Discussion:
[Maia-users] Plan to build a new mailguard server
jjs - mainphrame
2015-07-28 18:26:34 UTC
Permalink
Greetings -

It's been a few years since I've built a mailguard server, but I'm now in a
new environment where spam management is sorely needed.

What is the preferred linux distro for mailguard deployment, or does it
matter? What is the most up to date yet fully functional version of
mailguard today?

We've deployed a number of them over the years, but the most recent build
we did was an unofficial 1.0.3 back in 2013.

Would the current svn repo provide a good starting point? If not, what
particular version is recommended?

Thanks & Regards,

Joe
Joshua Small
2015-07-28 22:47:02 UTC
Permalink
Hi,

The more modern fork is obtainable at this address:

https://github.com/technion/maia_mailguard

I recommend and CentOS 7, however I’m aware several platforms have been tested.

From: Maia-users [mailto:maia-users-***@renaissoft.com] On Behalf Of jjs - mainphrame
Sent: Wednesday, 29 July 2015 4:27 AM
To: maia-***@renaissoft.com
Subject: [Maia-users] Plan to build a new mailguard server

Greetings -

It's been a few years since I've built a mailguard server, but I'm now in a new environment where spam management is sorely needed.

What is the preferred linux distro for mailguard deployment, or does it matter? What is the most up to date yet fully functional version of mailguard today?

We've deployed a number of them over the years, but the most recent build we did was an unofficial 1.0.3 back in 2013.

Would the current svn repo provide a good starting point? If not, what particular version is recommended?

Thanks & Regards,

Joe
jjs - mainphrame
2015-07-28 22:53:00 UTC
Permalink
Joshua,

Thanks for the lead. I just happened to fire up a new Centos 7 server to
play with openvz 7.

I'll see what it will take to get the modern fork up and running in a
Centos 7 VE.

Joe
Post by Joshua Small
Hi,
https://github.com/technion/maia_mailguard
I recommend and CentOS 7, however I’m aware several platforms have been tested.
Of *jjs - mainphrame
*Sent:* Wednesday, 29 July 2015 4:27 AM
*Subject:* [Maia-users] Plan to build a new mailguard server
Greetings -
It's been a few years since I've built a mailguard server, but I'm now in
a new environment where spam management is sorely needed.
What is the preferred linux distro for mailguard deployment, or does it
matter? What is the most up to date yet fully functional version of
mailguard today?
We've deployed a number of them over the years, but the most recent build
we did was an unofficial 1.0.3 back in 2013.
Would the current svn repo provide a good starting point? If not, what
particular version is recommended?
Thanks & Regards,
Joe
David Newman
2015-07-29 19:23:18 UTC
Permalink
A promising maia login screen appears, but accessing
the login.php?super=register link leads only to a login failure.
In pho-postfix (which uses Maia), that initial login must be from the
full email address of a currently existing virtual user.

pho-postfix start page:

http://www.purplehat.org/?page_id=4

Maia setup page, requires all preceding steps:

http://www.purplehat.org/?page_id=199

pho-postfix uses FreeBSD, so file locations will differ from CentOS, but
Maia setup is similar.

dn
jjs - mainphrame
2015-07-29 19:36:41 UTC
Permalink
David,

just as a sanity check, I'd set up a 1.0.3 server and the internal-init
worked just as I remembered it.

However, I'd really like to get up and running with 1.0.4, so thanks for
the links, I'll follow up and see what all is needed.

Regards,
Post by David Newman
A promising maia login screen appears, but accessing
the login.php?super=register link leads only to a login failure.
In pho-postfix (which uses Maia), that initial login must be from the
full email address of a currently existing virtual user.
http://www.purplehat.org/?page_id=4
http://www.purplehat.org/?page_id=199
pho-postfix uses FreeBSD, so file locations will differ from CentOS, but
Maia setup is similar.
dn
_______________________________________________
Maia-users mailing list
http://www.renaissoft.com/cgi-bin/mailman/listinfo/maia-users
jjs - mainphrame
2015-07-29 20:20:59 UTC
Permalink
Hmm - I've looked over the pho links, and while FreeBSD specific, they are
useful. Definitely bookmarked. The one thing I didn't find was how to get
an initial maia user into the maia database to begin with. Chicken and egg
problem. Perhaps I can export my admin user from the 1.0.3 database and
import it into the 1.0.4 database... But I'm guessing there is a "right"
way to do this without resorting to such kludges.

To recap, the main difference I'm seeing is that in 1.0.3 an initial user
can be created with internal-init.php, while 1.0.4 responds to
internal-init.php with a blank screen.

My only doubt is whether that is by design in 1.0.4, and if so, what is the
right way to create the initial user.

Regards,

Joe
Post by jjs - mainphrame
David,
just as a sanity check, I'd set up a 1.0.3 server and the internal-init
worked just as I remembered it.
However, I'd really like to get up and running with 1.0.4, so thanks for
the links, I'll follow up and see what all is needed.
Regards,
Post by David Newman
A promising maia login screen appears, but accessing
the login.php?super=register link leads only to a login failure.
In pho-postfix (which uses Maia), that initial login must be from the
full email address of a currently existing virtual user.
http://www.purplehat.org/?page_id=4
http://www.purplehat.org/?page_id=199
pho-postfix uses FreeBSD, so file locations will differ from CentOS, but
Maia setup is similar.
dn
_______________________________________________
Maia-users mailing list
http://www.renaissoft.com/cgi-bin/mailman/listinfo/maia-users
David Newman
2015-07-29 21:46:59 UTC
Permalink
Post by jjs - mainphrame
The one thing I didn't find was how
to get an initial maia user into the maia database to begin with.
Chicken and egg problem.
It's not. In the pho-postfix instructions, you first create one or more
virtual email accounts in postfixadmin before Maia setup occurs. Maia
then calls an existing account with a MySQL query as database user
'vscan,' which is common to Dovecot and Maia.

Also, the docs say something about the need to define new domains in
Maia (though not necessarily new users) separately from when they're set
up in postfixadmin. Email domains, users, and aliases should all exist
before we get to Maia setup.

Your CentOS setup may differ on a lot of details, but the key point is
that a virtual email account exists (one usable by postfix and dovecot2)
_before_ configuring Maia.

dn
jjs - mainphrame
2015-07-29 21:53:38 UTC
Permalink
Ah, thanks for the clarification. The pho setup depends on building all of
the components. In my case, I'm setting up a standalone mailguard server,
which another postfix server will use as a transport for those
domains/users needing spam/virus handling.

Regards,

Joe
Post by David Newman
Post by jjs - mainphrame
The one thing I didn't find was how
to get an initial maia user into the maia database to begin with.
Chicken and egg problem.
It's not. In the pho-postfix instructions, you first create one or more
virtual email accounts in postfixadmin before Maia setup occurs. Maia
then calls an existing account with a MySQL query as database user
'vscan,' which is common to Dovecot and Maia.
Also, the docs say something about the need to define new domains in
Maia (though not necessarily new users) separately from when they're set
up in postfixadmin. Email domains, users, and aliases should all exist
before we get to Maia setup.
Your CentOS setup may differ on a lot of details, but the key point is
that a virtual email account exists (one usable by postfix and dovecot2)
_before_ configuring Maia.
dn
_______________________________________________
Maia-users mailing list
http://www.renaissoft.com/cgi-bin/mailman/listinfo/maia-users
jjs - mainphrame
2015-08-21 22:50:33 UTC
Permalink
I've since discovered what was going on with the failed logins, as I was
able to reproduce the issue without scrypt, and learned something about the
maia db schema in the process. In any case, I've put together some install
scripts for maia, which, when launched, ask a few questions and then do an
unattended install.

1.0.4 - Brings a fresh centos 7 container to successful login of first maia
user in a few minutes, depending on processing power and bandwidth
1.0.4r - Same procedure as above; tested on centos 7 and also the installer
for ubuntu 14.04 LTS
1.0.3 - Same procedure as above; tested on centos 6

1.0.4r is my testing fork, which uses native mysql password encryption,
plus the extra installer files.
1.0.3 is the legacy 1.0 branch forked from maiamailguard.com, plus the
extra installer files.

The scripts do the right thing here, but my platform coverage is sort of
narrow here; Except for one deployment to a KVM image of ubuntu 14.04, I've
only used OVZ containers in the testing, since they are incredibly fast and
easy to deploy.

if someone wants to try the installer on VMs or physical servers and tell
me what breaks, that would be great.

The 1.04r and the legacy repos:

1.04r - https://github.com/einheit/maia_mailguard
1.03r - https://github.com/einheit/mailguard_legacy

Regards,

Joe
Post by jjs - mainphrame
David,
just as a sanity check, I'd set up a 1.0.3 server and the internal-init
worked just as I remembered it.
However, I'd really like to get up and running with 1.0.4, so thanks for
the links, I'll follow up and see what all is needed.
Regards,
Post by David Newman
A promising maia login screen appears, but accessing
the login.php?super=register link leads only to a login failure.
In pho-postfix (which uses Maia), that initial login must be from the
full email address of a currently existing virtual user.
http://www.purplehat.org/?page_id=4
http://www.purplehat.org/?page_id=199
pho-postfix uses FreeBSD, so file locations will differ from CentOS, but
Maia setup is similar.
dn
_______________________________________________
Maia-users mailing list
http://www.renaissoft.com/cgi-bin/mailman/listinfo/maia-users
Joshua Small
2015-08-23 23:08:12 UTC
Permalink
Hi,

I’m going to say this once and then I won’t argue further.

Building a database of user credentials in 2015 using MD5 is irresponsible. Forking an existing project so you can remove a secure hashing library and replace it with MD5 is worse.

I don’t know where this term “native mysql encryption” is coming from, but what this code does – is MD5. It also replaced a CSPRNG with calls to mt_rand() for some reason.

From: Maia-users [mailto:maia-users-***@renaissoft.com] On Behalf Of jjs - mainphrame
Sent: Saturday, 22 August 2015 8:51 AM
To: maia-***@renaissoft.com
Subject: Re: [Maia-users] Plan to build a new mailguard server

I've since discovered what was going on with the failed logins, as I was able to reproduce the issue without scrypt, and learned something about the maia db schema in the process. In any case, I've put together some install scripts for maia, which, when launched, ask a few questions and then do an unattended install.

1.0.4 - Brings a fresh centos 7 container to successful login of first maia user in a few minutes, depending on processing power and bandwidth
1.0.4r - Same procedure as above; tested on centos 7 and also the installer for ubuntu 14.04 LTS
1.0.3 - Same procedure as above; tested on centos 6

1.0.4r is my testing fork, which uses native mysql password encryption, plus the extra installer files.
1.0.3 is the legacy 1.0 branch forked from maiamailguard.com<http://maiamailguard.com>, plus the extra installer files.

The scripts do the right thing here, but my platform coverage is sort of narrow here; Except for one deployment to a KVM image of ubuntu 14.04, I've only used OVZ containers in the testing, since they are incredibly fast and easy to deploy.

if someone wants to try the installer on VMs or physical servers and tell me what breaks, that would be great.

The 1.04r and the legacy repos:

1.04r - https://github.com/einheit/maia_mailguard
1.03r - https://github.com/einheit/mailguard_legacy

Regards,

Joe

On Wed, Jul 29, 2015 at 12:36 PM, jjs - mainphrame <***@mainphrame.com<mailto:***@mainphrame.com>> wrote:
David,

just as a sanity check, I'd set up a 1.0.3 server and the internal-init worked just as I remembered it.

However, I'd really like to get up and running with 1.0.4, so thanks for the links, I'll follow up and see what all is needed.

Regards,
A promising maia login screen appears, but accessing
the login.php?super=register link leads only to a login failure.
In pho-postfix (which uses Maia), that initial login must be from the
full email address of a currently existing virtual user.

pho-postfix start page:

http://www.purplehat.org/?page_id=4

Maia setup page, requires all preceding steps:

http://www.purplehat.org/?page_id=199

pho-postfix uses FreeBSD, so file locations will differ from CentOS, but
Maia setup is similar.

dn

_______________________________________________
Maia-users mailing list
Maia-***@renaissoft.com<mailto:Maia-***@renaissoft.com>
http://www.renaissoft.com/cgi-bin/mailman/listinfo/maia-users
jjs - mainphrame
2015-08-23 23:35:08 UTC
Permalink
Hi Joshua,

Thanks for your input. Obviously you feel strongly about encryption, and
that's as it should be.

My aim was to preserve not only the old 1.03 version from rennaissoft for
reference, but an updated version of that to work with newer distros, in a
repo which I could test and update quickly.

But since then, I've been testing with the technion branch as well, and
I've made a repo for the 1.0.4 install scripts, which I've used for several
installs on Centos 7 containers, all of which appear to be working, apart
from some cosmetic breakage that came from moving internal-init.php into
/admin. (I've only ever used internal auth, so it's fine for my needs).

Thanks & Regards,

Regards,

Joe
Post by Joshua Small
Hi,
I’m going to say this once and then I won’t argue further.
Building a database of user credentials in 2015 using MD5 is
irresponsible. Forking an existing project so you can remove a secure
hashing library and replace it with MD5 is worse.
I don’t know where this term “native mysql encryption” is coming from, but
what this code does – is MD5. It also replaced a CSPRNG with calls to
mt_rand() for some reason.
Of *jjs - mainphrame
*Sent:* Saturday, 22 August 2015 8:51 AM
*Subject:* Re: [Maia-users] Plan to build a new mailguard server
I've since discovered what was going on with the failed logins, as I was
able to reproduce the issue without scrypt, and learned something about the
maia db schema in the process. In any case, I've put together some install
scripts for maia, which, when launched, ask a few questions and then do an
unattended install.
1.0.4 - Brings a fresh centos 7 container to successful login of first
maia user in a few minutes, depending on processing power and bandwidth
1.0.4r - Same procedure as above; tested on centos 7 and also the
installer for ubuntu 14.04 LTS
1.0.3 - Same procedure as above; tested on centos 6
1.0.4r is my testing fork, which uses native mysql password encryption,
plus the extra installer files.
1.0.3 is the legacy 1.0 branch forked from maiamailguard.com, plus the
extra installer files.
The scripts do the right thing here, but my platform coverage is sort of
narrow here; Except for one deployment to a KVM image of ubuntu 14.04, I've
only used OVZ containers in the testing, since they are incredibly fast and
easy to deploy.
if someone wants to try the installer on VMs or physical servers and tell
me what breaks, that would be great.
1.04r - https://github.com/einheit/maia_mailguard
1.03r - https://github.com/einheit/mailguard_legacy
Regards,
Joe
David,
just as a sanity check, I'd set up a 1.0.3 server and the internal-init
worked just as I remembered it.
However, I'd really like to get up and running with 1.0.4, so thanks for
the links, I'll follow up and see what all is needed.
Regards,
A promising maia login screen appears, but accessing
the login.php?super=register link leads only to a login failure.
In pho-postfix (which uses Maia), that initial login must be from the
full email address of a currently existing virtual user.
http://www.purplehat.org/?page_id=4
http://www.purplehat.org/?page_id=199
pho-postfix uses FreeBSD, so file locations will differ from CentOS, but
Maia setup is similar.
dn
_______________________________________________
Maia-users mailing list
http://www.renaissoft.com/cgi-bin/mailman/listinfo/maia-users
Joshua Small
2015-07-29 22:27:50 UTC
Permalink
Hi,

The initial user creation script you may be looking for would be admin/internal-init.php.

From: Maia-users [mailto:maia-users-***@renaissoft.com] On Behalf Of jjs - mainphrame
Sent: Thursday, 30 July 2015 5:18 AM
To: maia-***@renaissoft.com
Subject: Re: [Maia-users] Plan to build a new mailguard server

Greetings,

We've made some progress on building a mailguard server using the 1.04 from github on a Centos 7 instance, and have been able to satisfy configtest.pl<http://configtest.pl> and configtest.php, and to have maiad starting on boot.

A promising maia login screen appears, but accessing the login.php?super=register link leads only to a login failure.

I'm guessing some things have changed with the creation of the initial user. Any hints as to where I should look to get a handle on this?

