MTA: qmail+qmail_scanner atd (delsi)
Petr Balas
petr-news na balas.cz
Úterý Listopad 16 10:55:25 CET 2004
Filip Flajšar wrote:
> Dobry den,
> Na zadost posilam problem do konference a neresim ho pouze soukrome.
>
> Snažím se rozjet qmail+qmail_scanner+clamav+spamassassin
> Ale narazil jsem na problem.
>
> Drew qmail # id
> uid=0(root) gid=0(root)
>
> Drew qmail #ps -A
>
> 30825 ? 00:00:00 tcpserver <defunct>
> 20038 ? 00:00:00 run
> 21118 ? 00:00:00 sleep
> 3903 ? 00:00:00 tcpserver <defunct>
> 20467 ? 00:00:00 run <defunct>
> 8587 ? 00:00:00 qmail-send <defunct>
>
> Drew qmail #tail /var/log/qmail/smtp/current
> @400000004199214a070c09fc tcpserver: ok 27822 :192.168.1.2:25
> email2.atc.cz:62.168.57.102::46911
> @400000004199214a281fd7cc Out of memory!
> @400000004199214a28253e9c Out of memory!
> @400000004199214a2826fbec BEGIN failed--compilation aborted at
> /var/qmail/bin/qmail-scanner-queue.pl line 1245.
> @400000004199214a2ba26af4 tcpserver: end 27822 status 256
> @400000004199214a2ba27e7c tcpserver: status: 0/20
>
> Radek 1245:
>
> Use DB_File
>
> Knihovnu mam (DB_File i Time-HiRes)
>
> Pan Petr Baláš mi poradil zvysit hodnotu ulimit. Tu jsem ale nikde nenasel
> ale v manualu jsem se dozvedel, ze by se mela zvysit hodnota SOFTLIMIT.
>
> Zvysil jsem si z 2M na 8M.
>
> Drew qmail # grep SOFTLIMIT /var/qmail/control/conf-common
> SOFTLIMIT_OPTS="-m 8000000"
>
> Vysledek: stále stejny
"ulimit -v 8192" v /etc/init.d/qmail na Debianu, jak je to v Gentoo netusim.
Jde o to, ze qmail je omezen aby nesezral celou pamet a tak nezpusobil DOS
ale pri pouziti qmail-scanneru se z nej vola perl a to je bumbrlicek a pak
se t nevejde do pameti.
> Drew qmail # /usr/share/qmail-scanner/contrib/test_installation.sh -doit
> setting QMAILQUEUE to /var/qmail/bin/qmail-scanner-queue.pl for this
> test... setting QMAILQUEUE to /var/qmail/bin/qmail-scanner-queue.pl for
> this test...
>
> Sending standard test message - no viruses...
> done!
>
> Sending eicar test virus - should be caught by perlscanner module...
> done!
>
> Sending eicar test virus with altered filename - should only be caught by
> commercial anti-virus modules (if you have any)...
>
> Sending bad spam message for anti-spam testing - In case you are using
> SpamAssassin...
> Done!
>
> Finished test. Now go and check Email for filip na ssos.cz
>
> Prijdou mi 3 maily:
> 1/4 - cisty email bez viru
> 2/4 - email s virem, ale ten odchytil
> 4/4 - spam
>
> Část hlavicky:
>
> X-Spam-Status: Yes, hits=18.5 required=5.0
> X-Spam-Level: ++++++++++++++++++
To vypadá korektne. qmail-scan NEMAZE spamy, pouze je otaguje.
Mazani nutno v mailklientu popr. .procmailrc
Resp. tady se zda ze je opatchovany qmail-scan ktery to umi
ale je nutno mu to pri instalaci povolit (--sa-delete nebo
--sa-reject u ./configure).
> Drew qmail # ls -la /var/spool/qmailscan/quarantine-attachments.db
> -rw-r----- 1 qmailq root 12288 Nov 15 23:04
> /var/spool/qmailscan/quarantine-attachments.db
>
> Drew qmail # cat /etc/tcprules.d/tcp.smtp.sample
> 127.0.0.1:allow,RELAYCLIENT="",RBLSMTPD=""
> 192.168.:allow,RELAYCLIENT="",RBLSMTPD=""
> 172.20.200.62:allow,RELAYCLIENT="",RBLSMTPD=""
> :allow,QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl"
Ted na to koukam a NEKONTROLUJI se maily ze 127.0.0.1, 192.168.,
172.20.200.62 a to IMHO neni v poradku. Ono
QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl"
musi byt na vsech radcich mimo localhosta (127.0.0.1)
a pak znova prelozit.
