HOWTO: Upgrade layer1 MailScanner

equens

Well-Known Member
Feb 8, 2002
283
5
318
Ok, then, I only can say: houstom, we have a problem :) I was confused.

Hola Juanra, entonces he metido la pata en algo, porque he probado 100 veces que todos los mensajes enviados desde un servidor con Mailscanner son enviados desde una estafeta abierta, el maldito Open relay.
 
Last edited:

chirpy

Well-Known Member
Verifed Vendor
Jun 15, 2002
13,437
33
473
Go on, have a guess
We have this combination on all of our servers and we have no open relays at all.

Using MailScanner in itself will not open a relay since MailScanner does not receive or deliver email - your MTA does that, i.e. Exim. If it wasn't an open relay before installing MailScanner, it wouldn't be afterwords either, unless you changed the Exim configuration to make it one.
 

anand

Well-Known Member
Nov 11, 2002
1,432
1
168
India
cPanel Access Level
DataCenter Provider
Originally posted by equens
Hello Anand, I have more than 5 servers and only the servers that has installed Mailscanner and ClamAv sends all messages with open relay. I think that mailscanner uses open relay with exim to deliver email scanned.

And I think you know the problem to send emails to other domains with SpamAssassin :MSGID_FROM_MTA_SHORT Message-Id was added by a relay 3.3 pts.

Perhaps I am worried, but I think the solutions is not to change the filter from 5 to 6 or to fix open relays with /scripts/fixrelayd. I think is a problem from Mailscanner and his implementation in Cpanel. At this moment, we wont install Mailscanner in other servers.
As chirpy pointed out, mailscanner is not an MTA, its exim. Mailscanner only job is to take incoming mails, pass them to clam / any other antivirus for scanning, then take it back from clam and pass it back to exim for delivery. Nowhere mailscanner tries to deliver the mail directly. So mailscanner making your server an open relay is totally out of question.

check your exim configuration for this. Incase you still have doubts and can't figure out, try to reset exim to default and rebuild it on servers and then one by one make your earlier mods, keep on checking for open relays. I am sure its one of the custom mods done to it which made your servers as open relay.

To reset exim and rebuild it

/scripts/reseteximtodefaults
/scripts/exim4
 

Snowman30

Well-Known Member
PartnerNOC
Apr 7, 2002
679
0
316
cPanel Access Level
DataCenter Provider
Johnathon

I just went thru your great How too and i thought everything went ok but when watching the maillog i get the following errors:

root@daintree [/usr]# tail -f /var/log/maillog
Apr 17 21:12:35 daintree MailScanner[31048]: Using locktype = posix
Apr 17 21:12:35 daintree MailScanner[31048]: Creating hardcoded struct_flock subroutine for linux (Linux-type)
Apr 17 21:12:45 daintree MailScanner[31049]: MailScanner E-Mail Virus Scanner version 4.29.7 starting...
Apr 17 21:12:45 daintree MailScanner[31049]: Could not read Custom Functions directory /usr/MailScanner/lib/MailScanner/CustomFunctions
Apr 17 21:12:45 daintree MailScanner[31049]: Using locktype = posix
Apr 17 21:12:45 daintree MailScanner[31049]: Creating hardcoded struct_flock subroutine for linux (Linux-type)
Apr 17 21:12:55 daintree MailScanner[31051]: MailScanner E-Mail Virus Scanner version 4.29.7 starting...
Apr 17 21:12:55 daintree MailScanner[31051]: Could not read Custom Functions directory /usr/MailScanner/lib/MailScanner/CustomFunctions
Apr 17 21:12:55 daintree MailScanner[31051]: Using locktype = posix
Apr 17 21:12:55 daintree MailScanner[31051]: Creating hardcoded struct_flock subroutine for linux (Linux-type)
Apr 17 21:15:40 daintree cpanelpop[31074]: Connection from host=127.0.0.1 to ip=127.0.0.1
Apr 17 21:15:40 daintree cpanelpop[31074]: Session Closed host=127.0.0.1 ip=127.0.0.1 user=root realuser= totalxfer=47
Apr 17 21:15:40 daintree imapd[31083]: Logout user=??? domain=??? host=localhost [127.0.0.1]
I checked the MailScanner.conf file and the path to the /usr/MailScanner/lib/MailScanner/CustomFunctions folder and they are correct.

any ideas whats causing this?

and also as a second query....i was reading: http://forums.cpanel.net/showthread.php?s=&threadid=15538&highlight=mailscanner about running clam as a module should i do this on the server too???
 

chirpy

Well-Known Member
Verifed Vendor
Jun 15, 2002
13,437
33
473
Go on, have a guess
Hi,

This will probably be your problem in your MailScanner.conf:

/usr/MailScanner/lib/MailScanner/CustomFunctions

should be:

/usr/mailscanner/lib/MailScanner/CustomFunctions

Note: the initial lowercase mailscanner.

