Web and Mail System

This is a frontend system it provides the mail and web interfaces, mail is delivered to the server and at the same time it serves as the web interface for both administration as well as end user access. This system requires a backend system or distributed backend systems. You can have several of these nodes scaling up or down as demand grows or drops.

Automated Configuration

Baruwa Enterprise Edition >= 2.0.7 uses an automated wizard based utility called baruwa-setup to configure the system. This utility collects configuration information from the user, performs any required software updates and then configures the system based on the profile selected and the configuration data collected. This simplifies the whole setup process in that the user does not have to edit any files.

The baruwa-setup utility is a wizard that asks a series of questions and then configures the system based on the answers provided.

A pass phrase is required to secure the authentication information that is collected.

Make sure you choose a strong pass phrase which is easy for you to remember but difficult to guess for others, a long sentence describing a personal experience is a good pass phrase.

To start the configuration process login to the server with the username root and the password you set during installation.

Issue the baruwa-setup command at the command prompt:

# baruwa-setup

The program will ask you to set a passphrase, enter the passphrase and press enter re-enter the same passphrase again to confirm. If the passphrase is accepted the System settings screen below will be displayed.

System Settings

This screen configures the basic system settings. The description of the options is as follows:

Option Description
System Type Set this to Web and Mail
FQDN Hostname This is the Fully qualified domain name This cannot be set to localhost
IP Address The system IP address usually detected
Activation Key Baruwa Enterprise Edition Activation Key
Timezone The system timezone, detected from the system configuration.
Enable clustering Check this
Enable Monitoring Check this to enable the NRPE service
../_images/mail-web-system-settings.png

Cluster Settings

This screen configures the cluster settings. The description of the options is as follows:

Option Description
Cluster ID
An integer number unique to each node
Cluster Peer Hostname’s
A space separated list of this nodes peers
Cluster Peer IP’s
A space separated list of this nodes peers
Cluster Session Secret
This is used to encrypt session information
a long password string over 35 characters,
the same value should be used on all the
cluster members. You can use a service such
as passwordsgenerator.net to generate it
../_images/cluster-settings.png

Scanner Settings

This screen sets the email scanner settings, The description of the options is as follows:

Option Description
Organization name
Enter a short identifying name for your organisation
this is used to make the X-Baruwa headers unique for
your organisation Multiple servers within one site
should use an identical value here. It must not
contain any spaces.
Organization full name
Enter the full name of your organisation, this is
used in the signature placed at the bottom of report
messages sent by Baruwa. It can include pretty much
any text you like. You can make the result span
several lines by including “n” sequences in the text.
These will be replaced by line-breaks.
Use Shared Quarantine
Check this only if you have setup a shared filesystem
for the mail quarantine and configured the server to
mount the /var/spool/MailScanner/quarantine directory
to it
Store clean mail
Check this if you want to store messages not tagged as
SPAM, Use this option only if it is legal in your country
../_images/scanner-settings.png

Management Settings

The screen sets the management account settings, The description of the options is as follows:

Option Description
Username
Administrator username
Password
Administrator password, Only strong passwords will be
accepted use a service such as passwordsgenerator.net
to generate strong passwords
Confirm Password
Renter the Administrator password
Email Address
Administrator email address
../_images/baruwa-settings.png

Management Web Settings

The screen sets the management web interface settings, The description of the options is as follows:

Option Description
Web Hostname
The hostname to be used to access the web interface
Web Aliases
Alternative hostnames to use to access the web
interface. Use a space to separate multiple entries
Quarantine URL
This is default host url used in quarantine report
links, is overridden by domain settings.
Media URL
This can allow you to host media on a CDN or media
host, leave as default to serve of the same system.
Custom Name
This will replace all occurrences of Baruwa in the web
interface as well.
Custom URL
This creates links to your product page within the web
interface and email reports that are sent out.
../_images/web-settings.png

Management Other Settings

The screen sets other management settings, The description of the options is as follows:

Option Description
Reports Email
The email address used to send out email reports
Send Reports At
The hour at which to send reports, this is localized
to the users location based on their timezone setting
MemCache Host
The IP address of the Memcache Server
../_images/baruwa-other-settings.png

Database Settings

The screen sets database settings, The description of the options is as follows:

Option Description
Host
The database server IP Address
Port
The database port
Admin Password
The database admin user password, Only strong passwords
that do not contain the symbols ', ", @,
# and : will be accepted.
Confirm Admin Password
Confirm the database admin user password
../_images/database-settings.png

Database Management User Settings

The screen sets database management user settings, The description of the options is as follows:

Option Description
Management DB Name
The name of the management database
Management User
The management database username
Management User Password
The management database user password, Only strong
passwords that do not contain the symbols ',
", @, # and : will be accepted.
Confirm Management User Pass
Confirm the management database user password
../_images/database-baruwa-settings.png

Database Bayes User Settings

The screen sets database bayes user settings, The description of the options is as follows:

Option Description
Bayes User
The bayes database username
Bayes User Password
The bayes database user password, Only strong passwords
that do not contain the symbols ', ", @,
# and : will be accepted.
Confirm Bayes User Password
Confirm the bayes database user password
../_images/database-bayes-settings.png

