BaruwaOS 6.9

New Features

Upstream Release

This release tracks the upstream base OS’s update 6.9. The release notes for the upstream OS can be found at on the upstreams website

Support for disabling SMTP TIME rejections

Some users prefer to accept all messages regardless of the Virus infection status and Spam characteristics and quarantine the messages to allow them to be accessed via the web interface.

We have added the Enable SMTP Time Rejection option to baruwa-setup to allow enabling and disabling rejection of messages at SMTP Time.

The recommended approach is to reject most messages at SMTP Time.

Support for disabling the DANE protocol

An option has been added to baruwa-setup to allow for the enabling and disabling the builtin DANE protocol support.

Improved Local Scores management

The management of spam rule local scores has been improved, it is now possible to set spam rule local scores to 0.0. It is also now possible to delete local scores.

Improved Sophos Integration

The more efficient SAVDI and SOPHIE integration option is now available for After SMTP time Anti-Virus scanning using Sophos Antivirus for Linux.

To enable POST SMTP Time Scanning, select the Sophos SAVID under virus checks in the MailScanner settings section of the interface.

Improved F-Prot Integration

It is now possible to perform SMTP time Anti-Virus scanning using F-Prot.

This option is documented at F-PROT

We implemented this using the FSCAND protocol and submitted the patch to the upstream. Our contribution was accepted and will be part of Exim 4.90. We have back ported the patch to Exim 4.89 for use in BaruwaOS.

Improved NTP Syncronization

This release has integrated the Chrony daemon to manage the network time sync function on the system. This replaces the cron driven ntpdate system we had in place. Chrony has several advantages over the traditional ntpd system shipped by default on most systems.

Improved Anti-Virus Signature updates

This release implements updates of custom ClamAV Anti-Virus signatures using the built in freshclam system using DatabaseCustomURL options that point to our mirror network.

Due to the above changes the clamav-unofficial-sigs package is thus depreciated and removed.

Improved Queue Monitoring support

With the introduction of the queuefile transport there are potentially 3 queues in Baruwa.

  • MTA queue
  • Inbound queue
  • Outbound queue

It is now possible to view the status of all the queues in the web interface. The MTA queue and Inbound queue are combined in the inbound queue view in the web interface.

It is also possible to monitor all the above queues both via NRPE and via SNMP.

The monitoring points configured for NRPE are the following.

  • MTA queue - exim_queue
  • Inbound queue - exim_scan_queue
  • Outbound queue - exim_outbound_queue

To enable monitoring of the MTA queues including the queuefile transport queue we built a brand new nrpe plugin called check_exim_queue and packaged as nagios-plugins-check-exim-queue.

Under SNMP the queues are available as

  • MTA queue - inboundq
  • Inbound queue - scanq
  • Outbound queue - outboundq

Improved Rate Limiting

In the previous versions it was not possible to rate limit hosts within CIDR networks, this version fixes that issue. Rate limiting will work correctly for relay hosts that are within a CIDR network configured for outbound relay.

Improved Brute Force Protection

MTA brute force SMTP password cracking protection has been furthe enhanced in this version to catch various tricks used by cracking software.

A new baruwa-unblock.sh command has been implemented for use in unblocking hosts and users that have been blocked by brute force protection and MTA reputation management.

The email generated when a sender has been blocked now includes instructions on how to use the baruwa-unblock.sh command to unblock the sender.

Depreciations

ntpdate removed

With the implementation of Chrony the ntpdate package has been depreciated and removed.

clamav-unofficial-sigs removed

Custom ClamAV signature updates are now handled by the built in freshclam system, the clamav-unofficial-sigs package is thus depreciated and removed.

Known Issues

ERROR with rpm_check_debug vs depsolve:’, ‘bind-libs = 32:9.8.2-0.47.rc1.el6_8.4 is needed by (installed) bind-32:9.8.2-0.47.rc1.el6_8.4.x86_64’

If you get the above error when running baruwa-setup then run the following commands before running baruwa-setup again:

yum erase bind -y
sed -i -e 's/nameserver 127.0.0.1/nameserver 8.8.8.8/' /etc/resolv.conf

Mail log entries containing ‘utf8 support required but not offered for forwarding’

If some messages are not being delivered an the logs contain the above error run the following commands:

echo "smtputf8_advertise_hosts =" >> /etc/exim/custom-vars.post
service mailscanner restart