The Perfect SpamSnake 10.10

Discussion in 'HOWTO-Related Questions' started by luigi, Apr 19, 2011.

  1. luigi

    luigi New Member

    Hi everyone
    I need your help for some problems with baruwa
    I do not know where it comes from
    I put some screen, and I hope you understand the problem

    First I have No records returned in the section messages or lists
    http://img813.imageshack.us/i/baruwashowingthe50mostr.jpg/

    And when I click on System status I have this. The status is in red and i haven't MTA processe
    http://img853.imageshack.us/i/prtscrcapturen.jpg/

    I put a other screen, this is my mail.log
    [​IMG]

    Uploaded with ImageShack.us

    If you want a example of another file said me

    An other question in the tutorial :
    vi /usr/share/pyshared/baruwa/settings.py
    Change the Quarantine hosturl to your liking:
    QUARANTINE_REPORT_HOSTURL = 'http://baruwa-alpha.local'

    I need to change http://baruwa-alpha.local by what? My server @ip ?

    Thx for your help :)
    Best Regards !
     
    Last edited: Apr 19, 2011
  2. Rocky

    Rocky New Member

    Hey,

    Make sure your .pm files in /opt/MailScanner/lib/MailScanner/CustomFunctions has the proper user/password/database information.

    Make sure you have the following set in /opt/MailScanner/etc/MailScanner.conf

    HTML:
    MTA = postfix
    Always Looked Up Last = &BaruwaSQL
    Is Definitely Not Spam = &BaruwaWhitelist
    Is Definitely Spam = &BaruwaBlacklist
    Required SpamAssassin Score = &BaruwaLowScore
    High SpamAssassin Score = &BaruwaHighScore 
    The URL should be the dns name of your spamsnake.
     
  3. luigi

    luigi New Member

    Hi Rocky !
    Thank you for reply so quickly.

    in /opt/MailScanner/etc/MailScanner.conf
    some example of my configuration of MailScanner.conf
    HTML:
    # **** RULE: It must not contain any spaces! ****
    %org-name% =castellanus-com
    
    %org-long-name% = filter.castellanu.com
    %web-site% = www.castellanus.com
    
    Run As User = postfix
    Run As Group =  www-data
    
    MTA = postfix
    
    Incoming Work User =
    Incoming Work Group = clamav
    
    Quarantine User = root
    Quarantine Group = www-data
    
    Always Looked Up Last = &BaruwaSQL
    Is Definitely Not Spam = &BaruwaWhitelist
    Is Definitely Spam = &BaruwaBlacklist
    Required SpamAssassin Score = &BaruwaLowScore.
    High SpamAssassin Score = &BaruwaHighScore
    
    In my .pm files in /opt/MailScanner/lib/MailScanner/CustomFunctions I have this :
    HTML:
    my ($db_name) = 'baruwa';
    my ($db_host) = 'localhost';
    my ($db_user) = 'baruwa';
    my ($db_pass) = 'password';
    
    And when I trying to connect with the user baruwa on the mysql , all it's ok

    So the URL should be http://filter.castellanus.com ?
    Because for the baruwa's graphique interface, I have a acess only with @ip (http://192.168.131.251) not by http://filter.castellanus.com

    Thxs ;)
     
  4. Rocky

    Rocky New Member

    Hey,

    Looks good so far.

    Just one prob:
    %org-name% =castellanus-com <--incorrect
    %org-name% = castellanus <--correct and can be castellanus if you like.

    You can use the ip for the url.
     
  5. luigi

    luigi New Member

    Hey,

    I made the changes but it didn't work
    I restart MaiScanner, even reboot my server but I still have the status red

    If you have an idea where the problem might be?

