Primary links


MailWasher Enterprise Server Help/FAQ's - Linux

INSTALLATION INSTRUCTIONS

Contents


Quick Overview

MailWasher Enterprise Server (MWES) works as a proxy, meaning it sits in front of your mail server collecting and processing all incoming mail. You will notice a significant reduction spam along with reduced load on your mail server when MWES is installed and working. MWES can also plug in to Sendmail via the Sendmail Milter


Download

Download MailWasher Enterprise Server (MWES) for Linux. MWES may be used with any mail server such as Sendmail, Postfix, QMail, Exim etc.

Installation

1. cd mwes-xxxx

2. Run script ./install as "root"

3. By default a 30 day trial period is setup on installation. This can be changed on the license screen. Please note, you do not need to enter any username and password for the trial account.

On completing the installation, a browser window will launch taking you to your login screen http://[company.site]:4044

The default login is:

UserID: admin
Password: password

4. You will need to add any domains used at settings>>Domains, to prevent your network appearing as an open relay.

5. Access Ports

Please make sure you have not firewalled these ports

4044 - Web interface
25 - Smtp
4051 - First Alert

6. Final step

MWES can be used as a Sendmail Milter or Proxy.

  • Sendmail Milter setup can be used with Sendmail or Postfix and allows one instance of MWES to talk to many instances of Sendmail or Postfix, ie. it is more scalable.
  • Proxy setup will work with any MTA i.e. "Sendmail, Postfix, Qmail, Exim etc." and allows one instance of MWES to talk to one instance of the MTA. The Proxy setup will significantly reduce the load on your mail server. The Proxy setup does not currently support SSL/TLS. Clients have to use Plain Authentication.

Follow the steps below for each setup.

 

Proxy Setup

Change the following in the /etc/mwes.conf file to suit your environment.

Example if both mwes(proxy) and your MTA(relay) are on the same machine.

1. Change your MTA (relay) smtp port to 26 and restart.
2. Change mwes(proxy) /etc/mwes.conf use_mta_proxy=1

then restart mwes

Example:

# MTA Proxy information

use_mta_proxy=1 (1 to enable 0 to disable)
mta_port=25 (Don't change this)
mta_hostname=

# MTA Relay information

mta_relay_hostname=localhost (localhost or enter local IP)
mta_relay_port=26 (MTA e.g. Sendmail "Daemon Option Port=26" in /etc/mail/sendmail.cf)

 

Sendmail Milter setup

1. Edit sendmail.mc add the following

INPUT_MAIL_FILTER(`mailwasher_server', `S=unix:/var/run/mwes/mpd.sock, F=T, T=S:4m;R:4m')dnl define(`confINPUT_MAIL_FILTERS', `mailwasher_server)dnl

2. Create sendmail.cf file

m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf

3. Start mwes

4. Start Sendmail

Note. mwes must be running before sendmail

MWES default location

Config File location: /etc/mwes.conf
Application location: /opt/mwes
Log file location: /var/log/mwes


Upgrading

Sendmail Milter:

1. Need to completely uninstall 2.4.3 or older version before installing later releases.
2. Later versions can be uninstalled using "Uninstall" script.
3. Download and Install new version (For instllation refer to Installation Section).

Proxy:

1. Download and Untar current release
2. Stop mwes service
3. cd mwes.xxx
4. Run ./install script it will automatically upgrade related files.
5. Start mwes

Note: No need to restart MTA


Uninstall

Users running 2.4.3 or older version should follow the uninstall instructions

Later versions can be uninstalled using "Uninstall" script.

1. cd mwes-xxxx
2. Run script ./uninstall as "root"


Start and Stop

/etc/init.d/mwesd [start/stop]

Kill -3 "mwes pid" shall be used to kill the process NOT "kill -9" and start mwes


USING MAILWASHER ENTERPRISE SERVER

Contents


Running MailWasher Enterprise Server for the first time.

By default a 30 day trial period is setup on installation. This can be changed on the license screen. Please note, you do not need to enter any username and password for the trial account.

On completing the installation, a browser window will launch taking you to your login screen http://[company.site]:4044



Login

The default login is:

UserID: admin
Password: password

Please login and change this to something more secure. This can be found in the "settings"->"admin details". This account will allow you to control the administration priviliges. Do not give this out to users.


