Mailscanner + spamassassin + clamav package
-
After a bit of playing it appears that everything is working - I say appears because whilst known good messages get passed and deliberate bad messages do not appear, I seem unable to get any report/log/message about what mailscanner is actually doing. What is it rejecting beyond my known, deliberately introduced spam. Looked at a few guides to mailscanner and finished up confused.
Is there a simple(!) "how to get activity reports out of mailscanner"
Thanks
Andrew
-
It's quite simple
If you have selected on general tab
-
log destination = /var/log/maillog
-
update frequency = every Xminutes
Simple go to diagnostics -> search mail
Select:
-
log type = QUEUE
-
iCTRL+CLICK Status info on Message fields
-
select sqlite file(s) to search
-
and press search
-
-
Thanks, but what I was after is why things are rejected and potentially review rejected/quarantined items for subsequent approval (or have I missed something in my setup?)
Andrew
-
On this current version, you are able only to see amount of messages on quarantine.
status -> postfix queue
the mailscanner package use native sqlite2 databases while mailscanner use sqlite3 to store quarantine data.
There is a way to enable sqlite3 on mailscanner, but I'll need to rewrite a lot to update it to sqlite3 only.
Maybe next version I include a tab for quarantine.
Today I use only reject, attach or subject action for spam on my system.
If you really need this, you can make a donation to mailscanner package so I can write it for you.
-
Just found the following in the log
php: : The command '/usr/local/dcc/dcc_conf stop' returned exit code '126', the output was '/usr/local/dcc/dcc_conf: Permission denied'
Also seem to be having some problems with what should be spam identified by rules in postfix is actually being passed - maybe best in the morning rather than late on a sunday night!
Andrew
-
Did you:
Inlcude /^Subject:/ WARN line in Acl Headers after all your Subject rules.
enabled thirdpart antispam, selected message hold mode and software?
enabled all default options(yes) on mailscanner gui?Can you see mailscanner action with a tail -f /var/log/maillog | grep -i mailscanner
-
Had the WARN line as the first line in the ACL header - trying as last line
Mailscanner enables, queue set to auto and mailscanner+ spam+ virus selected.
Exactly which option in mailscanner gui are you referring to?
One discovery - it looks like most of the problems are related to mail retrieved from a pop3 mailbox by fetchmail.
Andrew
-
One discovery - it looks like most of the problems are related to mail retrieved from a pop3 mailbox by fetchmail.
Mailscanner works together with postfix, how fetchmail forward these messages to postfix daemon?
-
Fetchmail is running on another box (Ubuntu) and forwards to the pfsense box running the scanner.
Just had a complete freeze of the scanner and had to rebuild from scratch - the install hung at
PCRE-8.21-1.TBZ (Extracting) after I hit enter it continued.
-
Not sure that my theory of using another machine to run fetchmail is going to work. It appears that the SMTP traffic (going direct to pfsense scanner) is being processed correctly, but POP3 traffic collected by the other machine using fetchmail and then forwarded to the scanner is not being scanned for spam - my guess is that because it is on the same network it assumes it is whitelisted? Or am I more confused than usual?
Andrew
-
On this current version, you are able only to see amount of messages on quarantine.
status -> postfix queue
the mailscanner package use native sqlite2 databases while mailscanner use sqlite3 to store quarantine data.
There is a way to enable sqlite3 on mailscanner, but I'll need to rewrite a lot to update it to sqlite3 only.
Maybe next version I include a tab for quarantine.
Today I use only reject, attach or subject action for spam on my system.
If you really need this, you can make a donation to mailscanner package so I can write it for you.
I would be interested in a quarantine tab with a release and whitelist function for valid messages that get caught in the filter.
please PM me with what you feel an appropriate donation would beUPDATE: After speaking to Marcello over PM, he has agreed to work on adding a quarantine tab to the mailscanner. I have made a donation to this effort and encourage anyone else that is interested to please donate as well. I feel a the addition of the quarantine / white list function adds a lot of value and functionality. Right now I have many clients using hosted solutions for spam filtering but would much prefer to have the it on my pfsense installations
-
Hi Marcello
Do you have any updates on SASL authentication and if/when it may be included in this great package?
I would love to migrate our existing SMTP solution over to this but the lack of authentication is the only thing stopping me.