Will gladly RTFM is shown which FM to R

Regards,

Joe



On Tue, Jul 28, 2015 at 3:53 PM, jjs - mainphrame <***@mainphrame.com<mailto:***@mainphrame.com>> wrote:
Joshua,

Thanks for the lead. I just happened to fire up a new Centos 7 server to play with openvz 7.

I'll see what it will take to get the modern fork up and running in a Centos 7 VE.

Joe


On Tue, Jul 28, 2015 at 3:47 PM, Joshua Small <***@daraco.com.au<mailto:***@daraco.com.au>> wrote:
Hi,

The more modern fork is obtainable at this address:

https://github.com/technion/maia_mailguard

I recommend and CentOS 7, however I’m aware several platforms have been tested.

From: Maia-users [mailto:maia-users-***@renaissoft.com<mailto:maia-users-***@renaissoft.com>] On Behalf Of jjs - mainphrame
Sent: Wednesday, 29 July 2015 4:27 AM
To: maia-***@renaissoft.com<mailto:maia-***@renaissoft.com>
Subject: [Maia-users] Plan to build a new mailguard server

Greetings -

It's been a few years since I've built a mailguard server, but I'm now in a new environment where spam management is sorely needed.

What is the preferred linux distro for mailguard deployment, or does it matter? What is the most up to date yet fully functional version of mailguard today?

We've deployed a number of them over the years, but the most recent build we did was an unofficial 1.0.3 back in 2013.

Would the current svn repo provide a good starting point? If not, what particular version is recommended?

Thanks & Regards,

Joe
jjs - mainphrame
2015-07-29 22:35:57 UTC
Permalink
Hi Joshua -

Yep, internal-init.php works like a charm on the 1.0.3 box I just built.
For some reason it only responds with a blank screen on the 1.0.4 box.

The 1.0.3 box is centos 6, the 1.0.4 box is centos 7. Could there be some
tighter php config, a need for more explicit statement of options in
php.ini to allow internal-init.php to work with the newer version of php?

Regards,

Joe
Hi Joshua -
Yep, internal-init.php works like a charm on the 1.0.3 box I just built.
For some reason it only responds with a blank screen on the 1.0.4 box.
The 1.0.3 box is centos 6, the 1.0.4 box is centos 7. Could there be some
tighter php config, a need for more explicit statement of options in
php.ini to allow internal-init.php to work with the newer version of php?
Regards,
Joe
Post by Joshua Small
Hi,
The initial user creation script you may be looking for would be admin/internal-init.php.
Of *jjs - mainphrame
*Sent:* Thursday, 30 July 2015 5:18 AM
*Subject:* Re: [Maia-users] Plan to build a new mailguard server
Greetings,
We've made some progress on building a mailguard server using the 1.04
from github on a Centos 7 instance, and have been able to satisfy
configtest.pl and configtest.php, and to have maiad starting on boot.
A promising maia login screen appears, but accessing
the login.php?super=register link leads only to a login failure.
I'm guessing some things have changed with the creation of the initial
user. Any hints as to where I should look to get a handle on this?
Will gladly RTFM is shown which FM to R
Regards,
Joe
Joshua,
Thanks for the lead. I just happened to fire up a new Centos 7 server to
play with openvz 7.
I'll see what it will take to get the modern fork up and running in a Centos 7 VE.
Joe
Hi,
https://github.com/technion/maia_mailguard
I recommend and CentOS 7, however I’m aware several platforms have been tested.
Of *jjs - mainphrame
*Sent:* Wednesday, 29 July 2015 4:27 AM
*Subject:* [Maia-users] Plan to build a new mailguard server
Greetings -
It's been a few years since I've built a mailguard server, but I'm now in
a new environment where spam management is sorely needed.
What is the preferred linux distro for mailguard deployment, or does it
matter? What is the most up to date yet fully functional version of
mailguard today?
We've deployed a number of them over the years, but the most recent build
we did was an unofficial 1.0.3 back in 2013.
Would the current svn repo provide a good starting point? If not, what
particular version is recommended?
Thanks & Regards,
Joe
Loading...