Backend System

This setup installs all the backend components on to one server, the backend components that are installed are:

  • Database Server
  • Message Queue Server
  • Search Index Server
  • Cache Server [Optional]

This profile is used in the Single Backend Distributed Frontend and Single Backend Hybrid Frontend topologies.

Servers setup using this profile can be setup as a Bootstrap server.

Automated Configuration

Baruwa Enterprise Edition >= 2.0.7 uses an automated wizard based utility called baruwa-setup to configure, update and manage the system. On the first run this utility collects configuration information from the user, performs any required software updates and then configures the system based on the profile selected and the configuration data collected. This simplifies the whole setup and management process so the user does not have to manually edit any configuration files.

The baruwa-setup command is idempotent, meaning it safe to run multiple times and will only make changes if they are required. All future updates and configuration changes to the system should be done using the baruwa-setup command. The utility has a man page that documents all the options available.

A pass phrase is required to secure the authentication information that is collected.

Make sure you choose a strong pass phrase which is easy for you to remember but difficult to guess for others, a long sentence describing a personal experience is a good pass phrase.

To start the configuration process login to the server with the username root and the password you set during installation.

Then issue the baruwa-setup command at the command prompt:

baruwa-setup

The program will ask you to set a passphrase, enter the passphrase and press enter re-enter the same passphrase again to confirm. If the passphrase is accepted the System settings screen below will be displayed.

Warning

Do not loose this passphrase, there is no way to recover it. A reinstallation will be required if you loose the passphrase.

Note

In a cluster the passphrase should be the same on all the cluster members.

Note

Changes made to Cluster Wide Settings are not automatically propagated to front-end systems. You need to run baruwa-setup on the front-end systems to pickup and implement the Cluster Wide Settings changes made on this backend system.

System Settings

This screen configures the basic system settings. The description of the options is as follows:

Option Description
System Type Set this to Backend
FQDN Hostname This is the Fully qualified domain name This cannot be set to localhost
IP Address The system IP address usually detected
Activation Key Baruwa Enterprise Edition Activation Key
Timezone The system timezone, detected from the system configuration.
Enable clustering Check/Uncheck this to enable or disable backend segment Clustering
Enable Monitoring Check this to enable the Monitoring
../_images/backend-system-settings.png

Cluster Settings

Note

This screen is only displayed if enable clustering is checked on the System Settings page.

This screen sets backend segment cluster settings. The description of the options is as follows:

Option Description
Cluster Master Token
The cluster’s master token, this is generated on the
bootstrap server and it should be copied to other
members in the cluster.
Cluster Encryption Key
The cluster’s encryption key, this is generated on the
bootstrap server and it should be copied to the other
members in the cluster.
Setup as Bootstrap server
Check this on the first server to set it up as the
bootstrap server. You can only have one server setup as
a bootstrap server in a cluster.
Bootstrap server
The IP address of the bootstrap server, this is used on
the subsequent servers that are setup after the first
server.
../_images/backend-cluster-settings.png

Scanner Settings

Note

This screen is only displayed if Setup as Bootstrap server is checked on the Cluster Settings page or Enable clustering is unchecked on the System Settings page.

This screen sets the email scanner settings. The description of the options is as follows:

Option Description
Organization name
Enter a short identifying name for your organisation
this is used to make the X-Baruwa headers unique for
your organisation Multiple servers within one site
should use an identical value here. It must not
contain any spaces.
Organization full name
Enter the full name of your organisation, this is
used in the signature placed at the bottom of report
messages sent by Baruwa. It can include pretty much
any text you like. You can make the result span
several lines by including \n sequences in the text.
These will be replaced by line-breaks.
Use Shared Quarantine
Check this to enable Shared quarantine This
option is only displayed if enable clustering is
checked on the System Settings page.
Store clean mail
Check this if you want to store messages not tagged as
SPAM, Use this option only if it is legal in your country
Use Ramdisk
Check this to enable using a RAM disk for mail scanning
This makes scanning more efficient, but it uses 1GB of
RAM. Make sure you provision sufficient RAM.
../_images/cluster-scanner-settings.png

Management Settings

Note

This screen is only displayed if Setup as Bootstrap server is checked on the Cluster Settings page or Enable clustering is unchecked on the System Settings page.

