F-Secure Internet Gatekeeper for Linux/Administrator’s Guide
45
7.1.1.3
POP Proxy
POP Proxy
POP Proxy
(pop_service)
Click the
On
and
Off
buttons to start or stop the POP proxy service.
Proxy port
Proxy Port
(svcport)
Specifies the port number that the proxy service uses. The standard port number is 110.
Usually, you need to specify only the port number. To specify the port number, IP address, and
interface name all together, use the following format:
Syntax:
[A.A.A.A%EEE:PPP|A.A.A.A:PPP|%EEE:PPP|PPP]
(PPP:
Port number, A.A.A.A:
Address, EEE: Interface)
Examples:
9110, 1.2.3.4:9110, %eth0:9110, 1.2.3.4%eth0:9110
■
You can specify only one inbound port number. To listen for connections on more
than one port, use the REDIRECT setting in the iptables function of Linux.
For example, to listen for connections on both the standard POP port (110) and
12345, set 110 as the inbound port number and use iptables to redirect port 12345
to port 110. In this case, use the following command to setup iptables:
# iptables –t nat –A PREROUTING –p tcp –dport 12345 –j REDIRECT –to-port
110
After specifying the setting, save the iptables configuration:
# /etc/init.d/iptables save
■
Because SSL communications for protocols such as POPs (TCP/port number 995)
are encrypted, communications cannot be received directly regardless of whether
iptables redirection is enabled or not. If necessary, install F-Secure Internet
Gatekeeper for Linux so that communications are first decrypted by an SSL proxy,
SSL accelerator, or similar. After this, the communications pass through the
gateway.
Available general-purpose SSL proxies include stunnel and stone.
- stunnel
http://www.stunnel.org/
http://www.atmarkit.co.jp/fsecurity/rensai/securitytips/018stunnnel.html
- stone
http://www.gcd.org/sengoku/stone/Welcome.ja.html
http://www.gcd.org/sengoku/stone/
Parent server
Parent Server
(parent_server_host / parent_server_port)
Specifies the host name and port number of the destination POP server.
The standard port number is 110.
This setting is ignored in transparent mode.
Virus scanning
Do Virus Check
(virus_check)
Enables or disables virus scanning.
We recommend that you enable this setting.
When you enable both virus and spam scanning, the virus scan result is handled first.
What to do when a virus is detected
Action on Viruses
Delete