Bunch of issues with installing MailScanner on Ubuntu LTS 10.04

Thu Aug 4 13:02:58 IST 2011

> Från: "Martijn" <mailinglist at mindconnect.nl>
> Till: mailscanner at lists.mailscanner.info
> Skickat: torsdag, 4 aug 2011 13:18:15
> Ämne: Bunch of issues with installing MailScanner on Ubuntu LTS 10.04

> Hi guys,

> I'm designing and testing a new mail system for our company. While
> researching I came across MailScanner and I liked the way of thinking
> with putting mail in the hold queue for processing instead of running
> an
> extra SMTP-service like amavisd seems to need.

> But while testing I have come across a quite a few things that don't
> seem to work out using the providing documentation. Perhaps anyone
> could
> help solving these, in my particular situation, or upstream where it
> applies. I have numbered the issues for easier reference.

> There are a few sections where I may sound a bit frustrated. It's not
> personal and I respect what everyone is trying to do with
> MailScanner.
> With the trouble I'm experiencing currently, it's a bit hard for me
> to
> imagine this software is ready for production. I'm seeing messages
> all
> over the web that the software is ready, so I hope I actually did
> something stupid and MailScanner is not to 'blame'.

> Little bit of intro:
> MailScanner is basically the last thing we're adding to our setup. We
> already have a well running system that consists of (currently)
> Ubuntu
> LTS 10.04.2, equipped with Postfix 2.7.0 for SMTP and Dovecot 1.2.9
> for
> POP3, IMAP (The Dovecot LDA is used). All mail users are virtual.

> I'm completely new to MailScanner and I'm going through the
> documentation, eventually ending up at
> http://www.mailscanner.info/install_guides.html and more specifically
> http://www.mailscanner.info/ubuntu.html

> Issue 1:
> I see no date or version numbers mentioned there, except for the
> 8.04-part. I would really highly recommend this for all documentation
> and blogposts to prevent someone from staring at old docs for hours.
> Of
> course everyone has the intention of keeping docs up to date, but we
> all
> know there are times when it just doesn't happen.

> What I basically do reading documentation like this is: see if I
> understand what I'm doing and if that's the case then copy paste the
> commands, perhaps edit them if my system is different and then run
> them.
> In this case it's all pretty basic and I'm not aware of anything I
> need
> to edit for it to work, so I just start copy-pasting them.

> Issue 2:
> When installing the MailScanner Dependencies I notice that the
> documented command doesn't work for me. Unfortunately I don't have
> any
> notes for that part but I remember something about package names not
> matching, or needing to install the packages in a specific order
> instead
> of all at once.

> Problem solved, so I continue with the installation getting the
> latest
> .deb from the suggested
> http://debian.intergenia.de/debian/pool/main/m/mailscanner/ :
> That's mailscanner_4.79.11-2.2_all.deb.

> dpkg -i seems to run well, as well as the steps described under
> Configuring MailScanner and ClamAV, until the point I can start
> mailscanner:

> Issue 3:
> Could not read directory /var/spool/MailScanner/incoming at
> /usr/share/MailScanner//MailScanner/Config.pm line 2786
> Error in configuration file line 184, directory
> /var/spool/MailScanner/incoming for incomingworkdir does not exist
> (or
> is not readable) at /usr/share/MailScanner//MailScanner/Config.pm
> line 3146
> Could not read directory /var/spool/MailScanner/quarantine at
> /usr/share/MailScanner//MailScanner/Config.pm line 2786
> Error in configuration file line 188, directory
> /var/spool/MailScanner/quarantine for quarantinedir does not exist
> (or
> is not readable) at /usr/share/MailScanner//MailScanner/Config.pm
> line 3146

> So I check:
> root at insular:/var/spool/MailScanner# ls -la
> total 24
> drwxr-x--- 6 mail mail 4096 2011-08-04 10:46 .
> drwxr-xr-x 8 root root 4096 2011-08-04 10:40 ..
> drwxr-x--- 2 mail mail 4096 2010-12-09 20:36 archive
> drwxr-x--- 3 mail mail 4096 2011-08-04 10:54 incoming
> drwxr-x--- 2 mail mail 4096 2010-12-09 20:36 quarantine
> drwxr-xr-x 2 postfix root 4096 2011-08-04 10:46 spamassassin
> root at insular:/var/spool/MailScanner#

> Everything is there (I noticed the wrong permissions later, I'll get
> to
> that in a minute). Thinking that MailScanner failed to start because
> of
> these errors, I try to start again. /etc/init.d/mailscanner start
> returns no output, so I think the directories where created
> automatically after the first error and now everything runs well.

> In practice however, MailScanner started the first time dispite the
> errors. No idea what happened when I started it a second time. This
> may
> very well confuse a lot of people.
> I stop the service, check to see if no MailScanner processes are
> running
> and start fixing the permission problems.

