Back to Knowledge Base
Jun 08, 2016

How to Integrate Axigen with Bitdefender Security for Mail Servers on Linux

This article describes how to integrate Axigen with Bitdefender Security for Mail Servers on Linux.

Solution

  1. Install Bitdefender Security for Mail Servers

    During the installation wizard process, you should select option 7 — "SMTP Proxy - works with any Mail Transfer Agent". Alternatively, if it's already installed, please skip this step.

  2. Enable the Bitdefender milter and restart the Bitdefender service:

    # cd /opt/BitDefender/bin
    # ./bdsafe agent enable milter
    # service bd restart

  3. Configuring Bitdefender for Mail Servers

    Check the milter socket existence:

    netstat -lpn | grep bdmilterd

    The command should output a result like the one below:

    unix 2 [ ACC ] STREAM LISTENING 9507 1413/bdmilterd /opt/BitDefender/var/run/bdmilterd.sock

    In order for Axigen to be able to access the BitDefender milter socket file, we will need to run the Bitdefender product with the same user as Axigen.

    In order to do that, please take the following steps:

    Stop the bd daemon:

    /etc/init.d/bd stop

    Edit the /etc/init.d/bd file in a text editor and replace the lines below:

    user_based_on_os ()
    {
    OS="$(uname | tr 'A-Z' 'a-z')"
    if [ "$OS" = "sunos" ] ; then
    echo "bdux"
    else
    echo "bitdefender"
    fi
    }

    With the following:

    user_based_on_os ()
    {
    OS="$(uname | tr 'A-Z' 'a-z')"
    if [ "$OS" = "sunos" ] ; then
    echo "bdux"
    else
    echo "axigen"
    fi
    }

    This will cause the Bitdefender services to run with the same privileges as the Axigen one.

    Before we start the Bitdefender service, we will need to adjust the permissions for the Bitdefender files so that they are owned by the user under which the service will be run.

    Please issue the following two commands:

    chown -R axigen:axigen /opt/BitDefender
    chown -R axigen:axigen /var/run/BitDefender

    Start the bd daemon:

    /etc/init.d/bd start

  4. Axigen Milter configuration:

    Open the Axigen WebAdmin interface and navigate to the following section:

    Security & Filtering > Acceptance & Routing > Advanced Settings

    Add the below two rules for using the Bitdefender filter:

    Rule 1:

    • Press the 'Add Acceptance / Routing Rule' button
    • Type a suggestive Rule name, such as 'Bitdefender_define'
    • Unless otherwise required, leave the Conditions section unmodified as the default policies will apply to all SMTP connections
    • From the Actions section, select Filters > Add Filter and click the 'Add Action' button. You should next define a corresponding name for this filter (e.g. Bitdefender). Note that this name can be used for tracking the filter entries in the Axigen log entries. Also fill the 'Address' field with the connection address of the Bitdefender MILTER listener.

      Example:

        Name: Bitdefender
      Address: local:///var/run/BitDefender/bdmilterd.sock
    • By selecting 'Save Configuration', the new filter details will be saved.

    Rule 2:

    In order to activate the filter, from the same Advanced Settings context you will create a second rule that will ensure the filter execution.

    • Press the 'Add Acceptance/Routing Rule' Button
    • Type a suggestive Rule name such as 'Bitdefender_execute'
    • Leave the Conditions section unmodified
    • In the Actions section select the 'Execute filters' option from the Filters category and press the '+ Add Action' button
    • Fill the 'Name pattern' field with the name of the previously defined filter, in our case 'Bitdefender'.
    • Finally, press the 'Save configuration' button in order to activate this rule.

    After this point, all the server's traffic will be processed by this filter.

Antispam example (GTUBE)

