Mailscanner + spamassassin + clamav package
-
Hi!
Mailscanner blocks the content of messages and replace its contents for unknown reasons.
Help to understand please.
Here is a letter received at the reception and log pfsense.Received a letter
Subject: [Filename?] Проблемы НПБ
This is a message from the MailScanner E-Mail Virus Protection Service
–--------------------------------------------------------------------
The original e-mail attachment "the entire message"
is on the list of unacceptable attachments for this site and has been replaced by this warning message.At Thu Jan 29 10:40:46 2015 the virus scanner said:
MailScanner: No programs allowed (msg-85475-13.txt)Log pfSense
Jan 29 10:40:44 mail postfix/smtpd[67659]: connect from mailex.ooo.ru[x.x.x.x]
Jan 29 10:40:45 mail postfix/smtpd[67659]: 09C0521EADE: client=mailex.ooo.ru[x.x.x.x]
Jan 29 10:40:45 mail postfix/cleanup[66101]: 09C0521EADE: hold: header Received: from mailex.ooo.ru (mailex.ooo.ru [x.x.x.x])??by mail.mydomain (Postfix) with ESMTP id 09C0521EADE??for user1@mydomain; Thu, 29 Jan 2015 10:40:44 +0300 (FET) from mailex.ooo.ru[x.x.x.x]; from= <remoteuser>to= user1@mydomainproto=ESMTP helo= <mailex.ooo.ru>Jan 29 10:40:45 mail postfix/cleanup[66101]: 09C0521EADE: message-id= ab7bbd27-5398-4a3d-8c74-5bc868666ec9@ooo.ruJan 29 10:40:46 mail postfix/smtpd[67659]: disconnect from mailex.ooo.ru[x.x.x.x]
Jan 29 10:40:46 mail MailScanner[85475]: New Batch: Scanning 1 messages, 644494 bytes
Jan 29 10:40:46 mail MailScanner[85475]: Filename Checks: Allowing 09C0521EADE.A9E2B msg-85475-11.txt
Jan 29 10:40:46 mail MailScanner[85475]: Filename Checks: Allowing 09C0521EADE.A9E2B msg-85475-12.html (no rule matched)
Jan 29 10:40:46 mail MailScanner[85475]: Filename Checks: Allowing 09C0521EADE.A9E2B image.pdf (no rule matched)
Jan 29 10:40:46 mail MailScanner[85475]: Filename Checks: Allowing 09C0521EADE.A9E2B ATT00001.htm (no rule matched)
Jan 29 10:40:46 mail MailScanner[85475]: Filename Checks: Allowing 09C0521EADE.A9E2B msg-85475-13.txt
Jan 29 10:40:47 mail MailScanner[85475]: Filetype Checks: No executables (09C0521EADE.A9E2B )
Jan 29 10:40:47 mail MailScanner[85475]: Filetype Checks: Allowing 09C0521EADE.A9E2B image.pdf (no match found)
Jan 29 10:40:47 mail MailScanner[85475]: Filetype Checks: Allowing 09C0521EADE.A9E2B msg-85475-11.txt
Jan 29 10:40:47 mail MailScanner[85475]: Filetype Checks: Allowing 09C0521EADE.A9E2B ATT00001.htm
Jan 29 10:40:47 mail MailScanner[85475]: Filetype Checks: Allowing 09C0521EADE.A9E2B msg-85475-12.html
Jan 29 10:40:47 mail MailScanner[85475]: Other Checks: Found 1 problems
Jan 29 10:40:47 mail MailScanner[85475]: Virus and Content Scanning: Starting
Jan 29 10:40:47 mail MailScanner[85475]: <a>tag found in message 09C0521EADE.A9E2B from remoteuser
Jan 29 10:40:47 mail MailScanner[85475]: Virus Scanning completed at 852675 bytes per second
Jan 29 10:40:47 mail MailScanner[85475]: Spam Checks: Starting
Jan 29 10:40:47 mail MailScanner[85475]: Message 09C0521EADE.A9E2B from x.x.x.x (remoteuser) to mydomain is too big for spam checks (644494 > 200000 bytes)
Jan 29 10:40:47 mail MailScanner[85475]: Delivery of nonspam: message 09C0521EADE.A9E2B from remoteuser to user1@mydomain with subject рТПВМЕНЩ орв
Jan 29 10:40:47 mail MailScanner[85475]: Requeue: 09C0521EADE.A9E2B to 2190621EAE1
Jan 29 10:40:47 mail postfix/qmgr[25563]: 2190621EAE1: from=<remoteuser>, size=643819, nrcpt=1 (queue active)
Jan 29 10:40:47 mail MailScanner[85475]: Cleaned: Delivered 1 cleaned messages
