Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

How do I integrate Linux Sendmail and Symantec AntiVirus for SMTP Gateways without MX records or port forwarding?

Posted on 2004-04-01
9
Medium Priority
?
768 Views
Last Modified: 2013-12-17
Here is my situation:

I have a Linux server (running Sendmail) acting as my gateway. I have a Windows server connected to the LAN running SAV4SMTPGW (Symantec AntiVirus for SMTP Gateways).

I would like Sendmail to check for the presence of a custom header and if it is not present, add it and try to send the message to SAV4SMTPGW. SAV4SMTPGW will scan the message and send the message back to Sendmail via SMTP (adds 2 extra hops to the message delivery).

If the custom header is already present when Sendmail receives a message (or SAV4SMTPGW is down for some reason), then deliver the message to its destination (if address locally, then deliver to Cyrus; if address externally, then deliver to the proper MX).

PS - I use SMTP with Authentication and TLS so my users can send email for anywhere they want and I can't lose that functionality.
0
Comment
Question by:phloryde
  • 4
  • 3
9 Comments
 
LVL 40

Expert Comment

by:jlevie
ID: 10747787
All of the ways that I can think of to do what you've asked in the question are really ugly and would require custom code to be written and integrated into Sendmail. However, there is another solution. And that would be to install MailScanner (http://www.mailscanner.info) on the Sendmail server, equip it with a virus scanner, and have the complete solution in one box. As a bonus you could have spam control, protection from the dangerous file types (.exe, .com, .pif, etc), and malicious content (ObjectCodeBase tags, etc).
0
 

Author Comment

by:phloryde
ID: 10747884
I'm interested in your solution even if you think it's really ugly. I don't have a problem with custom code. I've already modified our Sendmail configuration to add a custom header to all emails (althought it doesn't really so me any good), so I'm comfortable adding custom code. I'm also getting the hang of understanding rules and macros.

Thanks for the MailScanner suggestion. I'll look into it, but I'm really into integrating SAV into our setup. Thanks much.
0
 
LVL 40

Expert Comment

by:jlevie
ID: 10748086
The most promising approach will require two Sendmail MTA configs and a custom applications. One MTA, listening on the standard SMTP port will accept mail and place it in a queue without attempting delivery. A custom application will have to monitor that input queue, pick qf/df pairs from there, reconstruct each into a message and send it to SAV using its own SMTP engine. Another MTA, listening on a non-standard port will accept the returned message from SAV and place the result in a queue without attempting delivery. That queue will have to be run periodically from cron with a sendmail configured for Cyrus delivery and using the standard SMTP port.

I don't see a way to do this with a single Sendmail config without incurring a mail loop. Well, with some pretty extensive modifications to the Sendmail sources I suspect it could be done safely. But that sounds like even more more work and is fraught with the possibility of opening security holes.
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 

Author Comment

by:phloryde
ID: 10748229
So even with a custom header (X-SAV-Scanned: Yes), there is no way I can have a single Sendmail config without the mail loop?
0
 
LVL 40

Expert Comment

by:jlevie
ID: 10748426
I don't think it can be done safely, but it could be done. Consider the case where a message is received from the Internet, you add the custom header and attempt to send it to SAV and for what ever reason the delivery is deferred. That message will be placed in the queue for the next queue run. When the queue is run the header is already present and thus it will be immediately delivered without ever having been scanned. There's also the risk of someone figuring out that you check for a custom header and sending you infected mails with that header present. That risk could be lessened if you could have SAV add a site unique header to message after it was scanned. However, the header would have to be unique to your site and I don't know if SAV can be configured to do that. I see viral infected messages that contain headers indicating that the message was supposedly scanned by one or more anti-virus gateways when I know for a fact that the message has not passed through a scanner.

Given the frequency of viral infected messages seen by a mail server I want to see everything scanned and I also want to see all of the dangerous file types quarantined. Quarantining the dangerous file types that can carry a viral payload provides protection against an newly released virus for which an anti-virus definition isn't yet available.  In my mind the only way to guarante that is to make the virus scanning an integral part of the mail stream precess.
0
 

Author Comment

by:phloryde
ID: 10754712
Could you post how I would configure Sendmail to do that. I'm willing to take the risk since I have client side protection in place. Even if an infected message bypasses SAV, the client should catch it when Outlook gets the message. I'm just trying to reduce the number of virus emails my staff has to deal with. Thanks.
0
 
LVL 40

Expert Comment

by:jlevie
ID: 10771615
I can tell you what you'd need to do, but not what the lines of code would look like. You'd have to edit sendmail.cf and add a test just before a message would normally be passed to cyrus. That test would check for the special header and if it isn't present the message would be sent via SMTP to the virus scanner. Otherwise the rule would allow the message to fall through to cyrus.
0
 
LVL 2

Accepted Solution

by:
Lunchy earned 0 total points
ID: 10798154
Closed, no points refunded.
Lunchy
Friendly Neighbourhood Community Support Moderator
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Resolve DNS query failed errors for Exchange
Here in this article, you will get a step by step guidance on how to restore an Exchange database to a recovery database. Get a brief on Recovery Database and how it can be used to restore Exchange database in this section!
Familiarize people with the process of retrieving data from SQL Server using an Access pass-thru query. Microsoft Access is a very powerful client/server development tool. One of the ways that you can retrieve data from a SQL Server is by using a pa…
In this video we show how to create a Distribution Group in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >>…
Suggested Courses

972 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question