Mailscanner + spamassassin + clamav package

m.mascheroni

Well, probably mailscanner was not active, i believe that change in Postfix Forwarder settings "Message Hold mode" from auto to manual acl and setting headers with /^from:/ HOLD did the trick.

Now all spam emails are tagged with [SPAM?] prefix or [Disarmed] prefix. Now it's perfect.

From previous posts on this thread i've found out that is better to set the log to /var/log/maillog, now it's easier to check postfix and mailscanner activity with a simple tail command.

Thank you for your time and for your precious work.

I still need to figure out how to setup a local whitelist.

marcelloc

@m.mascheroni:

I still need to figure out how to setup a local whitelist.

On postifix acls and/or on mailscanner spam.assassin.prefs.conf gui field

expert_az

@marcelloc:

@expert_az:

is it normal?

Does your postfix log errors stopped on Nov 16 or still alerting?

I'll check mailscanner user errors.

marcelloc there no any new log now,only on Nov16,when PF restarted.

Ivart

Any news marcelloc, about clamav errors?

@Ivart:

Thanks marcelloc, service status is ok but the clamd error is the same:


Nov 14 11:56:24 treknetgw MailScanner[73800]: Virus and Content Scanning: Starting
Nov 14 11:56:24 treknetgw MailScanner[73800]: Clamd::ERROR:: UNKNOWN CLAMD RETURN ./lstat() failed: Permission denied. ERROR :: /var/spool/MailScanner/incoming/73800
Nov 14 11:56:24 treknetgw MailScanner[73800]: Virus Scanning: Clamd found 1 infections
Nov 14 11:56:24 treknetgw MailScanner[73800]: Virus Scanning: Found 1 viruses

marcelloc

I could get it working only if I change user to root.

I'll keep trying to use it with unprivileged user.

capitangiaco

Strange thing here today:

Dec 2 17:31:54 172.16.0.201 Dec 2 17:32:58 mailscanner: Process did not exit cleanly, returned 0 with signal 11

I tryed to turn on Debug=yes flag and:

Dec 2 17:20:52 172.16.0.201 Dec 2 17:21:56 php: /pkg_edit.php: The command '/usr/pbi/mailscanner-i386/etc/rc.d/mailscanner start' returned exit code '1', the output was 'Starting mailscanner. perl: warning: Setting locale failed. perl: warning: Please check that your locale settings: LC_ALL = (unset), LANG = "en_US.ISO8859-1" are supported and installed on your system. perl: warning: Falling back to the standard locale ("C").

any hint ?
thanks

Giacomo

capitangiaco

@capitangiaco:

Strange thing here today:

Dec 2 17:31:54 172.16.0.201 Dec 2 17:32:58 mailscanner: Process did not exit cleanly, returned 0 with signal 11

Tried to reinstall the pkg, and disable virus and spam scan, but the problem persist.
Each Mailscanner children go zombie.
I also noticed that when disableing the third part scan from the postfix forwarder package mail remain in hold in queue (manually removed /^Received:/ HOLD from header_checks). New mails arrive, but old mails stay in the queue.

Giacomo

capitangiaco

@capitangiaco:

Each Mailscanner children go zombie.

I think I've isolated the problem.
I it's all about SpamAssassin
with Use SpamAssassin = no in MailScanner.conf it starts

Giacomo

ikbendeman

I've problems with starting mailscanner after an update to pfSense 2.1.

service mailscanner start
Starting mailscanner.
eval: /usr/pbi/mailscanner-i386/sbin/mailscanner: not found
/usr/local/etc/rc.d/mailscanner: WARNING: failed to start mailscanner

ll /usr/pbi/mailscanner-i386/sbin/mailscanner
-r-xr-xr-x 1 root wheel 67459 Dec 8 06:40 /usr/pbi/mailscanner-i386/sbin/mailscanner

I disabled mailscanner completely to keep receiving mail.

I also run: pfBlocker, nrpe v2 and OpenVPN client.

Please advice.

