Mailscanner + spamassassin + clamav package

Ivart

Giaco, if you want to remove inline signature
Install Filer package to keep  files after updates, load in Filer file /usr/local/pkg/mailscanner.conf.template and edit these lines, save and after that restart MailScanner

Sign Messages Already Processed = no
Sign Clean Messages = no

capitangiaco

@marcelloc:

I use it with Message Hold mode= manual using acls

and I put /^from:/ HOLD on header acls

What are the differences between:

/^Received:/ HOLD or /^From:/ HOLD

on postfix header_check ?

Giacomo

capitangiaco

I use splunk to analyze logs, but I would like to use also the sqlite search system integrated with postfix pkg.
Is there the way to use both /var/log/maillog and system logs as logging destinations ?

Giacomo

Bismarck

root@:~# /usr/local/bin/sa-update -D –no-gpg
dbg: logger: adding facilities: all
dbg: logger: logging level is DBG
dbg: generic: SpamAssassin version 3.4.0
dbg: generic: Perl 5.016003, PREFIX=/usr/pbi/mailscanner-amd64, DEF_RULES_DIR=/usr/pbi/mailscanner-amd64/share/spamassassin, LOCAL_RULES_DIR=/usr/pbi/mailscanner-amd64/etc/mail/spamassassin, LOCAL_STATE_DIR=/var/db/spamassassin
dbg: config: timing enabled
dbg: config: score set 0 chosen.
dbg: generic: sa-update version svn1475932
dbg: generic: using update directory: /var/db/spamassassin/3.004000
dbg: diag: perl platform: 5.016003 freebsd
dbg: diag: […] module installed: Digest::SHA, version 5.71
dbg: diag: […] module installed: HTML::Parser, version 3.71
dbg: diag: […] module installed: Net::DNS, version 0.74
dbg: diag: […] module installed: NetAddr::IP, version 4.069
dbg: diag: […] module installed: Time::HiRes, version 1.9726
dbg: diag: […] module installed: Archive::Tar, version 1.82
dbg: diag: […] module installed: IO::Zlib, version 1.10
dbg: diag: […] module not installed: Digest::SHA1 ('require' failed)
dbg: diag: […] module installed: MIME::Base64, version 3.13
dbg: diag: […] module installed: DB_File, version 1.826
dbg: diag: […] module installed: Net::SMTP, version 2.31
dbg: diag: […] module installed: Mail::SPF, version v2.009
dbg: diag: […] module not installed: Geo::IP ('require' failed)
dbg: diag: […] module not installed: Razor2::Client::Agent ('require' failed)
dbg: diag: […] module installed: IO::Socket::IP, version 0.29
dbg: diag: […] module installed: IO::Socket::INET6, version 2.69
dbg: diag: […] module installed: IO::Socket::SSL, version 1.981
dbg: diag: […] module installed: Compress::Zlib, version 2.048
dbg: diag: […] module not installed: Mail::DKIM ('require' failed)
dbg: diag: […] module installed: DBI, version 1.631
dbg: diag: […] module installed: Getopt::Long, version 2.38
dbg: diag: […] module not installed: LWP::UserAgent ('require' failed)
dbg: diag: […] module installed: HTTP::Date, version 6.02
dbg: diag: […] module installed: Encode::Detect, version 1.01
dbg: diag: […] module not installed: Net::Patricia ('require' failed)
dbg: channel: attempting channel updates.spamassassin.org
dbg: channel: using existing directory /var/db/spamassassin/3.004000/updates_spamassassin_org
dbg: channel: channel cf file /var/db/spamassassin/3.004000/updates_spamassassin_org.cf
dbg: channel: channel pre file /var/db/spamassassin/3.004000/updates_spamassassin_org.pre
dbg: channel: metadata version = 1588424, from file /var/db/spamassassin/3.004000/updates_spamassassin_org.cf
dbg: dns: 0.4.3.updates.spamassassin.org => 1588424, parsed as 1588424
dbg: channel: current version is 1588424, new version is 1588424, skipping channel
dbg: diag: updates complete, exiting with code 1
root@:~#

How to fix this?

I've tried to install the missing modules manually in:

/usr/pbi/mailscanner-amd64/lib/perl5

and

/usr/local/lib/perl5

but nothing changed?

2.1.3-RELEASE (amd64)
built on Thu May 01 15:52:13 EDT 2014
FreeBSD 8.3-RELEASE-p16

mailscanner 4.84.6 pkg v.0.2.5

Bismarck

Can we please have a change log for the new 0.2.6 version? Thanks.

