Install and Configure Email Filter Appliance (E.F.A): step by step Guide

What is Email Filter Appliance (E.F.A)

E.F.A or Email Filter Appliance is one of the most popular Opensource applications for filtering Email Spam & viruses. It is a community-driven project. It combines renowned open-source software to build a powerful Spam Filtering Platform.

EFA includes well-known anti-spam programs like MailScanner, SpamAssassin, ClamAV, MailWatch, Razor, Pyzor, DCC, SQL Grey, and Image Cerberus for its various spam detection techniques, you can find detailed information here.

Deployment Scenario

E.F.A is an Opensource Email Security Appliance Or Email Security Gateway Application. We can deploy E.F.A on the edge of the Mail Servers. All Mail Servers will receive mail after it has been scanned by the appliance.

The scenario is the same during Inbound email and outbound email scans. E.F.A deployment depends on several factors like current infrastructure, resource availability, investment, and so on.

In my other blog post, I have described some common scenarios for spam filter deployment. EFA fits in all those environments. EFA can be installed on physical hardware Or a virtual private server (VPS) and can be used on-premise and in the cloud also.

In summary, I depicted the placement of EFA in the image below.

In every scenario above, E.F.A will receive mail from the internet and after scanning, it will deliver the clean mail to the primary mailbox server. If our email load is high, we can configure multiple E.F.A appliances to distribute the load. To learn about incoming mail load balancing you can read my other blog post here

Email Filter Appliance Installation:

We can install EFA on CentOS 7 minimal install. Either we can use the CentOS ISO Or we can Download the ISO Provided by E.F.A. 

Before installation, we have to meet some requirements, to run the System in a Production mood. Systems hardware must be capable of handling the Scanning operation smoothly.

So allocating proper hardware resources is important, and the system hostname/domain name, SELinux needs to be configured properly.

Below we discussed the following:

1. System Requirements
2. System Preparation
3. EFA Installation Methods

1. System Requirements.

On the Official Page, they mentioned minimum Installation requirements, like this.

• A dedicated system for eFa4
• CentOS 7 (minimal install preferred)
• 2 CPU’s
• 100GB of hard-drive space (SSD highly preferred)
• 8GB memory (dedicated)

But, we may need to allocate more resources to the system, because Spam Filtering and virus scanning both are CPU and I/O Intensive workloads, more RAM and I/O will be necessary if the scanner handles a large amount of mail per hour.

2. System Preparation.

Before Installation we need some system preparation, to run the installation smoothly and After Installation to Run the System In a production mode.

1. Hostname & Fqdn

we are assigning our EFA systems hostname as “efa” and domain name is “mailserverguru.com” So, the FQDN will be  “efa.mailserverguru.com”.

# Assigning System Hostname
hostnamectl set-hostname efa
# Now Check the Hostname
hostname 

# Assigning Systems FQDN
vi /etc/hosts
127.0.0.1        localhost.localdomain    localhost
192.168.99.204   efa.mailserverguru.com   efa
//saving the file
:x
# Now Check the Domain Name and FQDN with the following commands.
dnsdomainname
hostname -f

2. Disable Iptables

During Installation EFA will connect to several mirrors and download a lot of packages, For Smooth Installation,  We need to disable IpTables for now.

systemctl stop firewalld

3. SeLinux Configuration

We need to set the SeLinux in Permissive mode, if we disable SeLinux, EFA installation script will complain and Stop proceeding.

# Changing SELinux to Permissive Mode Permanently.
 
vi /etc/selinux/config
 
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=permissive
# SELINUXTYPE= can take one of three two values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected.
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted
 
//saving the file
:x
 
 
# Now Reboot the System.
shutdown -r now
 
 
# Now, Check the SeLinux Status.
sestatus
 
SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   permissive
Mode from config file:          permissive
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Max kernel policy version:      31

3. E.F.A Installation Methods.

E.F.A provides 2 methods for installation.

1st, One-Step Install, EFA can be installed with a single command, just run the following command as root:

curl -sSL https://install.efa-project.org | bash

2nd, Detail Install Method, you can download the installation script then observe the script for anything you like to change and finally, run the script to Install EFA.

wget -O build.bash https://install.efa-project.org bash build.bash

Please see the video above, for step by step installation of Email Filter Appliance