Cheers,
James
-
Hi Marcello
Do you have any updates on SASL authentication and if/when it may be included in this great package?
I would love to migrate our existing SMTP solution over to this but the lack of authentication is the only thing stopping me.
Cheers,
James
smtp auth is from postfix package, I've posted an answer there :)
http://forum.pfsense.org/index.php/topic,40622.msg243900.html#msg243900
-
hi all
I am trying the mailscanner-dev pkg and I am receiving this on the logs:
Mar 7 15:42:43 firewalla MailScanner[14828]: MailScanner E-Mail Virus Scanner version 4.83.5 starting…
Mar 7 15:42:43 firewalla MailScanner[14828]: Reading configuration file /usr/local/etc/MailScanner/MailScanner.conf
Mar 7 15:42:43 firewalla MailScanner[14828]: Reading configuration file /usr/local/etc/MailScanner/conf.d/README
Mar 7 15:42:43 firewalla MailScanner[14828]: Could not read file /usr/local/share/MailScanner/reports//inline.spam.warning.txt
Mar 7 15:42:43 firewalla MailScanner[14828]: Error in line 393, file "/usr/local/share/MailScanner/reports//inline.spam.warning.txt" for inlinespamwarning does not exist (or can not be read)
Mar 7 15:42:43 firewalla MailScanner[14828]: Could not read file /usr/local/share/MailScanner/reports//languages.conf
Mar 7 15:42:43 firewalla MailScanner[14828]: Error in line 187, file "/usr/local/share/MailScanner/reports//languages.conf" for languagestrings does not exist (or can not be read)
Mar 7 15:42:43 firewalla MailScanner[14828]: Syntax error in line 143, value "" for allowiframetags is not one of allowed values "yes","disarm","no"
Mar 7 15:42:43 firewalla MailScanner[14828]: Syntax error in line 144, value "" for allowformtags is not one of allowed values "yes","disarm","no"
Mar 7 15:42:43 firewalla MailScanner[14828]: Syntax error in line 150, value "" for allowobjecttags is not one of allowed values "yes","disarm","no"
Mar 7 15:42:43 firewalla MailScanner[14828]: Syntax error in line 145, value "" for allowscripttags is not one of allowed values "yes","disarm","no"
Mar 7 15:42:43 firewalla MailScanner[14828]: Syntax error in line 146, value "" for allowwebbugtags is not one of allowed values "yes","disarm","no"
Mar 7 15:42:43 firewalla MailScanner[14828]: Connected to Processing Attempts Database
Mar 7 15:42:43 firewalla MailScanner[14828]: Found 0 messages in the Processing Attempts Database
Mar 7 15:42:43 firewalla postfix/postscreen[54168]: DNSBL rank 3 for [177.103.221.63]:2184
Mar 7 15:42:43 firewalla MailScanner[14828]: Using locktype = flockGiacomo
-
I tools like you need to select another language report.
reports//languages.conf
should be
reports/some_language/languages.conf
-
thanks now it works!
compliments for the great job!!!!(I needed to set 'no' and again 'disarm' "Removing/Logging dangerous or potentially offensive content" directives to make it works).
Giacomo
-
I tried to re-install the system (I am using I386) from scratch, and I wrote some notes that may be of help:
sa-spamd and clamd start
manually added:
clamav_clamd_enable="YES"
clamav_freshclam_enable="YES"
spamd_enable="YES"
to /etc/rc.conf/localDeliver from postfix to mailscanner, manually added:
header_checks = regexp:/usr/local/etc/postfix/header_checks to /usr/local/etc/postfix/main.cf
created the /usr/local/etc/postfix/header_checks with '/^Received:/ HOLD' inside
restarted with postfix reload
I didn't find the options that make this work from the web configurator <– help please! :)Cannot lock /var/spool/MailScanner/incoming/Locks/clamavBusy.lock, No such file or directory
chown -R postfix /var/spool/MailScanner/incoming/Locks.This is a very usefull pkg, thanks to Marcello for the great work!
Giacomo
-
I use all these options with no file hacking.
Did you installed postfix pfsense package to work with mailscanner?
-
I use all these options with no file hacking.
Did you installed postfix pfsense package to work with mailscanner?
Installed first postfix forward and then mailscanner-dev
Giacomo
-
header checks are on services -> postfix forwarder -> access lists