Open with table of contents

Installing Clearswift SECURE Email Gateway 4.10.0

Before you install or upgrade the product

 

We strongly recommend that you follow the installation steps outlined in the Clearswift SECURE Email Gateway Installation & Getting Started Guide. These instructions enable you to install the product correctly and safely.

If you are migrating from a previous version of the Clearswift SECURE Email Gateway, you must:

  1. Apply any pending configuration changes.
  2. Back up your system and latest configurations before installing.
  3. Clear the inbound queues.

If you are upgrading from the most recent version (4.9.0):

Check your SMTP settings email routing configuration. On upgrade, the Gateway migrates routes with the same domain to MTA Groups.

If you are upgrading from version 4.6.0 or earlier:

Check your email routing.

  On upgrade, the Gateway migrates your existing routes by collecting together any routes with the same domain (routing to different servers). These are added to MTA Groups and are used sequentially as failovers. This transfers your pre-existing failover configuration into the MTA Group format.

The Gateway then groups any identical routes (Server, Port, Auth, and TLS) that route to different domains.

For more information on email routing, failovers and load balancing, see Specifying Routing of Email and MTA Groups

Detailed instructions on backup and restore are available in the Clearswift SECURE Email Gateway Installation & Getting Started Guide.

 

Installing the product

You can install the SECURE Email Gateway from the ISO image available for download in the Clearswift download area.

Full installation instructions are provided in the Installation and Getting Started Guide.

Perform the following steps to download and apply software updates when you upgrade to Clearswift SECURE Email Gateway4.10.0:

Open an SSH session and access the Clearswift Server Console. Log in using your cs-admin access credentials.

 

Online or Offline mode?

Offline mode is designed for installations that operate in a closed environment, disconnected from the Internet. Unless this is a specific requirement for your system, you should install the Clearswift SECURE Email Gateway in online mode.

To perform an offline upgrade you require a copy of the latest release ISO mounted to suitable media (DVD/USB). Please contact Clearswift Technical Support if you need additional guidance on how to complete this step.

If you have online repositories enabled, updates will be downloaded overnight (automatically). You can apply them immediately. You can also use the Check for New Updates button if you believe that there has been a recent security fix issued.

To apply software updates:

  1. Select Configure System > View and Apply Software Updates > Apply UpdatesOK from the Clearswift Server Console main menu.

  2. Select Yes to confirm that you want to apply the updates.
    All downloaded updates will now be installed. This process can take several minutes. A rolling progress log will be displayed.

  3. When the Operation Complete message appears, select Done to complete the install process.

At the end of the upgrade process, the system will prompt you to either reboot or log out. Follow the instructions on-screen.

Gateway services will restart automatically in either case.

Upgrading Kaspersky

After the Gateway software has been upgraded, traffic is stopped while the anti-virus definitions are updated. Traffic will be restarted automatically afterward. However, if you do not have a reliable connection to the Internet or are working in an offline environment, the definitions cannot be updated and traffic will not be restarted.

You can choose to get the definitions yourself by other means, or to restart the traffic with out-of-date definitions.

To restart traffic manually:

  1. Navigate to System > Service Control.
    The Service Control page is displayed.
  2. Click Restart for the stopped Policy Enforcement service.

A dialog appears indicating whether the action has been successful.

You may have to wait a few moments before the requested action completes. When the status changes, the Current Status table indicates the new status.

Upgrading Users from version 4.8 or earlier

After you have upgraded, you need to assess the names of the roles created for your existing users as part of the transition to role-based administration. The upgrade process identifies all unique roles and gives them names, such as Role 1, Role 2, linking them up with the relevant users.

It is recommended that you give the roles more meaningful names after you have upgraded.

Upgrading TLS configuration from version 4.6 or earlier

  When you upgrade, mail flow is stopped. You must modify the mandatory TLS settings in your Connection Profiles before you can enable mail flow by restarting the SMTP Inbound Transport, SMTP Outbound Transport, and SMTP Alert Transport services.
  1. Check if you are using custom Sendmail configuration files. These are customin.m4 and customout.m4 files in /etc/mail. You are advised to contact Clearswift Support to discuss how to migrate these settings.
  2. Check if you are using mandatory TLS settings. These settings will need to be modified after the upgrade. If you are using mandatory TLS settings, when you upgrade, mail flow is stopped. You must:
  3. Check your email routing failover procedures. Postfix does not attempt multiple routing table entries on initial failure and must be set up so that routing is performed by DNS, using a DNS record for the domain with multiple "A" records. Ensure that your failover procedures take this into account. For more information, refer to Specifying Routing of Email.
  4. If you are using address rewriting, note that the Validate Sender Domain check is now performed on the original address, not the rewritten address.
  5. Change your AUTH profile user names and passwords if you are using the same user name on different profiles. For more information, refer to SMTP Authentication.
  6. Perform maintenance on the Connection Profile client host list and sender domain list. Sender domains are configured separately.
    On upgrade, anything other than an IP address is placed on both lists and requires that you remove the domains from the client host list and the hosts from the sender domain list. For more information, refer to Manage SMTP Connections.

© 1995–2019 Clearswift Ltd.