BaruwaOS 6.8.1

New Features

Queuefile Transport support

BaruwaOS now uses the queuefile transport to queue messages for scanning.

IDNA support

BaruwaOS now supports IDNA. Internationalized domain names can now be configured on the system and translation is automatically handled. Most functions in the web interface that use domain names and host names now have IDNA support.

This feature is still a technology preview so may be rough around the edges.

MTA improvements

The MTA has added support for the following as technology previews.

DANE protocol support

BaruwaOS now supports the DANE protocol both in client and server mode. This feature is still a technology preview so may be rough around the edges.

To better support DNSSEC on BaruwaOS, the Bind DNS caching server has been replaced with the Unbound caching server. Forward zones configured for the Bind server will automatically be migrated by the baruwa-setup command.

Improved outbound relaying

This version improves upon the outbound relaying functionality within BaruwaOS.

The following issues have been fixed.

  • SPF checking on outbound messages fails
  • DNSBL checks run on outbound connections authenticated via SMTP-AUTH
  • IPv6 Addresses not working when configured as relay clients.

Starting with this version, servers relaying through Baruwa will no longer trigger SPF failures.

Starting with this version, users connecting via SMTP-AUTH will not have their IP addresses checked on DNSBL’s, this will allow for users from SOHO with dynamic network addresses to relay mail via Baruwa servers.

IPv6 relay clients will now be able to relay via Baruwa servers.

Improved IPv6 support

Note

NOTE: Accepting of external mail via IPv6 addresses is discouraged as our data feeds do not yet adequetly track IPv6 spam sources.

The handling of IPv6 addresses has been further enhanced in this version.

It is now possible to add IPv6 addresses to the Approved and Banned sender lists.

It is also possible to configure IPv6 addresses as relay clients.

It is now possible to proxy IPv6 connections to Baruwa servers.

Various bugs related to handling of IPv6 addresses were fixed in this update.

Blocking of Macros

baruwa-setup now has an option to enable the blocking of messages that contain macros. Messages containing documents with macros will be blocked by the ClamAV engine. The signature that will be matched is Heuristics.OLE2.ContainsMacros.

Improved Sophos Integration

The more efficient SAVDI and SOPHIE integration option is now available for SMTP time Anti-Virus scanning using Sophos Antivirus for Linux. This option is documented at Sophos SAVID

Depreciations

Bind

The Bind DNS caching server has been replaced by the Unbound DNS caching server.

This means the way forward zones are configured has changed. Forward zones now need to be configured based on the Unbound format.

Existing zones added to the previous Bind server will be automatically migrated to Unbound format by the baruwa-setup tool.

New zones can be added to /etc/unbound/conf.d/local.conf. Please refer to the Unbound documentation for in depth information.

SMTP Sender Callback verification

The use of SMTP callbacks to verify the existense of email accounts when the senders reverse DNS record does not exist has now been depreciated.

Scanner Spam Lists

The use of Scanner Spam Lists (Settings > MailScanner Settings > Spam Checks > Spam List) is depreciated. Please do not enable those entries. If you have them enabled, please deselect them.

This option will be removed in the next release.

Scanner Spam Domain Lists

The use of Scanner Spam Domain Lists (Settings > MailScanner Settings > Spam Checks > Spam Domain List) is depreciated. Please do not enable those entries. If you have them enabled, please deselect them.

This option will be removed in the next release.

Known Issues

Queue Changes

Due to the switch to the queuefile transport mail received before or during the upgrade may not be processed. In order to ensure that no mail is left unprocessed or lost, messages need to be copied from the old queue into the new queue.

This is a manual process and can be done using the process below:

service mailscanner stop
mv -vf /var/spool/exim.in/input/* /var/spool/exim.in/baruwa/input/
service mailscanner start

The messages should now be processed correctly.

OLE2BlockMacros: Pattern not found

If you encounter that error then ran:

mv /etc/clamd.conf.rpmnew /etc/clamd.conf

If that does not resolve the issue, then find the line OLE2BlockMacros in /etc/clamd.conf and comment it out.

Out of memory Errors

The upgrade process may crush on virtual systems with less than 6GB of RAM. Please ensure that you have >= 6GB of RAM prior to upgrading your system.