Any news?

I'm getting the same problem: the number of spam mail is increasing...

What problem are you seeing?

In general, if you see an increase in the number of spam getting through, it is good to check that Bayes is being used.

To check that the Bayes db is accessible do:

# ls -l /var/amavis/.spamassassin total 31028

-rw------- 1 vscan vscan 20774912 Jan 26 13:55 auto-whitelist

-rw------- 1 vscan vscan 83040 Jan 26 13:55 bayes_journal

-rw-rw---- 1 vscan vscan 10452992 Jan 26 13:55 bayes_seen

-rw------- 1 vscan vscan 4853760 Jan 26 13:55 bayes_toks

-rw-rr 1 vscan vscan 1487 Aug 6 2006 user_prefs

If it doesn't look like vscan:vscan on all the files do:

chown -R vscan:vscan /var/amavis/.spamassassin

Thanks for that - identified an ownership problem with my bayes.

Couple of questions:

1) Looking at my .spamassassin directory, I don't have a user_prefs file

- is that an issue?

2) There's lots of unusual ownerships of files within the virtual

appliance, and when using port upgrade, they can often get changed to the

wrong thing. Do you by any chance have a script that can be run to set

all the ownerships and permissions correctly to make the appliance work

again?

Thanks,

Andrew

Nope, shouldn't be.

2) There's lots of unusual ownerships of files within the virtual

appliance, and when using port upgrade, they can often get changed to the

wrong thing. Do you by any chance have a script that can be run to set

all the ownerships and permissions correctly to make the appliance work

again?

No, but I have long meant to write one. Some of the main points are the ownership of the ClamAV files:

$ ls -l /var/db/clamav

total 6

drwxr-xr-x 2 vscan vscan 512 Feb 18 22:02 daily.inc

drwxr-xr-x 2 vscan vscan 512 Feb 18 18:16 main.inc

-rw------- 1 vscan vscan 1404 Feb 18 22:02 mirrors.dat

$ ls -l /var/log/clamav

total 5584

-rw-r----- 1 vscan vscan 1049154 Feb 18 22:01 clamd.log

-rw-r----- 1 vscan vscan 4614905 Feb 18 22:02 freshclam.log

And the aforementioned SpamAssassin files:

$ ls -l /var/amavis/.spamassassin

total 39416

-rw------- 1 vscan vscan 40198144 Feb 18 22:18 auto-whitelist

-rw------- 1 vscan vscan 4128 Feb 18 22:18 bayes_journal

-rw-rw---- 1 vscan vscan 10452992 Feb 18 22:18 bayes_seen

-rw------- 1 vscan vscan 5316608 Feb 18 22:18 bayes_toks

-rw-rr 1 vscan vscan 1487 Aug 6 2006 user_prefs

Thanks,

Andrew

Thanks for that - identified an ownership problem with my bayes.

Couple of questions:

1) Looking at my .spamassassin directory, I don't have a user_prefs file

- is that an issue?

Where would be the best reference to update the ClamAV engine. Trying to find the right package for BSD and a smooth process has been rather tricky. I fear of breaking a customization built into Spam Vigilante. Great setup btw. It's so simple and gets most of the job done.

D

Sehr geehrte Damen und Herren

Besten Dank für Ihr E-Mail, welche ich gerne nach meiner Abwesenheit, ab dem 10. März 2008 bearbeiten werde. In dringenden Fällen wenden Sie sich bitte an Jürg Wüest, wueest@rotronic.ch, +41 44 838 13 06 oder in Altiris Angelegenheiten an den Support support@rotronic.ch oder 0848 800 750.

Mit freundlichen Grüssen

i.V. Daniel Bühler

Sektorleiter System Management

ROTRONIC AG

Grindelstrasse 6

CH-8303 Bassersdorf

Email buehler@rotronic.ch

Tel +41 44 838 12 41

Fax +41 44 836 99 95

Besuchen Sie uns auch im Internet: http://www.rotronic.com / http://www.roline.com

Sorry - don't speak german....

