Postfix + AntiVirus + Spamassassins

Hy Ng,

I'm quite a newbi to to this, so I hope you can help me.

I have a Linux Kernel 2.4.26 with Postfix 20010228pl04-62 with MySQL support
and Cyrus SASL-2.1.10 and Panda Antivirus.
This configuration works realy good for my, but now I want to put
spamassasins in my config, but don't know how. I googled for this but found
no useable tutorial or something. The only thing I found was a discussion in
a french newsgroup which I didn't understand.

Maybe you can help me setting this up.

Attached you will find my master.cf and my suggestion to put spamassasins in
there. I allready tried this configuration but got this error at postfix
restart:
Jun 11 12:34:07 web postfix/smtpd[32613]: fatal: unexpected command-line
argument: filter=spamassassin
Jun 11 12:34:08 web postfix/master[32587]: warning: process
/usr/lib/postfix/smtpd pid 32613 exit status 1
Jun 11 12:34:08 web postfix/master[32587]: warning: /usr/lib/postfix/smtpd:
bad command startup -- throttling
Jun 11 12:35:08 web postfix/smtpd[32622]: fatal: unexpected command-line
argument: filter=spamassassin
Jun 11 12:35:09 web postfix/master[32587]: warning: process
/usr/lib/postfix/smtpd pid 32622 exit status 1
Jun 11 12:35:09 web postfix/master[32587]: warning: /usr/lib/postfix/smtpd:
bad command startup -- throttling
Jun 11 12:35:10 web postfix/master[32587]: terminating on signal 15


Cheers
Julian


Master.cf:
# ================================================== ========================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (50)
# ================================================== ========================

#Panda Antivirus
smtp inet n - n - - smtpd -o
content_filter=pav_postfix:dummy
#Panda Antivirus

>> My Suggestion for Spamassassins
#Spamassassin
#smtp inet n - n - - smtpd -o content
filter=spamassassin
#Spamassassin


localhost:10025 inet n - y - - smtpd -o
content_filter=

pickup unix n n n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr fifo n - n 300 1 nqmgr
tlsmgr fifo - - n 300 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
flush unix n - n 1000? 0 flush
smtp unix - - n - - smtp
showq unix n - n - - showq
error unix - - n - - error
local unix - n n - - local
lmtp unix - - n - - lmtp


cyrus unix - n n - - pipe flags=
user=cyrus argv=/usr/cyrus/bin/deliver -r ${sender} -m ${extension} ${user}
uucp unix - n n - - pipe flags=F
user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail unix - n n - - pipe flags=F
user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe flags=F.
user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
procmail unix - n n - - pipe flags=R
user=cyrus argv=/usr/bin/procmail -t -m USER=${user} EXT=${extension}
/etc/procmailrc
virtual unix - n n - - virtualrelay
unix - - n - - smtp
relay unix - - n - - smtp
proxymap unix - - n - - proxymap


#Panda Antivirus begin
pav_postfix unix - n n - 5 pipe flags=R
user=panda argv=/usr/local/share/pav_postfix/pav_postfix -f ${sender} --
${recipient}
#Panda Antivirus end

>>My suggestion for the filter
#Spamasassin begin
#spamassassin unix - n n - - pipe
user=spamassassin argv=/etc/postfix/spamfilter.sh -f ${sender} --
${recipient}
#Spamasassissn end


The Postfix-Spamassissin sh script:

#!/bin/sh
#
SENDMAIL="/usr/lib/sendmail -i"
SPAMASSASSIN=/usr/bin/spamc

EX UNAVAILABLE=69

$SPAMASSASSIN -f 2>/dev/null \
| $SENDMAIL "$@" || \
{ echo Message content rejected; exit $EX UNAVAILABLE; }

exit 0

Julian Totzek wrote:

Hi Julian,

>>>My Suggestion for Spamassassins
>
> #Spamassassin
> #smtp inet n - n - - smtpd -o content
> filter=spamassassin

The underscore is missing, should be
"smtpd -o content_filter=spamassassin"

Greetings,
Simon

> >>>My Suggestion for Spamassassins
> >
> > #Spamassassin
> > #smtp inet n - n - - smtpd -o content
> > filter=spamassassin
>
> The underscore is missing, should be
> "smtpd -o content_filter=spamassassin"

hi,

yes I found this to but it still wont work.

If I use this configuration only the spamassins filter work, the virus
filter doenst work.

Any suggestions?

