Installation ¶

The following are the steps to install OpenProtect.

Installation

1. Download the install file ¶

Please fill the form at Anti spam download to get an email with a file download link and trial license. Download the install file on your mail server using a file downloader like wget:

wget <link-sent-in-email>

2. Run the install file ¶

Run the install file as root:

sh openprotect-stable.run

You’ll need to answer the questions the installer asks, including the target directory to install OpenProtect
Default is /opt and you can press <Enter> if you have more than 5 GB of free disk space there
Once the unpacking and install is done, the installer will exit, giving a command to start OpenProtect on system startup
Add that command to /etc/rc.local and make sure that file has executable permissions
That way, when the /etc/rc.local is run on system startup, OpenProtect startup command will also be run, starting OpenProtect related services
Also, if you don’t want to reboot the system, but want OpenProtect up and running, run that command as root

3. Reset administrator password ¶

Reset the admin password by running:

chroot /opt/openprotect/current/ /opt/openprotect/webui/script/custom/reset_admin_pass

Note the new random password generated.

4. Login to the web interface ¶

Visit any of the server’s IP address and port 6677 in a browser and login with user admin and the new password generated in step 3 above.

Use firefox 3.6+ or chrome 7.x+ for better performance with the new AJAX web interface. For eg, if the server has a public IP, say 1.2.3.4, then visit http://1.2.3.4:6677 in your browser.

5. Add the license ¶

On your first visit, the web interface will redirect to the license view.

Open the license you’ve received from us in a text editor.
Copy and paste the full text content into the text area in the license view and update the license.
Now you should see license information like the no.of users, start and expiry date etc for the license.

6. Change the listen IP:Port of your existing mail server ¶

Suppose you have a domain a domain domain.com with MX IP 1.2.3.4 and the mail server running on 1.2.3.4:25, and on 1.2.3.4:587 for your users using SMTP-AUTH.

Now you need to set OpenProtect SMTP server at 1.2.3.4:25 to receive mails at the MX and change your mail server or MTA to listen on 127.0.0.1:10025.
OpenProtect will filter the incoming mails from 3rd party domains and relay the clean mails to your MTA at 127.0.0.1:10025 using SMTP and your users will be protected from spam, virus, phishing mails.
Your users can still send mails using SMTP-AUTH via the 1.2.3.4:587 or webmail etc as usual.

See Mail Server Settings for changing the listen IP:Port in your particular MTA.

7. Configure OpenProtect as your smarthost for outgoing mails ¶

If you want OpenProtect to accept mails from your MTA and relay them to the external domains, you need to configure your MTA to send all outgoing mails from your users via OpenProtect.

This feature is called SMTP Smarthost in most MTA.

Set OpenProtect’s IP address as the smarthost in your MTA.

Now OpenProtect will accept mails from your MTA and relay them and you can use OpenProtect’s virus filtering, phishing checks to protect the mail recipients. You can also make use of the advanced search interface of OpenProtect to track outgoing mails as well.

See Mail Server Settings for setting smarthost for in your particular Mail Server.

8. Add your domains and their destination host IP addresses ¶

OpenProtect needs to know your domains and the IP:Port to which the cleaned mails should be relayed via SMTP.

Suppose you changed your MTA to listen on 127.0.0.1:10025 as explained in 6. Change the listen IP:Port of your existing mail server.

Now go to the Domains view(Click Settings -> SMTP Filter Settings -> Domains or press Ctrl+Shift+M)
Click Add and add a domain and it’s destination host.
Enter domain.com for the domain field and 127.0.0.1:10025 for the destination host field and click Save.

The destination host can be any other IP:Port on another machine too, if you want to have one or more servers doing filtering at the MX using OpenProtect and normal MTA duty inside using one or more servers.

9. Setup OpenProtect to listen at the MX ¶

Now, your MTA isn’t listening on the MX and you need OpenProtect to listen at your MX IP addresses port 25.

To do that, go to the General SMTP filter settings view (Click Settings -> SMTP Filter Settings -> General settings or press Ctrl+Shift+G)
Set the space separated list of IP:Port pairs OpenProtect SMTP server should listen on.
If you changed your mail server to listen on 1.2.3.4:10025 in 6. Change the listen IP:Port of your existing mail server, then set 1.2.3.4:25 for OpenProtect. You can use more IP:Port with space in between, like 1.2.3.4:25 5.6.7.8:10025 etc.
Now, OpenProtect will listen at these MX IP addresses, receive all mails, filter them and deliver the clean mails to your server at 1.2.3.4:10025 by using the setting entered in 8. Add your domains and their destination host IP addresses above.

10. Set SMTP primary hostname ¶

In the General SMTP filter settings, set the SMTP primary hostname to the Fully Qualified Domain Name(FQDN) of your MX.

Say your domain is domain.com and mail.domain.com is the A or MX record which has the same IP as the MX IP, then set the value to mail.domain.com.
This way, OpenProtect will use the EHLO name mail.domain.com when sending outgoing mails to external domains, and the anti spam filters on the external domains won’t complain that the A or MX record of OpenProtect doesn’t match EHLO.

11. Add trusted Relay hosts ¶

Go to the Relay Hosts view (Click Settings -> SMTP Filter Settings -> Relay Hosts or press Ctrl+Shift+H)
Add your MTA‘s IP address to the list of trusted relay hosts. For eg, if your existing mail server runs on a separate server at 1.2.3.5, add 1.2.3.5 here. If it runs on the same machine as OpenProtect, add 127.0.0.1 here.
Now, mails from your mail server can be routed via OpenProtect and OpenProtect won’t reject mails from your server.
OpenProtect can also accept mail from your DB server, web server etc which may send hourly, daily, weekly database or analytics reports to different email addresses. Add the IP addresses of those servers too to this list to ensure that OpenProtect relays those mails without any rejects.

12. Send test mails ¶

The basic setup is now complete. Now is the time to test the setup.

Send a test mail from your gmail or some other external address to one of your addresses on the mail server and see if the mail is filtered in OpenProtect and being relayed to your MTA/mail server.
Similarly, send a mail via your mail server and see if OpenProtect relays them to the destination domain correctly. This step isn’t needed, if you send your outgoing mails directly via your existing mail server.
Sending outgoing mails via OpenProtect could be useful, if you plan to make use of OpenProtect advanced search, SMTP queue, or the SMTP log view.

OpenProtect v2011.2.682 documentation