Monitor screen

The monitor screen shows statistics of how mail is processed

  • Processed: Indicates how many emails have been processed.
  • Emails(ok): Emails which have passed through all filters except graylisting.
  • FA: Emails stopped by Firetrust's FirstAlert signature database.
  • RBL: Emails stopped by real-time blackhole lists.
  • Blacklisted: Emails stopped by the blacklist.
  • Custom filter: Emails stopped by custom filters.
  • FA(IP): Emails stopped by FirstAlert which are using the same IP as known spam.
  • SPF(lite): Not yet implemented.
  • Gray listed: Emails which have been gray listed.
  • Gray listed(ok): Emails which have been let through graylisting.
  • Empty Email Body: Emails stopped with an empty body.
  • Uploaded: Emails caught by RBL's and greylisted older than 2 hours are uploaded to FirstAlert..



Action screen

You'll need to decide how you want spam to be dealt with. There are two options.

  1. Quarantine: Sent straight to a quarantine section and managed inside a web browser, or
  2. Pass through: Spam headers are marked with 'X-MWES-status: Spam' and delivered to end-users to be filtered in their email client.

Greylisting is another option and stops a lot of spam. Greylisting works by temporarily failing an email and once the sending MTA re-sends the email, it is let through. Since much spam is forged and sent via compromised computers, it is not re-sent and thus does not get past the grey listing filter. See the greylisting section for more information.

Quarantine and greylisting options are enabled by default.



Adding Users

Adding users allows end-users access to the quarantine and greylisting screens via a web browser so they can view their blocked email and if necessary, rescue the blocked email so it is delivered to their inbox.

You'll need to decide if you want to enable:

  1. Global quarantine access: All users are given the same login to the quarantine area to search for their blocked email. Only the from: and subject: are visible and any rescued email is sent to the original recipient.
  2. Individual quarantine access: Each user has their own unique login to the quarantine area and they can only search for their own blocked email and any aliases which have been setup for them. Any rescued email is sent back to their inbox.

Setup a global user login

If a user account is created with a username and password, but with no email address, that account becomes a global quarantine account and all users will use that same quarantine screen to search for their blocked email.

One global user is setup (no email addresses are entered)


Anyone can search for their email from the same quarantine screen


Setup an individual user login

Individual user logins are created by creating a username and password, along with adding the users email address and any other aliases they use. When a user logs in to the quarantine area they will only be able to search for blocked email addressed to themselves.

User setup with aliases


Individual User Quarantine Account Login - User can view their quarantined email



Quarantine screen

After login, you'll be taken to the Quarantine screen where you can search for emails and if necessary, rescue them. All rescued emails are sent to the original recipient.

This quarantine screen is available to the end-users via login to a web browser so they can search for blocked email using a number of search criteria:

  • The From: field
  • The To: field
  • The Subject
  • The date

By default, when a user logs in they will see the last 50 emails which have been blocked

If a user finds an email which they want to rescue, they click the 'rescue' link and that email is delivered to their inbox. The from: email address is automatically added to the friendlist so it is not blocked in the future. The rescued email is shown in green in the quarantine screen for easy reference.



Greylisting

Greylisting is an effective tool to stop spam by sending a temporary fail back to the sender of the message. If the sender is sent via a valid MTA, the message is re-sent and MWES will let it through. If the message is not sent from a valid MTA it is not delivered and left in the MWES greylisting quarantine area.

Greylisting is enabled by default in Settings>>Action

NOTE: Valid messages can be delayed by up to 15 minutes using this method since the sending MTA has to re-send the message. You can always check the quarantine>>greylisting area to see which messages are due to be resent, and thus rescue them in which case they will be added to the whitelist. See below, the three light grey messages at the top are within the 15 minute time period to be re-sent. One an email sender has been let through, they are let through instantly next time they send something.



Whitelists

You can setup a whitelist which will allow any email address on the whitelist to bypass all the spam filters.

Note: You don't need to add your email address or domain to the whitelist, as MWES will detect that you're working from a local LAN. Spammers frequently use your own email address to bypass filters, so leave them off the whitelist.

Note:You can also use wildcards like '@company.com' in the whitelist.


The IP Whitelist is automatically populated by the greylisting feature when an email is rescued. In this case the domain and IP address is added so those emails are let through automatically next time.



