Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Mailscanner + spamassassin + clamav package

    Scheduled Pinned Locked Moved pfSense Packages
    313 Posts 54 Posters 275.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • marcellocM
      marcelloc
      last edited by

      I'll check it.

      Sorry for the late response.

      Treinamentos de Elite: http://sys-squad.com

      Help a community developer! ;D

      1 Reply Last reply Reply Quote 0
      • E
        expert_az
        last edited by

        log was like this

        Sep 26 12:43:56  mailscanner: Process did not exit cleanly, returned 2 with signal 0
        Sep 26 12:44:01  mailscanner: Process did not exit cleanly, returned 2 with signal 0

        1 Reply Last reply Reply Quote 0
        • marcellocM
          marcelloc
          last edited by

          I've pushed some fixes to the package.

          I'm Still testing/checking clamav startup.

          I've not bumped version yet, so just reinstall the package in 15 minutes.

          Treinamentos de Elite: http://sys-squad.com

          Help a community developer! ;D

          1 Reply Last reply Reply Quote 0
          • E
            expert_az
            last edited by

            marcelloc it seems ok now,I tested it on my test PF 2.1 amd64

            some new restart logs:

            Nov 12 09:52:18 MailScanner[54679]: Using locktype = flock
            Nov 12 09:52:18 MailScanner[54679]: Found 0 messages in the Processing Attempts Database
            Nov 12 09:52:18 MailScanner[54679]: Connected to Processing Attempts Database
            Nov 12 09:52:18 MailScanner[54679]: I have found clamd scanners installed, and will use them all by default.
            Nov 12 09:52:13 MailScanner[39454]: Using locktype = flock
            Nov 12 09:52:13 MailScanner[39454]: Found 0 messages in the Processing Attempts Database
            Nov 12 09:52:13 MailScanner[39454]: Connected to Processing Attempts Database
            Nov 12 09:52:13 MailScanner[39454]: I have found clamd scanners installed, and will use them all by default.
            Nov 12 09:52:08 MailScanner[29067]: Using locktype = flock
            Nov 12 09:52:08 MailScanner[29067]: Found 0 messages in the Processing Attempts Database
            Nov 12 09:52:08 MailScanner[29067]: Connected to Processing Attempts Database
            Nov 12 09:52:08 MailScanner[29067]: I have found clamd scanners installed, and will use them all by default.
            Nov 12 09:51:10 MailScanner[75549]: Enabling SpamAssassin auto-whitelist functionality…
            Nov 12 09:51:10 MailScanner[75549]: Connected to SpamAssassin cache database
            Nov 12 09:51:10 MailScanner[75549]: Using SpamAssassin results cache
            Nov 12 09:51:09 MailScanner[75549]: Read 5426 hostnames from the phishing blacklists
            Nov 12 09:51:09 MailScanner[75549]: Read 869 hostnames from the phishing whitelist
            Nov 12 09:51:09 MailScanner[75549]: Reading configuration file /usr/pbi/mailscanner-amd64/etc/MailScanner/conf.d/README
            Nov 12 09:51:09 MailScanner[75549]: Reading configuration file /usr/pbi/mailscanner-amd64/etc/MailScanner/MailScanner.conf
            Nov 12 09:51:09 MailScanner[75549]: MailScanner E-Mail Virus Scanner version 4.84.5 starting…
            Nov 12 09:51:04 MailScanner[63466]: Enabling SpamAssassin auto-whitelist functionality…
            Nov 12 09:51:04 MailScanner[63466]: Connected to SpamAssassin cache database
            Nov 12 09:51:04 MailScanner[63466]: Using SpamAssassin results cache
            Nov 12 09:51:04 MailScanner[63466]: Read 5426 hostnames from the phishing blacklists
            Nov 12 09:51:04 MailScanner[63466]: Read 869 hostnames from the phishing whitelist
            Nov 12 09:51:04 MailScanner[63466]: Reading configuration file /usr/pbi/mailscanner-amd64/etc/MailScanner/conf.d/README
