Configuration
The configuration of Baruwa Enterprise Edition systems has been simplified
and fully automated using the baruwa-setup
utility.
The page describes the configuration of the default standalone system if you are installing a distributed cluster system please refer to Cluster Configuration
StandAlone System
This is the default setup and is used for non clustered setups. All the components are installed on one server. Choose this option if you only want to run one server.
Automated Configuration
Baruwa Enterprise Edition >= 2.0.7 uses an automated wizard based utility called
baruwa-setup
to configure the system. This utility collects configuration
information from the user, performs any required software updates and then
configures the system based on the profile selected and the configuration
data collected. This simplifies the whole setup process in that the user
does not have to edit any files.
The baruwa-setup
utility is a wizard that asks a series of questions and
then configures the system based on the answers provided.
A pass phrase is required to secure the authentication information that is collected.
Make sure you choose a strong pass phrase which is easy for you to remember but difficult to guess for others, a long sentence describing a personal experience is a good pass phrase.
To start the configuration process login to the server with the username root
and
the password you set during installation.
Issue the baruwa-setup
command at the command prompt:
# baruwa-setup
The program will ask you to set a passphrase, enter the passphrase and press enter re-enter the same passphrase again to confirm. If the passphrase is accepted the System settings screen below will be displayed.
System Settings
This screen configures the basic system settings. The description of the options is as follows:
Option | Description |
---|---|
System Type | Set this to Standalone |
FQDN Hostname | This is the Fully qualified domain name This cannot be set to localhost |
IP Address | The system IP address usually detected |
Activation Key | Baruwa Enterprise Edition Activation Key |
Timezone | The system timezone, detected from the system configuration. |
Enable clustering | Do not check this |
Enable Monitoring | Check this to enable the NRPE service |
Scanner Settings
This screen sets the email scanner settings, The description of the options is as follows:
Option | Description |
---|---|
Organization name | Enter a short identifying name for your organisation
this is used to make the X-Baruwa headers unique for
your organisation Multiple servers within one site
should use an identical value here. It must not
contain any spaces.
|
Organization full name | Enter the full name of your organisation, this is
used in the signature placed at the bottom of report
messages sent by Baruwa. It can include pretty much
any text you like. You can make the result span
several lines by including “n” sequences in the text.
These will be replaced by line-breaks.
|
Use Shared Quarantine | Check this only if you have setup a shared filesystem
for the mail quarantine and configured the server to
mount the
/var/spool/MailScanner/quarantine directoryto it
|
Store clean mail | Check this if you want to store messages not tagged as
SPAM, Use this option only if it is legal in your country
|
Management Settings
The screen sets the management account settings, The description of the options is as follows:
Option | Description |
---|---|
Username | Administrator username
|
Password | Administrator password, Only strong passwords will be
accepted use a service such as passwordsgenerator.net
to generate strong passwords
|
Confirm Password | Renter the Administrator password
|
Email Address | Administrator email address
|
Management Web Settings
The screen sets the management web interface settings, The description of the options is as follows:
Option | Description |
---|---|
Web Hostname | The hostname to be used to access the web interface
|
Web Aliases | Alternative hostnames to use to access the web
interface. Use a space to separate multiple entries
|
Quarantine URL | This is default host url used in quarantine report
links, is overridden by domain settings.
|
Media URL | This can allow you to host media on a CDN or media
host, leave as default to serve of the same system.
|
Custom Name | This will replace all occurrences of Baruwa in the web
interface as well.
|
Custom URL | This creates links to your product page within the web
interface and email reports that are sent out.
|
Management Other Settings
The screen sets other management settings, The description of the options is as follows:
Option | Description |
---|---|
Reports Email | The email address used to send out email reports
|
Send Reports At | The hour at which to send reports, this is localized
to the users location based on their timezone setting
|
MemCache Host | The IP address of the Memcache Server
|
Database Settings
The screen sets database settings, The description of the options is as follows:
Option | Description |
---|---|
Host | The database server IP Address
|
Port | The database port
|
Admin Password | The database admin user password, Only strong passwords
that do not contain the symbols
' , " , @ ,# and : will be accepted. |
Confirm Admin Password | Confirm the database admin user password
|
Database Management User Settings
The screen sets database management user settings, The description of the options is as follows:
Option | Description |
---|---|
Management DB Name | The name of the management database
|
Management User | The management database username
|
Management User Password | The management database user password, Only strong
passwords that do not contain the symbols
' ," , @ , # and : will be accepted. |
Confirm Management User Pass | Confirm the management database user password
|
Database Bayes User Settings
The screen sets database bayes user settings, The description of the options is as follows:
Option | Description |
---|---|
Bayes User | The bayes database username
|
Bayes User Password | The bayes database user password, Only strong passwords
that do not contain the symbols
' , " , @ ,# and : will be accepted. |
Confirm Bayes User Password | Confirm the bayes database user password
|
Database Search User Settings
The screen sets database search user settings, The description of the options is as follows:
Option | Description |
---|---|
Search User | The search database username
|
Search User Password | The search database user password, Only strong passwords
that do not contain the symbols
' , " , @ ,# and : will be accepted. |
Confirm Search User Password | Confirm the search database user password
|
Message Queue Settings
The screen sets message queue settings, The description of the options is as follows:
Option | Description |
---|---|
Host | The message queue server IP address |
Port | The message queue server port |
Username | The message queue server username |
Password | The message queue server password |
Confirm Password | Confirm the message queue server password |
Search Index Settings
The screen sets search index settings, The description of the options is as follows:
Option | Description |
---|---|
Host | Indexing server IP address
|
Enable wildcard indexing | Enables Sphinx wildcard indexing, Setting this to true
will generate very large index files.
