Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Mailscanner + spamassassin + clamav package

    Scheduled Pinned Locked Moved pfSense Packages
    313 Posts 54 Posters 274.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      capitangiaco
      last edited by

      Hi

      I am tryng to drop .exe attachments directly from postfix.
      Using the example configuration in the mime section:

      /^name=[^>]*.(com|vbs|js|jse|exe|bat|cmd|vxd|scr|hlp|pif|shs|ini|dll)/ REJECT W do not allow files of type "$3" because of security concerns - "$2" caused the block.
      /^Content-(Disposition|Type):\s+.+?(?:file)?name="?.+?.(386|ad[ept]|drv|em(ai)?l|ex[_e]|xms|{[\da-f]{8}(?:-[\da-f]{4}){3}-[\da-f]{12}})\b/ REJECT ".$2" file attachment types not allowed

      it doesn't work, and from the logs I see:
      warning: pcre map /usr/pbi/postfix-i386/etc/postfix/mime_check, line 1: out of range replacement index "3": skipping this rule

      The files are quarantined by Mailscanner, but I would like to drop themt as soon as possible.
      Any hints ?

      thank you

      Giacomo

      1 Reply Last reply Reply Quote 0
      • C
        capitangiaco
        last edited by

        @marcelloc:

        What is broken on mailscanner? I'm pushing some fixes to packages on 2.2

        Does the reporting (Notices to System Administrators) works ?
        I have to manually modify the Mailscanner.conf

        Send Notices = yes
        Notices Include Full Headers = yes
        Hide Incoming Work Dir in Notices = no
        Notice Signature = – \nMailScanner\nEmail Virus Scanner\nwww.mailscanner.info
        Notices From =                                    <–------
        Notices To =                                        <–------
        Local Postmaster = Postmaster              <–------

        Giacomo

        1 Reply Last reply Reply Quote 0
        • F
          FlashPan
          last edited by

          @ capitangiaco

          If you check the last post on this page (32) on the Postfix thread here https://forum.pfsense.org/index.php?topic=40622.465

          It may help you out.

          Cheers

          1 Reply Last reply Reply Quote 0
          • A
            azekiel
            last edited by

            Hi marcelloc,

            mailscanner creates way more children then the standard "5" which are set up in the gui.

            How to fix that?

