Backend System
This setup installs all the backend components on to one server, the backend components that are installed are:
- Database Server
- Message Queue Server
- Search Index Server
- Cache Server [Optional]
This profile is used in the Single Backend Distributed Frontend and Single Backend Hybrid Frontend topologies.
Servers setup using this profile can be setup as a Bootstrap server.
Automated Configuration
Baruwa Enterprise Edition >= 2.0.7 uses an automated wizard based utility called baruwa-setup to configure, update and manage the system. On the first run this utility collects configuration information from the user, performs any required software updates and then configures the system based on the profile selected and the configuration data collected. This simplifies the whole setup and management process so the user does not have to manually edit any configuration files.
The baruwa-setup command is idempotent, meaning it safe to run multiple times and will only make changes if they are required. All future updates and configuration changes to the system should be done using the baruwa-setup command. The utility has a man page that documents all the options available.
A pass phrase is required to secure the authentication information that is collected.
Make sure you choose a strong pass phrase which is easy for you to remember but difficult to guess for others, a long sentence describing a personal experience is a good pass phrase.
To start the configuration process login to the server with the username root and
the password you set during installation.
Then issue the baruwa-setup command at the command prompt:
baruwa-setup
The program will ask you to set a passphrase, enter the passphrase and press enter re-enter the same passphrase again to confirm. If the passphrase is accepted the System settings screen below will be displayed.
Warning
Do not loose this passphrase, there is no way to recover it. A reinstallation will be required if you loose the passphrase.
Note
In a cluster the passphrase should be the same on all the cluster members.
Note
Changes made to Cluster Wide Settings are not automatically propagated to front-end systems. You need to run baruwa-setup on the front-end systems to pickup and implement the Cluster Wide Settings changes made on this backend system.
System Settings
This screen configures the basic system settings. The description of the options is as follows:
| Option | Description |
|---|---|
| System Type | Set this to Backend |
| FQDN Hostname | This is the Fully qualified domain name This cannot be set to localhost |
| IP Address | The system IP address usually detected |
| Activation Key | Baruwa Enterprise Edition Activation Key |
| Timezone | The system timezone, detected from the system configuration. |
| Enable clustering | Check/Uncheck this to enable or disable backend segment Clustering |
| Enable Monitoring | Check this to enable the Monitoring |
Cluster Settings
Note
This screen is only displayed if enable clustering is checked on
the System Settings page.
This screen sets backend segment cluster settings. The description of the options is as follows:
| Option | Description |
|---|---|
| Cluster Master Token | The cluster’s master token, this is generated on the
bootstrap server and it should be copied to other
members in the cluster.
|
| Cluster Encryption Key | The cluster’s encryption key, this is generated on the
bootstrap server and it should be copied to the other
members in the cluster.
|
| Setup as Bootstrap server | Check this on the first server to set it up as the
bootstrap server. You can only have one server setup as
a bootstrap server in a cluster.
|
| Bootstrap server | The IP address of the bootstrap server, this is used on
the subsequent servers that are setup after the first
server.
|
Scanner Settings
Note
This screen is only displayed if Setup as Bootstrap server is checked on
the Cluster Settings page or Enable clustering is unchecked on the
System Settings page.
This screen sets the email scanner settings. The description of the options is as follows:
| Option | Description |
|---|---|
| Organization name | Enter a short identifying name for your organisation
this is used to make the X-Baruwa headers unique for
your organisation Multiple servers within one site
should use an identical value here. It must not
contain any spaces.
|
| Organization full name | Enter the full name of your organisation, this is
used in the signature placed at the bottom of report
messages sent by Baruwa. It can include pretty much
any text you like. You can make the result span
several lines by including
\n sequences in the text.These will be replaced by line-breaks.
|
| Use Shared Quarantine | Check this to enable Shared quarantine This
option is only displayed if
enable clustering ischecked on the
System Settings page. |
| Store clean mail | Check this if you want to store messages not tagged as
SPAM, Use this option only if it is legal in your country
|
| Use Ramdisk | Check this to enable using a RAM disk for mail scanning
This makes scanning more efficient, but it uses 1GB of
RAM. Make sure you provision sufficient RAM.
|
Management Settings
Note
This screen is only displayed if Setup as Bootstrap server is checked on
the Cluster Settings page or Enable clustering is unchecked on the
System Settings page.
