Skip to main content
ISO Installation manual
Andrei Sviryd avatar
Written by Andrei Sviryd
Updated over a month ago

Table of Contents

Purpose

The purpose of this document is to explain how to install and configure a new server.

Installation Process

  1. Check the server requirements and create virual machine (VM)

  2. Check firewall rules requirements and configure your firewall according to these rules. If you can’t create all the needed firewall rules, please contact Cyfox support team. STRONGLY ADVISED TO CREATE FIREWALL RULES AND ALLOW MONITORING AT LEAST FOR THE FIRST 2 WEEKS.

  3. Download ISO and install a virtual machine. Follow the current guide and proceed with Mailsecure installation.

  4. Whitelist Mailsecure VM in your email server, so your email server will accept all messages from Mailsecure VM.

  5. If necessary, ask support team to make a migration form Pineapp server.

    Proceed to step 9.

  6. If there was no data migration from Pineapp server, then ask Mailsecure support team to add Customer and define username and password so you could login Mailsecure web panel.

  7. Connect to the Mailsecure VM using a web panel and configure local domains.

    Use this guide: add new local domain

  8. Add at least one user to Mailsecure system

    Use this guide: add new user

  9. Connect to the Mailsecure VM using a web panel and configure LDAP and/or Office 365 connectors, so LDAP or Office 365 users will be automatically added to the Mailsecue VM database.
    Use the next guides:
    Office 365: Create App and sync users
    Office 365: Create a new App secret key
    If you are not using connectors, please add users manually.

  10. Connect to the Mailsecure VM using a web panel and configure Smarthost (sending emails from your server to Mailsecure VM).

  11. Test Smarthost (local to remote): send a test message from your smarhost to exernal email address and check if the message is visible in Mail Traffic Manager.

    For example your Mailsecure host IP is 1.2.3.4. You configured smarthost.com domain as smarthost, external recepient mailbox is [email protected] and the sender smarthost mailbox is [email protected]
    - Use telnet command to connect to your host telnet 1.2.3.4 25
    - Identify yourself to the SMTP host EHLO smarthost.com
    - Send command MAIL FROM: <[email protected]>
    - Send command RCPT TO: <[email protected]>

    - Type Data and press Enter

    - Send command Subject: Test

    - Type . and press Enter
    - If you got the confirmation of successfully sent email, like 250 2.0.0 Ok: queued as ABC123456789 you can close telnet connection with the command QUIT
    - Check if just sent message is present in your mailbox

    A complete sample of your telnet session will look something like this:

    telnet 1.2.3.4 25
    220 example.com ESMTP server ready
    EHLO smarthost.com
    250-example.com Hello
    250-SIZE 37748736
    250-PIPELINING
    250-DSN
    250-ENHANCEDSTATUSCODES
    250-STARTTLS
    250-X-ANONYMOUSTLS
    250-AUTH NTLM
    250-X-EXPS GSSAPI NTLM
    250-8BITMIME
    250-BINARYMIME
    250-CHUNKING
    250 XRDST
    MAIL FROM: <[email protected]>
    250 2.1.0 Sender OK
    RCPT TO: <[email protected]>
    250 2.1.5 Recipient OK
    DATA
    354 End data with <CR><LF>.<CR><LF>
    Subject: Test
    .
    250 2.0.0 Ok: queued as 4DF961219C7

    If you got a response like 5.8.1 Domain auth for domain smarthost.com failed. Please add 1.1.1.1 to SPF or wait 1 hour for SPF resync. Or add 1.1.1. to manual allow record, or SASL LOGIN authentication failed: authentication failure please check your smarthost settings.

  12. Test remote to local.

    Send a test message to one of the mailboxes in Mailsecure VM and check if the message is visible in Mail Traffic Manager.

    For example your Mailsecure host name IP is 1.2.3.4, remote host in your local network is example.com, recepient mailbox is [email protected] and the sender mailbox is [email protected]

    - Use telnet command to connect from any host in your local network to your Mailsecure host telnet 1.2.3.4 25

    - Identify yourself to the SMTP host EHLO example.com

    - Send command MAIL FROM: <[email protected]>

    - Send command RCPT TO: <[email protected]>

    - Type Data and press Enter

    - Send command Subject: Test

    - Type . and press Enter

    - If you got the confirmation of successfully sent email, like 250 2.0.0 Ok: queued as ABC123456789 you can close telnet connection with the command QUIT