            [2.1.5-RELEASE][admin@vulcanus.itbh1.local]/root(95): ps aux | grep -i mailscanner
            postfix  9758  0.2  0.4 115516 30040  ??  SN    9:08AM  0:03.97 MailScanner: scanning for filenames and filetypes (perl_mailscanner)
            postfix  254  0.0  0.8 114128 68568  ??  SN  12:25PM  0:02.40 MailScanner: waiting for messages (perl_mailscanner)
            postfix  313  0.0  0.4 114128 31588  ??  SN  12:01PM  0:02.88 MailScanner: waiting for messages (perl_mailscanner)
            postfix  3251  0.0  0.2 116176 19412  ??  S    9:36AM  0:03.31 MailScanner: waiting for messages (perl_mailscanner)
            postfix  3634  0.0  0.2 114128 15264  ??  S    10:52AM  0:03.25 MailScanner: waiting for messages (perl_mailscanner)
            postfix  4964  0.0  0.0 64068    0  ??  IWNs -        0:00.00 MailScanner: starting child (perl_mailscanner)
            postfix  5514  0.0  0.0 64068    0  ??  IWNs -        0:00.00 MailScanner: starting child (perl_mailscanner)
            postfix  5564  0.0  0.2 113092 16268  ??  SN  12:03PM  0:02.69 MailScanner: waiting for messages (perl_mailscanner)
            postfix  6441  0.0  0.3 114128 29036  ??  S    12:08PM  0:03.14 MailScanner: waiting for messages (perl_mailscanner)
            postfix  6562  0.0  0.2 114128 15116  ??  S    10:00AM  0:02.90 MailScanner: waiting for messages (perl_mailscanner)
            postfix  6741  0.0  0.1 114128 11956  ??  S    8:28AM  0:04.22 MailScanner: waiting for messages (perl_mailscanner)
            postfix  6827  0.0  0.2 114128 15236  ??  SN  12:17PM  0:02.53 MailScanner: waiting for messages (perl_mailscanner)
            postfix  8560  0.0  0.2 113092 13652  ??  S    8:15AM  0:02.98 MailScanner: waiting for messages (perl_mailscanner)
            postfix  9124  0.0  0.2 114128 13492  ??  SN  10:05AM  0:03.39 MailScanner: waiting for messages (perl_mailscanner)
            postfix  9287  0.0  0.2 114128 19392  ??  S    12:23PM  0:02.46 MailScanner: waiting for messages (perl_mailscanner)
            postfix 10420  0.0  0.8 113092 66192  ??  I    12:26PM  0:02.27 MailScanner: starting child (perl_mailscanner)
            postfix 11715  0.0  0.1 114128 11844  ??  S    8:10AM  0:03.41 MailScanner: waiting for messages (perl_mailscanner)
            postfix 11835  0.0  0.2 113092 19324  ??  S    12:23PM  0:02.34 MailScanner: waiting for messages (perl_mailscanner)
            postfix 12895  0.0  0.0 64068    0  ??  IWs  -        0:00.00 MailScanner: master waiting for children, sleeping (perl_mailscanner)
            postfix 13251  0.0  0.5 114128 40904  ??  S    12:22PM  0:02.41 MailScanner: waiting for messages (perl_mailscanner)
            postfix 13272  0.0  0.0 64068    0  ??  IWs  -        0:00.00 MailScanner: starting child (perl_mailscanner)
            postfix 13738  0.0  0.0 64068    0  ??  IWs  -        0:00.00 MailScanner: master waiting for children, sleeping (perl_mailscanner)
            postfix 13758  0.0  0.2 114128 12832  ??  S    8:43AM  0:03.24 MailScanner: waiting for messages (perl_mailscanner)
            postfix 13877  0.0  0.2 113092 19304  ??  S    12:23PM  0:02.50 MailScanner: waiting for messages (perl_mailscanner)
            postfix 14257  0.0  0.0 64068    0  ??  IWs  -        0:00.00 MailScanner: starting child (perl_mailscanner)
            postfix 14258  0.0  0.2 114128 13888  ??  S    9:10AM  0:03.40 MailScanner: waiting for messages (perl_mailscanner)
            postfix 14530  0.0  0.0 64068    0  ??  IWNs -        0:00.00 MailScanner: starting child (perl_mailscanner)
            postfix 14614  0.0  0.2 114128 15420  ??  S    11:19AM  0:03.36 MailScanner: waiting for messages (perl_mailscanner)
            postfix 14793  0.0  0.2 114128 15580  ??  S    10:11AM  0:03.36 MailScanner: waiting for messages (perl_mailscanner)
            postfix 15129  0.0  0.2 113092 16104  ??  SN  12:14PM  0:02.51 MailScanner: waiting for messages (perl_mailscanner)
            postfix 16012  0.0  0.2 114128 13380  ??  SN  10:53AM  0:02.86 MailScanner: waiting for messages (perl_mailscanner)
            postfix 16419  0.0  0.2 114128 16204  ??  S    12:11PM  0:04.59 MailScanner: waiting for messages (perl_mailscanner)
            postfix 17239  0.0  0.2 114128 15028  ??  SN    8:05AM  0:03.22 MailScanner: waiting for messages (perl_mailscanner)
            postfix 18734  0.0  0.2 114128 17244  ??  S    12:12PM  0:02.72 MailScanner: waiting for messages (perl_mailscanner)
            postfix 18954  0.0  0.0 64068    0  ??  IWs  -        0:00.00 MailScanner: starting child (perl_mailscanner)
            postfix 20176  0.0  0.2 116176 13388  ??  SN    8:20AM  0:05.08 MailScanner: waiting for messages (perl_mailscanner)
            postfix 21530  0.0  0.2 114128 13504  ??  S    9:08AM  0:03.15 MailScanner: waiting for messages (perl_mailscanner)
            postfix 21910  0.0  0.4 114128 32940  ??  S    12:12PM  0:02.93 MailScanner: waiting for messages (perl_mailscanner)
            postfix 22510  0.0  0.2 114128 15000  ??  SN  12:12PM  0:03.25 MailScanner: waiting for messages (perl_mailscanner)
            postfix 23398  0.0  0.8 114128 66732  ??  SN  12:08PM  0:04.59 MailScanner: waiting for messages (perl_mailscanner)
            postfix 23955  0.0  0.2 114128 14252  ??  SN    9:59AM  0:05.05 MailScanner: waiting for messages (perl_mailscanner)
            postfix 24768  0.0  0.2 114128 16324  ??  S    9:38AM  0:03.27 MailScanner: waiting for messages (perl_mailscanner)
            postfix 24968  0.0  0.4 114128 35260  ??  SN  12:15PM  0:02.80 MailScanner: waiting for messages (perl_mailscanner)
