Contents CHAPTER 1. KASPERSKY ANTI-SPAM 3.0..............6 1.1. What's new in version 3.0 ..................7 1.2. Licensing policy ..................... 9 1.3. Hardware and software requirements ..............9 1.4. Distribution kit ...................... 10 1.5. Help desk for registered users ................11 CHAPTER 2.
Page 4
Kaspersky Anti-Spam 3.0 4.3. Filtration policy management ................32 4.3.1. General filtration policy ................. 33 4.3.1.1. The General section ................34 4.3.1.2. The DNS & SPF Checks section ............36 4.3.1.3. The Headers Checks section ..............37 4.3.1.4. The Eastern Encodings section ............39 4.3.1.5.
Page 5
Contents CHAPTER 6. FREQUENTLY ASKED QUESTIONS........... 78 APPENDIX A. ADDITIONAL INFORMATION ON KASPERSKY ANTI-SPAM..82 A.1. Location of product files in the file system............82 A.2. Client modules for mail servers ................83 A.2.1. Interaction of client modules with the filtering server ........83 A.2.2.
CHAPTER 1. KASPERSKY ANTI- SPAM 3.0 ® Kaspersky Anti-Spam 3.0 (hereinafter also referred to as Kaspersky Anti- Spam or the product) is a software suite filtering e-mail in order to protect mail system users from unsolicited mass mail (spam). Kaspersky Anti-Spam uses administrator-defined rules to process received messages accordingly.
Kaspersky Anti-Spam 3.0 Second, the application employs content filtration, i.e. it analyzes the actual message contents (including the Subject header) and attached files . The product uses to that effect linguistic algorithms based on comparison with sample messages and search for typical terms (words and word combinations). Kaspersky Anti-Spam also scans attached images comparing them to the signatures of known spam messages.
Page 8
Kaspersky Anti-Spam 3.0 • Enhanced subsystem analyzing graphic attachments (GSG), • Added support for the use of Sender Policy Framework (SPF) and Spam URL Realtime Blocklists (SURBL) services. • Included internal Urgent Detection System (UDS), which allows the user to receive information about certain types of spam in real time.
Kaspersky Anti-Spam 3.0 1.2. Licensing policy The licensing policy for Kaspersky Anti-Spam 3.0 implies a system of product use limitations based on the following criteria: • Mail traffic volume. • The number of protected mail accounts. • The number of mail systems users. The said limitations will only apply to the messages addressed to the senders within protected domains.
Kaspersky Anti-Spam 3.0 • FreeBSD 6.2. • One of the following mail servers: • Sendmail 8.13.5 with Milter API support. • Postfix 2.2.2. • Qmail 1.03. • Exim 4.50. • Communigate Pro 4.3.7. • Installed bzip2 and which utilities. • Perl interpreter.
Kaspersky Anti-Spam 3.0 and the money you paid for the product will be refunded to you on the condition that the envelope with the installation CD (or set of floppy disks) is still sealed. By opening the sealed envelope with the installation CD (or set of floppy disks), you confirm that you agree with all the terms and conditions of the License Agreement.
CHAPTER 2. ARCHITECTURE OF KASPERSKY ANTI-SPAM AND PRINCIPLES OF SPAM FILTERING This section contains descriptions of the main product components and the principles of filtering as well as the Control Center, the main tool for Kaspersky Anti-Spam administration and configuration. 2.1.
Page 13
Architecture of Kaspersky Anti-Spam and principles of spam filtering Figure 1. The architecture of Kaspersky Anti-Spam • Control Center – web-based interface that administrators can use to configure the product, analyze its status and functionality. • Monitoring system – a system that tracks the status of Kaspersky Anti-Spam and its individual components and notifies system administrator about various problems in product operation.
Page 14
Kaspersky Anti-Spam 3.0 The distribution package of Kaspersky Anti-Spam includes client plug-ins for Sendmail, Postfix, Exim, Qmail and Communigate Pro. As a rule, a client plug-in must be installed as a filter providing for receipt of messages to be analyzed from the mail server and for the subsequent return of modified e-mail.
Page 15
Architecture of Kaspersky Anti-Spam and principles of spam filtering • monitoring of requests from client modules for connection to the filtering process; • initiation of new filtering processes when there are no available processes left; • monitoring the status of running processes; •...
Kaspersky Anti-Spam 3.0 Kaspersky Anti-Spam 3.0 processes e-mail traffic using the following algorithm: Client plug-in module integrates with an installed mail server. Mail server transfers to the client module messages for analysis by the filtration server. Filtration server checks messages scanning them for signs of spam and, depending upon the result, modifies them in accordance with the existing rules.
Architecture of Kaspersky Anti-Spam and principles of spam filtering 2.2.2. Content filtration Message analysis employs the algorithms of content filtering: the application uses artificial intelligence technologies to analyze the actual message content (including the Subject header), and its attachments (attached files) in the following formats: •...
Kaspersky Anti-Spam 3.0 2.2.3. Checks using external services In addition to the analysis of message text and headers, Kaspersky Anti-Spam allows a number of the following checks involving external network services: • availability of a DNS record for message sender's IP (reverse DNS lookup);...
Architecture of Kaspersky Anti-Spam and principles of spam filtering The UDS technology allows filtering of known spam before updates to the content filtration databases become available. A filtration server interacts with UDS servers of Kaspersky Lab via UDP using port 7060 for communication. In order to use UDS, a filtration server must be able to establish outgoing connections through that port.
