KASPERSKY LAB Kaspersky® Mail Gateway 5.5 ADMINISTRATOR'S GUIDE KASPERSKY® MAIL GATEWAY 5.5 Administrator's Guide © Kaspersky Lab http://www.kaspersky.com Revision date: June, 2006 Contents CHAPTER 1. KASPERSKY® MAIL GATEWAY 5.5....................................................... 7 1.1. What's new in Kaspersky Mail Gateway 5.5 ........................................................ 8 1.2. Licensing policy ..................................................................................................... 9 1.3. Hardware and software requirements .................................................................. 9 1.4. Distribution kit ...................................................................................................... 10 1.5. Help desk for registered users ............................................................................ 11 1.6. Conventions......................................................................................................... 11 CHAPTER 2. APPLICATION STRUCTURE AND TYPICAL DEPLOYMENT SCENARIOS .............................................................................................................. 13 2.1. Application architecture ....................................................................................... 13 2.2. The algorithm of application functioning ............................................................. 15 2.3. Typical deployment scenarios............................................................................. 17 2.3.1. Installing the application along corporate network perimeter...................... 17 2.3.2. Installing the application inside your mail system........................................ 19 CHAPTER 3. INSTALLING THE APPLICATION......................................................... 21 3.1. Installing the application on a server running Linux ........................................... 21 3.2. Installing the application on a server running FreeBSD..................................... 22 3.3. Installation procedure .......................................................................................... 23 3.4. Configuring the application.................................................................................. 24 3.5. Installing the Webmin module to manage Kaspersky Mail Gateway ................ 26 CHAPTER 4. THE PRINCIPLES OF PROGRAM OPERATION ................................ 29 4.1. Creating groups of recipients/senders................................................................ 29 4.2. General message processing algorithm............................................................. 32 4.3. Operation of the Spamtest filter .......................................................................... 35 4.3.1. Message header analysis ............................................................................ 36 4.3.2. Analysis of message content ....................................................................... 36 4.3.3. Spamtest filter actions .................................................................................. 37 4.4. Operation of the AV module................................................................................ 38 CHAPTER 5. ANTI-VIRUS PROTECTION AND SPAM FILTRATION....................... 40 4 Kaspersky® Mail Gateway 5.5 5.1. Updating the anti-virus and content filtration databases .................................... 40 5.1.1. Automatic updating of the anti-virus and content filtration databases ........ 42 5.1.2. Manual updating of the anti-virus and content filtration databases............. 43 5.1.3. Creating a shared directory for storing and sharing database updates...... 44 5.2. Spam filtration...................................................................................................... 44 5.2.1. Marking of messages containing spam ....................................................... 45 5.2.2. Blocking delivery of spam messages........................................................... 46 5.2.3. Storage of spam message copies in the quarantine directory.................... 46 5.3. Anti-virus protection of email traffic ..................................................................... 47 5.3.1. Delivery of messages with clean or disinfected objects only ...................... 48 5.3.2. Replacement of infected objects with standard notifications....................... 49 5.3.3. Blocking delivery for messages containing suspicious objects................... 49 5.3.4. Delivery of notifications to the sender, administrator and recipients........... 50 5.3.5. Additional filtering of objects by name and type .......................................... 51 5.3.6. Saving messages in the quarantine directory.............................................. 52 5.4. Combining spam filtration and anti-virus protection ........................................... 54 5.4.1. Maximum speed ........................................................................................... 54 5.4.2. Recommended mode................................................................................... 55 5.4.3. Maximum protection ..................................................................................... 56 5.5. Additional features of Kaspersky Mail Gateway................................................. 58 5.5.1. Automatically add incoming and outgoing mail to archives ........................ 58 5.5.2. Protection from hacker attacks and spam ................................................... 59 5.6. Managing license keys........................................................................................ 60 5.6.1. Viewing information about license keys....................................................... 60 5.6.2. Renewing your license ................................................................................. 62 5.6.3. Removing a license key ............................................................................... 63 CHAPTER 6. ADVANCED APPLICATION SETTINGS .............................................. 64 6.1. Configuring anti-virus protection of mail traffic.................................................... 64 6.1.1. Using the iCheckerTM technology................................................................. 64 6.1.2. Setting up application timeouts .................................................................... 65 6.1.3. Setting performance restrictions .................................................................. 