Mailscanner + spamassassin + clamav package



  • Hi gang,

    Got a couple of queries again  :P

    Anyone noticing that the SpamAssassin rules are not updating recently?

    Am using the sa-update command in cron once a day but the version is not increasing in "/var/db/spamassassin/3.004000" from "# UPDATE version 1640695"  I can tell for sure as the time stamps for the files are not changing for at least a couple of weeks now I reckon.  I've run the sa-update command manually which states no updates are available from updates.spamassassin.org.  So does this mean the version of spamassassin we have is now out of date/unsupported?

    Also..anyone had any luck in updating the "phishing.bad.sites.conf" and "phishing.safe.sites.conf" under "/usr/pbi/mailscanner-i386/etc/MailScanner" ?

    I've run this command manually and it does update the file in question but MailScanner does not show/see the updated file in the gui.

    /usr/pbi/mailscanner-i386/bin/wget -O /usr/pbi/mailscanner-i386/etc/MailScanner/phishing.bad.sites.conf http://www.mailscanner.eu/phishing.bad.sites.conf /usr/pbi/mailscanner-i386/etc/MailScanner/phishing.bad.sites.conf

    I've tried stop, start and restart commands in the following location after the update (as well as a full reboot):

    /etc/rc.d/init.d/mailsacanner
    /usr/pbi/mailscanner-i386/etc/rc.d/mailscanner
    /usr/local/bin/spamassassin

    But the gui doe snot update with the new data.

    I've been blundering around the internet for a couple of days trying to figure this out. The above is just what my limited intellect to freebsd has discovered and even more limted to my understanding.

    If anyone has go the above going can you please be so kind to share your scripts etc?

    Cheers all



  • As 2.2 is almost on RC, fixes to 2.1 packages must be pushed as soon as possible.

    who knows php and what is missing on the package, the best way is to create a pull request on packages.

    I'll try to include missing perl libs to package build options.

    But something I know is that link to external downlad sites other then pfsense is not permited on package repos.

    What is broken on mailscanner? I'm pushing some fixes to packages on 2.2



  • Hi

    I am tryng to drop .exe attachments directly from postfix.
    Using the example configuration in the mime section:

    /^name=[^>]*.(com|vbs|js|jse|exe|bat|cmd|vxd|scr|hlp|pif|shs|ini|dll)/ REJECT W do not allow files of type "$3" because of security concerns - "$2" caused the block.
    /^Content-(Disposition|Type):\s+.+?(?:file)?name="?.+?.(386|ad[ept]|drv|em(ai)?l|ex[_e]|xms|{[\da-f]{8}(?:-[\da-f]{4}){3}-[\da-f]{12}})\b/ REJECT ".$2" file attachment types not allowed

    it doesn't work, and from the logs I see:
    warning: pcre map /usr/pbi/postfix-i386/etc/postfix/mime_check, line 1: out of range replacement index "3": skipping this rule

    The files are quarantined by Mailscanner, but I would like to drop themt as soon as possible.
    Any hints ?

    thank you

    Giacomo



  • @marcelloc:

    What is broken on mailscanner? I'm pushing some fixes to packages on 2.2

    Does the reporting (Notices to System Administrators) works ?
    I have to manually modify the Mailscanner.conf

    Send Notices = yes
    Notices Include Full Headers = yes
    Hide Incoming Work Dir in Notices = no
    Notice Signature = – \nMailScanner\nEmail Virus Scanner\nwww.mailscanner.info
    Notices From =                                    <–------
    Notices To =                                        <–------
    Local Postmaster = Postmaster              <–------

    Giacomo



  • @ capitangiaco

    If you check the last post on this page (32) on the Postfix thread here https://forum.pfsense.org/index.php?topic=40622.465

    It may help you out.

    Cheers



  • Hi marcelloc,

    mailscanner creates way more children then the standard "5" which are set up in the gui.

    How to fix that?

