Mailscanner + spamassassin + clamav package
-
Hi
I am tryng to drop .exe attachments directly from postfix.
Using the example configuration in the mime section:/^name=[^>]*.(com|vbs|js|jse|exe|bat|cmd|vxd|scr|hlp|pif|shs|ini|dll)/ REJECT W do not allow files of type "$3" because of security concerns - "$2" caused the block.
/^Content-(Disposition|Type):\s+.+?(?:file)?name="?.+?.(386|ad[ept]|drv|em(ai)?l|ex[_e]|xms|{[\da-f]{8}(?:-[\da-f]{4}){3}-[\da-f]{12}})\b/ REJECT ".$2" file attachment types not allowedit doesn't work, and from the logs I see:
warning: pcre map /usr/pbi/postfix-i386/etc/postfix/mime_check, line 1: out of range replacement index "3": skipping this ruleThe files are quarantined by Mailscanner, but I would like to drop themt as soon as possible.
Any hints ?thank you
Giacomo
-
What is broken on mailscanner? I'm pushing some fixes to packages on 2.2
Does the reporting (Notices to System Administrators) works ?
I have to manually modify the Mailscanner.confSend Notices = yes
Notices Include Full Headers = yes
Hide Incoming Work Dir in Notices = no
Notice Signature = – \nMailScanner\nEmail Virus Scanner\nwww.mailscanner.info
Notices From = <–------
Notices To = <–------
Local Postmaster = Postmaster <–------Giacomo
-
@ capitangiaco
If you check the last post on this page (32) on the Postfix thread here https://forum.pfsense.org/index.php?topic=40622.465
It may help you out.
Cheers
-
Hi marcelloc,
mailscanner creates way more children then the standard "5" which are set up in the gui.
How to fix that?
[2.1.5-RELEASE][admin@vulcanus.itbh1.local]/root(95): ps aux | grep -i mailscanner
postfix 9758 0.2 0.4 115516 30040 ?? SN 9:08AM 0:03.97 MailScanner: scanning for filenames and filetypes (perl_mailscanner)
postfix 254 0.0 0.8 114128 68568 ?? SN 12:25PM 0:02.40 MailScanner: waiting for messages (perl_mailscanner)
postfix 313 0.0 0.4 114128 31588 ?? SN 12:01PM 0:02.88 MailScanner: waiting for messages (perl_mailscanner)
postfix 3251 0.0 0.2 116176 19412 ?? S 9:36AM 0:03.31 MailScanner: waiting for messages (perl_mailscanner)
postfix 3634 0.0 0.2 114128 15264 ?? S 10:52AM 0:03.25 MailScanner: waiting for messages (perl_mailscanner)
postfix 4964 0.0 0.0 64068 0 ?? IWNs - 0:00.00 MailScanner: starting child (perl_mailscanner)
postfix 5514 0.0 0.0 64068 0 ?? IWNs - 0:00.00 MailScanner: starting child (perl_mailscanner)
postfix 5564 0.0 0.2 113092 16268 ?? SN 12:03PM 0:02.69 MailScanner: waiting for messages (perl_mailscanner)
postfix 6441 0.0 0.3 114128 29036 ?? S 12:08PM 0:03.14 MailScanner: waiting for messages (perl_mailscanner)
postfix 6562 0.0 0.2 114128 15116 ?? S 10:00AM 0:02.90 MailScanner: waiting for messages (perl_mailscanner)
postfix 6741 0.0 0.1 114128 11956 ?? S 8:28AM 0:04.22 MailScanner: waiting for messages (perl_mailscanner)
postfix 6827 0.0 0.2 114128 15236 ?? SN 12:17PM 0:02.53 MailScanner: waiting for messages (perl_mailscanner)
postfix 8560 0.0 0.2 113092 13652 ?? S 8:15AM 0:02.98 MailScanner: waiting for messages (perl_mailscanner)
postfix 9124 0.0 0.2 114128 13492 ?? SN 10:05AM 0:03.39 MailScanner: waiting for messages (perl_mailscanner)
postfix 9287 0.0 0.2 114128 19392 ?? S 12:23PM 0:02.46 MailScanner: waiting for messages (perl_mailscanner)
postfix 10420 0.0 0.8 113092 66192 ?? I 12:26PM 0:02.27 MailScanner: starting child (perl_mailscanner)
postfix 11715 0.0 0.1 114128 11844 ?? S 8:10AM 0:03.41 MailScanner: waiting for messages (perl_mailscanner)
postfix 11835 0.0 0.2 113092 19324 ?? S 12:23PM 0:02.34 MailScanner: waiting for messages (perl_mailscanner)
postfix 12895 0.0 0.0 64068 0 ?? IWs - 0:00.00 MailScanner: master waiting for children, sleeping (perl_mailscanner)
postfix 13251 0.0 0.5 114128 40904 ?? S 12:22PM 0:02.41 MailScanner: waiting for messages (perl_mailscanner)
postfix 13272 0.0 0.0 64068 0 ?? IWs - 0:00.00 MailScanner: starting child (perl_mailscanner)
postfix 13738 0.0 0.0 64068 0 ?? IWs - 0:00.00 MailScanner: master waiting for children, sleeping (perl_mailscanner)
