Solved

How do I integrate Linux Sendmail and Symantec AntiVirus for SMTP Gateways without MX records or port forwarding?

Posted on 2004-04-01
9
706 Views
Last Modified: 2013-12-17
Here is my situation:

I have a Linux server (running Sendmail) acting as my gateway. I have a Windows server connected to the LAN running SAV4SMTPGW (Symantec AntiVirus for SMTP Gateways).

I would like Sendmail to check for the presence of a custom header and if it is not present, add it and try to send the message to SAV4SMTPGW. SAV4SMTPGW will scan the message and send the message back to Sendmail via SMTP (adds 2 extra hops to the message delivery).

If the custom header is already present when Sendmail receives a message (or SAV4SMTPGW is down for some reason), then deliver the message to its destination (if address locally, then deliver to Cyrus; if address externally, then deliver to the proper MX).

PS - I use SMTP with Authentication and TLS so my users can send email for anywhere they want and I can't lose that functionality.
0
Comment
Question by:phloryde
  • 4
  • 3
9 Comments
 
LVL 40

Expert Comment

by:jlevie
Comment Utility
All of the ways that I can think of to do what you've asked in the question are really ugly and would require custom code to be written and integrated into Sendmail. However, there is another solution. And that would be to install MailScanner (http://www.mailscanner.info) on the Sendmail server, equip it with a virus scanner, and have the complete solution in one box. As a bonus you could have spam control, protection from the dangerous file types (.exe, .com, .pif, etc), and malicious content (ObjectCodeBase tags, etc).
0
 

Author Comment

by:phloryde
Comment Utility
I'm interested in your solution even if you think it's really ugly. I don't have a problem with custom code. I've already modified our Sendmail configuration to add a custom header to all emails (althought it doesn't really so me any good), so I'm comfortable adding custom code. I'm also getting the hang of understanding rules and macros.

Thanks for the MailScanner suggestion. I'll look into it, but I'm really into integrating SAV into our setup. Thanks much.
0
 
LVL 40

Expert Comment

by:jlevie
Comment Utility
The most promising approach will require two Sendmail MTA configs and a custom applications. One MTA, listening on the standard SMTP port will accept mail and place it in a queue without attempting delivery. A custom application will have to monitor that input queue, pick qf/df pairs from there, reconstruct each into a message and send it to SAV using its own SMTP engine. Another MTA, listening on a non-standard port will accept the returned message from SAV and place the result in a queue without attempting delivery. That queue will have to be run periodically from cron with a sendmail configured for Cyrus delivery and using the standard SMTP port.

I don't see a way to do this with a single Sendmail config without incurring a mail loop. Well, with some pretty extensive modifications to the Sendmail sources I suspect it could be done safely. But that sounds like even more more work and is fraught with the possibility of opening security holes.
0
 

Author Comment

by:phloryde
Comment Utility
So even with a custom header (X-SAV-Scanned: Yes), there is no way I can have a single Sendmail config without the mail loop?
0
How does your email signature look on mobiles?

Do your employees use mobile devices to reply to emails? With mobile becoming increasingly important to the business world, it is in your best interest to make sure that your email signature looks great across all types of devices.

 
LVL 40

Expert Comment

by:jlevie
Comment Utility
I don't think it can be done safely, but it could be done. Consider the case where a message is received from the Internet, you add the custom header and attempt to send it to SAV and for what ever reason the delivery is deferred. That message will be placed in the queue for the next queue run. When the queue is run the header is already present and thus it will be immediately delivered without ever having been scanned. There's also the risk of someone figuring out that you check for a custom header and sending you infected mails with that header present. That risk could be lessened if you could have SAV add a site unique header to message after it was scanned. However, the header would have to be unique to your site and I don't know if SAV can be configured to do that. I see viral infected messages that contain headers indicating that the message was supposedly scanned by one or more anti-virus gateways when I know for a fact that the message has not passed through a scanner.

Given the frequency of viral infected messages seen by a mail server I want to see everything scanned and I also want to see all of the dangerous file types quarantined. Quarantining the dangerous file types that can carry a viral payload provides protection against an newly released virus for which an anti-virus definition isn't yet available.  In my mind the only way to guarante that is to make the virus scanning an integral part of the mail stream precess.
0
 

Author Comment

by:phloryde
Comment Utility
Could you post how I would configure Sendmail to do that. I'm willing to take the risk since I have client side protection in place. Even if an infected message bypasses SAV, the client should catch it when Outlook gets the message. I'm just trying to reduce the number of virus emails my staff has to deal with. Thanks.
0
 
LVL 40

Expert Comment

by:jlevie
Comment Utility
I can tell you what you'd need to do, but not what the lines of code would look like. You'd have to edit sendmail.cf and add a test just before a message would normally be passed to cyrus. That test would check for the special header and if it isn't present the message would be sent via SMTP to the virus scanner. Otherwise the rule would allow the message to fall through to cyrus.
0
 
LVL 2

Accepted Solution

by:
Lunchy earned 0 total points
Comment Utility
Closed, no points refunded.
Lunchy
Friendly Neighbourhood Community Support Moderator
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Import PST to Exchange using Power Shell new-mailboximportrequest command, you can simply import the PST file into Exchange mailbox or archived. To know How to import PST into Exchange  2013 read the complete article.
Resolve DNS query failed errors for Exchange
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now