Chapter 5. NOD32LMS configuration
The operation principle of scanning an outbound e-mail message is based on the following idea:
We configure a nod32smtp daemon to listen to communication incoming to port 2525 of the e-
mail server computer and forward the scanned communication to port 25 of the same computer
where, typically, the MTA daemon listens to. In order to do so, use the following values of the
aforementioned parameters:
listen_addr = "localhost"
listen_port = 2525
server_addr = "localhost"
server_port = 25
Once again, an e-mail received via port 2525 will be processed by nod32d (scanning daemon)
and afterward sent to port 25 for further processing by agent MTA of the e-mail messaging
system. So far this is just half of the job. The second part that has to be done is the automatic
redirection of all the packets arriving on port 25 of the server computer to port 2525. If we do
not this then no packet of e-mail communication will go through the nod32smtp daemon as the
whole communication from the LAN (Local Area Network) will pass by through port 25.
To assure the automatic rerouting of the communication from the LAN arriving on port 25 to
port 2525, use the following packet filters:
natd -interface xl0 -redirect_port tcp 192.168.1.10:2525 25
where xl0 is the network interface of the machine with IP address 192.168.1.10. User should
replace both the interface specification and the IP address according to his needs. To add the
diverting rule into the ipfw firewall one has to write:
/sbin/ipfw add divert natd all from any to any via xl0
Note: In order to have ipfw firewall and natd daemon working properly, the kernel of the OS
has to be compiled with the options IPFIREWALL and IPDIVERT.
The following options have to be written in /etc/rc.conf:
gateway_enable="YES"
firewall_enable="YES"
firewall_type="OPEN"
After applying these rules and starting the nod32smtp daemon one can see that all the commu-
nication arrives to the nod32smtp daemon and everything works correctly, however, with this
setting there is still one unwanted effect. One can easily realize that the port 2525 with this set-
ting provides an open relay. The point is that now there is a nod32smtp daemon that will accept
all the packets that arrive at the port 2525, this also means packets arriving from outside the
local network. The daemon nod32smtp will forward this traffic to port 25. This process will be
interpreted by MTA as a local communication on the so called loop-back interface and therefore
will not be rejected by MTA rules.
26
To Next Page
Loading...
Need help?
General
