Scalix & Amavisd-New HOWTO - Wiki updated

Discuss the Scalix Server software

Moderators: ScalixSupport, admin

btisdall
Scalix Star
Scalix Star
Posts: 373
Joined: Tue Nov 22, 2005 12:13 pm
Contact:

Postby btisdall » Wed Sep 06, 2006 11:59 am

quacka wrote:
btisdall wrote:Unilkely. Messages need to trip a number of rules in order to exceed the 'is spam' threshold (unless you have it set extremely low). You need to examine the message headers to see why the mail was tagged.


I don't know hwo to do is their a tutorial for this?


I don't have time to give you this on a plate but basically:

Access the rules wizard from SWA or directly by it's URL:

https://server.example.com/Scalix/rw

Add a new rule, give it a title.

Under actions tell it want you want to do with the message. As an example you can move mail to an existing folder or Scalix will create the named folder for you automatically when it first moves a message.

Add a condition of: message contains: X-Spam-Flag: Yes

As for the non-scalix specific stuff, try Googling, the answers are already out there waiting for you.
Ben Tisdall
www.redcircleit.com
London

IanCoubrough
Posts: 11
Joined: Tue Aug 22, 2006 10:22 am
Location: Chester
Contact:

Maia

Postby IanCoubrough » Wed Sep 06, 2006 1:00 pm

Ben:

In one way it can be made to work, it is just not terribly user friendly.

Alter the port Maia uses to 25, the mail then gets sent through the whole system again, and ends up immediately back in the quaranteen area, however if in the process the rule 'Add recipient to my white list" has been processed then if the user releases the item a second time, Amavis will pick up on the white listing and let the item through.

It is good enough to provide a temporary work-around but it would be nice if there were some configurable rules in Scalix or Amavisd that allowed routing based on headers.

Ian

btisdall
Scalix Star
Scalix Star
Posts: 373
Joined: Tue Nov 22, 2005 12:13 pm
Contact:

Postby btisdall » Wed Sep 06, 2006 5:01 pm

Interesting.

I remember what the problem with using an alternate config when calling sendmail is - it drops its sgid privileges & fails with permission errors.

I *have* got it working by allowing amavis to call sm as root using sudo though:

EDIT: This is definitely NOT required! (see later post)

/etc/sudoers:

Code: Select all

amavis myhostname = NOPASSWD: /usr/sbin/sendmail


/etc/amavisd.conf

Code: Select all

$notify_method = 'pipe:flags=q argv=sudo /usr/sbin/sendmail -C
/etc/mail/sendmail-nomilter.cf -Ac -i -odd -f ${sender} -- ${recipient}';


Since I don't have Maia installed I couldn't test it as a forward method but can't see why it shouldn't work - can you try it Ian?

Of course running sendmail as root is generally considered to be bad thing (tm), but perhaps in this context it would be acceptable - or in fact particularly unacceptable (it's a shame that sendmail's trusted users aren't allowed to use an alternate config with no penalty).

OTOH, perhaps this can be solved without root privileges by specifying different queues in the .cf/on the command line & adjusting ownerships/group memberships.
Last edited by btisdall on Thu Sep 07, 2006 3:35 pm, edited 1 time in total.
Ben Tisdall

www.redcircleit.com

London

IanCoubrough
Posts: 11
Joined: Tue Aug 22, 2006 10:22 am
Location: Chester
Contact:

Maia

Postby IanCoubrough » Thu Sep 07, 2006 3:54 am

Ben:

I managed to find a solution last night:
When the mail is received by Amavis it checks the policy protocol, if the mail has been released from quarantine the helo_name will be 'maia' rather than 'scalixmail'.

In amavisd-maia there is a package Amavis::In::AMCL with a sub process_policy_request. In this sub there is a loop which checks various attributes. I added code to set a global flag at this point if the attributes value was 'maia'

In the package Amavis there is a sub called check_mail where a decision is taken whether or not to check for spam. At this point I added code to check my flag and bypass the spam check if set.

This is probably not a very elegent solution and I need to by-pass banned files as well, but it does work!

Ian

florian
Scalix
Scalix
Posts: 3852
Joined: Fri Dec 24, 2004 8:16 am
Location: Frankfurt, Germany
Contact:

Postby florian » Thu Sep 07, 2006 5:41 am

:-) Now this is something new...

I'll send a Scalix Community T-Shirt to Ben (btisdall) for continued support and contribution of all this useful information around Amavis & Scalix and others! :-)

Ben - could you please contact me by PM or mail (florian -att- scalix-dottt-com) and provide me with your full mailing address and T-Shirt size?

Thanks for all your hard work!

Florian
Florian von Kurnatowski, Die Harder!

btisdall
Scalix Star
Scalix Star
Posts: 373
Joined: Tue Nov 22, 2005 12:13 pm
Contact:

Postby btisdall » Thu Sep 07, 2006 2:31 pm

florian wrote:I'll send a Scalix Community T-Shirt to Ben (btisdall) for continued support and contribution of all this useful information around Amavis & Scalix and others! :-)


Well, this more than makes up for not getting that Blue Peter badge! (sorry, a joke for British readers there).

