From the web site:
ESVA was born out of a need for organisations to have a cost-effective email virus & spam scanning solution. There are other commercial products out there, but these are often too expensive for small organisations to justify, or the existing free products are beyond the abilities of these organisations.
ESVA is simply a pre-built and easily configured email scanning (security) Virtual Appliance (ESVA) that will run on VMware Workstation, Server, Player or ESX Server.
The idea is for the appliance to be pretty much set & forget with an easy to use interface so that users don’t really need to know how to use the underlying Gnu/Linux.
I thought this was an interesting concept and since I already have a machine running vmware server, I thought it would be interesting to download and examine the software.
The first thing I had to do was install some vmware tools I didn’t already have. I downloaded ovftool from the vmware download site and followed the instructions for installing and using it. I used the ovf tool to download and install the ovf file from the ftp site. This is an xml file that describes for the ovftool how to get the actual files for the virtual machine. When you run the tool, it asks you where to place the files. The one thing I found it doesn’t do is set the executable bits on the .vmx file. It’s possible I missed an option for ovftool. I could have donwloaded the zip file and installed that.
There is a pretty good howto in pdf format available on the esva web site. After installing the image, I then started the virtual machine.
Then I ran esva-configure as instructed. This set up some typical Linux configuration options like keyboard:
More organizational information
setting up user account
set certificate request information.
After the system collects some more data it reboots. Most further interaction is done through the web interface.
Now we have the option to manage and make changes to the system. But first we need to change the admin password, and at our option, change the username. We click on the Tools link on the menu bar.
This will bring up the user management interface.
Then we click on the Edit option for the Administrator account. We get a new window.
This is the same screen we get when we create a new user, except that some of the fields are already filled in. You may want to change the administrator name, or just the password. You will also notice there are options for other types of users. Don’t change this, you need one administrator account. It will become apparent later what the purpose of these other roles is.
Now that we have changed the administrator password we can go on with managing the system. This system is designed to filter out spam. Sometimes you get mail in your box that you wish you didn’t and some times mail is identified as spam, that you really want to get. One of the methods of changing this is through the use of Black and White Lists.
From the howto:
There are many types of circumstances where you would need to use Whitelisting and Blacklisting. It is important to understand the precedence of how these are processed: If a message matches both the whitelist and blacklist, the whitelist wins and the message will be delivered.
It depends upon the role of the user as to how the blacklist/whitelist is applied. If it’s just a user, then the rule applies only to that users mail. If the rule is created by the domain administrator, then the rule applies across the domain. If the rule is created by the administrator then the rule applies to the entire system, all domains and all users.
Grey listing refuses delivery of mail with a SMTP 4xx error code. This indicates a temporary failure. The assumption is that since temporary failures are defined in the SMTP’s related RFC, a legitimate server will try again to deliver the email. The server will record the ip address, envelope sender and envelope recipient address from the first attempt. The second time our server sees this information it adds it to the automatic whitelist and allows the mail to pass.
The greylist will keep the information in a database for a specified period of time. We can manage automatic whitelist entries in the Greylist Waiting page. By setting a date in this page we delete all greylist entries older than the specified date. There are five options that can be managed in this page, Sender name, Sender domain, IP address, Recipient, and Seen at. You can delete each of these entries from the database separately by date.
We can use the various options in this page to search our auto whitelist addresses, auto whitelisted domains, manually add to our whitelist addresses and whitelisted domains.
There are a multitude of reports and you can even build your own custom filters and reports
There are also graphic reports pre-configured in the system. Since this is only a test enviornment without live data, the graphs are mostly empty and not much to look at. There are nice graphs available when there is data to view.
Top Viruses (no data)
Virus Report (no data)
SpamAssassin Core Distribution (no data)
SpamAssassin Rule Hits (no data)
MCP Score Distribution (no data)
MCP Rule Hits (no data)
Time to look at the tools provided with ESVA. Here’s the tools menu. The lower half contains links to web sites that you might be interested in if your running ESVA. I’ll leave those for the reader to explore.
Here is the tool for managing users. During the initial setup they recommend you go to this screen and modify the administrator user, so the defaults are no longer in effect. Users can be created as part of three different groups. Administrator, Domain Administrator and User. The access rules for the web interface are different for each group.
The MYSQL Status page lets you look at a bunch of statics behind the database. There is information about the tables, type of engine, the version number, Row Format, number of rows, etc. Doesn’t appear to give you access to modify, just look at the data.
If you’re a big fan of GUI interfaces, webmin is also available through the tools menu. I’ll leave the review of webmin for another day.
If you are expecting some kind of graphical update, you will probably be disappointed. Here’s the next screen.
The mailscanner configuration page is interesting, and very long! It has a lot of options and links to various configuration, reporting and other files. We can click on the link and view the file, however we’ll have to resort to the command line and a text editor to make changes. There doesn’t seem to be any option in the web interface to edit these files.
I’m sure this page would be much more interesting to look at if there was some actual data. It would be interesting to view the spam/ham ratios.
We can test our spamassassin configuration with the lint test.
When we want to make sure we have the latest spamassassin rule descriptions in place we can use this screen to fetch and update them.
After we run the updater we get a screen full of data like this: