Topic: Spamassassin and ClamAV HowTo's for dummies

[bobk]

Thanks SteveB that works perfectly.

[Rigger]

Hi Paul,

This is quite annoying but I am afraid that I cannot fix it. Spamassassin installes some procmail templates which the system ought to use every time it changes i's own. The forwarding mechanism is actually also based on procmail (as far as I know). CLAM inserts itself in the mail queue and is much harder to mess with.

I am afriad I have no better solution than the one you have found yourself.

Rgds,
Jesper

Searching the forums I ran accross this fix. Apparently both Spammassassin and Amavis use the same method the to launch in version 6. Edit the /etc/amavis-ng/amavis.conf

Change;

[Qmail]

qmail-queue = /var/qmail/bin/qmail-queue

to:

[Qmail]

;qmail-queue = /var/qmail/bin/qmail-queue
qmail-queue = /var/qmail/bin/qmail-spamc


--
Doug M.
"Rigger"

[shanen]

If you want to use amavis-ng/clam and sa together, I can suggest using them sitewide. This works very well for me and you don't have to mess with procmail rules.

Read:

http://www.pagefault.org/howto/amavis_clam.shtml
or jespers site.

Then go to Jespers site and use his cool sa script:

http://sme.swerts-knudsen.dk

Then modify the amavis.conf file as Doug just suggested:

http://forums.contribs.org/index.php?topic=9115.msg34508#msg34508

[jerryyap]

Hi Jesper,

Just a note to say a big Thank You for writing the scripts to help novices like us install clamav amavis-ng.

My system caught about 20 Worm.Sco.A within the first hour of installation.

Thanks again for contributing so much to this project.

Regards,
Jerry Yap

[jerryyap]

Hi Jesper,

Just a note to say a big Thank You for writing the scripts to help novices like us install clamav amavis-ng.

My system caught about 20 Worm.Sco.A within the first hour of installation.

Thanks again for contributing so much to this project.

Regards,
Jerry Yap

[akuma]

Hi Jesper,
Great script and it's working like a charm, but I'm wondering when the definitions are updated?  And where do I find those parameters?

Thanks

[stiperstones]

Very easy to install but a problem with clamd AV
Log fie report sent ot me as below

ERROR: Can't get information about clamav.catt.com host.
ERROR: Connection with clamav.catt.com (IP: ???) failed.

Could someone explain what it mean's

[wacko]

firstly id like to say thnks for a great script!

i seem to have a few problems when running this, the default works fine. both normal and geek mode, moves the mail into the junk mail folder which is great!

When I installed spamassassin using the howto it tried to automatically udate itself via cron which is fine but I got dependency errors

The first email i got was

The following files were downloaded and installed:
  - spamassassin-2.63-1.i386.rpm
  - spamassassin-tools-2.63-1.i386.rpm
  - perl-Mail-SpamAssassin-2.63-1.i386.rpm

followed closely by


/etc/cron.daily/USA:

error: failed dependencies:
   perl-Mail-SpamAssassin = 2.63-1 is needed by spamassassin-2.63-1
error: failed dependencies:
   perl-Mail-SpamAssassin = 2.63-1 is needed by spamassassin-tools-2.63-1
error: failed dependencies:
   perl-Mail-SpamAssassin = 2.61-1 is needed by spamassassin-2.61-1
   perl-Mail-SpamAssassin = 2.61-1 is needed by spamassassin-tools-2.61-1
Shutting down spamd: [   OK   ]

Starting spamd: [   OK   ]


any fix for this? as i believe i will probably get the same error everytime cron runs?

I changed one of the users to geek mode from the user-manager and edited the .procmail file in the users home directory as shown below to mail spam to a separate account which I have set up ( I wish to do this for all the accounts so that they can be monitored this way. but currently trying to get it to work with one)


# ---------------------------------------------
# All mail tagged as spam (eg. with a score higher than the set threshold)
# is moved to spam@ mailbox
# ----------------------------------------------
:0
* ^X-Spam-Status: Yes
! spam@domain.com


