We will release BaruwaOS 6.9.1 on Monday 5th Feb 2018, this post highlights some of the features and changes that will be introduced as part of this release.
This BaruwaOS release strides across two baruwa-core releases 2.1.6 and 2.1.7.
This is the biggest feature release since our 2.0.7 release that introduced BaruwaOS. It will be the last major BaruwaOS 6.x release. The focus will now shift to the BaruwaOS 7.x series. With this release BaruwaOS 6.x will go in to maintainance mode.
For many users clustering of backend systems to eliminate single points of failure has been one of the most requested features. It is now possible to cluster backend systems thus eliminating the single point of failure in a Baruwa cluster.
Failover between the master and slave systems is automated. Read and write operations are transparently routed to the slave and master systems respectively.
The PostgreSQL database has been updated to 10.1 which is the latest version, improves performance and has lots of features not available in the previous versions.
baruwa-setup will automatically migrate your database from 8.4.20 to 10.1, although this process has been tested you may run into issues. Make sure you schedule changes with your change management process and create a large upgrade window. If possible ensure you make the changes during the time window in which technical support is guaranteed to be available.
TLS encryption for backend services is now mandatory, the Backend Traffic Encryption options have been depreciated. All services with external interfaces within the cluster now run over TLS.
To support this the builtin CA has been enhanced and automated. New cluster members now request certificates from the bootstrap server during the setup process.
Certificates are issued from intermediate CA’s for various components. To support the verification process the root CA certificate needs to be copied to the non bootstrap servers in the cluster prior to configuration.
We have added support for User Delivery Servers, using this feature it is now possible to deliver mail for different users in a domain to different servers.
User Delivery Servers are added to a domain, and can then be assigned to user accounts in that domain.
Multiple User Delivery Servers can be added to a domain as well as assigned to a user.
We have added support for SmartHosts, using this feature it is now possible to route outbound mail for a domain or an organization via an upstream smarthost.
This feature is useful for customers who want to send out mail via an external server that performs branding for example or archiving.
At the moment IP Address and SMTP AUTH based routing is supported. For SMTP AUTH the CRAM-MD5 and PLAIN mechanisms are supported over TLS.
Support has been added for the SAML2 external authentication method. Domains can now be configured to use SAML2 external authentication.
TOTP based Two Factor authentication support has been added, it is now possible to configure accounts to require Two Factor authentication. Any device or App that can generate TOTP tokens can be used. We recommend FreeOTP which is open source and developed by Redhat and available for Andriod and IOS.
The Avast Anti Virus Engine is now supported and can be configured as an SMTP Time or POST SMTP Time Anti Virus Engine. Avast AV requires a subscription, which you can purchase from us.
It is now possible to enter a blank from address in the lists manager, this allows users to manage list entries for senders that set a blank <> address such as auto responders, bounce messages, etc.
Indexed search is resource intensive, in some setups it is not worth the expense deploying extra resources to manage search. It is now possible to disable indexed search. Users can then use filters to find the messages they need.
An option has been added to baruwa-setup to allow for enabling and disabling of the search functionality.
External authentication is now modular meaning that you can install only the external authentication methods that you require and use. For example if you do not use LDAP you can disable that module.
On upgrade all external authentication modules will be disabled make sure that you enable the ones that you use in baruwa-setup.
The mail scanning component now supports the use of a RAM disk. This can be used on systems where disk access is slow and causing a bottleneck. This option requires 1GB of dedicated RAM to operate correctly.
To enable use of the RAM disk, enable that in baruwa-setup.
The MTA dynamic configuration system has been optimized by consolidating the settings in to fewer files. This improves system performance by keeping less files open at any time.
The number of configuration screens in clustered systems has been reduced. Most of the configuration options have been moved to the backend systems. For most options you only need to set them once on the bootstrap server. The other members of the cluster then pull these cluster wide configurations from the bootstrap server.
This is improves on the previous configuration where you needed to re-enter the same settings on several servers.
Due to the above changes, when upgrading you need to check the settings on your frontend systems and add those settings to your bootstrap server before running the updates on the frontend systems.
Filtering of archive contents has been improved. More archive types are now supported including 7zip based archives.
External authentication is now modular, all modules are disabled by default on upgrade. You need to explicitly enable the modules that you want to use.
The Encrypt all backend traffic option has been depreciated as backend encryption is now mandatory.
Memcached is now an optional component. It was previously a mandatory component on mail profile systems, this is no longer the case.
If you are using a custom template and do not update your templates you will ran into issues, ensure that you update your templates on upgrade.
Make sure that you copy the configuration settings from existing frontend systems to your bootstrap server prior to updating the frontend systems.
You can get the settings from your frontend system by running the baruwa-setup -e command