Kaspersky Anti-Spam 3.0 After recognition, the application may perform one of the following actions over a message: • accept the message; • relay the message or a copy thereof to another address; • add a text mark in the message subject field; •...
Architecture of Kaspersky Anti-Spam and principles of spam filtering 2.5. Filtration policies Kaspersky Anti-Spam employs filtration policies to determine the methods applicable for spam recognition, the actions to be performed over messages and the black and white lists of senders. The product uses a double-layered system of filtration policies, which consists of a default general filtration policy and group filtration policies.
Kaspersky Anti-Spam 3.0 2.7. Monitoring Kaspersky Anti-Spam includes a monitoring module for control of the filtration server status. System status information appears in the Monitoring tab of the Control Center. Figure 2. The Monitoring tab of the Control Center The section contains parameters tracked by the monitoring system and the messages from product modules, which you can use to analyze the current status of Kaspersky Anti-Spam components.
CHAPTER 3. INSTALLING KASPERSKY ANTI-SPAM This section contains information about the procedure of program installation, integration of client plug-in modules with the host mail server and configuring access to the Control Center, the main product management tool. 3.1. Preparing for installation Before you proceed with Kaspersky Anti-Spam installation, it is necessary to: •...
Kaspersky Anti-Spam 3.0 3.2. Installing Kaspersky Anti-Spam distribution package Kaspersky Anti-Spam 3.0 is distributed in several installation packages: • .rpm package for most distributions of the Linux operating system (RedHat, SuSe, Mandrake, Fedora, etc.); • .deb package for Debian Linux distribution; •...
Installing Kaspersky Anti-Spam 3.3. Configuring access to the Control Center Upon completion of product setup, the installer runs the kas-thttpd service, which provides local access to the Control Center. The following settings are used by default: • Address: http://127.0.0.1:3080/ • User name: admin.
Kaspersky Anti-Spam 3.0 The interface and port number to be used for connection to the Control Center are specified in the /usr/local/ap-mailfilter3/etc/kas-thttpd.conf file using the host and port parameters respectively. E.g., the following values: host=0.0.0.0 port=3080 mean that the Control Center will listen on port 3080 of all server interfaces expecting incoming connections.
Installing Kaspersky Anti-Spam If a license key has not been installed or the installed key is invalid, Kaspersky Anti-Spam will not filter mail. Mail server performance will not be affected; its e- mail traffic will just be transferred without analysis. Please keep in mind that the product will only filter mail for those recipients, whose accounts are added into the list of protected domains.
Page 28
Kaspersky Anti-Spam 3.0 • To integrate Kaspersky Anti-Spam with Postfix, run the following command as root: # /usr/local/ap-mailfilter3/bin/config-postfix.pl <path> where path stands for the path to the master.cf Postfix configuration file. • To integrate Kaspersky Anti-Spam with Exim, run the following command as root: # /usr/local/ap-mailfilter3/bin/config-exim.pl <path>...
Installing Kaspersky Anti-Spam 3.6. Configuring updates of content filtration databases and UDS By default after installation of Kaspersky Anti-Spam updates to the content filtration databases and UDS are disabled. In order to allow updating of the databases and activate UDS, run the enable-updates.sh script: # /usr/local/ap-mailfilter3/bin/enable-updates.sh Restarting as mailflt3 Enabling UDS...
CHAPTER 4. MANAGING THE SPAM FILTRATION SERVER You can use Kaspersky Anti-Spam to protect e-mail traffic from unwanted spam mail. The system of protection is based on performance of tasks representing the main features of the application. The tasks performed by Kaspersky Anti-Spam can be subdivided into three main groups: •...
Managing the spam filtration server • restart – restart the main components of the filtration server; the action is identical to running the stop and start actions one after another. The kas-thttpd service providing access to the Control Center of Kaspersky Anti- Spam is started by the kas3-control-center script (in Linux) and kas3-control- center.sh script (in FreeBSD).
Kaspersky Anti-Spam 3.0 • Statistics – the function containing statistical reports, which allow you to analyze the number of messages processed by the system. • Policies – the section used for customization of spam filtering policy. • Settings – the section containing the settings of the anti-spam engine, Control Center, and the subsystem updating the content filtration databases.
Managing the spam filtration server • Groups – the settings of user groups, recognition policies applicable to individual groups and the sets of actions over messages: • Group list – the section for managing user groups: creation, deletion of groups, and launching the editor of group properties. The parameters of group policies can be configured in the group policy editor.
Kaspersky Anti-Spam 3.0 In addition to the section titles, the list contains the following information: • brief section description; • total number of rules in a section; • the number of modified rules compared with the original settings of the content filtration databases.
Page 35
Managing the spam filtration server In the General section you can configure the following parameters: • Detection defines whether the product checks messages for spam signs. If spam recognition is disabled, all messages will be assigned the Trusted status (please refer to section 2.3 on page 19 for details on statuses).
Kaspersky Anti-Spam 3.0 DNS and DNS-based checks may result in considerably slower message processing. Disable the method if its use reduces filter performance noticeably. This parameter determines the use of DNS services by the filtration server. Individual services can be enabled / disabled in the DNS & SPF Checks section (see section 4.3.1.2 on page 36).
Managing the spam filtration server • Check SPF Records – sender's IP address check using SPF. Figure 6. The DNS & SPF Checks section 4.3.1.3. The Headers Checks section The Headers Checks section (see Fig. 7) allows you to configure the parameters of rules used to analyze e-mail message headers.
