debian packages - spamassassin not getting called
mark david mcCreary
mdm at INTERNET-TOOLS.COM
Sat Jun 29 22:59:14 IST 2002
I'm starting to use Mailscanner and Spamassassin, via Debian 3.0 (Woody).
Mailscanner is version 3.13 and Spamassassin is 2.20, and I am using
Exim 4 (not part of Woody).
Mailscanner is moving the email from one message queue to another and
running Sophos at that time. However I can find no trace that
SpamAssassin is ever invoked, although I have set Use SpamAssassin =
yes
The mailscanner logs say "Scanning 1 message, 1260 bytes", which I
interpret to be the virus scan.
Should there be any log entries reflecting SpamAssassin being called ?
Running Mailscanner in debug mode does not shed any more light on the
situation.
Does anybody have any ideas on where I have gone wrong ?
I will put my mailscanner.conf file below.
Thanks in advance.
mark
# Configuration file for MailScanner E-Mail Virus Scanner
# This file assumes everything is in the default locations provided
# by the MailScanner and RedHat 6.2 and upwards.
#
# Note: If your directories are symlinked (soft-linked) in any way,
# please put their *real* location in here, not a path that
# includes any links. You may get some very strange error
# messages from some of the virus scanners if you don't.
# User to run as (provided for Exim users)
Run As User = mail
# Group to run as (provided for Exim users)
Run As Group = mail
# In every batch of virus-scanning, limit the maximum
# a) number of text-only messages to deliver
# b) number of potentially infected messages to unpack and scan
# c) total size of text-only messages to deliver
# d) total size of potentially infected messages to unpack and scan
Max Safe Messages Per Scan = 500
Max Unsafe Messages Per Scan = 100
Max Safe Bytes Per Scan = 100000000
Max Unsafe Bytes Per Scan = 50000000
# To avoid resource leaks, re-start periodically.
Restart Every = 14400 # 4 hours
# Name of this host, or just "the MailScanner" if you want to hide this info.
# It can be placed in the Help Desk note contained in virus warnings
sent to users.
Host name = relay.internet-tools.com
# Add this extra header to all mail as it is scanned.
# (this must *include* terminating colon).
Mail Header = X-MailScanner:
# Set the mail header to these values for clean/infected messages.
Clean Header = Certified virus free by Sophos Anti-Virus
Infected Header = Infected Message according to Sophos Anti-Virus
Disinfected Header = Disinfected by Sophos Anti-Virus
# Set where to unpack incoming messages before scanning them
Incoming Work Dir = /var/spool/mailscanner/incoming
# Set where to store infected message attachments (if they are kept)
Quarantine Dir = /var/spool/mailscanner/quarantine
# Set where to store the process id so you can easily stop the scanner
Pid File = /var/run/mailscanner/mailscanner.pid
# Set where to find the attachment filename ruleset.
# The structure of this file is explained elsewhere, but it is used to
# accept or reject file attachments based on their name, regardless of
# whether they are infected or not.
Filename Rules = /etc/mailscanner/filename.rules.conf
# Set where to find the message text sent to users when one of their
# attachments has been quarantined.
Stored Virus Message Report = /etc/mailscanner/stored.virus.message.txt
Stored Bad Filename Message Report =
/etc/mailscanner/stored.filename.message.txt
# Set where to find the message text sent to users when one of their
# attachments has been deleted.
Deleted Virus Message Report = /etc/mailscanner/deleted.virus.message.txt
Deleted Bad Filename Message Report =
/etc/mailscanner/deleted.filename.message.txt
# Set where to find the message text sent to users explaining about the
# attached disinfected documents.
Disinfected Report = /etc/mailscanner/disinfected.report.txt
# Set location of incoming mail queue
# and location of outgoing mail queue.
Incoming Queue Dir = /var/spool/exim_incoming/input
Outgoing Queue Dir = /var/spool/exim/input
# Set whether to use sendmail or exim (default is sendmail)
MTA = exim
# Set how to invoke MTA when sending created message
# (e.g. to sender/recipient saying "found a virus in your message")
Sendmail = /usr/sbin/exim
# Sendmail2 is provided for Exim users.
# It defaults to the value supplied for Sendmail.
# It is the command used to attempt delivery of outgoing
# (scanned/cleaned) messages.
# This is not usually required for sendmail.
Sendmail2 = /usr/sbin/exim -C /etc/exim/exim.conf.outgoing
# Do you want to scan email for viruses?
# A few people have wanted to disable the entire virus scanning.
Virus Scanning = yes
# Which Virus Scanning package to use:
# sophos from www.sophos.com, or
# mcafee from www.mcafee.com, or
# command from www.command.co.uk, or
# kaspersky from www.kaspersky.com, or
# inoculate from www.cai.com/products/inoculateit.htm, or
# f-secure from www.f-secure.com, or
# f-prot from www.f-prot.com (which is *free* for Linux as of 1/1/2002)
#
# Note: If you want to use multiple virus scanners, then this should be a
# comma-separated list of virus scanners. For example:
# Virus Scanner = sophos, f-prot
#
Virus Scanner = sophos
# Where the Virus scanner is installed. This is the command needed to run it.
#
# Note: If you want to use multiple virus scanners, then this should be a
# comma-separated list of commands, **in the same order** as they are listed
# in the "Virus Scanner" keyword just above. For example:
# Sweep = /etc/mailscanner/wrapper/sophoswrapper,
/etc/mailscanner/wrapper/f-protwrapper
#
Sweep = /etc/mailscanner/wrapper/sophoswrapper
# The maximum length of time the commercial virus scanner is allowed to run
# for 1 batch of messages (in seconds).
Virus Scanner Timeout = 300
# Expand TNEF attachments using an external program?
# This should be "yes" except for Sophos (when it should be "no")
# as Sophos has the facility built-in.
Expand TNEF = no
# Where the MS-TNEF expander is installed.
# The new --maxsize option limits the maximum size that any expanded attachment
# may be. It helps protect against Denial Of Service attacks in TNEF files.
TNEF Expander = /usr/bin/tnef --maxsize=100000000
# The maximum length of time the TNEF Expander is allowed to run for 1 message.
# (in seconds)
TNEF Timeout = 120
# What should the attachments be called that replace virus-infected files?
Attachment Warning Filename = VirusWarning.txt
# Should we scan all messages, including plain-text messages which are normally
# harmless? This should be "yes" since the MyParty message appeared.
Scan All Messages = yes
# Once we have removed viruses from an email message and replaced them with
# VirusWarning.txt attachments, should we deliver the clean result to the
# original recipients (or just delete them if "no")?
Deliver To Recipients = yes
# Deliver messages with viruses removed to their original recipients
# if they came from a local address, or just delete them so no-one knows
# we have a virus outbreak on our site?
Deliver From Local Domains = yes
# Notify the senders of infected messages that they should check out
# their systems?
Notify Senders = yes
# Set where to find the message text sent to the senders of infected
# messages.
#Sender Report = /etc/mailscanner/sender.report.txt
Sender Virus Report = /etc/mailscanner/sender.virus.report.txt
Sender Bad Filename Report = /etc/mailscanner/sender.filename.report.txt
Sender Error Report = /etc/mailscanner/sender.error.report.txt
# Notify the local postmaster when any infections are found?
Notify Local Postmaster = yes
# Include the full headers of each message in the postmaster notification?
Postmaster Gets Full Headers = yes
# Set email address of who to notify about any infections found.
# Should put your full domain name here too,
# e.g. postmaster at your.domain.com
Local Postmaster = virusmaster at internet-tools.com
# Set what to do with infected attachments or messages.
# keep ==> Store under the "Quarantine Dir"
# delete ==> Just delete them
#Action = delete
Action = keep
# Should I attempt to disinfect infected attachments and then deliver
# the clean ones
Deliver Disinfected Files = yes
# Local domain name, or filename containing a list of local domain names
# The file supports blank entries, '#' and ';' comment characters and
# uses the first word off each line. This should be compatible with all
# such lines in a sendmail or Exim configuration file.
Local Domains = internet-tools.com
# Mark infected messages in the message body.
# There can now be more than 1 of these configuration lines here, so you can
# break the warning message over multiple lines.
Mark Infected Messages = yes
Inline Text Warning = Warning: This message has had one or more
attachments removed.
Inline Text Warning = Warning: Please read the "VirusWarning.txt"
attachment(s) for more information.
Inline HTML Warning = <P><B><FONT SIZE="+1" COLOR="red">Warning:
</FONT>This message has had one or more attachments removed. Please
read the "VirusWarning.txt" attachment(s) for more
information.</B><BR></P>
# Sign clean messages in the message body.
# There can be more than 1 of these configuration lines here, so you can
# break the signature message over multiple lines.
# Note that enabling this option will add to the overall system load as some
# major optimisations will no longer be possible!
Sign Clean Messages = no
Inline Text Signature = --
Inline Text Signature = This message has been scanned for viruses and
Inline Text Signature = dangerous content by MailScanner, and is
Inline Text Signature = believed to be clean.
Inline HTML Signature = <BR>--
Inline HTML Signature = <BR>This message has been scanned for viruses and
Inline HTML Signature = <BR>dangerous content by
Inline HTML Signature = <A
HREF="http://www.mailscanner.info/"><B>MailScanner</B></A>,
Inline HTML Signature = and is<BR>believed to be clean.