> Z tohoto souboru generuji i cdb soubor:
>
> Drew qmail #tcprules tcp.smtp.cdb tcp.smtp.tmp < tcp.smtp.sample
>
> Drew qmail # cat /etc/tcprules.d/tcp.qmtp
> 127.0.0.1:allow,RELAYCLIENT="",RBLSMTPD=""
> :allow,QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl"
>
> Drew qmail # cat /etc/tcprules.d/tcp.qmqp
> :deny
>
> Drew mail-filter # grep configure /var/qmail/bin/qmail-scanner-queue.pl
> # ./configure --qs-user qscand --qs-group qscand --spooldir
> /var/spool/qmailscan --qmaildir /var/qmail --bindir /var/qmail/bin
> --qmail-queue-binary /var/qmail/bin/qmail-queue --admin root --domain
> localhost --admin-fromname "" --notify psender,nmlvadm --local-domains
> localhost --silent-viruses auto --block-password-protected 0 --lang
> en_GB --debug 0 --minidebug 1 --unzip 0 --add-dscr-hdrs 0
> --dscr-hdrs-text "X-Qmail-Scanner" --archive 0 --scanners-per-domain
> 0 --redundant yes --log-details yes --log-crypto 0 --fix-mime 2
> --ignore-eol-check 0 --virus-to-delete 0 --sa-delta 0 --sa-subject ""
> --sa-quarantine 0 --sa-delete 0 --sa-reject 0 --sa-alt 0 --sa-debug 0
> --sa-report 0 --scanners "auto"
>
> Drew qmail # grep @scanner_array /var/qmail/bin/qmail-scanner-queue.pl
> my @scanner_array=();
Tady mi chybi seznam pouzitych scanneru t.j. pouziva se POUZE zabudovany
perlscanner. Pri instalaci je nutne zavolat ./configure s parametry, ktere
mu prikazuji pouzit ty spravne antiviry.
> @scanner_array=@scanners_installed;
Aha, zda se, ze toto je nejaka novejsi verze co umi nejakou autodetekci.
To neznam :-). Takze predchozi poznamku odvolavam.
> Tady mi pan Petr Baláš upozornil, že zde je chyba, co tam mam ale napsat,
> netusim. (@scanner_array();)
>
> Pouzivam
> Qmail: 1.03-r13+patche
> qmail-scanner: 1.23-r3
> Gentoo 2004.r2
>
> Drew qmail # clamd --version
> clamd / ClamAV version 0.70
>
> Mohu updatovat na 0.75.1
>
> Drew qmail # spamassassin --version
> SpamAssassin version 2.63
>
> Mohu updatovat na 2.64
>
> Pouzivam virtualni domenu+ucty (vpopmail)
>
> Konf:
>
>
> Drew control # cat conf-common
> # Common Configuration file for all qmail daemons
> # $Header:
> /var/cvsroot/gentoo-x86/mail-mta/qmail/files/1.03-r13/conf-common,v 1.2
> 2004/07/18 03:29:51 dragonheart Exp $
>
> # Qmail User IDS to run daemons as
> #QMAILDUID=`id -u qmaild`
> QMAILDUID=201
> #NOFILESGID=`id -g qmaild`
> NOFILESGID=200
> QMAIL_CONTROLDIR=/var/qmail/control
> SOFTLIMIT_OPTS="-m 8000000"
> QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl"
>
> Když nemam ve fronte scanner, posta chodi, když ho tam dam (tcp.smtp.cdb)
> tak zacne rvat "out of memory" (viz log nahore)
>
> Drew control # tail /var/spool/qmailscan/qmail-queue.log
>
> Tue, 16 Nov 2004 09:23:52 CET:11649: ini_sc: scanning message took
> 14.73945 seconds
> Tue, 16 Nov 2004 09:23:52 CET:11649: q_r: fork off child into
> /var/qmail/bin/qmail-queue...
> Tue, 16 Nov 2004 09:23:52 CET:11649: q_r: xstatus=0
> Tue, 16 Nov 2004 09:23:52 CET:11649: qmail-scanner:
> Clear:RC:1(127.0.0.1):SA:1(18.5/5.0): 14.753997 1552 <>
> filip na ssos.cz Qmail-Scanner anti-spam test (4/4): checking SpamAssassin
> [if present] (There yours for FREE!) <9PS291LhupY>
> orig-Drew110059341766011649:1552 textfile0:653
> Tue, 16 Nov 2004 09:23:52 CET:11649: cleanup: /bin/rm -rf
> /var/spool/qmailscan/tmp/Drew110059341766011649/
> /var/spool/qmailscan/working/new/Drew110059341766011649
> Tue, 16 Nov 2004 09:23:52 CET:11649: --- all finished. Total of 14.784299
> secs
>
>
> Diky za pomoc
>
> -- Filip
--
Petr Balas (petr at balas dot cz)
Další informace o konferenci Linux