This release tracks the upstream base OS’s update 6.9. The release notes for the upstream OS can be found at on the upstreams website
Support for disabling SMTP TIME rejections
Some users prefer to accept all messages regardless of the Virus infection status and Spam characteristics and quarantine the messages to allow them to be accessed via the web interface.
We have added the
Enable SMTP Time Rejection option to
baruwa-setup to allow
enabling and disabling rejection of messages at SMTP Time.
The recommended approach is to reject most messages at SMTP Time.
Support for disabling the DANE protocol
An option has been added to
baruwa-setup to allow for the enabling and disabling
the builtin DANE protocol support.
Improved Local Scores management
The management of spam rule local scores has been improved, it is now possible to set spam rule local scores to 0.0. It is also now possible to delete local scores.
Improved Sophos Integration
The more efficient
SOPHIE integration option is now available
for After SMTP time Anti-Virus scanning using
Sophos Antivirus for Linux.
To enable POST SMTP Time Scanning, select the
Sophos SAVID under virus checks
in the MailScanner settings section of the interface.
Improved F-Prot Integration
It is now possible to perform SMTP time Anti-Virus scanning using
This option is documented at F-PROT
We implemented this using the
FSCAND protocol and submitted the patch to the
upstream. Our contribution was accepted and will be part of Exim 4.90. We have
back ported the patch to Exim 4.89 for use in BaruwaOS.
Improved NTP Syncronization
This release has integrated the Chrony daemon to manage the network time sync function on the system. This replaces the cron driven ntpdate system we had in place. Chrony has several advantages over the traditional ntpd system shipped by default on most systems.
Improved Anti-Virus Signature updates
This release implements updates of custom ClamAV Anti-Virus signatures using the
built in freshclam system using
DatabaseCustomURL options that point to our
Due to the above changes the
clamav-unofficial-sigs package is thus depreciated
Improved Queue Monitoring support
With the introduction of the queuefile transport there are potentially 3 queues in Baruwa.
It is now possible to view the status of all the queues in the web interface. The
MTA queue and
Inbound queue are combined in the inbound queue view in the
It is also possible to monitor all the above queues both via NRPE and via SNMP.
The monitoring points configured for NRPE are the following.
MTA queue- exim_queue
Inbound queue- exim_scan_queue
Outbound queue- exim_outbound_queue
To enable monitoring of the MTA queues including the queuefile transport queue
we built a brand new nrpe plugin called
check_exim_queue and packaged as
Under SNMP the queues are available as
MTA queue- inboundq
Inbound queue- scanq
Outbound queue- outboundq
Improved Rate Limiting
In the previous versions it was not possible to rate limit hosts within CIDR networks, this version fixes that issue. Rate limiting will work correctly for relay hosts that are within a CIDR network configured for outbound relay.
Improved Brute Force Protection
MTA brute force SMTP password cracking protection has been furthe enhanced in this version to catch various tricks used by cracking software.
baruwa-unblock.sh command has been implemented for use in unblocking
hosts and users that have been blocked by brute force protection and MTA
The email generated when a sender has been blocked now includes instructions
on how to use the
baruwa-unblock.sh command to unblock the sender.
With the implementation of Chrony the
ntpdate package has been depreciated
Custom ClamAV signature updates are now handled by the built in freshclam system,
clamav-unofficial-sigs package is thus depreciated and removed.
ERROR with rpm_check_debug vs depsolve:’, ‘bind-libs = 32:9.8.2-0.47.rc1.el6_8.4 is needed by (installed) bind-32:9.8.2-0.47.rc1.el6_8.4.x86_64’
yum erase bind -y sed -i -e 's/nameserver 127.0.0.1/nameserver 184.108.40.206/' /etc/resolv.conf
Mail log entries containing ‘utf8 support required but not offered for forwarding’
If some messages are not being delivered an the logs contain the above error run the following commands:
echo "smtputf8_advertise_hosts =" >> /etc/exim/custom-vars.post service mailscanner restart