Blacklist, RBL's and custom filters

Blacklist

You can setup a blacklist which will stop any email with that blacklisted email address from passing to end users inboxes.

Note:You can also use wildcards like '@company.com' in the blacklist.


Real-time blacklist services (RBL's)

RBL's are used to block known sources of spam. MWES supports both URL and IP based lists and includes an RBL from www.spamhaus.org by default (zen.spamhaus.org).


Custom filters

You can also add custom filters using text or regular expressions to block unwanted email. You'll find some sample filters in the intallation directory called 'CustomSpamFilter.xml' which you can import. (Importing will not create duplicates).

Regular Expression engine from www.regexlab.com



Product License

After the 30 day free trial is finished, if you want to keep MWES you must purchase a user license appropriate for the number of users you have.

Once you have purchased the license you will be sent a username and password. Enter these details in to the Settings>>Product License screen to continue using MWES.



Admin details

The Admin Details screen is used for the administrator to change their username and password to access the software.



TROUBLESHOOTING

If you find a problem, please contact us at nick.bolton@firetrust.com

There's also the forum for any questions.


MISCELLANEOUS

Linux users can add these option in the mwes.conf file

Linux: /etc/mwes.conf

If changed, restart service/daemon.

Database location

database_location=/opt/mwes

Default page after login

default_page Quarantined.srv

Location of installed files

home

Web server details

root_document=/opt/mwes/mwes/
listen_port=4044
hostname=localhost

Change the logging level

If you want to change the logging level. Default is 2 (normal)

0 = Full
1 = Partial
2 = Normal
3 = Warnings
4 = Errors

log_level=2

Location of logs

logging

Proxy configuration

Details show the port and location of MWES proxy
use_mta_proxy=1
mta_port=25
mta_hostname=

Change the location and port where MWES sees the MTA

MTA Relay is used to show the location and port of your MTA. Defaults are shown below.
mta_relay_hostname=localhost
mta_relay_port=26

FirstAlert cache size information.

This is used to cache already checked spam to reduce the number of external checks.
cfs_max_cache_size=20000

RBL cache size information.

This is used to cache already checked spam to reduce the number of external checks.
rbl_max_cache_size=20000

Use working domains to stop open relay

use_check_domains=1
# If set = 1 this stops your MTA appearing as an open relay by checking the list of your working domains.
# If set = 0 will let all email through without checking your working domains. (ie. it will filter everything instead of distinguishing between internal and external email). You'll just need to make sure your MTA is configured to not appear as an open relay.

Ignore MTA Authentication

use_mta_authentication=1

# If set =1 then all emails authenticated by MTA are safe and will not be filtered.
# If set =0 then MTA Authentication is ignored and all emails pass through filters.

Don't check local email

use_is_routable=1
# If set = 1 to not check your local mail going out.
# If set = 0 to check your local mail going out.

Milter specific settings

milter_port=inet:4049@localhost
milter_port=unix:/home/mws/mws.sock
milter_timeout=600
milter_pass_through=1

Discard empty email's.

Emails without a body are discarded.
discard_empty_emails=1
# If set = 1, emails with empty bodies are discarded
# If set = 0, emails with empty bodies are passed through for filtering

Search www.firetrust.com


Support

MailWasher Pro

FirstAlert!

SiteHound

Benign

Encrypt

MailWasher Enterprise Server

MailWasher Server - Open Source

Other


User Comments

...This excellent software makes using the Internet and email productive again. Simple to use and set-up, yet incredibly powerful in its application. I'm happy to recommend this product to anyone that doesn't want to waste time with spam."

 

Bob Partridge, VetHospital.co.uk

Even though I have a very technical background, I couldn't believe how easy this product was to configure. Nice work and thanks again for the speedy response.

DS

...on my test mail server it appears that MWES places an extremely low load on the server. It really is quite impressive what you have achieved with it.

Chris H

We're becoming some of your biggest fans over here - MailWasher Server is a great product.

JS

...I was delighted that Mail Washer "did what it said on the can"!!!

Darren

Hi! I just started using Mailwasher Server and I am very surprised about the quality. Please keep up the good work.

HD

I've tested a decent number of anti-spam gateway products in the past, and honestly I just haven't been satisfied with them. They are either inaccurate, hard to use, hard to set up, or worse. Thanks for making this great product available.

Jim S