Spamsnake Baruwa - Various issues

[itsnedkeren]

Thanks for a great how-to, after some time I finally got the system working!

Although I have some issues I would like some help with:

1) I keep getting "cron daemon" mails in my inbox! Aren't these supposed to be sent to root@localhost? I don't need all that info in my main inbox Is there somewhere I can change this?

See snip from log below:

From "mail.log":

Code:

Feb 22 08:43:01 mailgw postfix/smtp[2510]: 6AC2CC2B85: to=<mailadmin@domain.tld>, orig_to=<root@domain.tld>, relay=node01.domain.tld[78.46.92.124]:25, delay=0.04, delays=0.01/0/0/0.03, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 07E9720067)

Mail from cron I recive:

Code:

Reading status from /var/spool/MailScanner/quarantine/phishingupdate/status
Checking that /var/spool/MailScanner/quarantine/phishingupdate/cache/2011-082 exists... ok Checking that /var/spool/MailScanner/quarantine/phishingupdate/cache/2011-082.18 exists... ok I am working with: Current: 2011-082 - 20 and Status: 2011-082 - 18 No base update required Update required Retrieving http://www.mailscanner.tv/2011-082.19
Retrieving http://www.mailscanner.tv/2011-082.20
/var/spool/MailScanner/quarantine/phishingupdate/cache/2011-082.20
Updating live file /opt/MailScanner/etc/phishing.bad.sites.conf
Deleting cached file: 2011-082.18.... ok

2) I'm getting errors in "mail.err" about DCC and ClamAV, see below.

From "mail.err":

Code:

Feb 22 07:42:02 mailgw ClamAV-autoupdate[8718]: ClamAV updater /usr/local/bin/freshclam cannot be run
Feb 22 08:35:08 mailgw dccifd[1264]: fopen(/var/run/dcc/dccifd.pid): No such file or directory
Feb 22 08:42:02 mailgw ClamAV-autoupdate[2298]: ClamAV updater /usr/local/bin/freshclam cannot be run

3) When running spamassassin -x -D -p /opt/MailScanner/etc/spam.assassin.prefs.conf --lint, I see that my userid=1 and not 2. See below.

Code:

Feb 22 09:26:17.606 [3308] dbg: bayes: database connection established
Feb 22 09:26:17.606 [3308] dbg: bayes: found bayes db version 3
Feb 22 09:26:17.607 [3308] dbg: bayes: Using userid: 1

4) Using the Baruwa web-interface, I'm getting "Error connecting to server. check network!", when trying to perform a release, quarantine, delete, etc. on mails. I've browsed the web and suggestions are to disable Javascript, which seems to work. But is there any other workaround for this? It annoys me that I have to change Javascript setting all the time!

5) How do I setup my mailserver to work with this gateway/spamsnake?
5a) Are my clients still supposed to send mails via SMTP through my mailserver? Or should they now use the gateway/spamsnake to send mail from(SMTP)
5b) If I configure my mailserver to accept mails only from the gateway/spamsnake, how will my clients be able to connect via SMTP for sending email(if answer to 5a are yes).

6) I would love for someone (topdog), to check my server config and general setup via SSH, before throwing it into production, if this is by anyway possible.

Thanks for any replies.

[itsnedkeren]

2) is solved now, if you get this:

Code:

Feb 22 17:10:23 mailgw dccifd[1248]: fopen(/var/run/dcc/dccifd.pid): No such file or directory

Edit /etc/init.d/dcc-client and make it look like below, I have commented where edit starts and ends:

Code:

#!/bin/sh
#
# dcc-client	example file to build /etc/init.d/ scripts.
#		This file should be used to construct scripts for /etc/init.d.

PATH=/sbin:/bin:/usr/sbin:/usr/bin
DAEMON=/usr/sbin/dccifd
NAME=dccifd
DESC="DCC program interface daemon"
########START EDIT##########
DCC_RUNDIR=/var/run/dcc
if [ ! -d $DCC_RUNDIR ]; then
    mkdir -p $DCC_RUNDIR
    chown dcc:dcc $DCC_RUNDIR
fi
########END EDIT###########

test -f $DAEMON || exit 0

set -e

case "$1" in
  start)
	echo -n "Starting $DESC: $NAME"
	start-stop-daemon --start --quiet --pidfile /var/run/$NAME.pid \
		--chuid dcc:dcc --exec $DAEMON -- $OPTIONS
	echo "."
	;;
  stop)
	echo -n "Stopping $DESC: $NAME"
	start-stop-daemon --oknodo --stop --quiet --exec $DAEMON
	echo "."
	;;
  restart)
	echo -n "Restarting $DESC: $NAME"
	start-stop-daemon --stop --quiet --pidfile \
		/var/run/$NAME.pid --exec $DAEMON
	sleep 1
	start-stop-daemon --start --quiet --pidfile \
		/var/run/$NAME.pid --exec $DAEMON -- $OPTIONS
	echo "."
	#echo "\n"
	;;
  *)
	N=/etc/init.d/$NAME
	# echo "Usage: $N {start|stop|restart|reload|force-reload}" >&2
	echo "Usage: $N {start|stop|restart}" >&2
	exit 1
	;;
esac

exit 0

Afterwards reboot Ubuntu and you'll see that "dccifd.pid" now exists in /var/run/dcc


2) If you get this:

Code:

Feb 22 18:42:01 mailgw ClamAV-autoupdate[3976]: ClamAV updater /usr/local/bin/freshclam cannot be run

Then edit the following line in /opt/MailScanner/etc/virus.scanners.conf and make it look like below! You probably have /usr/local at the the end.

