Integrating Bitdefender Security for Mail Servers with Zimbra Collaboration
This section describes how to integrate Bitdefender Security for Mail Servers with Zimbra Collaboration.
Zimbra Collaboration (hereinafter known as Zimbra) is an open source messaging and collaboration solution that provides email services as an alternative to Microsoft Exchange.
Overview
Zimbra architecture includes open source integrations, activated during Zimbra installation process. Below you have the integrations that interact with Bitdefender Security for Mail Servers (BSMS):
Postfix, the mail transfer agent (MTA) that routes mail messages to the Zimbra server through the Zimbra MTA. The Zimbra mailbox server receives the messages from the Zimbra MTA server and passes them through any filters that have been created.
Zimbra stores Postfix configuration files in
/opt/zimbra/postfix/conf
, not in/etc/postfix
, which is their usual location, causing some errors during BSMS installation. These files are also restored every time Zimbra services are restarted.To make the integration work and persistent, Zimbra's master configuration files need to be edited. Find how in this section.
Antivirus and antispam components, also a part of Zimbra MTA:
ClamAV, an anti-virus scanner that protects against malware.
SpamAssassin, a mail filter that attempts to identify spam.
Amavisd-New, the interface between the MTA and one or more content checkers.
Having Zimbra integrated with BSMS, you no longer need the antivirus and antispam components offered by Zimbra, as the mail traffic is redirected and filtered by BSMS.
Prerequisites
Install Bitdefender Security for Mail Servers with the Postfix-SMTP Proxy MTA integration option. For more information, refer to the Administrator's Guide.
In case you haven't selected the Postfix integration during the BSMS installation, you have to run the following commands:
#cd /opt/BitDefender/bin #./bdsafe agent integrate postfix
Note
The bdsafe command will output some errors stating that it couldn't find Postfix configuration files. The errors occur because of the Zimbra architecture and you may ignore them as they are solved in this section.
To integrate BSMS with Zimbra, follow the steps described below, according to the Zimbra version you have installed:
Modify the default content filter for Postfix:
Create a backup copy of the configuration file.
#cd /opt/zimbra/conf/zmconfigd/ #cp -p postfix_content_filter.cf postfix_content_filter.cf.backup
Set writing permissions for the file.
#chmod +w postfix_content_filter.cf
Open postfix_content_filter.cf for editing with an editor of your choice.
Locate the following line:
smtp-amavis:[%%zimbraLocalBindAddress%%]:10024
and replace it with:
smtp:[%%zimbraLocalBindAddress%%]:10031
Save the file and exit the editor.
Set the initial permissions for the file:
#chmod -w postfix_content_filter.cf
Disable antivirus check for AMaViS:
Create a backup copy of the configuration file.
#cp -p smtpd_sender_restrictions.cf smtpd_sender_restrictions.cf.backup
Set writing permissions for the file.
#chmod +w smtpd_sender_restrictions.cf
Open smtpd_sender_restrictions.cf and delete the following lines:
%%contains VAR:zimbraServiceEnabled antivirus^ check_sender_access regexp:/opt/zimbra/postfix/conf/tag_as_originating.re%% %%contains VAR:zimbraServiceEnabled antivirus^ check_sender_access regexp:/opt/zimbra/postfix/conf/tag_as_foreign.re%%
Save the file and exit the editor.
Set the initial permissions to file:
#chmod -w smtpd_sender_restrictions.cf
Disable antispam check for AMaViS and use the default content filter definition to redirect the mail flow to BSMS:
Go to Zimbra conf directory.
#cd /opt/zimbra/postfix/conf
Open master.cf.in for editing with your favorite editor. Master.cf.in is the definition file for master.cf.
Note: If the file is not in the current directory, then go to
/opt/zimbra/common/conf
Go to line 143, where one of the postfix instances is defined:
[%%zimbraLocalBindAddress%%]:10030 inet n - n - - smtpd
Locate the next command a couple of lines below line 143:
%%uncomment SERVICE:antispam%% -o content_filter=smtp-amavis:[%%zimbraLocalBindAddress%%]:10032
Add a ! sign in front of antispam like in the example below to comment the setting:
%%uncomment SERVICE:!antispam%% -o content_filter=smtp-amavis:[%%zimbraLocalBindAddress%%]:10032
Save the file and close your text editor.
Set up BSMS to receive the mail flow and send it back to the last postfix instance:
cd /opt/BitDefender/bin ./bdsafe agent configure smtp port 10031 ./bdsafe agent configure smtp realserver 127.0.0.1:10025 ./bdsafe agent enable smtp
You can check the BSMS configuration with this command:
#./bdsafe agent configure smtp
The output should be similar to this:
/BDUX/Agents/SmtpProxy/SMTPServer = 127.0.0.1:10025 interface = 127.0.0.1 network = 127.0.0.1/255.255.255.255 domain = localhost /BDUX/Agents/SmtpProxy/Port = 10031 /BDUX/Agents/SmtpProxy/Timeout = 60 /BDUX/Agents/SmtpProxy/Threads = 0 /BDUX/Agents/SmtpProxy/MaxMailSize = 0
Restart Zimbra and Bitdefender services to apply the new configuration on both:
#/etc/init.d/zimbra restart #/etc/init.d/bd restart
To make sure everything was set up correctly, you can check if the email traffic is filtered by BSMS with the following command:
#/opt/BitDefender/bin/bdsafe stats
Configure
/opt/zimbra/postfix/conf/master.cf.in
:Create a backup copy of the configuration file.
#cd /opt/zimbra/postfix/conf #cp master.cf.in master.cf.in.orig
Open master.cf.in for editing with your favorite editor.
Remove the last section regarding amavis.
Add the following lines:
#Added by BitDefender, do not remove! 127.0.0.1:10026 inet n - n - 10 smtpd -o content_filter= -o smtp_send_xforward_command=yes #End of added lines
Note
The paragraph starting with 127.0.0.1 must be ONE line.
Save the file and close your text editor.
Configure
/opt/zimbra/conf/zmmta.cf
as follows:Create a backup copy of the configuration file.
#cd /opt/zimbra/conf #cp zmmta.cf zmmta.cf.orig
Open zmmta.cf for editing with your favorite editor.
Search for POSTCONF content_filter and replace the line with this one:
POSTCONF content_filter smtp:127.0.0.1:10025
Save the file and close your text editor.
Configure BSMS to receive the mail flow.
#cd /opt/BitDefender/bin #./bdsafe agent configure smtp realserver 127.0.0.1:10026 #./bdsafe agent configure smtp port 10025
You can check the BSMS configuration with this command:
#./bdsafe agent configure smtp
The output should be similar to this:
/BDUX/Agents/SmtpProxy/SMTPServer = 127.0.0.2:10026 interface = 127.0.0.1 network = 127.0.0.1/255.255.255.255 domain = localhost /BDUX/Agents/SmtpProxy/Port = 10025 /BDUX/Agents/SmtpProxy/Timeout = 60 /BDUX/Agents/SmtpProxy/Threads = 0 /BDUX/Agents/SmtpProxy/MaxMailSize = 0
Restart Bitdefender and Zimbra services to apply the new configuration on both:
#su -c "/opt/zimbra/bin/zmmtactl restart" zimbra #/etc/init.d/bd restart
To make sure everything was set up correctly, you can check if the email traffic is filtered by BSMS with the following command:
#/opt/BitDefender/bin/bdsafe stats