> Issue 4:
> Alright so there's a problem with incomingworkdir and quarentinedir.
> Both exist, I notice they're owned by mail:mail but MailScanner runs
> as
> the postfix user so that probably is the problem. Although mail:mail
> is
> the Ubuntu default I don't see any ownership changes documented in
> the
> Ubuntu guide. I find an extra doc about Postfix and start going over
> all
> the checks: http://www.mailscanner.info/postfix.html

> Most of the points here are done while going through the Ubuntu
> steps.
> The doc does confirm that the directories need to be owned by
> postfix:postfix. I correct the problem and start the service: same
> error
> about directories not existing or not being readable.

> I check the permissions again, and they seem good:
> root at insular:/var/spool/MailScanner# ls -la
> total 24
> drwxr-x--- 6 mail mail 4096 2011-08-04 10:46 .
> drwxr-xr-x 8 root root 4096 2011-08-04 10:40 ..
> drwxr-x--- 2 mail mail 4096 2010-12-09 20:36 archive
> drwxr-x--- 3 postfix postfix 4096 2011-08-04 10:54 incoming
> drwxr-x--- 2 postfix postfix 4096 2010-12-09 20:36 quarantine
> drwxr-xr-x 2 postfix root 4096 2011-08-04 10:46 spamassassin
> root at insular:/var/spool/MailScanner#

> So I'm double checking values in the configuration, and they check
> out
> with what is documented. Now I'm a bit confused and I start checking
> general configuration with --lint.

> Issue 5:
> Running mailscanner --lint gives me some hints:
> "The "envelope_sender_header" in your spam.assassin.prefs.conf is not
> correct"
> Ok, corrected that.

> Plus, a range of errors because of trouble with the permissions,
> like:
> Could not create SpamAssassin temporary directory
> /var/spool/MailScanner/incoming/SpamAssassin-Temp, Permission denied
> at
> /usr/share/MailScanner//MailScanner/SA.pm line 80.

> But no real configuration problems seem to surface.

> Issue 6:
> After running mailscanner --lint, permissions on the directories in
> /var/spool/MailScanner have changed:
> root at insular:/var/spool/MailScanner# ls -la
> total 24
> drwxr-x--- 6 mail mail 4096 2011-08-04 10:46 .
> drwxr-xr-x 8 root root 4096 2011-08-04 10:40 ..
> drwxr-x--- 2 mail mail 4096 2010-12-09 20:36 archive
> drwxr-x--- 5 postfix clamav 4096 2011-08-04 12:46 incoming
> drwxr-x--- 2 postfix postfix 4096 2010-12-09 20:36 quarantine
> drwxr-xr-x 2 postfix root 4096 2011-08-04 10:46 spamassassin
> root at insular:/var/spool/MailScanner#

> Incoming is now suddenly owned by postfix:clamav. Clamav does happen
> to
> be the only scanner I have installed. If I just start MailScanner
> service normally, the permissions change doesn't happen. So I reverse
> the change to make sure I'm testing consistently.

> What else can I test? check_mailscanner:
> root at insular:/var/spool/MailScanner# check_mailscanner
> check_mailscanner: command not found
> root at insular:/var/spool/MailScanner# check_MailScanner
> check_MailScanner: command not found
> root at insular:/var/spool/MailScanner#

> Seems that I'm missing that script.

> Issue 7:
> In an earlier try (I'm collecting info on these issues on my second
> try)
> I ended up with a MailScanner that seemed to start without issues,
> but
> no mail came through and I discovered something is wrong in mail.log.
> MailScanner seems to be starting every few seconds. If I start
> MailScanner on my second try, the same thing happens:

> [...]
> Aug 4 12:45:26 insular MailScanner[12221]: Using SpamAssassin results
> cache
> Aug 4 12:45:26 insular MailScanner[12221]: Could not create
> SpamAssassin cache database
> /var/spool/MailScanner/incoming/SpamAssassin.cache.db
> Aug 4 12:45:26 insular MailScanner[12221]: Enabling SpamAssassin
> auto-whitelist functionality...
> Aug 4 12:46:03 insular MailScanner[12256]: MailScanner E-Mail Virus
> Scanner version 4.79.11 starting...
> Aug 4 12:46:04 insular MailScanner[12256]: Reading configuration file
> /etc/MailScanner/MailScanner.conf
> Aug 4 12:46:04 insular MailScanner[12256]: Configuration: Failed to
> find any configuration files like /etc/MailScanner/conf.d/*, skipping
> them.
> Aug 4 12:46:04 insular MailScanner[12256]: Read 858 hostnames from
> the
> phishing whitelist
> Aug 4 12:46:04 insular MailScanner[12256]: Read 5497 hostnames from
> the
> phishing blacklists
> Aug 4 12:46:04 insular MailScanner[12256]: Using SpamAssassin results
> cache
> Aug 4 12:46:04 insular MailScanner[12256]: Could not create
> SpamAssassin cache database
> /var/spool/MailScanner/incoming/SpamAssassin.cache.db
> Aug 4 12:46:04 insular MailScanner[12256]: Enabling SpamAssassin
> auto-whitelist functionality...
> Aug 4 12:46:06 insular MailScanner[12256]: I have found clamav
> scanners
> installed, and will use them all by default.
> Aug 4 12:46:06 insular MailScanner[12256]: Could not create
> Processing
> Attempts Database "/var/spool/MailScanner/incoming/Processing.db"
> Aug 4 12:46:06 insular MailScanner[12256]: Incoming Work Dir does not
> exist
> Aug 4 12:46:08 insular MailScanner[12303]: MailScanner E-Mail Virus
> Scanner version 4.79.11 starting...
> Aug 4 12:46:08 insular MailScanner[12303]: Reading configuration file
> /etc/MailScanner/MailScanner.conf
> Aug 4 12:46:09 insular MailScanner[12303]: Configuration: Failed to
> find any configuration files like /etc/MailScanner/conf.d/*, skipping
> them.
> Aug 4 12:46:09 insular MailScanner[12303]: Read 858 hostnames from
> the
> phishing whitelist
> Aug 4 12:46:09 insular MailScanner[12303]: Read 5497 hostnames from
> the
> phishing blacklists
> Aug 4 12:46:09 insular MailScanner[12303]: Using SpamAssassin results
> cache
> Aug 4 12:46:09 insular MailScanner[12303]: Could not create
> SpamAssassin cache database
> /var/spool/MailScanner/incoming/SpamAssassin.cache.db
> Aug 4 12:46:09 insular MailScanner[12303]: Enabling SpamAssassin
> auto-whitelist functionality...
> Aug 4 12:46:28 insular MailScanner[12314]: MailScanner E-Mail Virus
> Scanner version 4.79.11 starting...
> [...]

> When looking at the process list, the pattern is this:
> root at insular:/var/log# ps aux | grep MailScanner
> postfix 12553 0.0 1.9 26548 20184 ? SNs 13:03 0:00
> MailScanner: starting children
> postfix 12554 74.0 4.8 54996 49740 ? RN 13:03 0:01
> MailScanner: starting children
> root 12579 0.0 0.0 3324 796 pts/5 S+ 13:03 0:00 grep
> --color=auto MailScanner
> root at insular:/var/log# ps aux | grep MailScanner
> postfix 12553 0.0 1.9 26548 20184 ? SNs 13:03 0:00
> MailScanner: starting children
> postfix 12554 55.0 0.0 0 0 ? ZN 13:03 0:01
> [MailScanner] <defunct>
> root 12602 0.0 0.0 3324 796 pts/5 S+ 13:03 0:00 grep
> --color=auto MailScanner
> root at insular:/var/log# ps aux | grep MailScanner
> postfix 12553 0.3 1.9 26548 20488 ? SNs 13:03 0:00
> MailScanner: starting child
> postfix 12603 86.0 3.6 42708 37376 ? RN 13:03 0:00
> MailScanner: starting child
> root 12605 0.0 0.0 3324 796 pts/5 S+ 13:03 0:00 grep
> --color=auto MailScanner
> root at insular:/var/log#

> Starting children, <defunct>, starting children, etc.

> I've been Googling *a lot* of error strings and problems that I came
> across but I never really ended up with answers so this mailing list
> is
> my last resort. Went through a good few months of the mailing list by
> hand and didn't really find anything that really is the same as what
> I'm
> experiencing.

> I really would like to stick with MailScanner because I think there's
> an
> advantage in a system that works more transparent then linking a
> bunch
> of SMTP services together.

> Issue 8:
> Visiting http://www.mailscanner.info/docs.html as suggested in the
> e-mails I get from the mailing list, links "The MailScanner Book" and
> "Installation Guides" give me a 404.

> That rounds up all the issues I can remember and reproduce right now.

> Hope that anyone can help me.

> Thanks in advance,
> - Martijn
> --

Hi Martijn

Relating the directory permissions, maybe you need to review your configuration settings for the work dirs? See the well-commented configuration file under the section

#
# Incoming Work Dir Settings
# --------------------------
#

I'm guessing you want something like:
Incoming Work User = postfix
Incoming Work Group = postfix
Incoming Work Permissions = 0660

Also check what group your clam scanner is using, so that is configured with the same group!
(I.e if the clamd group is clamav, the group above should be clamav instead!)

/Markus