Mailscanner + spamassassin + clamav package

Bismarck

Jan 29 10:40:47 mail postfix/smtp[66901]: warning: host 10.10.2.2[10.10.2.2]:25 greeted me with my own hostname mail.mydomain

It looks like your internal mailhost using the same name as the pfSense/Postfix relay, you better change this. Nothing critical…

mflyagin

@MDA:

Hi!

Mailscanner blocks the content of messages and replace its contents for unknown reasons.
Help to understand please.
Here is a letter received at the reception and log pfsense.

Received a letter

Subject: [Filename?] Проблемы НПБ

This is a message from the MailScanner E-Mail Virus Protection Service
–--------------------------------------------------------------------
The original e-mail attachment "the entire message"
is on the list of unacceptable attachments for this site and has been replaced by this warning message.

At Thu Jan 29 10:40:46 2015 the virus scanner said:
MailScanner: No programs allowed (msg-85475-13.txt)

Log pfSense

Jan 29 10:40:44 mail postfix/smtpd[67659]: connect from mailex.ooo.ru[x.x.x.x]
Jan 29 10:40:45 mail postfix/smtpd[67659]: 09C0521EADE: client=mailex.ooo.ru[x.x.x.x]
Jan 29 10:40:45 mail postfix/cleanup[66101]: 09C0521EADE: hold: header Received: from mailex.ooo.ru (mailex.ooo.ru [x.x.x.x])??by mail.mydomain (Postfix) with ESMTP id 09C0521EADE??for user1@mydomain; Thu, 29 Jan 2015 10:40:44 +0300 (FET) from mailex.ooo.ru[x.x.x.x]; from= <remoteuser>to= user1@mydomainproto=ESMTP helo= <mailex.ooo.ru>Jan 29 10:40:45 mail postfix/cleanup[66101]: 09C0521EADE: message-id= ab7bbd27-5398-4a3d-8c74-5bc868666ec9@ooo.ruJan 29 10:40:46 mail postfix/smtpd[67659]: disconnect from mailex.ooo.ru[x.x.x.x]
Jan 29 10:40:46 mail MailScanner[85475]: New Batch: Scanning 1 messages, 644494 bytes
Jan 29 10:40:46 mail MailScanner[85475]: Filename Checks: Allowing 09C0521EADE.A9E2B msg-85475-11.txt
Jan 29 10:40:46 mail MailScanner[85475]: Filename Checks: Allowing 09C0521EADE.A9E2B msg-85475-12.html (no rule matched)
Jan 29 10:40:46 mail MailScanner[85475]: Filename Checks: Allowing 09C0521EADE.A9E2B image.pdf (no rule matched)
Jan 29 10:40:46 mail MailScanner[85475]: Filename Checks: Allowing 09C0521EADE.A9E2B ATT00001.htm (no rule matched)
Jan 29 10:40:46 mail MailScanner[85475]: Filename Checks: Allowing 09C0521EADE.A9E2B msg-85475-13.txt
Jan 29 10:40:47 mail MailScanner[85475]: Filetype Checks: No executables (09C0521EADE.A9E2B )
Jan 29 10:40:47 mail MailScanner[85475]: Filetype Checks: Allowing 09C0521EADE.A9E2B image.pdf (no match found)
Jan 29 10:40:47 mail MailScanner[85475]: Filetype Checks: Allowing 09C0521EADE.A9E2B msg-85475-11.txt
Jan 29 10:40:47 mail MailScanner[85475]: Filetype Checks: Allowing 09C0521EADE.A9E2B ATT00001.htm
Jan 29 10:40:47 mail MailScanner[85475]: Filetype Checks: Allowing 09C0521EADE.A9E2B msg-85475-12.html
Jan 29 10:40:47 mail MailScanner[85475]: Other Checks: Found 1 problems
Jan 29 10:40:47 mail MailScanner[85475]: Virus and Content Scanning: Starting
Jan 29 10:40:47 mail MailScanner[85475]: <a>tag found in message 09C0521EADE.A9E2B from remoteuser
Jan 29 10:40:47 mail MailScanner[85475]: Virus Scanning completed at 852675 bytes per second
Jan 29 10:40:47 mail MailScanner[85475]: Spam Checks: Starting
Jan 29 10:40:47 mail MailScanner[85475]: Message 09C0521EADE.A9E2B from x.x.x.x (remoteuser) to mydomain is too big for spam checks (644494 > 200000 bytes)
Jan 29 10:40:47 mail MailScanner[85475]: Delivery of nonspam: message 09C0521EADE.A9E2B from remoteuser to user1@mydomain with subject рТПВМЕНЩ орв
Jan 29 10:40:47 mail MailScanner[85475]: Requeue: 09C0521EADE.A9E2B to 2190621EAE1
Jan 29 10:40:47 mail postfix/qmgr[25563]: 2190621EAE1: from=<remoteuser>, size=643819, nrcpt=1 (queue active)
Jan 29 10:40:47 mail MailScanner[85475]: Cleaned: Delivered 1 cleaned messages
Jan 29 10:40:47 mail postfix/smtp[66901]: warning: host 10.10.2.2[10.10.2.2]:25 greeted me with my own hostname mail.mydomain
Jan 29 10:40:47 mail MailScanner[85475]: Deleted 1 messages from processing-database
Jan 29 10:40:47 mail MailScanner[85475]: Batch completed at 612050 bytes per second (644494 / 1)
Jan 29 10:40:47 mail MailScanner[85475]: Batch (1 message) processed in 1.05 seconds
Jan 29 10:40:48 mail postfix/smtp[66901]: 2190621EAE1: to=user1@mydomain, relay=10.10.2.2[10.10.2.2]:25, delay=3.1, delays=2.9/0/0.01/0.28, dsn=2.6.0, status=sent (250 2.6.0 ab7bbd27-5398-4a3d-8c74-5bc868666ec9@oaosig.ru[InternalId=9478992822622, Hostname=msk-ex01.banknp.loc] Queued mail for delivery)
Jan 29 10:40:48 mail postfix/qmgr[25563]: 2190621EAE1: removed
J

