How to configure ESET Mail Security -Linux - ?!

Hello all,

We have purchased ESET Mail Security for Linux few days ago, but still we don't feel any difference yet, it is installed in our webserver but without any real effect.

We need it primarily to stop SPAM emails that we receive them everyday, as well as to have a disclaimer statement in the footer for any email message that we send or receive, statement similar to this:
[
__________ Information from ESET Smart Security, version of virus signature database 4759 (20100110) __________

The message was checked by ESET Smart Security.

http://www.eset.com
]

Our webserver is Linux Redhat, unfortunately I don't know Linux too much, that is why I want as well to activate the Remote Administration Client as I think it will help me in configuring the ESET Mail Security product in the way we need.

I activated the ESET web-interface, I tried to configure the product through this web-interface to have the three main needs we require, but still we feel no effects at all.

I wish to have your assistance to configure ESET Mail Security for Linux correctly.

I have some screenshots from my web-interface that may give you a clue about what mistakes I may did so to correct things to achieve my three goals:

1- To have disclaimer [footnote ] statement in every email message we send or receive.
2- To stop the SPAM emails we receive, or reduce them as much as possible.
3- To run the Remote Administrative Client (RAS) in order to administrate the ESET Mail Security for Linux from Graphical interface rather than from Linux command line.

This is the screenshot for my Global Section for ESET_DEAMON options:

http://img16.imageshack.us/img16/2582/globalae.jpg

This is the screenshot for my Global Section for Scanner options:

http://img338.imageshack.us/img338/1985/scannerr.jpg

This is the screenshot for my POP3 section ( two pictures ):

http://img29.imageshack.us/img29/8034/pop31.jpg
http://img260.imageshack.us/img260/5026/pop32.jpg

This is the screenshot for my SMTP section ( two pictures ):

http://img155.imageshack.us/img155/1590/smtp1.jpg
http://img156.imageshack.us/img156/857/smtp2.jpg

Any help we be appreciated.

Thanks.

Regards,

 

Hi,

you had to set the the the option action_as_spam four filtering module to defer, discard or reject to clean up the incoming spam.

Example MDA use:

##/etc/esets/ests.conf

[mda]
# Settings for ESETS Mail Delivery Agent module.

# mda_path = "path"
# Full path pointing to the original MDA.
mda_path = "/usr/bin/procmail"
syslog_facility = "daemon"
syslog_class = "error:warning:summallart:"
action_av = "accept"
action_av_infected = "discard"
action_av_notscanned = "accept"
action_av_deleted = "discard"
action_as = "scan"
action_as_spam = "discard"
action_as_notscanned = "accept"
av_clean_mode = "standard"
av_quarantine_enabled = yes
av_scan_obj_max_size = 0
av_scan_archive_max_level = 10
av_scan_archive_max_size = 0
av_scan_archive_timeout = 0
av_scan_sfx_max_size = 0
av_scan_ext = ""
av_scan_ext_exclude = ""
av_eml_subject_modification_mask = ""
av_eml_header_modification_mask = ""
av_eml_footnote_modification_mask = "infected:notscanned:"
av_eml_footnote_log_all = no
as_eml_subject_prefix = "[SPAM]"
av_scan_obj_files = yes
av_scan_obj_archives = yes
av_scan_obj_mime = yes
av_scan_obj_sfx = yes
av_scan_obj_rtp = yes
av_scan_pattern = yes
av_scan_heur = yes
av_scan_adv_heur = yes
av_scan_app_adware = yes
av_scan_app_unsafe = no
av_scan_app_unwanted = yes



like this way i do only scan incoming Mails four spam and do my virus clean up with smtp four inbound and outbound Mails.



[smtp]
# Settings for ESETS SMTP filter module.

# agent_enabled = yes/no
# Enables/disables operation of the esets_smtp.
agent_enabled = yes

# num_proc = value
# Keep value processes of esets_smtp running in parallel.
num_proc = 1

# num_thrd = value
# Keep value threads per process of esets_smtp running in parallel.
num_thrd = 2

# listen_addr = "address"
# Address (IP or name) where esets_smtp listens for SMTP client connections.
# If set to 0.0.0.0 then esets_smtp listens on all available network interfaces.
listen_addr = "localhost"

# listen_port = port
# TCP port where esets_smtp listens for SMTP client connections.
listen_port = 2526

# server_addr = "address"
# Address (IP or name) of the SMTP server where esets_smtp connects to.
server_addr = "localhost"

