (this can be measured) one can evaluate the appropriate timeouts for
nod32smfi filter.
Finally, uncomment and modify the following line in the '/etc/mail/sendmail.cf' file.
O InputMailFilters=nod32smfi
To reread the newly created NOD32 configuration, enter the following command.
/etc/init.d/nod32d reload
To accomplish the whole procedure, one has to restart the MTA Sendmail.

4.3.3. Content filtering in MTA Exim 3

Let's look inside the exim configuration file '/etc/exim/exim.conf' (resp. in older versions '/etc/exim.conf') to become
familiar with its content. It is typically compound from the so called TRANSPORTS CONFIGURATION section, DIRECTORS
CONFIGURATION section and ROUTERS CONFIGURATION section. In order to configure exim to use our anti-virus you have
to define special DIRECTORS CONFIGURATION entry:
# DIRECTORS CONFIGURATION
nod32_director:
driver = smartuser
condition = "${if eq {$received_protocol}{virus-scanned} {0}{1}}"
transport = nod32_transport
verify = false
chapter 4 / Integration with E-mail Messaging System 3