SpamSnake Ubuntu 8.04 LTS nagging errors, should I be concerned?

Discussion in 'HOWTO-Related Questions' started by FatalError, Sep 11, 2009.

  1. FatalError

    FatalError New Member

    I get these every day, can they be ignored? Everything appears to be working as intended.

    From MailScanner logwatch:
    From Postfix logwatch:
    Here's my /var/spool directory:
    Code:
    [email protected]:/var/spool# ls -al
    total 28
    drwxr-xr-x  7 root    root     4096 2009-08-25 16:45 .
    drwxr-xr-x 15 root    root     4096 2009-08-24 08:13 ..
    drwxr-xr-x  5 daemon  daemon   4096 2009-08-24 04:57 cron
    drwxr-xr-x  3 root    root     4096 2009-08-24 08:24 cups
    drwx------  2 root    root     4096 2009-08-25 16:45 firehol
    lrwxrwxrwx  1 root    root        7 2009-08-24 04:53 mail -> ../mail
    drwxr-x---  6 postfix www-data 4096 2009-08-24 15:34 MailScanner
    drwxr-xr-x 19 root    root     4096 2009-08-24 13:32 postfix
    And /var/spool/postfix:
    Code:
    [email protected]:/var/spool/postfix# ls -al
    total 76
    drwxr-xr-x 19 root    root     4096 2009-08-24 13:32 .
    drwxr-xr-x  7 root    root     4096 2009-08-25 16:45 ..
    drwx------  2 postfix root     4096 2009-09-11 09:06 active
    drwx------  2 postfix root     4096 2009-08-24 13:32 bounce
    drwx------  2 postfix root     4096 2009-08-24 13:32 corrupt
    drwx------  2 postfix root     4096 2009-08-24 13:32 defer
    drwx------  2 postfix root     4096 2009-08-24 13:32 deferred
    drwxr-xr-x  2 root    root     4096 2009-09-03 09:28 etc
    drwx------  2 postfix root     4096 2009-08-24 13:32 flush
    drwxrwx---  2 postfix www-data 4096 2009-09-11 09:06 hold
    drwx------  2 postfix root     4096 2009-09-11 09:06 incoming
    drwxr-xr-x  2 root    root     4096 2009-09-03 09:28 lib
    drwx-wx--T  2 postfix postdrop 4096 2009-09-11 07:30 maildrop
    drwxr-xr-x  2 postfix root     4096 2009-09-03 13:33 pid
    drwx------  2 postfix root     4096 2009-09-03 09:28 private
    drwx--s---  2 postfix postdrop 4096 2009-09-03 09:28 public
    drwx------  2 postfix root     4096 2009-08-24 13:32 saved
    drwx------  2 postfix root     4096 2009-08-24 13:32 trace
    drwxr-xr-x  3 root    root     4096 2009-08-24 13:32 usr
    
    Also, is there an easy way to feed spam (not high spam, as it already has that option in MailWatch) to the spamsnake for learning (sa-learn, I think)?
    It would be nice to be able to do this through the web interface just like high scoring spam does at the bottom of the Message Detail page in MailWatch.
    I am the only one in my IT department that has any knowledge of Linux :mad: and I don't want the others mucking around with SSH trying to do this when I'm not there.
     
  2. Rocky

    Rocky New Member

    Below is are the permissions that I have and right away I noticed that your MailScanner folder in /var/spool is different than mind.

    /var/spool/
    drwxr-xr-x 5 root root 4096 2009-04-29 11:08 cron
    drwxr-xr-x 3 root root 4096 2009-04-30 10:07 cups
    lrwxrwxrwx 1 root root 7 2009-04-29 10:57 mail -> ../mail
    drwxr-xr-x 5 postfix www-data 4096 2009-04-30 11:02 MailScanner
    drwxr-x--- 2 root bin 4096 2009-04-30 10:51 mqueue.in
    drwxr-xr-x 20 root root 4096 2009-04-30 08:39 postfix

    /var/spool/postfix/
    drwx------ 2 postfix root 16384 2009-09-11 10:26 active
    drwx------ 2 postfix root 4096 2009-09-11 03:20 bounce
    drwx------ 2 postfix root 4096 2009-04-30 08:39 corrupt
    drwx------ 18 postfix root 4096 2009-06-10 16:35 defer
    drwx------ 18 postfix root 4096 2009-06-10 16:35 deferred
    drwxr-xr-x 2 root root 4096 2008-11-05 08:03 dev
    drwxr-xr-x 3 root root 4096 2009-09-04 11:19 etc
    drwx------ 2 postfix root 4096 2009-09-09 21:55 flush
    drwxrwx--- 2 postfix www-data 12288 2009-09-11 10:26 hold
    drwx------ 2 postfix root 12288 2009-09-11 10:26 incoming
    drwxr-xr-x 2 root root 4096 2009-09-04 11:19 lib
    drwx-wx--T 2 postfix postdrop 4096 2009-09-11 10:07 maildrop
    drwxr-xr-x 2 postfix root 4096 2009-08-07 06:22 pid
    drwx------ 2 postfix root 4096 2009-09-04 11:19 private
    drwx--s--- 2 postfix postdrop 4096 2009-09-04 11:19 public
    drwx------ 2 postfix root 4096 2009-04-30 08:39 saved
    drwx------ 2 postfix root 4096 2009-09-11 03:20 trace
    drwxr-xr-x 3 root root 4096 2009-04-30 08:39 usr

