Mailscanner + spamassassin + clamav package

expert_az

marcelloc it seems ok now,I tested it on my test PF 2.1 amd64

some new restart logs:

Nov 12 09:52:18 MailScanner[54679]: Using locktype = flock
Nov 12 09:52:18 MailScanner[54679]: Found 0 messages in the Processing Attempts Database
Nov 12 09:52:18 MailScanner[54679]: Connected to Processing Attempts Database
Nov 12 09:52:18 MailScanner[54679]: I have found clamd scanners installed, and will use them all by default.
Nov 12 09:52:13 MailScanner[39454]: Using locktype = flock
Nov 12 09:52:13 MailScanner[39454]: Found 0 messages in the Processing Attempts Database
Nov 12 09:52:13 MailScanner[39454]: Connected to Processing Attempts Database
Nov 12 09:52:13 MailScanner[39454]: I have found clamd scanners installed, and will use them all by default.
Nov 12 09:52:08 MailScanner[29067]: Using locktype = flock
Nov 12 09:52:08 MailScanner[29067]: Found 0 messages in the Processing Attempts Database
Nov 12 09:52:08 MailScanner[29067]: Connected to Processing Attempts Database
Nov 12 09:52:08 MailScanner[29067]: I have found clamd scanners installed, and will use them all by default.
Nov 12 09:51:10 MailScanner[75549]: Enabling SpamAssassin auto-whitelist functionality…
Nov 12 09:51:10 MailScanner[75549]: Connected to SpamAssassin cache database
Nov 12 09:51:10 MailScanner[75549]: Using SpamAssassin results cache
Nov 12 09:51:09 MailScanner[75549]: Read 5426 hostnames from the phishing blacklists
Nov 12 09:51:09 MailScanner[75549]: Read 869 hostnames from the phishing whitelist
Nov 12 09:51:09 MailScanner[75549]: Reading configuration file /usr/pbi/mailscanner-amd64/etc/MailScanner/conf.d/README
Nov 12 09:51:09 MailScanner[75549]: Reading configuration file /usr/pbi/mailscanner-amd64/etc/MailScanner/MailScanner.conf
Nov 12 09:51:09 MailScanner[75549]: MailScanner E-Mail Virus Scanner version 4.84.5 starting…
Nov 12 09:51:04 MailScanner[63466]: Enabling SpamAssassin auto-whitelist functionality…
Nov 12 09:51:04 MailScanner[63466]: Connected to SpamAssassin cache database
Nov 12 09:51:04 MailScanner[63466]: Using SpamAssassin results cache
Nov 12 09:51:04 MailScanner[63466]: Read 5426 hostnames from the phishing blacklists
Nov 12 09:51:04 MailScanner[63466]: Read 869 hostnames from the phishing whitelist
Nov 12 09:51:04 MailScanner[63466]: Reading configuration file /usr/pbi/mailscanner-amd64/etc/MailScanner/conf.d/README
Nov 12 09:51:04 MailScanner[63466]: Reading configuration file /usr/pbi/mailscanner-amd64/etc/MailScanner/MailScanner.conf
Nov 12 09:51:04 MailScanner[63466]: MailScanner E-Mail Virus Scanner version 4.84.5 starting…
Nov 12 09:50:59 MailScanner[54679]: Enabling SpamAssassin auto-whitelist functionality…
Nov 12 09:50:59 MailScanner[54679]: Connected to SpamAssassin cache database
Nov 12 09:50:59 MailScanner[54679]: Using SpamAssassin results cache
Nov 12 09:50:59 MailScanner[54679]: Read 5426 hostnames from the phishing blacklists
Nov 12 09:50:59 MailScanner[54679]: Read 869 hostnames from the phishing whitelist
Nov 12 09:50:59 MailScanner[54679]: Reading configuration file /usr/pbi/mailscanner-amd64/etc/MailScanner/conf.d/README
Nov 12 09:50:59 MailScanner[54679]: Reading configuration file /usr/pbi/mailscanner-amd64/etc/MailScanner/MailScanner.conf
Nov 12 09:50:59 MailScanner[54679]: MailScanner E-Mail Virus Scanner version 4.84.5 starting…
Nov 12 09:50:54 MailScanner[39454]: Enabling SpamAssassin auto-whitelist functionality…
Nov 12 09:50:54 MailScanner[39454]: Connected to SpamAssassin cache database
Nov 12 09:50:54 MailScanner[39454]: Using SpamAssassin results cache
Nov 12 09:50:54 MailScanner[39454]: Read 5426 hostnames from the phishing blacklists
Nov 12 09:50:54 MailScanner[39454]: Read 869 hostnames from the phishing whitelist
Nov 12 09:50:54 MailScanner[39454]: Reading configuration file /usr/pbi/mailscanner-amd64/etc/MailScanner/conf.d/README
Nov 12 09:50:54 MailScanner[39454]: Reading configuration file /usr/pbi/mailscanner-amd64/etc/MailScanner/MailScanner.conf
Nov 12 09:50:54 MailScanner[39454]: MailScanner E-Mail Virus Scanner version 4.84.5 starting…
Nov 12 09:50:49 MailScanner[29067]: Enabling SpamAssassin auto-whitelist functionality…
Nov 12 09:50:49 MailScanner[29067]: Connected to SpamAssassin cache database
Nov 12 09:50:49 MailScanner[29067]: Using SpamAssassin results cache
Nov 12 09:50:49 MailScanner[29067]: Read 5426 hostnames from the phishing blacklists
Nov 12 09:50:49 MailScanner[29067]: Read 869 hostnames from the phishing whitelist
Nov 12 09:50:49 MailScanner[29067]: Reading configuration file /usr/pbi/mailscanner-amd64/etc/MailScanner/conf.d/README
Nov 12 09:50:49 MailScanner[29067]: Reading configuration file /usr/pbi/mailscanner-amd64/etc/MailScanner/MailScanner.conf
Nov 12 09:50:49 MailScanner[29067]: MailScanner E-Mail Virus Scanner version 4.84.5 starting…
Nov 12 09:50:45 MailScanner[79786]: MailScanner child caught a SIGHUP
Nov 12 09:50:45 MailScanner[10068]: MailScanner child caught a SIGHUP
Nov 12 09:50:45 MailScanner[94107]: MailScanner child caught a SIGHUP
Nov 12 09:50:45 MailScanner[9153]: MailScanner child caught a SIGHUP
Nov 12 09:50:45 MailScanner[86355]: MailScanner child caught a SIGHUP
Nov 12 09:50:45 php: /pkg_edit.php: Restarting MailScanner
Nov 12 09:50:33 php: /pkg_edit.php: Restarting clamav-clamd daemon
Nov 12 09:50:33 check_reload_status: Syncing firewall