Tell me what could be the reason/ab7bbd27-5398-4a3d-8c74-5bc868666ec9@oaosig.ru /user1@mydomain</remoteuser></a>/ab7bbd27-5398-4a3d-8c74-5bc868666ec9@ooo.ru</mailex.ooo.ru>/user1@mydomain</remoteuser>/user1@mydomain

<a>problem with some txt files in Russian language. Sometimes mailscanner think this is a executable files.
I have same problem. I comment this 2 lines in filetypes.rules.conf

deny	executable	No executables		No programs allowed
deny	ELF		No executables		No programs allowed
```</a>

akong

Hello,
Have any friend test Mailscanner on pfsense 2.2.x.I has test can't start mailscanner service.

konis

Hi

It's confirmed : Mailscanner + pfSense 2.2.x = NOT LOVE. It's broken: https://redmine.pfsense.org/issues/4508

It's not working dccifd module: /usr/pbi/mailscanner-amd64/local/etc/rc.d/dccifd: WARNING: /usr/local/dcc is not a directory.

marcelloc

It's related to pbi. Once 2.3 is out it will work again.
For now, just a pbi remove and pkg install will workaround this issue just like I've suggested on postifx.

Bismarck

@marcelloc:

For now, just a pbi remove and pkg install will workaround this issue just like I've suggested on postifx.

For people still struggling with this package:


pbi_delete mailscanner-4.84.6-amd64
rm -r -f /usr/pbi/bin/libexec/mailscanner
rm -r -f /usr/local/etc/mailscanner
rm -r -f /var/spool/MailScanner
pkg install mailscanner
y

edit /usr/local/pkg/mailscanner.inc (line 39)

$pf_version=substr(trim(file_get_contents("/etc/version")),0,3);
//if ($pf_version == "2.1" || $pf_version == "2.2") {
//	define('MAILSCANNER_PREFIX', '/usr/pbi/mailscanner-' . php_uname("m"));
//	if ($pf_version == "2.1")
//		define('MAILSCANNER_LOCALBASE', MAILSCANNER_PREFIX);
//	else
//		define('MAILSCANNER_LOCALBASE', MAILSCANNER_PREFIX . '/local');
//} else {
	define('MAILSCANNER_PREFIX', '/usr/local');
	define('MAILSCANNER_LOCALBASE', '/usr/local');
//}

This makes MailScanner start and run, further testing needed of general functionality…

enriluis

@marcelloc:

It's related to pbi. Once 2.3 is out it will work again.
For now, just a pbi remove and pkg install will workaround this issue just like I've suggested on postifx.

hi! my be is late to say this, but pfs 2.3 has been released, but removed postfix+mailscanner so what is news abaut this? please

Tom7141

Bump still no postfix+mailscanner ?

Bismarck

MAKE A BACKUP BEFORE YOU GO THIS ROUTE!

Those are the files needed, for the manual install of the MailScanner Package for pfSense 2.3.x

**/usr/local/pkg/mailscanner.conf.template
/usr/local/pkg/mailscanner.inc
