Mailscanner + spamassassin + clamav package

FlashPan

Hi guys,

Guess this could be more of a mental healthcheck :)

In my MailScanner.conf file I have the follolwing entries:

Phishing Safe Sites File = %etc-dir%/phishing.safe.sites.conf
Phishing Bad Sites File = %etc-dir%/phishing.bad.sites.conf
Country Sub-Domains List = %etc-dir%/country.domains.conf

I have noticed that the content of these never update, the file timestamp never chanegs as well.

Should these file update? I cannot see an option within MailScanner to updates (or schedule) and nothing in Cron is jumping out at me?

To be honest I am not even sure what other .conf or clamav files should update? (EDIT- ahh just realised clamav is installed with postfix. Still not finding info on the other.conf files though)

Am I missing something here?

Thanks in advance for you help.

Cheers

Bismarck

MailScanner uses spamassassin, so you need to check

**/var/db/spamassassin/3.004000 >

/var/db/spamassassin/3.004000/updates_spamassassin_org**

for updates. Execute

/usr/local/bin/sa-update -v –no-gpg

and look if anything is changing in the above shown paths.

seba1234

Anyone has installed the MAilscanner 4.84.6 pkg v.0.2.10, because I did it and then probe again in a fresh installation of pfsense 2.1.5 but the service doesn't start.
Also when I change the configuration from the gui it didn't update de mailscanner.conf file.
Thanks.

EHN_Helpdesk

seba1234

I just recently updated my pfSense from 2.1 to 2.1.5 and found that my Mailscanner (4.84.6 pkg v.0.2.10) service would not start. In order for Mailscanner to start properly on my system, I had to fix the file directory pointer in /usr/local/pkg/mailscanner.inc on line 37

current line is if ($pf_version != "2.1")

new line to if ($pf_version != "2.1.5")

This was the simplest way for me to fix the MailScanner configuration for 2.1.5. I'm sure there is a more proper way to fix this issue and I welcome insight, but as I said, it was the simplest path for me.

FlashPan

I had to reinstall my pfsense today. Restored my packages from a backup file and mailscanner failed to load.

Using the fix from EHN_Helpdesk worked for me.

Cheers

PS: Thanks very much EHN_Helpdesk for the fix. I would have never ever worked that out for myself.

FlashPan

Thanks Bismark

Well now that I have my mailscanner running I can see that spamassassin data is changing inside /var/db/spamassassin/3.004000 when I run the update command (with no errors).

I am still seeing that these files are still not updating:

Phishing Safe Sites File = /usr/pbi/mailscanner-i386/etc/MailScanner/phishing.safe.sites.conf
Phishing Bad Sites File = /usr/pbi/mailscanner-i386/etc/MailScanner/phishing.bad.sites.conf
Country Sub-Domains List = /usr/pbi/mailscanner-i386/etc/MailScanner/country.domains.conf

Phishing Bad Sites for example is still stating:

This file was generated at Mon Mar 5 14:20:01 GMT 2012

I can see form here a newer version:

http://www.mailscanner.eu/phishing.bad.sites.conf.master

Do I need to add another command into cron to get these updated, or?

Cheers all again for your great support.

Bismarck

@FlashPan:

I am still seeing that these files are still not updating:

Phishing Safe Sites File = /usr/pbi/mailscanner-i386/etc/MailScanner/phishing.safe.sites.conf
Phishing Bad Sites File = /usr/pbi/mailscanner-i386/etc/MailScanner/phishing.bad.sites.conf
Country Sub-Domains List = /usr/pbi/mailscanner-i386/etc/MailScanner/country.domains.conf

Phishing Bad Sites for example is still stating:

This file was generated at Mon Mar 5 14:20:01 GMT 2012

I can see form here a newer version:

http://www.mailscanner.eu/phishing.bad.sites.conf.master

Do I need to add another command into cron to get these updated, or?

Cheers all again for your great support.

/usr/local/libexec/MailScanner/update_bad_phishing_sites.cron

Looks like this update script is broken, the only way to update is manually via the pfsense webgui. But anyway thats just a very small anti-phishing mechanism of mailscanner, the real power comes with spamassassin.

Subscribe few SA channels and keep them updated via shell script/cron.

capitangiaco

@capitangiaco:

@marcelloc:

Disable pyzor checks and see if spamassassin starts working.

