On Fri, 27 Aug 2010 12:04:37 +0200
Martijn de Munnik <martijn+list.ds...@redknot.nl> wrote:
> Hi List,
>
> I'm new here and have a question about dspam with clamav. We use dspam to do
> the spam filtering and also use dspam to call clamav. Spam filtering works
> fine but when a virus is detected something goes wrong:
>
> Aug 27 11:56:42 chuck dspam[7760]: [ID 930983 mail.warning] virus warning:
> infected message from 209.85.213.172
> Aug 27 11:56:42 chuck postfix/pipe[7759]: [ID 197553 mail.info] 096F78C8B:
> to=<martijn_redknot...@chuck.redknot.nl>, orig_to=<mart...@redknot.nl>,
> relay=dspam, delay=0.47, delays=0.16/0.02/0/0.29, dsn=5.3.0, status=bounced
> (Command died with status 255: "/opt/redknot/bin/dspam")
>
> >From the above logs I can't tell what is going wrong, and this dspam.debug
> >log also doesn't really help me allot:
>
> 7760: [08/27/2010 11:56:42] DSPAM Instance Startup
> 7760: [08/27/2010 11:56:42] input args: /opt/redknot/bin/dspam --client
> --deliver=innocent,spam --user martijn_redknot.nl --mode=tum
> --mail-from=martijndemun...@gmail.com
> 7760: [08/27/2010 11:56:42] pass-thru args: /opt/redknot/sbin/sendmail
> 7760: [08/27/2010 11:56:42] processing user martijn_redknot.nl
> 7760: [08/27/2010 11:56:42] uid = 60030, euid = 60030, gid = 60030, egid =
> 60030
> 7760: [08/27/2010 11:56:42] loading preferences for user martijn_redknot.nl
> 7760: [08/27/2010 11:56:42] _pgsql_drv_getpwnam: successful returning struct
> for name: martijn_redknot.nl
> 7760: [08/27/2010 11:56:42] Loading preferences for uid 6
> 7760: [08/27/2010 11:56:42] Loading preferences for uid 0
> 7760: [08/27/2010 11:56:42] Loading preferences for uid 0
> 7760: [08/27/2010 11:56:42] default preferences empty. reverting to
> dspam.conf preferences.
> 7760: [08/27/2010 11:56:42] Loading preferences from dspam.conf
> 7760: [08/27/2010 11:56:42] using /home/redknot.nl/homes/martijn/.dspam as
> path
> 7760: [08/27/2010 11:56:42] using /home/redknot.nl/homes/martijn/.nodspam as
> path
> 7760: [08/27/2010 11:56:42] sedation level set to: 5
> 7760: [08/27/2010 11:56:42] _pgsql_drv_getpwnam: successful returning struct
> for name: martijn_redknot.nl
> 7760: [08/27/2010 11:56:42] Connecting to 127.0.0.1:3310 for virus check
> 7760: [08/27/2010 11:56:42] Connecting to 127.0.0.1:1439 for virus stream
> transmission
> 7760: [08/27/2010 11:56:42] _pgsql_drv_getpwnam returning cached name
> martijn_redknot.nl.
> 7760: [08/27/2010 11:56:42] saving signature as 4c778bda77601259822065
> 7760: [08/27/2010 11:56:42] _pgsql_drv_getpwnam returning cached name
> martijn_redknot.nl.
> 7760: [08/27/2010 11:56:42] libdspam returned probability of 1.000000
> 7760: [08/27/2010 11:56:42] message result: SPAM
> 7760: [08/27/2010 11:56:42] _pgsql_drv_getpwnam returning cached name
> martijn_redknot.nl.