postfix 13758 0.0 0.2 114128 12832 ?? S 8:43AM 0:03.24 MailScanner: waiting for messages (perl_mailscanner)
postfix 13877 0.0 0.2 113092 19304 ?? S 12:23PM 0:02.50 MailScanner: waiting for messages (perl_mailscanner)
postfix 14257 0.0 0.0 64068 0 ?? IWs - 0:00.00 MailScanner: starting child (perl_mailscanner)
postfix 14258 0.0 0.2 114128 13888 ?? S 9:10AM 0:03.40 MailScanner: waiting for messages (perl_mailscanner)
postfix 14530 0.0 0.0 64068 0 ?? IWNs - 0:00.00 MailScanner: starting child (perl_mailscanner)
postfix 14614 0.0 0.2 114128 15420 ?? S 11:19AM 0:03.36 MailScanner: waiting for messages (perl_mailscanner)
postfix 14793 0.0 0.2 114128 15580 ?? S 10:11AM 0:03.36 MailScanner: waiting for messages (perl_mailscanner)
postfix 15129 0.0 0.2 113092 16104 ?? SN 12:14PM 0:02.51 MailScanner: waiting for messages (perl_mailscanner)
postfix 16012 0.0 0.2 114128 13380 ?? SN 10:53AM 0:02.86 MailScanner: waiting for messages (perl_mailscanner)
postfix 16419 0.0 0.2 114128 16204 ?? S 12:11PM 0:04.59 MailScanner: waiting for messages (perl_mailscanner)
postfix 17239 0.0 0.2 114128 15028 ?? SN 8:05AM 0:03.22 MailScanner: waiting for messages (perl_mailscanner)
postfix 18734 0.0 0.2 114128 17244 ?? S 12:12PM 0:02.72 MailScanner: waiting for messages (perl_mailscanner)
postfix 18954 0.0 0.0 64068 0 ?? IWs - 0:00.00 MailScanner: starting child (perl_mailscanner)
postfix 20176 0.0 0.2 116176 13388 ?? SN 8:20AM 0:05.08 MailScanner: waiting for messages (perl_mailscanner)
postfix 21530 0.0 0.2 114128 13504 ?? S 9:08AM 0:03.15 MailScanner: waiting for messages (perl_mailscanner)
postfix 21910 0.0 0.4 114128 32940 ?? S 12:12PM 0:02.93 MailScanner: waiting for messages (perl_mailscanner)
postfix 22510 0.0 0.2 114128 15000 ?? SN 12:12PM 0:03.25 MailScanner: waiting for messages (perl_mailscanner)
postfix 23398 0.0 0.8 114128 66732 ?? SN 12:08PM 0:04.59 MailScanner: waiting for messages (perl_mailscanner)
postfix 23955 0.0 0.2 114128 14252 ?? SN 9:59AM 0:05.05 MailScanner: waiting for messages (perl_mailscanner)
postfix 24768 0.0 0.2 114128 16324 ?? S 9:38AM 0:03.27 MailScanner: waiting for messages (perl_mailscanner)
postfix 24968 0.0 0.4 114128 35260 ?? SN 12:15PM 0:02.80 MailScanner: waiting for messages (perl_mailscanner)
postfix 25305 0.0 0.2 114128 14716 ?? S 10:17AM 0:03.61 MailScanner: waiting for messages (perl_mailscanner)
postfix 25763 0.0 0.2 114128 16696 ?? SN 8:35AM 0:03.23 MailScanner: waiting for messages (perl_mailscanner)
postfix 27119 0.0 0.2 114128 13444 ?? S 8:33AM 0:03.33 MailScanner: waiting for messages (perl_mailscanner)
postfix 28626 0.0 0.2 114128 16240 ?? SN 12:10PM 0:03.33 MailScanner: waiting for messages (perl_mailscanner)
postfix 30163 0.0 0.2 114128 16764 ?? S 10:26AM 0:03.21 MailScanner: waiting for messages (perl_mailscanner)
postfix 30922 0.0 0.2 113092 19108 ?? S 9:36AM 0:02.91 MailScanner: waiting for messages (perl_mailscanner)
postfix 31712 0.0 0.2 114128 16232 ?? S 12:08PM 0:03.47 MailScanner: waiting for messages (perl_mailscanner)
postfix 31928 0.0 0.0 64068 0 ?? IWs - 0:00.00 MailScanner: starting child (perl_mailscanner)
postfix 32170 0.0 0.3 114128 28880 ?? SN 12:08PM 0:04.81 MailScanner: waiting for messages (perl_mailscanner)
postfix 32171 0.0 0.2 113092 19444 ?? S 12:22PM 0:02.35 MailScanner: waiting for messages (perl_mailscanner)
postfix 32977 0.0 0.2 114128 14668 ?? S 8:18AM 0:03.30 MailScanner: waiting for messages (perl_mailscanner)
postfix 33247 0.0 0.1 116176 12456 ?? SN 8:48AM 0:04.15 MailScanner: waiting for messages (perl_mailscanner)
postfix 33906 0.0 0.2 113092 15524 ?? S 12:14PM 0:02.52 MailScanner: waiting for messages (perl_mailscanner)
postfix 34450 0.0 0.2 114128 19032 ?? S 12:08PM 0:03.16 MailScanner: waiting for messages (perl_mailscanner)
postfix 35407 0.0 0.4 114128 30968 ?? SN 11:24AM 0:03.05 MailScanner: waiting for messages (perl_mailscanner)
