The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

HOW TO: Exim, Exiscan, & ClamAV

Discussion in 'General Discussion' started by wish, Apr 15, 2004.

  1. wish

    wish Member

    Joined:
    Aug 14, 2003
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    1
    I was keen on getting exiscan to work with CPanel, but I couldn't find much on it or many that had done it, so after working through it, I put this together as a cookbook for setting up exiscan on systems identical to ours.

    I tried to include enough information so that others can puzzle it out for their own systems. Exiscan works like a charm for us, and I'm very happy with it. Your mileage may vary, of course.

    The text is a bit too long for a post, so I've attached it as a file.

    This is a work in progress...comments are encouraged.
     

    Attached Files:

  2. dario2

    dario2 Member

    Joined:
    Sep 21, 2002
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    Really great article, Wish! Thanks!

    I've been using MailScanner (with McAffee's VirusScan), but it's a HUGE processor and memory hog, so I'm seriously considering moving to Exiscan. I've managed to create a patched Exim for Cpanel RPM. But, after I installed it, without even modifying the exim.conf file, Exim started rejecting e-mails, like this (domais and IP altered for privacy):

    2004-05-04 02:25:25 H=(remote.mailserver.com) [64.11.11.11] F=<some@sender.com> temporarily rejected RCPT <local@email.com>: cannot test verify in RCPT ACL

    The e-mail queue grew wildly, so I had to return to my previous config. Question is: did you have the same problem? Do you know what that error is?

    Thx!
    -Dario
     
  3. wish

    wish Member

    Joined:
    Aug 14, 2003
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    1
    Thanks.

    No, I didn't see this problem. If exim is having trouble with verify in the RCPT ACL, first I'd look at what user your new RPM build is running under (not likely to be your problem, but...), then verify that the exim config file was not overwritten or that even a different one is being used by your new build.
     
  4. dario2

    dario2 Member

    Joined:
    Sep 21, 2002
    Messages:
    10
    Likes Received:
    0
    Trophy Points:
    1
    Thanks for the help! Turns out that I applied patch

    exiscan-acl-4.30-13

    which had a bug! I reapplied patch version -14, which, in my defense, was not mentioned in the Exiscan changelog, and it worked.

    -Dario
     
  5. tAzMaNiAc

    tAzMaNiAc Well-Known Member

    Joined:
    Feb 16, 2003
    Messages:
    559
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Sachse, TX
    Does exiscan actually work with lower levels? I'd be interested in trying ths out if so. I use MailScanner and have noticed processor hogging with mailing lists..

    Brenden
     
  6. tawfiq

    tawfiq Active Member

    Joined:
    Mar 13, 2004
    Messages:
    37
    Likes Received:
    0
    Trophy Points:
    6
    i am interested in why did u chosse exisan over MailScanner or if u considered MailScanner at all?
     
  7. wish

    wish Member

    Joined:
    Aug 14, 2003
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    1
    Brenden: It's not so much that exiscan works at a lower level but that it works at SMTP connect, instead of after mail has been accepted. Scanning during the SMTP dialog seems to be less resource intensive on several levels.

    tawfiq: MailScanner is excellent, best-in-class even. Our current server was seeing what Brenden was seeing: high cpu loads. We wanted to see if exiscan could help us. So far it has, though I don't have anything but anectdotal evidence, no hard tests, since our server isn't up to full load yet.

    I'd be very interested to hear what others experience if they decide to try exiscan.
     
  8. maras

    maras Registered

    Joined:
    Oct 17, 2003
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
  9. chrisbond

    chrisbond Well-Known Member

    Joined:
    Apr 12, 2003
    Messages:
    59
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Hereford, United Kingdom
    BTW Nicks just released exim 4.34 that includes the exiacl patches. So you can skip a lot of the steps. I might update it later today if i get chance.
     
  10. rs-freddo

    rs-freddo Well-Known Member

    Joined:
    May 13, 2003
    Messages:
    832
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Australia
    cPanel Access Level:
    Root Administrator
    I would be interested in how to use exiscan with the new 4.34
     
  11. Valetia

    Valetia Well-Known Member

    Joined:
    Jun 20, 2002
    Messages:
    207
    Likes Received:
    1
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Same here, any updates?
     
