Solution
-
Install Bitdefender Security for Mail Servers
During the installation wizard process, you should select option 7 — "SMTP Proxy - works with any Mail Transfer Agent". Alternatively, if it's already installed, please skip this step.
-
Enable the Bitdefender milter and restart the Bitdefender service:
# cd /opt/BitDefender/bin
# ./bdsafe agent enable milter
# service bd restart -
Configuring Bitdefender for Mail Servers
Check the milter socket existence:
netstat -lpn | grep bdmilterdThe command should output a result like the one below:
unix 2 [ ACC ] STREAM LISTENING 9507 1413/bdmilterd /opt/BitDefender/var/run/bdmilterd.sockIn order for Axigen to be able to access the BitDefender milter socket file, we will need to run the Bitdefender product with the same user as Axigen.
In order to do that, please take the following steps:
Stop the bd daemon: /etc/init.d/bd stopEdit the /etc/init.d/bd file in a text editor and replace the lines below:
user_based_on_os ()
{
OS="$(uname | tr 'A-Z' 'a-z')"
if [ "$OS" = "sunos" ] ; then
echo "bdux"
else
echo "bitdefender"
fi
}
With the following:
user_based_on_os ()
{
OS="$(uname | tr 'A-Z' 'a-z')"
if [ "$OS" = "sunos" ] ; then
echo "bdux"
else
echo "axigen"
fi
}
This will cause the Bitdefender services to run with the same privileges as the Axigen one.
Before we start the Bitdefender service, we will need to adjust the permissions for the Bitdefender files so that they are owned by the user under which the service will be run.
Please issue the following two commands:
chown -R axigen:axigen /opt/BitDefender
chown -R axigen:axigen /var/run/BitDefender
Start the bd daemon:
/etc/init.d/bd start -
Axigen Milter configuration:
Open the Axigen WebAdmin interface and navigate to the following section:
Security & Filtering > Acceptance & Routing > Advanced Settings
Add the below two rules for using the Bitdefender filter:
Rule 1:
- Press the 'Add Acceptance / Routing Rule' button
- Type a suggestive Rule name, such as 'Bitdefender_define'
- Unless otherwise required, leave the Conditions section unmodified as the default policies will apply to all SMTP connections
-
From the Actions section, select Filters > Add Filter and click the 'Add Action' button. You should next define a corresponding name for this filter (e.g. Bitdefender). Note that this name can be used for tracking the filter entries in the Axigen log entries. Also fill the 'Address' field with the connection address of the Bitdefender MILTER listener.
Example:
  Name: Bitdefender
Address: local:///var/run/BitDefender/bdmilterd.sock
- By selecting 'Save Configuration', the new filter details will be saved.
Rule 2:
In order to activate the filter, from the same Advanced Settings context you will create a second rule that will ensure the filter execution.
- Press the 'Add Acceptance/Routing Rule' Button
- Type a suggestive Rule name such as 'Bitdefender_execute'
- Leave the Conditions section unmodified
- In the Actions section select the 'Execute filters' option from the Filters category and press the '+ Add Action' button
- Fill the 'Name pattern' field with the name of the previously defined filter, in our case 'Bitdefender'.
- Finally, press the 'Save configuration' button in order to activate this rule.
After this point, all the server's traffic will be processed by this filter.
