ESET Mail Security 3.0.15 Ubuntu 9.10 White-List Black List, any experience ?

Discussion in 'Other ESET Home Products' started by grolon, Apr 16, 2010.

Thread Status:
Not open for further replies.
  1. grolon

    grolon Registered Member

    Joined:
    Jun 2, 2009
    Posts:
    4
    SOLVED: ESET Mail Security 3.0.15 Ubuntu 9.10 White-List Black-List, any experience ?

    Hi all,
    Has anyboy sucessfully configured ESET Mail Secirity 3.0.15 under Ubuntu Desktop 9.10 x86 White-List / Black-List, with mda or smtp module ?

    Any help any idea will be very wellcomed.

    Saludos/Regards

    .G.
    -grolon[ at] gmail.com-

    Hi All,
    I think a solved this issue.

    You can find in other post in this forum installing and configuring this product under linux.
    https://www.wilderssecurity.com/showthread.php?t=244001
    ESET Mail Security for Debian - 32 bit 3.0.15 under Ubuntu Server 9.04
    This post is still valid for Ubuntu Linux 9.10 x86 and Mandriva Linux 200x.


    Here it is.
    I wanted to activate and use White-List/Black_List option of ESET Mail Secirity for Linux/BSD.

    I've found a lot troubles.
    I've read product's manual, in english and spanish,

    http://www.eset-la.com/manuals/eset_mail_security_ES.pdf
    6.2 Configuración Específica de Usuario página 23 y
    6.3 Lista negra y lista blanca página 24.

    http://download.eset.com/manuals/eset_mail_security.pdf
    6.2 User Specific Configuration page 25 and
    6.3 Blacklist abd Whitelist page 26.

    Spanish version is different from english version.
    I've been guided to follow spanish procedures and i've found this is so wrong.

    I looked for these parameters and 've never found them

    action_on_processed = accept
    av_enabled = no
    as_enabled = no

    Dont try to use them. They don't apear in esets.cfg manual or esets_smtp man page.

    What i did:

    Modified /etc/postfix/main.cf to use eset smtp module as a content filter.

    ## ESETS
    content_filter = smtp-esets:[127.0.0.1]:2526
    mailbox_size_limit = 0
    message_size_limit = 0
    #esets orig mboxcmd: /usr/bin/procmail -Y -a $DOMAIN
    ## mailbox_command = /usr/bin/procmail -Y -a $DOMAIN
    mailbox_command = /usr/bin/procmail -Y -a $DOMAIN
    ## This last line used for eset mda module support, not used know.
    ## mailbox_command = /usr/bin/esets_mda -Y -a $DOMAIN -- --recipient="$RECIPIENT" --sender="$SENDER"
    -- end of main.cf file ----

    Modified /etc/postfix/master.cf to listen new port

    smtp-esets unix - - y - 2 smtp
    -o smtp_data_done_timeout=1200
    -o smtp_send_xforward_command=yes
    -o disable_dns_lookups=yes

    127.0.0.1:2525 inet n - n - - smtpd
    -o content_filter=
    -o myhostname=mail.mydomain.com.py
    -o local_recipient_maps=
    -o relay_recipient_maps=
    -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
    -o smtpd_helo_restrictions=
    -o smtpd_client_restrictions=
    -o smtpd_sender_restrictions=
    -o smtpd_restriction_classes=
    -o smtpd_recipient_restrictions=permit_mynetworks,reject
    -o mynetworks=127.0.0.0/8
    -o strict_rfc821_envelopes=yes
    -o smtpd_error_sleep_time=0
    -o smtpd_soft_error_limit=1001
    -o smtpd_hard_error_limit=1000
    -- end of master.cf file ----

    Modified /etc/esets/esets.cfg disabling esets mda module and activating esets smtp module

    [mda]
    # Full path pointing to the original MDA.
    ## mda_path = "/usr/bin/procmail"
    ## user_config = "esets_mda_spec.cfg" <<< you can use it here, too!. NO documented, yet.

    [smtp]
    # Settings for ESETS SMTP filter module.
    agent_enabled = yes
    # listen_port = port
    listen_port = 2526
    # server_addr = "address"
    server_addr = "localhost"

    # server_port = port
    server_port = 2525

    user_config = "esets_smtp_spec.cfg"
    --- end of file ----

    Then created esets_smtp_spec.cfg file like this.