Page 38
Kaspersky Anti-Spam 3.0 which, being applied, may filter out useful mail with certain known signs of spam. These signs include: • Undisclosed list of recipients in TO – the presence of an undisclosed list of recipients in the TO header. •...
Managing the spam filtration server 4.3.1.4. The Eastern Encodings section The Eastern Encodings section (see Fig. 8) allows you to specify the languages and encodings of messages allowed for delivery to the recipients within your mail system without being considered spam. Figure 8.
Kaspersky Anti-Spam 3.0 Figure 9. The Obscene Content section of the default filtration policy rules 4.3.2. Managing the white and black lists The list of trusted senders (White List) is used to specify explicitly the addresses acting as a reliable source of messages, which do not need a spam check. You can add to such lists, for example, IP addresses of e-mail servers used for mail redirection within your company or the addresses of internal mailing lists.
Page 41
Managing the spam filtration server Figure 10. Configuration page for the white list A list of trusted senders consists of a list of e-mail addresses and a list of IP addresses. You can enter the addresses in a text field in the central part of the page.
Kaspersky Anti-Spam 3.0 IP addresses are recorded in the CIDR notation, which allows the following variations: • aaa.bbb.ccc.ddd – a specific IP address, for example, 192.168.0.17; • aaa.bbb.ccc.ddd/mm – subnet address with a specified number and mask, for example, 192.168.0.0/16. Addresses in lists can be delimited by spaces, line feed symbols, commas or semicolons.
Page 43
Managing the spam filtration server Service rating means the service reliability from the viewpoint of filtration server administrator. While checking a sender's IP address in DNSBL, Kaspersky Anti- Spam sends a request to all services included in the list. As soon as the results arrive, it sums up the ratings of services, which have recognized the specified IP address as one used for dispatch of unsolicited mail.
Kaspersky Anti-Spam 3.0 4.3.4. Managing the list of protected domains The list of protected domains contains the names of domains receiving traffic, which will be filtered from spam that may appear in the stream of incoming messages. manage list using page Policies →...
Managing the spam filtration server For domains added to the protected list the product will control compliance with the license limitations (e.g., control of mail traffic volume if the license uses a restriction of that parameter). You can also enter changes to the list of protected domains locally from the command line.
Page 46
Kaspersky Anti-Spam 3.0 Let us examine closely each of these tasks: In order to open the group properties' editor, Click the button to the right of the title indicating the group, which you wish to modify. Figure 13. The list of groups used by Kaspersky Anti-Spam The group properties' editor allows you to configure: •...
Page 47
Managing the spam filtration server The Group Id field contains group identifier assigned to it at creation. That parameter cannot be changed. Text entered in the Comments field will be displayed in the group list under the name of the created group. E-mail addresses are recorded in format identical to the format of addresses in black and white lists of senders (see section 4.3.2 on page 40).
Kaspersky Anti-Spam 3.0 4.3.6. Managing the group filtration policy You can specify individual settings of spam recognition parameters and black and white lists of senders for each of the groups, including All. Thus, the administrator can define various recognition rules for different user groups. By default, the settings of the recognition rules for every group inherit the values specified in the default filtration policy.
Managing the spam filtration server As you can see in the image, the group inherits all default policy settings (set to by default) except for the DNS & SPF Checks parameter. The said method is disabled. You can create black and white lists of senders using the White List and Black List links in the Group Policy menu.
Page 50
Kaspersky Anti-Spam 3.0 • Delete this message – mail server accepts a message and deletes it without redirection to the recipient. Message sender then will receive no notifications informing that the delivery was impossible. Figure 16. The Actions page of a group filtration policy Messages with the Not detected status (i.e.
Managing the spam filtration server Although the product is being constantly developed in order to improve spam recognition and decrease the number of false alarms from the filter, it is not possible to eliminate altogether the probability of recognizing normal messages as spam.
Page 52
Kaspersky Anti-Spam 3.0 Figure 17. The settings of Kaspersky Anti-Spam updater module The Updater Settings sections contains general updating parameters: • Run updater automatically – the interval between downloads of updates to the content filtration databases from update servers. The interval can be specified within the range from 20 minutes to 3 hours.
Page 53
Managing the spam filtration server • Updater log level – parameter that defines the level of details logged to a report file during an update. The following levels of details are available: • fatal – the program logs messages about fatal errors only; •...
Kaspersky Anti-Spam 3.0 • an FTP server. Record format: ftp://<server address>; • a local directory. Record format: /<directory path>/. The use of a local directory as a source of updates allows you to arrange updating of several servers in a large network from a single source.
Managing the spam filtration server you need to configure the task running the update script manually, perform the following steps: Use the following command to edit the cron task file for the mailflt3 user: # crontab –u mailflt3 –e Add to the task file, for example, the following line: */20 * * * * /usr/local/ap-mailfilter3/bin/ \ sfupdates -q Before you configure automatic launch of updates, make sure that the mailflt3...
Kaspersky Anti-Spam 3.0 4.5.1. Common filtration server parameters Common parameters of the filtration server can be found in the Settings → Anti- Spam Engine → Common page (see Fig. 18) that includes: • Syslog facility – system log facility that will be used to record the messages from the components of Kaspersky Anti-Spam.
Managing the spam filtration server FreeBSD for the mail facility decreases the level of details even if the Verbose level parameter has been assigned the more debug value. The more debug level of details causes additional load on the server and may decrease its performance.
