MS+SA+CLAMAV on FreeBSD

Matthew K Bowman mkbowman at NEO.RR.COM
Wed Jul 14 13:23:25 IST 2004 

Martin Hepworth wrote:

> Matt
>
> argh need more coffee...
>
> ok I meant
>
>
> looks like you've NOT created the two sendmail queues and instances.
>
> MS sits in the middle of the two queues, scans email in the 'incoming'
> queue, processes it and if it passes the rules places the possibly
> header modified email in the processed sendmail queue.
>
> the second sendmail instance then spots the email in the processed queue
> and delivers it as per normal.
>
>
> --
> Martin Hepworth
> Snr Systems Administrator
> Solid State Logic
> Tel: +44 (0)1865 842300
>
>
> Martin Hepworth wrote:
>
>> Matt
>>
>> looks like you've created the two instances of sendmail queue for
>> MailScanner to look at ....
>>
>> are you sure you've followed the instructions??
>>
>>
>> --
>> Martin Hepworth
>> Snr Systems Administrator
>> Solid State Logic
>> Tel: +44 (0)1865 842300
>>
>>
>> Matthew K Bowman wrote:
>>
>>> Hi,
>>>
>>> I'm currently using 4 Redhat Boxes for MS, SA and F-prot. However we
>>> have found RH9 to be an unreliable OS, as a result we are looking at
>>> FreeBSD as an alternative OS.  I downloaded the source for  MS, Clamav
>>> and SA onto the FreeBSD and followed the instructions.
>>>
>>> FreeBSD 5.2.1
>>> MS installed fine with --ignore-perl (4.31-6)
>>> ClamAv installed fine  (0.74)
>>> SA installed fine (2.63)
>>>
>>> When MS starts up, it doesn't report its found messages in the
>>> queue, it
>>> appears that MS just hangs and sendmails just carries on and passes the
>>> mail through. It doesn't seem MS is actually do either spam or virus
>>> checks (maillog does not indicate so)
>>>
>>> Output of spamassassin -D --lint
>>>
>>> debug: Score set 0 chosen.
>>> debug: running in taint mode? yes
>>> debug: Running in taint mode, removing unsafe env vars, and resetting
>>> PATH
>>> debug: PATH included '/sbin', keeping.
>>> debug: PATH included '/bin', keeping.
>>> debug: PATH included '/usr/sbin', keeping.
>>> debug: PATH included '/usr/bin', keeping.
>>> debug: PATH included '/usr/games', keeping.
>>> debug: PATH included '/usr/local/sbin', keeping.
>>> debug: PATH included '/usr/local/bin', keeping.
>>> debug: PATH included '/usr/X11R6/bin', keeping.
>>> debug: PATH included '/root/bin', which doesn't exist, dropping.
>>> debug: Final PATH set to:
>>> /sbin:/bin:/usr/sbin:/usr/bin:/usr/games:/usr/local/sb
>>> in:/usr/local/bin:/usr/X11R6/bin
>>> debug: ignore: using a test message to lint rules
>>> debug: using "/usr/local/share/spamassassin" for default rules dir
>>> debug: using "/etc/mail/spamassassin" for site rules dir
>>> debug: using "/root/.spamassassin" for user state dir
>>> debug: using "/root/.spamassassin/user_prefs" for user prefs file
>>> debug: using "/root/.spamassassin" for user state dir
>>> debug: bayes: 4203 tie-ing to DB file R/O
>>> /root/.spamassassin/bayes_toks
>>> debug: bayes: 4203 tie-ing to DB file R/O
>>> /root/.spamassassin/bayes_seen
>>> debug: bayes: found bayes db version 2
>>> debug: bayes: Not available for scanning, only 1 spam(s) in Bayes DB <
>>> 200
>>> debug: bayes: 4203 untie-ing
>>> debug: bayes: 4203 untie-ing db_toks
>>> debug: bayes: 4203 untie-ing db_seen
>>> debug: Score set 1 chosen.
>>> debug: Initialising learner
>>> debug: using "/root/.spamassassin" for user state dir
>>> debug: bayes: 4203 tie-ing to DB file R/O
>>> /root/.spamassassin/bayes_toks
>>> debug: bayes: 4203 tie-ing to DB file R/O
>>> /root/.spamassassin/bayes_seen
>>> debug: bayes: found bayes db version 2