This screen sets the management account settings, The description of the options is as follows:
| Option | Description |
|---|---|
| Username | Administrator username
|
| Password | Administrator password, Only strong passwords will be
accepted use a service such as passwordsgenerators.net
to generate strong passwords
|
| Confirm Password | Renter the Administrator password
|
| Email Address | Administrator email address
|
Management Web Settings
Note
This screen is only displayed if Setup as Bootstrap server is checked on
the Cluster Settings page or Enable clustering is unchecked on the
System Settings page.
This screen sets the management web interface settings, The description of the options is as follows:
| Option | Description |
|---|---|
| Web Hostname | The hostname to be used to access the web interface
|
| Enable Auth Modules | The external authentication modules to enable
|
Management Web Additional Settings
Note
This screen is only displayed if Setup as Bootstrap server is checked on
the Cluster Settings page or Enable clustering is unchecked on the
System Settings page.
This screen sets the additional management web interface settings, The description of the options is as follows:
| Option | Description |
|---|---|
| Quarantine URL | This is default host url used in quarantine report
links, is overridden by domain settings.
|
| Media URL | This can allow you to host media on a CDN or media
host, leave as default to serve of the same system.
|
| Custom Name | This will replace all occurrences of Baruwa in the web
interface as well.
|
| Custom URL | This creates links to your product page within the web
interface and email reports that are sent out.
|
Management Other Settings
This screen sets other management settings, The description of the options is as follows:
| Option | Description |
|---|---|
| Reports Email | The email address used to send out email reports
|
| Send Reports At | The hour at which to send reports, this is localized
to the users location based on their timezone setting
|
| Enable Backups | Enables or disabled the backup system [Baruwa Backups]
|
| Enable Memcache | Enables or disables the Memcached cache system, when
disabled the builtin cache system will be used. The
builtin cache system is more efficient on standalone
systems
|
| Enable SNMP Agent | Enables the SNMP Agent which makes the system status
available via SNMP. This option is ineffective if
monitoring has not been enabled.
|
Database Settings
Note
This screen is only displayed if Setup as Bootstrap server is checked on
the Cluster Settings page or Enable clustering is unchecked on the
System Settings page and the -d or --detailed options are specified.
This screen sets database settings, The description of the options is as follows:
| Option | Description |
|---|---|
| Host | The database server IP Address
|
| Port | The database port
|
| Admin Password | The database admin user password, Only strong passwords
that do not contain the symbols
', ", @,$, # and : will be accepted. |
| Confirm Admin Password | Confirm the database admin user password
|
Database Management User Settings
Note
This screen is only displayed if Setup as Bootstrap server is checked on
the Cluster Settings page or Enable clustering is unchecked on the
System Settings page and the -d or --detailed options are specified.
This screen sets database management user settings, The description of the options is as follows:
| Option | Description |
|---|---|
| Management DB Name | The name of the management database
|
| Management User | The management database username
|
| Management User Password | The management database user password, Only strong
passwords that do not contain the symbols
',", @, #, $ and : will be accepted. |
| Confirm Management User Pass | Confirm the management database user password
|
Database Bayes User Settings
Note
This screen is only displayed if Setup as Bootstrap server is checked on
the Cluster Settings page or Enable clustering is unchecked on the
System Settings page and the -d or --detailed options are specified.
This screen sets database bayes user settings, The description of the options is as follows:
| Option | Description |
|---|---|
| Bayes User | The bayes database username
|
| Bayes User Password | The bayes database user password, Only strong passwords
that do not contain the symbols
', ", @,#, $ and : will be accepted. |
| Confirm Bayes User Password | Confirm the bayes database user password
|
Database Search User Settings
Note
This screen is only displayed if Setup as Bootstrap server is checked on
the Cluster Settings page or Enable clustering is unchecked on the
System Settings page and the -d or --detailed options are specified.
This screen sets database search user settings, The description of the options is as follows:
| Option | Description |
|---|---|
| Search User | The search database username
|
| Search User Password | The search database user password, Only strong passwords
that do not contain the symbols
', ", @,#, $ and : will be accepted. |
| Confirm Search User Password | Confirm the search database user password
|
Message Queue Settings
Note
This screen is only displayed if Setup as Bootstrap server is checked on
the Cluster Settings page or Enable clustering is unchecked on the
System Settings page and the -d or --detailed options are specified.