Julz

Julian Totzek wrote:
>>>>>My Suggestion for Spamassassins
>>>
>>>#Spamassassin
>>>#smtp inet n - n - - smtpd -o content
>>>filter=spamassassin
>>
>>The underscore is missing, should be
>>"smtpd -o content_filter=spamassassin"
>
>
> hi,
>
> yes I found this to but it still wont work.
>
> If I use this configuration only the spamassins filter work, the virus
> filter doenst work.
>
> Any suggestions?
>
> Julz

Hi,

you have two different content filters and two different service
definitions for the smtp service (the second one is commented out). So
only one content filter is active at a time (depending on what smtp
service definition is active).

What you need is to cascade the two filters. I don't know your
anti-virus software, how are the messages returned to postfix after
scanning? I suppose its the additional smtpd listening on localhost:10025.

> localhost:10025 inet n - y - - smtpd -o
> content_filter=

I would suggest to change this entry to

localhost:10025 inet n - y - - smtpd -o
content_filter=spamassassin

and use the smtp definition for the virus scanner.

> #Panda Antivirus
> smtp inet n - n - - smtpd -o
> content_filter=pav_postfix:dummy
> #Panda Antivirus

Now all your messages should get scanned by your anti-virus software and
afterwards analysed by spamassassin.

This setup works well in my environment (with a different anti-virus
software).

Greetings,
Simon

"Simon Schelkshorn" <news@schelkshorn.de> schrieb im Newsbeitrag
news:2j3btiFsqalqU1@uni-berlin.de...
> Julian Totzek wrote:
> >>>>>My Suggestion for Spamassassins
> >>>
> >>>#Spamassassin
> >>>#smtp inet n - n - - smtpd -o
content
> >>>filter=spamassassin
> >>
> >>The underscore is missing, should be
> >>"smtpd -o content_filter=spamassassin"
> >
> >
> > hi,
> >
> > yes I found this to but it still wont work.
> >
> > If I use this configuration only the spamassins filter work, the virus
> > filter doenst work.
> >
> > Any suggestions?
> >
> > Julz
>
> Hi,
>
> you have two different content filters and two different service
> definitions for the smtp service (the second one is commented out). So
> only one content filter is active at a time (depending on what smtp
> service definition is active).
>
> What you need is to cascade the two filters. I don't know your
> anti-virus software, how are the messages returned to postfix after
> scanning? I suppose its the additional smtpd listening on localhost:10025.
>
> > localhost:10025 inet n - y - - smtpd -o
> > content_filter=
>
> I would suggest to change this entry to
>
> localhost:10025 inet n - y - - smtpd -o
> content_filter=spamassassin
>
> and use the smtp definition for the virus scanner.
>
> > #Panda Antivirus
> > smtp inet n - n - - smtpd -o
> > content_filter=pav_postfix:dummy
> > #Panda Antivirus
>
> Now all your messages should get scanned by your anti-virus software and
> afterwards analysed by spamassassin.
>
> This setup works well in my environment (with a different anti-virus
> software).

Hi Simon,

yes, this where my first idea, but no headers are attached to the mail. But
as I said I just scans for Virus now. There is no hint on Spamassassin
nither in the logs nor in the mailheader.

Here is what happens:

Jun 14 10:44:22 web postfix/smtpd[11553]: connect from
www.heise.de[193.99.144.71]
Jun 14 10:44:22 web postfix/smtpd[11553]: C51583BC0B3:
client=www.heise.de[193.99.144.71]
Jun 14 10:44:23 web postfix/cleanup[11555]: C51583BC0B3:
message-id=<E1BZn4l-00006a-00.octo06@www.heise.de>
Jun 14 10:44:23 web postfix/nqmgr[10635]: C51583BC0B3:
from=<emailcheck-robot@ct.heise.de>, size=2056, nrcpt=1 (queue active)
Jun 14 10:44:23 web postfix/smtpd[11553]: disconnect from
www.heise.de[193.99.144.71]
Jun 14 10:44:23 web postfix/postdrop[11568]: warning: unable to look up
public/pickup: Permission denied
Jun 14 10:44:23 web postfix/pipe[11564]: C51583BC0B3:
to=<myuser@mydomain.de>, orig_to=<myname@mydomain.de>, relay=pav_postfix,
delay=1, status=sent (dummy)
Jun 14 10:44:25 web postfix/pickup[10634]: 558383BC0B3: uid=5003
from=<emailcheck-robot@ct.heise.de>
Jun 14 10:44:25 web postfix/cleanup[11555]: 558383BC0B3:
message-id=<E1BZn4l-00006a-00.octo06@www.heise.de>
Jun 14 10:44:25 web postfix/nqmgr[10635]: 558383BC0B3:
from=<emailcheck-robot@ct.heise.de>, size=1906, nrcpt=1 (queue active)
Jun 14 10:44:25 web postfix/pipe[11570]: 558383BC0B3:
to=<myuser@mydomain,de>, relay=cyrus, delay=2, status=sent (web.deck7.net)

