sendmail + clamav + spamassasin config help

Robert Bonomi bonomi at mail.r-bonomi.com
Tue Aug 14 16:01:46 UTC 2012


> From owner-freebsd-questions at freebsd.org  Mon Aug 13 21:55:24 2012
> Date: Tue, 14 Aug 2012 02:51:17 -0400 (EDT)
> From: AN <andy at neu.net>
> To: freebsd-questions at freebsd.org
> Subject: sendmail + clamav + spamassasin config help
>
> FreeBSD mail.neu.net 9.1-PRERELEASE FreeBSD 9.1-PRERELEASE #2 r239243: 
> Mon Aug 13 19:20:19 EDT 2012  
> root at mail.neu.net:/usr/obj/usr/src/sys/GENERIC  amd64
>
> I am trying to configure sendmail + clamav + spamassasin.  The problem I 
> have is that neither clamav or spamassasin runs when I send or receive 
> email.  I would like the server to do the following:
>
> 1. check dns blacklists, which is working (see below)
>
> Aug 14 02:00:54 mail sm-mta[38461]: ruleset=check_relay, 
> arg1=[37.121.149.208], arg2=127.0.0.4, relay=[37.121.149.208], reject=550
> 5.7.1 Rejected: 37.121.149.208 listed at sbl-xbl.spamhaus.org

Confirm.  FEATURE dsnsbl is functioning.
>
> 2. run spamd
> 3. run clamav
> Aug 14 02:04:41 mail sm-mta[38464]: q7E64eCv038464: milter=clmilter, action=rcpt, continue 
> Aug 14 02:04:41 mail sm-mta[38464]: q7E64eCv038464: milter=clmilter, action=header, continue 
> Aug 14 02:04:41 mail lastmessage repeated 12 times 
> Aug 14 02:04:41 mail sm-mta[38464]: q7E64eCv038464: milter=clmilter, action=body, continue 
> Aug 14 02:04:42 mail sm-mta[38464]: q7E64eCv038464: Milter accept: message 
> Aug 14 02:04:42 mail sm-mta[38464]: q7E64eCv038464: --- 250 2.0.0 q7E64eCv038464 Message accepted for delivery
> 
> spamd and clamav never execute.

The above logfile entries  appear to show that the milter interfae for clamav 
_is_ being invoked.  Although nothing shows for 'spamassassin'.