postfix 36032 0.0 0.2 116176 16948 ?? SN 8:42AM 0:03.39 MailScanner: waiting for messages (perl_mailscanner)
postfix 37988 0.0 0.0 64068 0 ?? IWs - 0:00.00 MailScanner: starting child (perl_mailscanner)
postfix 38175 0.0 0.3 114128 28988 ?? S 9:47AM 0:03.54 MailScanner: waiting for messages (perl_mailscanner)
postfix 38935 0.0 0.2 114128 16356 ?? S 9:36AM 0:03.87 MailScanner: waiting for messages (perl_mailscanner)
postfix 39491 0.0 0.1 114128 10508 ?? S 7:53AM 0:03.11 MailScanner: waiting for messages (perl_mailscanner)
postfix 39860 0.0 0.9 113092 79172 ?? S 12:23PM 0:02.35 MailScanner: waiting for messages (perl_mailscanner)
postfix 39916 0.0 0.9 113092 79344 ?? S 12:23PM 0:02.34 MailScanner: waiting for messages (perl_mailscanner)
postfix 40952 0.0 0.1 113092 8476 ?? S 6:21AM 0:03.09 MailScanner: waiting for messages (perl_mailscanner)
postfix 41300 0.0 0.2 114128 15740 ?? S 10:39AM 0:04.22 MailScanner: waiting for messages (perl_mailscanner)
postfix 41453 0.0 0.0 64068 1828 ?? INs 7Dec14 0:00.14 MailScanner: starting child (perl_mailscanner)
postfix 41605 0.0 0.2 113092 19248 ?? S 12:22PM 0:02.49 MailScanner: waiting for messages (perl_mailscanner)
postfix 42144 0.0 0.0 64068 0 ?? IWNs - 0:00.00 MailScanner: starting child (perl_mailscanner)
postfix 42987 0.0 0.0 64068 0 ?? IWs - 0:00.00 MailScanner: starting child (perl_mailscanner)
postfix 43293 0.0 0.1 114128 11300 ?? SN 8:35AM 0:03.12 MailScanner: waiting for messages (perl_mailscanner)
postfix 43749 0.0 0.2 114128 14376 ?? S 10:31AM 0:03.69 MailScanner: waiting for messages (perl_mailscanner)
postfix 46380 0.0 0.2 114128 16384 ?? S 11:33AM 0:03.14 MailScanner: waiting for messages (perl_mailscanner)
postfix 46829 0.0 0.2 114128 14288 ?? SN 10:38AM 0:03.12 MailScanner: waiting for messages (perl_mailscanner)
postfix 47155 0.0 0.0 64068 1984 ?? Is Fri01PM 0:00.02 MailScanner: starting child (perl_mailscanner)
postfix 48185 0.0 0.2 114128 16532 ?? S 12:10PM 0:02.85 MailScanner: waiting for messages (perl_mailscanner)
postfix 48268 0.0 0.0 64068 0 ?? IWs - 0:00.00 MailScanner: starting child (perl_mailscanner)
postfix 49535 0.0 0.2 114128 13628 ?? SN 9:00AM 0:06.92 MailScanner: waiting for messages (perl_mailscanner)
postfix 49722 0.0 0.5 117192 37880 ?? S 8:48AM 0:07.67 MailScanner: waiting for messages (perl_mailscanner)
postfix 50428 0.0 0.2 114128 16076 ?? S 11:39AM 0:02.96 MailScanner: waiting for messages (perl_mailscanner)
postfix 50955 0.0 0.2 113092 15740 ?? S 12:22PM 0:02.42 MailScanner: waiting for messages (perl_mailscanner)
postfix 51166 0.0 0.3 114128 27512 ?? SN 10:24AM 0:11.11 MailScanner: waiting for messages (perl_mailscanner)
postfix 51626 0.0 0.2 114128 15212 ?? S 9:25AM 0:03.54 MailScanner: waiting for messages (perl_mailscanner)
postfix 52652 0.0 0.2 114128 15408 ?? S 10:43AM 0:03.34 MailScanner: waiting for messages (perl_mailscanner)
postfix 53780 0.0 0.2 114128 12984 ?? S 8:08AM 0:03.25 MailScanner: waiting for messages (perl_mailscanner)
postfix 54191 0.0 0.2 113092 16468 ?? S 11:23AM 0:02.85 MailScanner: waiting for messages (perl_mailscanner)
postfix 55241 0.0 0.4 114128 29920 ?? SN 10:35AM 0:03.53 MailScanner: waiting for messages (perl_mailscanner)
postfix 55565 0.0 0.2 115516 13928 ?? SN 10:03AM 0:03.09 MailScanner: waiting for messages (perl_mailscanner)
postfix 55965 0.0 0.8 114128 66680 ?? S 12:08PM 0:02.84 MailScanner: waiting for messages (perl_mailscanner)
postfix 56699 0.0 0.0 64068 0 ?? IWs - 0:00.00 MailScanner: starting child (perl_mailscanner)
postfix 57050 0.0 0.2 113092 15336 ?? SN 12:10PM 0:02.63 MailScanner: waiting for messages (perl_mailscanner)
postfix 57863 0.0 0.2 118224 16224 ?? S 8:59AM 0:08.10 MailScanner: waiting for messages (perl_mailscanner)
postfix 58761 0.0 0.2 114128 17748 ?? S 10:24AM 0:03.05 MailScanner: waiting for messages (perl_mailscanner)
postfix 59058 0.0 0.2 114128 12700 ?? SN 8:24AM 0:04.11 MailScanner: waiting for messages (perl_mailscanner)
