MTA: qmail+qmail_scanner atd (delsi)

Petr Balas petr-news na balas.cz
Úterý Listopad 16 10:55:25 CET 2004


Filip Flajšar wrote:

> Dobry den,
> Na zadost posilam problem do konference a neresim ho pouze soukrome.
> 
> Snažím se rozjet qmail+qmail_scanner+clamav+spamassassin
> Ale narazil jsem na problem.
> 
> Drew qmail # id
> uid=0(root) gid=0(root)
> 
> Drew qmail #ps -A
> 
> 30825 ?        00:00:00 tcpserver <defunct>
> 20038 ?        00:00:00 run
> 21118 ?        00:00:00 sleep
>  3903 ?        00:00:00 tcpserver <defunct>
> 20467 ?        00:00:00 run <defunct>
>  8587 ?        00:00:00 qmail-send <defunct>
> 
> Drew qmail #tail /var/log/qmail/smtp/current
> @400000004199214a070c09fc tcpserver: ok 27822 :192.168.1.2:25
> email2.atc.cz:62.168.57.102::46911
> @400000004199214a281fd7cc Out of memory!
> @400000004199214a28253e9c Out of memory!
> @400000004199214a2826fbec BEGIN failed--compilation aborted at
> /var/qmail/bin/qmail-scanner-queue.pl line 1245.
> @400000004199214a2ba26af4 tcpserver: end 27822 status 256
> @400000004199214a2ba27e7c tcpserver: status: 0/20
> 
> Radek 1245:
> 
> Use DB_File
> 
> Knihovnu mam (DB_File i Time-HiRes)
> 
> Pan Petr Baláš mi poradil zvysit hodnotu ulimit. Tu jsem ale nikde nenasel
> ale v manualu jsem se dozvedel, ze by se mela zvysit hodnota SOFTLIMIT.
> 
> Zvysil jsem si z 2M na 8M.
>
> Drew qmail # grep SOFTLIMIT /var/qmail/control/conf-common
> SOFTLIMIT_OPTS="-m 8000000"
> 
> Vysledek: stále stejny

"ulimit -v 8192" v /etc/init.d/qmail na Debianu, jak je to v Gentoo netusim.
Jde o to, ze qmail je omezen aby nesezral celou pamet a tak nezpusobil DOS
ale pri pouziti qmail-scanneru se z nej vola perl a to je bumbrlicek a pak
se t nevejde do pameti.

 
> Drew qmail # /usr/share/qmail-scanner/contrib/test_installation.sh -doit
> setting QMAILQUEUE to /var/qmail/bin/qmail-scanner-queue.pl for this
> test... setting QMAILQUEUE to /var/qmail/bin/qmail-scanner-queue.pl for
> this test...
> 
> Sending standard test message - no viruses...
> done!
> 
> Sending eicar test virus - should be caught by perlscanner module...
> done!
> 
> Sending eicar test virus with altered filename - should only be caught by
> commercial anti-virus modules (if you have any)...
> 
> Sending bad spam message for anti-spam testing - In case you are using
> SpamAssassin...
> Done!
> 
> Finished test. Now go and check Email for filip na ssos.cz
> 
> Prijdou mi 3 maily:
> 1/4 - cisty email bez viru
> 2/4 - email s virem, ale ten odchytil
> 4/4 - spam
> 
> Část hlavicky:
>  
> X-Spam-Status: Yes, hits=18.5 required=5.0
> X-Spam-Level: ++++++++++++++++++

To vypadá korektne. qmail-scan NEMAZE spamy, pouze je otaguje.
Mazani nutno v mailklientu popr. .procmailrc
Resp. tady se zda ze je opatchovany qmail-scan ktery to umi
ale je nutno mu to pri instalaci povolit (--sa-delete nebo
--sa-reject u ./configure).


> Drew qmail # ls -la /var/spool/qmailscan/quarantine-attachments.db
> -rw-r-----  1 qmailq root 12288 Nov 15 23:04
> /var/spool/qmailscan/quarantine-attachments.db
> 
> Drew qmail # cat /etc/tcprules.d/tcp.smtp.sample
> 127.0.0.1:allow,RELAYCLIENT="",RBLSMTPD=""
> 192.168.:allow,RELAYCLIENT="",RBLSMTPD=""
> 172.20.200.62:allow,RELAYCLIENT="",RBLSMTPD=""
> :allow,QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl"


Ted na to koukam a NEKONTROLUJI se maily ze 127.0.0.1, 192.168.,
172.20.200.62 a to IMHO neni v poradku. Ono
QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl"
musi byt na vsech radcich mimo localhosta (127.0.0.1)
a pak znova prelozit.