    My User State Directory in MailScanner.conf is set to:
    SpamAssassin User State Dir = /var/spool/MailScanner/spamassassin

    My Run As User is postfix and group is www-data.

    For the mails to show up in Mailwatch, you have to make sure the following is set to the below. This will log all mails to Mailwatch therefore allowing you to train spamassassin.

    Spam Actions = deliver store
    High Scoring Spam Actions = delete store
    Non Spam Actions = deliver store

    Make the above changes and let me know if that helps.

    What do you have Max Normal Queue Size set for in MailScanner.conf?

    Rocky
     
    Last edited: Sep 11, 2009
  3. FatalError

    FatalError New Member

    OK, I changed the permissions on /var/spool/MailScanner.

    For some reason my User State Directory = (nothing).

    My Run As user and group are the same as yours.

    Spam Actions I had:
    Spam Actions = deliver
    High Scoring Spam Actions = delete
    Non Spam Actions = deliver header "blah blah..."

    My Max Normal Queue Size = 800.

    By the way, I initially did have a problem with some directories disappearing and had to do "9.17 Fix for Ubuntu 8.04 (kept removing directories upon reboot)" in your how-to, but only a portion of it:
    Code:
    Added to /etc/rc.local:
    
    mkdir /var/run/MailScanner
    chown -R postfix:www-data /var/run/MailScanner
    /etc/init.d/postfix restart
    /etc/init.d/mailscanner restart
    I see you did a strike-through on that section. Is there a work-around to what I did?

    I have restarted mailscanner and am now able to feed ham/spam on all messages, thank you!
     
    Last edited: Sep 11, 2009
  4. Rocky

    Rocky New Member

    Hey,

    Glad to hear everythings coming together for you. There is a fix for the deleting problem you're facing and it's much better than the way you have it set right now. Just do the following and you should be all set.

    Edit /etc/rc2.d/S20mailscanner to look like:
    check_dir /var/spool/MailScanner ${user:postfix} ${group:-www-data}
    #check_dir /var/lib/MailScanner ${user:-mail} ${group:-mail}
    #check_dir /var/run/MailScanner ${user:-mail} ${group:-mail}
    check_dir /var/lock/subsys/MailScanner ${user:postfix} ${group:-www-data}
     
  5. FatalError

    FatalError New Member

    This is how mine reads:

    Code:
    check_dir /var/spool/MailScanner       ${user:-postfix} ${group:-www-data}
    #check_dir /var/lib/MailScanner         ${user:-mail} ${group:-mail}
    #check_dir /var/run/MailScanner         ${user:-mail} ${group:-mail}
    check_dir /var/lock/subsys/MailScanner ${user:-postfix} ${group:-www-data}
    Do I need to change the delimiter between the path and the variable? Looks like I have three with a tab and one with a space.

    If the check_dir /var/run/MailScanner is commented-out, will it not be present when I reboot?

    I guess I'm confused?!?!
     
  6. FatalError

    FatalError New Member

    Now I can sa-learn any email, which is great; however, now all email is listed in the Quarantine: Clean, Spam and High Spam. Is there an easy way to keep the Clean email from displaying in the Quarantine and still be able to feed them to SA?
     
  7. Rocky

    Rocky New Member

    Hey,

    In etc/rc2.d/S20mailscanner, there is already a section for the below, without the edits:

    check_dir /var/spool/MailScanner ${user:postfix} ${group:-www-data}
    #check_dir /var/lib/MailScanner ${user:-mail} ${group:-mail}
    #check_dir /var/run/MailScanner ${user:-mail} ${group:-mail}
    check_dir /var/lock/subsys/MailScanner ${user:postfix} ${group:-www-data}

    Just make it look like the above.

    The Quarantine feature basically stores the emails for later mail operation. If you want to stop storing good emails, just take store out of the Non Spam Actions.

    Rocky
     
  8. FatalError

    FatalError New Member

    Do you have any suggestions for this error? I don't know what to gauge my queue size with.

    This is what I have:

    Max Normal Queue Size = 800
     
  9. Rocky

    Rocky New Member

    Ok, I think the queue file size limit is a postfix setting. Try changing the following to:

    message_size_limit = 15000000

    This will allow 15mb file size instead of 10mb to pass through.
     

Share This Page