  • BitDefender log
    • # tail -f /opt/BitDefender/var/log/spam.log
    07/06/2016 10:53:27 BDMAILD SPAM: sender: user1@example.axi.lan, recipients: user1@example.axi.lan, sender IP: 127.0.0.1, subject: "gtube", message-id: "<1467791606740447047@example.axi.lan>", , score: 1000, stamp: " Build: [Engines: 2.15.6.911, Dats: 425489, Stamp: 3], Multi: [Enabled, t: (0.000011,0.001143), hit gtube], total: 1000(775)", agent: Milter 3.1.6, action: ignored (ignore), header sender: "user1 <user1@example.axi.lan>", header recipients: ( "user1 <user1@example.axi.lan>" ), headers: ( "Received: from [127.0.0.1] by example.axi.lan with HTTP; Wed, 6 Jul 2016 10:53:26 +0300" ), group: "Default"
  • Axigen log
    • # tail -f /var/opt/axigen/log/everything.txt
    2016-07-06 10:53:26 +0300 08 example PROCESSING:001A6E0B: Filter named <Bitdefender> of type [milter] running at address local:///var/run/BitDefender/bdmilterd.sock added to filter list
    2016-07-06 10:53:26 +0300 08 example PROCESSING:001A6E0B: Execute onConnect event for filter <Bitdefender>
    2016-07-06 10:53:26 +0300 16 example PROCESSING:001A6E0B: >> 220 example.axi.lan Axigen ESMTP ready
    2016-07-06 10:53:26 +0300 16 example PROCESSING:001A6E0B: << EHLO example.axi.lan
    2016-07-06 10:53:26 +0300 08 example PROCESSING:001A6E0B: Set max data size to 10240 KB
    2016-07-06 10:53:26 +0300 08 example PROCESSING:001A6E0B: Set max received headers to 30
    2016-07-06 10:53:26 +0300 08 example PROCESSING:001A6E0B: Maximum recipient count set to 1000
    2016-07-06 10:53:26 +0300 08 example PROCESSING:001A6E0B: Wait for processing response at least 10 seconds
    2016-07-06 10:53:26 +0300 08 example PROCESSING:001A6E0B: STARTTLS extension allowed
    2016-07-06 10:53:26 +0300 08 example PROCESSING:001A6E0B: 8BIT MIME accepted
    2016-07-06 10:53:26 +0300 08 example PROCESSING:001A6E0B: BINARY DATA extension allowed
    2016-07-06 10:53:26 +0300 08 example PROCESSING:001A6E0B: PIPELINING extension allowed
    2016-07-06 10:53:26 +0300 08 example PROCESSING:001A6E0B: Set local delivery to all
    2016-07-06 10:53:26 +0300 08 example PROCESSING:001A6E0B: Execute onEhlo event for filter <Bitdefender>
    2016-07-06 10:53:26 +0300 16 example PROCESSING:001A6E0B: >> 250-example.axi.lan Axigen ESMTP hello
    2016-07-06 10:53:26 +0300 16 example PROCESSING:001A6E0B: >> 250-PIPELINING
    2016-07-06 10:53:26 +0300 16 example PROCESSING:001A6E0B: >> 250-AUTH PLAIN LOGIN CRAM-MD5 DIGEST-MD5 GSSAPI
    2016-07-06 10:53:26 +0300 16 example PROCESSING:001A6E0B: >> 250-AUTH=PLAIN LOGIN CRAM-MD5 DIGEST-MD5 GSSAPI
    2016-07-06 10:53:26 +0300 16 example PROCESSING:001A6E0B: >> 250-8BITMIME
    2016-07-06 10:53:26 +0300 16 example PROCESSING:001A6E0B: >> 250-BINARYMIME
    2016-07-06 10:53:26 +0300 16 example PROCESSING:001A6E0B: >> 250-CHUNKING
    2016-07-06 10:53:26 +0300 16 example PROCESSING:001A6E0B: >> 250-SIZE 10485760
    2016-07-06 10:53:26 +0300 16 example PROCESSING:001A6E0B: >> 250-XAXIORGINFO
