Chapter 7. Tips and tricks
7.2. NOD32LMS and TLS support in MTA
Transport Layer Security (TLS) is a protocol guaranting data privacy in client/server commu-
nication over the Internet. The basic principle of TLS is based on the SSL encryption of data
traveling between client and server (We have on our mind the SMTP communication between
MTA client and server). This has of course nonnegligible consequences for scanning of this kind
of communication by NOD32LMS. For instance, once TLS support in MTA is enabled, the ’out-
bound messages scanning scenario’ discussed in section 5.3 is impossible as the whole inter-
cepted SMTP communication is encrypted at this stage. On the other hand, there is possibil-
ity to use data encryption in communication between local MTA and Internet and still use the
NOD32LMS as a content filter (discussed in section 5.4). In MTA Sendmail content filtering there
is no problem with SMTP TLS support at all as the Sendmail Milter does not relay on the SMTP
communication and content filtering is done rather internaly. On the other hand the Postfix uses
SMTP protocol for data communication between content filter and MTA. Therefore once the TLS
is enabled in Postfix, the content filtering method fails as whole the SMTP communication is en-
crypted. Fortunatelly, this can be soloved on the Postfix TLS configuration level. The situation is
depicted in a figure 7-1.
Figure 7-1. Scheme of content filtering in Postfix MTA with enabled TLS.
Content filter
NOD32
25252526
POSTFIX MAILBOXINTERNET
25
25
SMTP/TLS
As is shown in the figure above, once the TLS is enabled, all the SMTP communication chan-
nels including SMTP communication with content filter are affected. The only possibility in this
case is to disable the TLS support for communication between client and server located within
localhost. This can be achieved by adding the following line into the main Postfix configuration
file.
42
To Next Page
Loading...
Need help?
General
