Setting ESETS for outbound email message scanning

Outbound email message scanning is performed using the esets_smtp daemon. In the [smtp] section of the ESETS configuration file, set these parameters:

agent_enabled = yes
listen_addr = ""
listen_port = 2525

‘listen_addr’ is the address of the local network interface named if0. Then, restart the ESETS daemon. The next step is to redirect all SMTP requests to esets_smtp. If IP-filtering is being performed by the ipchains administration tool, an appropriate rule would be:

ipchains -A INPUT -p tcp -i if0 --dport 25 -j REDIRECT 2525

If IP-filtering is being performed by the iptables administration tool, the rule is:

iptables -t nat -A PREROUTING -p tcp -i if0 --dport 25 -j REDIRECT --to-ports 2525

On FreeBSD, the rule is as follows:

ipfw add fwd,2525 tcp from any to any 25 via if0 in

Warning: Your MTA may accept all connections without extensive checking from esets_smtp because those connections are local. By using your own firewall rules, make sure you do not create an open relay, i.e., allow someone from the outside to connect to esets_smtp and use it as a relay SMTP server.