Spamsnake Baruwa - Missing Cron entries?

Discussion in 'HOWTO-Related Questions' started by itsnedkeren, Mar 4, 2011.

  1. itsnedkeren

    itsnedkeren New Member

    Once again a couple questions regarding the perfect spamsnake :)


    My cron looks like this:


    Code:
    37      5 * * *  /opt/MailScanner/bin/update_phishing_sites
    07      * * * *  /opt/MailScanner/bin/update_bad_phishing_sites
    58     23 * * * /opt/MailScanner/bin/clean.quarantine
    42      * * * *  /opt/MailScanner/bin/update_virus_scanners
    3,23,43 * * * *  /opt/MailScanner/bin/check_mailscanner
    30 01 * * * /usr/bin/sa-learn --force-expire --sync -p /opt/MailScanner/etc/spam.assassin.prefs.conf
    @daily  manage.py cleanquarantine #Clean quarantine
    @daily  manage.py sendquarantinereports #Send quarantine reports
    @monthly manage.py  dbclean #Clean maillog
    @weekly  manage.py updatesarules #Update spamassassin rules
    @daily  manage.py sendpdfreports #Send PDF Reports
    @weekly /usr/sbin/fuzzy-cleanmysql #FuzzyOcr DB cleaner
    00 04 * * * /usr/bin/clamav-unofficial-sigs.sh .c /etc/clamav-unofficial-sigs.conf &> /dev/null
    But looking in /opt/MailScanner-4.81.4-1/bin:


    Code:
    [email protected]:/opt/MailScanner/bin# ls -la
    total 696
    drwxr-xr-x 3 root root   4096 2011-02-25 07:37 .
    drwxr-xr-x 7 root root   4096 2010-09-06 13:17 ..
    -rwxr-xr-x 1 root root   4416 2010-09-06 13:17 analyse_SpamAssassin_cache
    lrwxrwxrwx 1 root root     26 2011-02-25 07:37 analyze_SpamAssassin_cache -> analyse_SpamAssassin_cache
    -rwxr-xr-x 1 root root   3902 2010-09-06 13:17 check_mailscanner
    -rwxr-xr-x 1 root root   2152 2007-05-28 19:35 check_mailscanner.tru64
    -rwxr-xr-x 1 root root   1047 2007-05-28 19:35 CheckModuleVersion
    -rwxr-xr-x 1 root root    932 2007-05-28 19:35 clean.quarantine
    -rwxr-xr-x 1 root root   1118 2009-08-27 18:30 clean.SA.cache
    drwxr-xr-x 2 root root   4096 2010-09-06 13:17 cron
    -rwxr-xr-x 1 root root   1518 2007-05-28 19:35 d2mbox
    -rwxr-xr-x 1 root root   1560 2007-05-28 19:35 df2mbox
    -rwxr-xr-x 1 root root    988 2009-04-12 20:50 getPERLLIB
    -rwxr-xr-x 1 root root  67317 2010-09-06 13:17 MailScanner
    -rwxr-xr-x 1 root root   2551 2009-01-07 11:58 mailscanner_create_locks
    -rwxr-xr-x 1 root root  66917 2010-04-24 19:54 mailscanner.sbin.orig
    -rwxr-xr-x 1 root root   1609 2009-09-08 16:21 processing_messages_alert
    -rwxr-xr-x 1 root root   2747 2009-08-27 06:17 Quick.Peek
    -rwxr-xr-x 1 root root   1223 2007-05-28 19:35 RawSendmailToCompleteMessage
    -rw------- 1 root root    875 2011-02-20 12:43 razor-agent.log
    -rwxr-xr-x 1 root root   7358 2009-04-02 11:16 Sophos.install
    -rwxr-xr-x 1 root root   7364 2009-04-02 11:16 Sophos.install.linux
    -rwxr-xr-x 1 root root   6359 2009-04-02 11:16 Sophos.install.solaris
    -rwxr-xr-x 1 root root    188 2009-07-30 21:15 svn-commit.tmp
    -rwxr-xr-x 1 root root 165027 2011-02-25 07:37 tnef
    -rwxr-xr-x 1 root root 165027 2011-02-20 12:33 tnef.original
    -rwxr-xr-x 1 root root  53276 2007-05-28 19:35 tnef.solaris.x86
    -rwxr-xr-x 1 root root   8364 2009-09-15 20:29 update_bad_phishing_emails
    -rwxr-xr-x 1 root root   8232 2009-09-15 20:29 update_bad_phishing_sites
    -rwxr-xr-x 1 root root   6959 2009-09-15 20:29 update_bad_phishing_sites.pl
    -rwxr-xr-x 1 root root   2733 2008-03-11 01:44 update_bad_phishing_sites.sh.old
    -rwxr-xr-x 1 root root   2428 2007-06-26 16:33 update_phishing_sites
    -rwxr-xr-x 1 root root  12363 2011-02-21 22:13 update_scamnailer
    -rwxr-xr-x 1 root root   1294 2010-01-11 14:19 update_spamassassin
    -rwxr-xr-x 1 root root   2454 2009-08-27 06:23 update_virus_scanners
    lrwxrwxrwx 1 root root     24 2011-02-25 07:37 upgrade_languages_conf -> upgrade_MailScanner_conf
    -rwxr-xr-x 1 root root  11809 2009-08-11 11:26 upgrade_MailScanner_conf