Packagelist:

bsdinstaller-2.0.2011.1212 BSD Installer mega-package
ca_root_nss-3.15.2_1 The root certificate bundle from the Mozilla Project
curl-7.33.0_1 Non-interactive tool to get files from FTP, GOPHER, HTTP(S)
cyrus-sasl-2.1.25_1 RFC 2222 SASL (Simple Authentication and Security Layer)
cyrus-sasl-2.1.26_3 RFC 2222 SASL (Simple Authentication and Security Layer)
db41-4.1.25_4 The Berkeley DB package, revision 4.1
freetype2-2.4.11 A free and portable TrueType font rendering engine
freetype2-2.4.7 A free and portable TrueType font rendering engine
gd-2.0.35_7,1 A graphics library for fast creation of images
gettext-0.18.1.1 GNU gettext package
gettext-0.18.3.1 GNU gettext package
grub-0.97_4 GRand Unified Bootloader
ipmitool-1.8.11_2 CLI to manage IPMI systems
jpeg-8_3 IJG's jpeg compression utilities
jpeg-8_4 IJG's jpeg compression utilities
libiconv-1.13.1_1 A character set conversion library
libiconv-1.14 A character set conversion library
libiconv-1.14_1 A character set conversion library
libltdl-2.4.2_2 System independent dlopen wrapper
libspf2-1.2.10_1 Sender Rewriting Scheme 2 C Implementation
libstatgrab-0.17 Provides a useful interface to system statistics
muse-0.2 Shows memory usage data
nagios-plugins-1.4.15_1,1 Plugins for Nagios
nrpe-2.12_3 Nagios Remote Plugin Executor
openldap-client-2.4.33_1 Open source LDAP client implementation
p5-Authen-NTLM-1.09 An NTLM authentication module
p5-Crypt-OpenSSL-Bignum-0.04 OpenSSL's multiprecision integer arithmetic
p5-Crypt-OpenSSL-RSA-0.28 Perl5 module to RSA encode and decode strings using OpenSSL
p5-Crypt-OpenSSL-Random-0.06 Perl5 interface to the OpenSSL pseudo-random number generat
p5-DBD-SQLite-1.40 Provides access to SQLite3 databases through the DBI
p5-DBI-1.630 The perl5 Database Interface. Required for DBD::* modules
p5-Digest-HMAC-1.03 Perl5 interface to HMAC Message-Digest Algorithms
p5-Digest-SHA1-2.13 Perl interface to the SHA-1 Algorithm
p5-Encode-Locale-1.03 Determine the locale encoding
p5-File-Listing-6.04 Parse directory listings
p5-Filesys-Df-0.92 Perl extension for filesystem space
p5-Geography-Countries-2009041301 Handle ISO-3166 country codes
p5-HTML-Parser-3.71 Perl5 module for parsing HTML documents
p5-HTML-Tagset-3.20 Some useful data table in parsing HTML
p5-HTTP-Cookies-6.01 HTTP Cookie jars
p5-HTTP-Daemon-6.01 Simple HTTP server class
p5-HTTP-Date-6.02 Conversion routines for the HTTP protocol date formats
p5-HTTP-Message-6.06_2 Representation of HTTP style messages
p5-HTTP-Negotiate-6.01 Implementation of the HTTP content negotiation algorithm
p5-IO-HTML-1.00 Open an HTML file with automatic charset detection
p5-IO-Socket-INET6-2.69 Perl module with object interface to AF_INET6 domain socket
p5-IO-Socket-IP-0.24 Drop-in replacement for IO::Socket::INET supporting IPv4 an
p5-IO-Socket-SSL-1.962 Perl5 interface to SSL sockets
p5-IO-stringy-2.110 Perl5 module for using IO handles with non-file objects
p5-Inline-0.49 Write Perl subroutines in other programming languages
p5-LWP-MediaTypes-6.02 Guess media type for a file or a URL
p5-Mail-DKIM-0.40 Perl5 module to process and/or create DKIM email
p5-Mail-Tools-2.12 Perl5 modules for dealing with Internet e-mail messages
p5-Net-CIDR-0.17 Perl module to manipulate IPv4/IPv6 netblocks in CIDR notat
p5-Net-DNS-0.73 Perl5 interface to the DNS resolver, and dynamic updates
p5-Net-HTTP-6.06 Low-level HTTP client
p5-Net-Ident-1.23 Lookup the username on the remote end of a TCP/IP connectio
p5-Net-SSLeay-1.55 Perl5 interface to SSL
p5-OLE-Storage_Lite-0.19 Perl module for OLE document interface
p5-Parse-RecDescent-1.965.001 A recursive descent parsing framework for Perl
p5-Socket-2.013 Networking constants and support functions
p5-Socket6-0.23 IPv6 related part of the C socket.h defines and structure m
p5-Sys-Hostname-Long-1.4 Try every conceivable way to get full hostname
p5-Sys-SigAction-0.20 Perl extension for Consistent Signal Handling
p5-Time-HiRes-1.9726,1 A perl5 module implementing High resolution time, sleep, an
p5-TimeDate-2.30_1,1 Perl5 module containing a better/faster date parser for abs
p5-URI-1.60 Perl5 interface to Uniform Resource Identifier (URI) refere
p5-WWW-RobotRules-6.02 Database of robots.txt-derived permissions
p7zip-9.20.1 File archiver with high compression ratio
pcre-8.33 Perl Compatible Regular Expressions library
perl5-5.16.3_4 Practical Extraction and Report Language
pkg-config-0.25_1 A utility to retrieve information about installed libraries
pkgconf-0.8.9 Utility to help to configure compiler and linker flags
png-1.4.8 Library for manipulating PNG images
postfix-2.10.2,1 Secure alternative to widely-used Sendmail
python27-2.7.6 Interpreted object-oriented programming language
razor-agents-2.84 A distributed, collaborative, spam detection and filtering
sqlite-2.8.17_1 An SQL database engine in a C library
sqlite3-3.7.9 An SQL database engine in a C library
tnef-1.4.9 Unpack data in MS Outlook TNEF format
zip-3.0 Create/update ZIP files compatible with pkzip

