Taking a look at upcoming BaruwaOS release 6.9.1

January 12, 2018 at 01:00 PM | categories: Baruwa, Releases, Baruwa Enterprise, BaruwaOS, Baruwa Enterprise Edition, 6.9.1

We will release BaruwaOS 6.9.1 on Monday 5th Feb 2018, this post highlights some of the features and changes that will be introduced as part of this release.

This BaruwaOS release strides across two baruwa-core releases 2.1.6 and 2.1.7.

This is the biggest feature release since our 2.0.7 release that introduced BaruwaOS. It will be the last major BaruwaOS 6.x release. The focus will now shift to the BaruwaOS 7.x series. With this release BaruwaOS 6.x will go in to maintainance mode.

New Features

Backend Clustering

For many users clustering of backend systems to eliminate single points of failure has been one of the most requested features. It is now possible to cluster backend systems thus eliminating the single point of failure in a Baruwa cluster.

Failover between the master and slave systems is automated. Read and write operations are transparently routed to the slave and master systems respectively.

PostgreSQL upgrade

The PostgreSQL database has been updated to 10.1 which is the latest version, improves performance and has lots of features not available in the previous versions.

baruwa-setup will automatically migrate your database from 8.4.20 to 10.1, although this process has been tested you may run into issues. Make sure you schedule changes with your change management process and create a large upgrade window. If possible ensure you make the changes during the time window in which technical support is guaranteed to be available.

TLS encryption

TLS encryption for backend services is now mandatory, the Backend Traffic Encryption options have been depreciated. All services with external interfaces within the cluster now run over TLS.

To support this the builtin CA has been enhanced and automated. New cluster members now request certificates from the bootstrap server during the setup process.

Certificates are issued from intermediate CA’s for various components. To support the verification process the root CA certificate needs to be copied to the non bootstrap servers in the cluster prior to configuration.

User Delivery Servers

We have added support for User Delivery Servers, using this feature it is now possible to deliver mail for different users in a domain to different servers.

User Delivery Servers are added to a domain, and can then be assigned to user accounts in that domain.

Multiple User Delivery Servers can be added to a domain as well as assigned to a user.

SmartHosts

We have added support for SmartHosts, using this feature it is now possible to route outbound mail for a domain or an organization via an upstream smarthost.

This feature is useful for customers who want to send out mail via an external server that performs branding for example or archiving.

At the moment IP Address and SMTP AUTH based routing is supported. For SMTP AUTH the CRAM-MD5 and PLAIN mechanisms are supported over TLS.

SAML2 external authentication

Support has been added for the SAML2 external authentication method. Domains can now be configured to use SAML2 external authentication.

TOTP Two Factor OTP authentication

TOTP based Two Factor authentication support has been added, it is now possible to configure accounts to require Two Factor authentication. Any device or App that can generate TOTP tokens can be used. We recommend FreeOTP which is open source and developed by Redhat and available for Andriod and IOS.

Avast Anti Virus Engine support

The Avast Anti Virus Engine is now supported and can be configured as an SMTP Time or POST SMTP Time Anti Virus Engine. Avast AV requires a subscription, which you can purchase from us.

Support for blank email addresses in lists manager

It is now possible to enter a blank from address in the lists manager, this allows users to manage list entries for senders that set a blank <> address such as auto responders, bounce messages, etc.

Modular external authentication

External authentication is now modular meaning that you can install only the external authentication methods that you require and use. For example if you do not use LDAP you can disable that module.

On upgrade all external authentication modules will be disabled make sure that you enable the ones that you use in baruwa-setup.

Scanner RAM disk support

The mail scanning component now supports the use of a RAM disk. This can be used on systems where disk access is slow and causing a bottleneck. This option requires 1GB of dedicated RAM to operate correctly.

To enable use of the RAM disk, enable that in baruwa-setup.

Optimization of MTA configuration

The MTA dynamic configuration system has been optimized by consolidating the settings in to fewer files. This improves system performance by keeping less files open at any time.

Simplified Configuration

The number of configuration screens in clustered systems has been reduced. Most of the configuration options have been moved to the backend systems. For most options you only need to set them once on the bootstrap server. The other members of the cluster then pull these cluster wide configurations from the bootstrap server.

This is improves on the previous configuration where you needed to re-enter the same settings on several servers.

Due to the above changes, when upgrading you need to check the settings on your frontend systems and add those settings to your bootstrap server before running the updates on the frontend systems.

Improved Archive filtering

Filtering of archive contents has been improved. More archive types are now supported including 7zip based archives.

Depreciations

External Authentication

External authentication is now modular, all modules are disabled by default on upgrade. You need to explicitly enable the modules that you want to use.

Encrypt all backend traffic

The Encrypt all backend traffic option has been depreciated as backend encryption is now mandatory.

Memcached

Memcached is now an optional component. It was previously a mandatory component on mail profile systems, this is no longer the case.

Known Issues

Template changes

If you are using a custom template and do not update your templates you will ran into issues, ensure that you update your templates on upgrade.

Simplified Configuration

Make sure that you copy the configuration settings from existing frontend systems to your bootstrap server prior to updating the frontend systems.

You can get the settings from your frontend system by running the baruwa-setup -e command