Tips & tricks

Assign an outbound IP address per domain

Assigning an outbound IP address to a Sender Domain may:
Prevent default IP from losing reputation when a Sender Domain is not trusted.
Increase delivery/quality by associating an IP with good reputation to a Sender Domain.
Increase limits/time by associating an IP with good throughout to a Sender Domain.
Build reputation for a new IP using a Sender Domain with normal transactions.
Isolate a Sender Domain from being associated with others.

Disclaimer per domain

A disclaimer for each domain can be added in /var/www/disclaimer/domain.com.txt

Useful Bounce

You can add an URL page and a phone number for support. (web GUI > ROUTE)

These will appear in the returned bounce error.

Instead of phone number you can add an unfiltered email address such as postmaster@your-domain.com. You can add postmaster@your-domain.com as an alias to your it.department@your-domain.com mailbox, on your email server. But postmaster may become target for spam.

Example:

telnet 192.168.1.234 25

220 ScrolloutF1.scrolloutf1.com ESMTP  - Scrollout – Scrollout F1 2012-10-03

test

502-5.5.2 Error: command not recognized

502 5.5.2 For assistance, see http://www.scrolloutf1.com/contact or contact +40720xxxyyy. Please provide the following information in your problem report: Time: (Jan 30 10:43:07), Client: (192.168.1.9), Server: (ScrolloutF1.scrolloutf1.com).

Web GUI > ROUTE

Tag only the spam

You can choose to TAG only the spam messages as following:

1. Go to ROUTE

2. Click on Quarantine

3. Input a score value of 5 in the first field and 999 in the second field.

Done.

Install Kaspersky

Install Kaspersky Anti-Virus for Linux Mail Server

Kaspersky Anti-Virus is a commercial (non-free) anti-virus with a trial period.

Summary:

1. Download three files on a Windows PC (the antivirus application and two trial activation files).
2. Transfer all three files on Scrollout F1, in a temp folder (/tmp).
3. Install & configure the antivirus:
license agreement, enable automatic update, change the user, integration etc.

Details:

1. Download three files on a Windows PC (the antivirus application and two trial activation files).

http://www.kaspersky.com/downloads/productupdates/downloads_linux_mail

Choose Version 5.6 (5.6.48.0) for Linux (deb)

You need to request a trial activation key from:

http://www.kaspersky.com/kaspersky_security_mail_server_trial_download

You will receive an email with two files attached (.key and .txt files). Save both files (.key and .txt) in same location with .deb file.

2. Transfer all three files on Scrollout F1, in a temp folder (/tmp).

Use WinSCP (http://winscp.net/download/winscp512.zip) to transfer the .deb, .key and .txt files from your Windows PC to Scrollout F1. I choose /tmp folder for permission reasons.

3. Install & configure the antivirus

Go to Scrollout F1 terminal and run:
cd /tmp
dpkg -i kav4lms_5.6-48_i386.deb

You’ll be asked to agree or disagree the License terms.
You’ll be asked to answer basic configuration settings.

At this step:
Set up mail server anti-virus protection.
The following mail server(s) have been found on the server:
1) No integration
3) Postfix (/etc/postfix/master.cf)
Please choose 1-2:

Choose 1) No integration

Run in terminal:
chown amavis:amavis -R /etc/opt/kaspersky/; chown amavis:amavis -R /var/opt/kaspersky/; chown amavis:amavis -R /var/log/kaspersky/; chown amavis:amavis -R /var/run/kav4lms/

/opt/kaspersky/kav4lms/bin/kav4lms-setup.sh –switch-credentials=amavis,amavis

/opt/kaspersky/kav4lms/bin/kav4lms-setup.sh –remove-services

Update Scrollout F1:
Change the value in /var/www/ver
Run /var/www/bin/update.sh

Optional tasks

Check the current key:
/opt/kaspersky/kav4lms/bin/kav4lms-licensemanager -s

Add a new key:
/opt/kaspersky/kav4lms/bin/kav4lms-licensemanager -a /path-to/filename.key

Uninstall:
apt-get autoremove –purge kav4lms
/etc/init.d/amavis restart

Install BitDefender

BitDefender for Unices (Unixes) is a commercial (non-free) antivirus product with 30 days free trial.

Many well known antivirus products can be added thanks to Amavisd-new module, but the command-line installation for BitDefender is very easy (takes 3-5 minutes).

Note: During the following steps, you will be required to read (accept or decline) the license terms.

Installation steps

Edit /etc/apt/sources.list and add the line below:
deb http://download.bitdefender.com/repos/deb/ bitdefender non-free

Run:
wget http://download.bitdefender.com/repos/deb/bd.key.asc
sudo apt-key add bd.key.asc
sudo apt-get update
sudo apt-get install bitdefender-scanner
sudo bdscan

Read the license terms, accept or decline.

sudo /etc/init.d/amavis restart
Scrollout will show Found primary av scanner BitDefender at /usr/bin/bdscan in Monitor > Logs.