postfix 59932 0.0 0.0 64068 0 ?? IWs - 0:00.00 MailScanner: starting child (perl_mailscanner)
postfix 60211 0.0 0.3 114128 27144 ?? S 9:36AM 0:03.78 MailScanner: waiting for messages (perl_mailscanner)
postfix 60599 0.0 0.8 114128 68160 ?? SN 12:08PM 0:02.86 MailScanner: waiting for messages (perl_mailscanner)
postfix 61716 0.0 0.2 114128 14472 ?? S 10:02AM 0:03.57 MailScanner: waiting for messages (perl_mailscanner)
postfix 62207 0.0 0.3 113092 24616 ?? SN 10:48AM 0:02.83 MailScanner: waiting for messages (perl_mailscanner)
postfix 63224 0.0 0.2 114128 14460 ?? S 10:45AM 0:03.80 MailScanner: waiting for messages (perl_mailscanner)
postfix 64246 0.0 0.2 114128 17988 ?? SN 10:14AM 0:02.90 MailScanner: waiting for messages (perl_mailscanner)
postfix 64279 0.0 0.2 114128 16768 ?? SN 12:10PM 0:03.34 MailScanner: waiting for messages (perl_mailscanner)
postfix 64349 0.0 0.2 113092 15252 ?? S 12:12PM 0:02.79 MailScanner: waiting for messages (perl_mailscanner)
postfix 65504 0.0 0.2 113092 15484 ?? S 8:23AM 0:02.97 MailScanner: waiting for messages (perl_mailscanner)
postfix 69382 0.0 0.4 116176 35916 ?? SN 9:53AM 0:03.51 MailScanner: waiting for messages (perl_mailscanner)
postfix 70157 0.0 0.2 114128 14664 ?? S 11:01AM 0:02.88 MailScanner: waiting for messages (perl_mailscanner)
postfix 71258 0.0 0.3 114128 26692 ?? SN 10:15AM 0:03.40 MailScanner: waiting for messages (perl_mailscanner)
postfix 71358 0.0 0.2 113092 15620 ?? SN 11:23AM 0:02.70 MailScanner: waiting for messages (perl_mailscanner)
postfix 72699 0.0 0.2 113092 16004 ?? S 12:19PM 0:02.43 MailScanner: waiting for messages (perl_mailscanner)
postfix 73499 0.0 0.2 114128 16724 ?? S 12:15PM 0:03.00 MailScanner: waiting for messages (perl_mailscanner)
postfix 73695 0.0 0.9 113092 79344 ?? S 12:23PM 0:02.39 MailScanner: waiting for messages (perl_mailscanner)
postfix 73721 0.0 0.2 116176 14112 ?? S 9:54AM 0:03.65 MailScanner: waiting for messages (perl_mailscanner)
postfix 73795 0.0 0.2 116176 14064 ?? S 8:39AM 0:03.87 MailScanner: waiting for messages (perl_mailscanner)
postfix 73966 0.0 0.2 114128 16532 ?? S 12:10PM 0:02.90 MailScanner: waiting for messages (perl_mailscanner)
postfix 74735 0.0 0.2 116176 16396 ?? SN 9:41AM 0:03.31 MailScanner: waiting for messages (perl_mailscanner)
postfix 74970 0.0 0.8 114128 68772 ?? S 11:18AM 0:03.04 MailScanner: waiting for messages (perl_mailscanner)
postfix 81647 0.0 0.1 114128 11820 ?? S 8:54AM 0:03.34 MailScanner: waiting for messages (perl_mailscanner)
postfix 82064 0.0 0.2 113092 19420 ?? S 12:23PM 0:02.35 MailScanner: waiting for messages (perl_mailscanner)
postfix 82769 0.0 0.3 114128 26704 ?? S 8:39AM 0:05.68 MailScanner: waiting for messages (perl_mailscanner)
postfix 82833 0.0 0.4 114128 31612 ?? S 9:36AM 0:03.01 MailScanner: waiting for messages (perl_mailscanner)
dcc 90979 0.0 0.0 9152 0 ?? IWs - 0:00.00 /usr/pbi/mailscanner-amd64/dcc/libexec/dccifd -Idcc -tREP,20 -tCMN,5, -llog -wwhiteclnt -Uuserdirs -SHELO -Smail_host -SSender -SList-ID
postfix 91181 0.0 0.4 114128 35556 ?? SN 12:11PM 0:02.78 MailScanner: waiting for messages (perl_mailscanner)
dcc 91202 0.0 0.0 13600 4068 ?? I 9:35AM 0:00.12 /usr/pbi/mailscanner-amd64/dcc/libexec/dccifd -Idcc -tREP,20 -tCMN,5, -llog -wwhiteclnt -Uuserdirs -SHELO -Smail_host -SSender -SList-ID
postfix 92438 0.0 0.4 114128 30280 ?? S 12:10PM 0:03.14 MailScanner: waiting for messages (perl_mailscanner)
postfix 93303 0.0 0.2 114128 18212 ?? S 12:13PM 0:03.02 MailScanner: waiting for messages (perl_mailscanner)
postfix 96229 0.0 0.2 113092 15564 ?? S 12:22PM 0:02.39 MailScanner: waiting for messages (perl_mailscanner)
postfix 98753 0.0 0.2 116176 18728 ?? SN 12:14PM 0:02.79 MailScanner: waiting for messages (perl_mailscanner)
root 13056 0.0 0.0 9068 1312 0 S+ 12:27PM 0:00.00 grep -i mailscanner -
What is broken on mailscanner? I'm pushing some fixes to packages on 2.2
Does the reporting (Notices to System Administrators) works ?