    Why baruwa don't find the MTA ?

    in the file /etc/postfix/main.cf I have this :
    HTML:
    myhostname = filter.castellanus.com
    alias_maps = hash:/etc/aliases
    alias_database = hash:/etc/aliases
    myorigin = castellanus.com
    mydestination =
    relayhost =
    mynetworks = 127.0.0.0/8, 192.168.131.0/24
    
    
     
    Last edited: Apr 19, 2011
  6. Rocky

    Rocky New Member

    I'm not sure why it's not giving a status. Are you using an FQDN for the setup?

    Is MailScanner delivering mails?
     
  7. luigi

    luigi New Member

    Yes I using an FQDN for the setup

    /etc/nginx/sites-available/baruwa.conf
    HTML:
    server {
          listen 80;
          server_name filter.castellanus.com;
          [...]
    
    when i rying to send a email i have this
    HTML:
    Apr 20 09:28:03 filter postfix/smtpd[8961]: connect from filter.castellanus.com[192.168.131.251]
    Apr 20 09:28:53 filter postfix/smtpd[8961]: 737FA1680EBD: client=filter.castellanus.com[192.168.131.251]
    Apr 20 09:29:04 filter postfix/cleanup[8964]: 737FA1680EBD: hold: header Received: from filter (filter.castellanus.com [192.168.131.251])??by filter.castellanus.com (Postfix) with ESMTP id 737FA1680EBD??for <[email protected]>; Wed, 20 Apr 2011 09:28:33 +0200 (CEST) from filter.castellanus.com[192.168.131.251]; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<filter>
    Apr 20 09:29:04 filter postfix/cleanup[8964]: 737FA1680EBD: message-id=<[email protected]>
    Apr 20 09:29:09 filter MailScanner[5585]: New Batch: Scanning 1 messages, 1049 bytes
    Apr 20 09:29:09 filter MailScanner[5585]: Virus and Content Scanning: Starting
    Apr 20 09:29:09 filter MailScanner[8968]: MailScanner E-Mail Virus Scanner version 4.81.4 starting...
    Apr 20 09:29:09 filter MailScanner[8968]: Reading configuration file /opt/MailScanner/etc/MailScanner.conf
    Apr 20 09:29:09 filter MailScanner[8968]: Reading configuration file /opt/MailScanner/etc/conf.d/README
    Apr 20 09:29:09 filter MailScanner[8968]: Read 867 hostnames from the phishing whitelist
    Apr 20 09:29:09 filter MailScanner[8968]: Read 5605 hostnames from the phishing blacklists
    Apr 20 09:29:09 filter MailScanner[8968]: Config: calling custom init function BaruwaLowScore
    Apr 20 09:29:09 filter MailScanner[8968]: Config: calling custom init function BaruwaBlacklist
    Apr 20 09:29:09 filter MailScanner[8968]: Config: calling custom init function BaruwaSQL
    Apr 20 09:29:09 filter MailScanner[8968]: Config: calling custom init function BaruwaHighScore
    Apr 20 09:29:09 filter MailScanner[8968]: Config: calling custom init function BaruwaWhitelist
    Apr 20 09:29:09 filter MailScanner[8968]: Using SpamAssassin results cache
    Apr 20 09:29:09 filter MailScanner[8968]: Connected to SpamAssassin cache database
    Apr 20 09:29:09 filter MailScanner[8968]: Enabling SpamAssassin auto-whitelist functionality...
    Apr 20 09:29:12 filter postfix/smtpd[8961]: disconnect from filter.castellanus.com[192.168.131.251]
    Apr 20 09:29:16 filter MailScanner[8968]: Connected to Processing Attempts Database
    Apr 20 09:29:16 filter MailScanner[8968]: Found 1 messages in the Processing Attempts Database
    Apr 20 09:29:16 filter MailScanner[8968]: Using locktype = flock
    Apr 20 09:31:21 filter MailScanner[5503]: Making attempt 2 at processing message 737FA1680EBD.A363A
    Apr 20 09:31:21 filter MailScanner[5503]: New Batch: Scanning 1 messages, 1049 bytes
    Apr 20 09:31:21 filter MailScanner[5503]: Virus and Content Scanning: Starting
    Apr 20 09:31:21 filter MailScanner[8978]: MailScanner E-Mail Virus Scanner version 4.81.4 starting...
    Apr 20 09:31:21 filter MailScanner[8978]: Reading configuration file /opt/MailScanner/etc/MailScanner.conf
    Apr 20 09:31:21 filter MailScanner[8978]: Reading configuration file /opt/MailScanner/etc/conf.d/README
    Apr 20 09:31:21 filter MailScanner[8978]: Read 867 hostnames from the phishing whitelist
    Apr 20 09:31:21 filter MailScanner[8978]: Read 5605 hostnames from the phishing blacklists
    Apr 20 09:31:21 filter MailScanner[8978]: Config: calling custom init function BaruwaLowScore
    Apr 20 09:31:21 filter MailScanner[8978]: Config: calling custom init function BaruwaBlacklist
    Apr 20 09:31:21 filter MailScanner[8978]: Config: calling custom init function BaruwaSQL
    Apr 20 09:31:21 filter MailScanner[8978]: Config: calling custom init function BaruwaHighScore
    Apr 20 09:31:21 filter MailScanner[8978]: Config: calling custom init function BaruwaWhitelist
    Apr 20 09:31:21 filter MailScanner[8978]: Using SpamAssassin results cache
    Apr 20 09:31:21 filter MailScanner[8978]: Connected to SpamAssassin cache database
    Apr 20 09:31:21 filter MailScanner[8978]: Enabling SpamAssassin auto-whitelist functionality...
    Apr 20 09:31:25 filter MailScanner[8978]: Connected to Processing Attempts Database
    Apr 20 09:31:25 filter MailScanner[8978]: Found 1 messages in the Processing Attempts Database
    Apr 20 09:31:25 filter MailScanner[8978]: Using locktype = flock
    