Only the pav_postfix Virus Scanner works. I realy tried so much different
config's. I realy sgoogled for it but I only found tutorials with
Spamassasin and other progs, ther is no tutorial with just
Antivirus/Spamassassin and Postfix.

Thanks for your help
Cheers
Julian

>>>>>My Suggestion for Spamassassins
> >>>
> >>>#Spamassassin
> >>>#smtp inet n - n - - smtpd -o
content
> >>>filter=spamassassin
> >>
> >>The underscore is missing, should be
> >>"smtpd -o content_filter=spamassassin"
> >
> >
> > hi,
> >
> > yes I found this to but it still wont work.
> >
> > If I use this configuration only the spamassins filter work, the virus
> > filter doenst work.
> >
> > Any suggestions?
> >
> > Julz
>
> Hi,
>
> you have two different content filters and two different service
> definitions for the smtp service (the second one is commented out). So
> only one content filter is active at a time (depending on what smtp
> service definition is active).
>
> What you need is to cascade the two filters. I don't know your
> anti-virus software, how are the messages returned to postfix after
> scanning? I suppose its the additional smtpd listening on localhost:10025.
>
> > localhost:10025 inet n - y - - smtpd -o
> > content_filter=
>
> I would suggest to change this entry to
>
> localhost:10025 inet n - y - - smtpd -o
> content_filter=spamassassin
>
> and use the smtp definition for the virus scanner.
>
> > #Panda Antivirus
> > smtp inet n - n - - smtpd -o
> > content_filter=pav_postfix:dummy
> > #Panda Antivirus
>
> Now all your messages should get scanned by your anti-virus software and
> afterwards analysed by spamassassin.
>
> This setup works well in my environment (with a different anti-virus
> software).


Hy,

I tried the other way round:

smtp inet n - n - - smtpd -o
content_filter=spamassassin:783
localhost:10025 inet n - y - - smtpd -o
content_filter=pav_postfix:dummy

and my logs shows

Jun 14 11:32:09 web postfix/smtpd[12295]: connect from
www.heise.de[193.99.144.71]
Jun 14 11:32:09 web postfix/smtpd[12295]: F20FA3BC0B3:
client=www.heise.de[193.99.144.71]
Jun 14 11:32:10 web postfix/cleanup[12297]: F20FA3BC0B3:
message-id=<E1BZnp0-0008Ph-00.octo10@www.heise.de>
Jun 14 11:32:10 web postfix/nqmgr[12284]: warning: connect to transport
smtp-spamasassin: No such file or directory
Jun 14 11:32:10 web postfix/nqmgr[12284]: F20FA3BC0B3:
from=<emailcheck-robot@ct.heise.de>, size=2056, nrcpt=1 (queue active)
Jun 14 11:32:10 web spamd[1413]: connection from localhost [127.0.0.1] at
port 32818
Jun 14 11:32:10 web spamd[12306]: info: setuid to nobody succeeded
Jun 14 11:32:10 web spamd[12306]: processing message
<E1BZnp0-0008Ph-00.octo10@www.heise.de> for nobody:65534.
Jun 14 11:32:10 web postfix/smtpd[12295]: disconnect from
www.heise.de[193.99.144.71]
Jun 14 11:32:10 web spamd[12306]: clean message (0.0/5.0) for nobody:65534
in 0.0 seconds, 1998 bytes.
Jun 14 11:32:10 web postfix/postdrop[12308]: warning: unable to look up
public/pickup: Permission denied
Jun 14 11:32:10 web postfix/pipe[12304]: F20FA3BC0B3:
to=<myuser@mydomain.de>, orig_to=name@mydomain.de, relay=spamassassin,
delay=1, status=sent (783)
Jun 14 11:32:43 web postfix/pickup[12283]: 9EC853BC0B3: uid=65534
from=<emailcheck-robot@ct.heise.de>
Jun 14 11:32:43 web postfix/cleanup[12297]: 9EC853BC0B3:
message-id=<E1BZnp0-0008Ph-00.octo10@www.heise.de>
Jun 14 11:32:43 web postfix/nqmgr[12284]: 9EC853BC0B3:
from=<emailcheck-robot@ct.heise.de>, size=2364, nrcpt=1 (queue active)
Jun 14 11:32:43 web postfix/pipe[12313]: 9EC853BC0B3:
to=<myuser@mydomain.de>, relay=cyrus, delay=33, status=sent (mydomain.de)


So the spamfilter affects but the Eicar Test virus was nit filtered!