> 7760: [08/27/2010 11:56:42] DSPAM Instance Shutdown. Exit Code: 0
>
> This is my dspam.conf:
>
> Home /opt/redknot/var/dspam
> StorageDriver /opt/redknot/lib/dspam/libpgsql_drv.so
> DeliveryHost 127.0.0.1
> DeliveryPort 10026
> DeliveryIdent localhost
> DeliveryProto SMTP
> EnablePlusedDetail on
> OnFail error
> Trust root
> Trust dspam
> TrainingMode toe
> TestConditionalTraining on
> Feature whitelist
> Algorithm graham burton
> Tokenizer chain
> PValue bcr
> WebStats on
> ImprobabilityDrive on
>
> PgSQLServer chuck.redknot.nl
> PgSQLPort 5432
> PgSQLUser dspam
> PgSQLPass Islpombds
> PgSQLDb dspam
> PgSQLConnectionCache 3
>
> LocalMX 127.0.0.1
> TrustedDeliveryAgent /opt/redknot/sbin/sendmail
>
> SystemLog on
> UserLog on
>
> Opt out
>
> ServerHost 127.0.0.1
> ServerPort 10025
> ServerQueueSize 32
> ServerPID /opt/redknot/var/dspam/run/dspam.pid
> ServerMode standard
> ServerIdent "chuck.redknot.nl"
>
> ProcessorURLContext on
> ProcessorBias on
> StripRcptDomain off
>
> Debug *
> DebugOpt process
>
> Preference "trainingMode=TOE" # { TOE | TUM | TEFT | NOTRAIN } ->
> default:teft
> Preference "spamAction=deliver" # { quarantine | tag | deliver } ->
> default:quarantine
> Preference "spamSubject=[SPAM]" # { string } -> default:[SPAM]
> Preference "statisticalSedation=5" # { 0 - 10 } -> default:0
> Preference "enableBNR=on" # { on | off } -> default:off
> Preference "enableWhitelist=on" # { on | off } -> default:on
> Preference "signatureLocation=headers" # { message | headers } ->
> default:message
> Preference "tagSpam=off" # { on | off }
> Preference "tagNonspam=off" # { on | off }
> Preference "showFactors=off" # { on | off } -> default:off
> Preference "optIn=off" # { on | off }
> Preference "optOut=off" # { on | off }
> Preference "whitelistThreshold=10" # { Integer } -> default:10
> Preference "makeCorpus=off" # { on | off } -> default:off
> Preference "storeFragments=off" # { on | off } -> default:off
> Preference "localStore=" # { on | off } -> default:username
> Preference "processorBias=on" # { on | off } -> default:on
> Preference "fallbackDomain=off" # { on | off } -> default:off
> Preference "trainPristine=off" # { on | off } -> default:off
> Preference "optOutClamAV=off" # { on | off } -> default:off
> Preference "ignoreRBLLookups=off" # { on | off } -> default:off
> Preference "RBLInoculate=off" # { on | off } -> default:off
>
> AllowOverride optOut
> AllowOverride optOutClamAV
>
> ClamAVPort 3310
> ClamAVHost 127.0.0.1
> ClamAVResponse reject
>
> and the output of postconf -n:
>
> alias_maps = dbm:/etc/opt/redknot/postfix/aliases
> config_directory = /etc/opt/redknot/postfix
> content_filter = dspam:dpsam
> disable_vrfy_command = yes
> home_mailbox = Maildir/
> mailbox_command = /opt/redknot/libexec/dovecot/deliver -a "$RECIPIENT" -m
> "$EXTENSION" -s
> mydestination = $myhostname, localhost.$mydomain, localhost
> mydomain = chuck.redknot.nl
> myhostname = chuck.redknot.nl
> recipient_delimiter = +
> smtpd_banner = $myhostname ESMTP
> smtpd_data_restrictions = reject_unauth_pipelining, permit
> smtpd_delay_reject = yes
> smtpd_helo_required = yes
> smtpd_proxy_filter = 127.0.0.1:10027
> smtpd_proxy_options = speed_adjust
> smtpd_recipient_restrictions = reject_non_fqdn_helo_hostname,
> reject_non_fqdn_sender, reject_non_fqdn_recipient,
> reject_unknown_sender_domain, reject_unknown_recipient_domain,
> reject_unauth_destination, reject_rbl_client virbl.dnsbl.bit.nl,
> check_policy_service inet:localhost:10029, check_policy_service
> inet:localhost:10030, check_policy_service inet:localhost:10031, permit
> smtpd_tls_cert_file = /etc/opt/redknot/ssl/chuck.redknot.nl.cer
> smtpd_tls_key_file = /etc/opt/redknot/ssl/chuck.redknot.nl.key
> smtpd_use_tls = yes
> strict_rfc821_envelopes = yes
> virtual_alias_maps = dbm:/etc/opt/redknot/postfix/virtual
>
> and the master.cf file:
>
> #
> # Postfix master process configuration file. For details on the format
> # of the file, see the master(5) manual page (command: "man 5 master").
> #
> # Do not forget to execute "postfix reload" after editing this file.