# Do you want to archive all mail in a directory for later inspection?
# Be warned if you are in the UK: this may well be illegal due to RIPA
# and DPA restrictions!
Archive Mail = no
# Where to store the mail archive.
# Be warned: this is likely to get big very quickly.
Archive Mail Dir = /var/spool/mailscanner/archive
#
# Per-Domain Scanning and Spam Detection
#
# Do we want to only scan certain named domains for viruses and spam?
Scanning By Domain = no
# Filename listing all the domains we want to scan
Domains To Scan = /etc/mailscanner/domains.to.scan.conf
# Do we want to add a MailScanner header to messages we have not scanned
Sign Unscanned Messages = no
# What do we want to put in the header
Unscanned Header = not scanned: please contact your email provider for details
#
# Spam Detection
#
# Should the anti-spam checks be done on all incoming messages?
Spam Checks = yes
# Set the name of the extra header to add to all messages found to be
# likely spam.
Spam Header = X-MailScanner-SpamCheck:
# Do you want to put some text on the front of the subject line when
# we think it is spam?
Spam Modify Subject = yes
# What text do we want to put on the front (gets followed by a " ")
Spam Subject Text = {SPAM?}
# Do we have the SpamAssassin package installed?
# This is a very good, very clever heuristics-based spam checker.
# For more info and installation instructions, see
http://spamassassin.taint.org/
Use SpamAssassin = yes
# Set the maximum size of message which we will check with SpamAssassin
# Don't set this too large as your system load will get very high processing
# huge messages.
Max SpamAssassin Size = 100000
# Set the maximum time to allow SpamAssassin to process 1 message
SpamAssassin Timeout = 10
# Set the list of database names and their corresponding DNS domains.
# All of these databases work in a similar way, allowing the simple use
# of multiple databases.
# See www.ordb.org and www.mail-abuse.org for more information.
#Spam List = ORDB-RBL, relays.ordb.org.
# MAPS now charge for their services, so you'll have to buy a contract before
# attempting to use the next 3 lines.
#Spam List = MAPS-RBL, blackholes.mail-abuse.org.
#Spam List = MAPS-DUL, dialups.mail-abuse.org.
#Spam List = MAPS-RSS, relays.mail-abuse.org.
# This next line works for JANET UK Academic sites only
#Spam List = MAPS-RBL+, rbl-plus.mail-abuse.ja.net.
# Define local networks from whom you should always accept mail, and
# never mark it as spam. This is useful in case your own mail servers
# are ever in the ORBS or MAPS lists.
#Accept Spam From = 152.78.
#Accept Spam From = 139.166.
# Define a list of email addresses and email domains from whom you should
# always accept mail, and never mark it as spam. This is useful in case
# someone you correspond with a lot has their mail servers in the ORBS or
# MAPS lists.
Spam White List = /etc/mailscanner/spam.whitelist.conf
#
# Advanced Features
# =================
#
# Don't bother changing anything below this unless you really know what
# you are doing.
#
# Set Debug to 1 to stop it running as a daemon
# and produce more verbose output
Debug = 0
# Attempt immediate delivery of messages, or just place them in the outgoing
# queue for the MTA to deliver at a time of its own choosing?
# If attempting immediate delivery, do them one at a time,
# or do them in batches of 30 at a time?
# Delivery Method = queue
# Delivery Method = individual
Delivery Method = batch
# How to lock spool files.
# Don't set this unless you *know* you need to.
# For sendmail, it defaults to "flock".
# For Exim, it defaults to "posix".
# No other type is implemented.
#Lock Type = flock
# Where to put the virus scanning engine lock files.
# These lock files are used between MailScanner and the virus signature
# "autoupdate" scripts, to ensure that they aren't both working at the
# same time (which could cause MailScanner to let a virus through).
Lock File Dir = /tmp
# What to do when you get several MailScanner headers in one message,
# from multiple MailScanner servers. Values are
# "append" : Append the new data to the existing header
# "add" : Add a new header
# "replace" : Replace the old data with the new data
# Default is "append"
Multiple Headers = append
# Some versions of Microsoft Outlook generate unparsable Rich Text
# format attachments. Do we want to deliver these bad attachments anyway?
# Setting this to yes introduces the slight risk of a virus getting through,
# but if you have a lot of troubled Outlook users you might need to do this.
# We are working on a replacement for the TNEF decoder.
Deliver Unparsable TNEF = no
# When attempting delivery of outgoing messages, should we do it in the
# background or wait for it to complete? The danger of doing it in the
# background is that the machine load goes ever upwards while all the
# slow sendmail processes run to completion. However, running it in the
# foreground may cause the mail server to run too slowly.
Deliver In Background = no
# Minimum acceptable code stability status -- if we come across code
# that's not at least as stable as this, we barf.
# This is currently only used to check that you don't end up using untested
# virus scanner support code without realising it.
# Levels used are:
# none - there may not even be any code.
# unsupported - code may be completely untested, a contributed dirty hack,
# anything, really.
# alpha - code is pretty well untested. Don't assume it will work.
# beta - code is tested a bit. It should work.
# supported - code *should* be reliable.
#
# Don't even *think* about setting this to anything other than "beta" or
# "supported" on a system that receives real mail until you have tested it
# yourself and are happy that it is all working as you expect it to.
# Don't set it to anything other than "supported" on a system that could
# ever receive important mail.
Minimum Code Status = supported
More information about the MailScanner
mailing list