marcelloc

Great! :)

Guest

Thanks marcelloc,
Can you write a mini how-to for mailscanner package?

Ivart

Thanks marcelloc, service status is ok but the clamd error is the same:


Nov 14 11:56:24 treknetgw MailScanner[73800]: Virus and Content Scanning: Starting
Nov 14 11:56:24 treknetgw MailScanner[73800]: Clamd::ERROR:: UNKNOWN CLAMD RETURN ./lstat() failed: Permission denied. ERROR :: /var/spool/MailScanner/incoming/73800
Nov 14 11:56:24 treknetgw MailScanner[73800]: Virus Scanning: Clamd found 1 infections
Nov 14 11:56:24 treknetgw MailScanner[73800]: Virus Scanning: Found 1 viruses

marcelloc

@Ivart:

but the clamd error is the same:

Still checking it…

marcelloc

@Amirkabir:

Can you write a mini how-to for mailscanner package?

Configure package from left to right. All default options are in (yes/no)

Guest

Do i need to install postfix?

Ivart

Yes. Install Postfix and then MailScanner, enable MailScanner in Antispam section of Postfix, Third part Antispam Settings.

m.mascheroni

I have 2 question about this package.

First of all i have installed it on a PFsense 2.1 appliance and it works perfectly, the mails flow without problem to a frakking Exchange 2007 Server.

