CentOS 7.1 amavisd-new/spam assassin help

Discussion in 'ISPConfig 3 Priority Support' started by jims_a_winner, May 6, 2015.

  1. jims_a_winner

    jims_a_winner New Member

    Hi there,

    New user year, I have a ISPConfig 3 setup on CentOS 7.1 (Using the perfect server tutorial).

    I used to use CentOS 6.5 and it worked really well (including the spam filters).

    Since upgrading to 7.1 the Spam Filters in ISP Config seem to take no effect (I have followed the tutorial correctly 100% and even reformatted a few times).

    Amavisd-new doesnt seem to take notice of any of the spam filter policys applied in ISPConfig. (Normal, Trigger Happy) etc. And instead seems to follow the rules in /etc/amavisd/amavisd.conf

    $sa_tag_level_deflt = -9.0; # add spam info headers if at, or above that level
    $sa_tag2_level_deflt = 6.2; # add 'spam detected' headers at that level
    $sa_kill_level_deflt = 100; # triggers spam evasive actions (e.g. blocks mail)
    $sa_dsn_cutoff_level = 10; # spam level beyond which a DSN is not sent
    $sa_crediblefrom_dsn_cutoff_level = 18; # likewise, but for a likely valid From
    # $sa_quarantine_cutoff_level = 25; # spam level beyond which quarantine is off
    $penpals_bonus_score = 8; # (no effect without a @storage_sql_dsn database)
    $penpals_threshold_high = $sa_kill_level_deflt; # don't waste time on hi spam
    $bounce_killer_score = 100; # spam score points to add for joe-jobbed bounces

    These rules seem to work (And it does move the spam detected here to the Junk folder)

    It doesnt matter what you apply in ISP Config and with these settings I get these headers in my mail

    For Ham:
    X-Virus-Scanned: amavisd-new at 247ns.co.uk
    X-Spam-Flag: NO
    X-Spam-Score: 1.813
    X-Spam-Level: *
    X-Spam-Status: No, score=1.813 tagged_above=-9 required=6.2
    tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1,
    FREEMAIL_FROM=0.001, HTML_IMAGE_ONLY_08=1.781, HTML_MESSAGE=0.001,
    HTML_SHORT_LINK_IMG_1=0.139, RCVD_IN_MSPIKE_H3=-0.01,
    RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, T_REMOTE_IMAGE=0.01,
    URIBL_BLOCKED=0.001, URIBL_DBL_ABUSE_REDIR=0.001]
    autolearn=no autolearn_force=no

    OR
    For Spam:
    X-Virus-Scanned: amavisd-new at 247ns.co.uk
    X-Spam-Flag: YES
    X-Spam-Score: 8.639
    X-Spam-Level: ********
    X-Spam-Status: Yes, score=8.639 tagged_above=-9 required=6.2
    tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1,
    DRUGS_ERECTILE=2.221, DRUG_ED_CAPS=1.023, FREEMAIL_FROM=0.001,
    HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001,
    SERGIO_SUBJECT_VIAGRA01=2.089, SPF_PASS=-0.001,
    SUBJECT_DRUG_GAP_C=0.989, SUBJ_ALL_CAPS=1.625, UPPERCASE_50_75=0.791,
    URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Does the /etc/amavisd/amavisd.conf file contains the sql queries that connect amavisd with the dbispconfig database?
     
  3. jims_a_winner

    jims_a_winner New Member

    Thanks for the quick response till.

    I dont think it does! I would imagine this would be the cause of the issue but I didnt keep an old amavisd.conf file to compare!

    Here is how it looks so far in amavisd.conf

    # @lookup_sql_dsn =
    # ( ['DBI:mysql:database=mail;host=127.0.0.1;port=3306', 'user1', 'passwd1'],
    # ['DBI:mysql:database=mail;host=host2', 'username2', 'password2'],
    # ["DBI:SQLite:dbname=$MYHOME/sql/mail_prefs.sqlite", '', ''] );
    # @storage_sql_dsn = @lookup_sql_dsn; # none, same, or separate database
    # @storage_redis_dsn = ( {server=>'127.0.0.1:6379', db_id=>1} );
    # $redis_logging_key = 'amavis-log';
    # $redis_logging_queue_size_limit = 300000; # about 250 MB / 100000
     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    Ok, so thats missing and this is why amavis does not now the ules in ispconfig. Please check if there is an:

    /etc/amavisd.conf

    file and if yes, if this file contains the sql rules.
     