Antispam example (GTUBE)
- BitDefender log # tail -f /opt/BitDefender/var/log/spam.log
- Axigen log # tail -f /var/opt/axigen/log/everything.txt
- Message headers X-BitDefender-Scanner: Clean, Agent: BitDefender Milter 3.1.6 on example.axi.lan, sigver: 7.66201
07/06/2016 10:53:27 BDMAILD SPAM: sender: user1@example.axi.lan, recipients: user1@example.axi.lan, sender IP: 127.0.0.1, subject: "gtube", message-id: "<1467791606740447047@example.axi.lan>", , score: 1000, stamp: " Build: [Engines: 2.15.6.911, Dats: 425489, Stamp: 3], Multi: [Enabled, t: (0.000011,0.001143), hit gtube], total: 1000(775)", agent: Milter 3.1.6, action: ignored (ignore), header sender: "user1 <user1@example.axi.lan>", header recipients: ( "user1 <user1@example.axi.lan>" ), headers: ( "Received: from [127.0.0.1] by example.axi.lan with HTTP; Wed, 6 Jul 2016 10:53:26 +0300" ), group: "Default"
2016-07-06 10:53:26 +0300 08 example PROCESSING:001A6E0B: Filter named <Bitdefender> of type [milter] running at address local:///var/run/BitDefender/bdmilterd.sock added to filter list
2016-07-06 10:53:26 +0300 08 example PROCESSING:001A6E0B: Execute onConnect event for filter <Bitdefender>
2016-07-06 10:53:26 +0300 16 example PROCESSING:001A6E0B: >> 220 example.axi.lan Axigen ESMTP ready
2016-07-06 10:53:26 +0300 16 example PROCESSING:001A6E0B: << EHLO example.axi.lan
2016-07-06 10:53:26 +0300 08 example PROCESSING:001A6E0B: Set max data size to 10240 KB
2016-07-06 10:53:26 +0300 08 example PROCESSING:001A6E0B: Set max received headers to 30
2016-07-06 10:53:26 +0300 08 example PROCESSING:001A6E0B: Maximum recipient count set to 1000
2016-07-06 10:53:26 +0300 08 example PROCESSING:001A6E0B: Wait for processing response at least 10 seconds
2016-07-06 10:53:26 +0300 08 example PROCESSING:001A6E0B: STARTTLS extension allowed
2016-07-06 10:53:26 +0300 08 example PROCESSING:001A6E0B: 8BIT MIME accepted
2016-07-06 10:53:26 +0300 08 example PROCESSING:001A6E0B: BINARY DATA extension allowed
2016-07-06 10:53:26 +0300 08 example PROCESSING:001A6E0B: PIPELINING extension allowed
2016-07-06 10:53:26 +0300 08 example PROCESSING:001A6E0B: Set local delivery to all
2016-07-06 10:53:26 +0300 08 example PROCESSING:001A6E0B: Execute onEhlo event for filter <Bitdefender>
2016-07-06 10:53:26 +0300 16 example PROCESSING:001A6E0B: >> 250-example.axi.lan Axigen ESMTP hello
2016-07-06 10:53:26 +0300 16 example PROCESSING:001A6E0B: >> 250-PIPELINING
2016-07-06 10:53:26 +0300 16 example PROCESSING:001A6E0B: >> 250-AUTH PLAIN LOGIN CRAM-MD5 DIGEST-MD5 GSSAPI
2016-07-06 10:53:26 +0300 16 example PROCESSING:001A6E0B: >> 250-AUTH=PLAIN LOGIN CRAM-MD5 DIGEST-MD5 GSSAPI
2016-07-06 10:53:26 +0300 16 example PROCESSING:001A6E0B: >> 250-8BITMIME
2016-07-06 10:53:26 +0300 16 example PROCESSING:001A6E0B: >> 250-BINARYMIME
2016-07-06 10:53:26 +0300 16 example PROCESSING:001A6E0B: >> 250-CHUNKING
2016-07-06 10:53:26 +0300 16 example PROCESSING:001A6E0B: >> 250-SIZE 10485760
2016-07-06 10:53:26 +0300 16 example PROCESSING:001A6E0B: >> 250-XAXIORGINFO