            postfix 25305  0.0  0.2 114128 14716  ??  S    10:17AM  0:03.61 MailScanner: waiting for messages (perl_mailscanner)
            postfix 25763  0.0  0.2 114128 16696  ??  SN    8:35AM  0:03.23 MailScanner: waiting for messages (perl_mailscanner)
            postfix 27119  0.0  0.2 114128 13444  ??  S    8:33AM  0:03.33 MailScanner: waiting for messages (perl_mailscanner)
            postfix 28626  0.0  0.2 114128 16240  ??  SN  12:10PM  0:03.33 MailScanner: waiting for messages (perl_mailscanner)
            postfix 30163  0.0  0.2 114128 16764  ??  S    10:26AM  0:03.21 MailScanner: waiting for messages (perl_mailscanner)
            postfix 30922  0.0  0.2 113092 19108  ??  S    9:36AM  0:02.91 MailScanner: waiting for messages (perl_mailscanner)
            postfix 31712  0.0  0.2 114128 16232  ??  S    12:08PM  0:03.47 MailScanner: waiting for messages (perl_mailscanner)
            postfix 31928  0.0  0.0 64068    0  ??  IWs  -        0:00.00 MailScanner: starting child (perl_mailscanner)
            postfix 32170  0.0  0.3 114128 28880  ??  SN  12:08PM  0:04.81 MailScanner: waiting for messages (perl_mailscanner)
            postfix 32171  0.0  0.2 113092 19444  ??  S    12:22PM  0:02.35 MailScanner: waiting for messages (perl_mailscanner)
            postfix 32977  0.0  0.2 114128 14668  ??  S    8:18AM  0:03.30 MailScanner: waiting for messages (perl_mailscanner)
            postfix 33247  0.0  0.1 116176 12456  ??  SN    8:48AM  0:04.15 MailScanner: waiting for messages (perl_mailscanner)
            postfix 33906  0.0  0.2 113092 15524  ??  S    12:14PM  0:02.52 MailScanner: waiting for messages (perl_mailscanner)
            postfix 34450  0.0  0.2 114128 19032  ??  S    12:08PM  0:03.16 MailScanner: waiting for messages (perl_mailscanner)
            postfix 35407  0.0  0.4 114128 30968  ??  SN  11:24AM  0:03.05 MailScanner: waiting for messages (perl_mailscanner)
            postfix 36032  0.0  0.2 116176 16948  ??  SN    8:42AM  0:03.39 MailScanner: waiting for messages (perl_mailscanner)
            postfix 37988  0.0  0.0 64068    0  ??  IWs  -        0:00.00 MailScanner: starting child (perl_mailscanner)
            postfix 38175  0.0  0.3 114128 28988  ??  S    9:47AM  0:03.54 MailScanner: waiting for messages (perl_mailscanner)
            postfix 38935  0.0  0.2 114128 16356  ??  S    9:36AM  0:03.87 MailScanner: waiting for messages (perl_mailscanner)
            postfix 39491  0.0  0.1 114128 10508  ??  S    7:53AM  0:03.11 MailScanner: waiting for messages (perl_mailscanner)
            postfix 39860  0.0  0.9 113092 79172  ??  S    12:23PM  0:02.35 MailScanner: waiting for messages (perl_mailscanner)
            postfix 39916  0.0  0.9 113092 79344  ??  S    12:23PM  0:02.34 MailScanner: waiting for messages (perl_mailscanner)
            postfix 40952  0.0  0.1 113092  8476  ??  S    6:21AM  0:03.09 MailScanner: waiting for messages (perl_mailscanner)
            postfix 41300  0.0  0.2 114128 15740  ??  S    10:39AM  0:04.22 MailScanner: waiting for messages (perl_mailscanner)
            postfix 41453  0.0  0.0 64068  1828  ??  INs  7Dec14  0:00.14 MailScanner: starting child (perl_mailscanner)
            postfix 41605  0.0  0.2 113092 19248  ??  S    12:22PM  0:02.49 MailScanner: waiting for messages (perl_mailscanner)
            postfix 42144  0.0  0.0 64068    0  ??  IWNs -        0:00.00 MailScanner: starting child (perl_mailscanner)
            postfix 42987  0.0  0.0 64068    0  ??  IWs  -        0:00.00 MailScanner: starting child (perl_mailscanner)
            postfix 43293  0.0  0.1 114128 11300  ??  SN    8:35AM  0:03.12 MailScanner: waiting for messages (perl_mailscanner)
            postfix 43749  0.0  0.2 114128 14376  ??  S    10:31AM  0:03.69 MailScanner: waiting for messages (perl_mailscanner)
            postfix 46380  0.0  0.2 114128 16384  ??  S    11:33AM  0:03.14 MailScanner: waiting for messages (perl_mailscanner)
            postfix 46829  0.0  0.2 114128 14288  ??  SN  10:38AM  0:03.12 MailScanner: waiting for messages (perl_mailscanner)
            postfix 47155  0.0  0.0 64068  1984  ??  Is  Fri01PM  0:00.02 MailScanner: starting child (perl_mailscanner)
            postfix 48185  0.0  0.2 114128 16532  ??  S    12:10PM  0:02.85 MailScanner: waiting for messages (perl_mailscanner)
            postfix 48268  0.0  0.0 64068    0  ??  IWs  -        0:00.00 MailScanner: starting child (perl_mailscanner)
            postfix 49535  0.0  0.2 114128 13628  ??  SN    9:00AM  0:06.92 MailScanner: waiting for messages (perl_mailscanner)
            postfix 49722  0.0  0.5 117192 37880  ??  S    8:48AM  0:07.67 MailScanner: waiting for messages (perl_mailscanner)
            postfix 50428  0.0  0.2 114128 16076  ??  S    11:39AM  0:02.96 MailScanner: waiting for messages (perl_mailscanner)
            postfix 50955  0.0  0.2 113092 15740  ??  S    12:22PM  0:02.42 MailScanner: waiting for messages (perl_mailscanner)
            postfix 51166  0.0  0.3 114128 27512  ??  SN  10:24AM  0:11.11 MailScanner: waiting for messages (perl_mailscanner)
            postfix 51626  0.0  0.2 114128 15212  ??  S    9:25AM  0:03.54 MailScanner: waiting for messages (perl_mailscanner)
            postfix 52652  0.0  0.2 114128 15408  ??  S    10:43AM  0:03.34 MailScanner: waiting for messages (perl_mailscanner)
            postfix 53780  0.0  0.2 114128 12984  ??  S    8:08AM  0:03.25 MailScanner: waiting for messages (perl_mailscanner)