  12. anand

    anand Well-Known Member

    Joined:
    Nov 11, 2002
    Messages:
    1,435
    Likes Received:
    1
    Trophy Points:
    38
    Location:
    India
    cPanel Access Level:
    DataCenter Provider
    I got it working perfectly fine with the new exim. I have the auto installer also ready on this. Just finishing my notes, once done i will post everything here.
     
  13. casey

    casey Well-Known Member

    Joined:
    Jan 17, 2003
    Messages:
    2,303
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    If there is trouble, it will find me
    anand, could you also post what the advantages/disadvantages are to this over mailscanner? Does exiscan come with quarantine functions and the like? Does it add {virus?} or some other text to e-mails? Can it be customized?

    Sorry. I'm too lazy to test it myself.:)
     
  14. anand

    anand Well-Known Member

    Joined:
    Nov 11, 2002
    Messages:
    1,435
    Likes Received:
    1
    Trophy Points:
    38
    Location:
    India
    cPanel Access Level:
    DataCenter Provider
    hey casey :)

    The only thing i can say is the advantages are very serious, i got this running on 10 servers till now and on all servers i saw improvement on cpu loads. Mailscanner was choking the server with mail traffic increasing, atleast with this the load is reduced.

    As for quarantine, understand this, the patch allows you to reject mail at the MTA level, so basically the mail doesn't enter your queue. This helps in reducing the load on the server considerably.

    Let me know if i confused you. ;)
     
  15. rs-freddo

    rs-freddo Well-Known Member

    Joined:
    May 13, 2003
    Messages:
    832
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Australia
    cPanel Access Level:
    Root Administrator
    Cool!
     
  16. chrisbond

    chrisbond Well-Known Member

    Joined:
    Apr 12, 2003
    Messages:
    59
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Hereford, United Kingdom
    Loads dropped from 2.00+ (quite often it would jump to 10+) to 0.40!!
     
  17. casey

    casey Well-Known Member

    Joined:
    Jan 17, 2003
    Messages:
    2,303
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    If there is trouble, it will find me
    Nope, not at all. I'm almost sold on it. :)

    What I meant by the quarantine, though, is when a virus is found. What happens to emails with viruses? Does the sender get the email returned to him or is it just rejected? My customers will want one of the following:

    1) If viruses are stripped and delivered, they will want to be able to retrieve the original message if it was a wrongful detection.

    2) If viruses are simply rejected, the customers will want the email returned to the sender, so that again, if a message is wrongfully detected the sender will know to send again by some other means.
     
  18. JohnL

    JohnL Member

    Joined:
    Apr 10, 2003
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    1
    no exim .src available

    Hello there!

    Problem here with rebuilding Exim ... as there is no .src available for any of the newer Exim relases. I have two RH 9 servers, but the same seems true for RHEL. cPanel v. 9.2.x comes with exim-4.34, but I just don't see any source code for that:

    http://diff.cpanel.net/exim-cpanel7.2.0/s9/

    Any suggestions?? First downgrading cPanel, then installing, and later upgradinga again?? By the way, would any cPanel upgrade overwrite the anti-virus package installed in this thread?

    John
     
  19. anand

    anand Well-Known Member

    Joined:
    Nov 11, 2002
    Messages:
    1,435
    Likes Received:
    1
    Trophy Points:
    38
    Location:
    India
    cPanel Access Level:
    DataCenter Provider

    :D
    The mail is rejected moment the virus info is found in them with info as "Mailware or Virus found in mail (Virus Name)". This looks like those mail server errors which you usually see.

    The mail is just completely rejected. When exim accepts the data section, clam scans for virus or malware stuff, if found, the mail session is closed with an MTA error retuned to the sender stating that there is malware or virus.

    I have been closely watching the 10 servers i have this installed now, the load has been very low on them. To compare it, with mailscanner i hardly remember a time when i saw the load less than 4-5, even shot up to 10 at times with heavy mail traffic. Now the load sits cool at < 1, i think thats a considerable gain :)

    Just got stuck with something more, i have everything ready and with the auto installer it should be a piece of cake for anyone to install. I will try to post info asap.
     
  20. anand

    anand Well-Known Member

    Joined:
    Nov 11, 2002
    Messages:
    1,435
    Likes Received:
    1
    Trophy Points:
    38
    Location:
    India
    cPanel Access Level:
    DataCenter Provider
    Re: no exim .src available

    Just upgrade to current releases, run the following on shell

    /scripts/updated
    /scripts/updatenow
    /scripts/exim4

    This should give you the new exim.
     
Loading...

Share This Page