    [2.1.5-RELEASE][admin@vulcanus.itbh1.local]/root(95): ps aux | grep -i mailscanner
    postfix  9758  0.2  0.4 115516 30040  ??  SN    9:08AM  0:03.97 MailScanner: scanning for filenames and filetypes (perl_mailscanner)
    postfix  254  0.0  0.8 114128 68568  ??  SN  12:25PM  0:02.40 MailScanner: waiting for messages (perl_mailscanner)
    postfix  313  0.0  0.4 114128 31588  ??  SN  12:01PM  0:02.88 MailScanner: waiting for messages (perl_mailscanner)
    postfix  3251  0.0  0.2 116176 19412  ??  S    9:36AM  0:03.31 MailScanner: waiting for messages (perl_mailscanner)
    postfix  3634  0.0  0.2 114128 15264  ??  S    10:52AM  0:03.25 MailScanner: waiting for messages (perl_mailscanner)
    postfix  4964  0.0  0.0 64068    0  ??  IWNs -        0:00.00 MailScanner: starting child (perl_mailscanner)
    postfix  5514  0.0  0.0 64068    0  ??  IWNs -        0:00.00 MailScanner: starting child (perl_mailscanner)
    postfix  5564  0.0  0.2 113092 16268  ??  SN  12:03PM  0:02.69 MailScanner: waiting for messages (perl_mailscanner)
    postfix  6441  0.0  0.3 114128 29036  ??  S    12:08PM  0:03.14 MailScanner: waiting for messages (perl_mailscanner)
    postfix  6562  0.0  0.2 114128 15116  ??  S    10:00AM  0:02.90 MailScanner: waiting for messages (perl_mailscanner)
    postfix  6741  0.0  0.1 114128 11956  ??  S    8:28AM  0:04.22 MailScanner: waiting for messages (perl_mailscanner)
    postfix  6827  0.0  0.2 114128 15236  ??  SN  12:17PM  0:02.53 MailScanner: waiting for messages (perl_mailscanner)
    postfix  8560  0.0  0.2 113092 13652  ??  S    8:15AM  0:02.98 MailScanner: waiting for messages (perl_mailscanner)
    postfix  9124  0.0  0.2 114128 13492  ??  SN  10:05AM  0:03.39 MailScanner: waiting for messages (perl_mailscanner)
    postfix  9287  0.0  0.2 114128 19392  ??  S    12:23PM  0:02.46 MailScanner: waiting for messages (perl_mailscanner)
    postfix 10420  0.0  0.8 113092 66192  ??  I    12:26PM  0:02.27 MailScanner: starting child (perl_mailscanner)
    postfix 11715  0.0  0.1 114128 11844  ??  S    8:10AM  0:03.41 MailScanner: waiting for messages (perl_mailscanner)
    postfix 11835  0.0  0.2 113092 19324  ??  S    12:23PM  0:02.34 MailScanner: waiting for messages (perl_mailscanner)
    postfix 12895  0.0  0.0 64068    0  ??  IWs  -        0:00.00 MailScanner: master waiting for children, sleeping (perl_mailscanner)
    postfix 13251  0.0  0.5 114128 40904  ??  S    12:22PM  0:02.41 MailScanner: waiting for messages (perl_mailscanner)
    postfix 13272  0.0  0.0 64068    0  ??  IWs  -        0:00.00 MailScanner: starting child (perl_mailscanner)
    postfix 13738  0.0  0.0 64068    0  ??  IWs  -        0:00.00 MailScanner: master waiting for children, sleeping (perl_mailscanner)
    postfix 13758  0.0  0.2 114128 12832  ??  S    8:43AM  0:03.24 MailScanner: waiting for messages (perl_mailscanner)
    postfix 13877  0.0  0.2 113092 19304  ??  S    12:23PM  0:02.50 MailScanner: waiting for messages (perl_mailscanner)
    postfix 14257  0.0  0.0 64068    0  ??  IWs  -        0:00.00 MailScanner: starting child (perl_mailscanner)
    postfix 14258  0.0  0.2 114128 13888  ??  S    9:10AM  0:03.40 MailScanner: waiting for messages (perl_mailscanner)
    postfix 14530  0.0  0.0 64068    0  ??  IWNs -        0:00.00 MailScanner: starting child (perl_mailscanner)
    postfix 14614  0.0  0.2 114128 15420  ??  S    11:19AM  0:03.36 MailScanner: waiting for messages (perl_mailscanner)
    postfix 14793  0.0  0.2 114128 15580  ??  S    10:11AM  0:03.36 MailScanner: waiting for messages (perl_mailscanner)
    postfix 15129  0.0  0.2 113092 16104  ??  SN  12:14PM  0:02.51 MailScanner: waiting for messages (perl_mailscanner)
    postfix 16012  0.0  0.2 114128 13380  ??  SN  10:53AM  0:02.86 MailScanner: waiting for messages (perl_mailscanner)
    postfix 16419  0.0  0.2 114128 16204  ??  S    12:11PM  0:04.59 MailScanner: waiting for messages (perl_mailscanner)
    postfix 17239  0.0  0.2 114128 15028  ??  SN    8:05AM  0:03.22 MailScanner: waiting for messages (perl_mailscanner)
    postfix 18734  0.0  0.2 114128 17244  ??  S    12:12PM  0:02.72 MailScanner: waiting for messages (perl_mailscanner)
    postfix 18954  0.0  0.0 64068    0  ??  IWs  -        0:00.00 MailScanner: starting child (perl_mailscanner)
    postfix 20176  0.0  0.2 116176 13388  ??  SN    8:20AM  0:05.08 MailScanner: waiting for messages (perl_mailscanner)
    postfix 21530  0.0  0.2 114128 13504  ??  S    9:08AM  0:03.15 MailScanner: waiting for messages (perl_mailscanner)
    postfix 21910  0.0  0.4 114128 32940  ??  S    12:12PM  0:02.93 MailScanner: waiting for messages (perl_mailscanner)
    postfix 22510  0.0  0.2 114128 15000  ??  SN  12:12PM  0:03.25 MailScanner: waiting for messages (perl_mailscanner)
    postfix 23398  0.0  0.8 114128 66732  ??  SN  12:08PM  0:04.59 MailScanner: waiting for messages (perl_mailscanner)
    postfix 23955  0.0  0.2 114128 14252  ??  SN    9:59AM  0:05.05 MailScanner: waiting for messages (perl_mailscanner)
    postfix 24768  0.0  0.2 114128 16324  ??  S    9:38AM  0:03.27 MailScanner: waiting for messages (perl_mailscanner)
    postfix 24968  0.0  0.4 114128 35260  ??  SN  12:15PM  0:02.80 MailScanner: waiting for messages (perl_mailscanner)