capitangiaco

@ikbendeman:

I've problems with starting mailscanner after an update to pfSense 2.1.

service mailscanner start
Starting mailscanner.
eval: /usr/pbi/mailscanner-i386/sbin/mailscanner: not found
/usr/local/etc/rc.d/mailscanner: WARNING: failed to start mailscanner

ll /usr/pbi/mailscanner-i386/sbin/mailscanner
-r-xr-xr-x 1 root wheel 67459 Dec 8 06:40 /usr/pbi/mailscanner-i386/sbin/mailscanner

I disabled mailscanner completely to keep receiving mail.

have you tried to reinstall the mailscanner pkg ?

Giacomo

ikbendeman

Hi Giacomo,

Yes, I did reinstall the package… but same result.
Even a fresh install did not fixed the problem. (Fresh install from 2.0.3 with update to 2.1)

EHN_Helpdesk

I am experiencing the same results of MailScanner on my pfSense 2.0.1 upgrade to 2.1-Release but on the AMD64 platform as ikbendeman. I even performed a clean install of pfSense 2.1-Release, then Postfix, then MailScanner. I have re-installed MailScanner package several times but it still fails to start with this response:

Dec 8 16:00:17 root: /usr/pbi/mailscanner-amd64/etc/rc.d/mailscanner: WARNING: failed to start mailscanner
Dec 8 16:00:17 php: /pkg_edit.php: The command '/usr/pbi/mailscanner-amd64/etc/rc.d/mailscanner start' returned exit code '1', the output was 'Starting mailscanner. eval: /usr/pbi/mailscanner-amd64/sbin/mailscanner: not found /usr/pbi/mailscanner-amd64/etc/rc.d/mailscanner: WARNING: failed to start mailscanner'

When I try and manually start from the Services GUI, I get this:

Dec 8 17:31:37 php: /status_services.php: The command '/usr/local/etc/rc.d/mailscanner stop' returned exit code '1', the output was 'mailscanner not running? (check /var/run/MailScanner.pid).'
Dec 8 17:31:39 root: /usr/local/etc/rc.d/mailscanner: WARNING: failed to start mailscanner

Being that pfSense 2.1 uses a different tree directory, it seems that MailScanner (4.84.5_3 pkg v.0.2.2 ) is not ready for pfSense 2.1.

