VMware Virtual Appliances Community
andy_mac
Enthusiast
Enthusiast

ESVA 1.5.1

This is the latest version of my Email Security Virtual Appliance.

http://www.vmware.com/vmtn/appliances/directory/542

If anyone has any idea how to get this onto the VMware torrent tracker, please let me know...

In the meantime it's available by http download from

http://www.global-domination.org/ESVA/15/

FAQs and instructions are also available from the above address. If you have any experiences you would like to share, please do so in this forum.

Andy

Reply
0 Kudos
106 Replies
pete_brady
Contributor
Contributor

many thanks

Reply
0 Kudos
andy_mac
Enthusiast
Enthusiast

OK - At work at the moment but I'll write something tonight. I need it for the 1.6 admin guide anyway...

Reply
0 Kudos
andy_mac
Enthusiast
Enthusiast

I've pretty much finished the build, just a few things to do there, then a final round of testing. After that is done I'll be writing the admin guide, which will be a living document (web based, so it will grow in time).

I'm really happy with 1.6 - it almost should be 2.0 in terms of the new features - especially around (optional) user level black/whitelists and quarantine.

(add to that the fact that you can now actually release spam form the quarantine too...). The download is about 300MB, so a bit larger than 1.5 was, but i'm sure that people won't mind the extra 75MB once they get it running (with the better documentation)

-Andy

Reply
0 Kudos
i-is
Contributor
Contributor

Hey you did a great job on this one! I plan to put this into production this afternoon! Our primary MX server processes 25k messages a day. I think we have about 200 domains at this time, I'll let you know how it does! I really like the idea of grey listing, this is the only feature our current setup lacks and I'm sure that will make all the difference!

Reply
0 Kudos
i-is
Contributor
Contributor

Have you updated to the 3.1 branch of SpamAssassin yet? It includes sa-update for easy update of rules, and the dev's have been adding rules to this system for a few months now, it's really worth it! I noticed the sa-update in cron.daily but the binary in /usr/bin is missing?

Reply
0 Kudos
andy_mac
Enthusiast
Enthusiast

Cheers.

Make sure you change the spam actions to deliver header... as per the FAQ - the quarantine is broken in 1.5...

-Andy

Reply
0 Kudos
andy_mac
Enthusiast
Enthusiast

No update to 3.1 yet - 1.6 is almost done, but I can review.

To be honest though, most (99+%) spam is killed way before it hits SA (becuase of postgrey and postfix checks), but it's always good to be doubly sure!

-Andy

Reply
0 Kudos
i-is
Contributor
Contributor

I can't wait to see 1.6, I'm just about complete with the server we built for running VMWare, I'm about to put an IP on this box and start configuring! I plan to review this thread from the start once I get ready. I was pushing sa-update because I am a member of SARE and I can configure automatic update of my own rules as well as many other rules! Google knows who we are Smiley Wink I had a feeling greylisting would do that!

Reply
0 Kudos
andy_mac
Enthusiast
Enthusiast

Good one - I've just updated to 3.1.5.

I think that with the number of changes since 1.5 I'm going to call it 2.0....

I have resisted putting any additional rules in the build to avoid false-positives, but will point users in the right direction if they want additional rules.

- One prob with these additions is the extra testing that needs to be done...

-Andy

Reply
0 Kudos
i-is
Contributor
Contributor

If we can get the next version on torrent I can help distribute some bandwidth. I have a decent torrent client called BitTorrent, I noticed the option to announce a file, seems fairly easy to make this go. Then each person who downloads should also be helping others download too. I am helping out with another distro right now, seems like a good way to go!

Reply
0 Kudos
mex604
Contributor
Contributor

Hello,

great stuff, i use it on w2003_servers for spamfiltering before exchange_servers; but could you, if possible, add some editors like joe or, even better, mc?

did not found any editor except vi for editing config_files.

but for the ESVA: RESPECT!!!

mex

Reply
0 Kudos
i-is
Contributor
Contributor

Thanks even more for being active on this project and listening to all our requests!