Hi Marcello

I found that the problem is bayes
If I disable 'use bayes (YES)' spamassassin starts!
I've tried sa-learn –sync, but it didn't fixed

here the spamassassin -D --lint output

http://nopaste.info/2ebbbaca23.html

Giacomo

After latest upgrades (pfsense 2.1.5 and mailscanner 4.84.6 pkg v.0.2.10) I am able to use Spamassassin and Bayes.
But while mails are coming from the console I see :

ps aux | grep Z
USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND
postfix 77416 24.1 0.0 0 0 ?? ZN 10:51AM 0:03.18 <defunct>postfix 17024 0.0 0.0 0 0 ?? Z 10:47AM 0:05.15 <defunct>postfix 29545 0.0 0.0 0 0 ?? Z 10:35AM 0:04.16 <defunct>postfix 29839 0.0 0.0 0 0 ?? Z 10:35AM 0:04.66 <defunct>postfix 31218 0.0 0.0 0 0 ?? Z 10:35AM 0:05.43 <defunct>from logs I can see only:
"Process did not exit cleanly, returned 0 with signal 11"

some hint to debug this ?
thanks

Giacomo</defunct></defunct></defunct></defunct></defunct>

seba1234

Thank you EHN_Helpdesk, I appied your solution and it works.

FlashPan

Hi gang,

Got a couple of queries again :P

Anyone noticing that the SpamAssassin rules are not updating recently?

Am using the sa-update command in cron once a day but the version is not increasing in "/var/db/spamassassin/3.004000" from "# UPDATE version 1640695" I can tell for sure as the time stamps for the files are not changing for at least a couple of weeks now I reckon. I've run the sa-update command manually which states no updates are available from updates.spamassassin.org. So does this mean the version of spamassassin we have is now out of date/unsupported?

Also..anyone had any luck in updating the "phishing.bad.sites.conf" and "phishing.safe.sites.conf" under "/usr/pbi/mailscanner-i386/etc/MailScanner" ?

I've run this command manually and it does update the file in question but MailScanner does not show/see the updated file in the gui.

/usr/pbi/mailscanner-i386/bin/wget -O /usr/pbi/mailscanner-i386/etc/MailScanner/phishing.bad.sites.conf http://www.mailscanner.eu/phishing.bad.sites.conf /usr/pbi/mailscanner-i386/etc/MailScanner/phishing.bad.sites.conf

I've tried stop, start and restart commands in the following location after the update (as well as a full reboot):

/etc/rc.d/init.d/mailsacanner
/usr/pbi/mailscanner-i386/etc/rc.d/mailscanner
/usr/local/bin/spamassassin

But the gui doe snot update with the new data.

I've been blundering around the internet for a couple of days trying to figure this out. The above is just what my limited intellect to freebsd has discovered and even more limted to my understanding.

If anyone has go the above going can you please be so kind to share your scripts etc?

Cheers all

marcelloc

As 2.2 is almost on RC, fixes to 2.1 packages must be pushed as soon as possible.

who knows php and what is missing on the package, the best way is to create a pull request on packages.

I'll try to include missing perl libs to package build options.

But something I know is that link to external downlad sites other then pfsense is not permited on package repos.

What is broken on mailscanner? I'm pushing some fixes to packages on 2.2

capitangiaco

Hi

I am tryng to drop .exe attachments directly from postfix.
Using the example configuration in the mime section:

/^name=[^>]*.(com|vbs|js|jse|exe|bat|cmd|vxd|scr|hlp|pif|shs|ini|dll)/ REJECT W do not allow files of type "$3" because of security concerns - "$2" caused the block.
/^Content-(Disposition|Type):\s+.+?(?:file)?name="?.+?.(386|ad[ept]|drv|em(ai)?l|ex[_e]|xms|{[\da-f]{8}(?:-[\da-f]{4}){3}-[\da-f]{12}})\b/ REJECT ".$2" file attachment types not allowed

it doesn't work, and from the logs I see:
warning: pcre map /usr/pbi/postfix-i386/etc/postfix/mime_check, line 1: out of range replacement index "3": skipping this rule

The files are quarantined by Mailscanner, but I would like to drop themt as soon as possible.
Any hints ?

thank you

Giacomo

capitangiaco

@marcelloc:

What is broken on mailscanner? I'm pushing some fixes to packages on 2.2

Does the reporting (Notices to System Administrators) works ?
I have to manually modify the Mailscanner.conf

Send Notices = yes
Notices Include Full Headers = yes
Hide Incoming Work Dir in Notices = no
Notice Signature = – \nMailScanner\nEmail Virus Scanner\nwww.mailscanner.info
Notices From = <–------
Notices To = <–------
Local Postmaster = Postmaster <–------

Giacomo

FlashPan

@ capitangiaco

If you check the last post on this page (32) on the Postfix thread here https://forum.pfsense.org/index.php?topic=40622.465

It may help you out.

Cheers

azekiel

Hi marcelloc,

mailscanner creates way more children then the standard "5" which are set up in the gui.

How to fix that?