2016-07-06 10:53:26 +0300 16 example PROCESSING:001A6E0B: >> 250-HELP
2016-07-06 10:53:26 +0300 16 example PROCESSING:001A6E0B: >> 250 OK
2016-07-06 10:53:26 +0300 08 example PROCESSING:001A6E0B: session from [0.0.0.0] authenticated by <user1@example.axi.lan>
2016-07-06 10:53:26 +0300 16 example PROCESSING:001A6E0B: << MAIL FROM: user1@example.axi.lan SIZE=1331 AUTH=user1@example.axi.lan XAXIORGINFO=1A6E0B:00000002
2016-07-06 10:53:26 +0300 08 example PROCESSING:001A6E0B: Execute onMailFrom event for filter <Bitdefender>
2016-07-06 10:53:26 +0300 16 example PROCESSING:001A6E0B: >> 250 Sender accepted
2016-07-06 10:53:26 +0300 16 example PROCESSING:001A6E0B: << RCPT TO: user1@example.axi.lan
2016-07-06 10:53:26 +0300 08 example PROCESSING:001A6E0B: Execute onRcptTo event for filter <Bitdefender>
2016-07-06 10:53:26 +0300 16 example PROCESSING:001A6E0B: >> 250 Recipient accepted
2016-07-06 10:53:26 +0300 16 example PROCESSING:001A6E0B: << BDAT 1331 LAST
2016-07-06 10:53:26 +0300 08 example PROCESSING:001A6E0B: Execute onHeaderReceived event for filter <Bitdefender>
2016-07-06 10:53:26 +0300 16 example PROCESSING:001A6E0B: << 1331 bytes read
2016-07-06 10:53:26 +0300 16 example PROCESSING:001A6E0B: << Last chunk of 1331 bytes read
2016-07-06 10:53:26 +0300 08 example PROCESSING:001A6E0B: Execute onDataReceived event for filter <Bitdefender>
2016-07-06 10:53:27 +0300 08 example WEBMAIL:00000010: [127.0.0.1:443] connection accepted from [127.0.0.1:55290]
2016-07-06 10:53:27 +0300 08 example PROCESSING:001A6E0B: [MILTER] Modification action by filter: 'm' (change header: Content-Type:multipart/mixed; boundary="=-bd-boundary-cs4ufQybvQzL6bhn":1)
2016-07-06 10:53:27 +0300 08 example PROCESSING:001A6E0B: [MILTER] Modification action by filter: 'm' (change header: Subject:[SPAM] gtube [SPAM]:1)
2016-07-06 10:53:27 +0300 08 example PROCESSING:001A6E0B: [MILTER] Modification action by filter: 'h' (add header: X-BitDefender-Scanner:Clean, Agent: BitDefender Milter 3.1.6 on example.axi.lan, sigver: 7.66201)
2016-07-06 10:53:27 +0300 08 example PROCESSING:001A6E0B: [MILTER] Modification action by filter: 'h' (add header: X-BitDefender-Spam:Yes (1000))
2016-07-06 10:53:27 +0300 08 example PROCESSING:001A6E0B: [MILTER] Modification action by filter: 'h' (add header: X-BitDefender-SpamStamp:Build: [Engines: 2.15.6.911, Dats: 425489, Stamp: 3], Multi: [Enabled, t: (0.000011,0.001143), hit gtube], total: 1000(775))
2016-07-06 10:53:27 +0300 08 example PROCESSING:001A6E0B: [MILTER] Modification action by filter: 'h' (add header: X-BitDefender-CF-Stamp:none)
X-BitDefender-Spam: Yes (1000)
X-BitDefender-SpamStamp: Build: [Engines: 2.15.6.911, Dats: 425489, Stamp: 3], Multi: [Enabled, t: (0.000011,0.001143), hit gtube], total: 1000(775)
X-BitDefender-CF-Stamp: none
Antivirus example (EICAR)
- BitDefender log # tail -f /opt/BitDefender/var/log/virus.log
- Axigen log # tail -f /var/opt/axigen/log/everything.txt
- Message headers X-BitDefender-Scanner: Disinfected, Agent: BitDefender Milter 3.1.6 on example.axi.lan EICAR-Test-File (not a virus) deleted, sigver: 7.66201