> Z tohoto souboru generuji i cdb soubor:
> 
> Drew qmail #tcprules tcp.smtp.cdb tcp.smtp.tmp < tcp.smtp.sample
> 
> Drew qmail # cat /etc/tcprules.d/tcp.qmtp
> 127.0.0.1:allow,RELAYCLIENT="",RBLSMTPD=""
> :allow,QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl"
> 
> Drew qmail # cat /etc/tcprules.d/tcp.qmqp
> :deny
> 
> Drew mail-filter # grep configure /var/qmail/bin/qmail-scanner-queue.pl
> # ./configure --qs-user qscand --qs-group qscand --spooldir
> /var/spool/qmailscan --qmaildir /var/qmail --bindir /var/qmail/bin
> --qmail-queue-binary /var/qmail/bin/qmail-queue  --admin root --domain
> localhost --admin-fromname "" --notify psender,nmlvadm --local-domains
> localhost --silent-viruses auto --block-password-protected 0 --lang
> en_GB --debug 0 --minidebug 1 --unzip 0 --add-dscr-hdrs 0
> --dscr-hdrs-text "X-Qmail-Scanner" --archive 0  --scanners-per-domain
> 0 --redundant yes --log-details yes --log-crypto 0 --fix-mime 2
> --ignore-eol-check 0 --virus-to-delete 0 --sa-delta 0 --sa-subject ""
> --sa-quarantine 0 --sa-delete 0 --sa-reject 0 --sa-alt 0 --sa-debug 0
> --sa-report 0 --scanners "auto"
> 
> Drew qmail # grep @scanner_array /var/qmail/bin/qmail-scanner-queue.pl
> my @scanner_array=();

Tady mi chybi seznam pouzitych scanneru t.j. pouziva se POUZE zabudovany
perlscanner. Pri instalaci je nutne zavolat ./configure s parametry, ktere
mu prikazuji pouzit ty spravne antiviry.


>     @scanner_array=@scanners_installed;

Aha, zda se, ze toto je nejaka novejsi verze co umi nejakou autodetekci.
To neznam :-). Takze predchozi poznamku odvolavam.


> Tady mi pan Petr Baláš upozornil, že zde je chyba, co tam mam ale napsat,
> netusim. (@scanner_array();)
> 
> Pouzivam
> Qmail: 1.03-r13+patche
> qmail-scanner: 1.23-r3
> Gentoo 2004.r2
> 
> Drew qmail # clamd --version
> clamd / ClamAV version 0.70
> 
> Mohu updatovat na 0.75.1
> 
> Drew qmail # spamassassin --version
> SpamAssassin version 2.63
> 
> Mohu updatovat na 2.64
> 
> Pouzivam virtualni domenu+ucty (vpopmail)
> 
> Konf:
> 
> 
> Drew control # cat conf-common
> # Common Configuration file for all qmail daemons
> # $Header:
> /var/cvsroot/gentoo-x86/mail-mta/qmail/files/1.03-r13/conf-common,v 1.2
> 2004/07/18 03:29:51 dragonheart Exp $
> 
> # Qmail User IDS to run daemons as
> #QMAILDUID=`id -u qmaild`
> QMAILDUID=201
> #NOFILESGID=`id -g qmaild`
> NOFILESGID=200
> QMAIL_CONTROLDIR=/var/qmail/control
> SOFTLIMIT_OPTS="-m 8000000"
> QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl"
> 
> Když nemam ve fronte scanner, posta chodi, když ho tam dam (tcp.smtp.cdb)
> tak zacne rvat "out of memory" (viz log nahore)
> 
> Drew control # tail /var/spool/qmailscan/qmail-queue.log
> 
> Tue, 16 Nov 2004 09:23:52 CET:11649: ini_sc: scanning message took
> 14.73945 seconds
> Tue, 16 Nov 2004 09:23:52 CET:11649: q_r: fork off child into
> /var/qmail/bin/qmail-queue...
> Tue, 16 Nov 2004 09:23:52 CET:11649: q_r: xstatus=0
> Tue, 16 Nov 2004 09:23:52 CET:11649: qmail-scanner:
> Clear:RC:1(127.0.0.1):SA:1(18.5/5.0):       14.753997       1552    <>
> filip na ssos.cz   Qmail-Scanner anti-spam test (4/4): checking SpamAssassin
> [if present] (There yours for FREE!) <9PS291LhupY>
> orig-Drew110059341766011649:1552 textfile0:653
> Tue, 16 Nov 2004 09:23:52 CET:11649: cleanup: /bin/rm -rf
> /var/spool/qmailscan/tmp/Drew110059341766011649/
> /var/spool/qmailscan/working/new/Drew110059341766011649
> Tue, 16 Nov 2004 09:23:52 CET:11649: --- all finished. Total of 14.784299
> secs
> 
> 
> Diky za pomoc
> 
> -- Filip


-- 
Petr Balas (petr at balas dot cz) 


Další informace o konferenci Linux