Re: [qmailtoaster] protect virus

2020-07-03 Thread Leonardo - IW Telecom 
Hi everyone, 

I replaced the ClamAV using the scripts and everything is working fine
but now every three hours I get this message from Cron: 

Subject: "Cron  /usr/share/clamav/freshclam-sleep"
Body:
ERROR: Problem with internal logger (UpdateLogFile =
/var/log/clamav/freshclam.log).
ERROR: initialize: libfreshclam init failed.
ERROR: Initialization error! 

I found this in /etc/cron.d/clamav-update running every three hours: 

## It is ok to execute it as root; freshclam drops privileges and
becomes
## user 'clamupdate' as soon as possible
0  */3 * * * root /usr/share/clamav/freshclam-sleep 

When I run it in cli it shows nothing but when I run "freshclam -v" I
get: 

ERROR: /var/log/clamav/freshclam.log is locked by another process
ERROR: Problem with internal logger (UpdateLogFile =
/var/log/clamav/freshclam.log).
ERROR: initialize: libfreshclam init failed.
ERROR: Initialization error! 

So "lsof /var/log/clamav/freshclam.log" gives: 

COMMAND PID   USER   FD   TYPE DEVICE SIZE/OFFNODE NAME
freshclam 15895 clamupdate4wW  REG  253,352727 8498566
/var/log/clamav/freshclam.log 

I guess the service clamav-freshclam locks the file and does the same
thing the Cron job does, because if I stop it the freshclam command runs
without errors.
Finally my question is can I safely just remove the clamav-update job
from Cron? 

Thnaks in advance.

---

Em 2020-06-24 10:20, Eric Broch escreveu:

> Thanks for the tests, adjusted the script and all seems to be working. Let me 
> know...
> 
> On 6/24/2020 2:55 AM, ChandranManikandan wrote: 
> Hi Remo, 
> 
> Thanks, 
> I have changed the log path in fresclam.conf and permission was working fine. 
> 
> On Wed, Jun 24, 2020 at 2:18 PM Remo Mattei  wrote: 
> sorry one more tip. The server I had an issue with simscan, then I got qq 
> soft limit, which I sent an email out .. eventually it will show up, I just 
> rerun the script (from Eric) and that fixed it.  
> 
> Remo
> 
> On Jun 23, 2020, at 10:48 PM, Remo Mattei  wrote: 
> 
> so I updated the other production servers I have and all of them had the same 
> freshclam issues. changed the log options and restarted  
> 
> systemctl restart clamav-freshclam.service 
> that worked just fine. Only one server had an issue with the simscan.  
> 
> Just my 2 cents
> 
> On Jun 23, 2020, at 10:18 PM, Remo Mattei  wrote: 
> 
> ignore the mariadb error that's on the toaststat script I fixed that nothing 
> to do with the upgrade :) my bet.. send it to fast! 
> 
> On Jun 23, 2020, at 10:12 PM, Remo Mattei  wrote: 
> 
> You probably want to check the permissions on your simscan as well.  
> 
> chmod 4711 /var/qmail/bin/simscan 
> 
> That fixed it.
> 
> On Jun 23, 2020, at 10:10 PM, Remo Mattei  wrote: 
> 
> you need to change the permissions on this file 
> 
> chown -R clamupdate:clamupdate  /var/log/freshclam.log 
> 
> freshclam 
> Tue Jun 23 22:06:29 2020 -> ClamAV update process started at Tue Jun 23 
> 22:06:29 2020 
> Tue Jun 23 22:06:29 2020 -> *Current working dir is /var/lib/clamav/ 
> Tue Jun 23 22:06:29 2020 -> *Querying current.cvd.clamav.net [1] 
> Tue Jun 23 22:06:29 2020 -> *TTL: 1497 
> Tue Jun 23 22:06:29 2020 -> *fc_dns_query_update_info: Software version from 
> DNS: 0.102.3 
> Tue Jun 23 22:06:29 2020 -> *Current working dir is /var/lib/clamav/ 
> Tue Jun 23 22:06:29 2020 -> *check_for_new_database_version: Local copy of 
> daily found: daily.cld. 
> Tue Jun 23 22:06:29 2020 -> *query_remote_database_version: daily.cvd version 
> from DNS: 25852 
> Tue Jun 23 22:06:29 2020 -> daily.cld database is up to date (version: 25852, 
> sigs: 2757399, f-level: 63, builder: raynman) 
> Tue Jun 23 22:06:29 2020 -> *fc_update_database: daily.cld already 
> up-to-date. 
> Tue Jun 23 22:06:29 2020 -> *Current working dir is /var/lib/clamav/ 
> Tue Jun 23 22:06:29 2020 -> *check_for_new_database_version: Local copy of 
> main found: main.cld. 
> Tue Jun 23 22:06:29 2020 -> *query_remote_database_version: main.cvd version 
> from DNS: 59 
> Tue Jun 23 22:06:29 2020 -> main.cld database is up to date (version: 59, 
> sigs: 4564902, f-level: 60, builder: sigmgr) 
> Tue Jun 23 22:06:29 2020 -> *fc_update_database: main.cld already up-to-date. 
> Tue Jun 23 22:06:29 2020 -> *Current working dir is /var/lib/clamav/ 
> Tue Jun 23 22:06:29 2020 -> *check_for_new_database_version: Local copy of 
> bytecode found: bytecode.cld. 
> Tue Jun 23 22:06:29 2020 -> *query_remote_database_version: bytecode.cvd 
> version from DNS: 331 
> Tue Jun 23 22:06:29 2020 -> bytecode.cld database is up to date (version: 
> 331, sigs: 94, f-level: 63, builder: anvilleg) 
> Tue Jun 23 22:06:29 2020 -> *fc_update_database: bytecode.cld already 
> up-to-date. 
> r...@qmail.rm.ht: [/etc/clamd.d] 
> 
> On Jun 23, 2020, at 2:33 PM, Eric Broch  wrote: 
> chown -R clamupdate:clamupdate

