background

Set up my Local Cloud servers for SpamExperts

Prerequisites

In order to have the Local Cloud software deployed on your servers, you need to ensure the following steps have been covered:

  1. Trial - The trial step is purely optional. Once you register for the Local Cloud trial, you don’t have to register again for installation. See more information about starting a Local Cloud trial here.
  2. Register - You have to create a SpamExperts account in order to place your order and proceed to the next steps. Click here to Register. This step is mandatory in case you haven’t registered already by setting up a Local Cloud trial (step 1).
  3. Place an order for the Local Cloud filtering service - On this step you will go to Client Area > Order > and Request a Quote. A billing ticket will be submitted. Please contact sales to ensure your billing request has been processed and receive confirmation of it.
  4. Fill in the Local Cloud Signup Form - Download the Local Cloud Signup form, fill in all the necessary information and send it to our Sales team. Preferably you can send it directly to your account manager who will give you all the contact details and necessary information.
  5. Proceed with the installation steps as detailed below.

Setup Requirements

Hardware Requirements

The minimum requirements are as follows:

  • Two CPU Cores
  • CPU >= 1.8 GHz
  • 4096MB RAM
  • 80GB diskspace. When choosing the disk size for the quarantine/logging role (by default the master), take into account that the larger the available disk space the more days you can store quarantine/logging data. This data can optionally be stored on a secondary mountpoint.
  • Storage type in order of preference:
    1. SSD
    2. SAS
    3. SATA
  • RAID1 is recommended against disk failure

Network requirements

  • A non-firewalled internet connection (or all required ports opened)
  • Each servername must resolve to one IPv4 (the primary server IP), and optionally in addition 1 IPv6 address (the primary server IPv6)
  • The primary IP of each server must have the reverse DNS set to the server hostname
  • All communication should be possible over the external IPs (in case of NAT), also communication between the servers in a SpamExperts setup.
  • Server hostnames must not be used as MX record hostnames, as they will be visible in the email headers and cannot be changed without a reinstallation. Instead, you can use separate MX record hostnames to easily control the mailflow.
  • Network Address Translation (NAT):
    • Please note we strongly recommend against using NAT, as from our experience clients often experience issues with their NAT setup. Issues with a wrongly set up internal networking are not supported. When using the SpamExperts solution behind a Network Address Translation (NAT) system you need to ensure the following requirements are met in full:
      • The server should only communicate on its primary external IP address that the server hostname is pointing to regardless of destination.
      • Servers should be able to communicate with each other on their external IP addresses.
      • The source IP address of connections made between servers should be the external primary IP address.
      • Hostnames must not resolve internally to private IP addresses.
    • Be Advised: Our solution is fully compatible with a NAT system when properly configured. If you have any questions, please contact our support team.

Software Requirements

  • Debian Linux (latest stable release) minimal installation with OpenSSH-Server, 64bit
  • No modifications to the default Debian configuration
  • Installation on a single partition (no separate partitions for /home, /boot etc). Only separate partition for swap
  • There is no custom software installed
  • A non-firewalled internet connection or required ports opened. We already run a firewall locally on the systems, and fully protect all services. The security is fully managed by SpamExperts, and we welcome any security audit after the setup of the environment has completed.
  • No modification (in case of virtualization) of /etc/network/interfaces, /etc/hosts, /etc/hostname, /etc/resolv.conf after our setup. See more information on the Virtualization KB article. SpamExperts will take full care of the software management on the cluster. Customers should not change the configuration of the OS / software (except for the networking settings).
  • Round Robin DNS setup is recommended, for more information check the following article.
  • SSH is remotely accessible with the root user on port 22 (this will be secured by SpamExperts as part of the setup)

Add SSH Keys for Passwordless SSH Connection

After the Debian setup is completed, you need to add SSH Keys for the SpamExperts Setup Operators in order to connect via SSH to your SpamExperts server without a password.

To enable this, just run the following command in a terminal:

wget https://download.seinternal.com/install/init.sh && bash ./init.sh


We need direct ssh access on port 22 as we cannot manage any firewall restrictions on your end. That would imply providing our source IPs and  we cannot do this because in case of any changes the network will break.

Installation of the solution

Once everything is ready to go, the SpamExperts installation team will install the servers. During this time, it is important that the servers are online and reachable. Do not shut them down or reboot them during the installation, since this may prolong the installation.

The installation can take up to 3 working days. Once this is done, you will be provided with login details. We also offer an optional express installation service which completes in 1 working day, your account manager can provide pricing details.

Installation complete, now what?

Once the installation is complete, and you have been provided with the login credentials, you can start using the solution.