  5. jims_a_winner

    jims_a_winner New Member

    Yep it appears so... There is also an /etc/amavisd.conf and it seems to contain slightly different parameters, but here are the references to SQL in /etc/amavisd.conf

    # @lookup_sql_dsn =
    # ( ['DBI:mysql:database=mail;host=127.0.0.1;port=3306', 'user1', 'passwd1'],
    # ['DBI:mysql:database=mail;host=host2', 'username2', 'password2'],
    # ["DBI:SQLite:dbname=$MYHOME/sql/mail_prefs.sqlite", '', ''] );
    # @storage_sql_dsn = @lookup_sql_dsn; # none, same, or separate database
    # @storage_redis_dsn = ( {server=>'127.0.0.1:6379', db_id=>1} );
    # $redis_logging_key = 'amavis-log';
    # $redis_logging_queue_size_limit = 300000; # about 250 MB / 100000
     
  6. jims_a_winner

    jims_a_winner New Member

    My mistakes... In /etc/amavisd.conf further down I found another reference to sql

    #
    # Database connection settings
    #

    @lookup_sql_dsn =
    ( ['DBI:mysql:database=dbispconfig;host=127.0.0.1;port=3306', 'ispconfig', '5******************f'] );
     
  7. jims_a_winner

    jims_a_winner New Member

    So is there I way I can ask amavisd-new to use /etc/amvisd.conf as opposed to /etc/amavisd/amavisd.conf as its config file?
     
  8. till

    till Super Moderator Staff Member ISPConfig Developer

    run:

    mv /etc/amavisd/amavisd.conf /etc/amavisd/amavisd.conf_bak
    ln -s /etc/amavisd.conf /etc/amavisd/amavisd.conf

    then restart amavisd.
     
  9. jims_a_winner

    jims_a_winner New Member

    May 6 14:28:44 mail amavis[26894]: (26894-01) (!)connect to /var/run/clamav/clamd.sock failed, attempt #1: Can't connect to a UNIX socket /var/run/clamav/clamd.sock: No such file or directory
    May 6 14:28:44 mail amavis[26894]: (26894-01) (!)ClamAV-clamd: All attempts (1) failed connecting to /var/run/clamav/clamd.sock, retrying (2)
    May 6 14:28:45 mail postfix/smtpd[26833]: disconnect from unknown[192.168.120.16]
    May 6 14:28:50 mail amavis[26894]: (26894-01) (!)connect to /var/run/clamav/clamd.sock failed, attempt #1: Can't connect to a UNIX socket /var/run/clamav/clamd.sock: No such file or directory
    May 6 14:28:50 mail amavis[26894]: (26894-01) (!)ClamAV-clamd av-scanner FAILED: run_av error: Too many retries to talk to /var/run/clamav/clamd.sock (All attempts (1) failed connecting to /var/run/clamav/clamd.sock) at (eval 98) line 608.\n
    May 6 14:28:50 mail amavis[26894]: (26894-01) (!)WARN: all primary virus scanners failed, considering backups
     
  10. jims_a_winner

    jims_a_winner New Member

    Thanks till! That is filtering mail based on settings in ISPConfig now :)

    See my post above however for a new error - I will checkout the differences in the 2 config files as to why this might be happening now but thought I would post the log.

    Regards,
    Jim
     
  11. till

    till Super Moderator Staff Member ISPConfig Developer

    Check if clamd is running. If thats the case, then it might be that Centos has changed the socket directory. You might find the new path in the /etc/amavisd/amavisd.conf_bak file.

    Does the freshclam command runs without errors?
     
  12. jims_a_winner

    jims_a_winner New Member

    Was an issue with the path of the clamd socket.

    e.g.
    BACKUP FILE:
    ['ClamAV-clamd',
    \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamd.amavisd/clamd.sock"],
    qr/\bOK$/m, qr/\bFOUND$/m,
    NEW FILE:
    ['ClamAV-clamd',
    \&ask_daemon, ["CONTSCAN {}\n", "/var/run/clamav/clamd.sock"],
    qr/\bOK$/, qr/\bFOUND$/,

    I have updated the new file now to /var/run/clamd.amavisd/clamd.sock instead of /var/run/clamav/clamd.sock
    qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
     
  13. jims_a_winner

    jims_a_winner New Member

    Working perfectly!! Been an issue for a long time - even installed a mail firewall but spam engines were bypassing mx records and sending straight to the server!

    Thanks for the good work till.
     

Share This Page