HOWTO: Upgrade layer1 MailScanner

[equens]

Ok, then, I only can say: houstom, we have a problem I was confused.

Hola Juanra, entonces he metido la pata en algo, porque he probado 100 veces que todos los mensajes enviados desde un servidor con Mailscanner son enviados desde una estafeta abierta, el maldito Open relay.

 

[chirpy]

We have this combination on all of our servers and we have no open relays at all.

Using MailScanner in itself will not open a relay since MailScanner does not receive or deliver email - your MTA does that, i.e. Exim. If it wasn't an open relay before installing MailScanner, it wouldn't be afterwords either, unless you changed the Exim configuration to make it one.

 

[anand]

Originally posted by equens
Hello Anand, I have more than 5 servers and only the servers that has installed Mailscanner and ClamAv sends all messages with open relay. I think that mailscanner uses open relay with exim to deliver email scanned.

And I think you know the problem to send emails to other domains with SpamAssassin :MSGID_FROM_MTA_SHORT Message-Id was added by a relay 3.3 pts.

Perhaps I am worried, but I think the solutions is not to change the filter from 5 to 6 or to fix open relays with /scripts/fixrelayd. I think is a problem from Mailscanner and his implementation in Cpanel. At this moment, we wont install Mailscanner in other servers.

As chirpy pointed out, mailscanner is not an MTA, its exim. Mailscanner only job is to take incoming mails, pass them to clam / any other antivirus for scanning, then take it back from clam and pass it back to exim for delivery. Nowhere mailscanner tries to deliver the mail directly. So mailscanner making your server an open relay is totally out of question.

check your exim configuration for this. Incase you still have doubts and can't figure out, try to reset exim to default and rebuild it on servers and then one by one make your earlier mods, keep on checking for open relays. I am sure its one of the custom mods done to it which made your servers as open relay.

To reset exim and rebuild it

/scripts/reseteximtodefaults
/scripts/exim4

 

[Snowman30]

Johnathon

I just went thru your great How too and i thought everything went ok but when watching the maillog i get the following errors:

root@daintree [/usr]# tail -f /var/log/maillog
Apr 17 21:12:35 daintree MailScanner[31048]: Using locktype = posix
Apr 17 21:12:35 daintree MailScanner[31048]: Creating hardcoded struct_flock subroutine for linux (Linux-type)
Apr 17 21:12:45 daintree MailScanner[31049]: MailScanner E-Mail Virus Scanner version 4.29.7 starting...
Apr 17 21:12:45 daintree MailScanner[31049]: Could not read Custom Functions directory /usr/MailScanner/lib/MailScanner/CustomFunctions
Apr 17 21:12:45 daintree MailScanner[31049]: Using locktype = posix
Apr 17 21:12:45 daintree MailScanner[31049]: Creating hardcoded struct_flock subroutine for linux (Linux-type)
Apr 17 21:12:55 daintree MailScanner[31051]: MailScanner E-Mail Virus Scanner version 4.29.7 starting...
Apr 17 21:12:55 daintree MailScanner[31051]: Could not read Custom Functions directory /usr/MailScanner/lib/MailScanner/CustomFunctions
Apr 17 21:12:55 daintree MailScanner[31051]: Using locktype = posix
Apr 17 21:12:55 daintree MailScanner[31051]: Creating hardcoded struct_flock subroutine for linux (Linux-type)
Apr 17 21:15:40 daintree cpanelpop[31074]: Connection from host=127.0.0.1 to ip=127.0.0.1
Apr 17 21:15:40 daintree cpanelpop[31074]: Session Closed host=127.0.0.1 ip=127.0.0.1 user=root realuser= totalxfer=47
Apr 17 21:15:40 daintree imapd[31083]: Logout user=??? domain=??? host=localhost [127.0.0.1]

I checked the MailScanner.conf file and the path to the /usr/MailScanner/lib/MailScanner/CustomFunctions folder and they are correct.

any ideas whats causing this?

and also as a second query....i was reading: http://forums.cpanel.net/showthread.php?s=&threadid=15538&highlight=mailscanner about running clam as a module should i do this on the server too???

 

[chirpy]

Hi,

This will probably be your problem in your MailScanner.conf:

/usr/MailScanner/lib/MailScanner/CustomFunctions

should be:

/usr/mailscanner/lib/MailScanner/CustomFunctions

Note: the initial lowercase mailscanner.

I would definitely recommend using the clamav module as it reduces server load significantly. ClamAV have just released a new version 0.70 which you can install from source and then upgrade Mail::ClamAV to the latest version (v0.08) which takes advantage of the new features of ClamAV v0.70 (use the instructions from that other thread).