    postfix 25305  0.0  0.2 114128 14716  ??  S    10:17AM  0:03.61 MailScanner: waiting for messages (perl_mailscanner)
    postfix 25763  0.0  0.2 114128 16696  ??  SN    8:35AM  0:03.23 MailScanner: waiting for messages (perl_mailscanner)
    postfix 27119  0.0  0.2 114128 13444  ??  S    8:33AM  0:03.33 MailScanner: waiting for messages (perl_mailscanner)
    postfix 28626  0.0  0.2 114128 16240  ??  SN  12:10PM  0:03.33 MailScanner: waiting for messages (perl_mailscanner)
    postfix 30163  0.0  0.2 114128 16764  ??  S    10:26AM  0:03.21 MailScanner: waiting for messages (perl_mailscanner)
    postfix 30922  0.0  0.2 113092 19108  ??  S    9:36AM  0:02.91 MailScanner: waiting for messages (perl_mailscanner)
    postfix 31712  0.0  0.2 114128 16232  ??  S    12:08PM  0:03.47 MailScanner: waiting for messages (perl_mailscanner)
    postfix 31928  0.0  0.0 64068    0  ??  IWs  -        0:00.00 MailScanner: starting child (perl_mailscanner)
    postfix 32170  0.0  0.3 114128 28880  ??  SN  12:08PM  0:04.81 MailScanner: waiting for messages (perl_mailscanner)
    postfix 32171  0.0  0.2 113092 19444  ??  S    12:22PM  0:02.35 MailScanner: waiting for messages (perl_mailscanner)
    postfix 32977  0.0  0.2 114128 14668  ??  S    8:18AM  0:03.30 MailScanner: waiting for messages (perl_mailscanner)
    postfix 33247  0.0  0.1 116176 12456  ??  SN    8:48AM  0:04.15 MailScanner: waiting for messages (perl_mailscanner)
    postfix 33906  0.0  0.2 113092 15524  ??  S    12:14PM  0:02.52 MailScanner: waiting for messages (perl_mailscanner)
    postfix 34450  0.0  0.2 114128 19032  ??  S    12:08PM  0:03.16 MailScanner: waiting for messages (perl_mailscanner)
    postfix 35407  0.0  0.4 114128 30968  ??  SN  11:24AM  0:03.05 MailScanner: waiting for messages (perl_mailscanner)
    postfix 36032  0.0  0.2 116176 16948  ??  SN    8:42AM  0:03.39 MailScanner: waiting for messages (perl_mailscanner)
    postfix 37988  0.0  0.0 64068    0  ??  IWs  -        0:00.00 MailScanner: starting child (perl_mailscanner)
    postfix 38175  0.0  0.3 114128 28988  ??  S    9:47AM  0:03.54 MailScanner: waiting for messages (perl_mailscanner)
    postfix 38935  0.0  0.2 114128 16356  ??  S    9:36AM  0:03.87 MailScanner: waiting for messages (perl_mailscanner)
    postfix 39491  0.0  0.1 114128 10508  ??  S    7:53AM  0:03.11 MailScanner: waiting for messages (perl_mailscanner)
    postfix 39860  0.0  0.9 113092 79172  ??  S    12:23PM  0:02.35 MailScanner: waiting for messages (perl_mailscanner)
    postfix 39916  0.0  0.9 113092 79344  ??  S    12:23PM  0:02.34 MailScanner: waiting for messages (perl_mailscanner)
    postfix 40952  0.0  0.1 113092  8476  ??  S    6:21AM  0:03.09 MailScanner: waiting for messages (perl_mailscanner)
    postfix 41300  0.0  0.2 114128 15740  ??  S    10:39AM  0:04.22 MailScanner: waiting for messages (perl_mailscanner)
    postfix 41453  0.0  0.0 64068  1828  ??  INs  7Dec14  0:00.14 MailScanner: starting child (perl_mailscanner)
    postfix 41605  0.0  0.2 113092 19248  ??  S    12:22PM  0:02.49 MailScanner: waiting for messages (perl_mailscanner)
    postfix 42144  0.0  0.0 64068    0  ??  IWNs -        0:00.00 MailScanner: starting child (perl_mailscanner)
    postfix 42987  0.0  0.0 64068    0  ??  IWs  -        0:00.00 MailScanner: starting child (perl_mailscanner)
    postfix 43293  0.0  0.1 114128 11300  ??  SN    8:35AM  0:03.12 MailScanner: waiting for messages (perl_mailscanner)
    postfix 43749  0.0  0.2 114128 14376  ??  S    10:31AM  0:03.69 MailScanner: waiting for messages (perl_mailscanner)
    postfix 46380  0.0  0.2 114128 16384  ??  S    11:33AM  0:03.14 MailScanner: waiting for messages (perl_mailscanner)
    postfix 46829  0.0  0.2 114128 14288  ??  SN  10:38AM  0:03.12 MailScanner: waiting for messages (perl_mailscanner)
    postfix 47155  0.0  0.0 64068  1984  ??  Is  Fri01PM  0:00.02 MailScanner: starting child (perl_mailscanner)
    postfix 48185  0.0  0.2 114128 16532  ??  S    12:10PM  0:02.85 MailScanner: waiting for messages (perl_mailscanner)
    postfix 48268  0.0  0.0 64068    0  ??  IWs  -        0:00.00 MailScanner: starting child (perl_mailscanner)
    postfix 49535  0.0  0.2 114128 13628  ??  SN    9:00AM  0:06.92 MailScanner: waiting for messages (perl_mailscanner)
    postfix 49722  0.0  0.5 117192 37880  ??  S    8:48AM  0:07.67 MailScanner: waiting for messages (perl_mailscanner)
    postfix 50428  0.0  0.2 114128 16076  ??  S    11:39AM  0:02.96 MailScanner: waiting for messages (perl_mailscanner)
    postfix 50955  0.0  0.2 113092 15740  ??  S    12:22PM  0:02.42 MailScanner: waiting for messages (perl_mailscanner)
    postfix 51166  0.0  0.3 114128 27512  ??  SN  10:24AM  0:11.11 MailScanner: waiting for messages (perl_mailscanner)
    postfix 51626  0.0  0.2 114128 15212  ??  S    9:25AM  0:03.54 MailScanner: waiting for messages (perl_mailscanner)
    postfix 52652  0.0  0.2 114128 15408  ??  S    10:43AM  0:03.34 MailScanner: waiting for messages (perl_mailscanner)
    postfix 53780  0.0  0.2 114128 12984  ??  S    8:08AM  0:03.25 MailScanner: waiting for messages (perl_mailscanner)
    postfix 54191  0.0  0.2 113092 16468  ??  S    11:23AM  0:02.85 MailScanner: waiting for messages (perl_mailscanner)