    [root@mail esets]# cat /etc/esets/esets_smtp_spec.cfg
    [white-list]
    ; action_on_processed = accept
    action_av = "accept"
    action_as = "accept"
    ; av_enabled = no
    ; as_enabled = no

    [black-list]
    action_av = "discard"
    action_as = "discard"

    [|onedomain.com.xxx]
    parent_id = "white-list"

    [|user1@domain1.com.py]
    parent_id = "white-list"

    [|user2@domain2.com.py]
    parent_id = "white-list"

    [|user3@domain3.com]
    parent_id = "black-list"

    [|baddomain.com]
    parent_id = "black-list"

    [root@mail esets]#

    Finally restart you services


    [root@mail esets]# /etc/init.d/esets_daemon restart
    Stopping ESET Security for Linux: esets_daemon [ OK ]
    Starting ESET Security for Linux: esets_daemon [ OK ]
    [root@mail esets]# /etc/init.d/postfix restart
    Terminando postfix: [ OK ]
    Iniciando postfix: [ OK ]
    [root@mail esets]#

    Test port

    [root@mail esets]# netstat -nap | grep 25
    tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 29103/master <<<< this is postfix
    tcp 0 0 127.0.0.1:2525 0.0.0.0:* LISTEN 29103/master <<<< this is postfix
    tcp 0 0 127.0.0.1:2526 0.0.0.0:* LISTEN 29004/esets_smtp <<<< this is esets_smtp module ;-)

    Let's try it. And look you syslog and watch what is going on

    tail -f /var/log/syslog

    domain1, Nice guy.
    Apr 19 15:10:09 mail esets_daemon[29003]: debug[714b020e]: Connection request from agent 'smtp' accepted
    Apr 19 15:10:09 mail esets_daemon[29003]: debug[714b020e]: Searching for section `smtp' user `myuser@mydomain.com.py|user1@domain1.com.py' in configuration
    Apr 19 15:10:09 mail esets_daemon[29003]: debug[714b020e]: Using configuration for section `smtp' user `|user1@domain1.com.py'
    Apr 19 15:10:09 mail esets_smtp[29016]: summ[71580201]: action="accepted"

    domain2, nice guy
    Apr 19 15:11:13 mail postfix/nqmgr[29109]: 28E01167B6CF7: from=<user2@domain2.com.py>, size=16490, nrcpt=1 (queue active)
    Apr 19 15:11:13 mail postfix/smtpd[29130]: connect from localhost.localdomain[127.0.0.1]
    Apr 19 15:11:13 mail postfix/smtpd[29130]: 7F008167B6DAA: client=localhost.localdomain[127.0.0.1]
    Apr 19 15:11:13 mail esets_daemon[29003]: debug[714b0214]: Connection request from agent 'smtp' accepted
    Apr 19 15:11:13 mail esets_daemon[29003]: debug[714b0214]: Searching for section `smtp' user `myuser@mydonain.com.py|user2@domain2.com.py' in configuration
    Apr 19 15:11:13 mail esets_daemon[29003]: debug[714b0214]: Using configuration for section `smtp' user `|user2@domain2.com.py'
    Apr 19 15:11:13 mail esets_smtp[29016]: summ[71580201]: action="accepted"

    domain 3, BAD guy
    Apr 19 15:10:35 mail esets_daemon[29003]: debug[714b0113]: Connection request from agent 'smtp' accepted
    Apr 19 15:10:35 mail esets_daemon[29003]: debug[714b0113]: Searching for section `smtp' user `myuser@mydomain.com.py|user3@domain3.com' in configuration
    Apr 19 15:10:35 mail esets_daemon[29003]: debug[714b0113]: Using configuration for section `smtp' user `|user3@domain3.com'
    Apr 19 15:10:35 mail esets_smtp[29016]: summ[71580101]: action="discarded"


    I hope not to forget a thing; just let me know if i did.
    I hope this can help others, i'll be more than happy to help.

    Just remember
    "i did all by myself mummy" Dr. House.

    Saludos/Regards

    .G.
    Guido Rolón
    grolon at gmail dot com
    Independet Cnsultant and Advisor.
     
    Last edited: Apr 19, 2010
Thread Status:
Not open for further replies.