Technical Faqs

Answers to many common technical questions.

How do i request a new feature ?

Answer: Use the issue tracker

Open a feature request on the issue tracker

How do i report a non security bug ?

Answer: Use the issue tracker

Open a bug report on the issue tracker

How do i report a security bug ?

Answer: Email security@baruwa.com

If you think you’ve found a security vulnerability with Baruwa, please send a message to security@baruwa.com. Do NOT post a bug report to our issue tracking system or disclose the issue on our mailing lists.

How do i tailor Baruwa Enterprise Edition to my specific needs ?

Refer to the Customization section.

Can i manage Baruwa Enterprise Edition servers without using baruwa-setup ?

Answer: Yes

Yes you can, you can choose to do the configuration manually or using a configuration management too. SaltStack can be used easily as we provide salt states which are used by baruwa-setup in the background. You could also convert this states to a different configuration management tool.

How do i rebrand Baruwa Enterprise Edition servers ?

Refer to the Themes section, note that if you would like to remove the powered by notices you need to purchase a branding license.

Why can i download rpm or deb packages to install on my system ?

We no longer provide packages, the solution is now packaged as a custom OS.

What are the settings i should use to configure LDAP/AD ?

The short answer is if you are asking, you probably should not be using LDAP/AD as you could inadvertently open yourself up to security holes.

The long answer is all LDAP directories are not setup in the same way, so there is no one size fits all configuration we can provide.

It is advisable you create an account with very limited privileges in the directory to use for the LDAP operations and bind as that account.

The following are common configurations that you could attempt.

Setting Description Active Directory OpenLDAP
Base DN The location within the directory to start searching dc=domain,dc=com dc=domain,dc=com
Username Attribute The directory attribute in which the username is stored samAccountName, userPrincipalName uid
Email attribute The directory attribute in which the email address is stored mail mail
Bind DN The DN to bind as to perform operations cn=Administrator,cn=users,dc=domain,dc=com, Administrator@domain.com cn=root,dc=domain,dc=com
Bind password The password for the Bind DN    
Use TLS Use the STARTTLS option    
Search for userDN Search for the userDN to bind to Yes in most cases No in most cases
Email Search Filter The filter used to locate email addresses in an entry (|(proxyAddresses=SMTP:%u@%d) (proxyAddress=smtp:%u@%d)(mail=%u@%d)) mail=%u@%d

Which MTA does Baruwa Enterprise use ?

Answer: Exim

Baruwa Enterprise uses a customized version of the Exim MTA

SMTP AUTH on port 25 no longer works, why ?

SMTP AUTH is no longer offered on port 25 starting with BaruwaOS 6.7.4. The reason for this is documented in the release notes at SMTP Authentication

How do i allow attachments blocked by content protection through ?

You can clone the default built in content protection ruleset and then you can disable or alter the rule that is blocking the file. You can then either assign your new custom ruleset to either the domain in question or globally if you want the change across the system.

More information on what content protection is and how to manage it is available in the following sections of the documentation

How do i create a content protection policy for a sender ?

The content protection policies that are managed via the web interface can be assigned to domains or globally. This means that the policy will apply to all senders to the recipient domain in case of assignment to a domain or all senders to all domains in case of global assignment.

To set a granualer content protection policy you need to use the customization system which requires manual setup via the command line.

Create a policy from a sender to all recipients

To setup a content protection policy for a sender you need to follow the process below.

The example below uses sender@senderdomain.com as the sender we are configuring the policy for, change this to your specific sender. Wildcards "*" can be used as well for example *@senderdomain.com.

  1. Login to your server and go to Settings -> Content protection -> File policies.

  2. Click clone policy -> change policy name to sender-name-policy or a name of your choice -> Clone policy

  3. Click actions (sender-name-policy) check enabled -> Update policy

  4. Make the changes you want to the specific rules you want to disable or add new rules you want to include

  5. SSH into the server as root user

  6. Create the file /etc/MailScanner/baruwa/rules/filename.rules.local with the following contents:

    From:       sender@senderdomain.com /etc/MailScanner/baruwa/rules/sender-name-policy-policy.conf
    
  7. Run the command paster update-rulesets to merge your rules

  8. Restart the scanner process service mailscanner restart

  9. Run baruwa-logs to check for rule errors.

Create a policy from a sender to a specific recipient

To setup a content protection policy from a sender to a specific recipient, you need to follow the process below.

