Global-Domination.org ESVA 1.5.1 readme (25/08/2006) Contents: -About ESVA -What's New since version 1.0? -Requirements -Usage -Configure your environment -Configure ESVA -Testing -Contact About ESVA: ESVA was born out of a need for organisations to have a cost-effective email virus & spam scanning solution. There are other commercial products out there, but these are often too expensive for small organisations to justify, or the existing free products are beyond the abilities of these organisations. ESVA is simply a pre-built and semi-configured email scanning (security) Virtual Appliance (ESVA) that will run on VMware Workstation, Server, Player or ESX Server. The idea is for the appliance to be pretty much set & forget with an easy to use interface so that users don't really need to know how to use the underlying GNU/Linux. -Components O/S: Redhat Fedora Core 4 (kernel 2.6.17-1.2142_FC4) MailScanner: (4.55.10-3) MTA: Postfix (2.2.2-2) AntiSpam/Phishing: SpamAssassin (3.0.6-1.fc4) AntiVirus: ClamAV (clamav 0.88.4-1 and clamav-server 0.88.4-1) Greylisting: Postgrey (1.27-0) VMware Tools: Installed Web Interface: Webmin (1.270-1) What's New since version 1.0? -ClamAV version update -MailScanner version update -VMware Tools version update -Webmin interface tidy-up -Webmin now uses SSL -Postgrey implemented -Download size reduced by over 150MB! -Address validity checking against downstream mailserver (ESVA will reject invalid addresses, not Exchange) -More blacklist checking In a nutshell ESVA is pretty much the same as v1.0 with some updated components and the addition of postgrey, which effectively kills most spam in it's tracks, allowing the MailScanner process to scan more worthy messages. for more information on postgrey visit http://isg.ee.ethz.ch/tools/postgrey/ Requirements: The downloaded zip file containing ESVA is approx 224 mb, which unzips to approx 1.5 GB. This may increase over time upto 2GB (the Disk files are configured to expand as required). ESVA requires 256MB RAM to run as configured, and will need access to a bridged network interface. Usage: It is intended that ESVA will be run on top of an existing server (e.g. MS Small Business Server) behind a hardware firewall. ESVA logically sits between the firewall and the Mail Server. Configure your environment: Allocate a static IP address for the appliance and configure forward and reverse DNS records for it. Your network team should be able to help you with this, otherwise check your DNS and DHCP server documentation. If you have no internal DNS, you will need to set the hostname manually as well as do some other tricks... For the purpose of this document I am assuming that you have internal DNS and DHCP. Once ESVA is configured, you will need to change any port forwarding configured on your firewall to point toward ESVA so that it can intercept and scan your mail. Please refer to your firewall/router documentation how to do this. NOTE: Where text is in between < and > this is what you should type - obviously without the < and > characters! Configure ESVA: -Login as root to the VMware console The password is -Change root password: In the console type then follow the prompts -Set static IP: tab to Network Config and press enter tab to Ethernet and press enter Keep the name and device the same (eth0). tab to the DHCP field and press space to uncheck. tab down and enter appropriate IP details. OK/save/whatever. NOTE: The system will keep the DHCP configured DNS settings. If you need to change these, you will need to edit /etc/resolv.conf -reboot: -Configure MailScanner: go to https:///mailscanner/ and click on the Edit MailScanner Config File icon. You will need to set the following (all near the top of the file): -%org-name% -%org-long-name% -%web-site% -Configure Postfix: Go to https:///postfix/ and click on the Edit Map File icon. If the FQDN of the appliance is different to the public name (e.g. The hostname of the appliance is mailscanner.internal.global-domination.local and the public name is mail-gw.global-domination.org) you should set the myhostname parameter to the public name. You should set this if you aren't sure of the internal FQDN. e.g. myhostname = mail-gw.global-domination.org If you set myhostname, you should also set mydomain e.g. mydomain = global-domination.org If this appliance is to process mail for more than the domain configured in mydomain above, you must add additional entries to the relay_domains parameter (comma delimited) e.g. relay_domains = $mydomain, global-domination.eu, global-domination.co.uk If you don't have an MX record configured in your internal DNS pointing toward your real mail server, you should configure the relayhost parameter. You should also configure this if you aren't sure. e.g. relayhost = 192.168.10.99 To make sure everything is reset correctly, restart your appliance by going to: https:///init/ and clicking on the reboot system button at the bottom of the page. Testing: -To confirm that ESVA is running, has the correct hostname configured and listening for messages, attempt to telnet to port 25 (in Windows, type 'telnet 25') you should get a response something like: 220 mail-gw.global-domination.org ESMTP Postfix Try this from inside and outside the firewall -Check the Mail log for activity & errors: go to https:///syslog/save_log.cgi?idx=4&view=1 Contact: This Virtual Appliance was created by Andrew MacLachlan (andy.mac@global-domination.org) If you have any queries please contact me and I will do my best to get back to you with a timely response: andy.mac@global-domination.org