I have to manually modify the Mailscanner.confSend Notices = yes
Notices Include Full Headers = yes
Hide Incoming Work Dir in Notices = no
Notice Signature = – \nMailScanner\nEmail Virus Scanner\nwww.mailscanner.info
Notices From = <–------
Notices To = <–------
Local Postmaster = Postmaster <–------Giacomo
A bit late but, better now than never. ;)
I fixed (workaround) this by creating a file in
/usr/pbi/mailscanner-amd64/etc/MailScanner/conf.d/my.conf
and add
Notices From = mailscanner@mydoamin.tld
Notices To = admin@mydoamin.tldAnd restart mailscanner, from now on you will get email notification from infected files that have been blocked.
This file also can used to add any extra config which otherwise will be ignored/overwritten in the Mailscanner.conf (eg. Max Spam Check Size etc.).
Another problem I've noticed is that Org name (eg. pfSense in this case) is not correctly inherited to bayes_ignore_header at:
Services: MailScanner > AntiSpam (Tab) > spam.assassin.prefs.conf
bayes_ignore_header pfSense-MailScanner
the X- is missing here and should look like instead:
bayes_ignore_header **X-**pfSense-MailScanner
This needs to be fixed in:
/usr/local/pkg/mailscanner.inc
and edit line 494 like:
$replacement[]="bayes_ignore_header X-".($mailscanner['orgname']!=""?$mailscanner['orgname']:"Pfsense")."-MailScanner";
So bayes can ignore those headers and don't waste tokens for that.
-
I think there is a typo in the file /usr/local/pkg/mailscanner.conf.template
39 Incoming Work User = postix 40 Incoming Work Group = postix 47 Quarantine User = postifx
I also think that these two lines do not work, because when I put the values in the web interface, in the config lines left blank.
307 Notices From = ${$notice_from} 308 Notices To = ${$notice_to}
P.S. i have pfSense 2.1.5 and mailscanner 0.2.11
-
Hi!
Mailscanner blocks the content of messages and replace its contents for unknown reasons.
Help to understand please.
Here is a letter received at the reception and log pfsense.Received a letter
Subject: [Filename?] Проблемы НПБ
This is a message from the MailScanner E-Mail Virus Protection Service
–--------------------------------------------------------------------
The original e-mail attachment "the entire message"
is on the list of unacceptable attachments for this site and has been replaced by this warning message.At Thu Jan 29 10:40:46 2015 the virus scanner said:
MailScanner: No programs allowed (msg-85475-13.txt)Log pfSense
Jan 29 10:40:44 mail postfix/smtpd[67659]: connect from mailex.ooo.ru[x.x.x.x]
Jan 29 10:40:45 mail postfix/smtpd[67659]: 09C0521EADE: client=mailex.ooo.ru[x.x.x.x]
Jan 29 10:40:45 mail postfix/cleanup[66101]: 09C0521EADE: hold: header Received: from mailex.ooo.ru (mailex.ooo.ru [x.x.x.x])??by mail.mydomain (Postfix) with ESMTP id 09C0521EADE??for user1@mydomain; Thu, 29 Jan 2015 10:40:44 +0300 (FET) from mailex.ooo.ru[x.x.x.x]; from= <remoteuser>to= user1@mydomainproto=ESMTP helo= <mailex.ooo.ru>Jan 29 10:40:45 mail postfix/cleanup[66101]: 09C0521EADE: message-id= ab7bbd27-5398-4a3d-8c74-5bc868666ec9@ooo.ruJan 29 10:40:46 mail postfix/smtpd[67659]: disconnect from mailex.ooo.ru[x.x.x.x]
Jan 29 10:40:46 mail MailScanner[85475]: New Batch: Scanning 1 messages, 644494 bytes
Jan 29 10:40:46 mail MailScanner[85475]: Filename Checks: Allowing 09C0521EADE.A9E2B msg-85475-11.txt
Jan 29 10:40:46 mail MailScanner[85475]: Filename Checks: Allowing 09C0521EADE.A9E2B msg-85475-12.html (no rule matched)