    I trying to send a email like that :
    HTML:
    root@filter:/home/wako# telnet 192.168.131.251 25
    Trying 192.168.131.251...
    Connected to 192.168.131.251.
    Escape character is '^]'.
    220 ESMTP SpamSnake
    ehlo filter
    250-filter.castellanus.com
    250-PIPELINING
    250-SIZE 10485760
    250-ETRN
    250-STARTTLS
    250-ENHANCEDSTATUSCODES
    250-8BITMIME
    250 DSN
    mail from: [email protected]
    250 2.1.0 Ok
    rcpt to: [email protected]
    250 2.1.5 Ok
    data
    354 End data with <CR><LF>.<CR><LF>
    test
    .
    250 2.0.0 Ok: queued as 582361680F19
    
    I have another question, in the tutorial page 2 section 6 when you say " Note: For this step, make sure to replace [email protected], example.com and @example.com with real values that matches your setup. "
    which file are you talking about ?
     
    Last edited: Apr 20, 2011
  8. Rocky

    Rocky New Member

    Hey,

    Have you logged into Baruwa as admin and setup the proper relay/transport for your domain?

    Also, the file in question is the postfix.sh file. This inputs the values into main.cf.
     
  9. luigi

    luigi New Member

    Yes I logged in baruwa as admin
    in which file I can setup the relay / transport ?
     
  10. Rocky

    Rocky New Member

    Please look at page3, under section 9. There's a section called Setup Instructions for Baruwa. Follow that and you should be ok.
     
  11. luigi

    luigi New Member

    I did everything in this section unless the end because I don't use hash.