  -- 

Regards,
Manikandan.C
 

Links:
--
[1] http://current.cvd.clamav.net/

Re: [qmailtoaster] SMTPS Port - Who is Failing ?

2020-04-18 Thread Leonardo - IW Telecom 
Hi David, I don't know if this can help you but I use iptables with
xrecent module to limit 10 connections per minute on each port on my
server: 

iptables -A INPUT -p tcp --dport 25 -m state --state NEW -m recent --set
--name SMTP --rsource
iptables -A INPUT -p tcp --dport 25 -m state --state NEW -m recent
--update --seconds 60 --hitcount 10 --name SMTP --rsource -j DROP
iptables -A INPUT -p tcp --dport 110 -m state --state NEW -m recent
--set --name POP3 --rsource
iptables -A INPUT -p tcp --dport 110 -m state --state NEW -m recent
--update --seconds 60 --hitcount 10 --name POP3 --rsource -j DROP
iptables -A INPUT -p tcp --dport 995 -m state --state NEW -m recent
--set --name POP3S --rsource
iptables -A INPUT -p tcp --dport 995 -m state --state NEW -m recent
--update --seconds 60 --hitcount 10 --name POP3S --rsource -j DROP
iptables -A INPUT -p tcp --dport 465 -m state --state NEW -m recent
--set --name SMTPS --rsource
iptables -A INPUT -p tcp --dport 465 -m state --state NEW -m recent
--update --seconds 60 --hitcount 10 --name SMTPS --rsource -j DROP
iptables -A INPUT -p tcp --dport 587 -m state --state NEW -m recent
--set --name SUBMISSION --rsource
iptables -A INPUT -p tcp --dport 587 -m state --state NEW -m recent
--update --seconds 60 --hitcount 10 --name SUBMISSION --rsource -j DROP 

To check the blocked IPs see /proc/net/xt_recent/ 

The bad thing is it uses conntrack to work.

---

Em 2020-04-18 07:33, David Bray escreveu:

> Hi Tony, thanks 
> But not so much looking for a solution to block ips. 
> 
> I'm needing to identify which ips to block 
> 
> On Sat, 18 Apr 2020 at 8:19 pm, Tony White  wrote: 
> 
>> Or this...
>> 
>> -- snip --
>> #!/bin/bash
>> logf="/var/log/blockip.log"
>> mdate=`date +%c`
>> mip=$1
>> ### must be root ###
>> if [ `whoami` != "root" ]; then
>> echo ""
>> echo "$0 must be run as root"
>> echo ""
>> exit 1
>> fi;
>> 
>> if [ $mip == "--help" ]; then
>> echo ""
>> echo "Help: Block single and subnet IP's"
>> echo ""
>> echo "blockip 130.2.1.1"
>> echo "blockip 130.2.1.0/24 [1]"
>> echo ""
>> exit 1
>> fi;
>> 
>> mip1=${mip:0:6};
>> # your lan range if needed or comment out
>> if [ $mip1 == "192.168.1." ]; then  # change ip to suit
>> echo "$mdate Discarding LAN drop request for $mip1" >> $logf
>> exit 1
>> fi;
>> 
>> # whitelist special clients...
>> # change the IP.ADDR.ESS to suit.
>> # comment out to remove
>> if [ $mip == "IP.ADDR.ESS" ] || [ $mip == "IP.ADDR.ESS" ] || [ $mip == 
>> "IP.ADDR.ESS" ] || [ $mip == "IP.ADDR.ESS" ] || [ 
>> $mip == "IP.ADDR.ESS" ] ; then
>> echo "$mdate Discarding WAN drop request for $mip" >> $logf
>> echo "$mdate Discarding WAN drop request for $mip"
>> exit 1
>> fi;
>> 
>> export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin
>> is_ip="grep -Ec 
>> '^[1-2]?[0-9]?[0-9]\.[0-2]?[0-9]?[0-9]\.[0-2]?[0-9]?[0-9]\.[0-2]?[0-9]?[0-9](\/[0-3]?[0-9])?$'"
>> 
>> if [ `echo $mip |eval $is_ip` != "1" ]; then
>> echo "$mdate Error in IP address $mip" >> $logf
>> echo "$mdate Error in IP address $mip"
>> else
>> iptables -I INPUT -s $mip -j DROP
>> echo "iptables -I INPUT -s $mip -j DROP"
>> echo "iptables -I INPUT -s $mip -j DROP" >> /etc/rc.d/rc.blockedips
>> echo "$mdate now dropping all packets from $mip" >> $logf
>> fi;
>> -- snip --
>> 
>> best wishes
>> Tony White
>> 
>> On 18/4/20 8:09 pm, Tony White wrote:
>> 
>>> Hi David,
>>> Sorry try this instead...
>>> 
>>> -- snip --
>>> #!/bin/sh
>>> logf="/var/log/blacklist_ip.log"
>>> mdate=`date +%c`
>>> ### must be root ###
>>> if [ `whoami` != "root" ]; then
>>> echo ""
>>> echo "$0 must be ran as root"
>>> echo ""
>>> exit 1
>>> fi
>>> export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin
>>> is_ip="grep -Ec 
>>> '^[1-2]?[0-9]?[0-9]\.[0-2]?[0-9]?[0-9]\.[0-2]?[0-9]?[0-9]\.[0-2]?[0-9]?[0-9](\/[0-3]?[0-9])?$'"
>>> 
>>> if [ `echo $1 |eval $is_ip` != "1" ]; then
>>> echo "$mdate Error in IP address $1" >> $logf
>>> else
>>> echo "$1" >> /opt/spamdyke/etc/blacklist_ip
>>> echo "$mdate now dropping all packets from $1" >> $logf
>>> fi
>>> --snip --
>>> 
>>> best wishes
>>> Tony White
>>> On 18/4/20 8:04 pm, Tony White wrote:
>>> 
 Hi David,
 Try using this little script...
 
 -- snip --
 #!/bin/bash
 logf="/var/log/blockip.log"
 mdate=`date +%c`
 mip=$1
 ### must be root ###
 if [ `whoami` != "root" ]; then
 echo ""
 echo "$0 must be run as root"
 echo ""
 exit 1
 fi;
 
 if [ $mip == "--help" ]; then
 echo ""
 echo "Help: Block single and subnet IP's"
 echo ""
 echo "blockip 132.2.1.1"
 echo "blockip 132.1.0/24"
 echo ""
 exit 1
 fi;
 
 -- snip --
 
 worked for me forever...
 Use qtp watchall to monitor the logs a

Re: [qmailtoaster] relay on tcp.smtp.cdb

2019-07-18 Thread Leonardo - IW Telecom 
If I use port 25 the servers returns "421: Refused. You have no DNS 
reverse entry".


I guess it's still ignoring my rules in tcp.smtp.cdb file.

Could it be because I installed the qmail-1.03-3.1 from development version?


Em 18/07/2019 13:41, Eric Broch escreveu:


Why don't you use port 25?

On 7/18/2019 8:22 AM, Leonardo Porto wrote:


Eric,

The first client is an APC Automatic Transfer Switch, it has no SMTP 
authentication method so I configured relay and it was able to send 
us notification messages in the old server, not anymore in the new one.


The second client is a PC using Outlook Express, it has no STARTTLS 
support and its SSL method doesn't work, so I want to configure relay 
for it. I tried "my server requires authentication" (Server tab) 
option enabled and disabled, I tried "This /server requires/ a 
/secure connection/ (/SSL/)" (Advanced tab) also, both without success.


Leonardo


Em 18/07/2019 10:58, Eric Broch escreveu:


Are you authorizing with the client?

On 7/18/2019 7:51 AM, Leonardo Porto wrote:


Hi everyone,

My relay rules on tcp.smtp.cdb are not working after I installed a 
new server.