> #
> # ==========================================================================
> # service type private unpriv chroot wakeup maxproc command + args
> # (yes) (yes) (yes) (never) (100)
> # ==========================================================================
> smtp inet n - n - - smtpd
> #submission inet n - n - - smtpd
> # -o smtpd_tls_security_level=encrypt
> # -o smtpd_sasl_auth_enable=yes
> # -o smtpd_client_restrictions=permit_sasl_authenticated,reject
> # -o milter_macro_daemon_name=ORIGINATING
> #smtps inet n - n - - smtpd
> # -o smtpd_tls_wrappermode=yes
> # -o smtpd_sasl_auth_enable=yes
> # -o smtpd_client_restrictions=permit_sasl_authenticated,reject
> # -o milter_macro_daemon_name=ORIGINATING
> pickup fifo n - n 60 1 pickup
> cleanup unix n - n - 0 cleanup
> qmgr fifo n - n 300 1 qmgr
> tlsmgr unix - - n 1000? 1 tlsmgr
> rewrite unix - - n - - trivial-rewrite
> bounce unix - - n - 0 bounce
> defer unix - - n - 0 bounce
> trace unix - - n - 0 bounce
> verify unix - - n - 1 verify
> flush unix n - n 1000? 0 flush
> proxymap unix - - n - - proxymap
> proxywrite unix - - n - 1 proxymap
> smtp unix - - n - - smtp
> # When relaying mail as backup MX, disable fallback_relay to avoid MX loops
> relay unix - - n - - smtp
> -o smtp_fallback_relay=
> # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
> showq unix n - n - - showq
> error unix - - n - - error
> retry unix - - n - - error
> discard unix - - n - - discard
> local unix - n n - - local
> virtual unix - n n - - virtual
> lmtp unix - - n - - lmtp
> anvil unix - - n - 1 anvil
> scache unix - - n - 1 scache
> dspam unix - n n - 10 pipe
> flags=Rhqu user=dspam argv=/opt/redknot/bin/dspam --client
> --deliver=innocent,spam --user ${mailbox} --mode=tum --mail-from=${sender}
>
Well... this is the problem. If you want to run clamav in reject mode and get
proper return values to be used in a SMTP/LMTP transaction then you should
switch to use DSPAM in client/server mode and use LMTP or DLMTP. They will the
deliver proper return codes. But the binary alone does not honor SMTP return
values.
> ### spf policy service
> localhost:10029 inet n n n - 0 spawn
> user=nobody argv=/usr/bin/policyd-spf
> ### mail returning from dspam
> localhost:10026 inet n - n - 10 smtpd
> -o content_filter=
> -o smtpd_proxy_filter=
> -o
> receive_override_options=no_unknown_recipient_checks,no_header_body_checks,no_milters
> -o smtpd_helo_restrictions=
> -o smtpd_client_restrictions=
> -o smtpd_sender_restrictions=
> -o smtpd_recipient_restrictions=permit_mynetworks,reject
> -o mynetworks=127.0.0.0/8
> -o smtpd_authorized_xforward_hosts=127.0.0.0/8
> ### mail returning from dcc
> localhost:10028 inet n - n - 10 smtpd
> -o smtpd_proxy_filter=
> -o
> receive_override_options=no_unknown_recipient_checks,no_header_body_checks,no_milters
> -o smtpd_helo_restrictions=
> -o smtpd_client_restrictions=
> -o smtpd_sender_restrictions=
> -o smtpd_recipient_restrictions=permit_mynetworks,reject
> -o mynetworks=127.0.0.0/8
> -o smtpd_authorized_xforward_hosts=127.0.0.0/8
> ------------------------------------------------------------------------------
> Sell apps to millions through the Intel(R) Atom(Tm) Developer Program
> Be part of this innovative community and reach millions of netbook users
> worldwide. Take advantage of special opportunities to increase revenue and
> speed time-to-market. Join now, and jumpstart your future.
> http://p.sf.net/sfu/intel-atom-d2d
> _______________________________________________
> Dspam-user mailing list
> Dspam-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/dspam-user
>
------------------------------------------------------------------------------
Sell apps to millions through the Intel(R) Atom(Tm) Developer Program
Be part of this innovative community and reach millions of netbook users
worldwide. Take advantage of special opportunities to increase revenue and
speed time-to-market. Join now, and jumpstart your future.
http://p.sf.net/sfu/intel-atom-d2d
_______________________________________________
Dspam-user mailing list
Dspam-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspam-user
