Mailscanner + spamassassin + clamav package
-
Thanks marcelloc,
Can you write a mini how-to for mailscanner package? -
Thanks marcelloc, service status is ok but the clamd error is the same:
Nov 14 11:56:24 treknetgw MailScanner[73800]: Virus and Content Scanning: Starting Nov 14 11:56:24 treknetgw MailScanner[73800]: Clamd::ERROR:: UNKNOWN CLAMD RETURN ./lstat() failed: Permission denied. ERROR :: /var/spool/MailScanner/incoming/73800 Nov 14 11:56:24 treknetgw MailScanner[73800]: Virus Scanning: Clamd found 1 infections Nov 14 11:56:24 treknetgw MailScanner[73800]: Virus Scanning: Found 1 viruses
-
-
@Amirkabir:
Can you write a mini how-to for mailscanner package?
Configure package from left to right. All default options are in (yes/no)
-
Do i need to install postfix?
-
Yes. Install Postfix and then MailScanner, enable MailScanner in Antispam section of Postfix, Third part Antispam Settings.
-
I have 2 question about this package.
First of all i have installed it on a PFsense 2.1 appliance and it works perfectly, the mails flow without problem to a frakking Exchange 2007 Server.
My questions are:
-
how can modify the mail subject adding [SPAM] if the mail get > 5 spam points?
-
how can i setup a whitelist and blacklist based on mail address, maybe with wildcards for example *@contoso.com ?
-
-
hello marcelloc,I installed PF2.1 amd64 on new box with postfix and mailscanner.
everything running well,but i'm getting some warning messages from postfix and maillscanner,is it normal?
mailscanner warning:
Nov 18 16:16:33 mx01 MailScanner[94836]: MailScanner E-Mail Virus Scanner version 4.84.5 starting…
Nov 18 16:16:33 mx01 MailScanner[94836]: Reading configuration file /usr/pbi/mailscanner-amd64/etc/MailScanner/MailScanner.conf
Nov 18 16:16:33 mx01 MailScanner[94836]: Reading configuration file /usr/pbi/mailscanner-amd64/etc/MailScanner/conf.d/README
Nov 18 16:16:33 mx01 MailScanner[94836]: Read 869 hostnames from the phishing whitelist
Nov 18 16:16:33 mx01 MailScanner[94836]: Read 5426 hostnames from the phishing blacklists
Nov 18 16:16:33 mx01 MailScanner[94836]: User's home directory /home/postfix does not exist
Nov 18 16:16:33 mx01 MailScanner[94836]: User's home directory /home/postfix is not writable
Nov 18 16:16:33 mx01 MailScanner[94836]: You need to set the "SpamAssassin User State Dir" to a directory that the "Run As User" can write to
Nov 18 16:16:33 mx01 MailScanner[94836]: Using SpamAssassin results cache
Nov 18 16:16:33 mx01 MailScanner[94836]: Connected to SpamAssassin cache database
Nov 18 16:16:33 mx01 MailScanner[94836]: Enabling SpamAssassin auto-whitelist functionality…
Nov 18 16:18:48 mx01 MailScanner[94836]: I have found clamd scanners installed, and will use them all by default.
