sendmail + clamav + spamassasin config help
Robert Bonomi
bonomi at mail.r-bonomi.com
Tue Aug 14 16:01:46 UTC 2012
> From owner-freebsd-questions at freebsd.org Mon Aug 13 21:55:24 2012
> Date: Tue, 14 Aug 2012 02:51:17 -0400 (EDT)
> From: AN <andy at neu.net>
> To: freebsd-questions at freebsd.org
> Subject: sendmail + clamav + spamassasin config help
>
> FreeBSD mail.neu.net 9.1-PRERELEASE FreeBSD 9.1-PRERELEASE #2 r239243:
> Mon Aug 13 19:20:19 EDT 2012
> root at mail.neu.net:/usr/obj/usr/src/sys/GENERIC amd64
>
> I am trying to configure sendmail + clamav + spamassasin. The problem I
> have is that neither clamav or spamassasin runs when I send or receive
> email. I would like the server to do the following:
>
> 1. check dns blacklists, which is working (see below)
>
> Aug 14 02:00:54 mail sm-mta[38461]: ruleset=check_relay,
> arg1=[37.121.149.208], arg2=127.0.0.4, relay=[37.121.149.208], reject=550
> 5.7.1 Rejected: 37.121.149.208 listed at sbl-xbl.spamhaus.org
Confirm. FEATURE dsnsbl is functioning.
>
> 2. run spamd
> 3. run clamav
> Aug 14 02:04:41 mail sm-mta[38464]: q7E64eCv038464: milter=clmilter, action=rcpt, continue
> Aug 14 02:04:41 mail sm-mta[38464]: q7E64eCv038464: milter=clmilter, action=header, continue
> Aug 14 02:04:41 mail lastmessage repeated 12 times
> Aug 14 02:04:41 mail sm-mta[38464]: q7E64eCv038464: milter=clmilter, action=body, continue
> Aug 14 02:04:42 mail sm-mta[38464]: q7E64eCv038464: Milter accept: message
> Aug 14 02:04:42 mail sm-mta[38464]: q7E64eCv038464: --- 250 2.0.0 q7E64eCv038464 Message accepted for delivery
>
> spamd and clamav never execute.
The above logfile entries appear to show that the milter interfae for clamav
_is_ being invoked. Although nothing shows for 'spamassassin'.
NOTE: your copy/paste of the .mc file, etc. *LOST* critical line-break
formatting. I've had to _guess_ where breaks occured in ressurecting
the files. There are 'dnl' verbs below that appear to have nothing after
them. *IF* what appears below as a separate line following such a 'dnl' is
actually on the same line with the dnl, then _that_ directive will *NOT*
be acted on. YOU will have to double-check for that.
>
> # cat mail.neu.net.mc
> divert(-1)
> #
> # Copyright (c) 1983 Eric P. Allman
> # Copyright (c) 1988, 1993
> # The Regents of the University of California. All rights reserved.
> #
> #
> #
>
> #
> # This is a generic configuration file for FreeBSD 6.X and later systems.
> # If you want to customize it, copy it to a name appropriate for your
> # environment and do the modifications there.
> #
> # The best documentation for this .mc file is:
> # /usr/share/sendmail/cf/README or
> # /usr/src/contrib/sendmail/cf/README
> #
>
> divert(0)
> VERSIONID(`$FreeBSD: release/9.0.0/etc/sendmail/freebsd.mc 223068 2011-06-14 04:33:43Z gshapiro $')
> OSTYPE(freebsd6)
> DOMAIN(generic)
>
> FEATURE(access_db, `hash -o -T<TMPF> /etc/mail/access')
> FEATURE(blacklist_recipients)
> FEATURE(local_lmtp)
> FEATURE(mailertable,`hash -o /etc/mail/mailertable')
> FEATURE(virtusertable, `hash -o > /etc/mail/virtusertable')
>
> dnl Uncomment to allow relaying based on your MX records.
