Mailscanner + spamassassin + clamav package

marcelloc

@jamesc:

Hi Marcello

Do you have any updates on SASL authentication and if/when it may be included in this great package?

I would love to migrate our existing SMTP solution over to this but the lack of authentication is the only thing stopping me.

Cheers,

James

smtp auth is from postfix package, I've posted an answer there :)

http://forum.pfsense.org/index.php/topic,40622.msg243900.html#msg243900

capitangiaco

hi all

I am trying the mailscanner-dev pkg and I am receiving this on the logs:

Mar  7 15:42:43 firewalla MailScanner[14828]: MailScanner E-Mail Virus Scanner version 4.83.5 starting…
Mar  7 15:42:43 firewalla MailScanner[14828]: Reading configuration file /usr/local/etc/MailScanner/MailScanner.conf
Mar  7 15:42:43 firewalla MailScanner[14828]: Reading configuration file /usr/local/etc/MailScanner/conf.d/README
Mar  7 15:42:43 firewalla MailScanner[14828]: Could not read file /usr/local/share/MailScanner/reports//inline.spam.warning.txt
Mar  7 15:42:43 firewalla MailScanner[14828]: Error in line 393, file "/usr/local/share/MailScanner/reports//inline.spam.warning.txt" for inlinespamwarning does not exist (or can not be read)
Mar  7 15:42:43 firewalla MailScanner[14828]: Could not read file /usr/local/share/MailScanner/reports//languages.conf
Mar  7 15:42:43 firewalla MailScanner[14828]: Error in line 187, file "/usr/local/share/MailScanner/reports//languages.conf" for languagestrings does not exist (or can not be read)
Mar  7 15:42:43 firewalla MailScanner[14828]: Syntax error in line 143, value "" for allowiframetags is not one of allowed values "yes","disarm","no"
Mar  7 15:42:43 firewalla MailScanner[14828]: Syntax error in line 144, value "" for allowformtags is not one of allowed values "yes","disarm","no"
Mar  7 15:42:43 firewalla MailScanner[14828]: Syntax error in line 150, value "" for allowobjecttags is not one of allowed values "yes","disarm","no"
Mar  7 15:42:43 firewalla MailScanner[14828]: Syntax error in line 145, value "" for allowscripttags is not one of allowed values "yes","disarm","no"
Mar  7 15:42:43 firewalla MailScanner[14828]: Syntax error in line 146, value "" for allowwebbugtags is not one of allowed values "yes","disarm","no"
Mar  7 15:42:43 firewalla MailScanner[14828]: Connected to Processing Attempts Database
Mar  7 15:42:43 firewalla MailScanner[14828]: Found 0 messages in the Processing Attempts Database
Mar  7 15:42:43 firewalla postfix/postscreen[54168]: DNSBL rank 3 for [177.103.221.63]:2184
Mar  7 15:42:43 firewalla MailScanner[14828]: Using locktype = flock

Giacomo

marcelloc

I tools like you need to select another language report.

reports//languages.conf

should be

reports/some_language/languages.conf

capitangiaco

thanks now it works!
compliments for the great job!!!!

(I needed to set 'no' and again 'disarm' "Removing/Logging dangerous or potentially offensive content" directives to make it works).

Giacomo

capitangiaco

I tried to re-install the system (I am using I386) from scratch, and I wrote some notes that may be of help:

sa-spamd and clamd start
manually added:
clamav_clamd_enable="YES"
clamav_freshclam_enable="YES"
spamd_enable="YES"
to /etc/rc.conf/local

Deliver from postfix to mailscanner, manually added:
header_checks = regexp:/usr/local/etc/postfix/header_checks to /usr/local/etc/postfix/main.cf
created  the /usr/local/etc/postfix/header_checks with '/^Received:/ HOLD' inside
restarted with postfix reload
I didn't find the options that make this work from the web configurator <– help please! :)

Cannot lock /var/spool/MailScanner/incoming/Locks/clamavBusy.lock, No such file or directory
chown -R postfix /var/spool/MailScanner/incoming/Locks.

This is a very usefull pkg, thanks to Marcello for the great work!

Giacomo

marcelloc

I use all these options with no file hacking.

Did you installed postfix pfsense package to work with mailscanner?

capitangiaco

@marcelloc:

I use all these options with no file hacking.

Did you installed postfix pfsense package to work with mailscanner?

Installed first postfix forward and then mailscanner-dev

Giacomo

marcelloc

header checks are on services -> postfix forwarder -> access lists

ncsidaho

Hello all
I have installed Posfix Forwarder and the mailscanner + spamassassin + clamav package. Postfix is working wonderfully but I think I must have somthing wrong in my configuration with mailscanner. In Postfix I have the 3rd party option enabled / The mode is set to auto. I have the mailscanner package enabled as well as the CLAMAV and spam assassin options enabled. But when I run the GFI Security Test EVERYTHING get through.

