Mailscanner + spamassassin + clamav package
-
header checks are on services -> postfix forwarder -> access lists
-
Hello all
I have installed Posfix Forwarder and the mailscanner + spamassassin + clamav package. Postfix is working wonderfully but I think I must have somthing wrong in my configuration with mailscanner. In Postfix I have the 3rd party option enabled / The mode is set to auto. I have the mailscanner package enabled as well as the CLAMAV and spam assassin options enabled. But when I run the GFI Security Test EVERYTHING get through.When I look at the process list for mailscanner I see
55735 ?? S 0:05.39 MailScanner: waiting for messages (perl5.12.4)
56936 ?? S 0:04.45 MailScanner: waiting for messages (perl5.12.4)
59478 ?? S 0:04.08 MailScanner: waiting for messages (perl5.12.4)
60031 ?? S 0:04.05 MailScanner: waiting for messages (perl5.12.4)when I run tail -f /var/log/maillog |grep -i mailscanner
I get nothing?
if I restart mailscanner I get this
Mar 9 11:06:58 mailgateway MailScanner[55777]: Using locktype = flock
Mar 9 11:07:02 mailgateway MailScanner[57182]: MailScanner E-Mail Virus Scanner version 4.83.5 starting…
Mar 9 11:07:02 mailgateway MailScanner[57182]: Reading configuration file /usr/ local/etc/MailScanner/MailScanner.conf
Mar 9 11:07:02 mailgateway MailScanner[57182]: Reading configuration file /usr/ local/etc/MailScanner/conf.d/README
Mar 9 11:07:07 mailgateway MailScanner[56126]: Connected to Processing Attempts Database
Mar 9 11:07:07 mailgateway MailScanner[56126]: Found 0 messages in the Processi ng Attempts Database
Mar 9 11:07:07 mailgateway MailScanner[56126]: Using locktype = flock
Mar 9 11:07:07 mailgateway MailScanner[58764]: MailScanner E-Mail Virus Scanner version 4.83.5 starting…
Mar 9 11:07:07 mailgateway MailScanner[58764]: Reading configuration file /usr/ local/etc/MailScanner/MailScanner.conf
Mar 9 11:07:07 mailgateway MailScanner[58764]: Reading configuration file /usr/ local/etc/MailScanner/conf.d/README
Mar 9 11:07:08 mailgateway MailScanner[57182]: Connected to Processing Attempts Database
Mar 9 11:07:08 mailgateway MailScanner[57182]: Found 0 messages in the Processi ng Attempts Database
Mar 9 11:07:08 mailgateway MailScanner[57182]: Using locktype = flock
Mar 9 11:07:16 mailgateway MailScanner[58764]: Connected to Processing Attempts Database
Mar 9 11:07:16 mailgateway MailScanner[58764]: Found 0 messages in the Processing Attempts Database
Mar 9 11:07:16 mailgateway MailScanner[58764]: Using locktype = flockany help is apperciated
-
check if you can find /^from:/ HOLD on view configuration -> header check
If not, change mailscanner Message Hold mode on antispam tab to manual and include the above line on access lists -> header
-
check if you can find /^from:/ HOLD on view configuration -> header check
If not, change mailscanner Message Hold mode on antispam tab to manual and include the above line on access lists -> header
That worked
thank you marcello -
I have a question (can be a bit stupid!). Can MailScanner + Postfix run in transparent mode?.
The reason is I have a pfsense box with 4 interfaces + 01 mail server stand alone. I want to run pfsense without intervention on the mail server. -
Well, I did no transparent mode on this package but if you know how to do it on postfix I can merge this on next release.
-
anyindea to rotate the /var/log/maillog ?
thanks
Giacomo
-
-
I noticed a 'strange' thing, incoming attachments files become zipped, cool feature, but who is the author of this ?
Giacomo
-
It`s a mailscanner feature but you can disable it on gui(I'm not in front of one right now to point the option ;)).
-
Hi Marcelloc
zip attachments:
Mailscanner - Attachments - Attachments featuresvery cool dude! I love my mail-firewall
I added squirrelmail-imapproxy, I am gonna try to create a pkg.
You are my hero :)thanks again
Giacomo
-
Hi all,
I've installed mailscanner + spamassassin + clamav package and I cannot get spamassassin working…
Clamav works great (tested with eicar file) but the GTUBE test for spamassassin fails : spam is not detected, score is 0, and message is delivered.
