Linux installation

This page describes how to install MailWasher Server on x86-compatible Linux systems.

On Linux, MailWasher Server currently supports x86-compatible architectures only.

MailWasher Server integrates into your existing mail server using a program called a mail conduit, which is specific to the mail server software. MailWasher Server supports the following mail servers on Linux:

Distributions or versions other than the above may work, but are not officially supported by Firetrust and have not been tested. To inquire about support for other platforms, please contact Firetrust. Note that Linux systems with glibc versions earlier than 2.2.5 will not be able to run MailWasher Server, and that Sendmail support requires a version of Sendmail that supports Milters.

The remainder of this document assumes that one of the above operating systems is installed and configured, and that Sendmail or qmail is installed and configured to receive mail.

To help protect your system's security, the two MailWasher Server daemons run under an unpriviledged mwserver user and group, which will be created if necessary during the installation process. Both mail conduits are also normal unpriviledged, non-setuid binaries, but are run in different ways (see Installing the mail conduit below).

On Linux, MailWasher Server stores files in five locations, following the normal conventions for third-party Linux software:

The runtime databases are stored in a configurable location, by default /var/lib/mwserver. These files are initially less than a megabyte, however they will expand as the amount of quarantined email stored by the system increases. The space required depends on the volume of mail processed by your system and the MailWasher Server configuration options set, but as a guide we recommend that the partition hosting this directory have at least 100MB available. The unpriviledged mwserver user and group own this directory, so that they may write to it.

Finally, there is a small configuration file, /etc/mwserver.conf. This configuration file is created by the MailWasher Server installer and should not normally be edited manually. It contains only the settings necessary to get the MailWasher Server daemons started; all other options are configured using the web interface and stored in the database. This file should be writeable only by system administrators.

MailWasher Server is distributed as an executable installer. The installer must be run as root, so that it can set up the MailWasher Server directories and priviledges. Download the Linux installer from the Firetrust website. Run it, as root, by changing into the directory it was saved in, marking it executable using chmod +x mwserver-installer.bin, and running ./mwserver-installer.bin.

Creating the MailWasher Server user and group. The installer first checks to see if the mwserver user and group exist. If the user and group do not already exist, you will be asked if the installer should create them. If you would prefer to create the user and group manually, do so with the commands groupadd mwserver to create the group, and useradd -g mwserver mwserver, and answer No. Otherwise, answer Yes.

Selecting the program files directory. You will be prompted to enter the location to which to install the executables and supporting files. The default is /usr/local/mwserver. There should be at least 10Mb available on this partition for installation. MailWasher Server should always be installed in its own directory, preferrably in the location on the filesystem usually reserved for third-party software (typically /usr/local).

For example, if the users of the web interface will always access it from an internal LAN, you may prefer to have the web interface bind only to the LAN address, so that it cannot be accessed from the Internet.

To have the web interface bind to all interfaces, accept the default by pressing return; to have it bind to any other interface, enter the IP address of that interface, and press return.

To have the web interface bind to port 4044, accept the default by pressing return; to have it bind to a different port, enter the port number and press return. Note that since the Web Interface daemon runs as an unpriviledged user account, it cannot bind to ports lower than 1024.

Installing the startup/shutdown scripts. The installer will then create two scripts, /etc/init.d/mwserver-mpd.sh and /etc/init.d/mwserver-mwi.sh, which you can run to start and stop MailWasher Server. However, the installation script does not create the runlevel symlinks necessary to have the daemons start and shutdown automatically; see Setting up the startup and shutdown scripts below.

Starting the daemons. The installer then asks if the daemons should be started so that you can configure MailWasher Server (remember that the mail conduit has not yet been installed, so MailWasher Server is not yet filtering your email). To have the daemons started now, answer Yes. Otherwise, answer No, and see the instructions below to start the daemons manually. In either case, you must set up the runlevel symlinks to have MailWasher Server automatically start and stop with your system; see Setting up the startup and shutdown scripts.

