Linux

I've been using Linux/Unix for many years. I've always had a strong interest in technology in general and computing specifically.

These are my opinions. Opinions are like noses, everyone has one, and they all smell.

Enjoy your visit.
July 2017
M T W T F S S
« Dec    
 12
3456789
10111213141516
17181920212223
24252627282930
31  

Email Scanning Virtual Appliance

From the web site:


About ESVA:

ESVA was born out of a need for organisations to have a cost-effective email virus & spam scanning solution. There are other commercial products out there, but these are often too expensive for small organisations to justify, or the existing free products are beyond the abilities of these organisations.

ESVA is simply a pre-built and easily configured email scanning (security) Virtual Appliance (ESVA) that will run on VMware Workstation, Server, Player or ESX Server.

The idea is for the appliance to be pretty much set & forget with an easy to use interface so that users don’t really need to know how to use the underlying Gnu/Linux.

I thought this was an interesting concept and since I already have a machine running vmware server, I thought it would be interesting to download and examine the software.

The first thing I had to do was install some vmware tools I didn’t already have. I downloaded ovftool from the vmware download site and followed the instructions for installing and using it. I used the ovf tool to download and install the ovf file from the ftp site. This is an xml file that describes for the ovftool how to get the actual files for the virtual machine. When you run the tool, it asks you where to place the files. The one thing I found it doesn’t do is set the executable bits on the .vmx file. It’s possible I missed an option for ovftool. I could have donwloaded the zip file and installed that.

There is a pretty good howto in pdf format available on the esva web site. After installing the image, I then started the virtual machine.

Starting the ESVA virtual machine the first time

Starting the ESVA virtual machine the first time

Then I ran esva-configure as instructed. This set up some typical Linux configuration options like keyboard:

Keyboard Configuration

Keyboard Configuration

timezones:

choosing country

choosing country

choosing country screen two

choosing country screen two

set time zone

set time zone

Confirm Timezone configuration

Confirm Timezone configuration

system clock set to UTC?

system clock set to UTC?

networking:

What is my IP Address?

What is my IP Address?

Setting Netmask

Setting Netmask

Set Gateway

Set Gateway

Setting Network Gateway

Setting Network Gateway

Configuring Organization

Configuring Organization Unit

Configuring Organization Unit

Mailscanner processes

Configure the number of Mailscanner child processes

Configure the number of Mailscanner child processes

More organizational information

Setting IANA Country Code

Setting IANA Country Code

setting up user account

create inital user account

create inital user account

set passwords

Set User Password

Set User Password

Reset Root Password

Reset Root Password

set certificate request information.

Certificate Request Country

Certificate Request Country

After the system collects some more data it reboots. Most further interaction is done through the web interface.

Recent Messages page displayed after login as administrator

Recent Messages page displayed after login as administrator

Now we have the option to manage and make changes to the system. But first we need to change the admin password, and at our option, change the username. We click on the Tools link on the menu bar.

Tools Menu

Tools Menu

This will bring up the user management interface.

Manage Users

Manage Users

Then we click on the Edit option for the Administrator account. We get a new window.

Edit User

Edit User

This is the same screen we get when we create a new user, except that some of the fields are already filled in. You may want to change the administrator name, or just the password. You will also notice there are options for other types of users. Don’t change this, you need one administrator account. It will become apparent later what the purpose of these other roles is.

Now that we have changed the administrator password we can go on with managing the system. This system is designed to filter out spam. Sometimes you get mail in your box that you wish you didn’t and some times mail is identified as spam, that you really want to get. One of the methods of changing this is through the use of Black and White Lists.

Managing Blacklists and Whitelists

Managing Blacklists and Whitelists

From the howto:

There are many types of circumstances where you would need to use Whitelisting and Blacklisting. It is important to understand the precedence of how these are processed: If a message matches both the whitelist and blacklist, the whitelist wins and the message will be delivered.

It depends upon the role of the user as to how the blacklist/whitelist is applied. If it’s just a user, then the rule applies only to that users mail. If the rule is created by the domain administrator, then the rule applies across the domain. If the rule is created by the administrator then the rule applies to the entire system, all domains and all users.