66 6.2. Setting up connection receiving interfaces ......................................................... 67 6.3. Setting up the routing table ................................................................................. 68 6.4. Checking the configuration file syntax ................................................................ 69 6.5. Syntax check in notification templates................................................................ 70 6.6. Work with email archive and the quarantine directory ....................................... 70 Contents 5 6.7. Management of application working queue........................................................ 73 6.8. Managing the application .................................................................................... 75 6.9. Control of application activity............................................................................... 77 6.10. Customizing date and time formats .................................................................. 77 6.11. Reporting options .............................................................................................. 78 6.12. Additional informational header fields in messages......................................... 80 CHAPTER 7. TESTING APPLICATION OPERABILITY ............................................. 81 7.1. Testing the application using Telnet ................................................................... 81 7.2. Testing the Spamtest filter................................................................................... 83 7.3. Testing the application using EICAR .................................................................. 84 CHAPTER 8. UNINSTALLING THE APPLICATION ................................................... 86 CHAPTER 9. FREQUENTLY ASKED QUESTIONS................................................... 88 APPENDIX A. SUPPLEMENTARY INFORMATION ABOUT THE PRODUCT......... 95 A.1. Distribution of the application files in directories................................................. 95 A.2. Kaspersky Mail Gateway configuration file ........................................................ 99 A.3. Use of external configuration files..................................................................... 116 A.4. Control signals for the smtpgw component...................................................... 117 A.5. Control files........................................................................................................ 118 A.6. Application statistics.......................................................................................... 118 A.7. Command line options for the smtpgw component ......................................... 124 A.8. Smtpgw return codes........................................................................................ 125 A.9. Command line options for licensemanager ..................................................... 126 A.10. Licensemanager return codes........................................................................ 127 A.11. Keepup2date command line options ............................................................. 128 A.12. Keepup2date return codes ............................................................................. 129 A.13. Format of messages about template syntax check-up.................................. 129 A.14. Return codes for the kltlv utility....................................................................... 131 A.15. Command line options of the klmailq utility.................................................... 132 A.16. Command line options for the klmaila utility................................................... 133 A.17. Return codes for the klmaila and klmailq utilities ........................................... 134 A.18. Special headers added by the Spamtest filter ............................................... 134 A.19. Format of messages about anti-virus scanning and spam filtration.............. 136 A.20. Notifications about actions applied to the message ...................................... 137 6 Kaspersky® Mail Gateway 5.5 APPENDIX B. KASPERSKY LAB............................................................................... 140 B.1. Other Kaspersky Lab Products ........................................................................ 141 B.2. Contact Us......................................................................................................... 148 APPENDIX C. LICENSE AGREEMENT .................................................................... 150 CHAPTER 1. KASPERSKY® MAIL GATEWAY 5.5 Kaspersky® Mail Gateway 5.5 is designed to filter SMTP mail traffic protecting mail system users from viruses and unwanted messages (spam). The application is a full-featured mail relay (compliant with IETF RFC internet standards) that runs under Linux and FreeBSD operating systems. The application allows the user to: · · · · · · · · Check email messages for presence of spam signs, including attached objects and message bodies. Use the technology of DNS black lists (RBL) to filter spam. Create white lists and black lists of senders/recipients for use by the application while processing email traffic. Scan email messages for viruses, including attached objects and message bodies. Detect infected, suspicious, corrupted, attachments and message bodies. and password-protected Perform anti-virus processing (including disinfection) of infected objects revealed in email messages by scanning. Provide additional email traffic filtering by names and MIME types of attachments and apply certain processing rules to the filtered objects. Maintain archives of all email messages sent and/or received by the application, if this is required by the internal security policy of the company. Enable restrictions for SMTP connections providing protection against hacking attacks and preventing application use as an open mail relay for unsolicited email messages. Limit the load on your server by configuring the application settings and SMTP parameters. Notify senders, recipients, and the administrator about messages containing infected, suspicious, or corrupted objects. Quarantine messages identified as spam or probable spam as well as messages containing infected, suspicious or corrupted objects. Update the anti-virus and content filtration databases. The application retrieves updates from the update servers of Kaspersky Lab. You can also set the applic ...