VMware Virtual Appliances Community
andy_mac
Enthusiast
Enthusiast

ESVA 1.5.1

This is the latest version of my Email Security Virtual Appliance.

http://www.vmware.com/vmtn/appliances/directory/542

If anyone has any idea how to get this onto the VMware torrent tracker, please let me know...

In the meantime it's available by http download from

http://www.global-domination.org/ESVA/15/

FAQs and instructions are also available from the above address. If you have any experiences you would like to share, please do so in this forum.

Andy

Reply
0 Kudos
106 Replies
forward1
Contributor
Contributor

Download mailq-0.11.4.tar.gz to your system i.e. /tmp/

Go to https://your-esva-ip/webmin/edit_mods.cgi

On top of the page choose

From local file : /tmp/mailq-0.11.4.tar.gz and click on "Install module"

Good luck

Reply
0 Kudos
emporio
Contributor
Contributor

so when i receive message like this:

Our UCE (spam) detectors have been triggered by a message you received:-

From: kc.12220920.12520.0@cwconnect.cingular.com

Subject: View Your Bill Online

Date: Mon Sep 18 18:00:28 2006

This message has not been delivered. The detectors that were triggered are ...

Message id: C24CA5AF5E.9FC3C

Date code: 20060918

where are these messages Quarantined, and how can i release them? I looked In Server > MailScanner or Spam Assasin and i haven't seen quarantine button?

thx

emp

Reply
0 Kudos
emporio
Contributor
Contributor

thx forward,

I installed it successfully. Piece of cake Smiley Happy only problem is now how to find reporting tab or icon?

thx again

emp

Reply
0 Kudos
andy_mac
Enthusiast
Enthusiast

You \_should_ be able to view and release these messages thru the clamav applet in webmin but it would appear that there is an incompatibility between the clamav webmin applet and MailScanner, which is rather embarrassing as I set the default action for spam to store rather than forward. There are more details in the faq at http://www.global-domination.org/ESVA/15/faq.html

Sorry again about this... Smiley Sad

Andy

Reply
0 Kudos
emporio
Contributor
Contributor

nothing to be sorry about, everything will be fixed in 1.6 ver :).

I created spam-mailbox and all of the quarantined emails will be forwarded there plus recipient will be notified.

Perfect Smiley Happy

As i said this appliance is doing amazing job, i am reading logs daily and i see how many spam emails gets rejected, its verifying the domain of sender etc etc. its beautiful

thx again Andy

Reply
0 Kudos
andy_mac
Enthusiast
Enthusiast

Cheers - That's the best alternative method.

I always like praise! - Keep it coming everyone!

As an aside - Who's got the busiest installation? - I have a few sites filtering upto 1000 messages a day (maybe 50 of those messages are real mail...) I'd be quite keen to get some stats together so that I can show how efficient ESVA is compared to some other anti-spam appliances.

-ESVA - The original VMTN Email Security Virtual Appliance - and the best! (Not to mention free!)

-Andy

Reply
0 Kudos
mattssi
Contributor
Contributor

There seems to be a TON of friggin options, I don't really know where to start. I tried my best to follow the read me on the site, but no matter what email is sent to me, it gets rejected w/ this error:

undeliverable address: mail for mattssi.com loops back to myself

Reply
0 Kudos
andy_mac
Enthusiast
Enthusiast

Hi Mattssi,

Can you send me a copy of your /etc/log/maillog file, as well as /etc/postfix/main.cf

Also can you tell me the name and IP address of your mail server so I can check this against the config and log file.

If you are using windows, the easiest way of copying these out is with winscp which is a free download (just google it).

My email address is andy.mac@global-domination.org

-Andy

Reply
0 Kudos
yjchung
Contributor
Contributor

Are you planning to upgrade spamassassin to 3.1 in ESVA 1.6?

Reply
0 Kudos
Zylar
Contributor
Contributor

Posting for a few reasons:

1. Andy, you the man!! Great work!! (for the ego)

2. I was actually in the process of setting up a similar box, on Ubuntu Server Dapper LTS, when I found this. Any plans on (or know of) a 'how-to' set up a similar box, if we're not FC fans? (Even just a little direction, still cutting my teeth on Linux).

3. Ever heard of the Barracuda's 'Outbound Mode'? I believe it pretty much captures/scans outbound smtp traffic, to prevent blacklisting if a client PC gets infected. Any possibilty of eventually incorporating this type of feature?

