VMware Virtual Appliances Community
andy_mac
Enthusiast
Enthusiast

ESVA 1.5.1

This is the latest version of my Email Security Virtual Appliance.

http://www.vmware.com/vmtn/appliances/directory/542

If anyone has any idea how to get this onto the VMware torrent tracker, please let me know...

In the meantime it's available by http download from

http://www.global-domination.org/ESVA/15/

FAQs and instructions are also available from the above address. If you have any experiences you would like to share, please do so in this forum.

Andy

Reply
0 Kudos
106 Replies
mfwade
Contributor
Contributor

Andy,

You may be right and on to something here...

Mail3 output:

Filesystem 1K-blocks Used Available Use% Mounted on

/dev/mapper/VolGroup00-LogVol00

1682224 1371396 223996 86% /

/dev/sda1 101086 10295 85572 11% /boot

/dev/shm 257748 0 257748 0% /dev/shm

mail4 output:

Filesystem 1K-blocks Used Available Use% Mounted on

/dev/mapper/VolGroup00-LogVol00

1682224 1157988 437404 73% /

/dev/sda1 101086 10295 85572 11% /boot

/dev/shm 257748 0 257748 0% /dev/shm

It shows 86% and 73% used? Both of these servers are no longer Greylisting at this time as I have used the warn_if_reject statement. I guess I should have looked at the disk usage prior to the reboot. That would have at least told me if I was out of disk space. If I was out of disk space, would MailScanner still be called to try and process messages? The reason for that question is this, every time I see that the server is not delivering the mail to the downstream mailserver I do not see the calls to MailScanner... I dont see this:

Oct 18 23:03:19 mail3 MailScanner\[2934]: New Batch: Scanning 1 messages, 15310 bytes

Oct 18 23:03:25 mail3 MailScanner\[2934]: Spam Checks: Found 1 spam messages

Oct 18 23:03:25 mail3 MailScanner\[2934]: Virus and Content Scanning: Starting

These were taken from my current log, just used as example.

In any event the server still receives the mail, just seems to be a queue problem like you suggested. I will turn on the Greylisting again and when the problem happens again I will look at disk space first. Do you think I can just restart the MailScanner service and it will try to empty the queue? A reboot empties the queue but really dont want to keep doing that. The last reboot showed there were over 600 messages waiting Smiley Sad

Thanks again and I look forward to future releases.

Marvin

Reply
0 Kudos
LogIQ
Contributor
Contributor

What I was asking was whether ESVA could act as a mail relay multiple mailservers spread around the world, and not just inhouse mailservers.

Reply
0 Kudos
yjchung
Contributor
Contributor

That's possible I think but needs a few tricks to handle multple mailservers.

I'd imagine that the MX records for all the servers needs to be corrected so that the mails hit ESVA first. That is, ESVA machine will have the lowest priority in the MX records for each of the mailservers you want to relay for.

Then you'd need to "tweak" ESVA's dns records to trick it to think that the actual mailservers have lower MX priority than ESVA.

Reply
0 Kudos
LogIQ
Contributor
Contributor

I know it is possible, since I have asked someone at MailScanner about it, and I have also seen quite a few commercial solutions, where service providers sell hosted antivirus and spamfiltering.

The question goes to how to mail ESVA do it.

Thx again!

Reply
0 Kudos
athink
Contributor
Contributor

Is it possible to reduce the time to go on backup mailserver if esva is not available ?

4-5 days is unacceptable for me if I can't bring it up on time..

Thanks for the tips.

ESVA really looks easy to setup if you have one domain , one mail server and they are all at same physical location.

But I'm trying to do here is what my ISP supposed to do. They have spamassasin but does not work well it looks like.

Can somebody share their configuration on multi domain setup ?

Thanks in Advance.

Reply
0 Kudos
yjchung
Contributor
Contributor

It's the same problem I was faced with. BTW I double checked and it's 7 days.

My resolution was that if all things fail then I can set my backup mx service to send the mail directly to my ISP's mailserver. NoIP's backup mailserver does some basic RBL and spam filtering and combine that with my ISP's mediocre spamfiltering I shouldn't be in too much of a mess with spam while I try to bring back esva.

As for multiple domains, I didn't want to pay $30/yr for each domain so I just picked the most important one. The others, if my esva goes down, then the mail will be sent to my isp's mailserver.

But, like I said in another post, you can change the ESVA's dns settings to trick it into thinking that your ISP's mailservers have lower priority MX and thus send all mails to those servers.

Basically, the external dns records for your domain will be something like

MX 0 your.esva.server

MX 10 mail1.no-ip.com

whereas your ESVA server's dns records will say

MX 0 your.isp.mailserver

Here's an article that might help in understanding how to set this up.

http://evpc.biz/computing/Linux/using_BIND_as_a_local_DNS_server

Reply
0 Kudos
athink
Contributor
Contributor

Thanks for taking time to respond. I'll try these and read the link.

I'm not running a DNS server locally I hope that's not a problem.

Reply
0 Kudos
andy_mac
Enthusiast
Enthusiast

Hi Marvin,

Greylisting isn't your problem (as it works by rejecting messages outright, so never queues them) - it will be the size of the queues of recieved mail. Try increasing the number of child processes in MailScanner.conf - this will allow MailScanner to process more messages at a time (try 10 or 12 children, but remember to increase the memory allocated to ESVA - suggest 512mb.)