    [​IMG][/URL]

    Say me if this file is good please because I find it on the internet
    /etc/nginx/uwsgi_params
    HTML:
    uwsgi_param  QUERY_STRING       $query_string;
    uwsgi_param  REQUEST_METHOD     $request_method;
    uwsgi_param  CONTENT_TYPE       $content_type;
    uwsgi_param  CONTENT_LENGTH     $content_length;
    
    uwsgi_param  REQUEST_URI        $request_uri;
    uwsgi_param  PATH_INFO          $document_uri;
    uwsgi_param  DOCUMENT_ROOT      $document_root;
    uwsgi_param  SERVER_PROTOCOL    $server_protocol;
    
    uwsgi_param  REMOTE_ADDR        $remote_addr;
    uwsgi_param  REMOTE_PORT        $remote_port;
    uwsgi_param  SERVER_PORT        $server_port;
    uwsgi_param  SERVER_NAME        $server_name;
    
     
    Last edited: Apr 20, 2011
  12. Rocky

    Rocky New Member

    Ok, since you installed it using apt, I'm sure it also installed apache2. You do:
    apt-get remove --purge apache2* nginx* uwsgi*

    Then follow the guide to reinstall nginx and uwsgi. I updated that section today to avoid the conflicts with apache and nginx.

    Otherwise, it seems as though your setup is correctly setup because you're able to log into baruwa.

    If you log in as your guest your, I'm assuming this is your domain admin, do you see any mails being populated?
     
  13. luigi

    luigi New Member

    So Firstly thanx for your help and for your time

    I do :
    HTML:
     apt-get remove --purge apache2* nginx* uwsgi*
    And after I remade the section 8 and 9

    I can connect to Baruwa with admin account, but the result it's the same

    [​IMG]
     
  14. Rocky

    Rocky New Member

    Hi,

    Is it possible to allow me to connect to your system via ssh? Let me know, I can take a peek to see if something points to what's happening.

    Rocky
     
  15. luigi

    luigi New Member

    I sent you a private message
    ;)
     
  16. luigi

    luigi New Member

    Thx Rocky for all !

    Just for other users :
    If you have a problem when you trying to add a adress in black or white list disable JavaScript on your browser ( I tested on IE9 and Firefox 4 )
     
  17. luigi

    luigi New Member

    hey,

    everything works fine locally, I send mail via telnet on my server and I see them well on baruwa
    however how see all mail traffic on the network?
    How does my server knows that there are mails that pass?
     
  18. Redfish

    Redfish New Member

    Hi,
    Can you share what was done to fix the MTA not being seen ?
    I have the same issue and configuration and your fix may be my fix....

    Patrick
     
  19. Rocky

    Rocky New Member

    Patrick,

    Check to see if you have MailScanner in both /opt and /etc.
     
  20. Redfish

    Redfish New Member

    Hi Rocky,
    Yes I have MailScanner in both /opt /etc but if I chek the conf file everything seems to point to /opt :

    admin@mailscanner:~$ more /opt/MailScanner/etc/MailScanner.conf | grep /etc
    # all the files in /opt/MailScanner/etc/conf.d so you can just add
    %etc-dir% = /opt/MailScanner/etc
    %report-dir% = /opt/MailScanner/etc/reports/en
    %rules-dir% = /opt/MailScanner/etc/rules
    %mcp-dir% = /opt/MailScanner/etc/mcp
    # Example: /opt/MailScanner/etc/mqueue.in.list.conf
    #For Exim users: Sendmail2 = /usr/sbin/exim -C /etc/exim/exim_send.conf
    #Sendmail2 = /usr/sbin/sendmail -C /etc/exim/exim_send.conf
    # called /etc/MailScanner/rules/scan.messages.rules and set the next line to
    # Normal location on most systems is /etc/mail/spamassassin.
    SpamAssassin Site Rules Dir = /etc/mail/spamassassin
    # The site-local rules are searched for here, and in prefix/etc/spamassassin,
    # prefix/etc/mail/spamassassin, /usr/local/etc/spamassassin, /etc/spamassassin,
    # /etc/mail/spamassassin, and maybe others.
    #SpamAssassin Local Rules Dir = /opt/MailScanner/etc/mail/spamassassin
    include /opt/MailScanner/etc/conf.d/*

    What do you suggest, remove Mailscanner from /etc ?

    Thank you for your help

    Patrick
     

Share This Page