Thanks again, great VA,

-Z

Reply
0 Kudos
Robot_Monkey
Contributor
Contributor

Hi Andy,

Great work! Love the appliance.

I'm no linux guru, so I was hoping you could answer a couple of quick questions regarding ESVA problems I'm having.

First. I don't get the logs on the root account as mentioned in another post above. I am logging the following in my mail log though.

Sep 28 04:02:07 gatekeeper sendmail\[20127]: k8S825ZO020127: from=root, size=2885, class=0, nrcpts=1, msgid=<200609280802.k8S825ZO020127@gatekeeper.mydomain.local>, relay=root@localhost

Sep 28 04:02:07 gatekeeper postfix/smtpd\[20373]: connect from localhost.localdomain\[127.0.0.1]

Sep 28 04:02:07 gatekeeper postfix/smtpd\[20373]: NOQUEUE: reject: RCPT from localhost.localdomain\[127.0.0.1]: 450 <root@gatekeeper.mydomain.local>: Recipient address rejected: undeliverable address: host 192.168.17.2\[192.168.17.2] said: 550 5.7.1 Unable to relay for root@gatekeeper.mydomain.local (in reply to RCPT TO command); from=<root@gatekeeper.mydomain.local> to=<root@gatekeeper.mydomain.local> proto=ESMTP helo=<gatekeeper.mydomain.local>

Sep 28 04:02:07 gatekeeper postfix/smtpd\[20373]: disconnect from localhost.localdomain\[127.0.0.1]

And also, is there a way to white-list domains with this setup. I'm unsure as to whether I should be looking at the Postfix, MailScanner, Postgrey or what exactly. The problem is that I'm using ESVA on a SBS2003 machine which also needs to pass email to Exchange for Blackberry Enterprise Server. The emails from the RIM server are getting greylisted according to my logs. It's critical that these pass right on through without being "suspect".

Any help is appreciated!

cheers!

Reply
0 Kudos
nicolav
Contributor
Contributor

unable to download from any link.

Can you help me?

Thanks,

Nicola

Reply
0 Kudos
andy_mac
Enthusiast
Enthusiast

Hi guys - I have had a number of reports that the download is unavailable - I will modify the link on the site to point to its original location.

The link you should use for now is:

http://www.global-domination.org/ESVA/15/esva1.5.1.zip

Sorry for the inconveniance!

-Andy

Reply
0 Kudos
andy_mac
Enthusiast
Enthusiast

Hi - Yes that will be a v2.0 upgrade (unsure of the time line for that though - 1.6 is currently testing and is very good - so far....)

At the moment the current version of SA installed is very stable and very effective.

-Andy

Reply
0 Kudos
andy_mac
Enthusiast
Enthusiast

Hi,

This looks like you don't have relay_domains configured correctly - just add mydomain.local to that list in /etc/postfix/main.cf

The next question is just as easy (you just have to know where to look!) - edit /etc/postfix/postgrey_whitelist_clients.

You could also edit /etc/postfix/access (follow the instructions in the file).

For SpamAssassin, edit /etc/MailScanner/rules/spam.whitelist.rules

Have fun!

\- Andy

Reply
0 Kudos
andy_mac
Enthusiast
Enthusiast

Cheers Zylar,

You can already use ESVA to scan outbound mail as well - you just need to make a few changes to the config files so that you don't generate loops. If you want more info on this let me know. (I can't be bothered typing it now - it's late and I've had a very busy week - I'm sure you know what it's like...)

-Andy

Reply
0 Kudos
Zylar
Contributor
Contributor

Ahh, thanks a ton Andy. Even just some pointers to the config files needing modification, and maybe settings to adjust. I can research / play-around from there.

Thanks again,

-Z

Edit: And yes! I know exactly what you mean!

Message was edited by:

Zylar

Reply
0 Kudos
emporio
Contributor
Contributor

Andy,

do you have any idea when 1.6 will be released

thx

emp

Reply
0 Kudos
pete_brady
Contributor
Contributor

hi,

silly question, but how do i go about removing the email footer?

(The "This message has been scanned for viruses and dangerous content by ESVA, and is believed to be clean." )

thanks

Reply
0 Kudos
yjchung
Contributor
Contributor

You can change /etc/MailScanner/MailScanner.conf file.

Set "Sign Clean Messages = no"

alternately, you can change

"Inline HTML Signature = %report-dir%/inline.sig.html"

and

"Inline Text Signature = %report-dir%/inline.sig.txt"

Reply
0 Kudos