            postfix 54191  0.0  0.2 113092 16468  ??  S    11:23AM  0:02.85 MailScanner: waiting for messages (perl_mailscanner)
            postfix 55241  0.0  0.4 114128 29920  ??  SN  10:35AM  0:03.53 MailScanner: waiting for messages (perl_mailscanner)
            postfix 55565  0.0  0.2 115516 13928  ??  SN  10:03AM  0:03.09 MailScanner: waiting for messages (perl_mailscanner)
            postfix 55965  0.0  0.8 114128 66680  ??  S    12:08PM  0:02.84 MailScanner: waiting for messages (perl_mailscanner)
            postfix 56699  0.0  0.0 64068    0  ??  IWs  -        0:00.00 MailScanner: starting child (perl_mailscanner)
            postfix 57050  0.0  0.2 113092 15336  ??  SN  12:10PM  0:02.63 MailScanner: waiting for messages (perl_mailscanner)
            postfix 57863  0.0  0.2 118224 16224  ??  S    8:59AM  0:08.10 MailScanner: waiting for messages (perl_mailscanner)
            postfix 58761  0.0  0.2 114128 17748  ??  S    10:24AM  0:03.05 MailScanner: waiting for messages (perl_mailscanner)
            postfix 59058  0.0  0.2 114128 12700  ??  SN    8:24AM  0:04.11 MailScanner: waiting for messages (perl_mailscanner)
            postfix 59932  0.0  0.0 64068    0  ??  IWs  -        0:00.00 MailScanner: starting child (perl_mailscanner)
            postfix 60211  0.0  0.3 114128 27144  ??  S    9:36AM  0:03.78 MailScanner: waiting for messages (perl_mailscanner)
            postfix 60599  0.0  0.8 114128 68160  ??  SN  12:08PM  0:02.86 MailScanner: waiting for messages (perl_mailscanner)
            postfix 61716  0.0  0.2 114128 14472  ??  S    10:02AM  0:03.57 MailScanner: waiting for messages (perl_mailscanner)
            postfix 62207  0.0  0.3 113092 24616  ??  SN  10:48AM  0:02.83 MailScanner: waiting for messages (perl_mailscanner)
            postfix 63224  0.0  0.2 114128 14460  ??  S    10:45AM  0:03.80 MailScanner: waiting for messages (perl_mailscanner)
            postfix 64246  0.0  0.2 114128 17988  ??  SN  10:14AM  0:02.90 MailScanner: waiting for messages (perl_mailscanner)
            postfix 64279  0.0  0.2 114128 16768  ??  SN  12:10PM  0:03.34 MailScanner: waiting for messages (perl_mailscanner)
            postfix 64349  0.0  0.2 113092 15252  ??  S    12:12PM  0:02.79 MailScanner: waiting for messages (perl_mailscanner)
            postfix 65504  0.0  0.2 113092 15484  ??  S    8:23AM  0:02.97 MailScanner: waiting for messages (perl_mailscanner)
            postfix 69382  0.0  0.4 116176 35916  ??  SN    9:53AM  0:03.51 MailScanner: waiting for messages (perl_mailscanner)
            postfix 70157  0.0  0.2 114128 14664  ??  S    11:01AM  0:02.88 MailScanner: waiting for messages (perl_mailscanner)
            postfix 71258  0.0  0.3 114128 26692  ??  SN  10:15AM  0:03.40 MailScanner: waiting for messages (perl_mailscanner)
            postfix 71358  0.0  0.2 113092 15620  ??  SN  11:23AM  0:02.70 MailScanner: waiting for messages (perl_mailscanner)
            postfix 72699  0.0  0.2 113092 16004  ??  S    12:19PM  0:02.43 MailScanner: waiting for messages (perl_mailscanner)
            postfix 73499  0.0  0.2 114128 16724  ??  S    12:15PM  0:03.00 MailScanner: waiting for messages (perl_mailscanner)
            postfix 73695  0.0  0.9 113092 79344  ??  S    12:23PM  0:02.39 MailScanner: waiting for messages (perl_mailscanner)
            postfix 73721  0.0  0.2 116176 14112  ??  S    9:54AM  0:03.65 MailScanner: waiting for messages (perl_mailscanner)
            postfix 73795  0.0  0.2 116176 14064  ??  S    8:39AM  0:03.87 MailScanner: waiting for messages (perl_mailscanner)
            postfix 73966  0.0  0.2 114128 16532  ??  S    12:10PM  0:02.90 MailScanner: waiting for messages (perl_mailscanner)
            postfix 74735  0.0  0.2 116176 16396  ??  SN    9:41AM  0:03.31 MailScanner: waiting for messages (perl_mailscanner)
            postfix 74970  0.0  0.8 114128 68772  ??  S    11:18AM  0:03.04 MailScanner: waiting for messages (perl_mailscanner)
            postfix 81647  0.0  0.1 114128 11820  ??  S    8:54AM  0:03.34 MailScanner: waiting for messages (perl_mailscanner)
            postfix 82064  0.0  0.2 113092 19420  ??  S    12:23PM  0:02.35 MailScanner: waiting for messages (perl_mailscanner)
            postfix 82769  0.0  0.3 114128 26704  ??  S    8:39AM  0:05.68 MailScanner: waiting for messages (perl_mailscanner)
            postfix 82833  0.0  0.4 114128 31612  ??  S    9:36AM  0:03.01 MailScanner: waiting for messages (perl_mailscanner)
            dcc    90979  0.0  0.0  9152    0  ??  IWs  -        0:00.00 /usr/pbi/mailscanner-amd64/dcc/libexec/dccifd -Idcc -tREP,20 -tCMN,5, -llog -wwhiteclnt -Uuserdirs -SHELO -Smail_host -SSender -SList-ID
            postfix 91181  0.0  0.4 114128 35556  ??  SN  12:11PM  0:02.78 MailScanner: waiting for messages (perl_mailscanner)
            dcc    91202  0.0  0.0 13600  4068  ??  I    9:35AM  0:00.12 /usr/pbi/mailscanner-amd64/dcc/libexec/dccifd -Idcc -tREP,20 -tCMN,5, -llog -wwhiteclnt -Uuserdirs -SHELO -Smail_host -SSender -SList-ID
            postfix 92438  0.0  0.4 114128 30280  ??  S    12:10PM  0:03.14 MailScanner: waiting for messages (perl_mailscanner)
            postfix 93303  0.0  0.2 114128 18212  ??  S    12:13PM  0:03.02 MailScanner: waiting for messages (perl_mailscanner)
            postfix 96229  0.0  0.2 113092 15564  ??  S    12:22PM  0:02.39 MailScanner: waiting for messages (perl_mailscanner)
            postfix 98753  0.0  0.2 116176 18728  ??  SN  12:14PM  0:02.79 MailScanner: waiting for messages (perl_mailscanner)
            root    13056  0.0  0.0  9068  1312  0  S+  12:27PM  0:00.00 grep -i mailscanner