Nov 18 16:18:48 mx01 MailScanner[94836]: Connected to Processing Attempts Database
Nov 18 16:18:48 mx01 MailScanner[94836]: Found 0 messages in the Processing Attempts Database
Nov 18 16:18:48 mx01 MailScanner[94836]: Using locktype = flockpostfix warning:
Nov 16 14:02:39 php: rc.start_packages: Postfix setup completed
Nov 16 14:02:39 php: rc.start_packages: Reloading/starting postfix
Nov 16 14:02:37 php: rc.start_packages: Writing rc_file
Nov 16 14:02:35 php: rc.start_packages: Writing out configuration
Nov 16 14:02:35 php: rc.start_packages: The command '/usr/local/sbin/postfix reload' returned exit code '1', the output was ''
Nov 16 14:02:35 postfix/postfix-script[94694]: fatal: the Postfix mail system is not running
Nov 16 14:02:35 syslogd: kernel boot file is /boot/kernel/kernel
Nov 16 14:02:35 syslogd: exiting on signal 15
Nov 16 14:02:33 php: rc.start_packages: sync_package_postfix called with via_rpc=no
Nov 16 14:02:33 php: rc.start_packages: Postfix setup completed
Nov 16 14:02:33 postfix/postfix-script[69449]: fatal: the Postfix mail system is not running
Nov 16 14:02:33 php: rc.start_packages: Reloading/starting postfix
Nov 16 14:02:31 php: rc.start_packages: Writing rc_file
Nov 16 14:02:31 php: rc.start_packages: The command '/usr/pbi/postfix-amd64/sbin/postmap /usr/pbi/postfix-amd64/etc/postfix/transport' returned exit code '1', the output was 'postmap: fatal: file /usr/pbi/postfix-amd64/etc/postfix/main.cf: parameter mail_owner: unknown user name value: postfix'
Nov 16 14:02:30 php: rc.start_packages: Starting MailScanner
Nov 16 14:02:29 php: rc.start_packages: Starting clamav-clamd daemon
Nov 16 14:02:29 postfix/postmap[38866]: fatal: file /usr/pbi/postfix-amd64/etc/postfix/main.cf: parameter mail_owner: unknown user name value: postfix
Nov 16 14:02:27 php: rc.start_packages: Writing out configuration
Nov 16 14:02:27 php: rc.start_packages: The command '/usr/local/sbin/postfix reload' returned exit code '1', the output was ''
Nov 16 14:02:25 postfix[38215]: fatal: file /usr/pbi/postfix-amd64/etc/postfix/main.cf: parameter mail_owner: unknown user name value: postfix
Nov 16 14:02:25 postfix[38032]: fatal: file /usr/pbi/postfix-amd64/etc/postfix/main.cf: parameter mail_owner: unknown user name value: postfix
Nov 16 14:02:24 php: rc.start_packages: Postfix setup completed
Nov 16 14:02:23 postfix/postmap[23753]: fatal: file /usr/pbi/postfix-amd64/etc/postfix/main.cf: parameter mail_owner: unknown user name value: postfix
Nov 16 14:02:23 syslogd: kernel boot file is /boot/kernel/kernel
Nov 16 14:02:23 syslogd: exiting on signal 15
Nov 16 14:02:23 check_reload_status: Syncing firewall
Nov 16 14:02:23 postfix[20523]: fatal: file /usr/pbi/postfix-amd64/etc/postfix/main.cf: parameter mail_owner: unknown user name value: postfix
Nov 16 14:02:23 php: rc.start_packages: sync_package_postfix called with via_rpc=no
Nov 16 14:02:23 php: rc.start_packages: Postfix setup completed
Nov 16 14:02:23 postfix[19402]: fatal: file /usr/pbi/postfix-amd64/etc/postfix/main.cf: parameter mail_owner: unknown user name value: postfix
Nov 16 14:02:23 php: rc.start_packages: Reloading/starting postfix
Nov 16 14:02:21 postfix[98592]: fatal: file /usr/pbi/postfix-amd64/etc/postfix/main.cf: parameter mail_owner: unknown user name value: postfix
Nov 16 14:02:21 php: rc.start_packages: Reloading/starting postfix
Nov 16 14:02:21 php: rc.start_packages: Writing rc_file
Nov 16 14:02:21 postfix/sendmail[97436]: fatal: file /usr/pbi/postfix-amd64/etc/postfix/main.cf: parameter mail_owner: unknown user name value: postfix
Nov 16 14:02:21 php: rc.start_packages: The command '/usr/pbi/postfix-amd64/sbin/postmap /usr/pbi/postfix-amd64/etc/postfix/sender_access' returned exit code '1', the output was 'postmap: fatal: file /usr/pbi/postfix-amd64/etc/postfix/main.cf: parameter mail_owner: unknown user name value: postfix'
Nov 16 14:02:19 php: rc.start_packages: Writing rc_file
Nov 16 14:02:19 postfix/sendmail[85730]: fatal: file /usr/pbi/postfix-amd64/etc/postfix/main.cf: parameter mail_owner: unknown user name value: postfix
Nov 16 14:02:19 php: rc.start_packages: The command '/usr/pbi/postfix-amd64/sbin/postmap /usr/pbi/postfix-amd64/etc/postfix/sender_access' returned exit code '1', the output was 'postmap: fatal: file /usr/pbi/postfix-amd64/etc/postfix/main.cf: parameter mail_owner: unknown user name value: postfix'