Jan 29 10:40:47 mail postfix/smtp[66901]: warning: host 10.10.2.2[10.10.2.2]:25 greeted me with my own hostname mail.mydomain
Jan 29 10:40:47 mail MailScanner[85475]: Deleted 1 messages from processing-database
Jan 29 10:40:47 mail MailScanner[85475]: Batch completed at 612050 bytes per second (644494 / 1)
Jan 29 10:40:47 mail MailScanner[85475]: Batch (1 message) processed in 1.05 seconds
Jan 29 10:40:48 mail postfix/smtp[66901]: 2190621EAE1: to=user1@mydomain, relay=10.10.2.2[10.10.2.2]:25, delay=3.1, delays=2.9/0/0.01/0.28, dsn=2.6.0, status=sent (250 2.6.0 ab7bbd27-5398-4a3d-8c74-5bc868666ec9@oaosig.ru[InternalId=9478992822622, Hostname=msk-ex01.banknp.loc] Queued mail for delivery)
Jan 29 10:40:48 mail postfix/qmgr[25563]: 2190621EAE1: removed
JTell me what could be the reason/ab7bbd27-5398-4a3d-8c74-5bc868666ec9@oaosig.ru/user1@mydomain</remoteuser></a>/ab7bbd27-5398-4a3d-8c74-5bc868666ec9@ooo.ru</mailex.ooo.ru>/user1@mydomain</remoteuser>/user1@mydomain
-
Hi,
I am in no way an expert here but I can see this entry in your log:
Message 09C0521EADE.A9E2B from x.x.x.x (remoteuser) to mydomain is too big for spam checks (644494 > 200000 bytes)
That is 0.2 megabytes.
Have you changed the maximum email message size? Without looking at my setup and If I remember correctly you can change this value in Postfix and Mailscanner.
-
@MDA:
Jan 29 10:40:47 mail postfix/smtp[66901]: warning: host 10.10.2.2[10.10.2.2]:25 greeted me with my own hostname mail.mydomain
It looks like your internal mailhost using the same name as the pfSense/Postfix relay, you better change this. Nothing critical…
-
@MDA:
Hi!
Mailscanner blocks the content of messages and replace its contents for unknown reasons.
Help to understand please.
Here is a letter received at the reception and log pfsense.Received a letter
Subject: [Filename?] Проблемы НПБ
This is a message from the MailScanner E-Mail Virus Protection Service
–--------------------------------------------------------------------
The original e-mail attachment "the entire message"
is on the list of unacceptable attachments for this site and has been replaced by this warning message.At Thu Jan 29 10:40:46 2015 the virus scanner said:
MailScanner: No programs allowed (msg-85475-13.txt)Log pfSense
Jan 29 10:40:44 mail postfix/smtpd[67659]: connect from mailex.ooo.ru[x.x.x.x]
Jan 29 10:40:45 mail postfix/smtpd[67659]: 09C0521EADE: client=mailex.ooo.ru[x.x.x.x]
Jan 29 10:40:45 mail postfix/cleanup[66101]: 09C0521EADE: hold: header Received: from mailex.ooo.ru (mailex.ooo.ru [x.x.x.x])??by mail.mydomain (Postfix) with ESMTP id 09C0521EADE??for user1@mydomain; Thu, 29 Jan 2015 10:40:44 +0300 (FET) from mailex.ooo.ru[x.x.x.x]; from= <remoteuser>to= user1@mydomainproto=ESMTP helo= <mailex.ooo.ru>Jan 29 10:40:45 mail postfix/cleanup[66101]: 09C0521EADE: message-id= ab7bbd27-5398-4a3d-8c74-5bc868666ec9@ooo.ruJan 29 10:40:46 mail postfix/smtpd[67659]: disconnect from mailex.ooo.ru[x.x.x.x]
Jan 29 10:40:46 mail MailScanner[85475]: New Batch: Scanning 1 messages, 644494 bytes
Jan 29 10:40:46 mail MailScanner[85475]: Filename Checks: Allowing 09C0521EADE.A9E2B msg-85475-11.txt
Jan 29 10:40:46 mail MailScanner[85475]: Filename Checks: Allowing 09C0521EADE.A9E2B msg-85475-12.html (no rule matched)
Jan 29 10:40:46 mail MailScanner[85475]: Filename Checks: Allowing 09C0521EADE.A9E2B image.pdf (no rule matched)
Jan 29 10:40:46 mail MailScanner[85475]: Filename Checks: Allowing 09C0521EADE.A9E2B ATT00001.htm (no rule matched)