>>> debug: bayes: Not available for scanning, only 1 spam(s) in Bayes DB <
>>> 200
>>> debug: bayes: 4203 untie-ing
>>> debug: bayes: 4203 untie-ing db_toks
>>> debug: bayes: 4203 untie-ing db_seen
>>> debug: is Net::DNS::Resolver available? yes
>>> debug: trying (3) microsoft.com...
>>> debug: looking up MX for 'microsoft.com'
>>> debug: MX for 'microsoft.com' exists? 1
>>> debug: MX lookup of microsoft.com succeeded => Dns available (set
>>> dns_available
>>> to hardcode)
>>> debug: is DNS available? 1
>>> debug: all '*From' addrs: ignore at compiling.spamassassin.taint.org
>>> debug: running header regexp tests; score so far=0
>>> debug: running body-text per-line regexp tests; score so far=1.27
>>> debug: Razor2 is not available
>>> debug: running raw-body-text per-line regexp tests; score so far=1.27
>>> debug: running uri tests; score so far=1.27
>>> debug: uri tests: Done uriRE
>>> debug: running full-text regexp tests; score so far=1.27
>>> debug: Razor2 is not available
>>> debug: Current PATH is:
>>> /sbin:/bin:/usr/sbin:/usr/bin:/usr/games:/usr/local/sbin
>>> :/usr/local/bin:/usr/X11R6/bin
>>> debug: Pyzor is not available: pyzor not found
>>> debug: DCCifd is not available: no r/w dccifd socket found.
>>> debug: DCC is not available: no executable dccproc found.
>>> debug: all '*To' addrs:
>>> debug: RBL: success for 1 of 1 queries
>>> debug: running meta tests; score so far=1.27
>>> debug: is spam? score=1.27 required=5 tests=DATE_MISSING,NO_REAL_NAME
>>>
>>> Debug from MS:
>>>
>>> In Debugging mode, not forking...
>>> debug: Score set 0 chosen.
>>> debug: running in taint mode? no
>>> SA bayes lock is /root/.spamassassin/bayes.lock
>>> Bayes lock is at /root/.spamassassin/bayes.lock
>>> debug: ignore: test message to precompile patterns and load modules
>>> debug: using "/usr/local/share/spamassassin" for default rules dir
>>> debug: using "/etc/mail/spamassassin" for site rules dir
>>> debug: using "/etc/MailScanner/spam.assassin.prefs.conf" for user prefs
>>> file
>>> debug: bayes: 4322 tie-ing to DB file R/O
>>> /root/.spamassassin/bayes_toks
>>> debug: bayes: 4322 tie-ing to DB file R/O
>>> /root/.spamassassin/bayes_seen
>>> debug: bayes: found bayes db version 2
>>> debug: bayes: Not available for scanning, only 1 spam(s) in Bayes DB <
>>> 200
>>> debug: bayes: 4322 untie-ing
>>> debug: bayes: 4322 untie-ing db_toks
>>> debug: bayes: 4322 untie-ing db_seen
>>> debug: Score set 1 chosen.
>>> debug: Initialising learner
>>> debug: bayes: 4322 tie-ing to DB file R/O
>>> /root/.spamassassin/bayes_toks
>>> debug: bayes: 4322 tie-ing to DB file R/O
>>> /root/.spamassassin/bayes_seen
>>> debug: bayes: found bayes db version 2
>>> debug: bayes: Not available for scanning, only 1 spam(s) in Bayes DB <
>>> 200
>>> debug: bayes: 4322 untie-ing
>>> debug: bayes: 4322 untie-ing db_toks
>>> debug: bayes: 4322 untie-ing db_seen
>>> debug: is Net::DNS::Resolver available? yes
>>> debug: trying (3) google.de...
>>> debug: looking up MX for 'google.de'
>>> debug: MX for 'google.de' exists? 1
>>> debug: MX lookup of google.de succeeded => Dns available (set
>>> dns_available to hardcode)
>>> debug: is DNS available? 1
>>> debug: all '*From' addrs: ignore at compiling.spamassassin.taint.org
>>> debug: running header regexp tests; score so far=0
>>> debug: running body-text per-line regexp tests; score so far=1.27
>>> debug: Razor2 is not available
>>> debug: running raw-body-text per-line regexp tests; score so far=1.27
>>> debug: running uri tests; score so far=1.27
>>> debug: uri tests: Done uriRE
