VMware Virtual Appliances Community
andy_mac
Enthusiast
Enthusiast

ESVA 1.5.1

This is the latest version of my Email Security Virtual Appliance.

http://www.vmware.com/vmtn/appliances/directory/542

If anyone has any idea how to get this onto the VMware torrent tracker, please let me know...

In the meantime it's available by http download from

http://www.global-domination.org/ESVA/15/

FAQs and instructions are also available from the above address. If you have any experiences you would like to share, please do so in this forum.

Andy

Reply
0 Kudos
106 Replies
Gabrie1
Commander
Commander

In which settings file can I find where mailscanner / clavav / postfix or whoever, dumps the files in quarantine or if it deletes them?

Gabrie

http://www.GabesVirtualWorld.com
Reply
0 Kudos
andy_mac
Enthusiast
Enthusiast

In v1.5.1 the default action for spam is to quarantine in /var/spool/MailScanner/quarantine/

There is a bug which is documented in at http://www.global/domination.org/esva/15/faq.html as well as a possible release method (untested by myself) and a suggested work-around. Also check this forum.

-Andy

Reply
0 Kudos
Gabrie1
Commander
Commander

This was in my /etc/MailScanner.conf:

Spam Actions = deliver header "X-Spam-Status: Yes"

High Scoring Spam Actions = deliver header "X-Spam-Status: Yes"

Non Spam Actions = deliver header "X-Spam-Status: No"

Non MCP Actions = deliver

MCP Actions = deliver

High Scoring MCP Actions = deliver

and the quarantine dir is empty.

http://www.GabesVirtualWorld.com
Reply
0 Kudos
andy_mac
Enthusiast
Enthusiast

OK - Here goes...

Try this on a test VM first...

To create more space for everything on ESVA, follow the following procedure:

Shut down your ESVA VM.

Add a new disk (SCSI) - as big as you like.

Boot the VM up

login as root on the console

cd /tmp

fdisk sdb

n

p

1

/etc/fstab

umount /dev/sdb1

rm -rf /tmpvar

init 6

Try this on a test VM first...

-Andy

Reply
0 Kudos
ESVA
Contributor
Contributor

Hi,

First off - thanks - ESVA is easy to set-up etc. etc. etc.

Second - the question.... from a newbie...

I'm using ESVA as my Home smtp server, and I want to add a pop3 server as well.

I'm fairly sure ESVA doesn't come with one - I \*have* looked Smiley Happy but I appreciate that's not what it was designed for.

As far as I can tell, it also doesn't have a compiler on it..? is that right?

That makes it a bit hard to add any of the other small pop3 servers I've found.

So - the question is - How can I get a compiler on there, without there being a compiler already on there (IYSWIM?)

Or is it a case of - "If you want to get to there, I wouldn't start from here"?

I appreciate that such a question is outside of the design-scope of ESVA, but it can't hurt to ask Smiley Wink

Thanks,

Andy

(p.s. not sure how my username got to be ESVA.... I shall try and change it)

Reply
0 Kudos
andy_mac
Enthusiast
Enthusiast

You should be able to install if you use an rpm rather than compliling, but otherwise you can install compliler etc with:

yum install gcc

Also - can you please change your userid to something (anything) other than the name of my product?

-Andy

Reply
0 Kudos
AndyHunt
Contributor
Contributor

Ah - brilliant! Thank you.

Andy

(sorry about the username thing. I don't think you can actually change the username, so I created a new account. When it asks for your "Preferred Forum Username" I misread it as "Preferred Forum".... ho hum...)

Reply
0 Kudos
andy_mac
Enthusiast
Enthusiast

Cheers

Reply
0 Kudos
mfwade
Contributor
Contributor

All,

I just want to start off by saying that this product rocks. I run a small hosting company and my customers have called to say that they absolutely love how much SPAM this product has stopped.

My first question is this. It seems that GREYLISTING may be a bit much for a few of my customers. It seems that some messages meant for them (legit email) get greylisted and do not come through for hours (13000 plus seconds) to days. In saying days, I have to actually reboot the server (dont know the sequence to restart services, easier to reboot), when doing so I see that a whole bunch of messages get delivered. Having said that, is there something that is configurable that after X seconds deliver the message regardless of the outcome? Is there a way to disable GREYLISTING but show it being called in the logs? Maybe put this "warn_if_reject" somewhere? I have had to reboot the server several times to purge the queue if you will.

Thank you all in advance.

Marvin

Reply
0 Kudos
yjchung
Contributor
Contributor

Hopefully someone can answer what setting would fix this.

X-blah-MailScanner-ESVA-SpamCheck: spam, SORBS-SPAM,

SpamAssassin (not cached, score=-14.762, required 2.5,

HTML_MESSAGE 0.00, HTML_SHOUTING6 0.00, HTML_TAG_EXIST_TBODY 0.23,

USER_IN_DEF_WHITELIST -15.00)

SpamAssassin correctly identified it as not spam but since it showed up in SORBS-SPAM it's getting marked as spam. I don't want to turn SORBS off and preferrably I don't want to have to add the sender to the whitelist... or is that my only clean option?

Reply
0 Kudos
athink
Contributor
Contributor

Hi Andy,

This is just what I was looking for...But..??!!??