I would hate to have to downgrade pfSense to 2.0.1 in order for MailScanner to work right.

capitangiaco

@EHN_Helpdesk:

Dec 8 16:00:17 root: /usr/pbi/mailscanner-amd64/etc/rc.d/mailscanner: WARNING: failed to start mailscanner
Dec 8 16:00:17 php: /pkg_edit.php: The command '/usr/pbi/mailscanner-amd64/etc/rc.d/mailscanner start' returned exit code '1', the output was 'Starting mailscanner. eval: /usr/pbi/mailscanner-amd64/sbin/mailscanner: not found /usr/pbi/mailscanner-amd64/etc/rc.d/mailscanner: WARNING: failed to start mailscanner'

When I try and manually start from the Services GUI, I get this:

Dec 8 17:31:37 php: /status_services.php: The command '/usr/local/etc/rc.d/mailscanner stop' returned exit code '1', the output was 'mailscanner not running? (check /var/run/MailScanner.pid).'
Dec 8 17:31:39 root: /usr/local/etc/rc.d/mailscanner: WARNING: failed to start mailscanner

Your manual start failed cause you are using the wrong rc script.
You have to use /usr/pbi/mailscanner-amd64/etc/rc.d/mailscanner start/stop
If you don't have, create the link:

ls -l /usr/local/sbin/mailscanner

lrwxr-xr-x 1 root wheel 43 Dec 2 18:33 /usr/local/sbin/mailscanner -> /usr/pbi/mailscanner-i386/.sbin/mailscanner
adapt to your architecture (amd64)

Giacomo

ikbendeman

you advice to run: /usr/local/sbin/mailscanner (where mailscanner is in the hidden .sbin directory)

ll /usr/local/sbin/mailscanner
lrwxr-xr-x 1 root wheel 43 Dec 8 06:37 /usr/local/sbin/mailscanner -> /usr/pbi/mailscanner-i386/.sbin/mailscanner

Then mailscanner doesn't return an error but mailscanner is not started!

ps ax | grep -i mailscanner
19657 ?? Is 3:02.05 /usr/pbi/mailscanner-i386/sbin/clamd
93386 0 R+ 0:00.00 grep -i mailscanner

The confusion starts with two mailscanner scripts:

ll /usr/pbi/mailscanner-i386/sbin/mailscanner
-r-xr-xr-x 1 root wheel 67459 Dec 8 06:40 /usr/pbi/mailscanner-i386/sbin/mailscanner
ll /usr/pbi/mailscanner-i386/.sbin/mailscanner
-rwxr-xr-x 1 root wheel 8956 Dec 6 17:04 /usr/pbi/mailscanner-i386/.sbin/mailscanner

Restarting mailscanner in the GUI doesn't work either.

Pls advice

Regards

Bob

capitangiaco

I am not able to set this:

Sign Clean Message = no

I created the file:
/usr/pbi/mailscanner-i386/etc/MailScanner/conf.d/custom.conf
and put there the option and restart mailscanner, but nothing happens.

some help ?
thanks

Giacomo

ics

Hi Marcello,

Did you try MailWatch on 2.1 ?
You said in another post that in 2.0 it breaks pfsense php…

The most wanted feature of mailwatch is probably the Quarantine management.
Is it still in the roadmap for mailscanner ?

Thanks

Ivart

Hello Marcelloc, after update mailscanner fails with SpamAssassin, and I think not scanning messages anymore.
Maillog showing messages below in loop.

MailScanner E-Mail Virus Scanner version 4.84.5 starting…
MailScanner[99955]: Reading configuration file /usr/pbi/mailscanner-i386/etc/MailScanner/MailScanner.conf
MailScanner[99955]: Reading configuration file /usr/pbi/mailscanner-i386/etc/MailScanner/conf.d/README
MailScanner[99955]: Read 869 hostnames from the phishing whitelist
MailScanner[99955]: Read 5435 hostnames from the phishing blacklists
MailScanner[99955]: Message Content Protection SpamAssassin installation could not be found

m.mascheroni

Hi Marcello, how can i totally disable Attachment scan and replace?

Ivart

@marcelloc:

I could get it working only if I change user to root.

I'll keep trying to use it with unprivileged user.

Have you found any solution for clamd error?

m.mascheroni

@m.mascheroni:

Hi Marcello, how can i totally disable Attachment scan and replace?

Setting Maximum Archive depth to 0 did the trick.
A reboot is also necessary because somehow a service restart throw an error not having permission to stop and restart postfix.