Kaspersky Anti-Spam 3.0 Figure 19. Parameters of the filtration master process 4.5.3. Parameters of the filtering processes The Settings → Anti-Spam Engine → Filtration Process page (see Fig. 20) contains the parameters of the ap-mailfilter filtering processes: • Max. number of mail messages to be processed – maximum number of mail messages that a single filtering process can serve.
Managing the spam filtration server • Exit delay (in seconds) – maximum duration (seconds) of the delay before termination of a filtering process after it receives a command to stop. By default, the parameter is set to 0. It means that after arrival of a respective command all filtering processes terminate immediately after processing of the current message.
Page 60
Kaspersky Anti-Spam 3.0 • Overall timeout of all DNS requests (in seconds) – time interval (seconds) during which the application will wait for a response from DNS server while running its DNS-based checks. Default value: 10. • Check MS Word and RTF files – parameter that enables / disables the analysis of text attachments in Word Document (doc) and RTF formats.
Managing the spam filtration server 4.5.5. Client module settings The Settings → Anti-Spam Engine → MTA Clients page (see Fig. 22) contains the settings for the client plug-in modules responsible for interaction between the e-mail server and the anti-spam engine: •...
Kaspersky Anti-Spam 3.0 Figure 22. The settings of client modules 4.5.6. Notifications about rejected messages If the Reject this message action has been specified as the action over messages with a specific status, filtration server will not route such messages to their original recipients.
Managing the spam filtration server Client: >>> Client: >>> Message text ... Client: >>> Client: . Server: 550 The message is rejected by spam filtering engine. Client: QUIT Server: 221 Bye... Anti-spam engine will only use Reject messages when message delivery to all of the specified recipients is forbidden according to the scanning results.
Kaspersky Anti-Spam 3.0 • Specify the address where the monitoring system will send its messages and the messages about errors that have occurred during execution of scripts by the cron service (the Send alerts to parameter). • Enable / disable monitoring of the kas-thttpd HTTP server activity (the Monitoring of kas-thttpd daemon parameter).
Managing the spam filtration server • Updates to Kaspersky Anti-Spam databases. After the license expires, the functionality of the application will still be preserved except for the possibility to update content filtration databases. You will still be able to filter spam, but you will be unable to use the databases issued after your license expiration date.
Kaspersky Anti-Spam 3.0 Information in the last two lines allows system administrators to control the compliance with the terms of the purchased license (validity period, specified restrictions). Depending upon the current status, the icon in the left part of the line may look as follows: –...
Managing the spam filtration server 4.7.3. License key removal In order to remove the current and reserve license keys, enter the following in the command line: # /usr/local/ap-mailfilter3/bin/remove-key -a To remove your reserve license key, enter the following in the command line: # /usr/local/ap-mailfilter3/bin/remove-key -r License keys cannot be removed using the interface of Control Center.
Page 68
Kaspersky Anti-Spam 3.0 Figure 26. General information about the status of Kaspersky Anti-Spam components The System Information section contains the following information about the server where Kaspersky Anti-Spam is installed: • Host Name – server's name. • System – name, version and architecture type of the operating system being used.
Managing the spam filtration server 4.8.1.1. Detailed information about the Anti- Spam Engine Clicking the Anti-Spam Engine link in the Monitoring menu opens a corresponding page containing detailed information about the status of the filtration server's components (see Fig. 27). Figure 27.
Kaspersky Anti-Spam 3.0 controls the cron tasks running these scripts for mailflt3 user. Please refer to Appendix A.6 on page 115 for details. The Last Anti-Spam Engine Events section contains a log of messages from the filtration server components appended to the system log (syslog). The messages are arranged in the descending order according to their date;...
Managing the spam filtration server The Anti-Spam Updates section in the upper part of the page consists of the following fields: • Automatic Updates – field indicating whether automatic updating of the content filtration databases is enabled. Please see section 4.4.1 on page 51 and Appendix A.6 on page 115 for details about configuration of the script updating the content filtration databases.
Kaspersky Anti-Spam 3.0 Figure 29. The page for monitoring of the licensing module The Last License Daemon Events section contains a log of messages returned by the product licensing module and appended to the system log (syslog). The messages are arranged in the descending order according to their date; they are supplemented by respective icons indicating the level of message importance.
Managing the spam filtration server the problem is not resolved, it will also be included into the report on known issues sent once a day. • Daily reports of known problems – a list of all errors and warnings known at the moment when the report was sent. The product includes into the report both new errors and known issues, which have not been resolved before report generation.
Page 74
Kaspersky Anti-Spam 3.0 Figure 30. The Statistics page Each of the pages in the Statistics section contains statistical information for a specific period of time. Links to available pages are located in the Period menu in the right part of the Statistics window: •...
Page 75
Managing the spam filtration server On the circular graph the volume of email messages, that have received a similar status as a result of spam recognition, is represented by a segment of a certain color. For the purpose of visualization the segments, which size is insignificant comparing to another segments, are combined in a single segment Other.
CHAPTER 5. UNISTALLING KASPERSKY ANTI-SPAM To uninstall Kaspersky Anti-Spam, you must be a privileged (root) user. If you are currently logged under a user account with lesser privileges, log on as root. The uninstallation process will automatically stop all the services of Kaspersky Anti-Spam! When you are uninstalling Kaspersky Anti-Spam, the application services will be stopped, and all files and directories created during installation will be deleted.