[2.1.5-RELEASE][admin@vulcanus.itbh1.local]/root(95): ps aux | grep -i mailscanner
postfix 9758 0.2 0.4 115516 30040 ?? SN 9:08AM 0:03.97 MailScanner: scanning for filenames and filetypes (perl_mailscanner)
postfix 254 0.0 0.8 114128 68568 ?? SN 12:25PM 0:02.40 MailScanner: waiting for messages (perl_mailscanner)
postfix 313 0.0 0.4 114128 31588 ?? SN 12:01PM 0:02.88 MailScanner: waiting for messages (perl_mailscanner)
postfix 3251 0.0 0.2 116176 19412 ?? S 9:36AM 0:03.31 MailScanner: waiting for messages (perl_mailscanner)
postfix 3634 0.0 0.2 114128 15264 ?? S 10:52AM 0:03.25 MailScanner: waiting for messages (perl_mailscanner)
postfix 4964 0.0 0.0 64068 0 ?? IWNs - 0:00.00 MailScanner: starting child (perl_mailscanner)
postfix 5514 0.0 0.0 64068 0 ?? IWNs - 0:00.00 MailScanner: starting child (perl_mailscanner)
postfix 5564 0.0 0.2 113092 16268 ?? SN 12:03PM 0:02.69 MailScanner: waiting for messages (perl_mailscanner)
postfix 6441 0.0 0.3 114128 29036 ?? S 12:08PM 0:03.14 MailScanner: waiting for messages (perl_mailscanner)
postfix 6562 0.0 0.2 114128 15116 ?? S 10:00AM 0:02.90 MailScanner: waiting for messages (perl_mailscanner)
postfix 6741 0.0 0.1 114128 11956 ?? S 8:28AM 0:04.22 MailScanner: waiting for messages (perl_mailscanner)
postfix 6827 0.0 0.2 114128 15236 ?? SN 12:17PM 0:02.53 MailScanner: waiting for messages (perl_mailscanner)
postfix 8560 0.0 0.2 113092 13652 ?? S 8:15AM 0:02.98 MailScanner: waiting for messages (perl_mailscanner)
postfix 9124 0.0 0.2 114128 13492 ?? SN 10:05AM 0:03.39 MailScanner: waiting for messages (perl_mailscanner)
postfix 9287 0.0 0.2 114128 19392 ?? S 12:23PM 0:02.46 MailScanner: waiting for messages (perl_mailscanner)
postfix 10420 0.0 0.8 113092 66192 ?? I 12:26PM 0:02.27 MailScanner: starting child (perl_mailscanner)
postfix 11715 0.0 0.1 114128 11844 ?? S 8:10AM 0:03.41 MailScanner: waiting for messages (perl_mailscanner)
postfix 11835 0.0 0.2 113092 19324 ?? S 12:23PM 0:02.34 MailScanner: waiting for messages (perl_mailscanner)
postfix 12895 0.0 0.0 64068 0 ?? IWs - 0:00.00 MailScanner: master waiting for children, sleeping (perl_mailscanner)
postfix 13251 0.0 0.5 114128 40904 ?? S 12:22PM 0:02.41 MailScanner: waiting for messages (perl_mailscanner)
postfix 13272 0.0 0.0 64068 0 ?? IWs - 0:00.00 MailScanner: starting child (perl_mailscanner)
postfix 13738 0.0 0.0 64068 0 ?? IWs - 0:00.00 MailScanner: master waiting for children, sleeping (perl_mailscanner)
postfix 13758 0.0 0.2 114128 12832 ?? S 8:43AM 0:03.24 MailScanner: waiting for messages (perl_mailscanner)
postfix 13877 0.0 0.2 113092 19304 ?? S 12:23PM 0:02.50 MailScanner: waiting for messages (perl_mailscanner)
postfix 14257 0.0 0.0 64068 0 ?? IWs - 0:00.00 MailScanner: starting child (perl_mailscanner)
postfix 14258 0.0 0.2 114128 13888 ?? S 9:10AM 0:03.40 MailScanner: waiting for messages (perl_mailscanner)
postfix 14530 0.0 0.0 64068 0 ?? IWNs - 0:00.00 MailScanner: starting child (perl_mailscanner)
postfix 14614 0.0 0.2 114128 15420 ?? S 11:19AM 0:03.36 MailScanner: waiting for messages (perl_mailscanner)
postfix 14793 0.0 0.2 114128 15580 ?? S 10:11AM 0:03.36 MailScanner: waiting for messages (perl_mailscanner)
postfix 15129 0.0 0.2 113092 16104 ?? SN 12:14PM 0:02.51 MailScanner: waiting for messages (perl_mailscanner)
postfix 16012 0.0 0.2 114128 13380 ?? SN 10:53AM 0:02.86 MailScanner: waiting for messages (perl_mailscanner)
postfix 16419 0.0 0.2 114128 16204 ?? S 12:11PM 0:04.59 MailScanner: waiting for messages (perl_mailscanner)