|
MTA Settings
The screen sets mta settings, The description of the options is as follows:
Option | Description |
---|---|
Mail Hostname | The mail server hostname
|
DKIM Selector | Sets the DKIM selector name, used to configure DKIM
signing.
|
Load Balancer IP’s | Proxy-Protocol load balancers, space separated IP
Address list
|
Enable Syslog Logging | Turns on MTA logging to syslog
|
Enable Subject Blocklist | Enable the blocking by subject functionality
|
Enable Anonymizer | Enable the Anonymizer functionality
|
Enable DKIM | Enable DKIM functionality
|
Enable Global Signatures | Enable Global Signatures
|
Log Load Balancer Connections | Log Load Balancer connections to the MTA log
|
Anti Virus Settings
The screen sets anti virus settings, The description of the options is as follows:
Option | Description |
---|---|
Enable Sane Signatures | ClamAV Unofficial Sane signatures to enable
|
Enable SecureInfo Signatures | ClamAV Unofficial SecureInfo signatures to enable
|
Message Sniffer Settings
The screen sets message sniffer settings, The description of the options is as follows:
Option | Description |
---|---|
License ID | Message Sniffer License ID This is emailed to you when
you purchase a subscription
|
Authentication ID | Message Sniffer Authentication ID This is emailed to
you when you purchase a subscription
|
SSL/TLS Settings
The Baruwa web interface MUST ran over SSL/TLS, other services such as SMTP AUTH
only work over SSL/TLS as well. So you need to either purchase a valid SSL certificate
or have baruwa-setup
automatically generate one non recognised SSL certificate for
you. If you do not have a CA issued certificate and do not intend on purchasing one
the leave the I have a CA issued Certificate
unchecked.
The certificate that baruwa-setup
generates will cover the web hostname, web aliases,
cluster members and the mail hostname. This means that you should copy this certificate to
other cluster hosts that you specified and select I have a CA issued Certificate
on
those hosts when you set them up instead of generating new certificates for them.
Note
We have partnered with the SSLShop to bring you discounted
SSL certificate pricing. RapidSSL CA
signed certificates can
be purchased at discounted pricing using the Discount coupon
“BARUWA” from http://www.sslshop.co.za
If you have a SSL certificate that is issued by a recognised CA and would
like Baruwa to use it, install it prior to running baruwa-setup
. Please NOTE
that you need certificates that cover the web hostname and aliases, and the mail
hostname. Please check I have a CA issued Certificate
.
The preferred location to install certificates and keys on the server is under /etc/pki
.
You need to create a directory structure under that and store your certificate under it.
The following example creates a baruwa directory under /etc/pki
and stores the
certificates and keys there:
mkdir -p /etc/pki/baruwa/{certs,private}
Create the following files
/etc/pki/baruwa/certs/baruwa.pem
with the contents of your SSL certificate/etc/pki/baruwa/private/baruwa.key
with the contents of your SSL private key
You need to create additional certificate pairs if your web hostname and mail hostname are not the same.
If you have a wildcard certificate with all your names being subdomains of that domain to which the certificate is issued then you can simply create one pair.
If you left I have a CA issued Certificate
unchecked you will be presented with
the following screen. You need to fill in the details which are used to create a
CA from which the certificate will be issued. The description of the options is as
follows:
Option | Description |
---|---|
Organization | OpenSSL CA Name
|
Email Address | OpenSSL email address
|
Country | OpenSSL country code
|
Province | OpenSSL province
|
City | OpenSSL city
|
If you checked I have a CA issued Certificate
you will be presented with the following
screen, you need to specify the locations of your certificates and keys. The description of
the options is as follows:
Option | Description |
---|---|
Web Certificate | The location of the web certificate file in PEM format |
Web Private Key | The location of the web private key file in PEM format |
Mail Certificate | The location of the mail certificate file in PEM format |
Mail Private Key | The location of the mail private key file in PEM format |
Setup Running
At this point there is nothing left for you to do until the setup is complete.
The program will update the screen with status information as well as logging
it to /var/log/messages
. If an error occurs the error information will be
displayed until you press the enter button and the program will exit.
Setup Complete
When the setup is complete the following screen will be displayed simply press enter and the program will exit
Post Configuration
Now that the installation and setup are complete, you need to finalize the setup by Adding a scanning Node, Add an Organization, Adding a Domain and Adding an Account. This is done through the management web interface.
The exact sequence to follow is:
- Add the Node
- Add an Organization
- Add a Domain Administrator for the organization
- Edit the Organization and assign Domain Administrator to the organization
- Add a Domain to the Organization
- Add a delivery server for the Domain
- Add any user accounts to the Domain if not using external authentication
Review the Administrators guide and Advanced configuration for other configuration and setup options available.