# ---------------------------------------------
# All mail tagged as spam (eg. with a score higher than the set threshold)
# is moved to the junkmail folder
# ---------------------------------------------
#:0
#* ^X-Spam-Status: Yes
#$MAILDIR/;junkmail/


this does not seem to deliver the mail to either account I cant see it in the original account or the one which has been set up

the qmail log file shows me this

@4000000040197e4232f46154 delivery 12: success: procmail:_Skipped_"_"/procmail:_Couldn't_chdir_to_"/home/e-smith/files/users/username/Maildir/_"/procmail:_Skipped_"_"/did_0+0+1/
@4000000040197e4232f4da6c status: local 0/10 remote 0/20
@4000000040197e4232f4f9ac end msg 159729

it creates a procmail.log? file with a ? in the userhomedirectory which shows


"rocmail: Skipped "
"rocmail: Skipped "
"rocmail: Skipped "
"rocmail: Skipped "
: No such file or directory
"rocmail: Error while writing to "/usr/bin/spamc
procmail: Rescue of unfiltered data succeeded
"rocmail: Skipped "
 Subject: RE: 100%!!! FREEE!!!!!!!!!!!!!1  21:41
  Folder: /home/e-smith/files/users/username/Maildir/


in the Maildir directory I can see the email shown as ?? , also the devnull file for spam with a higher score, does that delete the mail automatically after a set period? or would it just build up there?

[root@sme Maildir]# ls
??  cur  devnull  ;INBOX  ;junkmail  new  tmp
[root@sme Maildir]#

and lastly is there a way to make the .procmail file setting to mail to a spam account (rather than a sep folder) permanent and global!?

Thnks for any help
wc

[SteveB]

wacko,

I hope this helps a little, I have been doing more or less the same thing today and for me it went well.

I used the scripts and how-to's over at
http://sme.swerts-knudsen.dk/ (many thanks Jesper)
to install spamassasin and clamav/amavis.

The updates went fine for me after a reboot.

Normal mode allows interaction in the user-manager panel
Geek mode transfers "ownership & responsibility" of maintaining the .procmailrc file to the user or admin and the file is not overwritten during updates etc.

If you move back from geek to normal in user-manager I believe it overwrites the .procmailrc with the default script, ISTR that it says something like that in the user-manager.

I did have a little trouble when setting to both deliver locally and to a remote address, with the mail then not using procmail, but this was fixed using
./lat-procmail -c "*|enabled|no|some|normal"

The part of the .procmailrc file you show has two basic recipes
:0
* ^X-Spam-Status: Yes
! spam@domain.com

If spam status (determined by spamassassin level) is yes then the mail will go to remote address spam@domain.com
I use this rule to forward spam identified by spamassassin to a seperate user account on my system
! spam@[my domain]
for manual checking whilst I experiment with the spamassassin levels. Im using 'high' with no false positives yet.

The second recipe
#:0
#* ^X-Spam-Status: Yes
#$MAILDIR/;junkmail/

is disabled by use of the "#" at the start of the line. Removing the # in itself is not enough to activate the recipe though. If the condition is met in the first recipe i.e. the X-Spam-Status is yes then the first recipe sends it to spam@domain.com and that would stop procmail using any further recipes on the .procmailrc script.

If you want the spam to be sent remote to the remote address,that is what you will achieve with your script as it is. If you want it to move it to the ;junkmail folder of the user then change your recipes to

#:0
#* ^X-Spam-Status: Yes
#! spam@domain.com

ignores the first recipe

:0
* ^X-Spam-Status: Yes
$MAILDIR/;junkmail/

uses the second

If you want more than 1 recipe to be used, like I did today when I wanted to send non-spam mail to a remote address and deliver locally then put a 'c' after the :0 which in script terms generates a copy of your mail to be passed along to the next condition.  

:0c
* ^X-Spam-Status: Yes
! spam@domain.com

:0
* ^X-Spam-Status: Yes
$MAILDIR/;junkmail/

This sends spam mail to a remote and to the local junkmail folder.

...

"rocmail: Skipped "

The missing 'P' at the start of the line, could be a clue.
Did you edit the .procmailrc in a DOS enviroment? This can cause problems with how DOS ends lines.
I used WinSCP to browse to the file and edit it, with no problems.

...

/dev/null
Sending your mail here is like lending your TV Tray to Homer Simpson - you are never gonna see it again - Just ask Ned Flanders  

Regards

SteveB

[wacko]

thnks for your reply steve,

...

"rocmail: Skipped "

The missing 'P' at the start of the line, could be a clue.
Did you edit the .procmailrc in a DOS enviroment? This can cause problems with how DOS ends lines.
I used WinSCP to browse to the file and edit it, with no problems.

...