I have an idea, install squirrelmail or something similar. We need something new for web based e-mail, we wrote our own long ago and it's tiresome to maintain it.

I was having quirks with the spamassassin rule page, it was forgetting rules once I added a few different types, seemed to lose one rule per save?

Reply
0 Kudos
ejulson
Contributor
Contributor

Hi Andy,

Great Appliance... I use this for filtering out email before it can get into my Exchange environment and so far it's blocking at least 95% of spam attempts.

One question: Is there a way, or are there any plans to enable an SPF lookup before the Greylist?

Thanks!

Eric

Reply
0 Kudos
andy_mac
Enthusiast
Enthusiast

Cheers. I have already included it in v 1.6 (albeit at the SA level rather than at the postfix level).

1.6 is now at the point where i'm tidying it up ready for final testing (probably 2 weeks) and documentation (which will be done concurrently with testing), so looking at (realistically) a late October release.

-Andy

Reply
0 Kudos
andy_mac
Enthusiast
Enthusiast

Vi rocks - kind of....

If you are a windows-head you could always use the editor built into winscp...

-Andy

Reply
0 Kudos
andy_mac
Enthusiast
Enthusiast

Cheers - I've tried that myself - but didn't seem to be working, but to be fair I spent about 15 minutes on it then got bored...

Any help in distributing is always appeciated!

-Andy

Reply
0 Kudos
andy_mac
Enthusiast
Enthusiast

Cheers - I aim to please!

That's an idea that I've toyed with, but as a stand alone appliance rather than bundled with ESVA - I'd like to keep it as pure as possible... (there are some pretty big sites using ESVA and they wouldn't use the webmail, but I'm sure there are some small sites out there that would like an alternative to Exchange/OWA...

Andy.

Reply
0 Kudos
i-is
Contributor
Contributor

Sorry for the off-topic post, but how does one go about increasing the size of the HD? I'm out of space at the moment, and clueless about how to go about fixing this. Host OS has 80Gigs, how to increase the guest OS?

Reply
0 Kudos
Gabrie1
Commander
Commander

Hi

Installed ESVA last night and got it kind of working. Is sent some test e-mails and they arrived and (as I configured) had the \{scanned} tag in the subject. About 10 min after I had it working, a friend told me he just sent me two e-mails containing about 5Mb of pictures (Jpg).

In the maillog I could see his e-mail comming in. I even saw his mail in the (I think) ..../spool/mailscanner/1648 directory. It showed a C56930.header file and a C596930 sub dir in which I could see the JPGs. I wanted to at least copy them away because I was unsure what the mailscanner was going to do with this. But just before I typed the cp command the files were gone. And up untill now, I haven't seen any report of his mail.

Can you point me to where I can find this mail? Is it bounced? Is it deleted? Is there any log telling me what happened? I have the snippet from the maillog file:

Oct 10 22:30:05 localhost postfix/smtpd\[2210]: NOQUEUE: reject: RCPTfrom quasit.gremlin.ca\[216.999.99.999]:

450 <gabrie@receivingdomain.com>:Recipient address rejected: Greylisted,

seehttp://isg.ee.ethz.ch/tools/postgrey/help/receivingdomain.com.html;

from=<taretz@sendingdomain.com> to=<gabrie@receivingdomain.com> proto=ESMTPhelo=<quasit.gremlin.ca>

Oct 10 22:30:13 localhost postfix/smtpd\[2210]: NOQUEUE: reject: RCPTfrom quasit.gremlin.ca\[216.999.99.999]:

450 <gabrie@receivingdomain.com>:Recipient address rejected: Greylisted,

seehttp://isg.ee.ethz.ch/tools/postgrey/help/receivingdomain.com.html;

from=<taretz@sendingdomain.com> to=<gabrie@receivingdomain.com> proto=ESMTPhelo=<mx3.domainMX.net>