            Nov 12 09:51:04 MailScanner[63466]: Reading configuration file /usr/pbi/mailscanner-amd64/etc/MailScanner/MailScanner.conf
            Nov 12 09:51:04 MailScanner[63466]: MailScanner E-Mail Virus Scanner version 4.84.5 starting…
            Nov 12 09:50:59 MailScanner[54679]: Enabling SpamAssassin auto-whitelist functionality…
            Nov 12 09:50:59 MailScanner[54679]: Connected to SpamAssassin cache database
            Nov 12 09:50:59 MailScanner[54679]: Using SpamAssassin results cache
            Nov 12 09:50:59 MailScanner[54679]: Read 5426 hostnames from the phishing blacklists
            Nov 12 09:50:59 MailScanner[54679]: Read 869 hostnames from the phishing whitelist
            Nov 12 09:50:59 MailScanner[54679]: Reading configuration file /usr/pbi/mailscanner-amd64/etc/MailScanner/conf.d/README
            Nov 12 09:50:59 MailScanner[54679]: Reading configuration file /usr/pbi/mailscanner-amd64/etc/MailScanner/MailScanner.conf
            Nov 12 09:50:59 MailScanner[54679]: MailScanner E-Mail Virus Scanner version 4.84.5 starting…
            Nov 12 09:50:54 MailScanner[39454]: Enabling SpamAssassin auto-whitelist functionality…
            Nov 12 09:50:54 MailScanner[39454]: Connected to SpamAssassin cache database
            Nov 12 09:50:54 MailScanner[39454]: Using SpamAssassin results cache
            Nov 12 09:50:54 MailScanner[39454]: Read 5426 hostnames from the phishing blacklists
            Nov 12 09:50:54 MailScanner[39454]: Read 869 hostnames from the phishing whitelist
            Nov 12 09:50:54 MailScanner[39454]: Reading configuration file /usr/pbi/mailscanner-amd64/etc/MailScanner/conf.d/README
            Nov 12 09:50:54 MailScanner[39454]: Reading configuration file /usr/pbi/mailscanner-amd64/etc/MailScanner/MailScanner.conf
            Nov 12 09:50:54 MailScanner[39454]: MailScanner E-Mail Virus Scanner version 4.84.5 starting…
            Nov 12 09:50:49 MailScanner[29067]: Enabling SpamAssassin auto-whitelist functionality…
            Nov 12 09:50:49 MailScanner[29067]: Connected to SpamAssassin cache database
            Nov 12 09:50:49 MailScanner[29067]: Using SpamAssassin results cache
            Nov 12 09:50:49 MailScanner[29067]: Read 5426 hostnames from the phishing blacklists
            Nov 12 09:50:49 MailScanner[29067]: Read 869 hostnames from the phishing whitelist
            Nov 12 09:50:49 MailScanner[29067]: Reading configuration file /usr/pbi/mailscanner-amd64/etc/MailScanner/conf.d/README
            Nov 12 09:50:49 MailScanner[29067]: Reading configuration file /usr/pbi/mailscanner-amd64/etc/MailScanner/MailScanner.conf
            Nov 12 09:50:49 MailScanner[29067]: MailScanner E-Mail Virus Scanner version 4.84.5 starting…
            Nov 12 09:50:45 MailScanner[79786]: MailScanner child caught a SIGHUP
            Nov 12 09:50:45 MailScanner[10068]: MailScanner child caught a SIGHUP
            Nov 12 09:50:45 MailScanner[94107]: MailScanner child caught a SIGHUP
            Nov 12 09:50:45 MailScanner[9153]: MailScanner child caught a SIGHUP
            Nov 12 09:50:45 MailScanner[86355]: MailScanner child caught a SIGHUP
            Nov 12 09:50:45 php: /pkg_edit.php: Restarting MailScanner
            Nov 12 09:50:33 php: /pkg_edit.php: Restarting clamav-clamd daemon
            Nov 12 09:50:33 check_reload_status: Syncing firewall

            1 Reply Last reply Reply Quote 0
            • marcellocM
              marcelloc
              last edited by

              Great! :)

              Treinamentos de Elite: http://sys-squad.com

              Help a community developer! ;D

              1 Reply Last reply Reply Quote 0
              • ?
                Guest
                last edited by

                Thanks marcelloc,
                Can you write a mini how-to for mailscanner package?