My questions are:

how can modify the mail subject adding [SPAM] if the mail get > 5 spam points?
how can i setup a whitelist and blacklist based on mail address, maybe with wildcards for example *@contoso.com ?

expert_az

hello marcelloc,I installed PF2.1 amd64 on new box with postfix and mailscanner.

everything running well,but i'm getting some warning messages from postfix and maillscanner,is it normal?

mailscanner warning:

Nov 18 16:16:33 mx01 MailScanner[94836]: MailScanner E-Mail Virus Scanner version 4.84.5 starting…
Nov 18 16:16:33 mx01 MailScanner[94836]: Reading configuration file /usr/pbi/mailscanner-amd64/etc/MailScanner/MailScanner.conf
Nov 18 16:16:33 mx01 MailScanner[94836]: Reading configuration file /usr/pbi/mailscanner-amd64/etc/MailScanner/conf.d/README
Nov 18 16:16:33 mx01 MailScanner[94836]: Read 869 hostnames from the phishing whitelist
Nov 18 16:16:33 mx01 MailScanner[94836]: Read 5426 hostnames from the phishing blacklists
Nov 18 16:16:33 mx01 MailScanner[94836]: User's home directory /home/postfix does not exist
Nov 18 16:16:33 mx01 MailScanner[94836]: User's home directory /home/postfix is not writable
Nov 18 16:16:33 mx01 MailScanner[94836]: You need to set the "SpamAssassin User State Dir" to a directory that the "Run As User" can write to
Nov 18 16:16:33 mx01 MailScanner[94836]: Using SpamAssassin results cache
Nov 18 16:16:33 mx01 MailScanner[94836]: Connected to SpamAssassin cache database
Nov 18 16:16:33 mx01 MailScanner[94836]: Enabling SpamAssassin auto-whitelist functionality…
Nov 18 16:18:48 mx01 MailScanner[94836]: I have found clamd scanners installed, and will use them all by default.
Nov 18 16:18:48 mx01 MailScanner[94836]: Connected to Processing Attempts Database
Nov 18 16:18:48 mx01 MailScanner[94836]: Found 0 messages in the Processing Attempts Database
Nov 18 16:18:48 mx01 MailScanner[94836]: Using locktype = flock

postfix warning:

Nov 16 14:02:39 php: rc.start_packages: Postfix setup completed
Nov 16 14:02:39 php: rc.start_packages: Reloading/starting postfix
Nov 16 14:02:37 php: rc.start_packages: Writing rc_file
Nov 16 14:02:35 php: rc.start_packages: Writing out configuration
Nov 16 14:02:35 php: rc.start_packages: The command '/usr/local/sbin/postfix reload' returned exit code '1', the output was ''
Nov 16 14:02:35 postfix/postfix-script[94694]: fatal: the Postfix mail system is not running
Nov 16 14:02:35 syslogd: kernel boot file is /boot/kernel/kernel
Nov 16 14:02:35 syslogd: exiting on signal 15
Nov 16 14:02:33 php: rc.start_packages: sync_package_postfix called with via_rpc=no
Nov 16 14:02:33 php: rc.start_packages: Postfix setup completed
Nov 16 14:02:33 postfix/postfix-script[69449]: fatal: the Postfix mail system is not running
Nov 16 14:02:33 php: rc.start_packages: Reloading/starting postfix
Nov 16 14:02:31 php: rc.start_packages: Writing rc_file
Nov 16 14:02:31 php: rc.start_packages: The command '/usr/pbi/postfix-amd64/sbin/postmap /usr/pbi/postfix-amd64/etc/postfix/transport' returned exit code '1', the output was 'postmap: fatal: file /usr/pbi/postfix-amd64/etc/postfix/main.cf: parameter mail_owner: unknown user name value: postfix'
Nov 16 14:02:30 php: rc.start_packages: Starting MailScanner
Nov 16 14:02:29 php: rc.start_packages: Starting clamav-clamd daemon
Nov 16 14:02:29 postfix/postmap[38866]: fatal: file /usr/pbi/postfix-amd64/etc/postfix/main.cf: parameter mail_owner: unknown user name value: postfix
Nov 16 14:02:27 php: rc.start_packages: Writing out configuration
Nov 16 14:02:27 php: rc.start_packages: The command '/usr/local/sbin/postfix reload' returned exit code '1', the output was ''
Nov 16 14:02:25 postfix[38215]: fatal: file /usr/pbi/postfix-amd64/etc/postfix/main.cf: parameter mail_owner: unknown user name value: postfix
Nov 16 14:02:25 postfix[38032]: fatal: file /usr/pbi/postfix-amd64/etc/postfix/main.cf: parameter mail_owner: unknown user name value: postfix
Nov 16 14:02:24 php: rc.start_packages: Postfix setup completed
Nov 16 14:02:23 postfix/postmap[23753]: fatal: file /usr/pbi/postfix-amd64/etc/postfix/main.cf: parameter mail_owner: unknown user name value: postfix
Nov 16 14:02:23 syslogd: kernel boot file is /boot/kernel/kernel
Nov 16 14:02:23 syslogd: exiting on signal 15
Nov 16 14:02:23 check_reload_status: Syncing firewall
Nov 16 14:02:23 postfix[20523]: fatal: file /usr/pbi/postfix-amd64/etc/postfix/main.cf: parameter mail_owner: unknown user name value: postfix
Nov 16 14:02:23 php: rc.start_packages: sync_package_postfix called with via_rpc=no
Nov 16 14:02:23 php: rc.start_packages: Postfix setup completed
Nov 16 14:02:23 postfix[19402]: fatal: file /usr/pbi/postfix-amd64/etc/postfix/main.cf: parameter mail_owner: unknown user name value: postfix
Nov 16 14:02:23 php: rc.start_packages: Reloading/starting postfix
Nov 16 14:02:21 postfix[98592]: fatal: file /usr/pbi/postfix-amd64/etc/postfix/main.cf: parameter mail_owner: unknown user name value: postfix
Nov 16 14:02:21 php: rc.start_packages: Reloading/starting postfix
Nov 16 14:02:21 php: rc.start_packages: Writing rc_file
Nov 16 14:02:21 postfix/sendmail[97436]: fatal: file /usr/pbi/postfix-amd64/etc/postfix/main.cf: parameter mail_owner: unknown user name value: postfix
Nov 16 14:02:21 php: rc.start_packages: The command '/usr/pbi/postfix-amd64/sbin/postmap /usr/pbi/postfix-amd64/etc/postfix/sender_access' returned exit code '1', the output was 'postmap: fatal: file /usr/pbi/postfix-amd64/etc/postfix/main.cf: parameter mail_owner: unknown user name value: postfix'
Nov 16 14:02:19 php: rc.start_packages: Writing rc_file
Nov 16 14:02:19 postfix/sendmail[85730]: fatal: file /usr/pbi/postfix-amd64/etc/postfix/main.cf: parameter mail_owner: unknown user name value: postfix
Nov 16 14:02:19 php: rc.start_packages: The command '/usr/pbi/postfix-amd64/sbin/postmap /usr/pbi/postfix-amd64/etc/postfix/sender_access' returned exit code '1', the output was 'postmap: fatal: file /usr/pbi/postfix-amd64/etc/postfix/main.cf: parameter mail_owner: unknown user name value: postfix'
Nov 16 14:02:19 postfix/postmap[85628]: fatal: file /usr/pbi/postfix-amd64/etc/postfix/main.cf: parameter mail_owner: unknown user name value: postfix
Nov 16 14:02:19 php: rc.start_packages: The command '/usr/pbi/postfix-amd64/sbin/postmap /usr/pbi/postfix-amd64/etc/postfix/transport' returned exit code '1', the output was 'postmap: fatal: file /usr/pbi/postfix-amd64/etc/postfix/main.cf: parameter mail_owner: unknown user name value: postfix'
Nov 16 14:02:18 postfix/postmap[72952]: fatal: file /usr/pbi/postfix-amd64/etc/postfix/main.cf: parameter mail_owner: unknown user name value: postfix
Nov 16 14:02:17 postfix/postmap[72943]: fatal: file /usr/pbi/postfix-amd64/etc/postfix/main.cf: parameter mail_owner: unknown user name value: postfix
Nov 16 14:02:15 php: rc.start_packages: The command '/usr/pbi/postfix-amd64/sbin/postmap /usr/pbi/postfix-amd64/etc/postfix/transport' returned exit code '1', the output was 'postmap: fatal: file /usr/pbi/postfix-amd64/etc/postfix/main.cf: parameter mail_owner: unknown user name value: postfix'
Nov 16 14:02:15 php: rc.start_packages: Writing out configuration
Nov 16 14:02:15 php: rc.start_packages: The command '/usr/local/sbin/postfix reload' returned exit code '1', the output was ''
Nov 16 14:02:14 postfix/postmap[45331]: fatal: file /usr/pbi/postfix-amd64/etc/postfix/main.cf: parameter mail_owner: unknown user name value: postfix
Nov 16 14:02:13 postfix[45533]: fatal: file /usr/pbi/postfix-amd64/etc/postfix/main.cf: parameter mail_owner: unknown user name value: postfix
Nov 16 14:02:11 php: rc.start_packages: Writing out configuration
Nov 16 14:02:11 php: rc.start_packages: The command '/usr/local/sbin/postfix reload' returned exit code '1', the output was ''

marcelloc

@expert_az:

is it normal?