> dnl NOTE: This can allow sites to use your server as a backup MX without
> dnl your permission.
> dnl FEATURE(relay_based_on_MX)
>
> dnl DNS based black hole lists
> dnl --------------------------------
> dnl DNS based black hole lists come and go on a regular basis
> dnl so this file will not serve as a database of the available servers.
> dnl For that, visit
> dnl http://www.google.com/Top/Computers/Internet/E-mail/Spam/Blacklists/
>
> dnl Uncomment to activate your chosen DNS based blacklist
> dnl FEATURE(dnsbl,`dnsbl.example.com')
> dnl Alternatively, you can provide your own server and rejection message:
> dnl FEATURE(dnsbl,`dnsbl.example.com',``"550 Mail from " $&{client_addr}" rejected'')
> FEATURE(dnsbl,`sbl-xbl.spamhaus.org')
> FEATURE(dnsbl,`bl.spamcop.net')
>
>
> dnl Dialup users should uncomment and define this appropriately
> dnl define(`SMART_HOST',`your.isp.mail.server')
>
> dnl Uncomment the first line to change the location of the default
> dnl /etc/mail/local-host-names and comment out the second line.
> dnl define(`confCW_FILE',`-o /etc/mail/sendmail.cw')
> define(`confCW_FILE',`-o /etc/mail/local-host-names')
>
> INPUT_MAIL_FILTER(`clmilter',`S=local:/var/run/clamav/clmilter.sock,F=,T=S:4m;R:4m')dnl
> INPUT_MAIL_FILTER(`spamassassin',`S=local:/var/run/spamass-milter.sock,F=,T=C:15m;S:4m;R:4m;E:10m')dnl
> define(`confINPUT_MAIL_FILTERS',`clmilter,spamassassin')dnl
The 'dnl' at the end of the above lines is superfluous, and should be removed.
>
> dnl Enable for both IPv4 and IPv6 (optional)
> DAEMON_OPTIONS(`Name=IPv4,Family=inet')
> DAEMON_OPTIONS(`Name=IPv6,Family=inet6,Modifiers=O')
>
> define(`confBIND_OPTS',`WorkAroundBrokenAAAA')
> define(`confNO_RCPT_ACTION',`add-to-undisclosed')
> define(`confPRIVACY_FLAGS',`authwarnings,noexpn,novrfy')
> MAILER(local)
> MAILER(smtp)
>
> [root at mail /etc/mail]#ps -aux
> root 1268 0.0 0.3 41200 2668 ?? Is 11:47PM 0:00.07 /usr/local/sbin/spamass-milter -f -p /var/run/spamass-milter.sock
> root 1276 0.0 3.8 125724 39080 ?? Ss 11:47PM 0:02.85 /usr/local/bin/spamd -c -d -r /var/run/spamd/spamd.pid (perl)
> root 1277 0.0 4.5 133916 45908 ?? I 11:47PM 0:07.54 spamd child (perl)
> root 1278 0.0 3.7 125724 37996 ?? I 11:47PM 0:00.01 spamd child (perl)
> clamav 1284 0.0 7.7 217948 79456 ?? Is 11:47PM 0:04.89 /usr/local/sbin/clamd
> clamav 1290 0.0 0.2 27540 2328 ?? Is 11:47PM 0:00.08 /usr/local/sbin/clamav-milter -c /usr/local/etc/clamav-milter.conf
> clamav 1296 0.0 0.2 45080 2312 ?? Is 11:47PM 0:03.12 /usr/local/bin/freshclam --daemon -p /var/run/clamav/freshclam.pid
>
>
> Clamav was compiled with the milter enabled. Please let me know what
> other info I can provide to help troubleshoot this, any help is
> appreciated.
You may want to run sendmail -- just long enough for it to process a few
incoming messages -- with a higher level of debugging enabled. You'll need
to see the sendmail documentation (or the 'bat' book) for details of an
appropriate value for the '-D' switch to sendmail invocation.
More information about the freebsd-questions
mailing list