This was the reason it was not working and i was getting those errors. I did a proper edit and everything worked like a charm. All spam eMail is now going through to a separate spam box.

/dev/null
Sending your mail here is like lending your TV Tray to Homer Simpson - you are never gonna see it again - Just ask Ned Flanders  

Regards

SteveB

yes but the the .procmail file generated by this script seems to point to \dev\null which is creating a directory in the users mail folder with all of the spam eMails which are supposed to be deleted.

Am not sure if this is supposed to happen or it is a typo by the developer? Just confirming if it is okie to change


* ^X-Spam-Level: \*\*\*\*\*\*\*\*\*\*\*\*\*\*\*
\dev\null


to


* ^X-Spam-Level: \*\*\*\*\*\*\*\*\*\*\*\*\*\*\*
/dev/null


one last thing i was processing eMail through the system last night and let it run as there seemed to be over a thousand emails going through (nearly all spam), but early this morning it shutdown and spam was getting through which was a pain to delete manually via webmail


Jan 30 04:03:53 spamassassin: spamd shutdown succeeded
Jan 30 04:04:34 root: spamd starting
Jan 30 04:04:34 spamd: Could not create INET socket: Address already in use IO::Socket::INET: Address already in use
Jan 30 04:04:35 spamassassin: spamd startup failed


any ideas on how to fix this? and make sure it doesn't happen again? Also if spamd does fail for whatever reason to put a process in place to make sure it starts up again later? as i had to start it manually later on when i started getting spam and noticed it had not been scanned by spamassassin.

Thnks
wc

[Anonymous]

wacko,

* ^X-Spam-Level: \*\*\*\*\*\*\*\*\*\*\*\*\*\*\*
/dev/null

certainly works to delete the spam but use with caution, if you are completely confident of no false positives.

\dev\null is in the default .procmailrc template installed by the scripts, as you say it does not delete the mail.

The default template is in the etc/e-smith/templates-user/.procmailrc/ folder called 95spamsort.

This is the default .procmailrc that gets generated when you change back from geek to normal, or run the lat-procmail for new users.

I customised this and it worked for all normal users.

...

I am not sure what caused your spamd: error sorry.

...

It would be great to auto check if spamassassin and amavis are running and if not restart them, could this be called from the fetchmail/sendmail scripts whenever mail is sent or received?
 
...

What would be really handy would be a custom set of procmail recipes for a "special user", eg.. specialuser@mydomain.com

Imagine sending your "special user" an email from anywhere, with code in the body to check and restart services, check stats, check logs etc, and email results back. Procmail recipes to strip out the code and act on them.

Anyone know of such a project?

Regards

SteveB

[stancol]

It works great on 5.6. Just installed it today. Wonderful wonderful scripts. The how to's are great too Thanks a bunch.

[Unique_Rabbit]

Hey guys... I just built a brand new 6.0 final server... first thing to add was Jesper's SA package.  Then, to "watch" it, I added the MRTG package, which has SA built in (also from Jesper's site)...  Then added ClamAV, again, from Jesper's site.  Now, everything seems to work fine, except webmail won't let you log in... asks for username and password, but sits there for ever... never gets past it...

Did I miss something?

[gbentley]

Hello All,

I am wondering if anyone can help with the following problem ?

I have done a fresh install of SME 6.0 set it up very nicely - all working.

I then applied Jespers script and have incoming email filtered / marked as spam etc.

The only problem seems to be that mail is not now being sent to the ISP SMTP relay. (You can see them lined up in the 'view mail log' in server manager)

I have set the times as every 15 mins but that hasnt helped at all. Things were working ok beforehand.

So a few questions :-

a) How to 'force' a mail send ?
b) Anything to check after installing SA ?

Many thanks for any time in replying !

[gbentley]

I dont know if this has any bearing on anything
but when I said I done a fresh install that was not strictly true - what I actually did was a backup
to desktop ona v5.6 and then a restore to the fresh 6.0 - however it did seem to run ok and SA was actually filtering incoming email.

I tried to maually run qmail-send and I think a run  script in another dir somewhere both of which said qmail was already running. I ran top and could not see any incidence of qmail.

As I am not sure how to interpret the log files is there anyone who can tell me how to best diagnose this issue and which logs to post or what to try next ?

Would it be better to do a re-install of 6.0 and a manual file copy of al the data / inputting users
and settings etc etc ???

Thanks for any suggestions.