Chapter 5. NOD32LMS configuration
With these settings nod32smfi will communicate with the MTA Sendmail via unix socket
/var/run/nod32smfi.sock.
In the next step, modify the /etc/mail/sendmail.cf file by adding the following specification
into the section MAIL FILTER DEFINITIONS:
Xnod32smfi, S=local:/var/run/nod32smfi.sock, F=T, T=S:2m;R:2m;E:5m
With this setting sendmail will communicate with the nod32smfi daemon via local (i.e. unix)
socket /var/run/nod32smfi.sock. Flag F=T will result in temporary fail connection if the filter
is unavailable. Flag T=S:2m defines timeout 2 minutes for sending information from MTA to
a filter. Flag T=R:2m defines timeout 2 minutes for reading reply from the filter. Flag T=E:5m
means overall timeout 5 minutes between sending end-of-message to filter and waiting for the
final acknowledgment.
Note: In case the timeouts for the nod32smfi filter are set too small, Sendmail can temporarily re-
ject the message which will attempt to pass through at a later time. This will lead to the continu-
ous rejection of one and the same message later. In order to avoid the problem, the timeouts have
to be set properly. In order to do this, one has to get into account ’confMAX_MESSAGE_SIZE’
parameter defined in a sendmail.mc file that will provide not accepting messages bigger than
the appropriate parameter value (given in bytes). Taking into account this value and the maxi-
mum time for processing of this amount of data by MTA (this can be measured) one can evaluate
the appropriate timeouts for nod32smfi filter.
Finally, uncomment and modify the following line in the /etc/mail/sendmail.cf file:
O InputMailFilters=nod32smfi
Since nod32smfi filter can modify the content of the e-mail message body, in case of multiple
Sendmail filters, it is good to put the definition of the nod32smfi filter at the end of the filter
chain.
5.4.3. Content filtering in MTA Exim
Configuration of the NOD32LMS as an Exim content filter uses similar aproach as discussed in
the sections devoted to scanning inbound messages in Exim (general case). Indeed, in order to
configure NOD32LMS as content filter it is first necessary to follow the rules from section 5.2.2.5
(in case of Exim 3) or follow the rules from section 5.2.2.6 (in case of Exim 4).
With this initial setting the NOD32LMS is configured to scan every e-mail comming to the local
recipient. Yet it is necessary to provide the scanning of the e-mail messages routed to another
domains.
In case of Exim 3 it is only necessary to define new ROUTER CONFIGURATIONS section
nod32_router:
driver = domainlist
route_list = "* localhost byname"
condition = "${if eq {$received_protocol}{virus-scanned} {0}{1}}"
transport = nod32_transport
29
To Next Page
Loading...
Need help?
General
