BlueOnyx Shop: Updated PKGs
Several updated PKGs have been published to the BlueOnyx Shop today and we would like to let you know about the changes and enhancements that were made.
AV-SPAM v6.1.0 is available for BlueOnyx 5207R, 5208R and 5209R
AV-SPAM v6.0.0 is available for BlueOnyx 5106R, 5107R and 5208R
New Features in AV-Spam v6.1:
- Milter GeoIP to prevent SMTP-Auth logins and/or SMTP connections from undesired countries.
- Milter GeoIP based email traffic accounting to report and limit how many emails Vsites and Users can send.
What is Milter-GeoIP?
One of the key problems of operating an email server (aside from inbound SPAM or Virii) are of course the risks that the server is used to send SPAM. Even if you take all sensible precautions: A clients home or office computer could get compromised to send SPAM via your server, using the clients login details. Or someone "guessed", brute forced or stole the login details of one of your users. Or a weak PHP or Perl script hosted on one of the Vsites gets compromised and is used to send SPAM. Often you don't realize this until the point where it's already way too late.
But no more!
Milter-GeoIP offers two additional lines of defense with which you can prevent this and/or with which you will get notified once something like this happens. The first line of defense is that you can block access to SMTP-Auth and/or SMTP with GeoIP. IP addresses from undesired countries can no longer use SMTP-Auth or SMTP on your server. Should a successful SMTP-Auth login happen from a forbidden country, then you can either block the access, or you can take it one step further and automatically suspend the account in question to prevent further damage.
The second line of defense is that Milter-GeoIP does exact traffic accounting for inbound and outbound email volumes on a per site and per user basis. If a virtual site (or a user belonging to a virtual site) sends more emails per day than allowed? In that case you will receive a warning message by Active Monitor. Additionally: If a virtual site (or a user of a virtual site) has sent more emails per day than allowed, then no further emails can be sent by the affected user(s) and they receive a distinct and informative error message by their email client.
These limits can be configured for system users, virtual sites and virtual site users. The traffic accounting, reporting and blocking also takes emails into account that were sent by scripts.
Milter-GeoIP was developed by Solarspeed.net and has been specifically designed for BlueOnyx and the needs of BlueOnyx server administrators.
New Features in AV-Spam v6 (also included in 6.1):
- Milter Greylist: Updated to v4.4.3
- SpamAssassin: Updated to v3.4.0
- GUI for BlueOnyx 5106R, 5107R, 5108R, 5207R and 5208R
- Tighter GUI integration via BlueOnyx modules
- Ability to edit Milter-Greylist settings
- Automatic setup and configuration of the MySQL-backend
APF Firewall (v6.0.0)
Advanced Policy Firewall (APF) with GeoIP SSH protection
APF is an iptables(netfilter) based command line driven firewall. We modified it to work out of the box on BlueOnyx (all versions) and included native BlueOnyx GUI pages to administer the most common options of APF. Furthermore an Active Monitor component is included, which monitors APF and reports any firewall outages or problems.
Additionally this package includes a GUI extension that allows to protect SSH with GeoIP. If that feature is enabled, then access to SSH is only possible from IP addresses that (according to the GeoIP database) originate in one of the countries that you allow to access SSH.
APF works very well together with DFIX2. If both are installed, then DFIX2 will use APF to create dynamic blocks on unwanted or suspicious activity. These dynamic blocks can then also be managed through the GUI pages of APF.
- APF updated to the latest version (v9.7-2)
- GUI to edit the most common APF Settings
- SSH protection with GeoIP (editable through GUI)
- Active Monitor Component
All BlueOnyx versions. The GUI for 5207R, 5208R and 5209R is a bit more detailed, though.
DFIX 2 was created as an enhanced version of the previously released free package. The new product performs event correlation across multiple sources within your server. Event correlation is a procedure where a stream of events is processed, in order to detect (and act on) certain event groups that occur within predefined time windows. The correlation is executed based on rules or signatures that are used by the engine.
DFIX 2 reads data from input sources, matches the data with patterns (like regular expressions or Perl subroutines) for recognizing input events, and correlates events according to the rules in its rule files. DFIX 2 can then maintains firewall rules to block attacks, and produces a log file to record all intrusion activity.
- GUI to enable/disable DFIX2
- Active Monitor Component
- Integration with APF. If APF is present, DFIX2 will use it to generate temporary blocks. These blocked IP addresses can then be seen (and edited) in the APF management GUI pages on Chorizo enabled servers.
Other updated PKGs:
All GUI input fields in the Chorizo GUI of this PKG that previously only allowed a username as input now allow either a username or email addess as valid input.
Fix of several post-install issues.