I would definitely recommend using the clamav module as it reduces server load significantly. ClamAV have just released a new version 0.70 which you can install from source and then upgrade Mail::ClamAV to the latest version (v0.08) which takes advantage of the new features of ClamAV v0.70 (use the instructions from that other thread).
 

Snowman30

Well-Known Member
PartnerNOC
Apr 7, 2002
679
0
316
cPanel Access Level
DataCenter Provider
Originally posted by chirpy
Hi,

This will probably be your problem in your MailScanner.conf:

/usr/MailScanner/lib/MailScanner/CustomFunctions

should be:

/usr/mailscanner/lib/MailScanner/CustomFunctions

Note: the initial lowercase mailscanner.

I would definitely recommend using the clamav module as it reduces server load significantly. ClamAV have just released a new version 0.70 which you can install from source and then upgrade Mail::ClamAV to the latest version (v0.08) which takes advantage of the new features of ClamAV v0.70 (use the instructions from that other thread).

That fixed it

Thanks for the advice :)
 

Snowman30

Well-Known Member
PartnerNOC
Apr 7, 2002
679
0
316
cPanel Access Level
DataCenter Provider
One thing i have just noticed is that clamavmodule wont update.

Ive tried on 3 different servers and all report an error with Inline::C
 

icanectc

Well-Known Member
Mar 10, 2003
342
0
166
I ran the test on it and got this output
Apr 30 22:09:26 server1 MailScanner[23435]: MailScanner E-Mail Virus Scanner version 4.29.7 starting...
Apr 30 22:09:26 server1 MailScanner[23435]: MailScanner E-Mail Virus Scanner version 4.29.7 starting...
Apr 30 22:09:26 server1 MailScanner[23435]: MailScanner E-Mail Virus Scanner version 4.29.7 starting...
Apr 30 22:09:26 server1 MailScanner[23435]: Could not read Custom Functions directory /opt/MailScanner/lib/MailScanner/CustomFunctions
Apr 30 22:09:26 server1 MailScanner[23435]: Could not read Custom Functions directory /opt/MailScanner/lib/MailScanner/CustomFunctions
Apr 30 22:09:26 server1 MailScanner[23435]: Could not read Custom Functions directory /opt/MailScanner/lib/MailScanner/CustomFunctions
Apr 30 22:09:26 server1 MailScanner[23435]: Could not read file /opt/MailScanner/var/MailScanner.pid
Apr 30 22:09:26 server1 MailScanner[23435]: Could not read file /opt/MailScanner/var/MailScanner.pid
Apr 30 22:09:26 server1 MailScanner[23435]: Could not read file /opt/MailScanner/var/MailScanner.pid
Apr 30 22:09:26 server1 MailScanner[23435]: Error in line 118, file "/opt/MailScanner/var/MailScanner.pid" for pidfile does not exist (or can not be read)
Apr 30 22:09:26 server1 MailScanner[23435]: Error in line 118, file "/opt/MailScanner/var/MailScanner.pid" for pidfile does not exist (or can not be read)
Apr 30 22:09:26 server1 MailScanner[23435]: Error in line 118, file "/opt/MailScanner/var/MailScanner.pid" for pidfile does not exist (or can not be read)


Is this normal?
 

chirpy

Well-Known Member
Verifed Vendor
Jun 15, 2002
13,437
33
473
Go on, have a guess
No, it's not - looks like you missed one or two steps. Try running the following then stop and restart MailScanner:
Code:
perl -pi -e "s/\/opt\/MailScanner/\/usr\/mailscanner/g"  /usr/mailscanner/bin/check_mailscanner
perl -pi -e "s/\/opt\/MailScanner/\/usr\/mailscanner/g"  /usr/mailscanner/bin/MailScanner
perl -pi -e "s/\/opt\/MailScanner/\/usr\/mailscanner/g"  /usr/mailscanner/lib/MailScanner/SystemDefs.pm
perl -pi -e "s/\/opt\/MailScanner/\/usr\/mailscanner/g"  /usr/mailscanner/lib/MailScanner/ConfigDefs.pl
perl -pi -e "s/\/opt\/MailScanner/\/usr\/mailscanner/g"  /usr/mailscanner/etc/virus.scanners.conf
perl -pi -e "s/\/opt\/MailScanner/\/usr\/mailscanner/g"  /usr/mailscanner/etc/MailScanner.conf
perl -pi -e "s/\/opt\/MailScanner/\/usr\/mailscanner/g"  /usr/mailscanner/lib/*
perl -pi -e "s/\/opt\/MailScanner/\/usr\/mailscanner/g"  /usr/mailscanner/lib/MailScanner/*
perl -pi -e "s/\/opt\/MailScanner/\/usr\/mailscanner/g"  /usr/mailscanner/bin/update_virus_scanners
 

icanectc

Well-Known Member
Mar 10, 2003
342
0
166
Thanks that seemed to fix the mass errors however now I get this

File containing list of incoming queue dirs (/var/spool/mqueue.in) does not exist


anyway to fix this? I notice the mail gets sent but never gets received... would this be the cause?
 

icanectc

Well-Known Member
Mar 10, 2003
342
0
166
I got that mqueue.in fixed and all seems to be working okay..