Update the antivirus:
sudo bdscan –update

Activate a new license key

If you decide to purchase a license key, you need to change the “key =” value in file /opt/BitDefender-scanner/etc/bdscan.conf

Uninstall

If you decide to uninstall:
sudo apt-get autoremove –purge bitdefender-scanner -y
rm -fr /opt/BitDefender*

Install Avast

Install Avast Anti-Virus Home Edition for Linux

Avast Anti-Virus Home Edition is a commercial (non-free) anti-virus with a free version for home use (not for business).

Register and obtain a License:
http://www.avast.com/registration-free-antivirus.php?lang=ENG
By registering you agree with these terms.

Download the Home Edition (non-business) for evaluation purpose:
cd /tmp
wget http://files.avast.com/files/linux/avast4workstation_1.3.0-2_i386.deb -O avast4workstation_1.3.0-2_i386.deb

Install:
dpkg -i avast4workstation_1.3.0-2_i386.deb

Increase shared memory:
sysctl -w kernel.shmmax=2147483648

Remove the existing serial key file (if any):
rm -fr ~/.avast/avastrc

Execute avast for the first time. It will ask for new key:
avast

Update avast:
avast-update

Schedule hourly update:
printf ‘#!/bin/bash\navast-update > /dev/null 2>&1\n’ > /etc/cron.hourly/avast
chmod +x /etc/cron.hourly/avast

Allow amavis to access the new key file:
chown amavis.amavis ~/.avast/avastrc

Update Scrollout F1:
Change the date in /var/www/ver
Run /var/www/bin/update.sh

Uninstall:
apt-get autoremove –purge avast4workstation
rm -fr /etc/cron.hourly/avast
/etc/init.d/amavis restart

How to Update

Run the Update

See the latest changes here

1. Go to Linux console.
2. rm /var/www/ver
3. /var/www/bin/update.sh

Configure Scrollout F1 email firewall

An email gateway (a.k.a. firewall) is a machine (physical or virtual) installed between Internet and the email server.

Its primary role is to protect the email server by filtering incoming messages, via SMTP protocol, from Internet.

Secondary, an email gateway may be used as an outgoing gateway in case you want to add some new email features which are not provided by older email servers. For instance, Exchange 2000 or 2003 has no DKIM signing and verification service – a quality improvement for message delivery.

The features offered by Scrollout F1 are presented on short in About page.

After installation, the configuration is pretty easy.

In order to start using this application you need to cover only the BASIC CONFIGURATION (points 1 and 2 below).

Basic configuration:

1. CONNECT

   Set the network connection: IP address, subnet mask, gateway and DNS.

   

   CONNECT

2. TRAFFIC

   You need to mention your domains and the responsible email server for each domain. Each domain must be unique, but the servers can have same value in case you are using one email server for multiple domains.

   The gateway system will become responsible for receiving emails that are addressed to all domains mentioned in this page and will forward the messages to the email servers.

   Optionally, in case you want to use the gateway for sending outgoing messages, Scrollout offers a DKIM signature and the values that are necessary to be used in your DNS server for each domain. In case that your email servers are using IP addresses different than standard intranet CIDR (10.0.0.0/8, 192.168.0.0/24, 172.16.0.0/12) you must mention the range or IP in CIDR format by clicking “OUTBOUND”.
   Note, this requires some time to process and the web interface will be provided before finishing the task in order to allow you to make other settings in the meantime.

   Now, you are ready to point your incoming SMTP traffic to Scrollout box. This can be done via an existing router (or firewall) or by modifying DNS MX records for each domain. The first method is much simpler.

   

   TRAFFIC Route

Advanced configuration:

1. SECURE

   SECURITY

   

   SECURE > Security

   You can set the aggressiveness by clicking on a number between 1 and 10 (green is aggressive, red is permissive). Each filter is explained in the web gui.

   COUNTRIES

   Set the geographical area in which you have business, you may have business or you are 100% sure you will never have any business (contact).
   

   SECURE > Countries

2. COLLECT

   SPAM & LEGIT has two roles:

   Quarantine role:Indicates the quarantine mailbox hosted on your email server. All spam and infected messages will be recorded in this mailbox along with a reporting email.

   Feeder role:  Scrollout F1 can learn from legit and spam messages, block sender email address and whitelist the sender domain using same Collector mailbox that is used for quarantine.
   Using an IMAP Client like MS Outlook you can easily drag & drop multiple emails into mailbox folders.In order to use the feeder feature, you need to:
   - Create two additional folders under this mailbox. Lets create a GOOD folder and a BAD folder.
   - Activate IMAP service on your email server.
   - Input the name, user & password of the mailbox, server IMAP address, and the GOOD and BAD folders.In case you created subfolders (instead of folders) under Inbox, you need to mention Inbox\GOOD and Inbox\BAD. Never use standard folders like Inbox and Sent Items. Scrollout deletes messages after reading.
   