postfix 17239 0.0 0.2 114128 15028 ?? SN 8:05AM 0:03.22 MailScanner: waiting for messages (perl_mailscanner)
postfix 18734 0.0 0.2 114128 17244 ?? S 12:12PM 0:02.72 MailScanner: waiting for messages (perl_mailscanner)
postfix 18954 0.0 0.0 64068 0 ?? IWs - 0:00.00 MailScanner: starting child (perl_mailscanner)
postfix 20176 0.0 0.2 116176 13388 ?? SN 8:20AM 0:05.08 MailScanner: waiting for messages (perl_mailscanner)
postfix 21530 0.0 0.2 114128 13504 ?? S 9:08AM 0:03.15 MailScanner: waiting for messages (perl_mailscanner)
postfix 21910 0.0 0.4 114128 32940 ?? S 12:12PM 0:02.93 MailScanner: waiting for messages (perl_mailscanner)
postfix 22510 0.0 0.2 114128 15000 ?? SN 12:12PM 0:03.25 MailScanner: waiting for messages (perl_mailscanner)
postfix 23398 0.0 0.8 114128 66732 ?? SN 12:08PM 0:04.59 MailScanner: waiting for messages (perl_mailscanner)
postfix 23955 0.0 0.2 114128 14252 ?? SN 9:59AM 0:05.05 MailScanner: waiting for messages (perl_mailscanner)
postfix 24768 0.0 0.2 114128 16324 ?? S 9:38AM 0:03.27 MailScanner: waiting for messages (perl_mailscanner)
postfix 24968 0.0 0.4 114128 35260 ?? SN 12:15PM 0:02.80 MailScanner: waiting for messages (perl_mailscanner)
postfix 25305 0.0 0.2 114128 14716 ?? S 10:17AM 0:03.61 MailScanner: waiting for messages (perl_mailscanner)
postfix 25763 0.0 0.2 114128 16696 ?? SN 8:35AM 0:03.23 MailScanner: waiting for messages (perl_mailscanner)
postfix 27119 0.0 0.2 114128 13444 ?? S 8:33AM 0:03.33 MailScanner: waiting for messages (perl_mailscanner)
postfix 28626 0.0 0.2 114128 16240 ?? SN 12:10PM 0:03.33 MailScanner: waiting for messages (perl_mailscanner)
postfix 30163 0.0 0.2 114128 16764 ?? S 10:26AM 0:03.21 MailScanner: waiting for messages (perl_mailscanner)
postfix 30922 0.0 0.2 113092 19108 ?? S 9:36AM 0:02.91 MailScanner: waiting for messages (perl_mailscanner)
postfix 31712 0.0 0.2 114128 16232 ?? S 12:08PM 0:03.47 MailScanner: waiting for messages (perl_mailscanner)
postfix 31928 0.0 0.0 64068 0 ?? IWs - 0:00.00 MailScanner: starting child (perl_mailscanner)
postfix 32170 0.0 0.3 114128 28880 ?? SN 12:08PM 0:04.81 MailScanner: waiting for messages (perl_mailscanner)
postfix 32171 0.0 0.2 113092 19444 ?? S 12:22PM 0:02.35 MailScanner: waiting for messages (perl_mailscanner)
postfix 32977 0.0 0.2 114128 14668 ?? S 8:18AM 0:03.30 MailScanner: waiting for messages (perl_mailscanner)
postfix 33247 0.0 0.1 116176 12456 ?? SN 8:48AM 0:04.15 MailScanner: waiting for messages (perl_mailscanner)
postfix 33906 0.0 0.2 113092 15524 ?? S 12:14PM 0:02.52 MailScanner: waiting for messages (perl_mailscanner)
postfix 34450 0.0 0.2 114128 19032 ?? S 12:08PM 0:03.16 MailScanner: waiting for messages (perl_mailscanner)
postfix 35407 0.0 0.4 114128 30968 ?? SN 11:24AM 0:03.05 MailScanner: waiting for messages (perl_mailscanner)
postfix 36032 0.0 0.2 116176 16948 ?? SN 8:42AM 0:03.39 MailScanner: waiting for messages (perl_mailscanner)
postfix 37988 0.0 0.0 64068 0 ?? IWs - 0:00.00 MailScanner: starting child (perl_mailscanner)
postfix 38175 0.0 0.3 114128 28988 ?? S 9:47AM 0:03.54 MailScanner: waiting for messages (perl_mailscanner)
postfix 38935 0.0 0.2 114128 16356 ?? S 9:36AM 0:03.87 MailScanner: waiting for messages (perl_mailscanner)
postfix 39491 0.0 0.1 114128 10508 ?? S 7:53AM 0:03.11 MailScanner: waiting for messages (perl_mailscanner)
postfix 39860 0.0 0.9 113092 79172 ?? S 12:23PM 0:02.35 MailScanner: waiting for messages (perl_mailscanner)
postfix 39916 0.0 0.9 113092 79344 ?? S 12:23PM 0:02.34 MailScanner: waiting for messages (perl_mailscanner)