Oct 10 22:30:39 localhost postfix/smtpd\[2210]: NOQUEUE: reject: RCPTfrom quasit.gremlin.ca\[216.999.99.999]:

450 <gabrie@receivingdomain.com>:Recipient address rejected: Greylisted,

seehttp://isg.ee.ethz.ch/tools/postgrey/help/receivingdomain.com.html;

from=<taretz@sendingdomain.com> to=<gabrie@receivingdomain.com> proto=ESMTPhelo=<quasit.gremlin.ca>

Oct 10 22:30:40 localhost postfix/smtpd\[2210]: NOQUEUE: reject: RCPTfrom quasit.gremlin.ca\[216.999.99.999]:

450 <gabrie@receivingdomain.com>:Recipient address rejected: Greylisted,

seehttp://isg.ee.ethz.ch/tools/postgrey/help/receivingdomain.com.html;

from=<taretz@sendingdomain.com> to=<gabrie@receivingdomain.com> proto=ESMTPhelo=<mx3.domainMX.net>

Oct 10 22:39:56 localhost postgrey\[1485]: delayed 591 seconds:client=quasit.gremlin.ca,

from=taretz@sendingdomain.com,to=gabrie@receivingdomain.com

Oct 10 22:40:41 localhost postfix/cleanup\[2440]: 0291A5AF61: hold:header Received:

from mx3.domainMX.net (quasit.gremlin.ca\[216.999.99.999])??by owa.receivingdomain.com

(Postfix) with ESMTP id0291A5AF61??for <gabrie@receivingdomain.com>;

Tue, 10 Oct 2006 22:39:56+0100 (BST) from quasit.gremlin.ca\[216.999.99.999];

from=<taretz@sendingdomain.com> to=<gabrie@receivingdomain.com> proto=ESMTPhelo=<mx3.domainMX.net>

Oct 10 22:40:41 localhost postfix/cleanup\[2440]: 0291A5AF61: hold:header Received:

from quasit.gremlin.ca (quasit.gremlin.ca\[216.999.99.999])??by mx3.domainMX.net

(8.12.5/8.12.5) with ESMTP idk9AKUw2V005694??for <gabrie@receivingdomain.com>;

Tue, 10 Oct 2006 16:30:58-0400 from quasit.gremlin.ca\[216.999.99.999];

from=<taretz@sendingdomain.com> to=<gabrie@receivingdomain.com> proto=ESMTPhelo=<mx3.domainMX.net>

Oct 10 22:40:41 localhost postfix/cleanup\[2440]: 0291A5AF61: hold:header Received:

from smtp2.cuci.nl (ford.oto-intranet.com\[212.125.143.226])??by quasit.gremlin.ca

(8.12.5/8.12.5) with ESMTP idk9AKUUpv005683??(version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHAbits=168 ver

from quasit.gremlin.ca\[216.999.99.999];from=<taretz@sendingdomain.com>

to=<gabrie@receivingdomain.com> proto=ESMTPhelo=<mx3.domainMX.net>

Oct 10 22:40:41 localhost postfix/cleanup\[2440]: 0291A5AF61: hold:header Received:

from artemis.cuci.nl (artemis.cuci.nl \[212.125.128.9])?by smtp2.cuci.nl

(BuGless_4.00) with ESMTP id k9AKN0E6002482? for<gabrie@receivingdomain.com>;

Tue, 10 Oct 2006 22:23:03 +0200 fromquasit.gremlin.ca\[216.999.99.999];

from=<taretz@sendingdomain.com>to=<gabrie@receivingdomain.com> proto=ESMTP helo=<mx3.domainMX.net>

Oct 10 22:40:41 localhost postfix/cleanup\[2440]: 0291A5AF61: hold:header Received:

from TOINENOTEBOOK (\[212.999.999.999])? byartemis.cuci.nl

(BuGless_3.01) with SMTP id k9AKLiVq005276? for<gabrie@receivingdomain.com>;