            1 Reply Last reply Reply Quote 0
            • BismarckB
              Bismarck
              last edited by

              @capitangiaco:

              @marcelloc:

              What is broken on mailscanner? I'm pushing some fixes to packages on 2.2

              Does the reporting (Notices to System Administrators) works ?
              I have to manually modify the Mailscanner.conf

              Send Notices = yes
              Notices Include Full Headers = yes
              Hide Incoming Work Dir in Notices = no
              Notice Signature = – \nMailScanner\nEmail Virus Scanner\nwww.mailscanner.info
              Notices From =                                    <–------
              Notices To =                                        <–------
              Local Postmaster = Postmaster              <–------

              Giacomo

              A bit late but, better now than never. ;)

              I fixed (workaround) this by creating a file in

              /usr/pbi/mailscanner-amd64/etc/MailScanner/conf.d/my.conf

              and add

              Notices From = mailscanner@mydoamin.tld
              Notices To = admin@mydoamin.tld

              And restart mailscanner, from now on you will get email notification from infected files that have been blocked.

              This file also can used to add any extra config which otherwise will be ignored/overwritten in the Mailscanner.conf (eg. Max Spam Check Size etc.).

              Another problem I've noticed is that Org name (eg. pfSense in this case) is not correctly inherited to bayes_ignore_header at:

              Services: MailScanner > AntiSpam (Tab) > spam.assassin.prefs.conf

              bayes_ignore_header pfSense-MailScanner

              the X- is missing here and should look like instead:

              bayes_ignore_header **X-**pfSense-MailScanner

              This needs to be fixed in:

              /usr/local/pkg/mailscanner.inc

              and edit line 494 like:

              $replacement[]="bayes_ignore_header X-".($mailscanner['orgname']!=""?$mailscanner['orgname']:"Pfsense")."-MailScanner";

              So bayes can ignore those headers and don't waste tokens for that.

              1 Reply Last reply Reply Quote 0
              • M
                mflyagin
                last edited by

                I think there is a typo in the file /usr/local/pkg/mailscanner.conf.template

                39 Incoming Work User = postix
                40 Incoming Work Group = postix
                47 Quarantine User = postifx
                

                I also think that these two lines do not work, because when I put the values in the web interface, in the config lines left blank.

                307 Notices From = ${$notice_from}
                308 Notices To = ${$notice_to}
                

                P.S. i have pfSense 2.1.5 and mailscanner 0.2.11

                1 Reply Last reply Reply Quote 0
                • M
                  MDA
                  last edited by

                  Hi!

                  Mailscanner blocks the content of messages and replace its contents for unknown reasons.
                  Help to understand please.
                  Here is a letter received at the reception and log pfsense.

                  Received a letter

                  Subject: [Filename?] Проблемы НПБ

                  This is a message from the MailScanner E-Mail Virus Protection Service
                  –--------------------------------------------------------------------
                  The original e-mail attachment "the entire message"
                  is on the list of unacceptable attachments for this site and has been replaced by this warning message.

                  At Thu Jan 29 10:40:46 2015 the virus scanner said:
                    MailScanner: No programs allowed (msg-85475-13.txt)

                  Log pfSense

                  Jan 29 10:40:44 mail postfix/smtpd[67659]: connect from mailex.ooo.ru[x.x.x.x]
                  Jan 29 10:40:45 mail postfix/smtpd[67659]: 09C0521EADE: client=mailex.ooo.ru[x.x.x.x]
                  Jan 29 10:40:45 mail postfix/cleanup[66101]: 09C0521EADE: hold: header Received: from mailex.ooo.ru (mailex.ooo.ru [x.x.x.x])??by mail.mydomain (Postfix) with ESMTP id 09C0521EADE??for user1@mydomain; Thu, 29 Jan 2015 10:40:44 +0300 (FET) from mailex.ooo.ru[x.x.x.x]; from= <remoteuser>to= user1@mydomainproto=ESMTP helo= <mailex.ooo.ru>Jan 29 10:40:45 mail postfix/cleanup[66101]: 09C0521EADE: message-id= ab7bbd27-5398-4a3d-8c74-5bc868666ec9@ooo.ruJan 29 10:40:46 mail postfix/smtpd[67659]: disconnect from mailex.ooo.ru[x.x.x.x]
                  Jan 29 10:40:46 mail MailScanner[85475]: New Batch: Scanning 1 messages, 644494 bytes
                  Jan 29 10:40:46 mail MailScanner[85475]: Filename Checks: Allowing 09C0521EADE.A9E2B msg-85475-11.txt
                  Jan 29 10:40:46 mail MailScanner[85475]: Filename Checks: Allowing 09C0521EADE.A9E2B msg-85475-12.html (no rule matched)
                  Jan 29 10:40:46 mail MailScanner[85475]: Filename Checks: Allowing 09C0521EADE.A9E2B image.pdf (no rule matched)
                  Jan 29 10:40:46 mail MailScanner[85475]: Filename Checks: Allowing 09C0521EADE.A9E2B ATT00001.htm (no rule matched)
                  Jan 29 10:40:46 mail MailScanner[85475]: Filename Checks: Allowing 09C0521EADE.A9E2B msg-85475-13.txt
                  Jan 29 10:40:47 mail MailScanner[85475]: Filetype Checks: No executables (09C0521EADE.A9E2B )
                  Jan 29 10:40:47 mail MailScanner[85475]: Filetype Checks: Allowing 09C0521EADE.A9E2B image.pdf (no match found)
                  Jan 29 10:40:47 mail MailScanner[85475]: Filetype Checks: Allowing 09C0521EADE.A9E2B msg-85475-11.txt
                  Jan 29 10:40:47 mail MailScanner[85475]: Filetype Checks: Allowing 09C0521EADE.A9E2B ATT00001.htm
                  Jan 29 10:40:47 mail MailScanner[85475]: Filetype Checks: Allowing 09C0521EADE.A9E2B msg-85475-12.html
                  Jan 29 10:40:47 mail MailScanner[85475]: Other Checks: Found 1 problems
                  Jan 29 10:40:47 mail MailScanner[85475]: Virus and Content Scanning: Starting
                  Jan 29 10:40:47 mail MailScanner[85475]: <a>tag found in message 09C0521EADE.A9E2B from remoteuser
                  Jan 29 10:40:47 mail MailScanner[85475]: Virus Scanning completed at 852675 bytes per second
                  Jan 29 10:40:47 mail MailScanner[85475]: Spam Checks: Starting
                  Jan 29 10:40:47 mail MailScanner[85475]: Message 09C0521EADE.A9E2B from x.x.x.x (remoteuser) to mydomain is too big for spam checks (644494 > 200000 bytes)
                  Jan 29 10:40:47 mail MailScanner[85475]: Delivery of nonspam: message 09C0521EADE.A9E2B from remoteuser to user1@mydomain with subject рТПВМЕНЩ орв
                  Jan 29 10:40:47 mail MailScanner[85475]: Requeue: 09C0521EADE.A9E2B to 2190621EAE1
                  Jan 29 10:40:47 mail postfix/qmgr[25563]: 2190621EAE1: from=<remoteuser>, size=643819, nrcpt=1 (queue active)
                  Jan 29 10:40:47 mail MailScanner[85475]: Cleaned: Delivered 1 cleaned messages
                  Jan 29 10:40:47 mail postfix/smtp[66901]: warning: host 10.10.2.2[10.10.2.2]:25 greeted me with my own hostname mail.mydomain
                  Jan 29 10:40:47 mail MailScanner[85475]: Deleted 1 messages from processing-database
                  Jan 29 10:40:47 mail MailScanner[85475]: Batch completed at 612050 bytes per second (644494 / 1)
                  Jan 29 10:40:47 mail MailScanner[85475]: Batch (1 message) processed in 1.05 seconds
                  Jan 29 10:40:48 mail postfix/smtp[66901]: 2190621EAE1: to=user1@mydomain, relay=10.10.2.2[10.10.2.2]:25, delay=3.1, delays=2.9/0/0.01/0.28, dsn=2.6.0, status=sent (250 2.6.0 ab7bbd27-5398-4a3d-8c74-5bc868666ec9@oaosig.ru[InternalId=9478992822622, Hostname=msk-ex01.banknp.loc] Queued mail for delivery)
                  Jan 29 10:40:48 mail postfix/qmgr[25563]: 2190621EAE1: removed
                  J