Here's what I want to do if someone or you can help me setup for real application of email filtering.

My mail host is not doing a good job on spam so I want to cross check it against ESVA to filter spam.

I have a linux box at home , behind firewall/router. I installed and setup esva over there with local ip address. It has a connection to internet.

All the services seems to be running and from the logs I can see it's doing the updates.

I did setup for 1 domain but would like to do multiple domains if it works.

I do not have DNS setup but I'm able to access nslookup.

Now I don't know where to start ???

How do I get the emails forwarded to ESVA ? Is there a way to fetch the emails ?

You mentioned forward mails to external IP. So from my router to NAT forwarding to esva server. But what will happen if ESVA is not available ?

Please shed some light on it. My apologies on long post but I'm frustrated with lots of spam not only clogging my inbox but also my blackberry.

My belt keeps vibrating for nonsense emails that I can't even read Smiley Happy

Reply
0 Kudos
yjchung
Contributor
Contributor

Here's what I'm doing for my mail since my host's spam filter isn't the greatest on earth.

I've set up a Dynamic DNS through no-ip.com to point to my home machine.

I've also signed up for Backup MX service through no-ip.com.

I change the MX record for my mail domain to point to both my dynamic and backup mx servers.

So now, my mail gets delivered to my esva server for filtering. If my server goes down, the mail gets sent to the backup mx and held there for up to 5 days until my home server comes back up.

Granted that the backup mx service only works for one domain and cost $29.95/year but I think it's worth the price for that piece of mind. Mind you, most email systems will keep retrying to deliver for a few days when your server goes down so you don't really need the backup if you can be sure that the esva server will not be down for more than 2 or 3 days.

Reply
0 Kudos
andy_mac
Enthusiast
Enthusiast

Reflecting upon what was good and what was bad about v1.5 when I was planning 1.6, I decided that all the sorbs lists were bad - far too many false positives generated. 1.6 uses far fewer lists, but adds other checks, such as dcc, pyzor, razor and spf. These have been extremely effective, and in testing have reduced the number of false-positives to next to zero.

My advice until 1.6 is available for download (and once you have tested it of course!) is to remove all the sorbs lists.

-Andy

Reply
0 Kudos
LogIQ
Contributor
Contributor

Hi Andy,

I am happy to see you have made and share what I have been trying to find time to do.

I bought the Mailscanner book, and started the installation and stopped. I have only little experience with linux, and therefore it was a hard case to solve.

My idea is to setup ESVA as a gateway, so it can scan both internal hosted mailboxes as well as mailboxes on other servers geografically seperated.

I know Mailscanner can be set up for this functionality, but can ESVA do that "out-of-the-box"?

I have not tried your Virtual Appliance yet, because I am waiting for the 1.6/2.0 with Mailwatch an razor pyror.

Thank you

Ulrich

LogIQ

Reply
0 Kudos
yjchung
Contributor
Contributor

Surprisingly enough, the one I posted earlier is the only false positive I've gotten so far. Averaging 300 emails a day and 1 false positive in over a month is good enough ratio.. of course I'd rather not have any but I don't want to remove SORBS and end up with more spam getting through since, at least for my system, I've seen more spams that gets past all other checks but caught by SORBS. Just wish there's a way to stop the blacklist checks if the sender is already in spamassassin default whitelist.

Reply
0 Kudos
emporio
Contributor
Contributor

Hello everybody,

again compliments to Andy ESVA is awesome.

I created list of people in Spam Assassin and set their addresses to never be consider as a spam but it seems its not working. When they send me a joke and even specified email address not to be consider as spam it gets flagged as a spam.

Has anyone run into same issue.

Reply
0 Kudos
yjchung
Contributor
Contributor

Your whitelist should be /etc/MailScanner/rules/spam.whitelist.rules

Reply
0 Kudos
andy_mac
Enthusiast
Enthusiast

Hi logiq,

I'm not sure if i'm interpreting your message correctly, but ESVA is essentialy a filtering mail relay (hopefully filtering all the spam out and relaying the ham!). What it won't do is scan mail that is already in mailboxes.

Currently there are many people all around the world using ESVA for filtering many domains (200+ domains and 50000+ messages /day in some cases) out out the box - all you need to do is configure postfix so that it knows where to relay messages to once it's filtered them, and which domains it's allowed to relay for. Not really any different in v1.6 (I've decided to call it 1.6 rather than 2.0 - it's only a name after all...)

-Andy

Reply
0 Kudos
andy_mac
Enthusiast
Enthusiast

I don't think that greylisting is the cuse of this problem - it's almost like the queues are filling up and getting stuck - have you run out of disk space??? If so there is a procedure in this forum for creating additional space which should help you out.

In terms of the 13000 second greylist thing, you pretty much have no control over that - it's upto the retry parameter in the originating mailserver. All you can do is whitelist any poorly configured (legit) mailservers so they don't have to go through the whole greylist thing.

HTH, Andy

Reply
0 Kudos
andy_mac
Enthusiast
Enthusiast

This document is really useful for MailScanner (Most Asked Questions):

http://wiki.mailscanner.info/doku.php?id=maq:index

\- Andy

Reply
0 Kudos