Nov 16 14:02:19 postfix/postmap[85628]: fatal: file /usr/pbi/postfix-amd64/etc/postfix/main.cf: parameter mail_owner: unknown user name value: postfix
Nov 16 14:02:19 php: rc.start_packages: The command '/usr/pbi/postfix-amd64/sbin/postmap /usr/pbi/postfix-amd64/etc/postfix/transport' returned exit code '1', the output was 'postmap: fatal: file /usr/pbi/postfix-amd64/etc/postfix/main.cf: parameter mail_owner: unknown user name value: postfix'
Nov 16 14:02:18 postfix/postmap[72952]: fatal: file /usr/pbi/postfix-amd64/etc/postfix/main.cf: parameter mail_owner: unknown user name value: postfix
Nov 16 14:02:17 postfix/postmap[72943]: fatal: file /usr/pbi/postfix-amd64/etc/postfix/main.cf: parameter mail_owner: unknown user name value: postfix
Nov 16 14:02:15 php: rc.start_packages: The command '/usr/pbi/postfix-amd64/sbin/postmap /usr/pbi/postfix-amd64/etc/postfix/transport' returned exit code '1', the output was 'postmap: fatal: file /usr/pbi/postfix-amd64/etc/postfix/main.cf: parameter mail_owner: unknown user name value: postfix'
Nov 16 14:02:15 php: rc.start_packages: Writing out configuration
Nov 16 14:02:15 php: rc.start_packages: The command '/usr/local/sbin/postfix reload' returned exit code '1', the output was ''
Nov 16 14:02:14 postfix/postmap[45331]: fatal: file /usr/pbi/postfix-amd64/etc/postfix/main.cf: parameter mail_owner: unknown user name value: postfix
Nov 16 14:02:13 postfix[45533]: fatal: file /usr/pbi/postfix-amd64/etc/postfix/main.cf: parameter mail_owner: unknown user name value: postfix
Nov 16 14:02:11 php: rc.start_packages: Writing out configuration
Nov 16 14:02:11 php: rc.start_packages: The command '/usr/local/sbin/postfix reload' returned exit code '1', the output was '' -
is it normal?
Does your postfix log errors stopped on Nov 16 or still alerting?
I'll check mailscanner user errors.
-
I have 2 question about this package.
First of all i have installed it on a PFsense 2.1 appliance and it works perfectly, the mails flow without problem to a frakking Exchange 2007 Server.
My questions are:
-
how can modify the mail subject adding [SPAM] if the mail get > 5 spam points?
-
how can i setup a whitelist and blacklist based on mail address, maybe with wildcards for example *@contoso.com ?
Any idea how to do this?
Plus i would like to know if is there a method, a service or even a specific log file to check mailscanner activity. -
-
Any idea how to do this?
IIRC, just select send action on antispam tab.
Plus i would like to know if is there a method, a service or even a specific log file to check mailscanner activity.
it's on postfix log(/var/log/maillog).
-
Well, probably mailscanner was not active, i believe that change in Postfix Forwarder settings "Message Hold mode" from auto to manual acl and setting headers with /^from:/ HOLD did the trick.
Now all spam emails are tagged with [SPAM?] prefix or [Disarmed] prefix. Now it's perfect.
From previous posts on this thread i've found out that is better to set the log to /var/log/maillog, now it's easier to check postfix and mailscanner activity with a simple tail command.
Thank you for your time and for your precious work.
I still need to figure out how to setup a local whitelist.
-
I still need to figure out how to setup a local whitelist.
On postifix acls and/or on mailscanner spam.assassin.prefs.conf gui field
-
is it normal?
Does your postfix log errors stopped on Nov 16 or still alerting?
I'll check mailscanner user errors.
marcelloc there no any new log now,only on Nov16,when PF restarted.
-
Any news marcelloc, about clamav errors?
Thanks marcelloc, service status is ok but the clamd error is the same:
Nov 14 11:56:24 treknetgw MailScanner[73800]: Virus and Content Scanning: Starting Nov 14 11:56:24 treknetgw MailScanner[73800]: Clamd::ERROR:: UNKNOWN CLAMD RETURN ./lstat() failed: Permission denied. ERROR :: /var/spool/MailScanner/incoming/73800 Nov 14 11:56:24 treknetgw MailScanner[73800]: Virus Scanning: Clamd found 1 infections Nov 14 11:56:24 treknetgw MailScanner[73800]: Virus Scanning: Found 1 viruses
-
I could get it working only if I change user to root.