This screen sets message queue settings, The description of the options is as follows:
| Option | Description |
|---|---|
| Host | The message queue server IP address |
| Port | The message queue server port |
| Username | The message queue server username |
| Password | The message queue server password |
| Confirm Password | Confirm the message queue server password |
Search Index Settings
Note
This screen is only displayed if Setup as Bootstrap server is checked on
the Cluster Settings page or Enable clustering is unchecked on the
System Settings page.
This screen sets search index settings, The description of the options is as follows:
| Option | Description |
|---|---|
| Enable Search | Enables Search functionality
|
| Enable wildcard indexing | Enables Search wildcard indexing, Setting this to true
will generate very large index files.
|
MTA Additional Settings
Note
This screen is only displayed if Setup as Bootstrap server is checked on
the Cluster Settings page or Enable clustering is unchecked on the
System Settings page.
This screen sets MTA additional settings, The description of the options is as follows:
| Option | Description |
|---|---|
| Enable Syslog Logging | Turns on MTA logging to syslog
|
| Enable Subject Blocklist | Enable the blocking by subject functionality
|
| Enable Anonymizer | Enable the Anonymizer functionality
|
| Enable Global Signatures | Enable Global Signatures
|
| Enable SPF Checks | Enable SPF checking functionality
|
| Enable Reputation Protection | Enables functionality to block abusive outbound
SMTP requests
|
| Enable RBLs | Select the SMTP time DNSBL’s to enable
|
| Enable Reply-To Checks | Enable Empty Reply-To Checks
|
| Enable DMARC Reports | Enable DMARC Reports
|
MTA More Settings
Note
This screen is only displayed if Setup as Bootstrap server is checked on
the Cluster Settings page or Enable clustering is unchecked on the
System Settings page.
This screen sets MTA more settings, The description of the options is as follows:
| Option | Description |
|---|---|
| Enable SMTP callbacks | Enable SMTP Callback verification for senders who do
not have reverse DNS records configured.
|
| Enable DANE | Enable the DANE protocol support.
|
| Spamhaus Technology DQS Key | The key for enabling Spamhaus Data Query Service (DQS). This is recommended
but optional.
|
| Abusix Mail Intelligence Key | The key for enabling Abusix Mail Intelligence. This is recommended
but optional.
|
| Add Sender Header | Enable the adding of a Sender header to inbound messages
in cases where the envelope address is not the same as
the header “From:” address. This aids users in
identifying address forgery.
|
| Disable Legacy SMTP TLS protocols | Disable the legacy SMTP TLS protocol versions TLS1.0 and
TLS1.1. Setting this option may prevent you from
receiving or sending mail to systems that do not yet
support TLS1.2 and above.
|
Anti Virus Settings
Note
This screen is only displayed if Setup as Bootstrap server is checked on
the Cluster Settings page or Enable clustering is unchecked on the
System Settings page.
This screen sets anti virus settings, The description of the options is as follows:
| Option | Description |
|---|---|
| Enable Sane Signatures | ClamAV Unofficial Sane signatures to enable
|
| Block Macros | Block documents that contain macros
|
Note
This screen is only displayed if Setup as Bootstrap server is checked on
the Cluster Settings page or Enable clustering is unchecked on the
System Settings page.
MaxMind Settings
This screen sets the MaxMind Settings, The description of the options is as follows:
| Option | Description |
|---|---|
| MaxMind Account ID | The MaxMind Account ID, refer to How do i get a Maxmind Account ID and License Key ? |
| MaxMind License Key | The MaxMind License Key, refer to How do i get a Maxmind Account ID and License Key ? |
Setup Running
The baruwa-setup program will now ran the setup processes to configure
the system. The processes include updating all the packages on the system.
If a newer version of baruwa-setup is downloaded and installed, the
process will reload the baruwa-setup command. When this happens a
notification message with a 30 second countdown timer will be displayed
and the baruwa-setup command will reload and display the initial
(System Settings) screen. If this happens simply press the next
button or the F12 key until you get to the Setup Running screen
again.
At this point there is nothing left for you to do until the setup is complete.
The program will update the screen with status information as well as logging
it to /var/log/messages. If an error occurs the error information will be
displayed until you press the enter button and the program will exit.
Warning
If an error occurs while running setup, DO NOT REINSTALL the system copy
the error and contact support.
Setup Complete
When the setup is complete the following screen will be displayed simply press enter and the program will exit
To ensure that all the settings are correctly applied reboot the server
from the command line using the command:
reboot