/usr/local/pkg/mailscanner.xml
/usr/local/pkg/mailscanner_alerts.xml
/usr/local/pkg/mailscanner_antispam.xml
/usr/local/pkg/mailscanner_antivirus.xml
/usr/local/pkg/mailscanner_attachments.xml
/usr/local/pkg/mailscanner_content.xml
/usr/local/pkg/mailscanner_report.xml
/usr/local/pkg/mailscanner_sync.xml

/usr/local/www/mailscanner_about.php**

Download the attached pfSense-2.3-MailScanner.zip, unzip and copy the files to your system root /.
Unlock the FreeBSD repo in

/usr/local/etc/pkg/repos/FreeBSD.conf > enabled: yes

/usr/local/etc/pkg/repos/pfSense.conf > enabled: yes

Install MailScanner and dependencies via pkg

pkg install mailscanner

Next edit:

/conf/config.xml

and add MailScanner to the Service Status and Menu:

<service><name>mailscanner</name>
<rcfile>mailscanner</rcfile>
<executable>perl_mailscanner</executable></service>

<menu>
<name>Mailscanner</name>
<tooltiptext>Configure MailScanner service</tooltiptext>
Services
<url>/pkg_edit.php?xml=mailscanner.xml&id=0</url>
</menu>

Now cross your fingers and reboot! :P

Advanced configuration:

Check MS and SA for errors and missing modules etc. via spamassassin -D –lint and mailscanner -D –lint
Additionally install DCC+razor2+pyzor, clamav-unofficial-sigs etc.

pfSense-2.3-MailScanner.zip

marcelloc

Automated Install instructions for complete mailscanner package on pfSense 2.3.x can be found here:

https://forum.pfsense.org/index.php?topic=128037.0

DannyB

@marcelloc

Hi Marcelloc, i have postfix and mailscanner running on pfsense 2.4.4-p1, i got the following warnings:

MailScanner[64731]: Clamd::ERROR:: UNKNOWN CLAMD RETURN ./lstat() failed: Permission denied. ERROR :: /var/spool/MailScanner/incoming/64731

Permissions looks fine, i did chown -R postfix:postfix /var/spool/MailScanner/incoming/, also chmod -R 6666 to the same folder.

Runas user on MailScanner.conf and clamd.conf is postfix.

Also mailscanner logs display syntax errors:

Mar 6 16:09:51 pfsense2 MailScanner[56749]: Syntax error(s) in configuration file:
Mar 6 16:09:51 pfsense2 MailScanner[56749]: Unrecognised keyword "deliversuspiciouspdf" at line 93
Mar 6 16:09:51 pfsense2 MailScanner[56749]: Unrecognised keyword "pdfidcommand" at line 84
Mar 6 16:09:51 pfsense2 MailScanner[56749]: Unrecognised keyword "pdfidtimeout" at line 87
Mar 6 16:09:51 pfsense2 MailScanner[56749]: Unrecognised keyword "scanpdf" at line 90
Mar 6 16:09:51 pfsense2 MailScanner[56749]: Warning: syntax errors in /usr/local/etc/MailScanner/MailScanner.conf.

Please Help.