[BlueOnyx:17964] Updated Software PKGs in the BlueOnyx Shop

Wed Jul 8 00:30:18 -05 2015

Hi all,

A couple of updated PKGs have been published to the BlueOnyx Shop today
and we would like to let you know about the changes and enhancements
that were made:

AV-SPAM v6.1.0
===============

See: http://shop.blueonyx.it/av-spam.html

Availability:
--------------

AV-SPAM v6.1.0 is available for BlueOnyx 5207R, 5208R and 5209R
AV-SPAM v6.0.0 is available for BlueOnyx 5106R, 5107R and 5208R

New Features in AV-Spam v6.1:
-----------------------------

- Milter GeoIP to prevent SMTP-Auth logins and/or SMTP connections from
undesired countries.

- Milter GeoIP based email traffic accounting to report and limit how
many emails Vsites and Users can send.

What is Milter-GeoIP?
---------------------

One of the key problems of operating an email server (aside from inbound
SPAM or Virii) are of course the risks that the server is used to send
SPAM. Even if you take all sensible precautions: A clients home or
office computer could get compromised to send SPAM via your server,
using the clients login details. Or someone "guessed", brute forced or
stole the login details of one of your users. Or a weak PHP or Perl
script hosted on one of the Vsites gets compromised and is used to send
SPAM. Often you don't realize this until the point where it's already
way too late.

But no more!

Milter-GeoIP offers two additional lines of defense with which you can
prevent this and/or with which you will get notified once something like
this happens. The first line of defense is that you can block access to
SMTP-Auth and/or SMTP with GeoIP. IP addresses from undesired countries
can no longer use SMTP-Auth or SMTP on your server. Should a successful
SMTP-Auth login happen from a forbidden country, then you can either
block the access, or you can take it one step further and automatically
suspend the account in question to prevent further damage.

The second line of defense is that Milter-GeoIP does exact traffic
accounting for inbound and outbound email volumes on a per site and per
user basis. If a virtual site (or a user belonging to a virtual site)
sends more emails per day than allowed? In that case you will receive a
warning message by Active Monitor. Additionally: If a virtual site (or a
user of a virtual site) has sent more emails per day than allowed, then
no further emails can be sent by the affected user(s) and they receive a
distinct and informative error message by their email client.

These limits can be configured for system users, virtual sites and
virtual site users. The traffic accounting, reporting and blocking also
takes emails into account that were sent by scripts.

Milter-GeoIP was developed by Solarspeed.net and has been specifically
designed for BlueOnyx and the needs of BlueOnyx server administrators.

New Features in AV-Spam v6 (also included in 6.1):
---------------------------------------------------

- Milter Greylist: Updated to v4.4.3
- SpamAssassin: Updated to v3.4.0
- GUI for BlueOnyx 5106R, 5107R, 5108R, 5207R and 5208R
- Tighter GUI integration via BlueOnyx modules
- Ability to edit Milter-Greylist settings
- Automatic setup and configuration of the MySQL-backend

APF Firewall (v6.0.0)
======================

See: http://shop.blueonyx.it/apf-bfd.html

Advanced Policy Firewall (APF) with GeoIP SSH protection

APF is an iptables(netfilter) based command line driven firewall. We
modified it to work out of the box on BlueOnyx (all versions) and
included native BlueOnyx GUI pages to administer the most common options
of APF. Furthermore an Active Monitor component is included, which
monitors APF and reports any firewall outages or problems.

Additionally this package includes a GUI extension that allows to
protect SSH with GeoIP. If that feature is enabled, then access to SSH
is only possible from IP addresses that (according to the GeoIP
database) originate in one of the countries that you allow to access SSH.

APF works very well together with DFIX2. If both are installed, then
DFIX2 will use APF to create dynamic blocks on unwanted or suspicious
activity. These dynamic blocks can then also be managed through the GUI
pages of APF.

New Features:
--------------

- APF updated to the latest version (v9.7-2)
- GUI to edit the most common APF Settings
- SSH protection with GeoIP (editable through GUI)
- Active Monitor Component

Availability:
--------------

ALL BlueOnyx versions. The GUI for 5207R, 5208R and 5209R is a bit more
detailed, though.

DFIX2:
======

See: http://shop.blueonyx.it/dfix-2.html

DFIX 2 was created as an enhanced version of the previously released
free package. The new product performs event correlation across multiple
sources within your server. Event correlation is a procedure where a
stream of events is processed, in order to detect (and act on) certain
event groups that occur within predefined time windows. The correlation
is executed based on rules or signatures that are used by the engine.

DFIX 2 reads data from input sources, matches the data with patterns
(like regular expressions or Perl subroutines) for recognizing input
events, and correlates events according to the rules in its rule files.
DFIX 2 can then maintains firewall rules to block attacks, and produces
a log file to record all intrusion activity.

New Features:
--------------

- GUI to enable/disable DFIX2
- Active Monitor Component
- Integration with APF. If APF is present, DFIX2 will use it to generate
  temporary blocks. These blocked IP addresses can then be seen (and
  edited) in the APF management GUI pages on Chorizo enabled servers.

Other updated PKGs:
===================

Automated Backup:
------------------

All GUI input fields in the Chorizo GUI of this PKG that previously only
allowed a username as input now allow either a username or email addess
as valid input.

AWSTATS:
--------

Minor bugfixes

OpenWebmail:
------------

Fix of several post-install issues.

-- 
With best regards

Michael Stauber