Does your postfix log errors stopped on Nov 16 or still alerting?

I'll check mailscanner user errors.

m.mascheroni

@m.mascheroni:

I have 2 question about this package.

First of all i have installed it on a PFsense 2.1 appliance and it works perfectly, the mails flow without problem to a frakking Exchange 2007 Server.

My questions are:

how can modify the mail subject adding [SPAM] if the mail get > 5 spam points?

how can i setup a whitelist and blacklist based on mail address, maybe with wildcards for example *@contoso.com ?

Any idea how to do this?
Plus i would like to know if is there a method, a service or even a specific log file to check mailscanner activity.

marcelloc

@m.mascheroni:

Any idea how to do this?

IIRC, just select send action on antispam tab.

@m.mascheroni:

Plus i would like to know if is there a method, a service or even a specific log file to check mailscanner activity.

it's on postfix log(/var/log/maillog).

m.mascheroni

Well, probably mailscanner was not active, i believe that change in Postfix Forwarder settings "Message Hold mode" from auto to manual acl and setting headers with /^from:/ HOLD did the trick.

Now all spam emails are tagged with [SPAM?] prefix or [Disarmed] prefix. Now it's perfect.

From previous posts on this thread i've found out that is better to set the log to /var/log/maillog, now it's easier to check postfix and mailscanner activity with a simple tail command.

Thank you for your time and for your precious work.

I still need to figure out how to setup a local whitelist.

marcelloc

@m.mascheroni:

I still need to figure out how to setup a local whitelist.

On postifix acls and/or on mailscanner spam.assassin.prefs.conf gui field

expert_az

@marcelloc:

@expert_az:

is it normal?

Does your postfix log errors stopped on Nov 16 or still alerting?

I'll check mailscanner user errors.

marcelloc there no any new log now,only on Nov16,when PF restarted.

Ivart

Any news marcelloc, about clamav errors?

@Ivart:

Thanks marcelloc, service status is ok but the clamd error is the same:


Nov 14 11:56:24 treknetgw MailScanner[73800]: Virus and Content Scanning: Starting
Nov 14 11:56:24 treknetgw MailScanner[73800]: Clamd::ERROR:: UNKNOWN CLAMD RETURN ./lstat() failed: Permission denied. ERROR :: /var/spool/MailScanner/incoming/73800
Nov 14 11:56:24 treknetgw MailScanner[73800]: Virus Scanning: Clamd found 1 infections
Nov 14 11:56:24 treknetgw MailScanner[73800]: Virus Scanning: Found 1 viruses

marcelloc

I could get it working only if I change user to root.

I'll keep trying to use it with unprivileged user.

capitangiaco

Strange thing here today:

Dec 2 17:31:54 172.16.0.201 Dec 2 17:32:58 mailscanner: Process did not exit cleanly, returned 0 with signal 11

I tryed to turn on Debug=yes flag and:

Dec 2 17:20:52 172.16.0.201 Dec 2 17:21:56 php: /pkg_edit.php: The command '/usr/pbi/mailscanner-i386/etc/rc.d/mailscanner start' returned exit code '1', the output was 'Starting mailscanner. perl: warning: Setting locale failed. perl: warning: Please check that your locale settings: LC_ALL = (unset), LANG = "en_US.ISO8859-1" are supported and installed on your system. perl: warning: Falling back to the standard locale ("C").

any hint ?
thanks

Giacomo

capitangiaco

@capitangiaco:

Strange thing here today:

Dec 2 17:31:54 172.16.0.201 Dec 2 17:32:58 mailscanner: Process did not exit cleanly, returned 0 with signal 11

Tried to reinstall the pkg, and disable virus and spam scan, but the problem persist.
Each Mailscanner children go zombie.
I also noticed that when disableing the third part scan from the postfix forwarder package mail remain in hold in queue (manually removed /^Received:/ HOLD from header_checks). New mails arrive, but old mails stay in the queue.

Giacomo