                  Tell me what could be the reason/ab7bbd27-5398-4a3d-8c74-5bc868666ec9@oaosig.ru/user1@mydomain</remoteuser></a>/ab7bbd27-5398-4a3d-8c74-5bc868666ec9@ooo.ru</mailex.ooo.ru>/user1@mydomain</remoteuser>/user1@mydomain

                  1 Reply Last reply Reply Quote 0
                  • F
                    FlashPan
                    last edited by

                    Hi,

                    I am in no way an expert here but I can see this entry in your log:

                    Message 09C0521EADE.A9E2B from x.x.x.x (remoteuser) to mydomain is too big for spam checks (644494 > 200000 bytes)

                    That is 0.2 megabytes.

                    Have you changed the maximum email message size?  Without looking at my setup and If I remember correctly you can change this value in Postfix and Mailscanner.

                    1 Reply Last reply Reply Quote 0
                    • BismarckB
                      Bismarck
                      last edited by

                      @MDA:

                      Jan 29 10:40:47 mail postfix/smtp[66901]: warning: host 10.10.2.2[10.10.2.2]:25 greeted me with my own hostname mail.mydomain

                      It looks like your internal mailhost using the same name as the pfSense/Postfix relay, you better change this. Nothing critical…

                      1 Reply Last reply Reply Quote 0
                      • M
                        mflyagin
                        last edited by

                        @MDA:

                        Hi!

                        Mailscanner blocks the content of messages and replace its contents for unknown reasons.
                        Help to understand please.
                        Here is a letter received at the reception and log pfsense.

                        Received a letter

                        Subject: [Filename?] Проблемы НПБ

                        This is a message from the MailScanner E-Mail Virus Protection Service
                        –--------------------------------------------------------------------
                        The original e-mail attachment "the entire message"
                        is on the list of unacceptable attachments for this site and has been replaced by this warning message.

                        At Thu Jan 29 10:40:46 2015 the virus scanner said:
                          MailScanner: No programs allowed (msg-85475-13.txt)

