PureMessage for UNIX: Configuring Access to the Download Repository

  • Article ID: 112028
  • Updated: 26 Jul 2013

Testing the Repository

Test that you can reach the appropriate update servers by doing the following at the command line:

$ cd /tmp
$ wget --user-agent="X"
http://pmx-dynamic.sophos.com/pmx/mainline/<OPERATING SYSTEM>/PureMessage-AntiSpam-Data.ppd
$ ls PureMessage-AntiSpam-Data.ppd

If the PureMessage-AntiSpam-Data.ppd file exists, the PureMessage installation can connect to the update repository. If you have any errors or can't retrieve the file, see the steps in "Setting a Repository" below for more information.

The log file /opt/pmx/var/log/scheduler_log can be used to identify issues with data updates. Successful updates are not logged (unless debug=1 is set), but unsuccessful scheduler jobs are logged in this file.

If you are unable to reach the new update repository, check your firewall settings. If necessary, disable any firewall rules that prevent HTTP(S) access to the internet for your PureMessage servers. Then run the same tests again to ensure you will be able to retrieve updates. As noted below, if pmx-dynamic.sophos.com cannot be accessed, then one of the static servers can be used instead.

Setting the Dynamic Update Repository

If your PureMessage servers can connect to the new update repository, it is recommended that you execute the following steps to immediately take advantage of the improved update repository:

Run the following command on all PureMessage servers as the "root" user:

 # /opt/pmx/bin/pmx-setup --repo <http:>http://pmx-dynamic.sophos.com/pmx/mainline/<OPERATING SYSTEM>/</http:>

Please note: pmx-dynamic.sophos.com is the preferred repository name as this includes all the appropriate update servers hosted by Akamai. If your organization requires a different host -- either due to firewall rules or other access reasons -- skip to the next section where it discusses how to set the static update repository.

Once the setup program enters into the main menu, you can exit the installer.

You can verify that this change has taken effect by running the following command as the PureMessage user:

$ ppm set

Look for the following line in the output:

Current PPD repository paths:
http://pmx-dynamic.sophos.com/pmx/mainline/<OPERATING SYSTEM>/

After the repository is set, you can test the update capability by running:

ppm verify --upgrade --force PureMessage-AntiSpam-Data

If the package manager was able to download, /opt/pmx/var/log/ppm_log will contain a new entry.

In this configuration, thousands of possible IP addresses that constantly change as part of the load-balancing system can be used to retrieve updates.

If your system is now reaching the new update repository correctly, no more actions are required and you do not need to read the remainder of this article.

Setting an HTTP Proxy for PureMessage

If, due to firewall issues, you must secure the IP address or hostname of the new update repository, Sophos recommends using an HTTP proxy within PureMessage. See the PureMessage documentation for details:

Setting an HTTP proxy with PureMessage for UNIX

You can test that you can reach the appropriate updating servers by doing the following:

$ cd /tmp
$ wget --user-agent="X" http://pmx-static2.sophos.com/pmx/mainline/<OPERATING SYSTEM>/PureMessage-AntiSpam-Data.ppd
$ ls PureMessage-AntiSpam-Data.ppd

Does the file exist in the directory listing?

If yes, you can reach the static repository. If you are unable to reach the new update repository, check your firewall settings.

If you need more information or guidance, then please contact technical support.

Rate this article

Very poor Excellent