I've made the test from inside and outside the local network. Both fails.May 2 10:07:52 srvmx06 MailScanner[22383]: Spam Checks: Starting
May 2 10:07:52 srvmx06 MailScanner[22383]: Expired 2 records from the SpamAssassin cache
May 2 10:07:53 srvmx06 MailScanner[22383]: Message 4DAC68A939.ABA57 from xx.xx.xx.xx (whatever@yahoo.com) to domain.com is not spam, SpamAssassin (not cached, score=0, required 6, autolearn=not spam)
May 2 10:07:53 srvmx06 MailScanner[22383]: Delivery of nonspam: message 4DAC68A939.ABA57 from whatever@yahoo.com to user@domain.com with subject GUARANTEED
May 2 10:07:53 srvmx06 MailScanner[22383]: Spam Checks completed at 2784 bytes per secondCan you help me to solve that ?
Thanks
-
I've found the solution myself :
just run sa-update to download spamassassin's rules.:)
-
Hi ,
I am receiving the error in maillog
May 2 21:40:50 pfsense MailScanner[44759]: MailScanner E-Mail Virus Scanner version 4.83.5 starting... May 2 21:40:50 pfsense MailScanner[44759]: Reading configuration file /usr/local/etc/MailScanner/MailScanner.conf May 2 21:40:50 pfsense MailScanner[44759]: Reading configuration file /usr/local/etc/MailScanner/conf.d/README May 2 21:40:50 pfsense MailScanner[44759]: Syntax error in line 143, value "" for allowiframetags is not one of allowed values "yes","disarm","no" May 2 21:40:50 pfsense MailScanner[44759]: Syntax error in line 144, value "" for allowformtags is not one of allowed values "yes","disarm","no" May 2 21:40:50 pfsense MailScanner[44759]: Syntax error in line 150, value "" for allowobjecttags is not one of allowed values "yes","disarm","no" May 2 21:40:50 pfsense MailScanner[44759]: Syntax error in line 145, value "" for allowscripttags is not one of allowed values "yes","disarm","no" May 2 21:40:50 pfsense MailScanner[44759]: Syntax error in line 146, value "" for allowwebbugtags is not one of allowed values "yes","disarm","no" May 2 21:40:50 pfsense MailScanner[44759]: Connected to Processing Attempts Database
Does anyone know what's the problem?
Another newbie question…
How can I change the default value in Mailscanner?
Double Click or change in .conf file?Thanks in advance!
Zlyzwy
-
Does anyone know what's the problem?
try to access each mailscanner config tab and save changes
How can I change the default value in Mailscanner?
Double Click or change in .conf file?Use ctrl+click to check/uncheck options on mailscanner conf
The default value on () means what is default on mailscanner. If you want a default setup, then ctrl+click all options that has a (yes) on description.
att,
Marcello Coutinho -
This guide was posted yesterday at mailscanner site
01/05/2012 - The "MailScanner User Guide and Training Manual" is now available for free in PDF format!
-
It appears that the libiconv-1.13.1_1.tbz file has vanished from the http://e-sac.siteseguro.ws/pfsense/8/All/ site for the i386 mailscanner-dev install.
The installer then attempts to locate it at the http://ftp2.FreeBSD.org/pub/FreeBSD/ports/i386/packages-8.1-release/All/ URL, which doesn't exist.
Thus the install is aborted. Any hints on how to resolve this?
-
I've pushed the missing file.
Try to reinstall it.
-
No luck. Install halted at the same spot. Checked the http://e-sac.siteseguro.ws/pfsense/8/All/ URL and the file still isn't listed.
Below is the output from the instllation script:
_Beginning package installation for mailscanner-dev…
Downloading package configuration file... done.
Saving updated package information... done.
Downloading mailscanner-dev and its dependencies...
Checking for package installation...
Downloading http://e-sac.siteseguro.ws/pfsense/8/All/MailScanner-4.83.5.tbz ... (extracting)Downloading http://e-sac.siteseguro.ws/pfsense/8/All/p5-NetAddr-IP-4.058.tbz ... (extracting)
Downloading http://e-sac.siteseguro.ws/pfsense/8/All/p5-Error-0.17016.tbz ... (extracting)
Downloading http://e-sac.siteseguro.ws/pfsense/8/All/p5-version-0.95.tbz ... (extracting)
Downloading http://e-sac.siteseguro.ws/pfsense/8/All/p5-Net-DNS-Resolver-Programmable-0.003.tbz ... (extracting)
Downloading http://e-sac.siteseguro.ws/pfsense/8/All/p5-Mail-SPF-2.007.tbz ... (extracting)
Downloading http://e-sac.siteseguro.ws/pfsense/8/All/libiconv-1.13.1_1.tbz ... could not download from there or http://ftp2.FreeBSD.org/pub/FreeBSD/ports/i386/packages-8.1-release/All/libiconv-1.13.1_1.tbz.
of MailScanner-4.83.5 failed!Installation aborted.Backing up libraries...
