Baruwa 2.0.7 Enterprise Edition update released

March 23, 2015 at 10:00 AM | categories: 2.0.7, Baruwa, Releases, Baruwa Enterprise, BaruwaOS, Baruwa 2.0

Today we are issuing release -- Baruwa 2.0.7, this release contains new features and enhancements as well as several bug fixes. This release introduces backward incompatible changes.

The article is part of a series introducing the features available in Baruwa Enterprise Edition release 2.0.7. To read the other articles in this series go to https://www.baruwa.org/blog/category/2.0.7/

Features Roundup

BaruwaOS

Baruwa Enterprise Edition is no longer just a web interface, it is now a fully fledged mail security system using a customized enterprise Linux operating system. The goal is to provide you with a solution that just works out of the box.

The full package list is available at https://packages.baruwa.com/

BaruwaOS is described in detail in a different post, find it in part1

Baruwa Setup

Baruwa Enterprise Edition >= 2.0.7 uses an automated wizard based utility called baruwa-setup to configure the system. This utility collects configuration information from the user, performs any required software updates and then configures the system based on the profile selected and the configuration data collected. This simplifies the whole setup process in that the user does not have to edit any files.

Baruwa Setup is described in detail in a different post, find it in part2

Enhanced Clustering

This release has introduced enhanced and easy clustering with support in both BaruwaOS and Baruwa Setup.

Clustering is described in detail in a different post as well as in the documentation, find it in part3

Content Protection

Content Protection in Baruwa Enterprise Edition is used to manage the types of email attachments that users are allowed to send and receive. It can be deployed to prevent malicious attachments from entering an organizations network or to prevent internal users for sending out organization data out of the organization network via email.

Baruwa Enterprise Edition allows you to perform certain actions based on the type or name of attachments attached to an email message that is being processed by it.

Content Protection is described in detail in a different post as well as in the documentation, find it in part4

MTA Settings

This release introduces MTA settings management functionality within the web interface. Prior to this release MTA settings had to be managed by editing text files.

MTA Settings in Baruwa are used to Manage the following lists

  • Empty Reply Checks Exemptions
  • Subject Block List
  • Anti-Virus Checks Exemptions
  • System Signature Exemptions
  • Ratelimit Exemptions
  • TLS/SSL Exemptions
  • Anonymizer List
  • DKIM Checks Exemptions
  • DNSBL Checks Exemptions

MTA Settings are described in detail in a different post, find it in part5

Local Settings

This release introduces Local rule score settings management functionality within the web interface.

You will now be able to set local score for various spam checking rules to override the default rules all within the interface without having to modify a single file.

Please refer to the settings section of the documentation for details.

Datafeeds

We have introduced various Baruwa datafeeds that are used by BaruwaOS to improve detection rates. We currently have the following feeds.

  • DNSBL - both white and blacklists
  • IXHASH
  • Spamassassin Rules Channel - Our own rules channel
  • Phishing lists - Both white and blacklists
  • Rule scores update Channel

Using the above we are able to push in realtime new rules, scores etc, this means in most cases you do not have to monitor and manage rules and scores yourself we do it for you.

Address Tagging

This release has implemented functionality to support Email Address tagging. It is now possible to add addresses using a regex such as username-*@domain.com or username+*@domain.com. The supported delimiters are - and +.

Improved Approved and Banned Lists

Domain administrators are now able to use the list to all option which was previously only available to Administrators.

Listings to all are handled at the MTA level. MTA level checks now support blocking based on network address and network ranges as well. These were previously only supported after SMTP.

Outbound protections

Outbound relaying has been enhanced, rate limiting has been implemented as well as brute force protection. This ensures that your relays do not get blacklisted due to spam out breaks on your internal networks.

Adding on networks is now supported, previously you could only add a host.

DMARC

This release now supports DMARC checks, the checking takes place within the MTA and the scoring takes place within the scanner meaning you can use local settings to adjust the score settings.

Global Signatures

This release now supports Global Signatures which allow you to add a site signature to all mail sent out through the server regardless of the status of user or domain signatures. Can be used to add scanned by xxx messages

Baruwa Hosted Theme

The Baruwa Hosted theme is now available for installation and customization. You can install it via yum.

Timezone Awareness

This release implements timezone awareness for Baruwa reports, reports now sent to the user at the configured time in their own timezone not the server timezone. By default reports are sent at 07H00, users in New York or Sydney will each get the report at 07H00 their own local time.

Detailed SMTP Error Information

This release introduces and SMTP Error information page. This provides a more in depth error message than provided at SMTP time. The MTA will display links to this page for the detailed error message.

Monitoring

This release introduces monitoring via the NRPE protocol, depending on the system profile, the following points are available via NRPE.