Unrar virus scanning is broken, I've fixed it by installing the pkg's via

pkg_add -r unrar

even unrar already exists in /usr/pbi/mailscanner-amd64/bin?

mflyagin

Installed on my pfSense Postfix Forwarder + Mailscanner. It all started, in the logs there are no errors, the mail goes through Postfix Forwarder (seen in the logs), but the feeling that the mail is not processed in Mailscanner. Because attaches are not cut, no entries in the logs. Where could be the problem? In the Third part Antispam Settings checkbox enabled, the package is selected.

FlashPan

Hi guys,

Guess this could be more of a mental healthcheck :)

In my MailScanner.conf file I have the follolwing entries:

Phishing Safe Sites File = %etc-dir%/phishing.safe.sites.conf
Phishing Bad Sites File = %etc-dir%/phishing.bad.sites.conf
Country Sub-Domains List = %etc-dir%/country.domains.conf

I have noticed that the content of these never update, the file timestamp never chanegs as well.

Should these file update?  I cannot see an option within MailScanner to updates (or schedule) and nothing in Cron is jumping out at me?

To be honest I am not even sure what other .conf or clamav files should update? (EDIT- ahh just realised clamav is installed with postfix. Still not finding info on the other.conf files though)

Am I missing something here?

Thanks in advance for you help.

Cheers

Bismarck

MailScanner uses spamassassin, so you need to check

**/var/db/spamassassin/3.004000 >

/var/db/spamassassin/3.004000/updates_spamassassin_org**

for updates. Execute

/usr/local/bin/sa-update -v –no-gpg

and look if anything is changing in the above shown paths.

seba1234

Anyone has installed the MAilscanner 4.84.6 pkg v.0.2.10, because I did it and then probe again in a fresh installation of pfsense 2.1.5 but the service doesn't start.
Also when I change the configuration from the gui it didn't update de mailscanner.conf file.
Thanks.

EHN_Helpdesk

seba1234

I just recently updated my pfSense from 2.1 to 2.1.5 and found that my Mailscanner (4.84.6 pkg v.0.2.10) service would not start.  In order for Mailscanner to start properly on my system, I had to fix the file directory pointer in /usr/local/pkg/mailscanner.inc on line 37

current line is if ($pf_version != "2.1")

new line to if ($pf_version != "2.1.5")

This was the simplest way for me to fix the MailScanner configuration for 2.1.5.  I'm sure there is a more proper way to fix this issue and I welcome insight, but as I said, it was the simplest path for me.

FlashPan

I had to reinstall my pfsense today. Restored my packages from a backup file and mailscanner failed to load.

Using the fix from EHN_Helpdesk worked for me.

Cheers

PS: Thanks very much EHN_Helpdesk for the fix.  I would have never ever worked that out for myself.

FlashPan

Thanks Bismark

Well now that I have my mailscanner running I can see that spamassassin data is changing inside  /var/db/spamassassin/3.004000 when I run the update command (with no errors).

I am still seeing that these files are still not updating:

Phishing Safe Sites File = /usr/pbi/mailscanner-i386/etc/MailScanner/phishing.safe.sites.conf
Phishing Bad Sites File = /usr/pbi/mailscanner-i386/etc/MailScanner/phishing.bad.sites.conf
Country Sub-Domains List = /usr/pbi/mailscanner-i386/etc/MailScanner/country.domains.conf

Phishing Bad Sites for example is still stating:

This file was generated at Mon Mar  5 14:20:01 GMT 2012

I can see form here a newer version:

http://www.mailscanner.eu/phishing.bad.sites.conf.master

Do I need to add another command into cron to get these updated, or?

Cheers all again for your great support.

Bismarck

@FlashPan:

I am still seeing that these files are still not updating:

Phishing Safe Sites File = /usr/pbi/mailscanner-i386/etc/MailScanner/phishing.safe.sites.conf
Phishing Bad Sites File = /usr/pbi/mailscanner-i386/etc/MailScanner/phishing.bad.sites.conf
Country Sub-Domains List = /usr/pbi/mailscanner-i386/etc/MailScanner/country.domains.conf

Phishing Bad Sites for example is still stating:

This file was generated at Mon Mar  5 14:20:01 GMT 2012

I can see form here a newer version:

http://www.mailscanner.eu/phishing.bad.sites.conf.master

Do I need to add another command into cron to get these updated, or?

Cheers all again for your great support.

/usr/local/libexec/MailScanner/update_bad_phishing_sites.cron

Looks like this update script is broken, the only way to update is manually via the pfsense webgui. But anyway thats just a very small anti-phishing mechanism of mailscanner, the real power comes with spamassassin.

Subscribe few SA channels and keep them updated via shell script/cron.

capitangiaco

@capitangiaco:

@marcelloc:

Disable pyzor checks and see if spamassassin starts working.