I'll keep trying to use it with unprivileged user.
-
Strange thing here today:
Dec 2 17:31:54 172.16.0.201 Dec 2 17:32:58 mailscanner: Process did not exit cleanly, returned 0 with signal 11
I tryed to turn on Debug=yes flag and:
Dec 2 17:20:52 172.16.0.201 Dec 2 17:21:56 php: /pkg_edit.php: The command '/usr/pbi/mailscanner-i386/etc/rc.d/mailscanner start' returned exit code '1', the output was 'Starting mailscanner. perl: warning: Setting locale failed. perl: warning: Please check that your locale settings: LC_ALL = (unset), LANG = "en_US.ISO8859-1" are supported and installed on your system. perl: warning: Falling back to the standard locale ("C").
any hint ?
thanksGiacomo
-
Strange thing here today:
Dec 2 17:31:54 172.16.0.201 Dec 2 17:32:58 mailscanner: Process did not exit cleanly, returned 0 with signal 11
Tried to reinstall the pkg, and disable virus and spam scan, but the problem persist.
Each Mailscanner children go zombie.
I also noticed that when disableing the third part scan from the postfix forwarder package mail remain in hold in queue (manually removed /^Received:/ HOLD from header_checks). New mails arrive, but old mails stay in the queue.Giacomo
-
Each Mailscanner children go zombie.
I think I've isolated the problem.
I it's all about SpamAssassin
with Use SpamAssassin = no in MailScanner.conf it startsGiacomo
-
I've problems with starting mailscanner after an update to pfSense 2.1.
service mailscanner start
Starting mailscanner.
eval: /usr/pbi/mailscanner-i386/sbin/mailscanner: not found
/usr/local/etc/rc.d/mailscanner: WARNING: failed to start mailscannerll /usr/pbi/mailscanner-i386/sbin/mailscanner
-r-xr-xr-x 1 root wheel 67459 Dec 8 06:40 /usr/pbi/mailscanner-i386/sbin/mailscannerI disabled mailscanner completely to keep receiving mail.
I also run: pfBlocker, nrpe v2 and OpenVPN client.
Please advice.
Packagelist:
bsdinstaller-2.0.2011.1212 BSD Installer mega-package
ca_root_nss-3.15.2_1 The root certificate bundle from the Mozilla Project
curl-7.33.0_1 Non-interactive tool to get files from FTP, GOPHER, HTTP(S)
cyrus-sasl-2.1.25_1 RFC 2222 SASL (Simple Authentication and Security Layer)
cyrus-sasl-2.1.26_3 RFC 2222 SASL (Simple Authentication and Security Layer)
db41-4.1.25_4 The Berkeley DB package, revision 4.1
freetype2-2.4.11 A free and portable TrueType font rendering engine
freetype2-2.4.7 A free and portable TrueType font rendering engine
gd-2.0.35_7,1 A graphics library for fast creation of images
gettext-0.18.1.1 GNU gettext package
gettext-0.18.3.1 GNU gettext package
grub-0.97_4 GRand Unified Bootloader
ipmitool-1.8.11_2 CLI to manage IPMI systems
jpeg-8_3 IJG's jpeg compression utilities
jpeg-8_4 IJG's jpeg compression utilities
libiconv-1.13.1_1 A character set conversion library
libiconv-1.14 A character set conversion library
libiconv-1.14_1 A character set conversion library
libltdl-2.4.2_2 System independent dlopen wrapper
libspf2-1.2.10_1 Sender Rewriting Scheme 2 C Implementation
libstatgrab-0.17 Provides a useful interface to system statistics
muse-0.2 Shows memory usage data
nagios-plugins-1.4.15_1,1 Plugins for Nagios
nrpe-2.12_3 Nagios Remote Plugin Executor
openldap-client-2.4.33_1 Open source LDAP client implementation
p5-Authen-NTLM-1.09 An NTLM authentication module
p5-Crypt-OpenSSL-Bignum-0.04 OpenSSL's multiprecision integer arithmetic
p5-Crypt-OpenSSL-RSA-0.28 Perl5 module to RSA encode and decode strings using OpenSSL