postfix 40952 0.0 0.1 113092 8476 ?? S 6:21AM 0:03.09 MailScanner: waiting for messages (perl_mailscanner)
postfix 41300 0.0 0.2 114128 15740 ?? S 10:39AM 0:04.22 MailScanner: waiting for messages (perl_mailscanner)
postfix 41453 0.0 0.0 64068 1828 ?? INs 7Dec14 0:00.14 MailScanner: starting child (perl_mailscanner)
postfix 41605 0.0 0.2 113092 19248 ?? S 12:22PM 0:02.49 MailScanner: waiting for messages (perl_mailscanner)
postfix 42144 0.0 0.0 64068 0 ?? IWNs - 0:00.00 MailScanner: starting child (perl_mailscanner)
postfix 42987 0.0 0.0 64068 0 ?? IWs - 0:00.00 MailScanner: starting child (perl_mailscanner)
postfix 43293 0.0 0.1 114128 11300 ?? SN 8:35AM 0:03.12 MailScanner: waiting for messages (perl_mailscanner)
postfix 43749 0.0 0.2 114128 14376 ?? S 10:31AM 0:03.69 MailScanner: waiting for messages (perl_mailscanner)
postfix 46380 0.0 0.2 114128 16384 ?? S 11:33AM 0:03.14 MailScanner: waiting for messages (perl_mailscanner)
postfix 46829 0.0 0.2 114128 14288 ?? SN 10:38AM 0:03.12 MailScanner: waiting for messages (perl_mailscanner)
postfix 47155 0.0 0.0 64068 1984 ?? Is Fri01PM 0:00.02 MailScanner: starting child (perl_mailscanner)
postfix 48185 0.0 0.2 114128 16532 ?? S 12:10PM 0:02.85 MailScanner: waiting for messages (perl_mailscanner)
postfix 48268 0.0 0.0 64068 0 ?? IWs - 0:00.00 MailScanner: starting child (perl_mailscanner)
postfix 49535 0.0 0.2 114128 13628 ?? SN 9:00AM 0:06.92 MailScanner: waiting for messages (perl_mailscanner)
postfix 49722 0.0 0.5 117192 37880 ?? S 8:48AM 0:07.67 MailScanner: waiting for messages (perl_mailscanner)
postfix 50428 0.0 0.2 114128 16076 ?? S 11:39AM 0:02.96 MailScanner: waiting for messages (perl_mailscanner)
postfix 50955 0.0 0.2 113092 15740 ?? S 12:22PM 0:02.42 MailScanner: waiting for messages (perl_mailscanner)
postfix 51166 0.0 0.3 114128 27512 ?? SN 10:24AM 0:11.11 MailScanner: waiting for messages (perl_mailscanner)
postfix 51626 0.0 0.2 114128 15212 ?? S 9:25AM 0:03.54 MailScanner: waiting for messages (perl_mailscanner)
postfix 52652 0.0 0.2 114128 15408 ?? S 10:43AM 0:03.34 MailScanner: waiting for messages (perl_mailscanner)
postfix 53780 0.0 0.2 114128 12984 ?? S 8:08AM 0:03.25 MailScanner: waiting for messages (perl_mailscanner)
postfix 54191 0.0 0.2 113092 16468 ?? S 11:23AM 0:02.85 MailScanner: waiting for messages (perl_mailscanner)
postfix 55241 0.0 0.4 114128 29920 ?? SN 10:35AM 0:03.53 MailScanner: waiting for messages (perl_mailscanner)
postfix 55565 0.0 0.2 115516 13928 ?? SN 10:03AM 0:03.09 MailScanner: waiting for messages (perl_mailscanner)
postfix 55965 0.0 0.8 114128 66680 ?? S 12:08PM 0:02.84 MailScanner: waiting for messages (perl_mailscanner)
postfix 56699 0.0 0.0 64068 0 ?? IWs - 0:00.00 MailScanner: starting child (perl_mailscanner)
postfix 57050 0.0 0.2 113092 15336 ?? SN 12:10PM 0:02.63 MailScanner: waiting for messages (perl_mailscanner)
postfix 57863 0.0 0.2 118224 16224 ?? S 8:59AM 0:08.10 MailScanner: waiting for messages (perl_mailscanner)
postfix 58761 0.0 0.2 114128 17748 ?? S 10:24AM 0:03.05 MailScanner: waiting for messages (perl_mailscanner)
postfix 59058 0.0 0.2 114128 12700 ?? SN 8:24AM 0:04.11 MailScanner: waiting for messages (perl_mailscanner)
postfix 59932 0.0 0.0 64068 0 ?? IWs - 0:00.00 MailScanner: starting child (perl_mailscanner)
postfix 60211 0.0 0.3 114128 27144 ?? S 9:36AM 0:03.78 MailScanner: waiting for messages (perl_mailscanner)
postfix 60599 0.0 0.8 114128 68160 ?? SN 12:08PM 0:02.86 MailScanner: waiting for messages (perl_mailscanner)