The MailWasher Server installer creates two scripts in /etc/init.d that you can use to start and stop the MailWasher Server daemons. To start MailWasher Server manually, run the following:

However, while the installer creates these scripts, it does not link these scripts into your operating system boot sequence, because the procedure to do so varies depending on your distribution and system settings. To have these scripts run automatically when the system starts up or shuts down, you must set up the runlevel symlinks in the /etc/rcX.d directories.

These links are named the same as the script, but with a three-character prefix, 'S' or 'K' followed by a two-digit number. 'S' means to start the service in this runlevel, 'K' means stop it. The number denotes the order in which the services start, lowest first.

It is important that MailWasher Server start before the MTA (ie. Sendmail or qmail), so that it is ready to process the mail as soon as MTA starts receiving it. The defaults given below should accomplish this for default installations on the given operating systems, but it is recommended that you check that the ordering is correct.

To check the ordering, look in the /etc/rcX.d directories after following the directions below for your operating system. If the Sxxmwserver links have a lower number than the links for the MTA, and the Kxxmwserver ones a higher number, then everything is correct. Otherwise, adjust the links by manually renaming them.

Redhat and SuSE both provide a utility called chkconfig for adding new services to the boot sequence. To have MailWasher Server started automatically on boot and stopped on system shutdown, run the following (as root):

To stop the services from being automatically started and stopped, run the following (as root):

Debian provides a utility called update-rc.d for adding new services to the boot sequence. To have MailWasher Server started automatically on boot and stopped on shutdown, run the following (as root):

To stop the services from being automatically started and stopped, run the following (as root):

The MailWasher Server daemons have now been started, and the product can now be configured using the web interface. Open your web browser and go to the address and port you specified during the installer - for example http://your server's name:4044/.

The setup wizard will help you create an administrator account, configure MailWasher Server, and test that it can successfully connect to the FirstAlert! service (unless FirstAlert! access is disabled). Access is required to port 4050 on the FirstAlert! server, so your firewall configuration may need to be adjusted accordingly.

The mail conduits are software components which check each incoming message against the Mail Processing Daemon, and then accepts, blocks, or bounces the message. Each mail conduit is specific to a particular MTA.

To use MailWasher Server with Sendmail, a version of Sendmail supporting the Milter interface is needed. The versions supplied with Redhat Linux, SuSE Linux and Debian GNU/Linux support this automatically. If you are not using the Sendmail packages from these distributions, see the instructions on compiling and installing Sendmail on the sendmail.org website if required.

To reconfigure Sendmail, the Sendmail configuration macros are needed. These are included with the source distribution of Sendmail, but Redhat Linux, SuSE Linux and Debian GNU/Linux all have a separate sendmail-cf package which must be installed according to the usual method for the platform. If you are using one of these distributions, install this package before continuing, and edit the sendmail.mc file if necessary to match your current configuration.

Step	Action
1	Change into the cf subdirectory of the Sendmail configuration directory.
2	Edit the sendmail.mc configuration file, and add the following lines at the end of the file: INPUT_MAIL_FILTER(`mailwasher_server', `S=unix:/var/run/mwserver/mpd.sock, F=T, T=S:4m;R:4m') define(`confINPUT_MAIL_FILTERS', `mailwasher_server') (Note that each quoted string in the text above starts with the backquote, `, but ends with a normal single quote, '.)
3	Run the m4 macro processor to generate the new sendmail.cf file using m4 sendmail.mc >sendmail.cf.new.
4	Copy sendmail.cf.new to the appropriate location for your system (usually /etc/sendmail.cf or /etc/mail/sendmail.cf).
5	Restart sendmail using /etc/init.d/sendmail stop and /etc/init.d/sendmail start.