The example below uses sender@senderdomain.com as the sender and recipient@recipientdomain.com as the recipient. Change these for your specific use case. Wildcards "*" are supported for example *@senderdomain.com or *@recipientdomain.com

  1. Login to your server and go to Settings -> Content protection -> File policies.

  2. Click clone policy -> change policy name to sender-to-recipient-name-policy or a name of your choice -> Clone policy

  3. Click actions (sender-to-recipient-name-policy) check enabled -> Update policy

  4. Make the changes you want to the specific rules you want to disable or add new rules you want to include

  5. SSH into the server as root user

  6. Create the file /etc/MailScanner/baruwa/rules/filename.rules.local with the following contents:

    From:   sender@senderdomain.com and     To:     recipient@recipientdomain.com   /etc/MailScanner/baruwa/rules/sender-to-recipient-name-policy.conf
    
  7. Run the command paster update-rulesets to merge your rules

  8. Restart the scanner process service mailscanner restart

  9. Run baruwa-logs to check for rule errors.

How do i add a default delivery server ?

In Baruwa default delivery servers are called Fallback servers and they can be added to an Organization. Any domain in the Organization which does not have a delivery server configured will use the Fallback servers configured for that organization.

Refer to Fallback servers for more info.

How do i uninstall Baruwa Enterprise Edition ?

Baruwa Enterprise Edition is an operating system not an application, to remove it from your computer system you need to reformat the hard drive and install a different operating system.

How do i remove Baruwa ?

Refer to How do i uninstall Baruwa Enterprise Edition ?

My messages match ClamAV signature Heuristics.OLE2.ContainsMacros, how do i allow them through ?

The message contains an attachment that contains macros and you have configured the system to block documents with macros. You can disable blocking of documents containing macros for users, domains or outbound relay clients.

Baruwa is rejecting messages at SMTP time but i would like the messages available in the interface

To prevent messages from being rejected at SMTP time, you need to turn off the Enable SMTP Time Rejection option in baruwa-setup.

I want all messages logged regardless of status, what do i do ?

You need to turn off the Enable SMTP Time Rejection option in baruwa-setup.

How do i enable remote technical support access ?

We use SSH Keys to access your system, need to install our ssh key below to the authorized_keys file of the account you want us to access. We require access to accounts with root privileges either as root directly or via an account with sudo access to root.

You can restrict access on your firewall to our remote support system: support.baruwa.com (84.200.48.209)

SSH KEY

# == start key
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC86+4YcvrDXdBFkrxtQnNGNXJ8ccqcbecs//qw8B/ltwLvLL0VXeS0m1dimlzw4gXz4U4q+ZxFBzMPJgje5JnFFa75PaYDTwJ/ZQeE/j85uEVJB4WFXFbqMbFUBYFP13y3HLVQ/eaX+OdPnRlyJU03pwgPo9kSnaO4x7aJyM9WiFLSQW/WB6n7nJtHqLXAqYrpjLL3ivR9icr04Zmql6+wU3fWRAWr4Mu4UcKh5ko4SsZk+DzbhSUnQ8IuCzOU39j3tx2Xbvm0rRCYZjje0jrjPiX88Dpk2C3CWBTU8tawssEZ7g1zc0a0wUGeBiTYKlXGSpy5hCNK725mQtvxeAZ/fbN87CFdC1UWyxExVSgiKJJu8Fmmp95QJGRfb+dmBGLcfsakaBvPtE2IE50uiMpb/iziTYr9hhJuXtnn8lJFlNGlxDurjvKj6BZ/wbmupYe4mkMt/JJFzgD9ZLsM1/ph66a8u1U0pz1cd/tZUsMrjQ5E5cKd4VPX+9DMgZugzXU0HA0CrsAm4eU7ukNbhA3u1MR12NYO4v+ytS/VtWWMBninlHABlE5A34E0FSUU9lNdSAG9k7diiX096m4WOPtahTec9QML7AZ7CXVA0FlRSEbMREiUFKEPpb5YP0owAkAsdmFKCmfG4FbBs8tCRouY/pcdi4GjgudLxN8QRiqKUQ== enterprise-support@support.baruwa.com
# == end key