   Tip 1: With Microsoft Office Outlook you can open multiple mailboxes simultaneously. This method allows you to easily drag & drop multiple emails from other mailboxes in GOOD & BAD folders.
   Tip 2: The Collector mailbox can be opened by multiple users via IMAP and they can share the GOOD and BAD folders. Depending on the permissions set they can read, contribute, delete etc.
   Tip 3: Never whitelist public email providers (yahoo, gmail, hotmail etc.). By doing that, you will allow a large number of spammers to send junk emails. In case you did that, find spam emails originating from those domains and drag them in BAD folder.

   Spam traps: its goal is to infect spammers’ databases with traps (alphabetically). Press “Get code” and hide the email addresses from the csv file into your web page. In approximately 1 month you will receive spam in the Collector’s Inbox which can be used to feed Scrollout F1.

   

   Collector & Feeder

   LiteDLP can be used to:

   

   LiteDLP

   - block files using MD5 signatures. In case the file is modified, it will not be blocked. It is useful to block files that cannot be blocked by content filters and are rarely modified: e.g.  personal sensitive pictures, designs, scanned documents without text etc.

   - detect and block keywords and phrases in MS Word, Excel, PowerPoint, PDF and scanned documents containing text.
   The sensitive email must reach the score level set in Security > LiteDLP, . The score is the sum of all keywords and phrases found in the entire email content (sum of all results found in all attachments + email body). In this way, we cover the cases when the sender breaks a document in multiple pieces in order to trick the scoring.
   In order to provide the files and phrases to be blocked by Scrollout F1, you need to share a folder on a Windows PC or Server and provide write permissions for the account mentioned in LiteDLP page.
   LiteDLP is mainly addressed to managers and leaders, not to IT staff. Thus, you may provide write permission to a Management\Leadership Group (in Active Directory) for the shared folder.

   I’m an infrastructure admin and in practice the informational flow (involving data leakage) is:
   step 1: managers, chefs and team leaders are assigning tasks, in their departments, providing necessary information and documents.
   step 2: the information and documents are leaked (accidentally or not) from their departments to external emails (personal emails or, worse, to third parties).
   In response: any information and documents, that are for internal use only, should be addressed to LiteDLP too.
   IT staff can assist, but cannot decide and act in these cases.

   In addition, LiteDLP attempts to detect compressed files and files without extension type (including multimedia files).

3. MONITOR

   LOGS- Watch traffic in action.

   

   Monitor > Logs

   STATS- See statistics.

   

   Monitor > Graph

Scrollout F1 is under development. You will receive automatic updates with each improvement.

Install a free email gateway with anti-spam, anti-virus using Scrollout F1

Description

• Designed for Linux and Windows email system administrators, Scrollout F1 is an easy to use, already adjusted email firewall (gateway) offering free anti-spam, anti-virus protection and Data Loss Prevention aiming to secure existing email servers, old or new, such as Microsoft Exchange, Lotus Domino, Postfix, Exim, Sendmail, Qmail and others.
• Built-in multilayer security levels make configuration effort equal to a car radio.
• It combines simplicity with effective protection using powerful open source with additional set of rules & filters.

The installation is easy. Even if you are a newbie in Linux there is not much room for errors. However, a basic knowledge in email routing and traffic is required.

Estimated time: 30 minutes.

A simpler alternative to this article for Windows admins is to use the customized .iso image.

Important:

Make sure you provide valid network settings in order to connect to the Internet during installation.

Do not attempt to install on an existing system. You cannot have multiple postfix, spamassassin, clamav instances. Deploy Scrollout F1 on a fresh Ubuntu/Debian system.

1. Download Ubuntu Server or Debian

A clean Ubuntu or Debian operating system must be installed. Do not use an existing system on which you have installed other applications and services like an existing web server and email server. The installation process will overwrite the existing settings.

Download a version of Ubuntu Server, preferable, a version that ends with 04. (10.04, 11.04, 12.04 or later)
For Debian, use this link. The installation process is almost identical to Ubuntu, but lighter and faster.

2. Install Ubuntu Server, Alternate or Debian

Important note: When you are asked to configure network connection please make sure you input the correct settings. You need a working Internet connection during installation.

3. Install Scrollout F1

Login to the Ubuntu terminal console using your user and password. For Debian use “root” account.
Again, make sure your internet connection is working properly and type the following commands:

apt-get install sudo -y
sudo –i
cd /tmp
wget http://sourceforge.net/projects/scrollout/files/update/scrolloutf1.tar/download -O scrolloutf1.tar
tar -xvf scrolloutf1.tar
chmod 755 /tmp/scrolloutf1/www/bin/*
/tmp/scrolloutf1/www/bin/install.sh

Press-hit ENTER every time you are asked to answer a question. By doing this you will select the default answer.

When done, the Graphic User Interface URL address and default Admin password will be displayed.
URL: http(s)://host-ip/
User: Admin
Password: 123456

To uninstall run:
/var/www/bin/uninstall.sh

Used ports:

out 53 UDP – DNS query, RBL

out 80 TCP – HTTP updates

in/out 25 TCP – SMTP traffic

out 6277 UDP – DCC service

out 2703 TCP – Razor2 service

out 24441 UDP – Pyzor service

out 123 UDP – NTP time