    2016-07-06 10:53:26 +0300 16 example PROCESSING:001A6E0B: >> 250-HELP
    2016-07-06 10:53:26 +0300 16 example PROCESSING:001A6E0B: >> 250 OK
    2016-07-06 10:53:26 +0300 08 example PROCESSING:001A6E0B: session from [0.0.0.0] authenticated by <user1@example.axi.lan>
    2016-07-06 10:53:26 +0300 16 example PROCESSING:001A6E0B: << MAIL FROM: user1@example.axi.lan SIZE=1331 AUTH=user1@example.axi.lan XAXIORGINFO=1A6E0B:00000002
    2016-07-06 10:53:26 +0300 08 example PROCESSING:001A6E0B: Execute onMailFrom event for filter <Bitdefender>
    2016-07-06 10:53:26 +0300 16 example PROCESSING:001A6E0B: >> 250 Sender accepted
    2016-07-06 10:53:26 +0300 16 example PROCESSING:001A6E0B: << RCPT TO: user1@example.axi.lan
    2016-07-06 10:53:26 +0300 08 example PROCESSING:001A6E0B: Execute onRcptTo event for filter <Bitdefender>
    2016-07-06 10:53:26 +0300 16 example PROCESSING:001A6E0B: >> 250 Recipient accepted
    2016-07-06 10:53:26 +0300 16 example PROCESSING:001A6E0B: << BDAT 1331 LAST
    2016-07-06 10:53:26 +0300 08 example PROCESSING:001A6E0B: Execute onHeaderReceived event for filter <Bitdefender>
    2016-07-06 10:53:26 +0300 16 example PROCESSING:001A6E0B: << 1331 bytes read
    2016-07-06 10:53:26 +0300 16 example PROCESSING:001A6E0B: << Last chunk of 1331 bytes read
    2016-07-06 10:53:26 +0300 08 example PROCESSING:001A6E0B: Execute onDataReceived event for filter <Bitdefender>
    2016-07-06 10:53:27 +0300 08 example WEBMAIL:00000010: [127.0.0.1:443] connection accepted from [127.0.0.1:55290]
    2016-07-06 10:53:27 +0300 08 example PROCESSING:001A6E0B: [MILTER] Modification action by filter: 'm' (change header: Content-Type:multipart/mixed; boundary="=-bd-boundary-cs4ufQybvQzL6bhn":1)
    2016-07-06 10:53:27 +0300 08 example PROCESSING:001A6E0B: [MILTER] Modification action by filter: 'm' (change header: Subject:[SPAM] gtube [SPAM]:1)
    2016-07-06 10:53:27 +0300 08 example PROCESSING:001A6E0B: [MILTER] Modification action by filter: 'h' (add header: X-BitDefender-Scanner:Clean, Agent: BitDefender Milter 3.1.6 on example.axi.lan, sigver: 7.66201)
    2016-07-06 10:53:27 +0300 08 example PROCESSING:001A6E0B: [MILTER] Modification action by filter: 'h' (add header: X-BitDefender-Spam:Yes (1000))
    2016-07-06 10:53:27 +0300 08 example PROCESSING:001A6E0B: [MILTER] Modification action by filter: 'h' (add header: X-BitDefender-SpamStamp:Build: [Engines: 2.15.6.911, Dats: 425489, Stamp: 3], Multi: [Enabled, t: (0.000011,0.001143), hit gtube], total: 1000(775))
    2016-07-06 10:53:27 +0300 08 example PROCESSING:001A6E0B: [MILTER] Modification action by filter: 'h' (add header: X-BitDefender-CF-Stamp:none)
  • Message headers
    • X-BitDefender-Scanner: Clean, Agent: BitDefender Milter 3.1.6 on example.axi.lan, sigver: 7.66201
    X-BitDefender-Spam: Yes (1000)
    X-BitDefender-SpamStamp: Build: [Engines: 2.15.6.911, Dats: 425489, Stamp: 3], Multi: [Enabled, t: (0.000011,0.001143), hit gtube], total: 1000(775)
    X-BitDefender-CF-Stamp: none