# server_port = port
# TCP port of the SMTP server where esets_smtp connects to.
server_port = 2525

# add_header_xvirus = yes/no
# Whether to add the header 'X-Virus-Scanner:' to scanned messages.
add_header_xvirus = yes

# add_header_received = yes/no
# Whether to add the header 'Received:' to scanned messages.
add_header_received = yes
syslog_facility = "daemon"
syslog_class = "error:warning:summallart"
action_av = "scan"
action_av_infected = "discard"
action_av_notscanned = "accept"
action_av_deleted = "discard"
action_as = "accept"
action_as_spam = "accept"
action_as_notscanned = "accept"
av_clean_mode = "standard"
av_quarantine_enabled = yes
av_scan_obj_max_size = 0
av_scan_archive_max_level = 10
av_scan_archive_max_size = 0
av_scan_archive_timeout = 0
av_scan_sfx_max_size = 0
av_scan_ext = ""
av_scan_ext_exclude = ""
av_eml_subject_modification_mask = ""
av_eml_header_modification_mask = ""
av_eml_footnote_modification_mask = "infected:notscanned:"
av_eml_footnote_log_all = no
as_eml_subject_prefix = "[SPAM]"
av_scan_obj_files = yes
av_scan_obj_archives = yes
av_scan_obj_mime = yes
av_scan_obj_sfx = yes
av_scan_obj_rtp = yes
av_scan_pattern = yes
av_scan_heur = yes
av_scan_adv_heur = yes
av_scan_app_adware = yes
av_scan_app_unsafe = yes
av_scan_app_unwanted = yes
#av_eml_header_template = "%avstatus%"

 

Hello,

Thanks 'tippet4y' for your kind reply.

Im really sorry for the delay, I was outside the city for a while in a sudden trip.

I almost changed my configuration to be as those you posted them, but still we don't feel any obvious improvement, I think still there is something missing in my settings !.

I wish if you can guide me to the correct configuration for those issues:


1- Remote Administration Client ( Global Section )

Firstly, is the RAC is the same as the web-interface for ESET (WWWI) or they are different?! if RAC is something else so how to activate it ? those are my setting under RAC area , are they correct ?
a) RAServer Address: ----------- ( I used here my server IP ), is that correct ?!
b) RAServer port: 1117 ( It just a port number of my choice, nothing special about it, I just put any numbers in the keyboard), ( is that acceptable or there is a special port number to be used) ?!
c)RAServer Password: ----- ( I just used a password of my choice, is that correct or I have to use a specific password, i.e my ESET password that I was provided by the vendor when I purchased it ?)

-------------------------------------------------------------------

2- POP3 Section

In 'Private Options' area, what the correct information to be supplied in it ?

a) Listen Address: ----- ( I put here our webserver IP, is that correct or I have to put something else ) ?!
b) Listen Port: ---- ( I put here port number 110 as it is the default POP3 port in Outlook, is that correct or I have to use different port ? )
c) Server Address: ---- ( I used here our webserver IP, is that correct or I have to use something else ?! )

In the (User Configuration/Management) area, what I have to supply exactly when I click 'new', I supplied it with the IP number for our webserver, is that correct or I have to supply it with different value for different thing?!

-------------------------------------------------------------------


3- SMTP Section

'Private Options' area:

a) Listen Address: I used here '0.0.0.0' as I understood that this value will let ESET to listen to ALL ports, which I this what I need.
b) Listen Port: I used here port number '2526', is this correct or I have to use another port, i.e port 25 as it is the default SMTP port in Outlook ?!
c) Server Address: I used 'localhost' , is this correct or I have to use something else, i.e our webserver IP ?!
d) Server port: I used port 2525, is that correct ?!


In the (User Configuration/Management) area, what I have to supply exactly when I click 'new', I used it to add our emails accounts, is that correct ?, for instance I added our email account that I want to protect them from spams, i.e:
info@ourdomain.com
contact@ourdomain.com
sales@ourdomain.com
user@ourdomain.com
.
.
etc

Is that correct or I have to add something else ?!


----------------------------------------------------------------------


I wish that you can see where my problem is and to have your help in resolving it.

Thanks again.


Regards,

 

Hello all,

Any help would be appreciated.

Thanks.

 

Hi all,
You may read my post
https://www.wilderssecurity.com/showthread.php?t=244001
It may be help.
I'll be glad to help.

Regards
.G.
grolon@gmail.com