HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials - Spamsnake Baruwa

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)

- HOWTO-Related Questions (http://www.howtoforge.com/forums/forumdisplay.php?f=2)

- - Spamsnake Baruwa - Various issues (http://www.howtoforge.com/forums/showthread.php?t=51565)

Spamsnake Baruwa - Various issues

Thanks for a great how-to, after some time I finally got the system working!

Although I have some issues I would like some help with:

1) I keep getting "cron daemon" mails in my inbox! Aren't these supposed to be sent to root@localhost? I don't need all that info in my main inbox :( Is there somewhere I can change this?

See snip from log below:

From "mail.log":

Code:

Feb 22 08:43:01 mailgw postfix/smtp[2510]: 6AC2CC2B85: to=<mailadmin@domain.tld>, orig_to=<root@domain.tld>, relay=node01.domain.tld[78.46.92.124]:25, delay=0.04, delays=0.01/0/0/0.03, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 07E9720067)

Mail from cron I recive:

Code:

Reading status from /var/spool/MailScanner/quarantine/phishingupdate/status

Checking that /var/spool/MailScanner/quarantine/phishingupdate/cache/2011-082 exists... ok Checking that /var/spool/MailScanner/quarantine/phishingupdate/cache/2011-082.18 exists... ok I am working with: Current: 2011-082 - 20 and Status: 2011-082 - 18 No base update required Update required Retrieving http://www.mailscanner.tv/2011-082.19

Retrieving http://www.mailscanner.tv/2011-082.20

/var/spool/MailScanner/quarantine/phishingupdate/cache/2011-082.20

Updating live file /opt/MailScanner/etc/phishing.bad.sites.conf

Deleting cached file: 2011-082.18.... ok

2) I'm getting errors in "mail.err" about DCC and ClamAV, see below.

From "mail.err":

Code:

Feb 22 07:42:02 mailgw ClamAV-autoupdate[8718]: ClamAV updater /usr/local/bin/freshclam cannot be run

Feb 22 08:35:08 mailgw dccifd[1264]: fopen(/var/run/dcc/dccifd.pid): No such file or directory

Feb 22 08:42:02 mailgw ClamAV-autoupdate[2298]: ClamAV updater /usr/local/bin/freshclam cannot be run

3) When running spamassassin -x -D -p /opt/MailScanner/etc/spam.assassin.prefs.conf --lint, I see that my userid=1 and not 2. See below.

Code:

Feb 22 09:26:17.606 [3308] dbg: bayes: database connection established

Feb 22 09:26:17.606 [3308] dbg: bayes: found bayes db version 3

Feb 22 09:26:17.607 [3308] dbg: bayes: Using userid: 1

4) Using the Baruwa web-interface, I'm getting "Error connecting to server. check network!", when trying to perform a release, quarantine, delete, etc. on mails. I've browsed the web and suggestions are to disable Javascript, which seems to work. But is there any other workaround for this? It annoys me that I have to change Javascript setting all the time!

5) How do I setup my mailserver to work with this gateway/spamsnake?
5a) Are my clients still supposed to send mails via SMTP through my mailserver? Or should they now use the gateway/spamsnake to send mail from(SMTP)
5b) If I configure my mailserver to accept mails only from the gateway/spamsnake, how will my clients be able to connect via SMTP for sending email(if answer to 5a are yes).

6) I would love for someone (topdog), to check my server config and general setup via SSH, before throwing it into production, if this is by anyway possible.

Thanks for any replies.

2) is solved now, if you get this:

Code:

Feb 22 17:10:23 mailgw dccifd[1248]: fopen(/var/run/dcc/dccifd.pid): No such file or directory

Edit /etc/init.d/dcc-client and make it look like below, I have commented where edit starts and ends:

Code:

#!/bin/sh

#

# dcc-client        example file to build /etc/init.d/ scripts.

#                This file should be used to construct scripts for /etc/init.d.



PATH=/sbin:/bin:/usr/sbin:/usr/bin

DAEMON=/usr/sbin/dccifd

NAME=dccifd

DESC="DCC program interface daemon"

########START EDIT##########

DCC_RUNDIR=/var/run/dcc

if [ ! -d $DCC_RUNDIR ]; then

    mkdir -p $DCC_RUNDIR

    chown dcc:dcc $DCC_RUNDIR

fi

########END EDIT###########



test -f $DAEMON || exit 0



set -e



case "$1" in

  start)

        echo -n "Starting $DESC: $NAME"

        start-stop-daemon --start --quiet --pidfile /var/run/$NAME.pid \

                --chuid dcc:dcc --exec $DAEMON -- $OPTIONS

        echo "."

        ;;

  stop)

        echo -n "Stopping $DESC: $NAME"

        start-stop-daemon --oknodo --stop --quiet --exec $DAEMON

        echo "."

        ;;

  restart)

        echo -n "Restarting $DESC: $NAME"

        start-stop-daemon --stop --quiet --pidfile \

                /var/run/$NAME.pid --exec $DAEMON

        sleep 1

        start-stop-daemon --start --quiet --pidfile \

                /var/run/$NAME.pid --exec $DAEMON -- $OPTIONS

        echo "."