Where would be the best reference to update the ClamAV engine. Trying to find the right package for BSD and a smooth process has been rather tricky. I fear of breaking a customization built into Spam Vigilante. Great setup btw. It's so simple and gets most of the job done.

D

I've been meaning to post this on my website forever in the howto section, but here is how to upgrade ClamAV.

#///Steps for ClamAV

#Upgrade ports. May take a while to download.

cvsup -z ~/ports-supfile

#Backup existing configuration

backup_conf

#Edit /etc/make.conf to accommodate some changes to ports.

#Even though X is not installed, add the following line (minus the '#')

#at the bottom of the file:

#X11BASE=$

vi /etc/make.conf

#Uninstall ClamAV 0.88

#// With pkg_tools

pkg_deinstall clamav

#// If pkg_tools aren't installed

#// do this instead.

#cd /usr/ports/security/clamav

#make deinstall

#Install ClamAV 0.9x

cd /usr/ports/security/clamav

make install

#Reset permissions on ClamAV DB, logs, and PID files.

chown -R vscan:vscan /var/db/clamav

chown -R vscan:vscan /var/log/clamav

chown -R vscan:vscan /var/run/clamav

#ClamAV made a few changes to its config file

#syntax, so the files need updated.

#The changes are shown below ('<' indicates the old

#line, '>' the new).

cd /usr/local/etc

#/// clamd.conf.diff

#76c76

#< FixStaleSocket

#---

#> FixStaleSocket false

#149c149

#< AllowSupplementaryGroups

#---

#> AllowSupplementaryGroups false

#205c205

#< ScanMail

#---

#> ScanMail true

vi clamd.conf

#/// freshclam.conf.diff

#44c44

#< AllowSupplementaryGroups

#---

#> AllowSupplementaryGroups false

#85c85

#< NotifyClamd

#---

#> #NotifyClamd

vi freshclam.conf

#Restart

shutdown -r now

#After reboot, watch the maillog

tail -f /var/log/maillog

#Now send yourself a test message, and see that it

#goes through without error.

Since migrating to Exchange Server 2007, newly created mailboxes can't receive mail. If I bypass SV the mail goes through. I suspect that I need to tell Spam Vigilante that the new users exist. How can I update the Exchange Recipients list in Spam Vigilante?

Thanks,

Alan Brewer

It should catch up automatically, but to force it right away do:

/usr/local/sbin/maintain-postfix-accounts.sh

If that still doesn't work, it could be the current LDAP query to find accounts isn't working properly for Exchange 2007. I have a copy, but I haven't tested against it yet. I would recommend commenting out the recipient validation check entirely in that case. Just comment out the 'relay_recipient_maps' line in /usr/local/etc/postfix/main.cf (last line in the file, by default) and reload the cfg.

/usr/local/etc/rc.d/postfix reload

I know I keep saying this, but when I do get around to releasing the next version this sync step will be cut entirely, as the check will be real-time.

<span class="447173513-05032008">Doing a /usr/local/sbin/maintain-postfix-accounts.sh failed. The message was

</div>

<div><span class="447173513-05032008">"Connecting with
SSL failed: {'desc': "Can't contact LDAP server"}</div><div><span class="447173513-05032008">{'desc': "Can't
contact LDAP server"}</div>

<span class="447173513-05032008">This query does however work...

</div>

<div><span class="447173513-05032008">ldapsearch -h &lt;hostname&gt; -D
"administrator@mydomain.dom" -W -s sub -b "DC=mydomain,DC=dom"
'(&(|(objectclass=user)(objectclass=contact)(objectclass=group))(proxyAddresses=smtp:*))'</div>

<span class="447173513-05032008">I went ahead and commented out the recipient validation check entirely in main.cf and that did the trick for now.

<span class="447173513-05032008">Could I manually add the new smtp addresses to exchange_recipients? Is this just a text file? The enties in this file look like this...

<span class="447173513-05032008">user@mail.com OK

<span class="447173513-05032008">user2@mail.com OK

<div>Thanks Telackey.