                1 Reply Last reply Reply Quote 0
                • I
                  Ivart
                  last edited by

                  Thanks marcelloc, service status is ok but the clamd error is the same:

                  
                  Nov 14 11:56:24 treknetgw MailScanner[73800]: Virus and Content Scanning: Starting
                  Nov 14 11:56:24 treknetgw MailScanner[73800]: Clamd::ERROR:: UNKNOWN CLAMD RETURN ./lstat() failed: Permission denied. ERROR :: /var/spool/MailScanner/incoming/73800
                  Nov 14 11:56:24 treknetgw MailScanner[73800]: Virus Scanning: Clamd found 1 infections
                  Nov 14 11:56:24 treknetgw MailScanner[73800]: Virus Scanning: Found 1 viruses
                  
                  
                  1 Reply Last reply Reply Quote 0
                  • marcellocM
                    marcelloc
                    last edited by

                    @Ivart:

                    but the clamd error is the same:

                    Still checking it…

                    Treinamentos de Elite: http://sys-squad.com

                    Help a community developer! ;D

                    1 Reply Last reply Reply Quote 0
                    • marcellocM
                      marcelloc
                      last edited by

                      @Amirkabir:

                      Can you write a mini how-to for mailscanner package?

                      Configure package from left to right. All default options are in (yes/no)

                      Treinamentos de Elite: http://sys-squad.com

                      Help a community developer! ;D

                      1 Reply Last reply Reply Quote 0
                      • ?
                        Guest
                        last edited by

                        Do i need to install postfix?

                        1 Reply Last reply Reply Quote 0
                        • I
                          Ivart
                          last edited by

                          Yes. Install Postfix and then MailScanner, enable MailScanner in Antispam section of Postfix, Third part Antispam Settings.

                          1 Reply Last reply Reply Quote 0
                          • M
                            m.mascheroni
                            last edited by

                            I have 2 question about this package.

                            First of all i have installed it on a PFsense 2.1 appliance and it works perfectly, the mails flow without problem to a frakking Exchange 2007 Server.

                            My questions are:

                            1. how can modify the mail subject adding [SPAM] if the mail get  > 5 spam points?

                            2. how can i setup a whitelist and blacklist based on mail address, maybe with wildcards for example *@contoso.com ?

                            1 Reply Last reply Reply Quote 0
                            • E
                              expert_az
                              last edited by

                              hello marcelloc,I installed PF2.1 amd64 on new box with postfix and mailscanner.

                              everything running well,but i'm getting some warning messages from postfix and maillscanner,is it normal?

                              mailscanner warning:

                              Nov 18 16:16:33 mx01 MailScanner[94836]: MailScanner E-Mail Virus Scanner version 4.84.5 starting…
                              Nov 18 16:16:33 mx01 MailScanner[94836]: Reading configuration file /usr/pbi/mailscanner-amd64/etc/MailScanner/MailScanner.conf
                              Nov 18 16:16:33 mx01 MailScanner[94836]: Reading configuration file /usr/pbi/mailscanner-amd64/etc/MailScanner/conf.d/README
                              Nov 18 16:16:33 mx01 MailScanner[94836]: Read 869 hostnames from the phishing whitelist
                              Nov 18 16:16:33 mx01 MailScanner[94836]: Read 5426 hostnames from the phishing blacklists
                              Nov 18 16:16:33 mx01 MailScanner[94836]: User's home directory /home/postfix does not exist
                              Nov 18 16:16:33 mx01 MailScanner[94836]: User's home directory /home/postfix is not writable
                              Nov 18 16:16:33 mx01 MailScanner[94836]: You need to set the "SpamAssassin User State Dir" to a directory that the "Run As User" can write to
                              Nov 18 16:16:33 mx01 MailScanner[94836]: Using SpamAssassin results cache
                              Nov 18 16:16:33 mx01 MailScanner[94836]: Connected to SpamAssassin cache database
                              Nov 18 16:16:33 mx01 MailScanner[94836]: Enabling SpamAssassin auto-whitelist functionality…
                              Nov 18 16:18:48 mx01 MailScanner[94836]: I have found clamd scanners installed, and will use them all by default.
                              Nov 18 16:18:48 mx01 MailScanner[94836]: Connected to Processing Attempts Database
                              Nov 18 16:18:48 mx01 MailScanner[94836]: Found 0 messages in the Processing Attempts Database
                              Nov 18 16:18:48 mx01 MailScanner[94836]: Using locktype = flock

