I N S T A L L A T I O N M A N U A L

© 2017 Fastnet SA, St-Sulpice, Switzerland. All rights reserved.

Reproduction in whole or in part in any form of this manual
without written permission of Fastnet SA is prohibited.
MailCleaner is a registered trademark of Fastnet SA.
All other trade names and trademarks cited in this manual
are the properties of their respective owners.

www.mailcleaner.net
S U M M A R Y

1 Infrastructure planning 4
Minimum requirements ................................................................................................................................. 4
Virtual Machine Download & Installation....................................................................................................... 4
Network environment .................................................................................................................................... 4
Typical MailCleaner Installation .................................................................................................................... 5
Typical MailCleaner Installation with Firewall and DMZ ................................................................................ 5

2 MailCleaner configuration assistant 6

System configuration .................................................................................................................................... 6
Finishing the installation ............................................................................................................................... 6

3 Registration 7
Registration for Enterprise Edition ................................................................................................................ 7
Registration for Community Edition .............................................................................................................. 8

4 Cluster configuration (optional) 9

Master configuration ................................................................................................................................... 10
Slave configuration ..................................................................................................................................... 10

5 Post installation 11
Test A ........................................................................................................................................................ 11
Test B ........................................................................................................................................................ 11
Final step .................................................................................................................................................... 11

VERY IMPORTANT:

This manual has been written deliberately short, and consequently very accurate.

Each requirement must be fulfilled and instructions strictly respected.

No support will be provided if these conditions are not met.

3 MailCleaner | Summary
 C H A P T E R 1

1 Infrastructure planning

Minimum requirements

Make sure that your hardware or Virtual Machine meets the minimum requirements:
▪ 2 CPU, 4 GB RAM
▪ 60 GB
▪ 100 Mbps network card
▪ 2 Mbps network connectivity

Virtual Machine Download & Installation

Download the latest MailCleaner Virtual Machine corresponding to your virtualization environment here :
https://www.mailcleaner.net/downloads/vm
For installation instructions follow the README inside the ZIP file.

Network environment

Please have on hand an IP address and a hostname to be dedicated to your MailCleaner. The hostname
must be resolvable via DNS. MailCleaner also needs Internet access on a number of ports. Make sure the
firewall allows the following traffic:
From the Internet to MailCleaner:
▪ 25 TCP (SMTP, from ANY and not recommended from a previous gateway).
▪ 80 and 443 TCP (HTTP(S), optional but required for user and administrative interfaces).
If your MailCleaner is in a private subnet behind a firewall, please do not forget to configure the necessary
NAT rules to forward traffic from the WAN to your MailCleaner server.
From MailCleaner to the Internet:
▪ 25 TCP (SMTP, to ANY or to a specific smtp gateway).
▪ 22 TCP (SSH, MailCleaner updates, limited to 195.176.194.0/24 and 193.246.63.0/24).
▪ 80 and 443 TCP (HTTP(S), to ANY and not through a gateway).
▪ 7 and 2703 TCP (Razor, to ANY).
▪ 24441 UDP (Pyzor, to ANY).
▪ 6277 UDP (DCC, to ANY).
If you plan on building a MailCleaner Cluster (see chapter 4 for more information), make sure that
traffic on the following protocols are allowed to pass between the different MailCleaner systems:
▪ 3306 and 3307 TCP (database synchronization).
▪ 22 TCP (MailCleaner internal synchronization).
▪ 5132 TCP (Web services).
▪ 161 UDP (SNMP, MailCleaner statistics)

4 MailCleaner | Infrastructure planning

 C H A P T E R 1

Typical MailCleaner Installation

LAN

AD or LDAP (Optional)
IP: ___.___.___.___

Internet

MailCleaner
Enterprise or Appliance Mail Server
IP: ___.___.___.___ IP: ___.___.___.___
Mask:___.___.___.___ Domain: _________
Gw: ___.___.___.___