>>> debug: running full-text regexp tests; score so far=1.27
>>> debug: Razor2 is not available
>>> debug: Current PATH is: /sbin:/bin:/usr/sbin:/usr/bin
>>> debug: Pyzor is not available: pyzor not found
>>> debug: all '*To' addrs:
>>> debug: RBL: success for 1 of 1 queries
>>> debug: running meta tests; score so far=1.27
>>> debug: is spam? score=1.27 required=5 tests=DATE_MISSING,NO_REAL_NAME
>>>
>>>
>>> Can anyone point me in the right direction here please.
>>>
>>> Thank you
>>>
>>> Matthew
>>>
>>> -------------------------- MailScanner list ----------------------
>>> To leave, send    leave mailscanner    to jiscmail at jiscmail.ac.uk
>>> Before posting, please see the Most Asked Questions at
>>> http://www.mailscanner.biz/maq/     and the archives at
>>> http://www.jiscmail.ac.uk/lists/mailscanner.html
>>>
>>
>> **********************************************************************
>>
>> This email and any files transmitted with it are confidential and
>> intended solely for the use of the individual or entity to whom they
>> are addressed. If you have received this email in error please notify
>> the system manager.
>>
>> This footnote confirms that this email message has been swept
>> for the presence of computer viruses and is believed to be clean.
>>
>> **********************************************************************
>>
>> -------------------------- MailScanner list ----------------------
>> To leave, send    leave mailscanner    to jiscmail at jiscmail.ac.uk
>> Before posting, please see the Most Asked Questions at
>> http://www.mailscanner.biz/maq/     and the archives at
>> http://www.jiscmail.ac.uk/lists/mailscanner.html
>>
>
> **********************************************************************
>
> This email and any files transmitted with it are confidential and
> intended solely for the use of the individual or entity to whom they
> are addressed. If you have received this email in error please notify
> the system manager.
>
> This footnote confirms that this email message has been swept
> for the presence of computer viruses and is believed to be clean.
>
> **********************************************************************
>
> -------------------------- MailScanner list ----------------------
> To leave, send    leave mailscanner    to jiscmail at jiscmail.ac.uk
> Before posting, please see the Most Asked Questions at
> http://www.mailscanner.biz/maq/     and the archives at
> http://www.jiscmail.ac.uk/lists/mailscanner.html
>
>
Arg!!! I wonder if this is my problem:

# MailScanner starts here
mta_start_script="/opt/MailScanner/bin/rc.MailScanner"
MailScanner_incoming_queue="/var/spool/mqueue.in"
MailScanner_queue_time="15m"
MailScanner_check="/opt/MailScanner/bin/check_mailscanner"
MailScanner_pidfile="/opt/MailScanner/var/MailScanner.pid"
# MailScanner ends here

Ok i've modified the start_script to have start.

When i run rc.MailScanner normally its actually starting sendmail first
then mailscanner -- is that the problem?

Jul 14 08:21:02 udcommx4 sm-mta[25063]: starting daemon (8.12.10): SMTP
Jul 14 08:21:02 udcommx4 sendmail[25065]: starting daemon (8.12.10):
queueing at 00
:15:00
Jul 14 08:21:05 udcommx4 MailScanner[25085]: MailScanner E-Mail Virus
Scanner ve
rsion 4.31.6 starting...
Jul 14 08:21:05 udcommx4 sm-msp-queue[25087]: starting daemon (8.12.10):
queuein
g at 00:30:00

Matthew

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail at jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

More information about the MailScanner mailing list