                              postfix warning:

                              Nov 16 14:02:39        php: rc.start_packages: Postfix setup completed
                              Nov 16 14:02:39        php: rc.start_packages: Reloading/starting postfix
                              Nov 16 14:02:37        php: rc.start_packages: Writing rc_file
                              Nov 16 14:02:35        php: rc.start_packages: Writing out configuration
                              Nov 16 14:02:35        php: rc.start_packages: The command '/usr/local/sbin/postfix reload' returned exit code '1', the output was ''
                              Nov 16 14:02:35        postfix/postfix-script[94694]: fatal: the Postfix mail system is not running
                              Nov 16 14:02:35        syslogd: kernel boot file is /boot/kernel/kernel
                              Nov 16 14:02:35        syslogd: exiting on signal 15
                              Nov 16 14:02:33        php: rc.start_packages: sync_package_postfix called with via_rpc=no
                              Nov 16 14:02:33        php: rc.start_packages: Postfix setup completed
                              Nov 16 14:02:33        postfix/postfix-script[69449]: fatal: the Postfix mail system is not running
                              Nov 16 14:02:33        php: rc.start_packages: Reloading/starting postfix
                              Nov 16 14:02:31        php: rc.start_packages: Writing rc_file
                              Nov 16 14:02:31        php: rc.start_packages: The command '/usr/pbi/postfix-amd64/sbin/postmap /usr/pbi/postfix-amd64/etc/postfix/transport' returned exit code '1', the output was 'postmap: fatal: file /usr/pbi/postfix-amd64/etc/postfix/main.cf: parameter mail_owner: unknown user name value: postfix'
                              Nov 16 14:02:30        php: rc.start_packages: Starting MailScanner
                              Nov 16 14:02:29        php: rc.start_packages: Starting clamav-clamd daemon
                              Nov 16 14:02:29        postfix/postmap[38866]: fatal: file /usr/pbi/postfix-amd64/etc/postfix/main.cf: parameter mail_owner: unknown user name value: postfix
                              Nov 16 14:02:27        php: rc.start_packages: Writing out configuration
                              Nov 16 14:02:27        php: rc.start_packages: The command '/usr/local/sbin/postfix reload' returned exit code '1', the output was ''
                              Nov 16 14:02:25        postfix[38215]: fatal: file /usr/pbi/postfix-amd64/etc/postfix/main.cf: parameter mail_owner: unknown user name value: postfix
                              Nov 16 14:02:25        postfix[38032]: fatal: file /usr/pbi/postfix-amd64/etc/postfix/main.cf: parameter mail_owner: unknown user name value: postfix
                              Nov 16 14:02:24        php: rc.start_packages: Postfix setup completed
                              Nov 16 14:02:23        postfix/postmap[23753]: fatal: file /usr/pbi/postfix-amd64/etc/postfix/main.cf: parameter mail_owner: unknown user name value: postfix
                              Nov 16 14:02:23        syslogd: kernel boot file is /boot/kernel/kernel
                              Nov 16 14:02:23        syslogd: exiting on signal 15
                              Nov 16 14:02:23        check_reload_status: Syncing firewall
                              Nov 16 14:02:23        postfix[20523]: fatal: file /usr/pbi/postfix-amd64/etc/postfix/main.cf: parameter mail_owner: unknown user name value: postfix
                              Nov 16 14:02:23        php: rc.start_packages: sync_package_postfix called with via_rpc=no
                              Nov 16 14:02:23        php: rc.start_packages: Postfix setup completed
                              Nov 16 14:02:23        postfix[19402]: fatal: file /usr/pbi/postfix-amd64/etc/postfix/main.cf: parameter mail_owner: unknown user name value: postfix