This screen sets the management account settings, The description of the options is as follows:

Option Description
Username
Administrator username
Password
Administrator password, Only strong passwords will be
accepted use a service such as passwordsgenerators.net
to generate strong passwords
Confirm Password
Renter the Administrator password
Email Address
Administrator email address
../_images/baruwa-settings.png

Management Web Settings

Note

This screen is only displayed if Setup as Bootstrap server is checked on the Cluster Settings page or Enable clustering is unchecked on the System Settings page.

This screen sets the management web interface settings, The description of the options is as follows:

Option Description
Web Hostname
The hostname to be used to access the web interface
Enable Auth Modules
The external authentication modules to enable
../_images/cluster-web-settings.png

Management Web Additional Settings

Note

This screen is only displayed if Setup as Bootstrap server is checked on the Cluster Settings page or Enable clustering is unchecked on the System Settings page.

This screen sets the additional management web interface settings, The description of the options is as follows:

Option Description
Quarantine URL
This is default host url used in quarantine report
links, is overridden by domain settings.
Media URL
This can allow you to host media on a CDN or media
host, leave as default to serve of the same system.
Custom Name
This will replace all occurrences of Baruwa in the web
interface as well.
Custom URL
This creates links to your product page within the web
interface and email reports that are sent out.
../_images/web-additional-settings.png

Management Other Settings

This screen sets other management settings, The description of the options is as follows:

Option Description
Reports Email
The email address used to send out email reports
Send Reports At
The hour at which to send reports, this is localized
to the users location based on their timezone setting
Enable Backups
Enables or disabled the backup system [Baruwa Backups]
Enable Memcache
Enables or disables the Memcached cache system, when
disabled the builtin cache system will be used. The
builtin cache system is more efficient on standalone
systems
Enable SNMP Agent
Enables the SNMP Agent which makes the system status
available via SNMP. This option is ineffective if
monitoring has not been enabled.
../_images/backend-other-settings-ng.png

Database Settings

Note

This screen is only displayed if Setup as Bootstrap server is checked on the Cluster Settings page or Enable clustering is unchecked on the System Settings page and the -d or --detailed options are specified.

This screen sets database settings, The description of the options is as follows:

Option Description
Host
The database server IP Address
Port
The database port
Admin Password
The database admin user password, Only strong passwords
that do not contain the symbols ', ", @,
$, # and : will be accepted.
Confirm Admin Password
Confirm the database admin user password
../_images/backend-database-settings.png

Database Management User Settings

Note

This screen is only displayed if Setup as Bootstrap server is checked on the Cluster Settings page or Enable clustering is unchecked on the System Settings page and the -d or --detailed options are specified.

This screen sets database management user settings, The description of the options is as follows:

Option Description
Management DB Name
The name of the management database
Management User
The management database username
Management User Password
The management database user password, Only strong
passwords that do not contain the symbols ',
", @, #, $ and : will be accepted.
Confirm Management User Pass
Confirm the management database user password
../_images/backend-baruwa-settings.png

Database Bayes User Settings

Note

This screen is only displayed if Setup as Bootstrap server is checked on the Cluster Settings page or Enable clustering is unchecked on the System Settings page and the -d or --detailed options are specified.

This screen sets database bayes user settings, The description of the options is as follows:

Option Description
Bayes User
The bayes database username
Bayes User Password
The bayes database user password, Only strong passwords
that do not contain the symbols ', ", @,
#, $ and : will be accepted.
Confirm Bayes User Password
Confirm the bayes database user password
../_images/database-bayes-settings.png

Database Search User Settings

Note

This screen is only displayed if Setup as Bootstrap server is checked on the Cluster Settings page or Enable clustering is unchecked on the System Settings page and the -d or --detailed options are specified.

This screen sets database search user settings, The description of the options is as follows:

Option Description
Search User
The search database username
Search User Password
The search database user password, Only strong passwords
that do not contain the symbols ', ", @,
#, $ and : will be accepted.
Confirm Search User Password
Confirm the search database user password
../_images/database-sphinx-user.png

Message Queue Settings

Note

This screen is only displayed if Setup as Bootstrap server is checked on the Cluster Settings page or Enable clustering is unchecked on the System Settings page and the -d or --detailed options are specified.

