How To: Kaspersky Anti-Spam

Every network administrator at some stage in their career will come into trouble with the influx of spam during their career because, quite simply, spammers are smart. If you did a Google search for “Linux Anti-Spam”, you’ll be bombarded with tutorials using the infamous, free, SpamAssassin software. However if spamassassin isn’t quite cutting it, you may want to give Kaspersky Anti-Spam 3.0 a whirl. (Please note, Kaspersky Anti-Spam 3 isn’t free and requires a per mailbox licensing fee)

The name Kaspersky is gaining quite a name globally, originally an Anti-Virus engine; Kaspersky Labs has developed tools to help assist network managers fight malicious attacks in all forms of life; spam, viruses, spy-ware and phis-hing attempts. Kaspersky’s anti-spam product, titled appropriately, Kaspersky Anti-Spam 3.0, is able to integrate with your existing Linux smtp engine to filter spam for your users. Kaspersky Anti-Spam (and from now on known as KAS) is able to integrate with;

- Qmail
- Sendmail
- Exim
- Postfix

Getting started

The first step is to obtain the package which suits your Linux distribution. For the sake of simplicity, we’ll install KAS using the debian packaged file.

Grab Kaspersky Anti-Spam here

wget http://dnl-eu8.kaspersky-labs.com/products/english/antispam/deb/kas-3-3.0.284-1.i386.deb
dpkg -i kas-3-3.0.284-1.i386.deb

Once KAS has been installed, it will show on the screen a number of steps you must perform to complete the installation. This includes installing the license key, enabling automatic updates and integrating KAS with your SMTP engine.

Configuring

You’ll need to transfer your kaspersky anti-spam license key file (.key) to the server so you can perform the following task;

/usr/local/ap-mailfilter3/bin/install-key /path/to/your/keyfile.key

The great thing about KAS3 over KAS2 is the web interface. Kaspersky Labs has developed a web interface, allowing you to configure various components of the software.

To access the web interface from a computer other than the one KAS is installed on, you’ll need to make a change to this file;

nano /usr/local/ap-mailfilter3/etc/kas-thttpd.conf

and uncomment the line

#host=0.0.0.0

Finishing up

Once that’s done, you can simply type in your browser; http://ip-of-kas-server:3080 and whola! You’re away. I won’t delve into how to configure the application as its pretty self explanatory. Simply hit the policy page and configure the action rules, which state what should happen to SPAM once detected (whether it should be deleted, redirected etc).

Screenshots

Kaspersky Anti-Spam Error – Failed to clear reserve dir

I noticed that on one of the firewalls I work on, that the Anti-Spam updates were failing. The logs revealed;

[03-01-2008 12:25:57 A] File 'upd_terms_recent.trb.bz2' downloaded
[03-01-2008 12:25:57 E] Failed to clear reserve dir
[03-01-2008 12:25:57 F] Update 'Kaspersky Anti-Spam 3.0' failed

I fixed it by deleting the local update database and then manually starting an update.

mail:# rm -rf /usr/local/ap-mailfilter3/cfdata/bases/*
mail:# /usr/local/ap-mailfilter3/bin/keepup2date -c /usr/local/ap-mailfilter3/etc/keepup2date.conf