                              Nov 16 14:02:23        php: rc.start_packages: Reloading/starting postfix
                              Nov 16 14:02:21        postfix[98592]: fatal: file /usr/pbi/postfix-amd64/etc/postfix/main.cf: parameter mail_owner: unknown user name value: postfix
                              Nov 16 14:02:21        php: rc.start_packages: Reloading/starting postfix
                              Nov 16 14:02:21        php: rc.start_packages: Writing rc_file
                              Nov 16 14:02:21        postfix/sendmail[97436]: fatal: file /usr/pbi/postfix-amd64/etc/postfix/main.cf: parameter mail_owner: unknown user name value: postfix
                              Nov 16 14:02:21        php: rc.start_packages: The command '/usr/pbi/postfix-amd64/sbin/postmap /usr/pbi/postfix-amd64/etc/postfix/sender_access' returned exit code '1', the output was 'postmap: fatal: file /usr/pbi/postfix-amd64/etc/postfix/main.cf: parameter mail_owner: unknown user name value: postfix'
                              Nov 16 14:02:19        php: rc.start_packages: Writing rc_file
                              Nov 16 14:02:19        postfix/sendmail[85730]: fatal: file /usr/pbi/postfix-amd64/etc/postfix/main.cf: parameter mail_owner: unknown user name value: postfix
                              Nov 16 14:02:19        php: rc.start_packages: The command '/usr/pbi/postfix-amd64/sbin/postmap /usr/pbi/postfix-amd64/etc/postfix/sender_access' returned exit code '1', the output was 'postmap: fatal: file /usr/pbi/postfix-amd64/etc/postfix/main.cf: parameter mail_owner: unknown user name value: postfix'
                              Nov 16 14:02:19        postfix/postmap[85628]: fatal: file /usr/pbi/postfix-amd64/etc/postfix/main.cf: parameter mail_owner: unknown user name value: postfix
                              Nov 16 14:02:19        php: rc.start_packages: The command '/usr/pbi/postfix-amd64/sbin/postmap /usr/pbi/postfix-amd64/etc/postfix/transport' returned exit code '1', the output was 'postmap: fatal: file /usr/pbi/postfix-amd64/etc/postfix/main.cf: parameter mail_owner: unknown user name value: postfix'
                              Nov 16 14:02:18        postfix/postmap[72952]: fatal: file /usr/pbi/postfix-amd64/etc/postfix/main.cf: parameter mail_owner: unknown user name value: postfix
                              Nov 16 14:02:17        postfix/postmap[72943]: fatal: file /usr/pbi/postfix-amd64/etc/postfix/main.cf: parameter mail_owner: unknown user name value: postfix
                              Nov 16 14:02:15        php: rc.start_packages: The command '/usr/pbi/postfix-amd64/sbin/postmap /usr/pbi/postfix-amd64/etc/postfix/transport' returned exit code '1', the output was 'postmap: fatal: file /usr/pbi/postfix-amd64/etc/postfix/main.cf: parameter mail_owner: unknown user name value: postfix'
                              Nov 16 14:02:15        php: rc.start_packages: Writing out configuration
                              Nov 16 14:02:15        php: rc.start_packages: The command '/usr/local/sbin/postfix reload' returned exit code '1', the output was ''
                              Nov 16 14:02:14        postfix/postmap[45331]: fatal: file /usr/pbi/postfix-amd64/etc/postfix/main.cf: parameter mail_owner: unknown user name value: postfix
                              Nov 16 14:02:13        postfix[45533]: fatal: file /usr/pbi/postfix-amd64/etc/postfix/main.cf: parameter mail_owner: unknown user name value: postfix
                              Nov 16 14:02:11        php: rc.start_packages: Writing out configuration
                              Nov 16 14:02:11        php: rc.start_packages: The command '/usr/local/sbin/postfix reload' returned exit code '1', the output was ''

                              1 Reply Last reply Reply Quote 0
                              • marcellocM
                                marcelloc
                                last edited by

                                @expert_az:

                                is it normal?

