Email gateway in 7 minutes

E-mail is still the main means of exchanging information both between company employees and with external customers. But popularity has another, not very pleasant side - viruses and spam that interfere with work and jeopardize the security of the system. The problem is not new, hundreds of solutions have already been developed: hardware and software, commercial and distributed under free licenses. The choice of a particular product depends on the characteristics of the organization, the training of IT personnel and funding opportunities.

Free solutions have traditionally been considered more complex to set up and require some experience. Partially it is like this: to frighten a beginner, it’s enough to read the instructions for configuring Postfix, SpamAssassin and related developments. But there is always a project whose developers offer ready-made settings that simplify implementation. One of these solutions is Scrollout F1, the possibilities of which we will consider under the cut. (many pictures)

By definition, Scrollout F1 is a pre-configured and automatically configured antivirus and anti-spam mail gateway that is intended for use on Linux and Windows networks and is licensed under GNU GPL v2.
Essentially, the product is a graphical user interface written in PHP and shell scripts with presets for a variety of open products -Postfix, getmail4, Razor, SpamAssassin, Pyzor, FuzzyOCR (picture spam), ClamAV, OpenSSL, MailGraph, RRDTool, iptables and others. The basis of everything is Linux (officially supported by Debian and Ubuntu). Based on this, the possibilities presented should be considered. Here are just some of them:
')
- anti-virus and anti-spam check of outgoing and incoming mail;
- checking messages according to the white and black lists of providers (RBL ratings), blocking spam images;
- geofiltration by IP of the sender, server, URL in the message and top-level domain (TLD);
- TLS support;
- checking incoming mail using DKIM and signing outgoing messages;
- DLP for MS Word documents, Excel, PowerPoint, PDF and images;
- The ability to create trap addresses to identify spam, easy learning spam filter;
- backup mail to a special address;
- and much more.

Some functions provided by Scrollout F1 are not even indicated on the site, you will learn about them in the process of learning scripts. For example, iptables rules set a limit on connections to ports 22 and 46, but presets are ready for others, just commenting is enough.

A few words about the Lite DLP feature, which helps prevent the leakage of important documents. The developers themselves do not call it a full-fledged DLP, so there is not much to demand from it. It works on the following principle. A shared SMB folder is created (using Windows or Samba), accessed by the company's department heads, and an account for Scrollout F1. Two subdirectories will be automatically created in this folder: lock and unlock. Scrollout F1 server analyzes all documents containing text (MS Office, PDF, etc.) and placed in lock, and if it finds a copy of one of them in the message, the transmission of the letter will be automatically blocked. All archives are unpacked, files for analysis are converted to text.

DLP sensitivity is set in the settings and allows you to intercept a document divided into several parts. MD5 is used to block files that cannot be detected by the content filter and are rarely changed (for example, images, audio, video). Accordingly, the white list and unlock documents are created by copying the file to unlock. There are no complaints about the Lite DLP function, it is much more difficult to teach the staff to copy data to a folder, in addition, you need to provide great control over the shared resource.

Developers do not position Scrollout F1. But, obviously, it is quite suitable for organizations that have several mail domains, running old mail servers, which are not necessary or possible to update, but need to strengthen the protection of both the server and e-mail.

The web interface is not localized, but there is no particular need for this. Settings are minimal and do not require special explanations for a person who has previously encountered mail services.

Installing Scrollout F1 is possible in two ways: on pure “hardware” using a prepared ISO (based on Debian, 32-bit version only) or on “pure” Debian / Ubuntu. Minimum system requirements: CPU x86 / AMD64, 384 MB of RAM and 3 GB on the hard disk are sufficient for a relative not more traffic of 100 users. Actual requirements should be selected based on the planned traffic, but the developers do not give recommendations.

Installation on Debian / Ubuntu is no different. You need to download the archive and run the script:

$ cd /tmp $ wget http://sourceforge.net/projects/scrollout/files/update/scrolloutf1.tar/download -O scrolloutf1.tar $ tar -xvf scrolloutf1.tar $ chmod 755 /tmp/scrolloutf1/www/bin/* $ sudo /tmp/scrolloutf1/www/bin/install.sh 

In the process, the script will download a number of packages from the repositories, the Scrollout F1 files will be copied to / var / www, the correct access rights will be set to them, the initial configuration of services will be made.

It is easier to create a virtual machine and boot from an ISO image, in the process of setting, specify the IP address with the ability to access the Internet.

Web-based management Scrollout F1
For registration go to the address: host-ip host-ip . Login details are “hidden” in the standard .htpasswd, and by default it is Admin and password 123456. After registration, you should immediately change it by going to the Secure -> Password tab or use htpasswd.

After registration, we get to the initial Scurity window (Secure -> Levels), in which you need to select the level of operation of the system components: from aggressive (green sector) to resolving (Permissive, red sector).



The main settings are located in five menus, the purpose of which is clear from the name: Connect, Route, Secure, Collect and Monitor. Some of them have submenus. Initially, it is necessary to change the network settings of the system. To do this, go to Connect, where we specify the host name, local IP, gateway IP and DNS server, as well as the DNS suffix.



Now we are rebuilding the gateway so that the SMTP traffic goes through the Scrollout F1 server and is redirected to the internal mail servers.

Accepted mail domains are added in the Route tab.



Often, business partners are only in certain countries, so part of the spam that came from other regions can be eliminated by country of origin. By default, Scrollout F1 does not perform geo-analysis and skips all mail. The necessary settings are located in the menu Secure -> Countries.



The mailbox in which spam and legal messages will be collected (white list) is specified in the Mailbox field in Collect - SPAM & LEGIT. For access, you must specify the IMAP server and credentials, you should also specify the name of the folder for spam and normal emails. Now throwing the appropriate messages in them, you can train filters. Spam Traps field contains trap addresses (without domain name); All messages sent here will always be marked as spam.



Pro Lite DLP wrote in detail eafanasov in his article



Actually, these are all settings. In addition, the event log viewer (filter is available) and workload graphs, visually showing the number of sent, received, discarded messages, spam and viruses, are implemented.





An introduction to Scrollout F1 shows that this is a simple and affordable solution that allows you to protect internal mail servers and block unwanted mail. At the same time, the product does not require special administration skills.