    postfix 55241  0.0  0.4 114128 29920  ??  SN  10:35AM  0:03.53 MailScanner: waiting for messages (perl_mailscanner)
    postfix 55565  0.0  0.2 115516 13928  ??  SN  10:03AM  0:03.09 MailScanner: waiting for messages (perl_mailscanner)
    postfix 55965  0.0  0.8 114128 66680  ??  S    12:08PM  0:02.84 MailScanner: waiting for messages (perl_mailscanner)
    postfix 56699  0.0  0.0 64068    0  ??  IWs  -        0:00.00 MailScanner: starting child (perl_mailscanner)
    postfix 57050  0.0  0.2 113092 15336  ??  SN  12:10PM  0:02.63 MailScanner: waiting for messages (perl_mailscanner)
    postfix 57863  0.0  0.2 118224 16224  ??  S    8:59AM  0:08.10 MailScanner: waiting for messages (perl_mailscanner)
    postfix 58761  0.0  0.2 114128 17748  ??  S    10:24AM  0:03.05 MailScanner: waiting for messages (perl_mailscanner)
    postfix 59058  0.0  0.2 114128 12700  ??  SN    8:24AM  0:04.11 MailScanner: waiting for messages (perl_mailscanner)
    postfix 59932  0.0  0.0 64068    0  ??  IWs  -        0:00.00 MailScanner: starting child (perl_mailscanner)
    postfix 60211  0.0  0.3 114128 27144  ??  S    9:36AM  0:03.78 MailScanner: waiting for messages (perl_mailscanner)
    postfix 60599  0.0  0.8 114128 68160  ??  SN  12:08PM  0:02.86 MailScanner: waiting for messages (perl_mailscanner)
    postfix 61716  0.0  0.2 114128 14472  ??  S    10:02AM  0:03.57 MailScanner: waiting for messages (perl_mailscanner)
    postfix 62207  0.0  0.3 113092 24616  ??  SN  10:48AM  0:02.83 MailScanner: waiting for messages (perl_mailscanner)
    postfix 63224  0.0  0.2 114128 14460  ??  S    10:45AM  0:03.80 MailScanner: waiting for messages (perl_mailscanner)
    postfix 64246  0.0  0.2 114128 17988  ??  SN  10:14AM  0:02.90 MailScanner: waiting for messages (perl_mailscanner)
    postfix 64279  0.0  0.2 114128 16768  ??  SN  12:10PM  0:03.34 MailScanner: waiting for messages (perl_mailscanner)
    postfix 64349  0.0  0.2 113092 15252  ??  S    12:12PM  0:02.79 MailScanner: waiting for messages (perl_mailscanner)
    postfix 65504  0.0  0.2 113092 15484  ??  S    8:23AM  0:02.97 MailScanner: waiting for messages (perl_mailscanner)
    postfix 69382  0.0  0.4 116176 35916  ??  SN    9:53AM  0:03.51 MailScanner: waiting for messages (perl_mailscanner)
    postfix 70157  0.0  0.2 114128 14664  ??  S    11:01AM  0:02.88 MailScanner: waiting for messages (perl_mailscanner)
    postfix 71258  0.0  0.3 114128 26692  ??  SN  10:15AM  0:03.40 MailScanner: waiting for messages (perl_mailscanner)
    postfix 71358  0.0  0.2 113092 15620  ??  SN  11:23AM  0:02.70 MailScanner: waiting for messages (perl_mailscanner)
    postfix 72699  0.0  0.2 113092 16004  ??  S    12:19PM  0:02.43 MailScanner: waiting for messages (perl_mailscanner)
    postfix 73499  0.0  0.2 114128 16724  ??  S    12:15PM  0:03.00 MailScanner: waiting for messages (perl_mailscanner)
    postfix 73695  0.0  0.9 113092 79344  ??  S    12:23PM  0:02.39 MailScanner: waiting for messages (perl_mailscanner)
    postfix 73721  0.0  0.2 116176 14112  ??  S    9:54AM  0:03.65 MailScanner: waiting for messages (perl_mailscanner)
    postfix 73795  0.0  0.2 116176 14064  ??  S    8:39AM  0:03.87 MailScanner: waiting for messages (perl_mailscanner)
    postfix 73966  0.0  0.2 114128 16532  ??  S    12:10PM  0:02.90 MailScanner: waiting for messages (perl_mailscanner)
    postfix 74735  0.0  0.2 116176 16396  ??  SN    9:41AM  0:03.31 MailScanner: waiting for messages (perl_mailscanner)
    postfix 74970  0.0  0.8 114128 68772  ??  S    11:18AM  0:03.04 MailScanner: waiting for messages (perl_mailscanner)
    postfix 81647  0.0  0.1 114128 11820  ??  S    8:54AM  0:03.34 MailScanner: waiting for messages (perl_mailscanner)
    postfix 82064  0.0  0.2 113092 19420  ??  S    12:23PM  0:02.35 MailScanner: waiting for messages (perl_mailscanner)
    postfix 82769  0.0  0.3 114128 26704  ??  S    8:39AM  0:05.68 MailScanner: waiting for messages (perl_mailscanner)
    postfix 82833  0.0  0.4 114128 31612  ??  S    9:36AM  0:03.01 MailScanner: waiting for messages (perl_mailscanner)
    dcc    90979  0.0  0.0  9152    0  ??  IWs  -        0:00.00 /usr/pbi/mailscanner-amd64/dcc/libexec/dccifd -Idcc -tREP,20 -tCMN,5, -llog -wwhiteclnt -Uuserdirs -SHELO -Smail_host -SSender -SList-ID
    postfix 91181  0.0  0.4 114128 35556  ??  SN  12:11PM  0:02.78 MailScanner: waiting for messages (perl_mailscanner)
    dcc    91202  0.0  0.0 13600  4068  ??  I    9:35AM  0:00.12 /usr/pbi/mailscanner-amd64/dcc/libexec/dccifd -Idcc -tREP,20 -tCMN,5, -llog -wwhiteclnt -Uuserdirs -SHELO -Smail_host -SSender -SList-ID
    postfix 92438  0.0  0.4 114128 30280  ??  S    12:10PM  0:03.14 MailScanner: waiting for messages (perl_mailscanner)
    postfix 93303  0.0  0.2 114128 18212  ??  S    12:13PM  0:03.02 MailScanner: waiting for messages (perl_mailscanner)
    postfix 96229  0.0  0.2 113092 15564  ??  S    12:22PM  0:02.39 MailScanner: waiting for messages (perl_mailscanner)
    postfix 98753  0.0  0.2 116176 18728  ??  SN  12:14PM  0:02.79 MailScanner: waiting for messages (perl_mailscanner)
    root    13056  0.0  0.0  9068  1312  0  S+  12:27PM  0:00.00 grep -i mailscanner