Jan 29 10:40:46 mail MailScanner[85475]: Filename Checks: Allowing 09C0521EADE.A9E2B image.pdf (no rule matched)
Jan 29 10:40:46 mail MailScanner[85475]: Filename Checks: Allowing 09C0521EADE.A9E2B ATT00001.htm (no rule matched)
Jan 29 10:40:46 mail MailScanner[85475]: Filename Checks: Allowing 09C0521EADE.A9E2B msg-85475-13.txt
Jan 29 10:40:47 mail MailScanner[85475]: Filetype Checks: No executables (09C0521EADE.A9E2B )
Jan 29 10:40:47 mail MailScanner[85475]: Filetype Checks: Allowing 09C0521EADE.A9E2B image.pdf (no match found)
Jan 29 10:40:47 mail MailScanner[85475]: Filetype Checks: Allowing 09C0521EADE.A9E2B msg-85475-11.txt
Jan 29 10:40:47 mail MailScanner[85475]: Filetype Checks: Allowing 09C0521EADE.A9E2B ATT00001.htm
Jan 29 10:40:47 mail MailScanner[85475]: Filetype Checks: Allowing 09C0521EADE.A9E2B msg-85475-12.html
Jan 29 10:40:47 mail MailScanner[85475]: Other Checks: Found 1 problems
Jan 29 10:40:47 mail MailScanner[85475]: Virus and Content Scanning: Starting
Jan 29 10:40:47 mail MailScanner[85475]: <a>tag found in message 09C0521EADE.A9E2B from remoteuser
Jan 29 10:40:47 mail MailScanner[85475]: Virus Scanning completed at 852675 bytes per second
Jan 29 10:40:47 mail MailScanner[85475]: Spam Checks: Starting
Jan 29 10:40:47 mail MailScanner[85475]: Message 09C0521EADE.A9E2B from x.x.x.x (remoteuser) to mydomain is too big for spam checks (644494 > 200000 bytes)
Jan 29 10:40:47 mail MailScanner[85475]: Delivery of nonspam: message 09C0521EADE.A9E2B from remoteuser to user1@mydomain with subject рТПВМЕНЩ орв
Jan 29 10:40:47 mail MailScanner[85475]: Requeue: 09C0521EADE.A9E2B to 2190621EAE1
Jan 29 10:40:47 mail postfix/qmgr[25563]: 2190621EAE1: from=<remoteuser>, size=643819, nrcpt=1 (queue active)
Jan 29 10:40:47 mail MailScanner[85475]: Cleaned: Delivered 1 cleaned messages
Jan 29 10:40:47 mail postfix/smtp[66901]: warning: host 10.10.2.2[10.10.2.2]:25 greeted me with my own hostname mail.mydomain
Jan 29 10:40:47 mail MailScanner[85475]: Deleted 1 messages from processing-database
Jan 29 10:40:47 mail MailScanner[85475]: Batch completed at 612050 bytes per second (644494 / 1)
Jan 29 10:40:47 mail MailScanner[85475]: Batch (1 message) processed in 1.05 seconds
Jan 29 10:40:48 mail postfix/smtp[66901]: 2190621EAE1: to=user1@mydomain, relay=10.10.2.2[10.10.2.2]:25, delay=3.1, delays=2.9/0/0.01/0.28, dsn=2.6.0, status=sent (250 2.6.0 ab7bbd27-5398-4a3d-8c74-5bc868666ec9@oaosig.ru[InternalId=9478992822622, Hostname=msk-ex01.banknp.loc] Queued mail for delivery)
Jan 29 10:40:48 mail postfix/qmgr[25563]: 2190621EAE1: removed
JTell me what could be the reason/ab7bbd27-5398-4a3d-8c74-5bc868666ec9@oaosig.ru/user1@mydomain</remoteuser></a>/ab7bbd27-5398-4a3d-8c74-5bc868666ec9@ooo.ru</mailex.ooo.ru>/user1@mydomain</remoteuser>/user1@mydomain
-
Hi,
I am in no way an expert here but I can see this entry in your log:
Message 09C0521EADE.A9E2B from x.x.x.x (remoteuser) to mydomain is too big for spam checks (644494 > 200000 bytes)
That is 0.2 megabytes.
Have you changed the maximum email message size? Without looking at my setup and If I remember correctly you can change this value in Postfix and Mailscanner.
-
@MDA:
Jan 29 10:40:47 mail postfix/smtp[66901]: warning: host 10.10.2.2[10.10.2.2]:25 greeted me with my own hostname mail.mydomain
It looks like your internal mailhost using the same name as the pfSense/Postfix relay, you better change this. Nothing critical…
-
@MDA:
Hi!
Mailscanner blocks the content of messages and replace its contents for unknown reasons.
Help to understand please.