Hi Marcello

I found that the problem is bayes
If I disable 'use bayes (YES)'  spamassassin starts!
I've tried sa-learn –sync, but it didn't fixed

here the spamassassin -D --lint output

http://nopaste.info/2ebbbaca23.html

Giacomo

After latest upgrades (pfsense 2.1.5 and mailscanner 4.84.6 pkg v.0.2.10) I am able to use Spamassassin and Bayes.
But while mails are coming from the console I see :

ps aux | grep Z
USER      PID %CPU %MEM  VSZ  RSS  TT  STAT STARTED      TIME COMMAND
postfix 77416 24.1  0.0    0    0  ??  ZN  10:51AM  0:03.18 <defunct>postfix 17024  0.0  0.0    0    0  ??  Z    10:47AM  0:05.15 <defunct>postfix 29545  0.0  0.0    0    0  ??  Z    10:35AM  0:04.16 <defunct>postfix 29839  0.0  0.0    0    0  ??  Z    10:35AM  0:04.66 <defunct>postfix 31218  0.0  0.0    0    0  ??  Z    10:35AM  0:05.43 <defunct>from logs I can see only:
"Process did not exit cleanly, returned 0 with signal 11"

some hint to debug this ?
thanks

Giacomo</defunct></defunct></defunct></defunct></defunct>

seba1234

Thank you EHN_Helpdesk, I appied your solution and it works.

FlashPan

Hi gang,

Got a couple of queries again  :P

Anyone noticing that the SpamAssassin rules are not updating recently?

Am using the sa-update command in cron once a day but the version is not increasing in "/var/db/spamassassin/3.004000" from "# UPDATE version 1640695"  I can tell for sure as the time stamps for the files are not changing for at least a couple of weeks now I reckon.  I've run the sa-update command manually which states no updates are available from updates.spamassassin.org.  So does this mean the version of spamassassin we have is now out of date/unsupported?

Also..anyone had any luck in updating the "phishing.bad.sites.conf" and "phishing.safe.sites.conf" under "/usr/pbi/mailscanner-i386/etc/MailScanner" ?

I've run this command manually and it does update the file in question but MailScanner does not show/see the updated file in the gui.

/usr/pbi/mailscanner-i386/bin/wget -O /usr/pbi/mailscanner-i386/etc/MailScanner/phishing.bad.sites.conf http://www.mailscanner.eu/phishing.bad.sites.conf /usr/pbi/mailscanner-i386/etc/MailScanner/phishing.bad.sites.conf

I've tried stop, start and restart commands in the following location after the update (as well as a full reboot):

/etc/rc.d/init.d/mailsacanner
/usr/pbi/mailscanner-i386/etc/rc.d/mailscanner
/usr/local/bin/spamassassin

But the gui doe snot update with the new data.

I've been blundering around the internet for a couple of days trying to figure this out. The above is just what my limited intellect to freebsd has discovered and even more limted to my understanding.

If anyone has go the above going can you please be so kind to share your scripts etc?

Cheers all

marcelloc

As 2.2 is almost on RC, fixes to 2.1 packages must be pushed as soon as possible.

who knows php and what is missing on the package, the best way is to create a pull request on packages.

I'll try to include missing perl libs to package build options.

But something I know is that link to external downlad sites other then pfsense is not permited on package repos.

What is broken on mailscanner? I'm pushing some fixes to packages on 2.2

capitangiaco

Hi

I am tryng to drop .exe attachments directly from postfix.
Using the example configuration in the mime section:

/^name=[^>]*.(com|vbs|js|jse|exe|bat|cmd|vxd|scr|hlp|pif|shs|ini|dll)/ REJECT W do not allow files of type "$3" because of security concerns - "$2" caused the block.
/^Content-(Disposition|Type):\s+.+?(?:file)?name="?.+?.(386|ad[ept]|drv|em(ai)?l|ex[_e]|xms|{[\da-f]{8}(?:-[\da-f]{4}){3}-[\da-f]{12}})\b/ REJECT ".$2" file attachment types not allowed

it doesn't work, and from the logs I see:
warning: pcre map /usr/pbi/postfix-i386/etc/postfix/mime_check, line 1: out of range replacement index "3": skipping this rule

The files are quarantined by Mailscanner, but I would like to drop themt as soon as possible.
Any hints ?

thank you

Giacomo

capitangiaco

@marcelloc:

What is broken on mailscanner? I'm pushing some fixes to packages on 2.2

Does the reporting (Notices to System Administrators) works ?
I have to manually modify the Mailscanner.conf

Send Notices = yes
Notices Include Full Headers = yes
Hide Incoming Work Dir in Notices = no
Notice Signature = – \nMailScanner\nEmail Virus Scanner\nwww.mailscanner.info
Notices From =                                    <–------
Notices To =                                        <–------
Local Postmaster = Postmaster              <–------

Giacomo

FlashPan

@ capitangiaco

If you check the last post on this page (32) on the Postfix thread here https://forum.pfsense.org/index.php?topic=40622.465

It may help you out.

Cheers