Code:

clamav		/opt/MailScanner/lib/clamav-wrapper	/usr

Afterwards, run:

/etc/init.d/clamav-freshclam restart



Still looking for help on the others though

Thanks

[Rocky]

Hey,

Glad you got the snake up and running, although not completely 100% functional, I'm sure a few minor tweaks will fix your issues.

Add &> /dev/null at the end of all of your cronjobs, before the comment (#) statement to avoid the email messages.

The bayes user will be 1 because we specified root as the override user, who has access to the db, so that's normal.

Ok so you've figured out dcc and clamav, that's great. Give us a breakdown of your setup. What is it relaying to, are your clients internal, have you setup proper dns mx records for your mails to flow to the snake?

Once your mx records are setup properly, mails will start flowing to the snake. You'll have to setup the domains/transports in Baruwa for which you're relaying for and the destination smtp server, and after filtering, mails should flow to that server. A writeup can be found in the howto for the snake on how to do this.

[itsnedkeren]

Quote:

Originally Posted by Rocky

Hey,

Glad you got the snake up and running, although not completely 100% functional, I'm sure a few minor tweaks will fix your issues.

Add &> /dev/null at the end of all of your cronjobs, before the comment (#) statement to avoid the email messages.

The bayes user will be 1 because we specified root as the override user, who has access to the db, so that's normal.

Ok so you've figured out dcc and clamav, that's great. Give us a breakdown of your setup. What is it relaying to, are your clients internal, have you setup proper dns mx records for your mails to flow to the snake?

Once your mx records are setup properly, mails will start flowing to the snake. You'll have to setup the domains/transports in Baruwa for which you're relaying for and the destination smtp server, and after filtering, mails should flow to that server. A writeup can be found in the howto for the snake on how to do this.

Thanks for your post Rocky!

I have 2 servers, the first server "node01" is running Debian with ISPConfig3 and acts as a LAMP basically. All my domains and mailboxes reside here.

The second server "mailgw" is running the spamsnake. Where I have setup "node01" as relay host in the Baruwa interface.

For now I have redirected only a test domains MX-record to the spamsnake. Mail seem to be relaying just fine.

But if I manually send mail through "node01" to the test domain, mails are also coming in. This is obvious, as I have not limited "node01" to recieve mail from the spamsnake only. This is what I'm trying to find out howto to do in a proper way.

Both server are "external", running as seperate machines with external global IP's.

I'm wondering if I need to specify anything special in this line in /usr/src/postfix.sh

Code:

postconf -e "mynetworks = 127.0.0.0/8, 192.168.0.0/24"

Obviously I'm not using 192.168.0.0/24 as my network, but I'm in doubt as what to enter here.


Thanks for any assistance and please ask if you need more info.

[itsnedkeren]

5 is now also solved \o/


I'm using IPTables to allow ONLY the spamsnake on port 25.
Postfix on the mailserver has been changed to port 587/TLS SMTP for my mail users.

uncommented below in master.cf enables submission port 587.

Code:

submission inet n       -       -       -       -       smtpd

[topdog]

You actually need:

Code:

submission inet n       -       n       -       -       smtpd
  -o smtpd_enforce_tls=yes
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject

Not just:

Code:

submission inet n       -       n       -       -       smtpd

[itsnedkeren]

Quote:

Originally Posted by topdog

You actually need:

Code:

submission inet n       -       n       -       -       smtpd
  -o smtpd_enforce_tls=yes
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject

Not just:

Code:

submission inet n       -       n       -       -       smtpd

Thanks Topdog, I need to remove "chroot" as that would't work.

Code:

Feb 23 16:20:02 node01 postfix/smtpd[24056]: fatal: SASL per-process initialization failed

[itsnedkeren]

I'm getting this, running the spamassasin --lint command:

Code:

Feb 24 06:11:23.936 [20573] warn: config: failed to parse line, skipping, in "/etc/MailScanner/spam.assassin.prefs.conf": use_auto_whitelist 0

Should this be uncommented or??

Thanks

[falko]

http://osdir.com/ml/users-spamassass.../msg00692.html

[itsnedkeren]

Hmm that's odd

Checking the Baruwa web interface under "Status->Spamassasin lint" outputs the same error:

Code:

Feb 24 06:11:23.936 [20573] warn: config: failed to parse line, skipping, in "/etc/MailScanner/spam.assassin.prefs.conf": use_auto_whitelist 0

BUT, running:

Code:

mailgw:~# spamassassin -x -D -p /opt/MailScanner/etc/spam.assassin.prefs.conf --lint 2>&1 | fgrep 'warn'

Only outputs this:

Code:

Feb 24 19:08:14.744 [27556] dbg: config: warning: score set for non-existent rule SHORTCIRCUIT
Feb 24 19:08:14.744 [27556] dbg: config: warning: score set for non-existent rule SUBJ_RE_NUM
Feb 24 19:08:14.744 [27556] dbg: config: warning: score set for non-existent rule FM_VIAGRA_SPAM1114
Feb 24 19:08:14.745 [27556] dbg: config: warning: score set for non-existent rule AXB_HELO_LH_HOME
Feb 24 19:08:14.745 [27556] dbg: config: warning: score set for non-existent rule ACCESSDB

Which one to trust

Thanks

EDIT: No luck with the info from your link, Falko. Thanks though.