Ian: what you've done is cool, look forward to further developments. Meanwhile in this fork I've realised that it isn't necessary to call sm as root, simply define an alternate queue with correct perms for the amavis user instead. It's then just a question of running that alternate queue (as amavis, not root) to actually deliver the released mail - cron is the easiest option but there might be more elegant ways.
Ben Tisdall

www.redcircleit.com

London

dkelly
Scalix
Scalix
Posts: 593
Joined: Thu Mar 18, 2004 2:03 pm

Postby dkelly » Thu Sep 07, 2006 4:09 pm

btisdall wrote:Well, this more than makes up for not getting that Blue Peter badge! (sorry, a joke for British readers there).


If it makes you feel any better, I'm sitting looking at my Blue Peter Runner Up certificate from April 1981 with the signatures of Simon Groom, Sarah Greene and Peter Duncan.

O those were the days :-)

Cheers

Dave

nhudson
Posts: 13
Joined: Thu Aug 17, 2006 10:40 am

Postby nhudson » Fri Sep 08, 2006 10:25 am

I am having some trouble getting amavis to start up correctly. This is the error I am getting when I try to start the daemon.

Code: Select all

scalixdemo:/home/nhudson # /etc/init.d/amavis start
Starting virus-scanner (amavisd-new):                                                                  done
scalixdemo:/home/nhudson # Error in config file /etc/amavisd.conf: Global symbol "$quarantine_subdir_levels" requi res explicit package name at /etc/amavisd.conf line 12.
Global symbol "@local_domains_maps" requires explicit package name at /etc/amavisd.conf line 17.
Global symbol "$log_recip_templ" requires explicit package name at /etc/amavisd.conf line 19.
Global symbol "$syslog_facility" requires explicit package name at /etc/amavisd.conf line 21.
Global symbol "$syslog_priority" requires explicit package name at /etc/amavisd.conf line 22.
Global symbol "$enable_db" requires explicit package name at /etc/amavisd.conf line 24.
Global symbol "$enable_global_cache" requires explicit package name at /etc/amavisd.conf line 25.
Global symbol "$protocol" requires explicit package name at /etc/amavisd.conf line 26.
Global symbol "%interface_policy" requires explicit package name at /etc/amavisd.conf line 29.
Global symbol "%policy_bank" requires explicit package name at /etc/amavisd.conf line 30.
Global symbol "$sa_quarantine_cutoff_level" requires explicit package name at /etc/amavisd.conf line 37.
Global symbol "$penpals_bonus_score" requires explicit package name at /etc/amavisd.conf line 38.
Global symbol "$penpals_threshold_high" requires explicit package name at /etc/amavisd.conf line 39.
Global symbol "@addr_extension_virus_maps" requires explicit package name at /etc/amavisd.conf line 49.
Global symbol "@addr_extension_spam_maps" requires explicit package name at /etc/amavisd.conf line 50.
Global symbol "@addr_extension_banned_maps" requires explicit package name at /etc/amavisd.conf line 51.
Global symbol "@addr_extension_bad_header_maps" requires explicit package name at /etc/amavisd.conf line 52.
Global symbol "$defang_virus" requires explicit package name at /etc/amavisd.conf line 63.
Global symbol "$defang_banned" requires explicit package name at /etc/amavisd.conf line 64.
Global symbol "$warnbadhrecip" requires explicit package name at /etc/amavisd.conf line 81.
Global symbol "@keep_decoded_original_maps" requires explicit package name at /etc/amavisd.conf line 90.
Global symbol "@score_sender_maps" requires explicit package name at /etc/amavisd.conf line 140.
Global symbol "@decoders" requires explicit package name at /etc/amavisd.conf line 206.


This is on a SLES9 box and I have installed all the perl modules through cpan that were mentioned in an earlier thread. Anyone have any idea what I can do to solve this?

btisdall
Scalix Star
Scalix Star
Posts: 373
Joined: Tue Nov 22, 2005 12:13 pm
Contact:

Postby btisdall » Fri Sep 08, 2006 11:11 am

dkelly wrote:If it makes you feel any better, I'm sitting looking at my Blue Peter Runner Up certificate from April 1981 with the signatures of Simon Groom, Sarah Greene and Peter Duncan.


Never got my painting in the Vision On gallery either.

Oh, the humanity...
Ben Tisdall

www.redcircleit.com

London

btisdall
Scalix Star
Scalix Star
Posts: 373
Joined: Tue Nov 22, 2005 12:13 pm
Contact:

Postby btisdall » Fri Sep 08, 2006 11:28 am

nhudson wrote:I am having some trouble getting amavis to start up correctly. This is the error I am getting when I try to start the daemon.