No more ideas!

Greetz
Julian

Julian Totzek wrote:
> Hi Simon,
Hi Julian,

>
> yes, this where my first idea, but no headers are attached to the mail. But
> as I said I just scans for Virus now. There is no hint on Spamassassin
> nither in the logs nor in the mailheader.
when looking onto your log excerpt I recognize that my assumption on how
Mails are returned to postfix after scanning by your anti-virus software
is wrong.

>
> Here is what happens:
>
> Jun 14 10:44:22 web postfix/smtpd[11553]: connect from
> www.heise.de[193.99.144.71]
> Jun 14 10:44:22 web postfix/smtpd[11553]: C51583BC0B3:
> client=www.heise.de[193.99.144.71]
> Jun 14 10:44:23 web postfix/cleanup[11555]: C51583BC0B3:
> message-id=<E1BZn4l-00006a-00.octo06@www.heise.de>
> Jun 14 10:44:23 web postfix/nqmgr[10635]: C51583BC0B3:
> from=<emailcheck-robot@ct.heise.de>, size=2056, nrcpt=1 (queue active)
> Jun 14 10:44:23 web postfix/smtpd[11553]: disconnect from
> www.heise.de[193.99.144.71]
> Jun 14 10:44:23 web postfix/postdrop[11568]: warning: unable to look up
> public/pickup: Permission denied
> Jun 14 10:44:23 web postfix/pipe[11564]: C51583BC0B3:
> to=<myuser@mydomain.de>, orig_to=<myname@mydomain.de>, relay=pav_postfix,
> delay=1, status=sent (dummy)
> Jun 14 10:44:25 web postfix/pickup[10634]: 558383BC0B3: uid=5003
> from=<emailcheck-robot@ct.heise.de>
> Jun 14 10:44:25 web postfix/cleanup[11555]: 558383BC0B3:
> message-id=<E1BZn4l-00006a-00.octo06@www.heise.de>

Your virus scanner seems to reinject the mails after scanning using the
sendmail command and not a second smtpd process. As your spamassassin
command also returns the mail to postfix via the sendmail command you
can't use this service definition to integrate spam filtering.

> Jun 14 10:44:25 web postfix/nqmgr[10635]: 558383BC0B3:
> from=<emailcheck-robot@ct.heise.de>, size=1906, nrcpt=1 (queue active)
> Jun 14 10:44:25 web postfix/pipe[11570]: 558383BC0B3:
> to=<myuser@mydomain,de>, relay=cyrus, delay=2, status=sent (web.deck7.net)
>
> Only the pav_postfix Virus Scanner works. I realy tried so much different
> config's. I realy sgoogled for it but I only found tutorials with
> Spamassasin and other progs, ther is no tutorial with just
> Antivirus/Spamassassin and Postfix.

In this specific case I don't know how to solve the proplem at the
moment. Isn't there a possibility to configure the anti-virus software
not to use the sendmail command but to deliver the scanned mail via the
SMTP-protocol to a given host:port? Another possibility would be to
configure the virus scanner to use a different sendmail command (i. e.
mysendmail) and define this command as an additional service in postfix
(I don't know how to do this, if someone else knows, please let me know).

>
> Thanks for your help
> Cheers
> Julian

Greetings,
Simon

Julian Totzek wrote:

> Hy,
>
> I tried the other way round:
>
> smtp inet n - n - - smtpd -o
> content_filter=spamassassin:783
> localhost:10025 inet n - y - - smtpd -o
> content_filter=pav_postfix:dummy

Does not make any difference in principle as both filters use the
sendmail command for reinjecting the message into postfix. The
localhost:10025 smtpd service is not used at all :-(

> and my logs shows
>
> (...)
>
> So the spamfilter affects but the Eicar Test virus was nit filtered!
>
> No more ideas!
>
> Greetz
> Julian

Greetings,
Simon