Integrate Kaspersky Linux Mail Security (KLMS) Server with Mail Server on different Server

Flow Map Communication Betwen Email Server and Klms

On tis manual will explain process receive and send email via KLMS

Process Receive/Incoming Email

test

 

  1. User send email using user aa@abdul.com to sales@mydomain.net using protocol SMTP port 25
  2. Mail server domain @mydomain.net receive email from domain @abdul.com,
  3. Before queue, email aa@abdul.com forward to server KLMS using protocol SMTP port 25
  4. Server KLMS receive forward email domain @abdul.com from server @mydomain.net to filtering, the before-filter Postfix SMTP server gives mail to a content filter that listens on localhost port 10025. The after-filter Postfix SMTP server receives mail from the content filter via localhost port 10026.
  5. On KLMS set postfix transport_maps for domain mydomain.net to 10.36.4.250 using port 10026,
  6. Server KLMS ask MX (Mail eXchanger) domain @mydomain.net to DNS.
  7. Server DNS process req, and give information that mydomain.net has mx 10.36.4.250.
  8. Server KLMS forward mail to server mail mydomain.net using port 10026

widian.top-klms

 

  1. User send email using user sales@mydomain.net to aa@abdul.com using protocol SMTP port 25 via content_filter to Server KLMS
  2. Server KLMS receive email domain @mydomain.net to filtering, the before-filter Postfix SMTP server gives mail to a content filter that listens on localhost port 10025. The after-filter Postfix SMTP server receives mail from the content filter via localhost port 10026.
  3. Server KLMS ask MX (Mail eXchanger) domain @abdul.com to DNS.
  4. Server DNS process req, and give information that abdul.com has mx 10.36.4.242.
  5. Email Send to aa@abdul.com.

Configure KLMS and MAIL Server

This is Step Configure KLMS to communicate with MAIL server, don’t forget to create backup files before changed the files, because it may be easier to restore. To understood this manual please read first  the flow map communication of email and klms.

On this manual there are two Changed Part, First Change Part is on KLMS Server and Second Change Part is on MAIL Server.

And this is information IP for KLMS Server and MAIL Server

KLMS Server has IP 10.36.4.240
MAIL Server has IP 10.36.4.250

This should changed on Server KLMS
1. Remote to KLMS Server, create backup for file master.cf and main.cf.
$ sudo cp /etc/postfix/master.cf /etc/postfix/master.cf.ori
$ sudo cp /etc/postfix/main.cf /etc/postfix/main.cf.ori

.

2. Edit /etc/postfix/master.cf, and changed configuration like RED text below :

The default is

#klms-postfix-prequeue-start
 -o smtpd_proxy_filter=127.0.0.1:10025
 -o smtpd_proxy_options=speed_adjust

 

Changed To

#klms-postfix-prequeue-start
 -o smtpd_proxy_filter=0.0.0.0:10025
 -o smtpd_proxy_options=speed_adjust

And also changed configuration like text below :

The default KLMS is :

127.0.0.1:10026 inet n - n - 10 smtpd
 -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks,no_address_mappings
 -o smtpd_helo_restrictions=
 -o smtpd_client_restrictions=
 -o smtpd_sender_restrictions=
 -o smtpd_recipient_restrictions=permit_mynetworks,reject
 -o mynetworks=127.0.0.0/8,[::1]/128,
 -o smtpd_authorized_xforward_hosts=127.0.0.0/8,[::1]/128

 

Changed To :

0.0.0.0:10026 inet n - n - 10 smtpd
 -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks,no_address_mappings
 -o smtpd_helo_restrictions=
 -o smtpd_client_restrictions=
 -o smtpd_sender_restrictions=
 -o smtpd_recipient_restrictions=permit_mynetworks,reject
 -o mynetworks=127.0.0.0/8,[::1]/128,10.36.4.0/24
 -o smtpd_authorized_xforward_hosts=127.0.0.0/8,[::1]/128

3. Create transport_maps on postfix :

$ sudo vi /etc/postfix/transport

Then add this text below :

mydomain.net smtp:10.36.4.250:10026

 

Note :

Mydomain.net is domain mail server client, and ip 10.36.4.250 is ip mail server client too

Then do this command :

$ sudo postmap /etc/postfix/transport

 

Don’t forget to reload postfix services

$ sudo postfix reload

 

This should changed on MAIL Server

1. Remote to MAIL Server, create backup for  file master.cf and main.cf

$ sudo cp /etc/postfix/master.cf /etc/postfix/master.cf.ori
$ sudo cp /etc/postfix/main.cf /etc/postfix/main.cf.ori

2. Edit /etc/postfix/master.cf, and add configuration like BLUE text below :

#
# Postfix master process configuration file. For details on the format
# of the file, see the master(5) manual page (command: "man 5 master").
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
smtp inet n - - - - smtpd
#test widi
klms unix - - n - 5 smtp
 -o smtp_data_done_timeout=1200
 -o smtp_send_xforward_command=yes
 -o smtp_tls_note_starttls_offer=no
#smtp inet n - - - 1 postscreen
#smtpd pass - - - - - smtpd
#dnsblog unix - - - - 0 dnsblog

And also add configuration like text below

#Test Widi
0.0.0.0:10026 inet n - n - - smtpd
 -o content_filter=
 -o smtpd_delay_reject=no
 -o smtpd_client_restrictions=permit_mynetworks,reject
 -o smtpd_helo_restrictions=
 -o smtpd_sender_restrictions=
 -o smtpd_recipient_restrictions=permit_mynetworks,reject
 -o smtpd_data_restrictions=reject_unauth_pipelining
 -o smtpd_end_of_data_restrictions=
 -o smtpd_restriction_classes=
 -o mynetworks=127.0.0.0/8,10.36.4.0/24
 -o smtpd_error_sleep_time=0
 -o smtpd_soft_error_limit=1001
 -o smtpd_hard_error_limit=1000
 -o smtpd_client_connection_count_limit=0
 -o smtpd_client_connection_rate_limit=0
 -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters
 -o local_header_rewrite_clients=
 -o smtpd_milters=
 -o local_recipient_maps=
 -o relay_recipient_maps=

Note : This text above is stored in the lowest position in the file master.cf

3. Edit /etc/postfix/main.cf, and change configuration like BLUE text below :

mynetworks = 127.0.0.0/8, 10.36.4.0/24

And also add configuration like text below :

Note : This text below is stored in the lowest position in the file main.cf, 10.36.4.240 is IP KLMSSERVER

#Widi 2015-03-20
content_filter = klms:[10.36.4.240]:25
receive_override_options = no_address_mappings

Don’t forget to reload postfix services

$ sudo postfix reload

4. Test Send and receive Email, if success the header Email will looks like this :

>>> Information header email without virus

klms-header-01

>>>  Information header email with virus

klms-header-02

5.  If there are problem like mail server can not send an email, or mail server can not receive an email, edit /etc/postfix/main.cf and changed this text below :

#Widi 2015-03-20
content_filter = klms:[10.36.4.240]:25
receive_override_options = no_address_mappings

Changed to

#Widi 2015-03-20
#content_filter = klms:[10.36.4.240]:25
#receive_override_options = no_address_mappings

Don’t forget to reload postfix services

$ sudo postfix reload

6. IF there is still problem, you can restore the files to the ori

$ sudo cp /etc/postfix/master.cf.ori  /etc/postfix/master.cf
$ sudo cp /etc/postfix/main.cf.ori  /etc/postfix/main.cf

Don’t forget to reload postfix services

$ sudo postfix reload

 

 

Please follow and like us:
0