Antivirus example (EICAR)

  • BitDefender log
    • # tail -f /opt/BitDefender/var/log/virus.log
    07/06/2016 11:45:01 BDMAILD MALWARE: /opt/BitDefender/var/tmp/bdmilterd_gBvdEE=>[Subject: antivirus test][Date: Wed, 6 Jul 2016 11:45:00 +0300]=>=?utf-8?Q?antivirustest?=, malware: EICAR-Test-File (not a virus), status: infected, action: deleted (disinfect;delete;quarantine), agent: Milter 3.1.6, sender: "user1@example.axi.lan", recipients: "user1@example.axi.lan", sender IP: 127.0.0.1, subject: "antivirus test", message-id: "<1467794700972474363@example.axi.lan>", header sender: "user1 <user1@example.axi.lan>", header recipients: ( "user1 <user1@example.axi.lan>" ), headers: ( "Received: from [127.0.0.1] by example.axi.lan with HTTP; Wed, 6 Jul 2016 11:45:00 +0300" ), group: "Default"
  • Axigen log
    • # tail -f /var/opt/axigen/log/everything.txt
    2016-07-06 11:45:01 +0300 08 example PROCESSING:003210CB: Execute onDataReceived event for filter <Bitdefender>
    2016-07-06 11:45:01 +0300 08 example PROCESSING:003210CB: [MILTER] Modification action by filter: 'h' (add header: X-BitDefender-Scanner:Disinfected, Agent: BitDefender Milter 3.1.6 on example.axi.lan EICAR-Test-File (not a virus) deleted, sigver: 7.66201)
    2016-07-06 11:45:01 +0300 08 example PROCESSING:003210CB: [MILTER] Modification action by filter: 'h' (add header: X-BitDefender-Spam:No (0))
    2016-07-06 11:45:01 +0300 08 example PROCESSING:003210CB: [MILTER] Modification action by filter: 'h' (add header: X-BitDefender-SpamStamp:Build: [Engines: 2.15.6.911, Dats: 425489, Stamp: 3], Multi: [Enabled, t: (0.000014,0.001150)], BW: [Enabled, t: (0.000012,0.000001), skipping (From == To)], RBL DNSBL: [Disabled], APM: [Enabled, Score: 500, t: (0.004726), Flags: BB9BAF5C; NN_S_TWO_WORDS_LOWERCASE_NMD; NN_EXEC_H_MAIL_HAS_EMPTY_ATTACHMENT; NN_EXEC_H_FROM_ADDR_EQUAL_TO_ADDR; NN_MPART_MIXED_WO_CT_PH_APP_ADN; NN_NO_LINK_NMD; NN_SUMM_TP_BWLE_ADN; NN_SUMM_TH_BWLE_ADN], SGN: [Enabled, t: (0.012339)], URL: [Enabled, t: (0.000011)], RTDA: [Enabled, t: (0.057704), Hit: No, Details: v2.3.10; Id: 2m1ghhc.1amgks2k3.o5t5], total: 0(775))
    2016-07-06 11:45:01 +0300 08 example PROCESSING:003210CB: [MILTER] Modification action by filter: 'h' (add header: X-BitDefender-CF-Stamp:none)
    2016-07-06 11:45:01 +0300 08 example PROCESSING:003210CB: [MILTER] Filter responded with 'a' (accept message)
    2016-07-06 11:45:01 +0300 08 example PROCESSING:003210CB: Body of mail 2EEDC9 was replaced
  • Message headers
    • X-BitDefender-Scanner: Disinfected, Agent: BitDefender Milter 3.1.6 on example.axi.lan EICAR-Test-File (not a virus) deleted, sigver: 7.66201
    X-BitDefender-Spam: No (0)
    X-BitDefender-SpamStamp: Build: [Engines: 2.15.6.911, Dats: 425489, Stamp: 3], Multi: [Enabled, t: (0.000014,0.001150)], BW: [Enabled, t: (0.000012,0.000001), skipping (From == To)], RBL DNSBL: [Disabled], APM: [Enabled, Score: 500, t: (0.004726), Flags: BB9BAF5C; NN_S_TWO_WORDS_LOWERCASE_NMD; NN_EXEC_H_MAIL_HAS_EMPTY_ATTACHMENT; NN_EXEC_H_FROM_ADDR_EQUAL_TO_ADDR; NN_MPART_MIXED_WO_CT_PH_APP_ADN; NN_NO_LINK_NMD; NN_SUMM_TP_BWLE_ADN; NN_SUMM_TH_BWLE_ADN], SGN: [Enabled, t: (0.012339)], URL: [Enabled, t: (0.000011)], RTDA: [Enabled, t: (0.057704), Hit: No, Details: v2.3.10; Id: 2m1ghhc.1amgks2k3.o5t5], total: 0(775)
    X-BitDefender-CF-Stamp: none
OS: Linux
Bitdefender
Quick link: https://www.axigen.com/kb/show/357 Copy link

Axigen is a premium, scalable, all-in-one Windows & Linux mail server software. A free mail server version is available for personal and lab use, along with the business mail server and the MSP mail server, for Managed Service Providers, which also include features like personal organizer, groupware, AntiVirus, AntiSpam, or advanced security policies. The carrier-class ISP mail server solution completes the Axigen offering and comes with clustering support, delegated administration, extensive APIs, as well as a cloud-native, Kubernetes based deployment option.

Axigen uses cookies. By using our services, you’re agreeing to our Cookie Policy. GOT IT