Jan 29 10:40:46 mail MailScanner[85475]: Filename Checks: Allowing 09C0521EADE.A9E2B msg-85475-13.txt
Jan 29 10:40:47 mail MailScanner[85475]: Filetype Checks: No executables (09C0521EADE.A9E2B )
Jan 29 10:40:47 mail MailScanner[85475]: Filetype Checks: Allowing 09C0521EADE.A9E2B image.pdf (no match found)
Jan 29 10:40:47 mail MailScanner[85475]: Filetype Checks: Allowing 09C0521EADE.A9E2B msg-85475-11.txt
Jan 29 10:40:47 mail MailScanner[85475]: Filetype Checks: Allowing 09C0521EADE.A9E2B ATT00001.htm
Jan 29 10:40:47 mail MailScanner[85475]: Filetype Checks: Allowing 09C0521EADE.A9E2B msg-85475-12.html
Jan 29 10:40:47 mail MailScanner[85475]: Other Checks: Found 1 problems
Jan 29 10:40:47 mail MailScanner[85475]: Virus and Content Scanning: Starting
Jan 29 10:40:47 mail MailScanner[85475]: <a>tag found in message 09C0521EADE.A9E2B from remoteuser
Jan 29 10:40:47 mail MailScanner[85475]: Virus Scanning completed at 852675 bytes per second
Jan 29 10:40:47 mail MailScanner[85475]: Spam Checks: Starting
Jan 29 10:40:47 mail MailScanner[85475]: Message 09C0521EADE.A9E2B from x.x.x.x (remoteuser) to mydomain is too big for spam checks (644494 > 200000 bytes)
Jan 29 10:40:47 mail MailScanner[85475]: Delivery of nonspam: message 09C0521EADE.A9E2B from remoteuser to user1@mydomain with subject рТПВМЕНЩ орв
Jan 29 10:40:47 mail MailScanner[85475]: Requeue: 09C0521EADE.A9E2B to 2190621EAE1
Jan 29 10:40:47 mail postfix/qmgr[25563]: 2190621EAE1: from=<remoteuser>, size=643819, nrcpt=1 (queue active)
Jan 29 10:40:47 mail MailScanner[85475]: Cleaned: Delivered 1 cleaned messages
Jan 29 10:40:47 mail postfix/smtp[66901]: warning: host 10.10.2.2[10.10.2.2]:25 greeted me with my own hostname mail.mydomain
Jan 29 10:40:47 mail MailScanner[85475]: Deleted 1 messages from processing-database
Jan 29 10:40:47 mail MailScanner[85475]: Batch completed at 612050 bytes per second (644494 / 1)
Jan 29 10:40:47 mail MailScanner[85475]: Batch (1 message) processed in 1.05 seconds
Jan 29 10:40:48 mail postfix/smtp[66901]: 2190621EAE1: to=user1@mydomain, relay=10.10.2.2[10.10.2.2]:25, delay=3.1, delays=2.9/0/0.01/0.28, dsn=2.6.0, status=sent (250 2.6.0 ab7bbd27-5398-4a3d-8c74-5bc868666ec9@oaosig.ru[InternalId=9478992822622, Hostname=msk-ex01.banknp.loc] Queued mail for delivery)
Jan 29 10:40:48 mail postfix/qmgr[25563]: 2190621EAE1: removed
JTell me what could be the reason/ab7bbd27-5398-4a3d-8c74-5bc868666ec9@oaosig.ru/user1@mydomain</remoteuser></a>/ab7bbd27-5398-4a3d-8c74-5bc868666ec9@ooo.ru</mailex.ooo.ru>/user1@mydomain</remoteuser>/user1@mydomain
<a>problem with some txt files in Russian language. Sometimes mailscanner think this is a executable files.
I have same problem. I comment this 2 lines in filetypes.rules.confdeny executable No executables No programs allowed deny ELF No executables No programs allowed ```</a> -
Hello,
Have any friend test Mailscanner on pfsense 2.2.x.I has test can't start mailscanner service. -
Hi
It's confirmed : Mailscanner + pfSense 2.2.x = NOT LOVE. It's broken: https://redmine.pfsense.org/issues/4508
It's not working dccifd module: /usr/pbi/mailscanner-amd64/local/etc/rc.d/dccifd: WARNING: /usr/local/dcc is not a directory.
-
It's related to pbi. Once 2.3 is out it will work again.
For now, just a pbi remove and pkg install will workaround this issue just like I've suggested on postifx. -
For now, just a pbi remove and pkg install will workaround this issue just like I've suggested on postifx.