postfix 61716 0.0 0.2 114128 14472 ?? S 10:02AM 0:03.57 MailScanner: waiting for messages (perl_mailscanner)
postfix 62207 0.0 0.3 113092 24616 ?? SN 10:48AM 0:02.83 MailScanner: waiting for messages (perl_mailscanner)
postfix 63224 0.0 0.2 114128 14460 ?? S 10:45AM 0:03.80 MailScanner: waiting for messages (perl_mailscanner)
postfix 64246 0.0 0.2 114128 17988 ?? SN 10:14AM 0:02.90 MailScanner: waiting for messages (perl_mailscanner)
postfix 64279 0.0 0.2 114128 16768 ?? SN 12:10PM 0:03.34 MailScanner: waiting for messages (perl_mailscanner)
postfix 64349 0.0 0.2 113092 15252 ?? S 12:12PM 0:02.79 MailScanner: waiting for messages (perl_mailscanner)
postfix 65504 0.0 0.2 113092 15484 ?? S 8:23AM 0:02.97 MailScanner: waiting for messages (perl_mailscanner)
postfix 69382 0.0 0.4 116176 35916 ?? SN 9:53AM 0:03.51 MailScanner: waiting for messages (perl_mailscanner)
postfix 70157 0.0 0.2 114128 14664 ?? S 11:01AM 0:02.88 MailScanner: waiting for messages (perl_mailscanner)
postfix 71258 0.0 0.3 114128 26692 ?? SN 10:15AM 0:03.40 MailScanner: waiting for messages (perl_mailscanner)
postfix 71358 0.0 0.2 113092 15620 ?? SN 11:23AM 0:02.70 MailScanner: waiting for messages (perl_mailscanner)
postfix 72699 0.0 0.2 113092 16004 ?? S 12:19PM 0:02.43 MailScanner: waiting for messages (perl_mailscanner)
postfix 73499 0.0 0.2 114128 16724 ?? S 12:15PM 0:03.00 MailScanner: waiting for messages (perl_mailscanner)
postfix 73695 0.0 0.9 113092 79344 ?? S 12:23PM 0:02.39 MailScanner: waiting for messages (perl_mailscanner)
postfix 73721 0.0 0.2 116176 14112 ?? S 9:54AM 0:03.65 MailScanner: waiting for messages (perl_mailscanner)
postfix 73795 0.0 0.2 116176 14064 ?? S 8:39AM 0:03.87 MailScanner: waiting for messages (perl_mailscanner)
postfix 73966 0.0 0.2 114128 16532 ?? S 12:10PM 0:02.90 MailScanner: waiting for messages (perl_mailscanner)
postfix 74735 0.0 0.2 116176 16396 ?? SN 9:41AM 0:03.31 MailScanner: waiting for messages (perl_mailscanner)
postfix 74970 0.0 0.8 114128 68772 ?? S 11:18AM 0:03.04 MailScanner: waiting for messages (perl_mailscanner)
postfix 81647 0.0 0.1 114128 11820 ?? S 8:54AM 0:03.34 MailScanner: waiting for messages (perl_mailscanner)
postfix 82064 0.0 0.2 113092 19420 ?? S 12:23PM 0:02.35 MailScanner: waiting for messages (perl_mailscanner)
postfix 82769 0.0 0.3 114128 26704 ?? S 8:39AM 0:05.68 MailScanner: waiting for messages (perl_mailscanner)
postfix 82833 0.0 0.4 114128 31612 ?? S 9:36AM 0:03.01 MailScanner: waiting for messages (perl_mailscanner)
dcc 90979 0.0 0.0 9152 0 ?? IWs - 0:00.00 /usr/pbi/mailscanner-amd64/dcc/libexec/dccifd -Idcc -tREP,20 -tCMN,5, -llog -wwhiteclnt -Uuserdirs -SHELO -Smail_host -SSender -SList-ID
postfix 91181 0.0 0.4 114128 35556 ?? SN 12:11PM 0:02.78 MailScanner: waiting for messages (perl_mailscanner)
dcc 91202 0.0 0.0 13600 4068 ?? I 9:35AM 0:00.12 /usr/pbi/mailscanner-amd64/dcc/libexec/dccifd -Idcc -tREP,20 -tCMN,5, -llog -wwhiteclnt -Uuserdirs -SHELO -Smail_host -SSender -SList-ID
postfix 92438 0.0 0.4 114128 30280 ?? S 12:10PM 0:03.14 MailScanner: waiting for messages (perl_mailscanner)
postfix 93303 0.0 0.2 114128 18212 ?? S 12:13PM 0:03.02 MailScanner: waiting for messages (perl_mailscanner)
postfix 96229 0.0 0.2 113092 15564 ?? S 12:22PM 0:02.39 MailScanner: waiting for messages (perl_mailscanner)
postfix 98753 0.0 0.2 116176 18728 ?? SN 12:14PM 0:02.79 MailScanner: waiting for messages (perl_mailscanner)
root 13056 0.0 0.0 9068 1312 0 S+ 12:27PM 0:00.00 grep -i mailscanner