Typical MailCleaner Installation with Firewall and DMZ

LAN

AD or LDAP
IP: ___.___.___.___
Firewall
WAN IP:___.___.___.___
LAN IP: ___.___.___.___
DMZ IP: ___.___.___.___

Internet
389 TCP
25 TCP (LDAP)
(SMTP NAT)
Mail Server
IP: ___.___.___.___
25 TCP (SMTP)
Domain: _________
25 TCP (SMTP)
22 TCP (SSH – updates)
80 & 443 (HTTP(S))
7 & 2703 TCP( Razor)
24441 UDP ( Pyzor)
6277 UDP (DCC)

MailCleaner
Enterprise or Appliance
IP: ___.___.___.___
Mask:___.___.___.___
Gw: ___.___.___.___

DMZ

5 MailCleaner | Infrastructure planning

 C H A P T E R 2

2 MailCleaner configuration assistant

System configuration

Once the installation of the Virtual Machine is finished, you can connect your favorite browser to the
MailCleaner wizard configurator:
https://yourhost:4242
Where yourhost refers to either the hostname or the IP address.

MailCleaner by default is configured for DHCP, so if you have DHCP, it will get an address on your
network and you could check your equipment to see what address it got.
If you do not have DHCP on your network MailCleaner could be accessible on 192.168.1.42

Note: Please disable this interface after installation in:

"Configuration – Base system – Network Settings"

The MailCleaner base system configuration assistant will help you install your MailCleaner product. You
simply have to follow the steps.

All necessary default password(s) are specified in the README file provided in the Virtual Machine
archive.

Finishing the installation

See also chapter 6 “Post Installation” for more information.

6 MailCleaner | MailCleaner configuration assistant

 C H A P T E R 3

3 Registration

This step will allow your MailCleaner to access the automatic update center to receive operating system
updates, patches and filtering rule updates (only for Enterprise Edition).

Registration for Enterprise Edition

If you wish to get automatic updates for your MailCleaner, you may want to register with MailCleaner’s
update service.
Once you get the settings back from our service (client id, reseller id/password, etc.), you must connect
your favorite browser to the MailCleaner web administration interface:
https://yourhost/admin/
Where yourhost refers to either the hostname or the IP address you provided during the installation.
The username is admin and the password is the one provided during the installation.
Select “Configuration” menu, “Base system” sub-menu and “Registration” section
You must fill all fields of this section with the information provided on your license certificate, by your
reseller or directly by MailCleaner Sales Department.
What is your reseller ID
The reseller ID as assigned by MailCleaner Sales Department.
What is your reseller password
The password associated with the reseller ID as assigned by MailCleaner Sales Department.
What is this client ID
The client (or customer) ID as assigned by MailCleaner: 4-digit ID

When finished, this step will register your MailCleaner installation with our update service.
Available updates will then be fetched every 15 minutes.
Anti-virus definitions are updated every hour by default.

VERY IMPORTANT:

Once you have installed and registered a MailCleaner server, let it fetch updates for a minimum of 1
hour prior to any configuration operation, including Cluster configuration.

7 MailCleaner | Registration
 C H A P T E R 3

Registration for Community Edition

If you want to register your Community Edition, you must connect your favorite browser to the MailCleaner
web administration interface:
https://yourhost/admin/
Where yourhost refers to either the hostname or the IP address you provided during the installation.
The username is admin and the password is the one provided during the installation.
Select “Configuration” menu, “Base system” sub-menu and “Registration” section

By registering your MailCleaner as Community Edition you can:

• Subscribe to our general newsletter

• Subscribe to our technical newsletter (updates and releases)

• Receive on a regular basis a free bayesian database (no real time update)

Your data will be treated as strictly confidential and not used commercially or redistributed.