Page 77
Unistalling Kaspersky Anti-Spam Since product integration with Communigate Pro mail server is performed manually, delete from Communigate Pro configuration the settings pertaining to Kaspersky Anti-Spam before you uninstall the product (see section A.2.7 on page 97). If you wish to return the original mail server settings used before Kaspersky Anti- Spam installation without removing it, use the MTA-unconfig.pl script located in the /usr/local/ap-mailfilter3/bin directory.
CHAPTER 6. FREQUENTLY ASKED QUESTIONS This chapter is devoted to questions most frequently asked by users regarding the installation, setup, and operation of the application. A regularly updated Knowledge Database containing answers to most frequent questions available site Kaspersky http://support.kaspersky.com/anti_spam3. You can also use it to find answers to questions that are not mentioned below.
Page 79
Frequently asked questions Question: The application does not work. What should I do? If you have encountered a problem while using the application, first of all, please make sure that the solution to this problem is not described in this document particular, this...
Page 80
Kaspersky Anti-Spam 3.0 In the next window of the web form enter your contact information, type the code of protection against automatic registration and click the Submit button. Experts at the Technical Support service will carefully examine your problem and help you as soon as possible. Question: How can I make sure that Kaspersky Anti-Spam actually filters spam messages? In order to check filtering, you can use the GTUBE (Generic Test for...
Page 81
Frequently asked questions Question: Kaspersky Anti-Spam does not filter spam. Processed messages contain the following header: X-SpamTest-Info: No License This problem is caused by expired license or absence of an installed license key. Make sure that the license key is installed and it has not expired.
APPENDIX A. ADDITIONAL INFORMATION ON KASPERSKY ANTI-SPAM A.1. Location of product files in the file system After the installation of Kaspersky Anti-Spam, the distribution files will be saved to the following locations: /usr/local/ap-mailfilter3/ – the main directory where the product is installed. It includes: •...
Appendix A • stat/ – the directory containing data files of log processing and statistics gathering system; • tmp/ – the directory that stores temporary files of the Control Center; • www/ – cgi-scripts and graphic files used by the Control Center’s web interface.
Kaspersky Anti-Spam 3.0 1. The client module receives a mail message from the mail server and sends a request for connection to the filtering server. 2. The master process selects an already running filtering process or creates a new one, and establishes a connection between the client module and the given filtering process.
Appendix A • tempfail – temporarily reject a message and return the error code 4xx during SMTP session (used by default); • accept – accept the message. When using Sendmail mail server, accept denotes that a message should be accepted without further processing by other Milter-filters employed by the server after Kaspersky Anti-Spam.
Page 86
Kaspersky Anti-Spam 3.0 Manual configuration of the client module is done by editing the filter.conf configuration file located in the /usr/local/ap-mailfilter3/etc/ directory. The following is a fragment of this file containing the client module settings: ClientConnectTo tcp:127.0.0.1:2277 ClientConnectTimeout 10 ClientDataTimeout 30 SendMailAddress unix:/var/run/kas-milter.socket ClientOnError accept ClientFilteringSizeLimit 500...
Appendix A and the rules defined for the managers group state that all messages with Not Detected status should be accepted. As a result, the mail message with [!! SPAM] tag in the subject line is delivered to the both recipients.
Page 88
Kaspersky Anti-Spam 3.0 Figure 32. The kas-pipe module usage scheme This scheme can be implemented with any mail server that either supports running a second instance with different settings, or delivers via LMTP protocol, or delivers all mail to the specified mail server through SMTP. Configuration of client module interaction with mail server can be performed with special scripts (see the item 3.5 on page 27), and manually.
Page 89
Appendix A • PipeOutgoingAddr – socket address used for transfer of processed messages. An entry in the format tcp:<host>:<port>, where <host> – filtering server’s IP address, <port> – connection port, points to a network socket. and entry in format unix:<path_to_file>, where <path_to_file> – the path to socket file, points to a local socket.
Page 90
Kaspersky Anti-Spam 3.0 A.2.4.1. Configuring Postfix to work with kas- pipe This section provides an example of the kas-pipe configuration for the Postfix mail server that implements the following operational scheme: • kas-pipe acts as a content filter (content_filter); • kas-pipe receives mail through the localhost:9026 network socket and the kas3scan service defined manually in the Postfix configuration file;...
Page 92
Kaspersky Anti-Spam 3.0 The kas-pipe client module integrated into Exim processes mail messages according to the following scheme: 1. Exim receives incoming messages at port 25 and places them to a queue. 2. Exim selects a message from the queue and tries each router in the list to determine the exact router for the selected message.
Page 93
Appendix A For the Debian distribution package, the integration with Exim has a number of specific features because the configuration of the mail server is generated by a special script update-exim4.conf from template /etc/exim4/exim4.conf.template or from several templates located in the /etc/exim4/conf.d/ directory.
Kaspersky Anti-Spam 3.0 kas-exim A.2.5. – a client module for the Exim mail server The kas-exim module provides integration of Kaspersky Anti-Spam with the Exim mail server version 4.xx using localscan API. The kas-exim module is used as an alternative solution. For a standard installation, integration with Exim is implemented using the kas-pipe client module.
Page 95
Appendix A This fragment contains the following options: • kas_connect_to – address of the socket for interacting with the filtering server. The address format is tcp:<host>:<port>, where <host> is the IP-address of the filtering server, <port> is a port specifying the network socket;...