Bismarck

@capitangiaco:

@marcelloc:

What is broken on mailscanner? I'm pushing some fixes to packages on 2.2

Does the reporting (Notices to System Administrators) works ?
I have to manually modify the Mailscanner.conf

Send Notices = yes
Notices Include Full Headers = yes
Hide Incoming Work Dir in Notices = no
Notice Signature = – \nMailScanner\nEmail Virus Scanner\nwww.mailscanner.info
Notices From = <–------
Notices To = <–------
Local Postmaster = Postmaster <–------

Giacomo

A bit late but, better now than never. ;)

I fixed (workaround) this by creating a file in

/usr/pbi/mailscanner-amd64/etc/MailScanner/conf.d/my.conf

and add

Notices From = mailscanner@mydoamin.tld
Notices To = admin@mydoamin.tld

And restart mailscanner, from now on you will get email notification from infected files that have been blocked.

This file also can used to add any extra config which otherwise will be ignored/overwritten in the Mailscanner.conf (eg. Max Spam Check Size etc.).

Another problem I've noticed is that Org name (eg. pfSense in this case) is not correctly inherited to bayes_ignore_header at:

Services: MailScanner > AntiSpam (Tab) > spam.assassin.prefs.conf

bayes_ignore_header pfSense-MailScanner

the X- is missing here and should look like instead:

bayes_ignore_header **X-**pfSense-MailScanner

This needs to be fixed in:

/usr/local/pkg/mailscanner.inc

and edit line 494 like:

$replacement[]="bayes_ignore_header X-".($mailscanner['orgname']!=""?$mailscanner['orgname']:"Pfsense")."-MailScanner";

So bayes can ignore those headers and don't waste tokens for that.

mflyagin

I think there is a typo in the file /usr/local/pkg/mailscanner.conf.template

39 Incoming Work User = postix
40 Incoming Work Group = postix
47 Quarantine User = postifx

I also think that these two lines do not work, because when I put the values in the web interface, in the config lines left blank.

307 Notices From = ${$notice_from}
308 Notices To = ${$notice_to}

P.S. i have pfSense 2.1.5 and mailscanner 0.2.11

MDA

Hi!

Mailscanner blocks the content of messages and replace its contents for unknown reasons.
Help to understand please.
Here is a letter received at the reception and log pfsense.

Received a letter

Subject: [Filename?] Проблемы НПБ

This is a message from the MailScanner E-Mail Virus Protection Service
–--------------------------------------------------------------------
The original e-mail attachment "the entire message"
is on the list of unacceptable attachments for this site and has been replaced by this warning message.

At Thu Jan 29 10:40:46 2015 the virus scanner said:
MailScanner: No programs allowed (msg-85475-13.txt)