  • Disk space
  • Uwsgi process
  • Database process
  • Database proxy process
  • Indexer process
  • Cache process
  • Message Queue process
  • Baruwa celery process
  • Baruwa Logging process
  • Mail Scanning process
  • Anti Virus Engine process
  • Message queue status
  • System Load
  • Security Updates

You can add your own NRPE monitoring points by placing a .cfg file in /etc/nrpe.d then reload the nrpe service to activate the monitoring points.

Backups

This release introduces a backup management system built on backupninja. It configures backupninja to backup the database, system configurations as well as the mail quarantine.

You can setup your own offsite backups by placing a file in the /etc/backups.d directory. The supported remote backup formats are:

New Features

  • Implemented the baruwa-setup utility that automates the configuration of Baruwa Enterprise Edition systems including clustered setups.
  • Implemented Content Protection functionality within the interface. This allows admins to manage File name and Mime Type block policies from within the interface. The policies can be set globally and on a per domain basis.
  • Implemented MTA settings functionality within the interface. This allows admins to manage various MTA exemption lists from within the web interface.
  • Implemented functionality to support Email Address tagging. It is now possible to add addresses using a regex such as username-*@domain.com or username+*@domain.com. The supported delimiters are - and +. This closes issue #55
  • Implemented the theme licensing checks. Templates that do not follow the guidelines will not render.
  • Implemented the list to all domains option for domain admins, when used the listing will be functional at SMTP time just as it is with when created by a server admin.
  • Implemented SMTP Error information page. This provides a more in depth error message than provided at SMTP time. SMTP server will display links to this page for the detailed error message.
  • Implemented timezone awareness for Baruwa reports, reports now sent to the user at the configured time in their own timezone not the server timezone. By default reports are sent at 07H00, users in New York or Sydney will each get the report at 07H00 their own localtime.
  • Implemented the baruwa.send.reports.at to allow configuration of the hour at which reports are sent out.
  • Implemented CDB based lookup files for Exim to improve performance and to ensure mail processing continues when the DB is inaccessible.
  • Implemented Site signatures which allow you to add a site signature to all mail sent out through the server regardless of the status of user or domain signatures. Can be used to add scanned by xxx messages
  • Implemented outbound relay rate limit settings, you can use this to control the sending speed of clients to prevent DNSBL listing during spam outbreaks.
  • Implemented checks to prevent DOS and Memory exhaustion attacks via large datasets in the bulk operations module such as bayesian learn of 100 messages on a system with insufficient memory. Baruwa will now check if the memory is sufficient to perform the tasks before executing them, it polls to check if memory has been released and times out after 10 checks.
  • Implemented online local scores management, this allows admins to set local spam rule scores. The local scores override the default system scores.
  • Added the msgfiles database column to store the location of a message, this speeds up message operations as the location does not have to be dynamically looked up each time. Dynamic lookups are still available to ensure that messages logged in the old format are still accessible.
  • Added tooltips to icon based links to assist screen readers.
  • Improved the Backup DB table creation process, the creation will only be attempted if the table does not exist. For existing tables the schema is checked and upgraded if it should be.
  • Implemented progress bar for Messages bulk processing

Bug fixes

  • FIX: Quarantined files were not being cleaned up.
  • FIX: celery restore_group is not supported by this backend is now fixed
  • FIX: Select all checkbox for domains and accounts search results pages
  • FIX: The change report options url in quarantine reports resulted in a 403 access denied error for non admin users.
  • FIX: XML formatted email messages were incorrectly handling, thus failed to display in preview.
  • FIX: Quarantine email logo was not displaying due to incorrect encoding of the attachment data.
  • FIX: AJAX generated dates used to show the browser timezone not the timezone configured by the user. This has been updated to ensure that the dates are generated in the users configured timezone.
  • FIX: prune-database was not honouring command line options
  • FIX: Added missing newlines at the end of files.
  • FIX: Virus checks ruleset generation task was duplicated.
  • FIX: Message totals were not being updated via AJAX.
  • FIX: It is now possible to download attached email .eml messages
  • FIX: Improved bulk message operations by updating code to use the new celery API with group and GroupResult
  • FIX: Ensure command line tools use the correct user and group id to ensure that files are created with the correct ownership.
  • FIX: It was not possible to delete multi select settings.
  • FIX: Incorrect defaults were being used in settings.
  • FIX: It was not possible to add multiple non SMTP-AUTH IP based relays
  • FIX: Branding not being done by the JS scripts
  • FIX: Encoding detection of mail records
  • FIX: DOM_RE regex incorrectly matched IP addrs
  • FIX: Incorrect rules being generated.

Upgrading

Please should refer to the upgrading and changelog sections of the documentation.