Separate Mail service from Web service

14 posts / 0 new
Last post
#1 Thu, 10/09/2008 - 10:45
fuerst

Separate Mail service from Web service

Hi Virtualmin team, I'm currently evaluating a new control panel software for my ancient web hosting system. One of the big wishes I do have is separating the Mail server (including Spam/Virus filtering) from the Web server because I had bad experiences in the past when Spam waves were slowing down Web services.

I did read in the FAQ you are planning to allow services to be run on different servers. There you state among others "Distributed mail support is high on our todo list, and should be available in the near future."

That sounds promising and I would be more than happy to use such a feature. Any word about a completion date for this?

Thu, 10/09/2008 - 13:35
Joe
Joe's picture

Hi,

Currently, the core of mail processing has to be done on the same server that runs Virtualmin itself and does web and DNS hosting. However, the most expensive parts of mail handling are spam and virus scanning, which can be offloaded to separate systems by running remote spamd and clamd processes.

Virtualmin fully supports this, although you will need to setup those remote clamd and spamd servers yourself. Once this is done, you can set the remote host for spamc to use within Virtualmin, and the remote host for clamdscan in the appropriate config file..

--

Check out the forum guidelines!

Thu, 10/09/2008 - 13:41 (Reply to #2)
Joe
Joe's picture

--

Check out the forum guidelines!

Mon, 10/13/2008 - 08:45 (Reply to #3)
Joe
Joe's picture

[code:1]- Why do I have to install Virtualmin on the remote system which is supposed to run clamd (and Spamassassin in my case) only?[/code:1]

It's really just for convenience - you could set it up manually, but Virtualmin can do it with a single click.

- How do I configure the main box containing the Virtual Servers to use the remote clamd?

Good question - I have to admit that I haven't worked this out yet! There must be some config file or option to clamdscan to specify a remote host to use, but I haven't found it yet ..

--

Check out the forum guidelines!

Mon, 10/13/2008 - 10:47 (Reply to #4)
fuerst

I did not found either.
Looks like it is not supported by clamdscan.

One way may be using the clamd-stream-client (http://sourceforge.net/projects/clamd-stream-cl/). I did not try it yet because I don't like the idea of compiling manually. It's one thing more to watch when upgrading the system. Secondly Virtualmin does not support it so fiddling with config files behind it's back may not be the prefered way.

What do you think? Is clamd-stream-client worth a try?

Mon, 10/13/2008 - 11:55 (Reply to #5)
Joe
Joe's picture

clamd-stream-client is the way to go .. however, it has an output format different to clamdscan, so isn't currently supported by Virtualmin. But I will add support for it to Virtualmin 3.63, which I hope to have released this week ..

--

Check out the forum guidelines!

Mon, 10/13/2008 - 12:10 (Reply to #6)
fuerst

Looking forward to it, thanks a lot!

Sat, 10/25/2008 - 07:17 (Reply to #7)
beat

<b>JamieCameron wrote:</b>
<div class='quote'>Hi,

Currently, the core of mail processing has to be done on the same server that runs Virtualmin itself and does web and DNS hosting. However, the most expensive parts of mail handling are spam and virus scanning, which can be offloaded to separate systems by running remote spamd and clamd processes.

Virtualmin fully supports this, although you will need to setup those remote clamd and spamd servers yourself. Once this is done, you can set the remote host for spamc to use within Virtualmin, and the remote host for clamdscan in the appropriate config file..</div>

That's very nice :)

Btw, saw that virtualmin pro 3.63 became available.

I'm missing any description before upgrading.

- What else is new in 3.63 ?
- Is there an anouncements forum where we can subsribe for getting email announcements ?

You are doing great work, btw, virtualmin pro rocks.