Removing package...
Starting package deletion for MailScanner-4.83.5...done.
Skipping package deletion for perl-5.12.4_3 because it is a dependency.
Starting package deletion for pyzor-0.5.0_1...done.
Starting package deletion for p5-Mail-SPF-2.007...done.
Starting package deletion for p5-NetAddr-IP-4...done.
Starting package deletion for p5-Error-0...done.
Starting package deletion for p5-Net-DNS-Resolver-Programmable-0...done.
Starting package deletion for p5-version-0...done.
Starting package deletion for p5-IP-Country-2.27...done.
Removing mailscanner-dev components...
Tabs items... done.
Menu items... done.
Services... done.
Loading package instructions...
Include file mailscanner.inc could not be found for inclusion.
Deinstall commands...
Not executing custom deinstall hook because an include is missing.
Removing package instructions...done.
Auxiliary files... done.
Package XML... done.
Configuration... done.
Cleaning up... Failed to install package.Installation halted._
-
Try again.
Since I finish the force perl version issue of this package, files will be available at official repo.
att,
Marcello Coutinho -
Package re-installed, but now has the following issue:
root: /usr/local/etc/rc.d/mailscanner: WARNING: failed to start mailscanner
May 14 12:18:53 php: : Config sync not being done because of missing sync IP (normal on secondary systems).
May 14 12:18:50 clamd[32059]: MaxThreads * MaxRecursion is too high: 25500, open file descriptor limit is: 11095
May 14 12:18:46 check_reload_status: Reloading filter
May 14 12:18:45 root: /usr/local/etc/rc.d/mailscanner: WARNING: failed to start mailscanner
May 14 12:18:43 php: /pkg_mgr_install.php: The command '/usr/local/etc/rc.d/mailscanner stop' returned exit code '1', the output was 'mailscanner not running? (check /var/run/MailScanner.pid).'
May 14 12:18:43 php: /pkg_mgr_install.php: Reload mailscanner
May 14 12:18:43 php: /pkg_mgr_install.php: The command '/usr/local/dcc/dcc_conf stop' returned exit code '126', the output was '/usr/local/dcc/dcc_conf: Permission denied'
May 14 12:18:43 root: /usr/local/etc/rc.d/clamav-clamd: WARNING: failed to start clamav_clamd
May 14 12:18:43 check_reload_status: Syncing firewall
May 14 12:18:42 root: /usr/local/etc/rc.d/mailscanner: WARNING: failed to start mailscanner
May 14 12:18:40 php: /pkg_mgr_install.php: The command '/usr/local/etc/rc.d/mailscanner stop' returned exit code '1', the output was 'mailscanner not running? (check /var/run/MailScanner.pid).'
May 14 12:18:40 php: /pkg_mgr_install.php: Reload mailscanner
May 14 12:18:40 php: /pkg_mgr_install.php: The command '/usr/local/dcc/dcc_conf stop' returned exit code '126', the output was '/usr/local/dcc/dcc_conf: Permission denied'
May 14 12:18:40 check_reload_status: Syncing firewallAny ideas?
This was working perfectly (and had been for weeks and without any changes) until yesterday.
-
This package had no changes on last months but I'll check.
-
Resolved the dcc_conf issue, with a chmod 744 on /usr/local/dcc/dcc_conf.
All I have now is the following:
May 14 12:48:45 php: : Config sync not being done because of missing sync IP (normal on secondary systems).
May 14 12:48:41 clamd[61980]: MaxThreads * MaxRecursion is too high: 25500, open file descriptor limit is: 11095
May 14 12:48:39 php: : Config sync not being done because of missing sync IP (normal on secondary systems).
May 14 12:48:37 root: /usr/local/etc/rc.d/mailscanner: WARNING: failed to start mailscanner
May 14 12:48:35 php: /pkg_edit.php: The command '/usr/local/etc/rc.d/mailscanner stop' returned exit code '1', the output was 'mailscanner not running? (check /var/run/MailScanner.pid).'
May 14 12:48:35 php: /pkg_edit.php: Reload mailscannerMailscanner exists:
ls -la /usr/local/sbin/mailscanner
-r-xr-xr-x 1 root wheel 67367 May 14 12:18 /usr/local/sbin/mailscanner
Mailscanner isn't running:
ls -la /var/run/MailScanner.pid
ls: /var/run/MailScanner.pid: No such file or directory
ps -aux | grep mailscanner
root 13419 0.0 0.1 3524 1264 0 S+ 12:53PM 0:00.00 grep mailscanner
-
Testing a VM of a clean AMD install. Will advise how it goes.