Turning greylisting off will infact exacerbate any queue size problems you are experiencing due to decreased rejections of messages from spambots.

Let me know how this works out for you.

-Andy

Reply
0 Kudos
andy_mac
Enthusiast
Enthusiast

There are several ISPs using ESVA exactly for that purpose.

The customers domain mx records need to point to ESVA installs, then ESVA can deliver messages to the customer mailserver by using it's own (non-dns) lookup table - this can be either name or address based.

\- There are two things that you need to tell ESVA (both configured in /etc/postfix/main.cf) - who to relay for, and where to relay to.

You can create mapfiles for this purpose - read the comments in main.cf for more info and see the other parameters that are using mapfiles for examples.

\- HTH, Andy

Reply
0 Kudos
Black_Ink
Contributor
Contributor

Hi Andy,

Are you able to share any of the details for V1.6?

I am looking for features that simplify admin. Specifically, tools that would let a non-Unix user or admin configure the appliance.

I'm also willing to help code up and have a couple of ideas to help things along.

Regards,

Anthony

Reply
0 Kudos
andy_mac
Enthusiast
Enthusiast

Hi - I have just finished this document on configuring for multiple domains - same principle applies for where there is no internal DNS.

http://www.global-domination.org/ESVA/howto/howto-esvamultidomainrelay.pdf

-Hope this helps.

Andy

Reply
0 Kudos
LogIQ
Contributor
Contributor

Hi Andy,

I just downloaded ESVA, installed and configured is as a gateway for multiple domains on multiple servers on multiple locations, and it seems to work perfectly, although I just made some initial testing...

I remember reading the MailScanner book, that some custom rulesets for SpamAssasin could make it very much more accurate. I looked it up and there are 2 good places, one is Rules Du Jour (french for rule of the day), and Rules Emporium.

The links are http://www.exit0.us/index.php?pagename=RulesDuJour

and http://www.rulesemporium.com/

Reading in forums admins praise these rulesets, which are updated daily.

Thanks again for the good work, you are the man Smiley Wink !

Best regards, Ulrich

Reply
0 Kudos
andy_mac
Enthusiast
Enthusiast

Thanks Ulrich,

I have SA updating (standard SA rules) daily in v1.6 which is working very well - my test site is getting no spam at all, so all is very promising. Still looking for an end of month release for 1.6 once docs and final tweaks are complete.

RDJ is very good, but is best left to the individual site to configure their own if the standard rules aren't working for them - the more rules you have in place the more spam is caught, but more false positives too. I tend to err on the side of caution where I accept that some spam will get through to minimise false-positives.

-Andy

Reply
0 Kudos
jovball
Contributor
Contributor

Andy:

One of the previous posts asked about checking outbound mail like Barracuda. You had replied that it was possible with some config changes. Is there any documentation showing how to do that?

Also, is there any chance you would include DSPAM as an additional or optional anti-spam tool in the future?

Thanks for your work on this.

Joel

Reply
0 Kudos
andy_mac
Enthusiast
Enthusiast

ESVA 1.6 is coming... The release date will be Sunday, 29th October 2006.

I will post another message in this forum once I have released the product after final testing is complete this week.

-Andy

Reply
0 Kudos
andy_mac
Enthusiast
Enthusiast

Hi Joel,

ESVA 1.6 has this capability built-in (as well as many others, such as very simple multi-domain, multi destination configuration). - Less than a week to wait for release. I think that you will find 1.6 to be a very good alternative to commercial (hardware) appliances like Barracuda.

-Andy

Reply
0 Kudos
andy_mac
Enthusiast
Enthusiast

Hi Marvin,

1.6 has a 4GB disk as defailt, but it is trivial to add another disk for large/high volume sites.

I have also put some alerting in place for common error conditions such as full filesystems...

-Andy

Reply
0 Kudos
yjchung
Contributor
Contributor

Excellent! I will gladly donate some of my bandwidth for distribution.

Reply
0 Kudos
emporio
Contributor
Contributor

Andy,

that is great news. Can't wait 'til 29th Smiley Happy that will be highlight of Octobar (ofcourse after my Vegas trip Smiley Happy ).

I will help out with distribution as well

thx again

-emp

Reply
0 Kudos
BakCompat
Contributor
Contributor

Good work on ESVA.. definitely fills a niche that hasn't quite had the appropriate appliance available for it till now. I've been doing some testing with it and like the functionality. I've currently got a Barracuda 400 in place for incoming mail that's processing around 20k emails per day, blocking approximately 80% of the email as spam. 80% is a good amount, but not exactly great. I'd like to eventually replace the Barracuda 400 with ESVA 1.6 after you finalize it, and convert the Barracuda to outbound email scanning to block those people that get totally hijacked with spyware and end up with open relays on their boxes. Is this the standard config for others with an existing Barracuda? Or are you guys keeping it in place as a first measure, then "refining" the process further with ESVA? I'd just as well be done with the Barracuda myself, but since it's pre-existing in the network, i might as well use it for something..

Any thoughts would be appreciated in how to best utilize it in conjunction with ESVA.

Reply
0 Kudos