07/06/2016 11:45:01 BDMAILD MALWARE: /opt/BitDefender/var/tmp/bdmilterd_gBvdEE=>[Subject: antivirus test][Date: Wed, 6 Jul 2016 11:45:00 +0300]=>=?utf-8?Q?antivirustest?=, malware: EICAR-Test-File (not a virus), status: infected, action: deleted (disinfect;delete;quarantine), agent: Milter 3.1.6, sender: "user1@example.axi.lan", recipients: "user1@example.axi.lan", sender IP: 127.0.0.1, subject: "antivirus test", message-id: "<1467794700972474363@example.axi.lan>", header sender: "user1 <user1@example.axi.lan>", header recipients: ( "user1 <user1@example.axi.lan>" ), headers: ( "Received: from [127.0.0.1] by example.axi.lan with HTTP; Wed, 6 Jul 2016 11:45:00 +0300" ), group: "Default"
2016-07-06 11:45:01 +0300 08 example PROCESSING:003210CB: Execute onDataReceived event for filter <Bitdefender>
2016-07-06 11:45:01 +0300 08 example PROCESSING:003210CB: [MILTER] Modification action by filter: 'h' (add header: X-BitDefender-Scanner:Disinfected, Agent: BitDefender Milter 3.1.6 on example.axi.lan EICAR-Test-File (not a virus) deleted, sigver: 7.66201)
2016-07-06 11:45:01 +0300 08 example PROCESSING:003210CB: [MILTER] Modification action by filter: 'h' (add header: X-BitDefender-Spam:No (0))
2016-07-06 11:45:01 +0300 08 example PROCESSING:003210CB: [MILTER] Modification action by filter: 'h' (add header: X-BitDefender-SpamStamp:Build: [Engines: 2.15.6.911, Dats: 425489, Stamp: 3], Multi: [Enabled, t: (0.000014,0.001150)], BW: [Enabled, t: (0.000012,0.000001), skipping (From == To)], RBL DNSBL: [Disabled], APM: [Enabled, Score: 500, t: (0.004726), Flags: BB9BAF5C; NN_S_TWO_WORDS_LOWERCASE_NMD; NN_EXEC_H_MAIL_HAS_EMPTY_ATTACHMENT; NN_EXEC_H_FROM_ADDR_EQUAL_TO_ADDR; NN_MPART_MIXED_WO_CT_PH_APP_ADN; NN_NO_LINK_NMD; NN_SUMM_TP_BWLE_ADN; NN_SUMM_TH_BWLE_ADN], SGN: [Enabled, t: (0.012339)], URL: [Enabled, t: (0.000011)], RTDA: [Enabled, t: (0.057704), Hit: No, Details: v2.3.10; Id: 2m1ghhc.1amgks2k3.o5t5], total: 0(775))
2016-07-06 11:45:01 +0300 08 example PROCESSING:003210CB: [MILTER] Modification action by filter: 'h' (add header: X-BitDefender-CF-Stamp:none)
2016-07-06 11:45:01 +0300 08 example PROCESSING:003210CB: [MILTER] Filter responded with 'a' (accept message)
2016-07-06 11:45:01 +0300 08 example PROCESSING:003210CB: Body of mail 2EEDC9 was replaced
X-BitDefender-Spam: No (0)
X-BitDefender-SpamStamp: Build: [Engines: 2.15.6.911, Dats: 425489, Stamp: 3], Multi: [Enabled, t: (0.000014,0.001150)], BW: [Enabled, t: (0.000012,0.000001), skipping (From == To)], RBL DNSBL: [Disabled], APM: [Enabled, Score: 500, t: (0.004726), Flags: BB9BAF5C; NN_S_TWO_WORDS_LOWERCASE_NMD; NN_EXEC_H_MAIL_HAS_EMPTY_ATTACHMENT; NN_EXEC_H_FROM_ADDR_EQUAL_TO_ADDR; NN_MPART_MIXED_WO_CT_PH_APP_ADN; NN_NO_LINK_NMD; NN_SUMM_TP_BWLE_ADN; NN_SUMM_TH_BWLE_ADN], SGN: [Enabled, t: (0.012339)], URL: [Enabled, t: (0.000011)], RTDA: [Enabled, t: (0.057704), Hit: No, Details: v2.3.10; Id: 2m1ghhc.1amgks2k3.o5t5], total: 0(775)
X-BitDefender-CF-Stamp: none