looking for good outbound antispam solution

[SoftDux]

Hi everyone,

I'm looking for a new outbound anti spam solution and hope someone can suggest something, which can meet most of these requirements:


web based management
per domain, and per user configuration
quarantine which allows end users to release emails
being able to view entire email (not just header) to see what it contains, and determine whether it's spam or not
help track spammer down (this is most important) to see whether the spam was sent using a script on the server, or from an SMTP login

It would be nice it this is a software solution, instead of an appliance which wen can run on our existing virtualized environment.


I primarily want to filter outgoing mail for spam and viruses, but if it acts as a good incoming mail scanner it would be a bonus.



The ONLY solution which I got so far is Untangle but I simply cannot get it to install on XEN.

Other solutions which I like but isn't actively being maintained anymore is MailCleaner. There was another solution but I can't remember the name anymore.

 

[hostmedic]

Check Out Baruwa.
VERY INEXPENSIVE (as in FREE)

It will require a VPS - centos - with puppet the install is very very simple.
Just yum install puppet - and then download the puppet config file - make a few edits (user/pass that you want) and then execute

in about 5 minutes or so you will have a fully functional inbound (AND OUTBOUND) Anti-Spam system.
The next step is very simple - setup your mx records for inbound if you so desire - and change your exim config to point to this for outbound

Search Baruwa on Google - tons of writeups and how-tos - but the best is the puppet centOS approach.
the SpamSnake using ubuntu is not as up to date (or was not when i tried it a month or so ago )

 

[SoftDux]

Thanx hostmedic.

This looks like what I'm looking for, but simply cannot get it to install with the CentOS 5 installation instructions. There seems to be a few "open cases" about it, but without resolution.

Do you have any working installation instructions for CentOS?

 

[hostmedic]

Sure -

Start with a FRESH CentOS 5 install.

then

echo yum update all
yum update -y

echo install repos
rpm -Uvh http://dl.fedoraproject.org/pub/epel/5/i386/epel-release-5-4.noarch.rpm
rpm -Uvh http://repo.baruwa.org/el5/i386/baruwa-release-5-0.noarch.rpm

echo install puppet
yum install puppet –enablerepo=epel -y

#get files
cd /etc/puppet
wget http://supportfiles.co.uk/baruwa.zip
unzip baruwa.zip
cd akissa-baruwa-puppet-8e84bba
mv modules /etc/puppet
mv manifests /etc/puppet
cd ..
rm -rf akissa-baruwa-puppet-8e84bba
rm -rf baruwa.zip

#open config file
vi /etc/puppet/manifests/toasters/baruwa/init.pp

#run puppet 
puppet -v /etc/puppet/manifests/toasters/baruwa/init.pp

If you are stuck hit me up with a PM and I will help you wrangle through it.

 

[SoftDux]

Sure -

Start with a FRESH CentOS 5 install.

then

echo yum update all
yum update -y

echo install repos
rpm -Uvh http://dl.fedoraproject.org/pub/epel/5/i386/epel-release-5-4.noarch.rpm
rpm -Uvh http://repo.baruwa.org/el5/i386/baruwa-release-5-0.noarch.rpm

echo install puppet
yum install puppet –enablerepo=epel -y

#get files
cd /etc/puppet
wget http://supportfiles.co.uk/baruwa.zip
unzip baruwa.zip
cd akissa-baruwa-puppet-8e84bba
mv modules /etc/puppet
mv manifests /etc/puppet
cd ..
rm -rf akissa-baruwa-puppet-8e84bba
rm -rf baruwa.zip

#open config file
vi /etc/puppet/manifests/toasters/baruwa/init.pp

#run puppet 
puppet -v /etc/puppet/manifests/toasters/baruwa/init.pp

If you are stuck hit me up with a PM and I will help you wrangle through it.

Thank you. This helped a LOT.

I initially followed these instructions: Baruwa:: A web 2.0 MailScanner frontend | Baruwa on RHEL/SL/Centos on a clean CentOS 5.7 and 5.4 XEN VM but got nowhere. Your instructions actually works and the VM is already up and running.

Thank you very much

 

[hostmedic]

Awesome!

With Puppet - its literally 5 - 10 minutes depending upon how fast you can copy/paste and edit and voila - install complete.

Now for the fun part - setup a 2nd system AND load balance

 

[SoftDux]

Awesome!

With Puppet - its literally 5 - 10 minutes depending upon how fast you can copy/paste and edit and voila - install complete.

Now for the fun part - setup a 2nd system AND load balance

Yes, it was quick. I would have preferred the yum route, purely since it's easier to update. But this will work for now

I just wish they had better documentation. Right now I can't figure out how to configure Baruwa to accept mail from my cPanel server. When trying to send mail through the Baruwa server, cPanel keeps giving me a "550 relay not permitted" error which I understand, but I got no idea how to tell Baruwa to accept mail from a cPanel server.





So, if anyone knows of a more mature system, please let me know.

 

[hostmedic]

That is a basic exim rule.

The Baruwa is not going to be open to just EVERYONE using it to send through.
You need to make the edits to the system config files to allow your cPanel system to perform the relay.


For inbound e-Mail - the system is very easy to setup.
Just use puppet and voila - go to town.

As for updates - puppet makes those very easy as well
So much so - if you follow the baruwa website - and watch for them - you can just update your puppet script and voila they are done.

Truth is - I don't do much now with yum vs. management of a large server farm (and vps for that matter) all via puppet.


Anyhow - that being said - you need to setup exim to allow for your cPanel server to use it as a relay.



FAQ/Policy_controls/Q0743 - Exim Wiki may help get you started.


Let's pretend and say your cpanel ip is 192.168.0.1 - you can either add just that ip or the entire subnet (if you own it) by a simple config change from

hostlist   relayfromhosts = 127.0.0.1

to

hostlist   relayfromhosts = 127.0.0.1 : ::::1 : 192.168.0.0/24

Bottom line - read the manual

 

[SoftDux]

Can someone please recommend something more mature?

 

[hostmedic]

SoftDux - did you ever find anything to your liking on this?

Baruwa 2 is out now - much nicer - but of course still takes some time to fine tune and make it work for yourself
Be interested in what you may have found...