                        Log pfSense

                        Jan 29 10:40:44 mail postfix/smtpd[67659]: connect from mailex.ooo.ru[x.x.x.x]
                        Jan 29 10:40:45 mail postfix/smtpd[67659]: 09C0521EADE: client=mailex.ooo.ru[x.x.x.x]
                        Jan 29 10:40:45 mail postfix/cleanup[66101]: 09C0521EADE: hold: header Received: from mailex.ooo.ru (mailex.ooo.ru [x.x.x.x])??by mail.mydomain (Postfix) with ESMTP id 09C0521EADE??for user1@mydomain; Thu, 29 Jan 2015 10:40:44 +0300 (FET) from mailex.ooo.ru[x.x.x.x]; from= <remoteuser>to= user1@mydomainproto=ESMTP helo= <mailex.ooo.ru>Jan 29 10:40:45 mail postfix/cleanup[66101]: 09C0521EADE: message-id= ab7bbd27-5398-4a3d-8c74-5bc868666ec9@ooo.ruJan 29 10:40:46 mail postfix/smtpd[67659]: disconnect from mailex.ooo.ru[x.x.x.x]
                        Jan 29 10:40:46 mail MailScanner[85475]: New Batch: Scanning 1 messages, 644494 bytes
                        Jan 29 10:40:46 mail MailScanner[85475]: Filename Checks: Allowing 09C0521EADE.A9E2B msg-85475-11.txt
                        Jan 29 10:40:46 mail MailScanner[85475]: Filename Checks: Allowing 09C0521EADE.A9E2B msg-85475-12.html (no rule matched)
                        Jan 29 10:40:46 mail MailScanner[85475]: Filename Checks: Allowing 09C0521EADE.A9E2B image.pdf (no rule matched)
                        Jan 29 10:40:46 mail MailScanner[85475]: Filename Checks: Allowing 09C0521EADE.A9E2B ATT00001.htm (no rule matched)
                        Jan 29 10:40:46 mail MailScanner[85475]: Filename Checks: Allowing 09C0521EADE.A9E2B msg-85475-13.txt
                        Jan 29 10:40:47 mail MailScanner[85475]: Filetype Checks: No executables (09C0521EADE.A9E2B )
                        Jan 29 10:40:47 mail MailScanner[85475]: Filetype Checks: Allowing 09C0521EADE.A9E2B image.pdf (no match found)
                        Jan 29 10:40:47 mail MailScanner[85475]: Filetype Checks: Allowing 09C0521EADE.A9E2B msg-85475-11.txt
                        Jan 29 10:40:47 mail MailScanner[85475]: Filetype Checks: Allowing 09C0521EADE.A9E2B ATT00001.htm
                        Jan 29 10:40:47 mail MailScanner[85475]: Filetype Checks: Allowing 09C0521EADE.A9E2B msg-85475-12.html
                        Jan 29 10:40:47 mail MailScanner[85475]: Other Checks: Found 1 problems
                        Jan 29 10:40:47 mail MailScanner[85475]: Virus and Content Scanning: Starting
                        Jan 29 10:40:47 mail MailScanner[85475]: <a>tag found in message 09C0521EADE.A9E2B from remoteuser
                        Jan 29 10:40:47 mail MailScanner[85475]: Virus Scanning completed at 852675 bytes per second
                        Jan 29 10:40:47 mail MailScanner[85475]: Spam Checks: Starting
                        Jan 29 10:40:47 mail MailScanner[85475]: Message 09C0521EADE.A9E2B from x.x.x.x (remoteuser) to mydomain is too big for spam checks (644494 > 200000 bytes)
                        Jan 29 10:40:47 mail MailScanner[85475]: Delivery of nonspam: message 09C0521EADE.A9E2B from remoteuser to user1@mydomain with subject рТПВМЕНЩ орв
                        Jan 29 10:40:47 mail MailScanner[85475]: Requeue: 09C0521EADE.A9E2B to 2190621EAE1
                        Jan 29 10:40:47 mail postfix/qmgr[25563]: 2190621EAE1: from=<remoteuser>, size=643819, nrcpt=1 (queue active)
                        Jan 29 10:40:47 mail MailScanner[85475]: Cleaned: Delivered 1 cleaned messages
                        Jan 29 10:40:47 mail postfix/smtp[66901]: warning: host 10.10.2.2[10.10.2.2]:25 greeted me with my own hostname mail.mydomain
                        Jan 29 10:40:47 mail MailScanner[85475]: Deleted 1 messages from processing-database
                        Jan 29 10:40:47 mail MailScanner[85475]: Batch completed at 612050 bytes per second (644494 / 1)
                        Jan 29 10:40:47 mail MailScanner[85475]: Batch (1 message) processed in 1.05 seconds
                        Jan 29 10:40:48 mail postfix/smtp[66901]: 2190621EAE1: to=user1@mydomain, relay=10.10.2.2[10.10.2.2]:25, delay=3.1, delays=2.9/0/0.01/0.28, dsn=2.6.0, status=sent (250 2.6.0 ab7bbd27-5398-4a3d-8c74-5bc868666ec9@oaosig.ru[InternalId=9478992822622, Hostname=msk-ex01.banknp.loc] Queued mail for delivery)
                        Jan 29 10:40:48 mail postfix/qmgr[25563]: 2190621EAE1: removed
                        J

                        Tell me what could be the reason/ab7bbd27-5398-4a3d-8c74-5bc868666ec9@oaosig.ru/user1@mydomain</remoteuser></a>/ab7bbd27-5398-4a3d-8c74-5bc868666ec9@ooo.ru</mailex.ooo.ru>/user1@mydomain</remoteuser>/user1@mydomain

                        <a>problem with some txt files in Russian language. Sometimes mailscanner think this is a executable files.
                        I have same problem. I comment this 2 lines in filetypes.rules.conf

                        deny	executable	No executables		No programs allowed
                        deny	ELF		No executables		No programs allowed
                        ```</a>
                        1 Reply Last reply Reply Quote 0
                        • A
                          akong
                          last edited by

                          Hello,
                          Have any friend test Mailscanner on pfsense 2.2.x.I has test can't start mailscanner service.

                          1 Reply Last reply Reply Quote 0
                          • K
                            konis
                            last edited by

                            Hi

                            It's confirmed : Mailscanner + pfSense 2.2.x = NOT LOVE. It's broken: https://redmine.pfsense.org/issues/4508

                            It's not working dccifd module: /usr/pbi/mailscanner-amd64/local/etc/rc.d/dccifd: WARNING: /usr/local/dcc is not a directory.

                            1 Reply Last reply Reply Quote 0
                            • marcellocM
                              marcelloc
                              last edited by

                              It's related to pbi. Once 2.3 is out it will work again.
                              For now, just a pbi remove and pkg install will workaround this issue just like I've suggested on postifx.

                              Treinamentos de Elite: http://sys-squad.com

                              Help a community developer! ;D

                              1 Reply Last reply Reply Quote 0
                              • BismarckB
                                Bismarck
                                last edited by

                                @marcelloc:

                                For now, just a pbi remove and pkg install will workaround this issue just like I've suggested on postifx.

