BitDefender + Axigen = Milter Love

The BitDefender Security Milter integration saga continues after the last article with an new conquest: Axigen Mail Server v6. If you wish to integrate BitDefender Security for Mail Servers with your Axigen server please read on for a step by step quick guide.

The minimum required Axigen version is 6.0, previous versions use a different method for integrating with milter interfaces, you’ll be ok with any 6.x version. All commands below should be executed from within the ~bitdefender/bin directory.

First of all, you’ll have to install BitDefender and select the Sendmail-milter agent during the installation wizard, or if it’s already installed just enable it:

# ./bdsafe agent enable milter

BitDefender and Axigen run as different users, and they need to communicate with each other for the integration to work, so you’ll need to make some changes regarding the two users and the default access permissions:

  1. Add the axigen user to BitDefender’s LocalUsers and to the bitdefender system group:
    # ./bdsafe registry configure localusers add axigen
    • Linux: add the axigen user to the bitdefender group:
      # usermod -G axigen,bitdefender axigen
    • FreeBSD: add the axigen user to the bitdefender group:
      # pw usermod axigen -G axigen,bitdefender
  2. Change the access permissions on /var/run/BitDefender so bdmilterd which will be running as the axigen user will be able to create the milter intercommunication socket:
    # chmod 731 /var/run/BitDefender
  3. bdmilterd needs to run as the axigen user, and the easiest way to achieve this is by setting the setuid flag for bdmilterd and changing it’s owner to the axigen user:
    # chown axigen:bitdefender bdmilterd
    # chmod u+s bdmilterd

The next step is configuring Axigen with a milter filter, so it will know how to talk to BitDefender, and instructing Axigen to send all mails to be scanned by BitDefender. This can be done as follows, from Axigen’s WebAdmin interface in the Security & Filtering -> Acceptance & Routing -> Advanced Settings context:

  1. Add a new Acceptance/Routing rule:
    1. Set the name of the rule to BitDefender_Milter
    2. Unless otherwise required, leave the Conditions section unmodified as the default policies will apply to all SMTP connections.
    3. From the Actions section, making use of the drop-down box select Filters-> Add Filter and select the +Add condition button
    4. In the Add milter filter box set the Name field to BitDefender and the Address one to local:///var/run/BitDefender/bdmilterd.sock
    5. Save configuration
  2. Activate the filter by creating a second Acceptance/Routing policy that will ensure the first filter execution:
    1. Set the name of the new rule to BitDefender_Execute
    2. Leave the Conditions section unmodified
    3. From the Actions section, making use of the drop-down box select Filters-> Execute Filters and select the +Add condition button
    4. Set the Execute filters Name pattern to BitDefender
    5. Save configuration

And now the final touch, restart them all:

# ./bd restart
# /etc/init.d/axigen restart

Axigen doesn’t send any kind of connection information to BitDefender, like the IP address of the client sending the mail, therefore BitDefender’s RBL filter won’t be able to process mails properly. You’ll need to disable the filter:

# ./bdsafe group configure default antispam userblfilter N
# ./bdsafe reload

You’ll have to add the RBL servers in Axigen’s configuration from the Security & Filtering -> Additional AntiSpam Methods -> DNSBL (DNS BlackList) context.

If the setup works correctly you’ll find the X-BitDefender-Scanner header in the headers of all delivered mails, similar to this:

X-BitDefender-Scanner: Clean, Agent: BitDefender Milter 3.0.2 on
my.axigen.server, sigver: 7.23354

Th-That’s all folks, you can now enjoy the two products, BitDefender and Axigen, happily ever after working together, fighting against the bad guys 🙂

Comments are closed.