Here is my /etc/tcprules.d/tcp.smtp:

:allow,BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT="50",CHKUSER_WRONGRCPTLIMIT="3",NOP0FCHECK="1",QMAILQUEUE="/var/qmail/bin/simscan",DKQUEUE="/var/qmail/bin/qmail-queue.orig",DKVERIFY="DEGIJKfh",DKSIGN="/var/qmail/control/domainkeys/%/private"
10.5.5.189:allow,RELAYCLIENT=""
187.0.147.204:allow,RELAYCLIENT=""
208.84.243.:allow,RBLSMTPD=""

First line is the original from toaster installation, the other 
three lines I included the same way they were in the old server and 
I generated a new cdb file using "qmailctl cdb" command.


My /var/qmail/supervise/submission/run:

#!/bin/sh
QMAILDUID=`id -u vpopmail`
NOFILESGID=`id -g vpopmail`
MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
SMTPD="/var/qmail/bin/qmail-smtpd"
TCP_CDB="/etc/tcprules.d/tcp.smtp.cdb"
HOSTNAME=`hostname`
VCHKPW="/home/vpopmail/bin/vchkpw"
export SMTPAUTH="!"

exec /usr/bin/softlimit -m 12800 \
    /usr/bin/tcpserver -v -R -H -l $HOSTNAME -x $TCP_CDB -c 
"$MAXSMTPD" \

    -u "$QMAILDUID" -g "$NOFILESGID" 0 587 \
    $SMTPD $VCHKPW /bin/true 2>&1

But I still can't relay from those two clients throught port 587, 
the server asks for authentication. Any clues?

Re: [qmailtoaster] roundcube password plugin

2019-01-22 Thread Leonardo - IW Telecom 
Yeah I saw about it too but I did not try yet... I will try both and 
post the instructions.


Thanks


Em 22/01/2019 12:15, Eric Broch escreveu:


Here's another plugin that I've found, it logs into qmailadmin:

http://www.davidc.net/miscellany/qmailadmin-plugin-roundcube

On 1/22/2019 6:59 AM, Leonardo - IW Telecom wrote:


Eric,

I found the same page and I am thinking to do exactly you said.
Do you use roundcube or recommend another driver for password plugin?

Thanks.


Em 22/01/2019 11:37, Eric Broch escreveu:


Leonardo,

I've never used vpopmaild, but...Have a look here:

https://qmail.jms1.net/vpopmail/vpopmaild.shtml

I think you can tailor the location of the run script to match the 
current qmail configuration in /var/qmail/supervise/


Eric

On 1/22/2019 6:17 AM, Leonardo Porto wrote:


Hi everyone,

I am using Roundcube with my new qmailtoaster centos7 installation. 
But I did not installed it using yum, I downloaded it from 
roundcube website and run installation script, I guess it is the 
same result.
I trying to use the password plugin, it seems its default db driver 
does not work with qmail/vpopmail, so I tryed vpopmaild.
I run vpopmaild in command line using tcpserver and succefully 
changed the password in roundcube - I could see it working in 
command line.
Now I suppose I have to create supervise files for vpopmaild... is 
that the usual method? Or you guys use something else?

Thanks.

Leonardo.


--
Eric Broch
White Horse Technical Consulting (WHTC)

--
Eric Broch
White Horse Technical Consulting (WHTC)

Re: [qmailtoaster] roundcube password plugin

2019-01-22 Thread Leonardo - IW Telecom 

Eric,

I found the same page and I am thinking to do exactly you said.
Do you use roundcube or recommend another driver for password plugin?

Thanks.


Em 22/01/2019 11:37, Eric Broch escreveu:


Leonardo,

I've never used vpopmaild, but...Have a look here:

https://qmail.jms1.net/vpopmail/vpopmaild.shtml

I think you can tailor the location of the run script to match the 
current qmail configuration in /var/qmail/supervise/


Eric

On 1/22/2019 6:17 AM, Leonardo Porto wrote:


Hi everyone,

I am using Roundcube with my new qmailtoaster centos7 installation. 
But I did not installed it using yum, I downloaded it from roundcube 
website and run installation script, I guess it is the same result.
I trying to use the password plugin, it seems its default db driver 
does not work with qmail/vpopmail, so I tryed vpopmaild.
I run vpopmaild in command line using tcpserver and succefully 
changed the password in roundcube - I could see it working in command 
line.
Now I suppose I have to create supervise files for vpopmaild... is 
that the usual method? Or you guys use something else?

Thanks.

Leonardo.


--
Eric Broch
White Horse Technical Consulting (WHTC)