Here is a letter received at the reception and log pfsense.Received a letter
Subject: [Filename?] Проблемы НПБ
This is a message from the MailScanner E-Mail Virus Protection Service
–--------------------------------------------------------------------
The original e-mail attachment "the entire message"
is on the list of unacceptable attachments for this site and has been replaced by this warning message.At Thu Jan 29 10:40:46 2015 the virus scanner said:
MailScanner: No programs allowed (msg-85475-13.txt)Log pfSense
Jan 29 10:40:44 mail postfix/smtpd[67659]: connect from mailex.ooo.ru[x.x.x.x]
Jan 29 10:40:45 mail postfix/smtpd[67659]: 09C0521EADE: client=mailex.ooo.ru[x.x.x.x]
Jan 29 10:40:45 mail postfix/cleanup[66101]: 09C0521EADE: hold: header Received: from mailex.ooo.ru (mailex.ooo.ru [x.x.x.x])??by mail.mydomain (Postfix) with ESMTP id 09C0521EADE??for user1@mydomain; Thu, 29 Jan 2015 10:40:44 +0300 (FET) from mailex.ooo.ru[x.x.x.x]; from= <remoteuser>to= user1@mydomainproto=ESMTP helo= <mailex.ooo.ru>Jan 29 10:40:45 mail postfix/cleanup[66101]: 09C0521EADE: message-id= ab7bbd27-5398-4a3d-8c74-5bc868666ec9@ooo.ruJan 29 10:40:46 mail postfix/smtpd[67659]: disconnect from mailex.ooo.ru[x.x.x.x]
Jan 29 10:40:46 mail MailScanner[85475]: New Batch: Scanning 1 messages, 644494 bytes
Jan 29 10:40:46 mail MailScanner[85475]: Filename Checks: Allowing 09C0521EADE.A9E2B msg-85475-11.txt
Jan 29 10:40:46 mail MailScanner[85475]: Filename Checks: Allowing 09C0521EADE.A9E2B msg-85475-12.html (no rule matched)
Jan 29 10:40:46 mail MailScanner[85475]: Filename Checks: Allowing 09C0521EADE.A9E2B image.pdf (no rule matched)
Jan 29 10:40:46 mail MailScanner[85475]: Filename Checks: Allowing 09C0521EADE.A9E2B ATT00001.htm (no rule matched)
Jan 29 10:40:46 mail MailScanner[85475]: Filename Checks: Allowing 09C0521EADE.A9E2B msg-85475-13.txt
Jan 29 10:40:47 mail MailScanner[85475]: Filetype Checks: No executables (09C0521EADE.A9E2B )
Jan 29 10:40:47 mail MailScanner[85475]: Filetype Checks: Allowing 09C0521EADE.A9E2B image.pdf (no match found)
Jan 29 10:40:47 mail MailScanner[85475]: Filetype Checks: Allowing 09C0521EADE.A9E2B msg-85475-11.txt
Jan 29 10:40:47 mail MailScanner[85475]: Filetype Checks: Allowing 09C0521EADE.A9E2B ATT00001.htm
Jan 29 10:40:47 mail MailScanner[85475]: Filetype Checks: Allowing 09C0521EADE.A9E2B msg-85475-12.html
Jan 29 10:40:47 mail MailScanner[85475]: Other Checks: Found 1 problems
Jan 29 10:40:47 mail MailScanner[85475]: Virus and Content Scanning: Starting
Jan 29 10:40:47 mail MailScanner[85475]: <a>tag found in message 09C0521EADE.A9E2B from remoteuser
Jan 29 10:40:47 mail MailScanner[85475]: Virus Scanning completed at 852675 bytes per second
Jan 29 10:40:47 mail MailScanner[85475]: Spam Checks: Starting
Jan 29 10:40:47 mail MailScanner[85475]: Message 09C0521EADE.A9E2B from x.x.x.x (remoteuser) to mydomain is too big for spam checks (644494 > 200000 bytes)
Jan 29 10:40:47 mail MailScanner[85475]: Delivery of nonspam: message 09C0521EADE.A9E2B from remoteuser to user1@mydomain with subject рТПВМЕНЩ орв
Jan 29 10:40:47 mail MailScanner[85475]: Requeue: 09C0521EADE.A9E2B to 2190621EAE1
Jan 29 10:40:47 mail postfix/qmgr[25563]: 2190621EAE1: from=<remoteuser>, size=643819, nrcpt=1 (queue active)
Jan 29 10:40:47 mail MailScanner[85475]: Cleaned: Delivered 1 cleaned messages
Jan 29 10:40:47 mail postfix/smtp[66901]: warning: host 10.10.2.2[10.10.2.2]:25 greeted me with my own hostname mail.mydomain
Jan 29 10:40:47 mail MailScanner[85475]: Deleted 1 messages from processing-database
Jan 29 10:40:47 mail MailScanner[85475]: Batch completed at 612050 bytes per second (644494 / 1)
Jan 29 10:40:47 mail MailScanner[85475]: Batch (1 message) processed in 1.05 seconds
Jan 29 10:40:48 mail postfix/smtp[66901]: 2190621EAE1: to=user1@mydomain, relay=10.10.2.2[10.10.2.2]:25, delay=3.1, delays=2.9/0/0.01/0.28, dsn=2.6.0, status=sent (250 2.6.0 ab7bbd27-5398-4a3d-8c74-5bc868666ec9@oaosig.ru[InternalId=9478992822622, Hostname=msk-ex01.banknp.loc] Queued mail for delivery)
Jan 29 10:40:48 mail postfix/qmgr[25563]: 2190621EAE1: removed
JTell me what could be the reason/ab7bbd27-5398-4a3d-8c74-5bc868666ec9@oaosig.ru/user1@mydomain</remoteuser></a>/ab7bbd27-5398-4a3d-8c74-5bc868666ec9@ooo.ru</mailex.ooo.ru>/user1@mydomain</remoteuser>/user1@mydomain
<a>problem with some txt files in Russian language. Sometimes mailscanner think this is a executable files.