NOTE: your copy/paste of the .mc file, etc. *LOST* critical line-break
formatting.  I've had to _guess_ where breaks occured in ressurecting
the files.  There are 'dnl' verbs below that appear to have nothing after 
them.  *IF* what appears below as a separate line following such a 'dnl' is
actually on the same line with the dnl, then _that_ directive will *NOT*
be acted on.  YOU will have to double-check for that.
> 
> # cat mail.neu.net.mc
> divert(-1)
> #
> # Copyright (c) 1983 Eric P. Allman
> # Copyright (c) 1988, 1993
> #	The Regents of the University of California.  All rights reserved.
> #
> #
> #
>
> #
> #  This is a generic configuration file for FreeBSD 6.X and later systems. 
> #  If you want to customize it, copy it to a name appropriate for your
> #  environment and do the modifications there.
> #
> #  The best documentation for this .mc file is:
> #  /usr/share/sendmail/cf/README or
> #  /usr/src/contrib/sendmail/cf/README
> #
>
> divert(0)
> VERSIONID(`$FreeBSD: release/9.0.0/etc/sendmail/freebsd.mc 223068 2011-06-14 04:33:43Z gshapiro $')
> OSTYPE(freebsd6) 
> DOMAIN(generic)
>
> FEATURE(access_db, `hash -o -T<TMPF> /etc/mail/access') 
> FEATURE(blacklist_recipients)
> FEATURE(local_lmtp)
> FEATURE(mailertable,`hash -o /etc/mail/mailertable')
> FEATURE(virtusertable, `hash -o > /etc/mail/virtusertable')
>
> dnl Uncomment to allow relaying based on your MX records. 
> dnl NOTE: This can allow sites to use your server as a backup MX without
> dnl your permission. 
> dnl FEATURE(relay_based_on_MX)
>
> dnl DNS based black hole lists 
> dnl -------------------------------- 
> dnl DNS based black hole lists come and go on a regular basis 
> dnl so this file will not serve as a database of the available servers. 
> dnl For that, visit 
> dnl http://www.google.com/Top/Computers/Internet/E-mail/Spam/Blacklists/
>
> dnl Uncomment to activate your chosen DNS based blacklist 
> dnl FEATURE(dnsbl,`dnsbl.example.com') 
> dnl Alternatively, you can provide your own server and rejection message: 
> dnl FEATURE(dnsbl,`dnsbl.example.com',``"550 Mail from " $&{client_addr}" rejected'')
> FEATURE(dnsbl,`sbl-xbl.spamhaus.org')
> FEATURE(dnsbl,`bl.spamcop.net') 
>
>
> dnl Dialup users should uncomment and define this appropriately 
> dnl define(`SMART_HOST',`your.isp.mail.server')
>
> dnl Uncomment the first line to change the location of the default 
> dnl /etc/mail/local-host-names and comment out the second line. 
> dnl define(`confCW_FILE',`-o /etc/mail/sendmail.cw') 
> define(`confCW_FILE',`-o /etc/mail/local-host-names')
>
> INPUT_MAIL_FILTER(`clmilter',`S=local:/var/run/clamav/clmilter.sock,F=,T=S:4m;R:4m')dnl 
> INPUT_MAIL_FILTER(`spamassassin',`S=local:/var/run/spamass-milter.sock,F=,T=C:15m;S:4m;R:4m;E:10m')dnl
> define(`confINPUT_MAIL_FILTERS',`clmilter,spamassassin')dnl

The 'dnl' at the end of the above lines is superfluous, and should be removed.
>
> dnl Enable for both IPv4 and IPv6 (optional) 
> DAEMON_OPTIONS(`Name=IPv4,Family=inet') 
> DAEMON_OPTIONS(`Name=IPv6,Family=inet6,Modifiers=O')
>
> define(`confBIND_OPTS',`WorkAroundBrokenAAAA') 
> define(`confNO_RCPT_ACTION',`add-to-undisclosed') 
> define(`confPRIVACY_FLAGS',`authwarnings,noexpn,novrfy') 
> MAILER(local) 
> MAILER(smtp)
>
> [root at mail /etc/mail]#ps -aux
> root    1268   0.0  0.3  41200  2668 ??  Is   11:47PM   0:00.07 /usr/local/sbin/spamass-milter -f -p /var/run/spamass-milter.sock 
> root    1276   0.0  3.8 125724 39080 ??  Ss   11:47PM   0:02.85 /usr/local/bin/spamd -c -d -r /var/run/spamd/spamd.pid (perl) 
> root    1277   0.0  4.5 133916 45908 ??  I    11:47PM   0:07.54 spamd child (perl) 
> root    1278   0.0  3.7 125724 37996 ??  I    11:47PM   0:00.01 spamd child (perl) 
> clamav  1284   0.0  7.7 217948 79456 ??  Is   11:47PM   0:04.89 /usr/local/sbin/clamd 
> clamav  1290   0.0  0.2  27540  2328 ??  Is   11:47PM   0:00.08 /usr/local/sbin/clamav-milter -c /usr/local/etc/clamav-milter.conf
> clamav  1296   0.0  0.2  45080  2312 ??  Is   11:47PM   0:03.12 /usr/local/bin/freshclam --daemon -p /var/run/clamav/freshclam.pid
>
>
> Clamav was compiled with the milter enabled. Please let me know what 
> other info I can provide to help troubleshoot this, any help is 
> appreciated.

You may want to run sendmail -- just long enough for it to process a few 
incoming messages -- with a higher level of debugging enabled. You'll need
to see the sendmail documentation (or the 'bat' book) for details of an
appropriate value for the '-D' switch to sendmail invocation.



More information about the freebsd-questions mailing list