Kaspersky Anti-Spam 3.0 kas-qmail A.2.6. – client module for the Qmail mail server The kas-qmail module provides integration of Kaspersky Anti-Spam with the Qmail mail server. When this module is used, the mail traffic is processed using the following algorithm: The qmail-queue module of Qmail is replaced with the kas-qmail client module, which transfers incoming mail to the filtering server for further processing.
Appendix A In addition to the options provided in Appendix A.2.2, this file contains the QmailOriginalQueue option that specified the full path to the original qmail- queue module. To configure Qmail to work with the kas-qmail client module, do the following: Rename the original file of the qmail-queue module using the following command: # mv /var/qmail/bin/qmail-queue...
Page 98
Kaspersky Anti-Spam 3.0 Below is a fragment of the filter.conf file that contains settings of the client module: ClientConnectTo tcp:127.0.0.1:2277 ClientConnectTimeout 10 ClientDataTimeout 30 CGProSubmittedFolder Submitted CGProMaxThreadCount 50 CGProLoopHeader X-Proceed_240578_by_spamtest CGProAllTransports No ClientFilteringSizeLimit 500 ClientDefaultDomain localhost In addition to the options described in Appendix A.2.2, the following additional options are used to configure kas-cgpro: •...
Appendix A Data: Message Size Operation: less than Parameter: 512000 Action: external filter Parameters: kas-cgpro Specific features of using kas-cgpro with Communigate Pro: • During an SMTP session, the kas-cgpro client module cannot reject an incoming message for which the reject this message action is specified. Instead, Communigate Pro sends a bounce message to the sender that the message cannot be delivered to the recipient.
Kaspersky Anti-Spam 3.0 filter.conf A.3.1. Main configuration file The configuration file /usr/local/ap-mailfilter3/etc/filter.conf contains that regulate operation of all Kaspersky Anti-Spam components (excluding the updating module). General settings: • RootPath – path to the Kaspersky Anti-Spam installation directory. The default value is /usr/local/ap-mailfilter3. •...
Page 101
Appendix A • ServerSpareFilters – minimum number of idle filtering processes (not processing messages). If the number of processes exceeds the specified limit, the idle processes are forcedly ended. The default value is 0. The ServerSpareFilters value must not exceed the ServerMaxFilters parameter.
Page 102
Kaspersky Anti-Spam 3.0 • FilterSPFDataTimeout=1..10 – timeout (in seconds) for read / write operations for the interaction socket used by the filtering process with the SPF daemon. The default value is 1. • FilterDNSTimeout=1...60 – timeout (in seconds) for performing all possible checks using DNS.
Page 103
Appendix A • LicenseIdleTimeout=1...100 – maximum time (in seconds), during which the licensing module can maintain connection with an idle filtering process that sends no data. After this timeout is over and if no requests are received from the filtering process, the connection is terminated. The default value is 30.
Kaspersky Anti-Spam 3.0 • reject – reject the message and return the 5xx code during an SMTP session; • tempfail – temporarily reject the message and return the 4xx code during an SMTP session (used by default); • accept – accept the message. •...
Appendix A This file has the following options: • user – the rights of this user are used to run Management Center scripts. It is better not to change the default value of mailflt3, because this might result in incorrect system behavior. •...
Kaspersky Anti-Spam 3.0 • –с – option that specifies that it is necessary to create a new file with passwords. If the value for this option is not set, the password_file option should be set to an existing file. • –h –...
Appendix A • –v – instruction to provide more verbose information in the messages output to the console in comparison with the default level. • –V <details_level> – instruction to use the specified level of details for the messages output to the console. Possible values: 1...10. •...
Kaspersky Anti-Spam 3.0 • –l – instruction to use higher level of details for messages added to system log in comparison with the default level; • –L <details_level> – – instruction to use the specified level of details for the messages added to system log. Possible values: 1...10; •...
Appendix A • –q – enables “silent” mode, when only error messages and warning are output to the screen; • –d – displays a detailed report about the operations performed by the utility; • –v – instruction to provide more verbose information in the messages output to the console in comparison with the default level;...
Kaspersky Anti-Spam 3.0 • –l <log_file> – saves the report about actions performed by the utility to the file defined by the log_file parameter. • –q – enables “silent” mode, when only error messages and warning are output to the screen. •...
Page 111
Appendix A # /usr/local/ap-mailfilter3/bin/sfupdates \ [-c <configuration_file>] [-f] [-k <kas-conf_script>] [-s]\ [-q] [-v] [-d] [-V <details_level>] [-l]\ [-L < details_level >] [-h] Command line options: • –c <configuration_file> – redefines the path to the filter.conf configuration file. If filter.conf is located in a directory other than the default, specify a complete path to the filter.conf file as a value for the configuration_file parameter.
Kaspersky Anti-Spam 3.0 A.5. Special headers of the filtering module During processing email messages, Kaspersky Anti-Spam adds the following headers to processed messages: • X-Spamtest-Version – header that contains information about the version of the Kaspersky Anti-Spam distribution package. • X-Spamtest-Status X-Spamtest-Status-Extended –...
Page 113
Appendix A Header Meaning Description blacklisted sender this message is in the black list of senders. spam Message is classified as spam. probable_spam Message is classified as probably spam. formal Message is classified as a formal response of the mail server. not_detected Message is not classified either...