  • @capitangiaco:

    @marcelloc:

    What is broken on mailscanner? I'm pushing some fixes to packages on 2.2

    Does the reporting (Notices to System Administrators) works ?
    I have to manually modify the Mailscanner.conf

    Send Notices = yes
    Notices Include Full Headers = yes
    Hide Incoming Work Dir in Notices = no
    Notice Signature = – \nMailScanner\nEmail Virus Scanner\nwww.mailscanner.info
    Notices From =                                    <–------
    Notices To =                                        <–------
    Local Postmaster = Postmaster              <–------

    Giacomo

    A bit late but, better now than never. ;)

    I fixed (workaround) this by creating a file in

    /usr/pbi/mailscanner-amd64/etc/MailScanner/conf.d/my.conf

    and add

    Notices From = mailscanner@mydoamin.tld
    Notices To = admin@mydoamin.tld

    And restart mailscanner, from now on you will get email notification from infected files that have been blocked.

    This file also can used to add any extra config which otherwise will be ignored/overwritten in the Mailscanner.conf (eg. Max Spam Check Size etc.).

    Another problem I've noticed is that Org name (eg. pfSense in this case) is not correctly inherited to bayes_ignore_header at:

    Services: MailScanner > AntiSpam (Tab) > spam.assassin.prefs.conf

    bayes_ignore_header pfSense-MailScanner

    the X- is missing here and should look like instead:

    bayes_ignore_header **X-**pfSense-MailScanner

    This needs to be fixed in:

    /usr/local/pkg/mailscanner.inc

    and edit line 494 like:

    $replacement[]="bayes_ignore_header X-".($mailscanner['orgname']!=""?$mailscanner['orgname']:"Pfsense")."-MailScanner";

    So bayes can ignore those headers and don't waste tokens for that.



  • I think there is a typo in the file /usr/local/pkg/mailscanner.conf.template

    39 Incoming Work User = postix
    40 Incoming Work Group = postix
    47 Quarantine User = postifx
    

    I also think that these two lines do not work, because when I put the values in the web interface, in the config lines left blank.

    307 Notices From = ${$notice_from}
    308 Notices To = ${$notice_to}
    

    P.S. i have pfSense 2.1.5 and mailscanner 0.2.11



  • Hi!

    Mailscanner blocks the content of messages and replace its contents for unknown reasons.
    Help to understand please.
    Here is a letter received at the reception and log pfsense.

    Received a letter

    Subject: [Filename?] Проблемы НПБ

    This is a message from the MailScanner E-Mail Virus Protection Service
    –--------------------------------------------------------------------
    The original e-mail attachment "the entire message"
    is on the list of unacceptable attachments for this site and has been replaced by this warning message.