Grey listing refuses delivery of mail with a SMTP 4xx error code. This indicates a temporary failure. The assumption is that since temporary failures are defined in the SMTP’s related RFC, a legitimate server will try again to deliver the email. The server will record the ip address, envelope sender and envelope recipient address from the first attempt. The second time our server sees this information it adds it to the automatic whitelist and allows the mail to pass.

Greylisting page

Greylisting page

The greylist will keep the information in a database for a specified period of time. We can manage automatic whitelist entries in the Greylist Waiting page. By setting a date in this page we delete all greylist entries older than the specified date. There are five options that can be managed in this page, Sender name, Sender domain, IP address, Recipient, and Seen at. You can delete each of these entries from the database separately by date.

Delete greylist entries older than specified date and time

Delete greylist entries older than specified date and time

We can use the various options in this page to search our auto whitelist addresses, auto whitelisted domains, manually add to our whitelist addresses and whitelisted domains.

There are a multitude of reports and you can even build your own custom filters and reports

ESVA Reports

ESVA Reports

There are also graphic reports pre-configured in the system. Since this is only a test enviornment without live data, the graphs are mostly empty and not much to look at. There are nice graphs available when there is data to view.

MTA Statistics

MTA Statistics

Message Listing

Message Listing

Message Operations

Message Operations

Total Mail by Date

Total Mail by Date

Top 10 Mail Relays

Top 10 Mail Relays

Top Viruses (no data)

Virus Report (no data)

Top 10 Senders by Quantity

Top 10 Senders by Quantity

Top Senders by Volume

Top Senders by Volume

Top 10 Recipients by Quantity

Top 10 Recipients by Quantity

Top Recipients by Volume

Top Recipients by Volume

Top Senders by Quantity

Top Senders by Quantity

Top 10 Sender Domains by Volume

Top 10 Sender Domains by Volume

Top Recipient Domains by Quantity

Top Recipient Domains by Quantity

Top Recipient Domains by Volume

Top Recipient Domains by Volume

SpamAssassin Core Distribution (no data)

SpamAssassin Rule Hits (no data)

MCP Score Distribution (no data)

MCP Rule Hits (no data)

Audit Log

Audit Log

Time to look at the tools provided with ESVA. Here’s the tools menu. The lower half contains links to web sites that you might be interested in if your running ESVA. I’ll leave those for the reader to explore.

Tools

Tools

Here is the tool for managing users. During the initial setup they recommend you go to this screen and modify the administrator user, so the defaults are no longer in effect. Users can be created as part of three different groups. Administrator, Domain Administrator and User. The access rules for the web interface are different for each group.

User Manager

User Manager

The MYSQL Status page lets you look at a bunch of statics behind the database. There is information about the tables, type of engine, the version number, Row Format, number of rows, etc. Doesn’t appear to give you access to modify, just look at the data.

MySQL Status

MySQL Status

If you’re a big fan of GUI interfaces, webmin is also available through the tools menu. I’ll leave the review of webmin for another day.

Webmin

Webmin

GeoIP Database Update

GeoIP Database Update

If you are expecting some kind of graphical update, you will probably be disappointed. Here’s the next screen.

GeoIP Database Update - waiting

GeoIP Database Update - waiting

The mailscanner configuration page is interesting, and very long! It has a lot of options and links to various configuration, reporting and other files. We can click on the link and view the file, however we’ll have to resort to the command line and a text editor to make changes. There doesn’t seem to be any option in the web interface to edit these files.

Mailscanner Configuration

Mailscanner Configuration

I’m sure this page would be much more interesting to look at if there was some actual data. It would be interesting to view the spam/ham ratios.

Spamassassin Bayes Database Info

Spamassassin Bayes Database Info

We can test our spamassassin configuration with the lint test.

Spamassassin Lint Test

Spamassassin Lint Test

When we want to make sure we have the latest spamassassin rule descriptions in place we can use this screen to fetch and update them.

Spamassassin Rule Update

Spamassassin Rule Description Update

After we run the updater we get a screen full of data like this:

Spamassassin Rule Description Update - results

Spamassassin Rule Description Update - results

Share