    I see a couple scripts NOT added to cron! I've checked the guide and it does not say anywhere to add them. My question is: do I need to add the missing ones to crontab?

    An example is: update_scamnailer

    Thanks for any replies ;)
     
  2. Rocky

    Rocky New Member

    Hey,

    Yes, you have to import scamnailer's script into /opt/MailScanner/bin and also make it executable. If you look at the scamnailer section, you'll see a line with a link pointing to the contents of the file.

    The other thing I notice is with: 00 04 * * * /usr/bin/clamav-unofficial-sigs.sh .c /etc/clamav-unofficial-sigs.conf

    It should be;
    00 04 * * * /usr/bin/clamav-unofficial-sigs.sh -c /etc/clamav-unofficial-sigs.conf &>

    Make sure to edit /etc/clamav-unofficial-sigs.conf and comment out the mblportal updates section, as there has been mass false positives using it lately. Sanesecurity updates/defs will catch lots of viruses/spam, so it's important that your script above is update to run properly.

    Rocky
     
  3. itsnedkeren

    itsnedkeren New Member

    Thanks Rocky, I've done as you write, but I still need to know whether or not to add the "missing" update scripts to cron?
     
  4. Rocky

    Rocky New Member

    Hey,

    Yes, you have to add it to cron. This is what mine looks like:

    I moved update_scamnailer to /usr/sbin because when I upgraded MailScanner, I had to backup the file and then replace it. That was 1 too many steps. Now, all custom scripts are kept in /usr/sbin.

    Rocky
     
  5. itsnedkeren

    itsnedkeren New Member

    Thanks a million Rocky, my cron is now up to date :)

    P.S is there anyway of actually Blacklisting senders to completely disallow mails from sender to get processed by the spamsnake? The Baruwa blacklist functionality seems to only blacklist sender as SPAM, but now disallow mails from them.
     
  6. Rocky

    Rocky New Member

    Hey,

    Yes, you have 2 options.

    First, you can set /opt/MailScanner/etc/MailScanner.conf:
    Definite Spam Is High Scoring = yes

    This will cause blacklisted mails to be treated as high spam, which our snake does not deliver but saves a copy in quarantine.

    The second would be to add to main.cf:
    smtpd_restriction_classes = spf_policy, rbl_policy, grey_policy, blacklist_policy, whitelist_policy, verify_recipient, look_ahead

    blacklist_policy = check_client_access mysql:/etc/postfix/mysql-global_blacklist.cf, check_sender_access mysql:/etc/postfix/mysql-global_blacklist.cf

    Create /etc/postfix/mysql-global_blacklist with:
    #mysql-global_blacklist
    user = baruwa
    password = password
    dbname = baruwa
    query = select concat('REJECT') 'action' from lists where from_address='%s' AND list_type='2';
    hosts = 127.0.0.1

    *Note: Make sure to update your user, dbname and password to whatever you used with your setup.

    This option will block mails at the MTA level, reduce traffic but will not quarantine a copy.

    Hope this helps.

    Rocky
     
    Last edited: Mar 7, 2011
  7. itsnedkeren

    itsnedkeren New Member

    Excellent thanks a lot :)
     

Share This Page