Sat, 10/25/2008 - 10:49 (Reply to #8)
Joe
Joe's picture

<div class='quote'>- What else is new in 3.63 ?</div>

Here is the full change log :

<i>Updated the TWiki script installer to version 4.2.3, TikiWiki to 2.1, Squirrelmail to 1.4.16, WebCalendar to 1.2.0, WordPress MU to 2.6.2, Magento to 1.1.6, Gallery to 2.3-rc-2, MediaWiki to 1.13.2, ZenPhoto to 1.2.1, SugarCRM to 5.1.0a, OpenX to 2.6.2, osCommerce to 2.2rc2a, Drupal to 5.11/6.5, Mantis to 1.1.3, and phpMyAdmin to 2.11.9.2.
Updated the Horde installer to version 3.3, and all related applications to their corresponding latest versions.
Added the --source parameter to list-available-scripts.pl, and include script source in full output.
Ensure that resource limits (CPU, RAM and procesess) are never set for the Apache user, even when it is a member of a domain's group for which limits are set.
Plugins can now define additional inputs to appear on the Create Virtual Server page and accepted by create-domain.pl, for options specific to the plugin's feature.
The master administrator can now grant himself access to scripts disabled for regular users, with a new form on the Script Installers page.
When the user or group for a domain is changed, references to the old user or group in lgorotate.conf are updated to the new values.
Re-try S3 bucket creation three times if at first it fails, to avoid temporary outages or network problems.
When setting up clamd, the provided example init script is copied instead of bring modified, so that it can be safely replaced by RPM upgrades.
Changed the meaning of the 'Can choose database names?' server owner restriction to just prevent modification of the domain's default database, instead of blocking all database management.
Mail aliases that forward to all users in a domain can now be created, using the Edit Mail Aliases page or create-simple-alias.pl.
SSL keys with passphrases can now be installed on the Manage SSL Certificate page, and trying to use a key that needs a passphrase without one being entered will display an error.
The clamd-stream-client virus scanner can be selected to offload the actual scanning process to clamd on a remote system, if you have it installed.</i>

<div class='quote'>- Is there an anouncements forum where we can subsribe for getting email announcements ?</div>

Yes, I think we have a news forum, which Joe posts to regularly.

--

Check out the forum guidelines!

Fri, 10/10/2008 - 04:46
fuerst

Offloading Spam/Virus checking sounds good. Are there any documentation on how to do this or I'm on my own to discover it?

Fri, 10/10/2008 - 09:44 (Reply to #10)
Joe
Joe's picture

I've written up some documentation on this at http://www.virtualmin.com/documentation/id,spam_and_virus_scanning/ , near the bottom.

--

Check out the forum guidelines!

Mon, 10/13/2008 - 03:34
fuerst

Thanks a lot!

Following the documentation for getting of Spamassassin to a remote server was good and worked well.

I do not understand &quot;Setting up Clamd on a Remote System&quot; though:

- Why do I have to install Virtualmin on the remote system which is supposed to run clamd (and Spamassassin in my case) only?
- How do I configure the main box containing the Virtual Servers to use the remote clamd?

tia,
Bernhard

Mon, 01/19/2009 - 04:10
fuerst

Thanks for implementing and documenting the use of clamd-stream-client!

Just for the files: You can test if your remote ClamAV works by feeding it with a test virus created by the EICAR (European Institute for Computer Anti-Virus Research)

At the host used as ClamAV client download the EICAR test virus: http://www.eicar.org/download/eicar.com

Feed the remote ClamAV server using shell commands:

cat eicar.com | clamd-stream-client -d &lt;remote clamav server&gt;

clamd-stream-client must respond with:

Eicar-Test-Signature

&lt;remote clamav server&gt; is the IP or the host name you configured as &quot;Server host for clamd-stream-client&quot; in the &quot;Email Messages &gt; Spam and Virus Scanning&quot; form.

Mon, 01/19/2009 - 05:36 (Reply to #13)
andreychek

Thanks fuerst, that's good info -- I added a todo item to get the contents of your post into the documentation!
-Eric

Topic locked