I have same problem. I comment this 2 lines in filetypes.rules.confdeny executable No executables No programs allowed deny ELF No executables No programs allowed ```</a>
-
Hello,
Have any friend test Mailscanner on pfsense 2.2.x.I has test can't start mailscanner service. -
Hi
It's confirmed : Mailscanner + pfSense 2.2.x = NOT LOVE. It's broken: https://redmine.pfsense.org/issues/4508
It's not working dccifd module: /usr/pbi/mailscanner-amd64/local/etc/rc.d/dccifd: WARNING: /usr/local/dcc is not a directory.
-
It's related to pbi. Once 2.3 is out it will work again.
For now, just a pbi remove and pkg install will workaround this issue just like I've suggested on postifx. -
For now, just a pbi remove and pkg install will workaround this issue just like I've suggested on postifx.
For people still struggling with this package:
pbi_delete mailscanner-4.84.6-amd64 rm -r -f /usr/pbi/bin/libexec/mailscanner rm -r -f /usr/local/etc/mailscanner rm -r -f /var/spool/MailScanner pkg install mailscanner y
edit /usr/local/pkg/mailscanner.inc (line 39)
$pf_version=substr(trim(file_get_contents("/etc/version")),0,3); //if ($pf_version == "2.1" || $pf_version == "2.2") { // define('MAILSCANNER_PREFIX', '/usr/pbi/mailscanner-' . php_uname("m")); // if ($pf_version == "2.1") // define('MAILSCANNER_LOCALBASE', MAILSCANNER_PREFIX); // else // define('MAILSCANNER_LOCALBASE', MAILSCANNER_PREFIX . '/local'); //} else { define('MAILSCANNER_PREFIX', '/usr/local'); define('MAILSCANNER_LOCALBASE', '/usr/local'); //}
This makes MailScanner start and run, further testing needed of general functionality…
-
It's related to pbi. Once 2.3 is out it will work again.
For now, just a pbi remove and pkg install will workaround this issue just like I've suggested on postifx.hi! my be is late to say this, but pfs 2.3 has been released, but removed postfix+mailscanner so what is news abaut this? please
-
Bump still no postfix+mailscanner ?
-
MAKE A BACKUP BEFORE YOU GO THIS ROUTE!
Those are the files needed, for the manual install of the MailScanner Package for pfSense 2.3.x
**/usr/local/pkg/mailscanner.conf.template
/usr/local/pkg/mailscanner.inc
/usr/local/pkg/mailscanner.xml
/usr/local/pkg/mailscanner_alerts.xml
/usr/local/pkg/mailscanner_antispam.xml
/usr/local/pkg/mailscanner_antivirus.xml
/usr/local/pkg/mailscanner_attachments.xml
/usr/local/pkg/mailscanner_content.xml
/usr/local/pkg/mailscanner_report.xml
/usr/local/pkg/mailscanner_sync.xml/usr/local/www/mailscanner_about.php**
-
Download the attached pfSense-2.3-MailScanner.zip, unzip and copy the files to your system root /.
-
Unlock the FreeBSD repo in
/usr/local/etc/pkg/repos/FreeBSD.conf > enabled: yes
/usr/local/etc/pkg/repos/pfSense.conf > enabled: yes
- Install MailScanner and dependencies via pkg
pkg install mailscanner
- Next edit:
/conf/config.xml
- and add MailScanner to the Service Status and Menu:
<service><name>mailscanner</name>
<rcfile>mailscanner</rcfile>
<executable>perl_mailscanner</executable></service><menu>
<name>Mailscanner</name>
<tooltiptext>Configure MailScanner service</tooltiptext>
Services
<url>/pkg_edit.php?xml=mailscanner.xml&id=0</url>
</menu>- Now cross your fingers and reboot! :P
Advanced configuration:
- Check MS and SA for errors and missing modules etc. via spamassassin -D –lint and mailscanner -D –lint
- Additionally install DCC+razor2+pyzor, clamav-unofficial-sigs etc.
-
-
Automated Install instructions for complete mailscanner package on pfSense 2.3.x can be found here:
https://forum.pfsense.org/index.php?topic=128037.0
-
Hi Marcelloc, i have postfix and mailscanner running on pfsense 2.4.4-p1, i got the following warnings:
MailScanner[64731]: Clamd::ERROR:: UNKNOWN CLAMD RETURN ./lstat() failed: Permission denied. ERROR :: /var/spool/MailScanner/incoming/64731
Permissions looks fine, i did chown -R postfix:postfix /var/spool/MailScanner/incoming/, also chmod -R 6666 to the same folder.
Runas user on MailScanner.conf and clamd.conf is postfix.
Also mailscanner logs display syntax errors:
Mar 6 16:09:51 pfsense2 MailScanner[56749]: Syntax error(s) in configuration file:
Mar 6 16:09:51 pfsense2 MailScanner[56749]: Unrecognised keyword "deliversuspiciouspdf" at line 93
Mar 6 16:09:51 pfsense2 MailScanner[56749]: Unrecognised keyword "pdfidcommand" at line 84
Mar 6 16:09:51 pfsense2 MailScanner[56749]: Unrecognised keyword "pdfidtimeout" at line 87
Mar 6 16:09:51 pfsense2 MailScanner[56749]: Unrecognised keyword "scanpdf" at line 90
Mar 6 16:09:51 pfsense2 MailScanner[56749]: Warning: syntax errors in /usr/local/etc/MailScanner/MailScanner.conf.Please Help.