p5-Crypt-OpenSSL-Random-0.06 Perl5 interface to the OpenSSL pseudo-random number generat
p5-DBD-SQLite-1.40 Provides access to SQLite3 databases through the DBI
p5-DBI-1.630 The perl5 Database Interface. Required for DBD::* modules
p5-Digest-HMAC-1.03 Perl5 interface to HMAC Message-Digest Algorithms
p5-Digest-SHA1-2.13 Perl interface to the SHA-1 Algorithm
p5-Encode-Locale-1.03 Determine the locale encoding
p5-File-Listing-6.04 Parse directory listings
p5-Filesys-Df-0.92 Perl extension for filesystem space
p5-Geography-Countries-2009041301 Handle ISO-3166 country codes
p5-HTML-Parser-3.71 Perl5 module for parsing HTML documents
p5-HTML-Tagset-3.20 Some useful data table in parsing HTML
p5-HTTP-Cookies-6.01 HTTP Cookie jars
p5-HTTP-Daemon-6.01 Simple HTTP server class
p5-HTTP-Date-6.02 Conversion routines for the HTTP protocol date formats
p5-HTTP-Message-6.06_2 Representation of HTTP style messages
p5-HTTP-Negotiate-6.01 Implementation of the HTTP content negotiation algorithm
p5-IO-HTML-1.00 Open an HTML file with automatic charset detection
p5-IO-Socket-INET6-2.69 Perl module with object interface to AF_INET6 domain socket
p5-IO-Socket-IP-0.24 Drop-in replacement for IO::Socket::INET supporting IPv4 an
p5-IO-Socket-SSL-1.962 Perl5 interface to SSL sockets
p5-IO-stringy-2.110 Perl5 module for using IO handles with non-file objects
p5-Inline-0.49 Write Perl subroutines in other programming languages
p5-LWP-MediaTypes-6.02 Guess media type for a file or a URL
p5-Mail-DKIM-0.40 Perl5 module to process and/or create DKIM email
p5-Mail-Tools-2.12 Perl5 modules for dealing with Internet e-mail messages
p5-Net-CIDR-0.17 Perl module to manipulate IPv4/IPv6 netblocks in CIDR notat
p5-Net-DNS-0.73 Perl5 interface to the DNS resolver, and dynamic updates
p5-Net-HTTP-6.06 Low-level HTTP client
p5-Net-Ident-1.23 Lookup the username on the remote end of a TCP/IP connectio
p5-Net-SSLeay-1.55 Perl5 interface to SSL
p5-OLE-Storage_Lite-0.19 Perl module for OLE document interface
p5-Parse-RecDescent-1.965.001 A recursive descent parsing framework for Perl
p5-Socket-2.013 Networking constants and support functions
p5-Socket6-0.23 IPv6 related part of the C socket.h defines and structure m
p5-Sys-Hostname-Long-1.4 Try every conceivable way to get full hostname
p5-Sys-SigAction-0.20 Perl extension for Consistent Signal Handling
p5-Time-HiRes-1.9726,1 A perl5 module implementing High resolution time, sleep, an
p5-TimeDate-2.30_1,1 Perl5 module containing a better/faster date parser for abs
p5-URI-1.60 Perl5 interface to Uniform Resource Identifier (URI) refere
p5-WWW-RobotRules-6.02 Database of robots.txt-derived permissions
p7zip-9.20.1 File archiver with high compression ratio
pcre-8.33 Perl Compatible Regular Expressions library
perl5-5.16.3_4 Practical Extraction and Report Language
pkg-config-0.25_1 A utility to retrieve information about installed libraries
pkgconf-0.8.9 Utility to help to configure compiler and linker flags
png-1.4.8 Library for manipulating PNG images
postfix-2.10.2,1 Secure alternative to widely-used Sendmail
python27-2.7.6 Interpreted object-oriented programming language
razor-agents-2.84 A distributed, collaborative, spam detection and filtering
sqlite-2.8.17_1 An SQL database engine in a C library
sqlite3-3.7.9 An SQL database engine in a C library
tnef-1.4.9 Unpack data in MS Outlook TNEF format
zip-3.0 Create/update ZIP files compatible with pkzip