Tue, 10 Oct 2006 22:21:44 +0200 fromquasit.gremlin.ca\[216.999.99.999];

from=<taretz@sendingdomain.com>to=<gabrie@receivingdomain.com> proto=ESMTP helo=<mx3.domainMX.net>

Oct 10 22:41:27 localhost postfix/cleanup\[2440]: C50735AF69: hold:header Received:

from mx3.domainMX.net (quasit.gremlin.ca\[216.999.99.999])??by owa.receivingdomain.com

(Postfix) with ESMTP idC50735AF69??for <gabrie@receivingdomain.com>;

Tue, 10 Oct 2006 22:40:50+0100 (BST) from quasit.gremlin.ca\[216.999.99.999];

from=<taretz@sendingdomain.com> to=<gabrie@receivingdomain.com> proto=ESMTPhelo=<mx3.domainMX.net>

Oct 10 22:41:27 localhost postfix/cleanup\[2440]: C50735AF69: hold:header Received:

from quasit.gremlin.ca (quasit.gremlin.ca\[216.999.99.999])??by mx3.domainMX.net

(8.12.5/8.12.5) with ESMTP idk9AKVa2V005717??for <gabrie@receivingdomain.com>;

Tue, 10 Oct 2006 16:31:36-0400 from quasit.gremlin.ca\[216.999.99.999];

from=<taretz@sendingdomain.com> to=<gabrie@receivingdomain.com> proto=ESMTPhelo=<mx3.domainMX.net>

Oct 10 22:41:27 localhost postfix/cleanup\[2440]: C50735AF69: hold:header Received:

from smtp2.cuci.nl (ford.oto-intranet.com\[212.125.143.226])??by quasit.gremlin.ca

(8.12.5/8.12.5) with ESMTP idk9AKV3pv005699??(version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHAbits=168 ver

from quasit.gremlin.ca\[216.999.99.999];from=<taretz@sendingdomain.com>

to=<gabrie@receivingdomain.com> proto=ESMTPhelo=<mx3.domainMX.net>

Oct 10 22:41:27 localhost postfix/cleanup\[2440]: C50735AF69: hold:header Received:

from artemis.cuci.nl (artemis.cuci.nl \[212.125.128.9])?by smtp2.cuci.nl

(BuGless_4.00) with ESMTP id k9AKQ4xE002965? for<gabrie@receivingdomain.com>;

Tue, 10 Oct 2006 22:26:04 +0200 fromquasit.gremlin.ca\[216.999.99.999];

from=<taretz@sendingdomain.com>to=<gabrie@receivingdomain.com> proto=ESMTP helo=<mx3.domainMX.net>

Oct 10 22:41:27 localhost postfix/cleanup\[2440]: C50735AF69: hold:header Received:

from TOINENOTEBOOK (\[212.999.999.999])? byartemis.cuci.nl

(BuGless_3.01) with SMTP id k9AKOnPD005313? for<gabrie@receivingdomain.com>;

Tue, 10 Oct 2006 22:24:49 +0200 fromquasit.gremlin.ca\[216.999.99.999];

from=<taretz@sendingdomain.com>to=<gabrie@receivingdomain.com> proto=ESMTP helo=<mx3.domainMX.net>

domainMX.net is the company that delivers all my e-mail. The catch the smtp and forwards it to port 2525 on my firewall.

cuci.nl is the ISP from my friend.

The log is from: grep taretz /var/log/maillog

Gabrie

Message was edited by:

ken.cline@hp.com to narrow the display. This post is more than a month old now, so hopefully people will have had a chance to review it in its proper format. I did not delete anything, just reformatted Smiley Happy

http://www.GabesVirtualWorld.com
Reply
0 Kudos
yjchung
Contributor
Contributor

hard to tell from the log sample since it doesn't show every line.. but one guess is it's been quarantined or deleted because of high spam score?

Reply
0 Kudos