Step	Action
1	Change into the cf subdirectory of the Sendmail configuration directory.
2	Remove the sendmail.mc lines added in step 2 above.
3	Run the m4 macro processor to generate the new sendmail.cf file using m4 sendmail.mc >sendmail.cf.new.
4	Copy sendmail.cf.new to the appropriate location for your system (usually /etc/sendmail.cf or /etc/mail/sendmail.cf).
5	Restart sendmail using /etc/init.d/sendmail stop and /etc/init.d/sendmail start.

Version 1 of MailWasher Server required that a seperate Sendmail conduit daemon be set up and run to connect Sendmail to MailWasher Server. Version 2 adds direct support for Sendmail's Milter protocol to the Mail Processing Daemon, so the seperate Sendmail conduit is no longer required.

Complete the following steps to remove the old Sendmail mail conduit daemon and update Sendmail's configuration to connect to the MPD directly.

Step	Action
1	Change into the cf subdirectory of the Sendmail configuration directory.
2	Edit sendmail.mc and replace /var/run/mwserver/sendmailconduit.sock with /var/run/mwserver/mpd.sock.
3	Run the m4 macro processor to generate the new sendmail.cf file using m4 sendmail.mc >sendmail.cf.new.
4	Copy sendmail.cf.new to the appropriate location for your system (usually /etc/sendmail.cf or /etc/mail/sendmail.cf).
5	Restart sendmail using /etc/init.d/sendmail stop and /etc/init.d/sendmail start.
6	Run /etc/init.d/mwserver-sendmail-conduit.sh stop to stop the old Sendmail mail conduit daemon.
7	Remove /etc/init.d/mwserver-sendmail-conduit.sh and any runlevel symlinks you set up to point to it.

To install the qmail conduit, run the install-qmail-conduit.sh script in the other subdirectory of the MailWasher Server product directory you selected during installation (usually /usr/local/mwserver).

If you would prefer to install the qmail conduit manually, complete the following steps:

Step	Action
1	Stop qmail.
2	Change into the qmail binaries directory, usually /var/qmail/bin/.
3	Rename the qmail-queue binary to qmail-queue-mws-orig (mv qmail-queue qmail-queue-mws-orig).
4	Copy the MailWasher Server qmail-conduit binary, found in the bin subdirectory of the MailWasher server product directory you selected during installation (usually /usr/local/mwserver), to qmail-queue (note the filename change!) in the current directory (for example, cp /usr/local/mwserver/qmail-conduit qmail-queue).
5	Restart qmail.

Some user-run qmail sites on the web suggest running the qmail daemons under a resource limit (rlimit), such as set by the softlimit utility or the ulimit shell builtin. This resource limit may need to be increased when you install the qmail conduit (whether you install it using automated or manual installation) as it may not allow enough memory space for the system libraries required by the conduit to be mapped in.

If you see errors such as "error while loading shared libraries: [library name]: failed to map segment from shared object: Cannot allocate memory" or "ld.so.1: bin/qmail-queue: fatal: [library name]: mmap failed: Not enough space" appearing in your mail logs, check your qmail-smtpd configuration (usually in /service/qmail-smtpd/run) for softlimit or ulimit commands and increase the limits, then restart the service using svc (or the appropriate control script, if using a packaged version of qmail); note that just killing the daemon and allowing tcpserver to respawn it is not sufficient as that will not re-run the script with the higher limit.

To uninstall the qmail conduit, run the uninstall-qmail-conduit.sh script in the other subdirectory of the MailWasher Server product directory you selected during installation (usually /usr/local/mwserver).

If you would prefer to install the qmail conduit manually, complete the following steps:

Step	Action
1	Stop qmail.
2	Change into the qmail binaries directory, usually /var/qmail/bin/.
3	Remove the MailWasher Server qmail conduit binary (rm qmail-queue).
4	Rename the qmail-queue-mws-orig binary to qmail-queue (mv qmail-queue-mws-orig qmail-queue).
5	Restart qmail.