Page 114
Kaspersky Anti-Spam 3.0 • X-SpamTest-Method – header that contains the names of methods whose results were used to assign the status to a message. Possible meanings of this header are listed in the table below. Meaning Method Filtering by the white list of IP white ip list addresses.
Appendix A Meaning Method the status. No one of these methods allows to None classify the message. Such messages receive the Not detected status. A.6. Configuration using cron service Successful operation of Kaspersky Anti-Spam requires that you run a set of scripts using the cron service for the mailflt3 user.
Page 116
Kaspersky Anti-Spam 3.0 Startup command: /usr/local/ap-mailfilter3/control/bin/dologs.sh –q Recommended startup frequency: once a minute. • Script for updating statistic diagrams. This script creates diagrams for the statistics of processed messages. The diagrams are displayed in the Statistics section of the Management Center.
Page 117
Appendix A • Add a list of paths to the main system utilities, including the sendmail utility, as the value of the PATH variable. The default value is /bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin. • Specify the address to which messages about script execution will be sent.
APPENDIX B. HOW TO SEND SPAM MESSAGES TO SPAM ANALYSTS Kaspersky Lab thanks all users who send new examples of spam messages to the group of our spam analysts. These spam messages help us respond faster to new methods of spam distribution and block them as early as they appear. You can also send us examples of messages that were erroneously recognized as spam.
Page 119
Appendix B the selected messages as the attachments to the new message. To forward spam using The Bat! Mail client, do the following: • If you want to manually forward a message, select one or several spam messages and click Alternative Forward. This command is located in the Specials menu on the toolbar.
APPENDIX C. KASPERSKY LAB Founded in 1997, Kaspersky Lab has become a recognized leader in information security technologies. It produces a wide range of data security software and delivers high-performance, comprehensive solutions to protect computers and networks against all types of malicious programs, unsolicited and unwanted e- mail messages, and hacker attacks.
Appendix C C.1. Other Kaspersky Lab Products Kaspersky Lab News Agent The News Agent is intended for timely delivery of news published by Kaspersky Lab, notifications about the current status of virus activity, and fresh news. The program reads the list of available news feeds and their content from the Kaspersky Lab news server at specified intervals.
Page 122
Kaspersky Anti-Spam 3.0 • Select standard/extended databases for scanning • Save a report on the scanning results in .txt or .html formats ® Kaspersky Anti-Virus Kaspersky Anti-Virus 6.0 is designed to safeguard personal computers against malicious software as an optimal combination of conventional methods of anti- virus protection and new proactive technologies.
Page 123
Appendix C The anti-virus protection features include: • Anti-virus scanning of e-mail traffic on the level of data transmission protocol (POP3, IMAP and NNTP for incoming mail and SMTP for outgoing messages), regardless of the mail client being used. The program includes plug-ins for popular e-mail clients (such as Microsoft Office Outlook, Microsoft Outlook Express/Windows Mail, and The Bat!) and supports disinfection of their e-mail databases.
Page 124
Kaspersky Anti-Spam 3.0 Kaspersky Anti-Virus Mobile ® Kaspersky Anti-Virus Mobile provides antivirus protection for mobile devices running Symbian OS and Microsoft Windows Mobile. The program provides comprehensive virus scanning, including: • On-demand scans of the mobile device's onboard memory, memory cards, an individual folder, or a specific file;...
Page 125
Appendix C • Remote administration of the software package, including centralized installation, configuration, and administration; • Saving backup copies of infected and deleted objects in case you need to restore them; • Quarantining suspicious objects; • Send notifications on events in program operation to the system administrator;...
Page 126
Kaspersky Anti-Spam 3.0 • Remote administration of the software package, including centralized installation, configuration, and administration; ® • Support for Cisco NAC (Network Admission Control); • Scanning of e-mail and Internet traffic in real time; • Blocking of popup windows and banner ads when on the Internet;...
Page 127
Appendix C • Proactive Defense for workstations from new malicious programs whose signatures are not yet added to the database; • Scanning of e-mail and Internet traffic in real time; • Personal Firewall with intrusion detection system and network attack warnings; •...
Page 128
Kaspersky Anti-Spam 3.0 • Secure operation while using Wi-Fi networks; • Scans Internet traffic in real time; • Rollback for malicious system modifications; • Dynamic resource redistribution during complete system scans; • Quarantining suspicious objects; • An extensive reporting system on protection system status; •...
Page 129
Appendix C • Filters Internet traffic using a trusted server list, object types, and user groups; • iSwift technology to avoid rescanning files within the network; • Dynamic resource redistribution during complete system scans; • Personal Firewall with intrusion detection system and network attack warnings;...
Page 130
Kaspersky Anti-Spam 3.0 • Processes e-mails, databases, other objects Lotus Notes/Domino servers; • Filters e-mails by attachment type; • Quarantines suspicious objects; • Easy-to-use administration system for the program; • Prevents virus outbreaks; • Monitors protection system status using notifications; •...
Appendix C ® Kaspersky Anti-Spam ® Kaspersky Anti-Spam is a cutting-edge software suite designed to help organizations with small- and medium-sized networks wage war against the onslaught of unsolicited e-mail messages (spam). The product combines the revolutionary technology of linguistic analysis with modern methods of e-mail filtration, including DNS Black Lists and formal letter features.
APPENDIX D. THIRD PARTY SOFTWARE In the process of development of Kaspersky Anti-Spam 3.0, the following third party software was used: Berkeley DB 1.85 library can be used on the following terms and conditions: Copyright (c) 1990, 1993, 1994 The Regents of the University of California. All rights reserved.