-
The clean install on the VM is working perfectly. I have redirected all SMTP traffic through the new VM for the time being and will rebuild the firewall on the weekend (love this "out of hours" stuff ;)).
Thanks for your help, fast responses and most of all the combination "mailscanner + spamassassin + clamav" package. Brilliant work!
-
I've pushed some updates to improve boot process, and checks to perl version and config files.
The clean install now, select all default options.
att,
Marcello Coutinho -
marcelloc ,in order use mailscanner package is checking on Postfix Forwarder>>>Antispam>>>Use Third part antispam box enough?any another settings?
-
I use it with Message Hold mode= manual using acls
and I put /^from:/ HOLD on header acls
-
Hi,
I would like to disable the change on email subject when mailscanner "disarm" an email.
So I modified Mailscanner.conf and the line "Disarmed Modify Subject = no"
but it comes back to its previous settings "Disarmed Modify Subject = start" on reboot.What can I do ?
Thanks
-
@ics:
What can I do ?
change /usr/local/pkg/mailscanner.conf.template and apply changes.
att,
Marcello Coutinho -
change /usr/local/pkg/mailscanner.conf.template and apply changes.
Thanks for the reply.
This file doesn't exist so I modified the file /usr/local/pkg/mailscanner.inc
And it seems to work :) -
Will be there when you update/upgrade the package. :)
-
Will be there when you update/upgrade the package. :)
And about updates, is there a procedure to update packages ?
Or I just need to click on "Reinstall this package" in the package manager ?
-
Normally, just update.
A backup first is always a good idea. :)
-
Hello Marcello
i just installed postfix and mailscanner on my pre production pf box,and getting this error on my system log
My pf version:
2.0.1-RELEASE (amd64)
built on Mon Dec 12 18:16:13 EST 2011
FreeBSD 8.1-RELEASE-p6Jun 7 16:32:39 MailScanner[15521]: Syntax error in line 145, value "" for allowscripttags is not one of allowed values "yes","disarm","no"
Jun 7 16:32:39 MailScanner[15521]: Reading configuration file /usr/local/etc/MailScanner/conf.d/README
Jun 7 16:32:39 MailScanner[15521]: Reading configuration file /usr/local/etc/MailScanner/MailScanner.conf
Jun 7 16:32:39 MailScanner[15521]: MailScanner E-Mail Virus Scanner version 4.83.5 starting…
Jun 7 16:32:39 mailscanner: Process did not exit cleanly, returned 1 with signal 0
Jun 7 16:32:39 MailScanner[3723]: ClamAV Module ERROR:: Could not load databases from /var/db/clamav
Jun 7 16:32:39 MailScanner[3723]: I have found clamavmodule scanners installed, and will use them all by default.
Jun 7 16:32:34 MailScanner[8485]: Enabling SpamAssassin auto-whitelist functionality…
Jun 7 16:32:34 MailScanner[8485]: Connected to SpamAssassin cache database
Jun 7 16:32:34 MailScanner[8485]: Using SpamAssassin results cache -
Your antivirus is up to date ?
freshclam –versionclamav is not automatically updated, you have configure your crontab.
To update manually :
/usr/local/bin/freshclam -
/usr/local/bin/freshclam
ERROR: Can't open /var/log/clamav/freshclam.log in append mode (check permissions!).
ERROR: Problem with internal logger (UpdateLogFile = /var/log/clamav/freshclam.log).freshclam –version
ClamAV 0.97.3 -
/usr/local/bin/sa-update -> this one too ;)
-
sa-update
/usr/local/lib/perl5/site_perl/5.12.4 /usr/local/lib/perl5/5.12.3/BSDPAN /usr/local/lib/perl5/site_perl/5.12.3/mach /usr/local/lib/perl5/site_perl/5.12.3 /usr/local/lib/perl5/5.12.3/mach /usr/local/lib/perl5/5.12.3) at /usr/local/bin/sa-update line 80.
BEGIN failed–compilation aborted at /usr/local/bin/sa-update line 80. -
sa-update
/usr/local/lib/perl5/site_perl/5.12.4 /usr/local/lib/perl5/5.12.3/BSDPAN /usr/local/lib/perl5/site_perl/5.12.3/mach /usr/local/lib/perl5/site_perl/5.12.3 /usr/local/lib/perl5/5.12.3/mach /usr/local/lib/perl5/5.12.3) at /usr/local/bin/sa-update line 80.
BEGIN failed–compilation aborted at /usr/local/bin/sa-update line 80.Are you using the latest mailscanner package version?