                                Does your postfix log errors stopped on Nov 16 or still alerting?

                                I'll check mailscanner user errors.

                                Treinamentos de Elite: http://sys-squad.com

                                Help a community developer! ;D

                                1 Reply Last reply Reply Quote 0
                                • M
                                  m.mascheroni
                                  last edited by

                                  @m.mascheroni:

                                  I have 2 question about this package.

                                  First of all i have installed it on a PFsense 2.1 appliance and it works perfectly, the mails flow without problem to a frakking Exchange 2007 Server.

                                  My questions are:

                                  1. how can modify the mail subject adding [SPAM] if the mail get  > 5 spam points?

                                  2. how can i setup a whitelist and blacklist based on mail address, maybe with wildcards for example *@contoso.com ?

                                  Any idea how to do this?
                                  Plus i would like to know if is there a method, a service or even a specific log file to check mailscanner activity.

                                  1 Reply Last reply Reply Quote 0
                                  • marcellocM
                                    marcelloc
                                    last edited by

                                    @m.mascheroni:

                                    Any idea how to do this?

                                    IIRC, just select send action on antispam tab.

                                    @m.mascheroni:

                                    Plus i would like to know if is there a method, a service or even a specific log file to check mailscanner activity.

                                    it's on postfix log(/var/log/maillog).

                                    Treinamentos de Elite: http://sys-squad.com

                                    Help a community developer! ;D

                                    1 Reply Last reply Reply Quote 0
                                    • M
                                      m.mascheroni
                                      last edited by

                                      Well, probably mailscanner was not active, i believe that change in Postfix Forwarder settings  "Message Hold mode" from auto to manual acl and setting headers with /^from:/ HOLD did the trick.

                                      Now all spam emails are tagged with [SPAM?] prefix or [Disarmed] prefix. Now it's perfect.

                                      From previous posts on this thread i've found out that is better to set the log to /var/log/maillog, now it's easier to check postfix and mailscanner activity with a simple tail command.

                                      Thank you for your time and for your precious work.

                                      I still need to figure out how to setup a local whitelist.

                                      1 Reply Last reply Reply Quote 0
                                      • marcellocM
                                        marcelloc
                                        last edited by

                                        @m.mascheroni:

                                        I still need to figure out how to setup a local whitelist.

                                        On postifix acls and/or on mailscanner spam.assassin.prefs.conf gui field

                                        Treinamentos de Elite: http://sys-squad.com

                                        Help a community developer! ;D

                                        1 Reply Last reply Reply Quote 0
                                        • E
                                          expert_az
                                          last edited by

                                          @marcelloc:

                                          @expert_az:

                                          is it normal?

                                          Does your postfix log errors stopped on Nov 16 or still alerting?

                                          I'll check mailscanner user errors.

                                          marcelloc  there no any new log now,only on Nov16,when PF restarted.

                                          1 Reply Last reply Reply Quote 0
                                          • I
                                            Ivart
                                            last edited by

                                            Any news marcelloc, about clamav errors?

                                            @Ivart:

                                            Thanks marcelloc, service status is ok but the clamd error is the same:

                                            
                                            Nov 14 11:56:24 treknetgw MailScanner[73800]: Virus and Content Scanning: Starting
                                            Nov 14 11:56:24 treknetgw MailScanner[73800]: Clamd::ERROR:: UNKNOWN CLAMD RETURN ./lstat() failed: Permission denied. ERROR :: /var/spool/MailScanner/incoming/73800
                                            Nov 14 11:56:24 treknetgw MailScanner[73800]: Virus Scanning: Clamd found 1 infections
                                            Nov 14 11:56:24 treknetgw MailScanner[73800]: Virus Scanning: Found 1 viruses
                                            
                                            
                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.