                                For people still struggling with this package:

                                
                                pbi_delete mailscanner-4.84.6-amd64
                                rm -r -f /usr/pbi/bin/libexec/mailscanner
                                rm -r -f /usr/local/etc/mailscanner
                                rm -r -f /var/spool/MailScanner
                                pkg install mailscanner
                                y
                                

                                edit /usr/local/pkg/mailscanner.inc (line 39)

                                $pf_version=substr(trim(file_get_contents("/etc/version")),0,3);
                                //if ($pf_version == "2.1" || $pf_version == "2.2") {
                                //	define('MAILSCANNER_PREFIX', '/usr/pbi/mailscanner-' . php_uname("m"));
                                //	if ($pf_version == "2.1")
                                //		define('MAILSCANNER_LOCALBASE', MAILSCANNER_PREFIX);
                                //	else
                                //		define('MAILSCANNER_LOCALBASE', MAILSCANNER_PREFIX . '/local');
                                //} else {
                                	define('MAILSCANNER_PREFIX', '/usr/local');
                                	define('MAILSCANNER_LOCALBASE', '/usr/local');
                                //}
                                

                                This makes MailScanner start and run, further testing needed of general functionality…

                                1 Reply Last reply Reply Quote 0
                                • E
                                  enriluis
                                  last edited by

                                  @marcelloc:

                                  It's related to pbi. Once 2.3 is out it will work again.
                                  For now, just a pbi remove and pkg install will workaround this issue just like I've suggested on postifx.

                                  hi! my be is late to say this, but pfs 2.3 has been released, but removed  postfix+mailscanner so  what is news abaut this? please

                                  1 Reply Last reply Reply Quote 0
                                  • T
                                    Tom7141
                                    last edited by

                                    Bump  still no  postfix+mailscanner ?

                                    1 Reply Last reply Reply Quote 0
                                    • BismarckB
                                      Bismarck
                                      last edited by

                                      MAKE A BACKUP BEFORE YOU GO THIS ROUTE!

                                      Those are the files needed, for the manual install of the MailScanner Package for pfSense 2.3.x

                                      **/usr/local/pkg/mailscanner.conf.template
                                      /usr/local/pkg/mailscanner.inc
                                      /usr/local/pkg/mailscanner.xml
                                      /usr/local/pkg/mailscanner_alerts.xml
                                      /usr/local/pkg/mailscanner_antispam.xml
                                      /usr/local/pkg/mailscanner_antivirus.xml
                                      /usr/local/pkg/mailscanner_attachments.xml
                                      /usr/local/pkg/mailscanner_content.xml
                                      /usr/local/pkg/mailscanner_report.xml
                                      /usr/local/pkg/mailscanner_sync.xml

                                      /usr/local/www/mailscanner_about.php**

                                      • Download the attached pfSense-2.3-MailScanner.zip, unzip and copy the files to your system root /.

                                      • Unlock the FreeBSD repo in

                                      /usr/local/etc/pkg/repos/FreeBSD.conf > enabled: yes

                                      /usr/local/etc/pkg/repos/pfSense.conf > enabled: yes

                                      • Install MailScanner and dependencies via pkg

                                      pkg install mailscanner

                                      • Next edit:

                                      /conf/config.xml

                                      • and add MailScanner to the Service Status and Menu:

                                      <service><name>mailscanner</name>
                                      <rcfile>mailscanner</rcfile>
                                      <executable>perl_mailscanner</executable></service>

                                      <menu>
                                      <name>Mailscanner</name>
                                      <tooltiptext>Configure MailScanner service</tooltiptext>
                                      Services
                                      <url>/pkg_edit.php?xml=mailscanner.xml&id=0</url>
                                      </menu>

                                      • Now cross your fingers and reboot!  :P

                                      Advanced configuration:

                                      • Check MS and SA for errors and missing modules etc. via spamassassin -D –lint and mailscanner -D –lint
                                      • Additionally install DCC+razor2+pyzor, clamav-unofficial-sigs etc.

                                      pfSense-2.3-MailScanner.zip

                                      1 Reply Last reply Reply Quote 0
                                      • marcellocM
                                        marcelloc
                                        last edited by

                                        Automated Install instructions for complete mailscanner package on pfSense 2.3.x can be found here:

                                        https://forum.pfsense.org/index.php?topic=128037.0

                                        Treinamentos de Elite: http://sys-squad.com

                                        Help a community developer! ;D

                                        D 1 Reply Last reply Reply Quote 0
                                        • D
                                          DannyB @marcelloc
                                          last edited by

                                          @marcelloc

                                          Hi Marcelloc, i have postfix and mailscanner running on pfsense 2.4.4-p1, i got the following warnings:

                                          MailScanner[64731]: Clamd::ERROR:: UNKNOWN CLAMD RETURN ./lstat() failed: Permission denied. ERROR :: /var/spool/MailScanner/incoming/64731

                                          Permissions looks fine, i did chown -R postfix:postfix /var/spool/MailScanner/incoming/, also chmod -R 6666 to the same folder.

                                          Runas user on MailScanner.conf and clamd.conf is postfix.

                                          Also mailscanner logs display syntax errors:

                                          Mar 6 16:09:51 pfsense2 MailScanner[56749]: Syntax error(s) in configuration file:
                                          Mar 6 16:09:51 pfsense2 MailScanner[56749]: Unrecognised keyword "deliversuspiciouspdf" at line 93
                                          Mar 6 16:09:51 pfsense2 MailScanner[56749]: Unrecognised keyword "pdfidcommand" at line 84
                                          Mar 6 16:09:51 pfsense2 MailScanner[56749]: Unrecognised keyword "pdfidtimeout" at line 87
                                          Mar 6 16:09:51 pfsense2 MailScanner[56749]: Unrecognised keyword "scanpdf" at line 90
                                          Mar 6 16:09:51 pfsense2 MailScanner[56749]: Warning: syntax errors in /usr/local/etc/MailScanner/MailScanner.conf.

                                          Please Help.

                                          1 Reply Last reply Reply Quote 0
                                          • First post
                                            Last post
                                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.