Log pfSense

Jan 29 10:40:44 mail postfix/smtpd[67659]: connect from mailex.ooo.ru[x.x.x.x]
Jan 29 10:40:45 mail postfix/smtpd[67659]: 09C0521EADE: client=mailex.ooo.ru[x.x.x.x]
Jan 29 10:40:45 mail postfix/cleanup[66101]: 09C0521EADE: hold: header Received: from mailex.ooo.ru (mailex.ooo.ru [x.x.x.x])??by mail.mydomain (Postfix) with ESMTP id 09C0521EADE??for user1@mydomain; Thu, 29 Jan 2015 10:40:44 +0300 (FET) from mailex.ooo.ru[x.x.x.x]; from= <remoteuser>to= user1@mydomainproto=ESMTP helo= <mailex.ooo.ru>Jan 29 10:40:45 mail postfix/cleanup[66101]: 09C0521EADE: message-id= ab7bbd27-5398-4a3d-8c74-5bc868666ec9@ooo.ruJan 29 10:40:46 mail postfix/smtpd[67659]: disconnect from mailex.ooo.ru[x.x.x.x]
Jan 29 10:40:46 mail MailScanner[85475]: New Batch: Scanning 1 messages, 644494 bytes
Jan 29 10:40:46 mail MailScanner[85475]: Filename Checks: Allowing 09C0521EADE.A9E2B msg-85475-11.txt
Jan 29 10:40:46 mail MailScanner[85475]: Filename Checks: Allowing 09C0521EADE.A9E2B msg-85475-12.html (no rule matched)
Jan 29 10:40:46 mail MailScanner[85475]: Filename Checks: Allowing 09C0521EADE.A9E2B image.pdf (no rule matched)
Jan 29 10:40:46 mail MailScanner[85475]: Filename Checks: Allowing 09C0521EADE.A9E2B ATT00001.htm (no rule matched)
Jan 29 10:40:46 mail MailScanner[85475]: Filename Checks: Allowing 09C0521EADE.A9E2B msg-85475-13.txt
Jan 29 10:40:47 mail MailScanner[85475]: Filetype Checks: No executables (09C0521EADE.A9E2B )
Jan 29 10:40:47 mail MailScanner[85475]: Filetype Checks: Allowing 09C0521EADE.A9E2B image.pdf (no match found)
Jan 29 10:40:47 mail MailScanner[85475]: Filetype Checks: Allowing 09C0521EADE.A9E2B msg-85475-11.txt
Jan 29 10:40:47 mail MailScanner[85475]: Filetype Checks: Allowing 09C0521EADE.A9E2B ATT00001.htm
Jan 29 10:40:47 mail MailScanner[85475]: Filetype Checks: Allowing 09C0521EADE.A9E2B msg-85475-12.html
Jan 29 10:40:47 mail MailScanner[85475]: Other Checks: Found 1 problems
Jan 29 10:40:47 mail MailScanner[85475]: Virus and Content Scanning: Starting
Jan 29 10:40:47 mail MailScanner[85475]: <a>tag found in message 09C0521EADE.A9E2B from remoteuser
Jan 29 10:40:47 mail MailScanner[85475]: Virus Scanning completed at 852675 bytes per second
Jan 29 10:40:47 mail MailScanner[85475]: Spam Checks: Starting
Jan 29 10:40:47 mail MailScanner[85475]: Message 09C0521EADE.A9E2B from x.x.x.x (remoteuser) to mydomain is too big for spam checks (644494 > 200000 bytes)
Jan 29 10:40:47 mail MailScanner[85475]: Delivery of nonspam: message 09C0521EADE.A9E2B from remoteuser to user1@mydomain with subject рТПВМЕНЩ орв
Jan 29 10:40:47 mail MailScanner[85475]: Requeue: 09C0521EADE.A9E2B to 2190621EAE1
Jan 29 10:40:47 mail postfix/qmgr[25563]: 2190621EAE1: from=<remoteuser>, size=643819, nrcpt=1 (queue active)
Jan 29 10:40:47 mail MailScanner[85475]: Cleaned: Delivered 1 cleaned messages
Jan 29 10:40:47 mail postfix/smtp[66901]: warning: host 10.10.2.2[10.10.2.2]:25 greeted me with my own hostname mail.mydomain
Jan 29 10:40:47 mail MailScanner[85475]: Deleted 1 messages from processing-database
Jan 29 10:40:47 mail MailScanner[85475]: Batch completed at 612050 bytes per second (644494 / 1)
Jan 29 10:40:47 mail MailScanner[85475]: Batch (1 message) processed in 1.05 seconds
Jan 29 10:40:48 mail postfix/smtp[66901]: 2190621EAE1: to=user1@mydomain, relay=10.10.2.2[10.10.2.2]:25, delay=3.1, delays=2.9/0/0.01/0.28, dsn=2.6.0, status=sent (250 2.6.0 ab7bbd27-5398-4a3d-8c74-5bc868666ec9@oaosig.ru[InternalId=9478992822622, Hostname=msk-ex01.banknp.loc] Queued mail for delivery)
Jan 29 10:40:48 mail postfix/qmgr[25563]: 2190621EAE1: removed
J

Tell me what could be the reason/ab7bbd27-5398-4a3d-8c74-5bc868666ec9@oaosig.ru /user1@mydomain</remoteuser></a>/ab7bbd27-5398-4a3d-8c74-5bc868666ec9@ooo.ru</mailex.ooo.ru>/user1@mydomain</remoteuser>/user1@mydomain

FlashPan

Hi,

I am in no way an expert here but I can see this entry in your log:

Message 09C0521EADE.A9E2B from x.x.x.x (remoteuser) to mydomain is too big for spam checks (644494 > 200000 bytes)

That is 0.2 megabytes.

Have you changed the maximum email message size? Without looking at my setup and If I remember correctly you can change this value in Postfix and Mailscanner.

Bismarck

@MDA:

Jan 29 10:40:47 mail postfix/smtp[66901]: warning: host 10.10.2.2[10.10.2.2]:25 greeted me with my own hostname mail.mydomain

It looks like your internal mailhost using the same name as the pfSense/Postfix relay, you better change this. Nothing critical…