 

[Snowman30]

Originally posted by chirpy
Hi,

This will probably be your problem in your MailScanner.conf:

/usr/MailScanner/lib/MailScanner/CustomFunctions

should be:

/usr/mailscanner/lib/MailScanner/CustomFunctions

Note: the initial lowercase mailscanner.

I would definitely recommend using the clamav module as it reduces server load significantly. ClamAV have just released a new version 0.70 which you can install from source and then upgrade Mail::ClamAV to the latest version (v0.08) which takes advantage of the new features of ClamAV v0.70 (use the instructions from that other thread).

That fixed it

Thanks for the advice

 

[Snowman30]

One thing i have just noticed is that clamavmodule wont update.

Ive tried on 3 different servers and all report an error with Inline::C

 

[fikse]

after upgrading mailscanner, will the uninstaller still work that came with the original setup from layer1.cpanel.net?

 

[chirpy]

Yes, the uninstall will still work.

 

[fikse]

chirpy, thanks for the great how-to.... worked perfectly....

 

[Dreamer]

There's new version of MS. Installed it few days ago and worked fine since..

 

[icanectc]

I ran the test on it and got this output
Apr 30 22:09:26 server1 MailScanner[23435]: MailScanner E-Mail Virus Scanner version 4.29.7 starting...
Apr 30 22:09:26 server1 MailScanner[23435]: MailScanner E-Mail Virus Scanner version 4.29.7 starting...
Apr 30 22:09:26 server1 MailScanner[23435]: MailScanner E-Mail Virus Scanner version 4.29.7 starting...
Apr 30 22:09:26 server1 MailScanner[23435]: Could not read Custom Functions directory /opt/MailScanner/lib/MailScanner/CustomFunctions
Apr 30 22:09:26 server1 MailScanner[23435]: Could not read Custom Functions directory /opt/MailScanner/lib/MailScanner/CustomFunctions
Apr 30 22:09:26 server1 MailScanner[23435]: Could not read Custom Functions directory /opt/MailScanner/lib/MailScanner/CustomFunctions
Apr 30 22:09:26 server1 MailScanner[23435]: Could not read file /opt/MailScanner/var/MailScanner.pid
Apr 30 22:09:26 server1 MailScanner[23435]: Could not read file /opt/MailScanner/var/MailScanner.pid
Apr 30 22:09:26 server1 MailScanner[23435]: Could not read file /opt/MailScanner/var/MailScanner.pid
Apr 30 22:09:26 server1 MailScanner[23435]: Error in line 118, file "/opt/MailScanner/var/MailScanner.pid" for pidfile does not exist (or can not be read)
Apr 30 22:09:26 server1 MailScanner[23435]: Error in line 118, file "/opt/MailScanner/var/MailScanner.pid" for pidfile does not exist (or can not be read)
Apr 30 22:09:26 server1 MailScanner[23435]: Error in line 118, file "/opt/MailScanner/var/MailScanner.pid" for pidfile does not exist (or can not be read)


Is this normal?

 

[chirpy]

No, it's not - looks like you missed one or two steps. Try running the following then stop and restart MailScanner:

perl -pi -e "s/\/opt\/MailScanner/\/usr\/mailscanner/g"  /usr/mailscanner/bin/check_mailscanner
perl -pi -e "s/\/opt\/MailScanner/\/usr\/mailscanner/g"  /usr/mailscanner/bin/MailScanner
perl -pi -e "s/\/opt\/MailScanner/\/usr\/mailscanner/g"  /usr/mailscanner/lib/MailScanner/SystemDefs.pm
perl -pi -e "s/\/opt\/MailScanner/\/usr\/mailscanner/g"  /usr/mailscanner/lib/MailScanner/ConfigDefs.pl
perl -pi -e "s/\/opt\/MailScanner/\/usr\/mailscanner/g"  /usr/mailscanner/etc/virus.scanners.conf
perl -pi -e "s/\/opt\/MailScanner/\/usr\/mailscanner/g"  /usr/mailscanner/etc/MailScanner.conf
perl -pi -e "s/\/opt\/MailScanner/\/usr\/mailscanner/g"  /usr/mailscanner/lib/*
perl -pi -e "s/\/opt\/MailScanner/\/usr\/mailscanner/g"  /usr/mailscanner/lib/MailScanner/*
perl -pi -e "s/\/opt\/MailScanner/\/usr\/mailscanner/g"  /usr/mailscanner/bin/update_virus_scanners

 

[icanectc]

Thanks that seemed to fix the mass errors however now I get this

File containing list of incoming queue dirs (/var/spool/mqueue.in) does not exist


anyway to fix this? I notice the mail gets sent but never gets received... would this be the cause?