Except no one on the server can receive mail or send any out.

The message clears the mailserver (as if it were to send). But goes no where fast.

looking in the logs I find this.

May 2 13:36:36 server1 cpanelpop[21247]: Connection from host=65.2.198.24 to ip=66.139.77.157
May 2 13:36:36 server1 cpanelpop[21247]: Connection from host=65.2.198.24 to ip=66.139.77.157
May 2 13:36:36 server1 cpanelpop[21247]: Connection from host=65.2.198.24 to ip=66.139.77.157
May 2 13:36:36 server1 cpanelpop[21247]: Login host=65.2.198.24 ip=65.2.198.24 [email protected] [email protected]
May 2 13:36:36 server1 cpanelpop[21247]: Login host=65.2.198.24 ip=65.2.198.24 [email protected] [email protected]
May 2 13:36:36 server1 cpanelpop[21247]: Login host=65.2.198.24 ip=65.2.198.24 [email protected] [email protected]
May 2 13:36:36 server1 cpanelpop[21247]: Session Closed host=65.2.198.24 ip=65.2.198.24 user[email protected] [email protected] totalxfer=186
May 2 13:36:36 server1 cpanelpop[21247]: Session Closed host=65.2.198.24 ip=65.2.198.24 user[email protected] [email protected] totalxfer=186
May 2 13:36:36 server1 cpanelpop[21247]: Session Closed host=65.2.198.24 ip=65.2.198.24 user[email protected] [email protected] totalxfer=186
May 2 13:36:56 server1 cpanelpop[21251]: Connection from host=adsl-068-209-101-132.sip.mia.bellsouth.net to ip=66.139.77.157
May 2 13:36:56 server1 cpanelpop[21251]: Connection from host=adsl-068-209-101-132.sip.mia.bellsouth.net to ip=66.139.77.157
May 2 13:36:56 server1 cpanelpop[21251]: Connection from host=adsl-068-209-101-132.sip.mia.bellsouth.net to ip=66.139.77.157
May 2 13:36:56 server1 cpanelpop[21251]: Login host=adsl-068-209-101-132.sip.mia.bellsouth.net ip=68.209.101.132 [email protected] [email protected]
May 2 13:36:56 server1 cpanelpop[21251]: Login host=adsl-068-209-101-132.sip.mia.bellsouth.net ip=68.209.101.132 [email protected] [email protected]
May 2 13:36:56 server1 cpanelpop[21251]: Login host=adsl-068-209-101-132.sip.mia.bellsouth.net ip=68.209.101.132 [email protected] [email protected]
May 2 13:36:56 server1 cpanelpop[21251]: Session Closed host=adsl-068-209-101-132.sip.mia.bellsouth.net ip=68.209.101.132 user[email protected] [email protected] totalxfer=187
May 2 13:36:56 server1 cpanelpop[21251]: Session Closed host=adsl-068-209-101-132.sip.mia.bellsouth.net ip=68.209.101.132 user[email protected] [email protected] totalxfer=187
May 2 13:36:56 server1 cpanelpop[21251]: Session Closed host=adsl-068-209-101-132.sip.mia.bellsouth.net ip=68.209.101.132 [email protected] realuser=p

I dont notice any email checks at all.. The Moment i uninstall Mailscanner all mail flows again..

What am I doing wrong? There just appears to be no errors.
 

perlchild

Well-Known Member
Sep 1, 2002
279
0
166
Originally posted by icanectc
Thanks that seemed to fix the mass errors however now I get this

File containing list of incoming queue dirs (/var/spool/mqueue.in) does not exist


anyway to fix this? I notice the mail gets sent but never gets received... would this be the cause?
You might want to check /etc/sysconfig/MailScanner and set the MTA variable to exim, among other things
 

chirpy

Well-Known Member
Verifed Vendor
Jun 15, 2002
13,437
33
473
Go on, have a guess
I would suggest that you back out and run:

/scripts/exim4

The reinstall the layer1 MailScanner, then try the upgrade again.
 

icanectc

Well-Known Member
Mar 10, 2003
342
0
166
I got this working and it works great. I do have 1 question what file must we edit to change the return email text? Is there a way to modify the return text on an email that mailscanner deliverys? It says a lot of stuff about the HELPDESK but I would like to be able to direct them to us directly instead of them guessing who to contact. What file must I edit??