Page 133
Appendix D libjpeg 6b library can be used on the following terms and conditions: LEGAL ISSUES ============ In plain English: We don't promise that this software works. (But if you find any bugs, please let us know!) You can use this software for whatever you want. You don't have to pay us. You may not pretend that you wrote this software.
Page 134
Kaspersky Anti-Spam 3.0 We specifically permit and encourage the use of this software as the basis of commercial products, provided that all warranty or liability claims are assumed by the product vendor. ansi2knr.c is included in this distribution by permission of L. Peter Deutsch, sole proprietor of its copyright holder, Aladdin Enterprises of Menlo Park, CA.
Page 135
Appendix D modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
Page 136
Kaspersky Anti-Spam 3.0 thttpd web-server can be used on the following terms and conditions: Copyright 1995,1998,1999,2000,2001 by Jef Poskanzer <jef@acme.com>. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
Page 137
Appendix D licenses and copyright statments in these functions if you are using an OS that needs these functions. The two-clause BSD license: Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
Page 138
Kaspersky Anti-Spam 3.0 Neither the name of the University, Merit Network, nor the names of their contributors may be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS "AS IS"...
Page 139
Appendix D THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT LIMITED...
Page 140
Kaspersky Anti-Spam 3.0 zlib library can be used on the following terms and conditions: zlib.h -- interface of the 'zlib' general purpose compression library version 1.1.3, July 9th, 1998 Copyright (C) 1995-1998 Jean-loup Gailly and Mark Adler This software is provided 'as-is', without any express or implied warranty. In no event will the authors be held liable for any damages arising from the use of this software.
Page 141
Appendix D PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
Page 142
Kaspersky Anti-Spam 3.0 Redistributions are accompanied by a copy of the Source Code or by an irrevocable offer to provide a copy of the Source Code for up to three years at the cost of materials and delivery. Such redistributions must allow further use, modification, and redistribution of the Source Code under substantially the same terms as this license.
Page 143
Appendix D Disclaimer/Limitation of Liability: THIS SOFTWARE IS PROVIDED BY SENDMAIL, INC. AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL SENDMAIL, INC., REGENTS...
Page 144
Kaspersky Anti-Spam 3.0 The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to endorse or promote products derived from this software without prior written permission. written permission, please contact openssl- core@openssl.org. Products derived from this software may not be called "OpenSSL" nor may "OpenSSL"...
Page 145
Appendix D Copyright remains Eric Young's, and as such any Copyright notices in the code are not to be removed. If this package is used in a product, Eric Young should be given attribution as the author of the parts of the library used. This can be in the form of a textual message at program startup or in documentation (online or textual) provided with the package.
Page 146
Kaspersky Anti-Spam 3.0 FreeBSD libc library can be used on the following terms and conditions: Copyright (C) 1992-2005 The FreeBSD Project. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
Page 147
Appendix D THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;...
APPENDIX E. LICENSE AGREEMENT End User License Agreement NOTICE TO ALL USERS: CAREFULLY READ THE FOLLOWING LEGAL AGREEMENT ("AGREEMENT") LICENSE SPECIFIED SOFTWARE ("SOFTWARE") PRODUCED KASPERSKY ("KASPERSKY LAB"). IF YOU HAVE PURCHASED THIS SOFTWARE VIA THE INTERNET BY CLICKING THE ACCEPT BUTTON, YOU (EITHER AN INDIVIDUAL OR A SINGLE LEGAL ENTITY) CONSENT TO BE BOUND BY AND BECOME PARTY TO THIS AGREEMENT.
Page 149
Appendix E THE RIGHT TO RETURN AND REFUND EXTENDS ONLY TO THE ORIGINAL PURCHASER. All references to "Software" herein shall be deemed to include the software activation key ("Key Identification File") with which you will be provided by Kaspersky Lab as part of the Software. 1.
Page 150
Kaspersky Anti-Spam 3.0 1.1.4 You shall not make error corrections to, or otherwise modify, adapt, or translate the Software, nor create derivative works of the Software, nor permit any third party to copy the Software (other than as expressly permitted herein). 1.1.5 You shall not rent, lease or lend the Software to any other person, nor transfer or sub-license your license rights to any other person.
Page 151
Appendix E may terminate this Agreement at any point by destroying all copies of the Software and the Documentation. 3. Support. (i) Kaspersky Lab will provide you with the support services ("Support Services") as defined below for a period of one year following: (a) Payment of its then current support charge, and: (b) Successful completion of the Support Services Subscription Form as provided to you with this Agreement or as available on the Kaspersky Lab...
Page 152
Kaspersky Anti-Spam 3.0 information, but without limitation to the foregoing shall use best endeavours to maintain the security of the Key Identification File. 6. Limited Warranty. (i) Kaspersky Lab warrants that for six (6) months from first download or installation the Software purchased on a physical medium will perform substantially in accordance with the functionality described in the Documentation when operated properly and in the manner specified in the Documentation.
Page 153
Appendix E (a) Loss of revenue; (b) Loss of actual or anticipated profits (including for loss of profits on contracts); (c) Loss of the use of money; (d) Loss of anticipated savings; (e) Loss of business; (f) Loss of opportunity; (g) Loss of goodwill;...
Need help?
Do you have a question about the ANTI-SPAM 3.0 and is the answer not in the manual?
Questions and answers