 

[icanectc]

I got that mqueue.in fixed and all seems to be working okay..

Except no one on the server can receive mail or send any out.

The message clears the mailserver (as if it were to send). But goes no where fast.

looking in the logs I find this.

May 2 13:36:36 server1 cpanelpop[21247]: Connection from host=65.2.198.24 to ip=66.139.77.157
May 2 13:36:36 server1 cpanelpop[21247]: Connection from host=65.2.198.24 to ip=66.139.77.157
May 2 13:36:36 server1 cpanelpop[21247]: Connection from host=65.2.198.24 to ip=66.139.77.157
May 2 13:36:36 server1 cpanelpop[21247]: Login host=65.2.198.24 ip=65.2.198.24 [email protected] [email protected]
May 2 13:36:36 server1 cpanelpop[21247]: Login host=65.2.198.24 ip=65.2.198.24 [email protected] [email protected]
May 2 13:36:36 server1 cpanelpop[21247]: Login host=65.2.198.24 ip=65.2.198.24 [email protected] [email protected]
May 2 13:36:36 server1 cpanelpop[21247]: Session Closed host=65.2.198.24 ip=65.2.198.24 user[email protected] [email protected] totalxfer=186
May 2 13:36:36 server1 cpanelpop[21247]: Session Closed host=65.2.198.24 ip=65.2.198.24 user[email protected] [email protected] totalxfer=186
May 2 13:36:36 server1 cpanelpop[21247]: Session Closed host=65.2.198.24 ip=65.2.198.24 user[email protected] [email protected] totalxfer=186
May 2 13:36:56 server1 cpanelpop[21251]: Connection from host=adsl-068-209-101-132.sip.mia.bellsouth.net to ip=66.139.77.157
May 2 13:36:56 server1 cpanelpop[21251]: Connection from host=adsl-068-209-101-132.sip.mia.bellsouth.net to ip=66.139.77.157
May 2 13:36:56 server1 cpanelpop[21251]: Connection from host=adsl-068-209-101-132.sip.mia.bellsouth.net to ip=66.139.77.157
May 2 13:36:56 server1 cpanelpop[21251]: Login host=adsl-068-209-101-132.sip.mia.bellsouth.net ip=68.209.101.132 [email protected] [email protected]
May 2 13:36:56 server1 cpanelpop[21251]: Login host=adsl-068-209-101-132.sip.mia.bellsouth.net ip=68.209.101.132 [email protected] [email protected]
May 2 13:36:56 server1 cpanelpop[21251]: Login host=adsl-068-209-101-132.sip.mia.bellsouth.net ip=68.209.101.132 [email protected] [email protected]
May 2 13:36:56 server1 cpanelpop[21251]: Session Closed host=adsl-068-209-101-132.sip.mia.bellsouth.net ip=68.209.101.132 user[email protected] [email protected] totalxfer=187
May 2 13:36:56 server1 cpanelpop[21251]: Session Closed host=adsl-068-209-101-132.sip.mia.bellsouth.net ip=68.209.101.132 user[email protected] [email protected] totalxfer=187
May 2 13:36:56 server1 cpanelpop[21251]: Session Closed host=adsl-068-209-101-132.sip.mia.bellsouth.net ip=68.209.101.132 [email protected] realuser=p

I dont notice any email checks at all.. The Moment i uninstall Mailscanner all mail flows again..

What am I doing wrong? There just appears to be no errors.

 

[perlchild]

Originally posted by icanectc
Thanks that seemed to fix the mass errors however now I get this

File containing list of incoming queue dirs (/var/spool/mqueue.in) does not exist


anyway to fix this? I notice the mail gets sent but never gets received... would this be the cause?

You might want to check /etc/sysconfig/MailScanner and set the MTA variable to exim, among other things

 

[icanectc]

under /etc/sysconfig there is no mailscanner period in their.

 

[chirpy]

I would suggest that you back out and run:

/scripts/exim4

The reinstall the layer1 MailScanner, then try the upgrade again.

 

[icanectc]

I got this working and it works great. I do have 1 question what file must we edit to change the return email text? Is there a way to modify the return text on an email that mailscanner deliverys? It says a lot of stuff about the HELPDESK but I would like to be able to direct them to us directly instead of them guessing who to contact. What file must I edit??

 

[chirpy]

You need to edit the email templates in:
/usr/mailscanner/etc/reports/en/