Chapter 5. NOD32LMS configuration
This problem, however, can be solved by ensuring that all communication with the port 2525
will be disabled with the exception of the local network. In order to do so we use the following
command:
ipfw add deny tcp from not 192.168.1.0/24 to 192.168.1.10 2525 via xl0
Warning: Please, read carefully appropriate sections in FreeBSD Handbook
(http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/index.html) describing
the complete configuration and setting of the IP Firewall. Remember that "ipfw policy deny"
combined with some improper chain en- try (possible the only entry which designed to deny
some external packets) can close your computer from outer world. On the other hand "ipfw
policy allow" combined with some weak chain rule can open your computer to the non-desired
users.
5.4. Content filtering in MTA
Content filtering method is currently a well known method used to screen and/or exclude cer-
tain defined information from the Internet or its part. Concerning an e-mail server system the
best place to implement content filtering method is the MTA agent as an e-mail communica-
tion traffic nod. The advantage of such an implementation is that it allows one to scan e-mails
inbound as well as outbound in the same implementation algorithm. On the other hand the
content filtering method is MTA dependent. Taking into account the number of different MTAs
working in the present UNIX OS environment, the method is not universal. NOD32LMS comes
with two content filters built for most common MTA, i.e. MTA Sendmail and MTA Postfix, both
described in the following sections.
5.4.1. Content filtering in MTA Postfix
The nod32smtp filter can also serve as a content filter for MTA Postfix providing the following
changes are implemented:
In section [smtp] of the configuration file: /etc/nod32/nod32.cfg set:
listen_port = 2526
server_addr = "localhost"
server_port = 2525
With these settings nod32smtp will listen on port 2526 and will forward all communication from
this port to the local port 2525.
In the next step, modify the /etc/postfix/master.cf file by adding the following specification
into the file:
localhost:2525 inet n - n - - smtpd
-o content_filter=
-o myhostname=nod32.yourdomain.com
27
To Next Page
Loading...
Need help?
General