    At Thu Jan 29 10:40:46 2015 the virus scanner said:
      MailScanner: No programs allowed (msg-85475-13.txt)

    Log pfSense

    Jan 29 10:40:44 mail postfix/smtpd[67659]: connect from mailex.ooo.ru[x.x.x.x]
    Jan 29 10:40:45 mail postfix/smtpd[67659]: 09C0521EADE: client=mailex.ooo.ru[x.x.x.x]
    Jan 29 10:40:45 mail postfix/cleanup[66101]: 09C0521EADE: hold: header Received: from mailex.ooo.ru (mailex.ooo.ru [x.x.x.x])??by mail.mydomain (Postfix) with ESMTP id 09C0521EADE??for user1@mydomain; Thu, 29 Jan 2015 10:40:44 +0300 (FET) from mailex.ooo.ru[x.x.x.x]; from= <remoteuser>to= user1@mydomainproto=ESMTP helo= <mailex.ooo.ru>Jan 29 10:40:45 mail postfix/cleanup[66101]: 09C0521EADE: message-id= ab7bbd27-5398-4a3d-8c74-5bc868666ec9@ooo.ruJan 29 10:40:46 mail postfix/smtpd[67659]: disconnect from mailex.ooo.ru[x.x.x.x]
    Jan 29 10:40:46 mail MailScanner[85475]: New Batch: Scanning 1 messages, 644494 bytes
    Jan 29 10:40:46 mail MailScanner[85475]: Filename Checks: Allowing 09C0521EADE.A9E2B msg-85475-11.txt
    Jan 29 10:40:46 mail MailScanner[85475]: Filename Checks: Allowing 09C0521EADE.A9E2B msg-85475-12.html (no rule matched)
    Jan 29 10:40:46 mail MailScanner[85475]: Filename Checks: Allowing 09C0521EADE.A9E2B image.pdf (no rule matched)
    Jan 29 10:40:46 mail MailScanner[85475]: Filename Checks: Allowing 09C0521EADE.A9E2B ATT00001.htm (no rule matched)
    Jan 29 10:40:46 mail MailScanner[85475]: Filename Checks: Allowing 09C0521EADE.A9E2B msg-85475-13.txt
    Jan 29 10:40:47 mail MailScanner[85475]: Filetype Checks: No executables (09C0521EADE.A9E2B )
    Jan 29 10:40:47 mail MailScanner[85475]: Filetype Checks: Allowing 09C0521EADE.A9E2B image.pdf (no match found)
    Jan 29 10:40:47 mail MailScanner[85475]: Filetype Checks: Allowing 09C0521EADE.A9E2B msg-85475-11.txt
    Jan 29 10:40:47 mail MailScanner[85475]: Filetype Checks: Allowing 09C0521EADE.A9E2B ATT00001.htm
    Jan 29 10:40:47 mail MailScanner[85475]: Filetype Checks: Allowing 09C0521EADE.A9E2B msg-85475-12.html
    Jan 29 10:40:47 mail MailScanner[85475]: Other Checks: Found 1 problems
    Jan 29 10:40:47 mail MailScanner[85475]: Virus and Content Scanning: Starting
    Jan 29 10:40:47 mail MailScanner[85475]: <a>tag found in message 09C0521EADE.A9E2B from remoteuser
    Jan 29 10:40:47 mail MailScanner[85475]: Virus Scanning completed at 852675 bytes per second
    Jan 29 10:40:47 mail MailScanner[85475]: Spam Checks: Starting
    Jan 29 10:40:47 mail MailScanner[85475]: Message 09C0521EADE.A9E2B from x.x.x.x (remoteuser) to mydomain is too big for spam checks (644494 > 200000 bytes)
    Jan 29 10:40:47 mail MailScanner[85475]: Delivery of nonspam: message 09C0521EADE.A9E2B from remoteuser to user1@mydomain with subject рТПВМЕНЩ орв
    Jan 29 10:40:47 mail MailScanner[85475]: Requeue: 09C0521EADE.A9E2B to 2190621EAE1
    Jan 29 10:40:47 mail postfix/qmgr[25563]: 2190621EAE1: from=<remoteuser>, size=643819, nrcpt=1 (queue active)
    Jan 29 10:40:47 mail MailScanner[85475]: Cleaned: Delivered 1 cleaned messages
    Jan 29 10:40:47 mail postfix/smtp[66901]: warning: host 10.10.2.2[10.10.2.2]:25 greeted me with my own hostname mail.mydomain
    Jan 29 10:40:47 mail MailScanner[85475]: Deleted 1 messages from processing-database
    Jan 29 10:40:47 mail MailScanner[85475]: Batch completed at 612050 bytes per second (644494 / 1)
    Jan 29 10:40:47 mail MailScanner[85475]: Batch (1 message) processed in 1.05 seconds
    Jan 29 10:40:48 mail postfix/smtp[66901]: 2190621EAE1: to=user1@mydomain, relay=10.10.2.2[10.10.2.2]:25, delay=3.1, delays=2.9/0/0.01/0.28, dsn=2.6.0, status=sent (250 2.6.0 ab7bbd27-5398-4a3d-8c74-5bc868666ec9@oaosig.ru[InternalId=9478992822622, Hostname=msk-ex01.banknp.loc] Queued mail for delivery)
    Jan 29 10:40:48 mail postfix/qmgr[25563]: 2190621EAE1: removed
    J

    Tell me what could be the reason/ab7bbd27-5398-4a3d-8c74-5bc868666ec9@oaosig.ru/user1@mydomain</remoteuser></a>/ab7bbd27-5398-4a3d-8c74-5bc868666ec9@ooo.ru</mailex.ooo.ru>/user1@mydomain</remoteuser>/user1@mydomain



  • Hi,

    I am in no way an expert here but I can see this entry in your log:

    Message 09C0521EADE.A9E2B from x.x.x.x (remoteuser) to mydomain is too big for spam checks (644494 > 200000 bytes)

    That is 0.2 megabytes.

    Have you changed the maximum email message size?  Without looking at my setup and If I remember correctly you can change this value in Postfix and Mailscanner.