        #echo "\n"

        ;;

  *)

        N=/etc/init.d/$NAME

        # echo "Usage: $N {start|stop|restart|reload|force-reload}" >&2

        echo "Usage: $N {start|stop|restart}" >&2

        exit 1

        ;;

esac



exit 0

Afterwards reboot Ubuntu and you'll see that "dccifd.pid" now exists in /var/run/dcc

2) If you get this:

Code:

Feb 22 18:42:01 mailgw ClamAV-autoupdate[3976]: ClamAV updater /usr/local/bin/freshclam cannot be run

Then edit the following line in /opt/MailScanner/etc/virus.scanners.conf and make it look like below! You probably have /usr/local at the the end.

Code:

clamav /opt/MailScanner/lib/clamav-wrapper /usr

Afterwards, run:

/etc/init.d/clamav-freshclam restart

Still looking for help on the others though :)

Thanks

Hey,

Glad you got the snake up and running, although not completely 100% functional, I'm sure a few minor tweaks will fix your issues.

Add &> /dev/null at the end of all of your cronjobs, before the comment (#) statement to avoid the email messages.

The bayes user will be 1 because we specified root as the override user, who has access to the db, so that's normal.

Ok so you've figured out dcc and clamav, that's great. Give us a breakdown of your setup. What is it relaying to, are your clients internal, have you setup proper dns mx records for your mails to flow to the snake?

Once your mx records are setup properly, mails will start flowing to the snake. You'll have to setup the domains/transports in Baruwa for which you're relaying for and the destination smtp server, and after filtering, mails should flow to that server. A writeup can be found in the howto for the snake on how to do this.

Quote:

Originally Posted by Rocky (Post 251924)

Thanks for your post Rocky!

I have 2 servers, the first server "node01" is running Debian with ISPConfig3 and acts as a LAMP basically. All my domains and mailboxes reside here.

The second server "mailgw" is running the spamsnake. Where I have setup "node01" as relay host in the Baruwa interface.

For now I have redirected only a test domains MX-record to the spamsnake. Mail seem to be relaying just fine.

But if I manually send mail through "node01" to the test domain, mails are also coming in. This is obvious, as I have not limited "node01" to recieve mail from the spamsnake only. This is what I'm trying to find out howto to do in a proper way.

Both server are "external", running as seperate machines with external global IP's.

I'm wondering if I need to specify anything special in this line in /usr/src/postfix.sh

Code:

postconf -e "mynetworks = 127.0.0.0/8, 192.168.0.0/24"

Obviously I'm not using 192.168.0.0/24 as my network, but I'm in doubt as what to enter here.

Thanks for any assistance and please ask if you need more info.

5 is now also solved \o/

I'm using IPTables to allow ONLY the spamsnake on port 25.
Postfix on the mailserver has been changed to port 587/TLS SMTP for my mail users.

uncommented below in master.cf enables submission port 587.

Code:

submission inet n - - - - smtpd

You actually need:

Code:

submission inet n       -       n       -       -       smtpd

  -o smtpd_enforce_tls=yes

  -o smtpd_sasl_auth_enable=yes

  -o smtpd_client_restrictions=permit_sasl_authenticated,reject

Not just:

Code:

submission inet n - n - - smtpd

Quote:

Originally Posted by topdog (Post 251970)

You actually need:

Code:

submission inet n       -       n       -       -       smtpd

  -o smtpd_enforce_tls=yes

  -o smtpd_sasl_auth_enable=yes

  -o smtpd_client_restrictions=permit_sasl_authenticated,reject

Not just:

Code:

submission inet n - n - - smtpd

Thanks Topdog, I need to remove "chroot" as that would't work.

Code:

Feb 23 16:20:02 node01 postfix/smtpd[24056]: fatal: SASL per-process initialization failed

I'm getting this, running the spamassasin --lint command:

Code:

Feb 24 06:11:23.936 [20573] warn: config: failed to parse line, skipping, in "/etc/MailScanner/spam.assassin.prefs.conf": use_auto_whitelist 0

Should this be uncommented or??

Thanks

Hmm that's odd :confused:

Checking the Baruwa web interface under "Status->Spamassasin lint" outputs the same error:

Code:

Feb 24 06:11:23.936 [20573] warn: config: failed to parse line, skipping, in "/etc/MailScanner/spam.assassin.prefs.conf": use_auto_whitelist 0

BUT, running:

Code:

mailgw:~# spamassassin -x -D -p /opt/MailScanner/etc/spam.assassin.prefs.conf --lint 2>&1 | fgrep 'warn'

Only outputs this:

Code:

Feb 24 19:08:14.744 [27556] dbg: config: warning: score set for non-existent rule SHORTCIRCUIT

Feb 24 19:08:14.744 [27556] dbg: config: warning: score set for non-existent rule SUBJ_RE_NUM

Feb 24 19:08:14.744 [27556] dbg: config: warning: score set for non-existent rule FM_VIAGRA_SPAM1114

Feb 24 19:08:14.745 [27556] dbg: config: warning: score set for non-existent rule AXB_HELO_LH_HOME

Feb 24 19:08:14.745 [27556] dbg: config: warning: score set for non-existent rule ACCESSDB

Which one to trust :confused: :eek:

Thanks

EDIT: No luck with the info from your link, Falko. Thanks though.