    - Check if just sent message is present in your mailbox

    A complete sample of your telnet session will look something like this:

    telnet 1.2.3.4 25
    Trying 1.2.3.4...
    Connected to 1.2.3.4.
    Escape character is '^]'.
    220 myhost.com Mailsecure
    EHLO example.com
    250-myhost.com
    250-PIPELINING
    250-SIZE 52428800
    250-VRFY
    250-ETRN
    250-STARTTLS
    250-ENHANCEDSTATUSCODES
    250-8BITMIME
    250-DSN
    250-SMTPUTF8
    250 CHUNKING
    MAIL FROM: <[email protected]>
    250 2.1.0 Ok
    RCPT TO: <[email protected]>
    250 2.1.5 Ok
    DATA
    354 End data with <CR><LF>.<CR><LF>
    Subject: Test
    .
    250 2.0.0 Ok: queued as 4DF961219C7

  13. Change the MX record to Mailsecure VM.

    Create SPF record pointing to Mailsecure server IP address.

  14. !!! Important!!!

    To avoid "TLS handshakes" failures between sending and receiving mail servers, please create reverse DNS record for the server IP address, pointing to the domain name in used TLS certificate.

Server requirements

Hardware requirements:

CPU

Minimum 2 vCpu

(with support of AVX instructions set)

Memory

Minimum 4Gb

Storage

Minimum 100Gb

Hyperthreading should be enabled in Hypervisor.

Please contact Mailsecure support team to get more information in choosing the propper server size.

Firewall rules

Installing iso image

  1. Wait for installation to begin.

2. Choose system installation disk

If there is only one disk in the system this step will be skipped and Mailsecure will be installed on the present disk.

3. Choose bootloader installation disk

If there is only one disk in the system this step will be skipped and the bootloader will be installed on the present disk.

4. Confirm your selection

If there is only one disk in the system this step will be skipped.

5. Choose the default network interface

If there is only one network interface in the system this step will be skipped and the default interface will be used.

6. Confirm your selection

If there is only one network interface in the system this step will be skipped.

7. Choose DHCP or static network configuration

If you choose DHCP, installation will move to the next step.

If you choose Static, you should enter a static IP address, netmask and gateway in additional dialogue windows.

After that you should confirm all the manual network settings.

8. Wait until data will be unpacked and copied to the host disk

9. Configure your host: FQDN, admin email, password, email size, MTM domain, certificate

10. Confirm or edit your configuration

11. Configuration will be applied and the machine will be rebooted

12. Wait until system reconfiguration will start

13. All the mandatory system inbound and outbound connections will be verified

14. Choose server type: single/director/scanner

! Important Note !

In case of cluster installation, be absolutely sure that the scanner can connect to the director server on port 5432 and 5672. Check firewall rules and other mechanisms of restricting access. If the scanner does not have access, the installation will fail.

15. Got through the configuration steps and confirm your selection

16. Wait until system will be updated

17. Wait until automatic tests will finish the system checks

18. Installation finished.

You can login to the system.

Login with user: mailsecure

Use password: insecure

19. Change user password.

Change password for user "mailsecure".

  • First enter your initial password: insecure

  • Then enter a new password (at least 6 symbols long).

  • Depending on your current connection type to the server (ssh, vnc, console, etc) the server may possibly reboot. After reboot login with your new password.

User commands

User “mailsecure” has a set of available commands.

Mailsecure related commands

ms-version

Show the current version

ms-update

Update to the latest version

ms-install

Initial installation

ms-edit-local

Edit mailsecure local configuration

Logging commands

ms-log-mail

Show mail log

ms-log-mailsecure

Show mailsecure log

ms-log-psql

Show database log

ms-log-redis

Show cache database log

ms-log-rspamd

Show rspamd log

ms-log-sys

Show system log

System commands

ms-ip

Show the network interfaces settings (IP, subnet mask, default gateway, etc).

Allows to configure network interfaces.

This command is password protected.

You should use credentials (Admin email and Admin password) from the server configuration step.

ms-route

Show the routing table of the system

ms-ping <IPv4 address>

Run the “Ping” Command (Press <Ctrl+c> to cancel command)

ms-host

Show the host name

ms-passwd

Change password for the current user

ms-firewall-off

Disable firewall

ms-firewall-on

Enable firewall

ms-zabbix-off

Disable zabbix-agent

ms-zabbix-on

Enable zabbix-agent

ms-show-remoteip

Show server public ip address

ms-service-restart

Restart Mailsecure server services

ms-show-services

Show running services

ms-cert

Allows to switch between Letsencrypt and self-signed certificates.

Allows to obtain a new Letsencrypt certificate.

ms-test-email

Send a test email.

ms-reboot

Reboot server

ms-shutdown

Shutdown server

Did this answer your question?