When I look at the process list for mailscanner I see
55735  ??  S      0:05.39 MailScanner: waiting for messages (perl5.12.4)
56936  ??  S      0:04.45 MailScanner: waiting for messages (perl5.12.4)
59478  ??  S      0:04.08 MailScanner: waiting for messages (perl5.12.4)
60031  ??  S      0:04.05 MailScanner: waiting for messages (perl5.12.4)

when I run tail -f /var/log/maillog |grep -i mailscanner

I get nothing?

if I restart mailscanner I get this

Mar  9 11:06:58 mailgateway MailScanner[55777]: Using locktype = flock
Mar  9 11:07:02 mailgateway MailScanner[57182]: MailScanner E-Mail Virus Scanner                                            version 4.83.5 starting…
Mar  9 11:07:02 mailgateway MailScanner[57182]: Reading configuration file /usr/                                          local/etc/MailScanner/MailScanner.conf
Mar  9 11:07:02 mailgateway MailScanner[57182]: Reading configuration file /usr/                                          local/etc/MailScanner/conf.d/README
Mar  9 11:07:07 mailgateway MailScanner[56126]: Connected to Processing Attempts                                            Database
Mar  9 11:07:07 mailgateway MailScanner[56126]: Found 0 messages in the Processi                                          ng Attempts Database
Mar  9 11:07:07 mailgateway MailScanner[56126]: Using locktype = flock
Mar  9 11:07:07 mailgateway MailScanner[58764]: MailScanner E-Mail Virus Scanner                                            version 4.83.5 starting…
Mar  9 11:07:07 mailgateway MailScanner[58764]: Reading configuration file /usr/                                          local/etc/MailScanner/MailScanner.conf
Mar  9 11:07:07 mailgateway MailScanner[58764]: Reading configuration file /usr/                                          local/etc/MailScanner/conf.d/README
Mar  9 11:07:08 mailgateway MailScanner[57182]: Connected to Processing Attempts                                            Database
Mar  9 11:07:08 mailgateway MailScanner[57182]: Found 0 messages in the Processi                                          ng Attempts Database
Mar  9 11:07:08 mailgateway MailScanner[57182]: Using locktype = flock
Mar  9 11:07:16 mailgateway MailScanner[58764]: Connected to Processing Attempts Database
Mar  9 11:07:16 mailgateway MailScanner[58764]: Found 0 messages in the Processing Attempts Database
Mar  9 11:07:16 mailgateway MailScanner[58764]: Using locktype = flock

any help is apperciated

marcelloc

check if you can find /^from:/ HOLD  on view configuration -> header check

If not, change mailscanner Message Hold mode on antispam tab to manual and include the above line on access lists -> header

ncsidaho

@marcelloc:

check if you can find /^from:/ HOLD  on view configuration -> header check

If not, change mailscanner Message Hold mode on antispam tab to manual and include the above line on access lists -> header

That worked
thank you marcello

tanhosy

I have a question (can be a bit stupid!). Can MailScanner + Postfix run in transparent mode?.
The reason is I have a pfsense box with 4 interfaces + 01 mail server stand alone. I want to run pfsense without intervention on the mail server.

marcelloc

Well, I did no transparent mode on this package but if you know how to do it on postfix I can merge this on next release.

capitangiaco

anyindea to rotate the /var/log/maillog ?

thanks

Giacomo

marcelloc

@capitangiaco:

anyindea to rotate the /var/log/maillog ?

Not yet but sometime in the future  ;)

capitangiaco

I noticed a 'strange' thing, incoming attachments files become zipped, cool feature, but who is the author of this ?

Giacomo

marcelloc

It`s a mailscanner feature but you can disable it on gui(I'm not in front of one right now to point the option  ;)).

capitangiaco

Hi Marcelloc

zip attachments:
Mailscanner  - Attachments - Attachments features

very cool dude! I love my mail-firewall
I added squirrelmail-imapproxy, I am gonna try to create a pkg.
You are my hero :)

thanks again

Giacomo

ics

Hi all,

I've installed mailscanner + spamassassin + clamav package and I cannot get spamassassin working…

Clamav works great (tested with eicar file) but the GTUBE test for spamassassin fails : spam is not detected, score is 0, and message is delivered.
I've made the test from inside and outside the local network. Both fails.

May  2 10:07:52 srvmx06 MailScanner[22383]: Spam Checks: Starting
May  2 10:07:52 srvmx06 MailScanner[22383]: Expired 2 records from the SpamAssassin cache
May  2 10:07:53 srvmx06 MailScanner[22383]: Message 4DAC68A939.ABA57 from xx.xx.xx.xx (whatever@yahoo.com) to domain.com is not spam, SpamAssassin (not cached, score=0, required 6, autolearn=not spam)
May  2 10:07:53 srvmx06 MailScanner[22383]: Delivery of nonspam: message 4DAC68A939.ABA57 from whatever@yahoo.com to user@domain.com with subject GUARANTEED
May  2 10:07:53 srvmx06 MailScanner[22383]: Spam Checks completed at 2784 bytes per second

Can you help me to solve that ?

Thanks

ics

I've found the solution myself :
just run sa-update to download spamassassin's rules.

:)