Manually installing Debian

In order to use SpamExperts Local Cloud, you have to install the Debian Linux distribution on your server. We support the latest Debian stable 64bit operating system.

You can acquire the minimal required package from the official Debian website:

Note: Even though the 64-bits filename includes "AMD64", don't worry about this as it will still work under 64 Bits Intel CPUs.

Please note that the screenshots below were made with Debian 5, but the steps should (roughly) be the same.

If you have to install Debian yourself, simply boot your server with the latest stable Debian ISO mounted or burned to a CD.

If your BIOS settings are correct to boot from the Debian CD, you'll see the menu in the screenshot above displayed . Select the option "Install" to start the Debian installation process.

Choose Language

Select English for the default system language.

Select the representative country/territory or area in question. In this case we're in The Netherlands, which is located under Other.

Select the corresponding continent or region which the desired country is located, for instance Europe.

Select the country, territory or area in question. For instance: The Netherlands.

Pick the correct keymap. This should probably be American English

Network Setup - Part 1

It's time to configure the network settings. If your server does not get an IP address automatically assigned via DHCP, there are a few extra steps to take. If you're using DHCP, you can skip the first part of the Network Setup and continue with the second part.

You'll get a nice "warning" that the server couldn't reach the DHCP server. No problem, since it will present an option to setup a static IP address.

Select Configure Network Manually.

Enter the IP address of the server.

Enter the subnet address.

Enter the gateway address.

Finally, it's time to enter the nameservers. If you have more than one, you can enter them in this field as well by separating the entries with a space. There is a maximum of 3 nameservers.

Network Setup - Part 2

In the previous step you either let the server acquire an automatic IP address using DHCP or you've set it up manually by giving it a static IP. Either way, this second part is the same for both static and dynamic IP addresses.

First enter the hostname of the server. This could be something such as “server1.example.com” if this is the first spamfilter.

Please note that the server hostnames will need to be FQDN that have an A record pointing to the primary IP address of the server and should not be used for the MX records of your domains.

Partitioning

Choose for Guided - Use entire disk.

Choose the hard disk you want to install the system on. This is probably the first, and maybe the only one in the list.

Pick the first option: All files in one partition.

Hit Finish partitioning and write changes to disk to wrap things up.

If you're sure to apply the partitioning scheme selected earlier, select Yes. Be aware that already existing partitions will be removed, thus wiping out all data.

The system is now partitioning the selected hard disk.

Installing base system

The system is now installing the base system.

Set up users and passwords

You need to setup a password for root. We suggest you generate a strong password in order to make the system more secure. You could use a random password generator to create one. Do not forget this password, since this is something you have to give to support in order to finish the installation process. Please note that the root password must be ASCII characters.

Confirm the password.

The setup requires you to add a user to the system. This value should be maint.

This value is identical to the previous step.

This user requires a password. It doesn't matter what you enter since this user is going to be deleted.

Confirm the password.

Configure the Package Manager

To receive updates, the setup asks you to select the nearest country. In this case, we select The Netherlands since that is where our server is located.

Select a mirror, this can be anyone you'd like. In this example we chose the official Debian mirror atftp.nl.debian.org.

If a proxy is required for accessing the internet (which is fairly unlikely) you can enter its settings here.

Select "No" when asked to join the "Popularity Contest".

Deselect all items that have been selected automatically. This is an important step, because the default settings include a "Desktop System" which we don't need (or want). The only option you should select is Standard system.

Installing the bootloader

In order to make the system boot correctly, a bootloader should be installed. Select Yes when asked if you want to install GRUB to the master boot record.

When the installation is finished the server reboots. Don't forget to remove any CD/DVD or ISO image from the system and make sure the Boot Sequence is set-up correctly. If all goes well, you should see your freshly installed Debian system.

Reboot

You'll be presented with the "GRUB Bootloader". The system should continue automatically, but if it doesn't, select the option without "Single User Mode" and press Enter.

During the boot process you will see a lot of information. Afterward you will be presented with a text based login prompt. You should login with root as username and the earlier configured root password.

In order to be able to access your server to finish the rest of the setup, you should install openssh-server. This can be done by entering:

apt-get install openssh-server

You will be presented with a request for confirmation, Type Y and press enter. OpenSSH-Server will now be installed and configured.

OpenSSH-Server is now installed and has been started.

Removing the "maint" user

Earlier in the setup you were asked to create a user. Because we don't need/use this user, it should be deleted. You can do this by entering:

userdel maint

If you used a different username than the suggested maint, replace the maint user in command with the correct username.


Was this article helpful?

Related articles

Search result for :