Message Queue Settings

The screen sets message queue settings, The description of the options is as follows:

Option Description
Host The message queue server IP address
Port The message queue server port
Username The message queue server username
Password The message queue server password
Confirm Password Confirm the message queue server password
../_images/message-queue-settings.png

Search Index Settings

The screen sets search index settings, The description of the options is as follows:

Option Description
Host
Indexing server IP address
Enable wildcard indexing
Enables Sphinx wildcard indexing, Setting this to true
will generate very large index files.
../_images/search-settings.png

MTA Settings

The screen sets mta settings, The description of the options is as follows:

Option Description
Mail Hostname
The mail server hostname
DKIM Selector
Sets the DKIM selector name, used to configure DKIM
signing.
Load Balancer IP’s
Proxy-Protocol load balancers, space separated IP
Address list
Enable Syslog Logging
Turns on MTA logging to syslog
Enable Subject Blocklist
Enable the blocking by subject functionality
Enable Anonymizer
Enable the Anonymizer functionality
Enable DKIM
Enable DKIM functionality
Enable Global Signatures
Enable Global Signatures
Log Load Balancer Connections
Log Load Balancer connections to the MTA log
../_images/mta-settings.png

Anti Virus Settings

The screen sets anti virus settings, The description of the options is as follows:

Option Description
Enable Sane Signatures
ClamAV Unofficial Sane signatures to enable
Enable SecureInfo Signatures
ClamAV Unofficial SecureInfo signatures to enable
../_images/av-settings.png

Message Sniffer Settings

The screen sets message sniffer settings, The description of the options is as follows:

Option Description
License ID
Message Sniffer License ID This is emailed to you when
you purchase a subscription
Authentication ID
Message Sniffer Authentication ID This is emailed to
you when you purchase a subscription
../_images/snf-settings.png

SSL/TLS Settings

The Baruwa web interface MUST ran over SSL/TLS, other services such as SMTP AUTH only work over SSL/TLS as well. So you need to either purchase a valid SSL certificate or have baruwa-setup automatically generate one non recognised SSL certificate for you. If you do not have a CA issued certificate and do not intend on purchasing one the leave the I have a CA issued Certificate unchecked.

The certificate that baruwa-setup generates will cover the web hostname, web aliases, cluster members and the mail hostname. This means that you should copy this certificate to other cluster hosts that you specified and select I have a CA issued Certificate on those hosts when you set them up instead of generating new certificates for them.

Note

We have partnered with the SSLShop to bring you discounted SSL certificate pricing. RapidSSL CA signed certificates can be purchased at discounted pricing using the Discount coupon “BARUWA” from http://www.sslshop.co.za

If you have a SSL certificate that is issued by a recognised CA and would like Baruwa to use it, install it prior to running baruwa-setup. Please NOTE that you need certificates that cover the web hostname and aliases, and the mail hostname. Please check I have a CA issued Certificate.

The preferred location to install certificates and keys on the server is under /etc/pki. You need to create a directory structure under that and store your certificate under it.

The following example creates a baruwa directory under /etc/pki and stores the certificates and keys there:

mkdir -p /etc/pki/baruwa/{certs,private}

Create the following files

  • /etc/pki/baruwa/certs/baruwa.pem with the contents of your SSL certificate
  • /etc/pki/baruwa/private/baruwa.key with the contents of your SSL private key

You need to create additional certificate pairs if your web hostname and mail hostname are not the same.

If you have a wildcard certificate with all your names being subdomains of that domain to which the certificate is issued then you can simply create one pair.

../_images/tls1-settings.png

If you left I have a CA issued Certificate unchecked you will be presented with the following screen. You need to fill in the details which are used to create a CA from which the certificate will be issued. The description of the options is as follows:

Option Description
Organization
OpenSSL CA Name
Email Address
OpenSSL email address
Country
OpenSSL country code
Province
OpenSSL province
City
OpenSSL city
../_images/tls2-settings.png

If you checked I have a CA issued Certificate you will be presented with the following screen, you need to specify the locations of your certificates and keys. The description of the options is as follows:

Option Description
Web Certificate The location of the web certificate file in PEM format
Web Private Key The location of the web private key file in PEM format
Mail Certificate The location of the mail certificate file in PEM format
Mail Private Key The location of the mail private key file in PEM format
../_images/tls3.png

Setup Running

At this point there is nothing left for you to do until the setup is complete. The program will update the screen with status information as well as logging it to /var/log/messages. If an error occurs the error information will be displayed until you press the enter button and the program will exit.

../_images/setup.png

Setup Complete

When the setup is complete the following screen will be displayed simply press enter and the program will exit

../_images/setup-complete.png

Post Configuration

Now that the installation and setup are complete, you need to finalize the setup by Adding a scanning Node, Add an Organization, Adding a Domain and Adding an Account. This is done through the management web interface.

The exact sequence to follow is:

  • Add the Node
  • Add an Organization
  • Add a Domain Administrator for the organization
  • Edit the Organization and assign Domain Administrator to the organization
  • Add a Domain to the Organization
  • Add a delivery server for the Domain
  • Add any user accounts to the Domain if not using external authentication

Review the Administrators guide and Advanced configuration for other configuration and setup options available.