  • @MDA:

    Jan 29 10:40:47 mail postfix/smtp[66901]: warning: host 10.10.2.2[10.10.2.2]:25 greeted me with my own hostname mail.mydomain

    It looks like your internal mailhost using the same name as the pfSense/Postfix relay, you better change this. Nothing critical…



  • @MDA:

    Hi!

    Mailscanner blocks the content of messages and replace its contents for unknown reasons.
    Help to understand please.
    Here is a letter received at the reception and log pfsense.

    Received a letter

    Subject: [Filename?] Проблемы НПБ

    This is a message from the MailScanner E-Mail Virus Protection Service
    –--------------------------------------------------------------------
    The original e-mail attachment "the entire message"
    is on the list of unacceptable attachments for this site and has been replaced by this warning message.

    At Thu Jan 29 10:40:46 2015 the virus scanner said:
      MailScanner: No programs allowed (msg-85475-13.txt)

    Log pfSense

    Jan 29 10:40:44 mail postfix/smtpd[67659]: connect from mailex.ooo.ru[x.x.x.x]
    Jan 29 10:40:45 mail postfix/smtpd[67659]: 09C0521EADE: client=mailex.ooo.ru[x.x.x.x]
    Jan 29 10:40:45 mail postfix/cleanup[66101]: 09C0521EADE: hold: header Received: from mailex.ooo.ru (mailex.ooo.ru [x.x.x.x])??by mail.mydomain (Postfix) with ESMTP id 09C0521EADE??for user1@mydomain; Thu, 29 Jan 2015 10:40:44 +0300 (FET) from mailex.ooo.ru[x.x.x.x]; from= <remoteuser>to= user1@mydomainproto=ESMTP helo= <mailex.ooo.ru>Jan 29 10:40:45 mail postfix/cleanup[66101]: 09C0521EADE: message-id= ab7bbd27-5398-4a3d-8c74-5bc868666ec9@ooo.ruJan 29 10:40:46 mail postfix/smtpd[67659]: disconnect from mailex.ooo.ru[x.x.x.x]
    Jan 29 10:40:46 mail MailScanner[85475]: New Batch: Scanning 1 messages, 644494 bytes
    Jan 29 10:40:46 mail MailScanner[85475]: Filename Checks: Allowing 09C0521EADE.A9E2B msg-85475-11.txt
    Jan 29 10:40:46 mail MailScanner[85475]: Filename Checks: Allowing 09C0521EADE.A9E2B msg-85475-12.html (no rule matched)
    Jan 29 10:40:46 mail MailScanner[85475]: Filename Checks: Allowing 09C0521EADE.A9E2B image.pdf (no rule matched)
    Jan 29 10:40:46 mail MailScanner[85475]: Filename Checks: Allowing 09C0521EADE.A9E2B ATT00001.htm (no rule matched)
    Jan 29 10:40:46 mail MailScanner[85475]: Filename Checks: Allowing 09C0521EADE.A9E2B msg-85475-13.txt
    Jan 29 10:40:47 mail MailScanner[85475]: Filetype Checks: No executables (09C0521EADE.A9E2B )
    Jan 29 10:40:47 mail MailScanner[85475]: Filetype Checks: Allowing 09C0521EADE.A9E2B image.pdf (no match found)
    Jan 29 10:40:47 mail MailScanner[85475]: Filetype Checks: Allowing 09C0521EADE.A9E2B msg-85475-11.txt
    Jan 29 10:40:47 mail MailScanner[85475]: Filetype Checks: Allowing 09C0521EADE.A9E2B ATT00001.htm
    Jan 29 10:40:47 mail MailScanner[85475]: Filetype Checks: Allowing 09C0521EADE.A9E2B msg-85475-12.html
    Jan 29 10:40:47 mail MailScanner[85475]: Other Checks: Found 1 problems
    Jan 29 10:40:47 mail MailScanner[85475]: Virus and Content Scanning: Starting
    Jan 29 10:40:47 mail MailScanner[85475]: <a>tag found in message 09C0521EADE.A9E2B from remoteuser
    Jan 29 10:40:47 mail MailScanner[85475]: Virus Scanning completed at 852675 bytes per second
    Jan 29 10:40:47 mail MailScanner[85475]: Spam Checks: Starting
    Jan 29 10:40:47 mail MailScanner[85475]: Message 09C0521EADE.A9E2B from x.x.x.x (remoteuser) to mydomain is too big for spam checks (644494 > 200000 bytes)
    Jan 29 10:40:47 mail MailScanner[85475]: Delivery of nonspam: message 09C0521EADE.A9E2B from remoteuser to user1@mydomain with subject рТПВМЕНЩ орв
    Jan 29 10:40:47 mail MailScanner[85475]: Requeue: 09C0521EADE.A9E2B to 2190621EAE1
    Jan 29 10:40:47 mail postfix/qmgr[25563]: 2190621EAE1: from=<remoteuser>, size=643819, nrcpt=1 (queue active)
    Jan 29 10:40:47 mail MailScanner[85475]: Cleaned: Delivered 1 cleaned messages
    Jan 29 10:40:47 mail postfix/smtp[66901]: warning: host 10.10.2.2[10.10.2.2]:25 greeted me with my own hostname mail.mydomain
    Jan 29 10:40:47 mail MailScanner[85475]: Deleted 1 messages from processing-database
    Jan 29 10:40:47 mail MailScanner[85475]: Batch completed at 612050 bytes per second (644494 / 1)
    Jan 29 10:40:47 mail MailScanner[85475]: Batch (1 message) processed in 1.05 seconds
    Jan 29 10:40:48 mail postfix/smtp[66901]: 2190621EAE1: to=user1@mydomain, relay=10.10.2.2[10.10.2.2]:25, delay=3.1, delays=2.9/0/0.01/0.28, dsn=2.6.0, status=sent (250 2.6.0 ab7bbd27-5398-4a3d-8c74-5bc868666ec9@oaosig.ru[InternalId=9478992822622, Hostname=msk-ex01.banknp.loc] Queued mail for delivery)
    Jan 29 10:40:48 mail postfix/qmgr[25563]: 2190621EAE1: removed
    J