VERY IMPORTANT:

The base filtering quality of the Community version is less accurate than the Enterprise version
because many modules are supplied without rules and without data:

- Empty Bayesian Bases

- Clam Spam Filters empty
- only free RBL's
- Limited newsletter filtering
- Only free anti-virus
- Support provided only by the community on forum.mailcleaner.org.

8 MailCleaner | Registration
 C H A P T E R 4

4 Cluster configuration (optional)

To filter very large volume of email and/or for security and redundancy reasons, MailCleaner has been
developed, from the very beginning, to work in a cluster configuration.
One server, defined as the master, holds the database configuration and hosts the administrator and user
web interfaces. The other servers in the cluster are defined as slaves.
First, install each server independently.

VERY IMPORTANT:

Once you have installed and registered a MailCleaner server, let it fetch updates for a minimum of 1
hour prior to any Cluster configuration.

VERY IMPORTANT:

Don’t make the cluster configuration until your servers are placed in their final location with definitive
IP configuration, and until you have verified that all the ports configuration, described in chapter 1, is
fulfilled for all members of your future cluster.

Once installed, the next step is to build the cluster.

You need to connect to each node (Master and Slave(s)) using SSH, with user root and the password you
defined in the configuration wizard.

VERY IMPORTANT: Root password has to be changed on all nodes before building a cluster.
Changing root password afterward could break the cluster.

9 MailCleaner | Cluster configuration

 C H A P T E R 4

Master configuration

Use the script located in:

/usr/mailcleaner/scripts/configuration/slaves.pl.

The first time, you will have to set the real hostname of the master. The real hostname is the Fully
Qualified Domain Name (FQDN) of the master server. This name must be resolvable by DNS.
Alternatively, you can use the master server's IP address in place of its name.
▪ Select option 1 (fully qualified hostname or ip). By default it is 127.0.0.1, which is to be changed in the
case of a cluster.
▪ Select option 4 to add a slave and enter the hostname or IP address and the password of the server.
▪ Back in the main menu, hit q to apply changes.

Slave configuration

Use the script located in:

/usr/mailcleaner/scripts/configuration/slaves.pl.

The first time, you will have to set the real hostname of the slave. The real hostname is the Fully Qualified
Domain Name (FQDN) of this slave. This name must be resolvable by DNS. Alternatively, you can use the
server's IP address in place of its name.
▪ Select option 1 (fully qualified hostname or ip). By default it is 127.0.0.1.
▪ Select option 5 to set this server as a slave. Enter the master's FQDN or IP address and password.
▪ Back in the main menu, hit q to apply changes.
You can now reach the admin interface of any server, but only the master will let you configure the system.
The master is also the only server that allows users to access their quarantine.

10 MailCleaner | Cluster configuration

 C H A P T E R 5

5 Post installation

You're almost finished! Now that you have completed the installation and registration of your MailCleaner,
it is time to configure it for the domains that you wish to filter. Please connect your web browser to the
MailCleaner web administrative console:

https://yourmailcleanerhost/admin/

Please configure the domains that you would like to protect in "Configuration – Domains – New domain".
Remember: MailCleaner will not be operational until it is configured for the domain(s) that you
would like to filter.
Once you have completed your domain configuration you can now test your new installation.

Test A

Please verify that users of each domain can access the user web interface:

https://yourmailcleanerhost/

Test B

Verify that messages go correctly through your MailCleaner by directly sending a message for an existing
user through your MailCleaner. For example, temporarily change your SMTP server in your mail software
to point to your MailCleaner server, or initiate a manual SMTP session from a command console using the
command telnet yourmailcleanerhost 25.

Final step

Once you have completed these two verifications, your MailCleaner installation is ready to be put in
production. The final step is making your installation visible to the rest of the world.
Modify your email routing by changing the MX records for the filtered domains, or by altering your firewall
or mail gateway configuration *.

Note: if you have more than one MailCleaner server (Cluster configuration), please use the same MX
priority for all of your MailCleaner servers.

Congratulations! Your installation is now complete.

11 MailCleaner | Post installation