</div>

<div>

</div>

<div><span class="447173513-05032008">Doing a /usr/local/sbin/maintain-postfix-accounts.sh failed. > The message was

</div>

bq. <div><span class="447173513-05032008">"Connecting with
SSL failed: {'desc': "Can't contact LDAP server"}</div><div><span class="447173513-05032008">{'desc': "Can't
contact LDAP server"}</div>

<div>

</div>

<div><span class="447173513-05032008">This query does > however work...

</div>

bq. <div><span class="447173513-05032008">ldapsearch -h &lt;hostname&gt; -D
"administrator@mydomain.dom" -W -s sub -b "DC=mydomain,DC=dom"
'(&(|(objectclass=user)(objectclass=contact)(objectclass=group))(proxyAddresses=smtp:*))'</div>

<div>

</div>

<div><span class="447173513-05032008">I went ahead and > commented out the recipient validation check entirely in main.cf and that did > the trick for now.

</div>

<div>

</div>

<div><span class="447173513-05032008">Could I manually > add the new smtp addresses to exchange_recipients? Is this just a text file? The enties in this file look > like this...

</div>

<div>

</div>

<div><span class="447173513-05032008">user@mail.com > OK

</div>

<div><span class="447173513-05032008">user2@mail.com > OK

</div>

<div>

</div>

<div>Thanks for the assistance, I really appreciate it!

</div>

<div>

</div>

<div>

</div>

Yep, it is just text and you could edit it by hand. After you do, though, run:

postmap exchange_recipients

Or Postfix won't pick up the changes.

It is odd about the LDAP connection error when you it works OK done by hand. All the connection stuff, (username, pw, server name, base DN, scope, and filter) is in /usr/home/spamviewer/config.py about two-thirds down. You may want to check that all the info in there is OK. It could be something as simple as having changed the password.

Hey! Thanks for the reply and info!

That seems to have worked well.....

Now I need to fix my Amavis stats graphs. I believe that after this spring time change that the date and time stamps on my graphs got all screwed up. I somehow need to reinstall or repair the stats package add on. I would also like to upgrade amavis to its latest release if possible. Has anyone done this or can provide guidance?

Thanks!

Dommo

This is a great tool! Thanks for the effort.

FYI: I tried using the instructions in this post: http://communities.vmware.com/message/573510#573510 to update the FreeBSD NTP to accommodate Daylight Saving Time -- it did not work for me.

Here is an alternative that I found that works perfectly:

Hope this helps someone.

I found my problem. After migrating to Exchange 2007 and reconfiguring Spam Vigilante, I had LDAP_SERVER pointing to the wrong server, my bad. So, the LDAP query works fine for Exchange 2007!

On another note, has anyone verified Telackey's "How to upgrade ClamAV"? I've been too chicken to try it, cause I don't know what I'm doing and don't want to screw up Spam Vigilante. But I really need to do something, because alot more spam is really starting to get through.

Can't wait for the next version!!!

On another note, has anyone verified Telackey's "How to upgrade ClamAV"? I've been too chicken to try it,

That is what snapshots are for.

I've had a few people report using it, all successfully.

@brewewa: The ClamAV upgrade instructions Telackey posted worked fine here.

@Telackey: It would be very helpful if you had a howto for upgrading the entire system -- a wishlist item if you have time ...

Just not 100% sure how to do it vs. a "standard" amavis/spamassassin/clamav install. Thanks

Telackey: Having a problem, hope you can help.

Occurs for any of the whitelist options. Do you have any suggestions? Thanks

Yep, unless you have a specific need to do it in SpamAssasin, I'd set the whitelist in amavis.

I made a post an age ago you may want to check out:

http://communities.vmware.com/message/459576#459576

I just figured out that you have to make this change (commenting out LOCAL_RCVD) in the Template file (/usr/local/etc/conftemplates/local.cf) otherwise if you do it in /usr/local/etc/mail/spamassassin/local.cf, will get overwritten when you run the spam_configure.py again.

(Hopefully I didn't duplicate something that someone else already stated -- I read thru about 20 pages of this thread and did not see that mentioned)