For people still struggling with this package:
pbi_delete mailscanner-4.84.6-amd64 rm -r -f /usr/pbi/bin/libexec/mailscanner rm -r -f /usr/local/etc/mailscanner rm -r -f /var/spool/MailScanner pkg install mailscanner yedit /usr/local/pkg/mailscanner.inc (line 39)
$pf_version=substr(trim(file_get_contents("/etc/version")),0,3); //if ($pf_version == "2.1" || $pf_version == "2.2") { // define('MAILSCANNER_PREFIX', '/usr/pbi/mailscanner-' . php_uname("m")); // if ($pf_version == "2.1") // define('MAILSCANNER_LOCALBASE', MAILSCANNER_PREFIX); // else // define('MAILSCANNER_LOCALBASE', MAILSCANNER_PREFIX . '/local'); //} else { define('MAILSCANNER_PREFIX', '/usr/local'); define('MAILSCANNER_LOCALBASE', '/usr/local'); //}This makes MailScanner start and run, further testing needed of general functionality…
-
It's related to pbi. Once 2.3 is out it will work again.
For now, just a pbi remove and pkg install will workaround this issue just like I've suggested on postifx.hi! my be is late to say this, but pfs 2.3 has been released, but removed postfix+mailscanner so what is news abaut this? please
-
Bump still no postfix+mailscanner ?
-
MAKE A BACKUP BEFORE YOU GO THIS ROUTE!
Those are the files needed, for the manual install of the MailScanner Package for pfSense 2.3.x
**/usr/local/pkg/mailscanner.conf.template
/usr/local/pkg/mailscanner.inc
/usr/local/pkg/mailscanner.xml
/usr/local/pkg/mailscanner_alerts.xml
/usr/local/pkg/mailscanner_antispam.xml
/usr/local/pkg/mailscanner_antivirus.xml
/usr/local/pkg/mailscanner_attachments.xml
/usr/local/pkg/mailscanner_content.xml
/usr/local/pkg/mailscanner_report.xml
/usr/local/pkg/mailscanner_sync.xml/usr/local/www/mailscanner_about.php**
-
Download the attached pfSense-2.3-MailScanner.zip, unzip and copy the files to your system root /.
-
Unlock the FreeBSD repo in
/usr/local/etc/pkg/repos/FreeBSD.conf > enabled: yes
/usr/local/etc/pkg/repos/pfSense.conf > enabled: yes
- Install MailScanner and dependencies via pkg
pkg install mailscanner
- Next edit:
/conf/config.xml
- and add MailScanner to the Service Status and Menu:
<service><name>mailscanner</name>
<rcfile>mailscanner</rcfile>
<executable>perl_mailscanner</executable></service><menu>
<name>Mailscanner</name>
<tooltiptext>Configure MailScanner service</tooltiptext>
Services
<url>/pkg_edit.php?xml=mailscanner.xml&id=0</url>
</menu>- Now cross your fingers and reboot! :P
Advanced configuration:
- Check MS and SA for errors and missing modules etc. via spamassassin -D –lint and mailscanner -D –lint
- Additionally install DCC+razor2+pyzor, clamav-unofficial-sigs etc.
-
-
Automated Install instructions for complete mailscanner package on pfSense 2.3.x can be found here:
https://forum.pfsense.org/index.php?topic=128037.0
-
Hi Marcelloc, i have postfix and mailscanner running on pfsense 2.4.4-p1, i got the following warnings:
MailScanner[64731]: Clamd::ERROR:: UNKNOWN CLAMD RETURN ./lstat() failed: Permission denied. ERROR :: /var/spool/MailScanner/incoming/64731
Permissions looks fine, i did chown -R postfix:postfix /var/spool/MailScanner/incoming/, also chmod -R 6666 to the same folder.
Runas user on MailScanner.conf and clamd.conf is postfix.
Also mailscanner logs display syntax errors:
Mar 6 16:09:51 pfsense2 MailScanner[56749]: Syntax error(s) in configuration file:
Mar 6 16:09:51 pfsense2 MailScanner[56749]: Unrecognised keyword "deliversuspiciouspdf" at line 93
Mar 6 16:09:51 pfsense2 MailScanner[56749]: Unrecognised keyword "pdfidcommand" at line 84
Mar 6 16:09:51 pfsense2 MailScanner[56749]: Unrecognised keyword "pdfidtimeout" at line 87
Mar 6 16:09:51 pfsense2 MailScanner[56749]: Unrecognised keyword "scanpdf" at line 90
Mar 6 16:09:51 pfsense2 MailScanner[56749]: Warning: syntax errors in /usr/local/etc/MailScanner/MailScanner.conf.Please Help.