Code: Select all

scalixdemo:/home/nhudson # /etc/init.d/amavis start
Starting virus-scanner (amavisd-new):                                                                  done
scalixdemo:/home/nhudson # Error in config file /etc/amavisd.conf: Global symbol "$quarantine_subdir_levels" requi res explicit package name at /etc/amavisd.conf line 12.
Global symbol "@local_domains_maps" requires explicit package name at /etc/amavisd.conf line 17.
Global symbol "$log_recip_templ" requires explicit package name at /etc/amavisd.conf line 19.
<snip>


This is on a SLES9 box and I have installed all the perl modules through cpan that were mentioned in an earlier thread. Anyone have any idea what I can do to solve this?


I've never seen such a large number of those errors, it does look like an installation problem.

I'm not familiar with SLES but on OSS10.0 I used a package manager (YaST or rug, I forget which) to install amavisd-new & the dependencies were all taken care of.

Hopefully someone else already has it running on SLES9 & can be more helpful.
Ben Tisdall

www.redcircleit.com

London

nhudson
Posts: 13
Joined: Thu Aug 17, 2006 10:40 am

Postby nhudson » Fri Sep 08, 2006 3:21 pm

Well I have now fixed the problem with that by upgrading my amavis to 2.4.1. Now I am running into another problem when it trys to filter mail.

Code: Select all

Sep  8 14:01:53 scalixdemo amavis[3888]: (!!) policy_server FAILED: Invalid/unexpected temporary directory name '/var/amavisd/afk88J1pwt003881' at (eval 51) line 241, <GEN4> line 12.

Sep  8 14:01:53 scalixdemo sendmail[3881]: k88J1pwt003881: Milter: data, reject=450 4.5.0 Failure: Invalid/unexpected temporary directory name '/var/amavisd/afk88J1pwt003881' at (eval 51) line 241, <GEN4> line 12.
Sep  8 14:01:53 scalixdemo sendmail[3881]: k88J1pwt003881: to=<all@awarix.com>, delay=00:00:00, pri=31395, stat=Failure: Invalid/unexpected temporary directory name '/var/amavisd/afk88J1pwt003881' at (eval 51) line 241, <GEN4> line 12.


So I have tried checking the perms and the user that amavis uses is a trusted user in sendmail. So I dont understand why now I am getting these error messages. Oh and it might be helpful to start adding a list of perl modules to install before trying to run amavisd-new, I ended up installing around 20-30 perl modules form cpan.

btisdall
Scalix Star
Scalix Star
Posts: 373
Joined: Tue Nov 22, 2005 12:13 pm
Contact:

Postby btisdall » Sat Sep 09, 2006 7:50 pm

The references to /var/amavisd look like they might be wrong - if SLES9 is like OSS10 then amavisd-new lives in something like /var/spool/amavis. Make sure that AMAVISD_HOME is set correctly in your sysconfig script & that your milter config in sendmail.cf also points to the correct file

As far as the Perl dependencies go, how did you install amavisd-new?
Ben Tisdall

www.redcircleit.com

London

nhudson
Posts: 13
Joined: Thu Aug 17, 2006 10:40 am

Postby nhudson » Mon Sep 11, 2006 9:54 am

Nope same error when I move the directory to /var/spool/amavis

Code: Select all

Sep 11 08:49:25 scalixdemo amavis[6838]: (!!) policy_server FAILED: Invalid/unexpected temporary directory name '/var/spool/amavis/afk8BDnOK5006973' at (eval 51) line 245, <GEN5> line 12.


Sep 11 08:49:25 scalixdemo sendmail-client[6972]: k87JQA91031596: to=<all@awarix.com>, delay=3+18:23:15, xdelay=00:00:00, mailer=relay, pri=19201207, relay=[127.0.0.1] [127.0.0.1], dsn=4.0.0, stat=Deferred:
450 4.5.0 Failure: Invalid/unexpected temporary directory name '/var/spool/amavis/afk8BDnOK5006973' at (eval 51) line 245, <GEN5> line 12.


As far as the perl modules go I will try to get a list of of the ones I installed and post them. It was around 20-30 I would guess.

btisdall
Scalix Star
Scalix Star
Posts: 373
Joined: Tue Nov 22, 2005 12:13 pm
Contact:

Postby btisdall » Tue Sep 12, 2006 9:18 am

nhudson wrote:Nope same error when I move the directory to /var/spool/amavis


Can you just clarify what you mean by this?
Ben Tisdall

www.redcircleit.com

London

nhudson
Posts: 13
Joined: Thu Aug 17, 2006 10:40 am

Postby nhudson » Tue Sep 12, 2006 9:35 am

You said that
The references to /var/amavisd look like they might be wrong - if SLES9 is like OSS10 then amavisd-new lives in something like /var/spool/amavis


So I moved the AMAVISD_HOME to /var/spool/amavis and restarted everything and I got the same error as I did before. The reference to amavisd in my sendmail.cf file is as follows

Code: Select all

Xmilter-amavis, S=local:/var/spool/amavis/amavisd-milter.sock, F=T, T=S:10m;R:10m;E:10m


Also my AMAVISD_HOME in my /etc/sysconfig/amavisd-milter is pointing to /var/spool/amavis


Return to “Scalix Server”



Who is online

Users browsing this forum: No registered users and 2 guests

cron