This screen sets message queue settings, The description of the options is as follows:

Option Description
Host The message queue server IP address
Port The message queue server port
Username The message queue server username
Password The message queue server password
Confirm Password Confirm the message queue server password
../_images/mq-settings.png

Search Index Settings

Note

This screen is only displayed if Setup as Bootstrap server is checked on the Cluster Settings page or Enable clustering is unchecked on the System Settings page.

This screen sets search index settings, The description of the options is as follows:

Option Description
Enable Search
Enables Search functionality
Enable wildcard indexing
Enables Search wildcard indexing, Setting this to true
will generate very large index files.
../_images/full-search-index-ng.png

MTA Additional Settings

Note

This screen is only displayed if Setup as Bootstrap server is checked on the Cluster Settings page or Enable clustering is unchecked on the System Settings page.

This screen sets MTA additional settings, The description of the options is as follows:

Option Description
Enable Syslog Logging
Turns on MTA logging to syslog
Enable Subject Blocklist
Enable the blocking by subject functionality
Enable Anonymizer
Enable the Anonymizer functionality
Enable Global Signatures
Enable Global Signatures
Enable SPF Checks
Enable SPF checking functionality
Enable Reputation Protection
Enables functionality to block abusive outbound
SMTP requests
Enable RBLs
Select the SMTP time DNSBL’s to enable
Enable Reply-To Checks
Enable Empty Reply-To Checks
Enable DMARC Reports
Enable DMARC Reports
../_images/full-mta-settings2.png

MTA More Settings

Note

This screen is only displayed if Setup as Bootstrap server is checked on the Cluster Settings page or Enable clustering is unchecked on the System Settings page.

This screen sets MTA more settings, The description of the options is as follows:

Option Description
Enable SMTP callbacks
Enable SMTP Callback verification for senders who do
not have reverse DNS records configured.
Enable DANE
Enable the DANE protocol support.
Spamhaus Technology DQS Key
The key for enabling Spamhaus Data Query Service (DQS). This is recommended
but optional.
Abusix Mail Intelligence Key
The key for enabling Abusix Mail Intelligence. This is recommended
but optional.
Add Sender Header
Enable the adding of a Sender header to inbound messages
in cases where the envelope address is not the same as
the header “From:” address. This aids users in
identifying address forgery.
Disable Legacy SMTP TLS protocols
Disable the legacy SMTP TLS protocol versions TLS1.0 and
TLS1.1. Setting this option may prevent you from
receiving or sending mail to systems that do not yet
support TLS1.2 and above.
../_images/full-mta-settings3.png

Anti Virus Settings

Note

This screen is only displayed if Setup as Bootstrap server is checked on the Cluster Settings page or Enable clustering is unchecked on the System Settings page.

This screen sets anti virus settings, The description of the options is as follows:

Option Description
Enable Sane Signatures
ClamAV Unofficial Sane signatures to enable
Block Macros
Block documents that contain macros
../_images/av-settings.png

Note

This screen is only displayed if Setup as Bootstrap server is checked on the Cluster Settings page or Enable clustering is unchecked on the System Settings page.

MaxMind Settings

This screen sets the MaxMind Settings, The description of the options is as follows:

Option Description
MaxMind Account ID The MaxMind Account ID, refer to How do i get a Maxmind Account ID and License Key ?
MaxMind License Key The MaxMind License Key, refer to How do i get a Maxmind Account ID and License Key ?
../_images/maxmind.png

Setup Running

The baruwa-setup program will now ran the setup processes to configure the system. The processes include updating all the packages on the system. If a newer version of baruwa-setup is downloaded and installed, the process will reload the baruwa-setup command. When this happens a notification message with a 30 second countdown timer will be displayed and the baruwa-setup command will reload and display the initial (System Settings) screen. If this happens simply press the next button or the F12 key until you get to the Setup Running screen again.

At this point there is nothing left for you to do until the setup is complete. The program will update the screen with status information as well as logging it to /var/log/messages. If an error occurs the error information will be displayed until you press the enter button and the program will exit.

Warning

If an error occurs while running setup, DO NOT REINSTALL the system copy the error and contact support.

../_images/setup.png

Setup Complete

When the setup is complete the following screen will be displayed simply press enter and the program will exit

../_images/setup-complete.png

To ensure that all the settings are correctly applied reboot the server from the command line using the command:

reboot