    Tell me what could be the reason/ab7bbd27-5398-4a3d-8c74-5bc868666ec9@oaosig.ru/user1@mydomain</remoteuser></a>/ab7bbd27-5398-4a3d-8c74-5bc868666ec9@ooo.ru</mailex.ooo.ru>/user1@mydomain</remoteuser>/user1@mydomain

    <a>problem with some txt files in Russian language. Sometimes mailscanner think this is a executable files.
    I have same problem. I comment this 2 lines in filetypes.rules.conf

    deny	executable	No executables		No programs allowed
    deny	ELF		No executables		No programs allowed
    ```</a>


  • Hello,
    Have any friend test Mailscanner on pfsense 2.2.x.I has test can't start mailscanner service.



  • Hi

    It's confirmed : Mailscanner + pfSense 2.2.x = NOT LOVE. It's broken: https://redmine.pfsense.org/issues/4508

    It's not working dccifd module: /usr/pbi/mailscanner-amd64/local/etc/rc.d/dccifd: WARNING: /usr/local/dcc is not a directory.



  • It's related to pbi. Once 2.3 is out it will work again.
    For now, just a pbi remove and pkg install will workaround this issue just like I've suggested on postifx.



  • @marcelloc:

    For now, just a pbi remove and pkg install will workaround this issue just like I've suggested on postifx.

    For people still struggling with this package:

    
    pbi_delete mailscanner-4.84.6-amd64
    rm -r -f /usr/pbi/bin/libexec/mailscanner
    rm -r -f /usr/local/etc/mailscanner
    rm -r -f /var/spool/MailScanner
    pkg install mailscanner
    y
    

    edit /usr/local/pkg/mailscanner.inc (line 39)

    $pf_version=substr(trim(file_get_contents("/etc/version")),0,3);
    //if ($pf_version == "2.1" || $pf_version == "2.2") {
    //	define('MAILSCANNER_PREFIX', '/usr/pbi/mailscanner-' . php_uname("m"));
    //	if ($pf_version == "2.1")
    //		define('MAILSCANNER_LOCALBASE', MAILSCANNER_PREFIX);
    //	else
    //		define('MAILSCANNER_LOCALBASE', MAILSCANNER_PREFIX . '/local');
    //} else {
    	define('MAILSCANNER_PREFIX', '/usr/local');
    	define('MAILSCANNER_LOCALBASE', '/usr/local');
    //}
    

    This makes MailScanner start and run, further testing needed of general functionality…



  • @marcelloc:

    It's related to pbi. Once 2.3 is out it will work again.
    For now, just a pbi remove and pkg install will workaround this issue just like I've suggested on postifx.

    hi! my be is late to say this, but pfs 2.3 has been released, but removed  postfix+mailscanner so  what is news abaut this? please



  • Bump  still no  postfix+mailscanner ?



  • MAKE A BACKUP BEFORE YOU GO THIS ROUTE!

    Those are the files needed, for the manual install of the MailScanner Package for pfSense 2.3.x

    **/usr/local/pkg/mailscanner.conf.template
    /usr/local/pkg/mailscanner.inc
    /usr/local/pkg/mailscanner.xml
    /usr/local/pkg/mailscanner_alerts.xml
    /usr/local/pkg/mailscanner_antispam.xml
    /usr/local/pkg/mailscanner_antivirus.xml
    /usr/local/pkg/mailscanner_attachments.xml
    /usr/local/pkg/mailscanner_content.xml
    /usr/local/pkg/mailscanner_report.xml
    /usr/local/pkg/mailscanner_sync.xml

    /usr/local/www/mailscanner_about.php**

    • Download the attached pfSense-2.3-MailScanner.zip, unzip and copy the files to your system root /.

    • Unlock the FreeBSD repo in

    /usr/local/etc/pkg/repos/FreeBSD.conf > enabled: yes

    /usr/local/etc/pkg/repos/pfSense.conf > enabled: yes

    • Install MailScanner and dependencies via pkg

    pkg install mailscanner

    • Next edit:

    /conf/config.xml

    • and add MailScanner to the Service Status and Menu:

    <service><name>mailscanner</name>
    <rcfile>mailscanner</rcfile>
    <executable>perl_mailscanner</executable></service>

    <menu>
    <name>Mailscanner</name>
    <tooltiptext>Configure MailScanner service</tooltiptext>
    Services
    <url>/pkg_edit.php?xml=mailscanner.xml&id=0</url>
    </menu>

    • Now cross your fingers and reboot!  :P

    Advanced configuration:

    • Check MS and SA for errors and missing modules etc. via spamassassin -D –lint and mailscanner -D –lint
    • Additionally install DCC+razor2+pyzor, clamav-unofficial-sigs etc.

    pfSense-2.3-MailScanner.zip



  • Automated Install instructions for complete mailscanner package on pfSense 2.3.x can be found here:

    https://forum.pfsense.org/index.php?topic=128037.0