A tutorial for installing spamassassin and clam (av)

The fact is, by doing that, I have installed two differents SHA1 version (I don(I didn’t know how uninstall a perl module, only delete the pm files ?)

Yes, I’d assume deleting all the relavent .pm files and module directories would do the trick pascal.

Chris

spamassassin -clamav installation and integrating with iworx CP

Dear friends,
We have our dedicated server in sago networks.We have installed interworx CP1.7.1.It is working fine.We are getting lots of spam mails and viruses in our client side.And also lots of double bounce[spams] are forwarded to the nodeworx admin ID.

I downloaded source rpms of pamassassin,clamav,qmail-scanner,tnef,maildrop package provided by iworx from
http://updates.interworx.info/iworx/SRPMS/experimental/
and compiled and built rpm binaries for spamassassin,clamav and tnef and installed them.

as

#cd /usr/src/redhat/RPMS/i386/

#wget http://updates.interworx.info/iworx/SRPMS/experimental/SpamAssassin-2.63-100.iworx.src.rpm

#rpm -i SpamAssassin-2.63-100.iworx.src.rpm

#rpmbuild -bb spamassassin.spec

#wget http://updates.interworx.info/iworx/SRPMS/experimental/clamav-0.74-100.iworx.src.rpm

#rpm -i /usr/src/redhat/RPMS/i386/clamav-0.74-100.iworx.src.rpm

#rpmbuild -bb clamav.spec

#wget http://updates.interworx.info/iworx/SRPMS/experimental/qmail-scanner-1.22-100.iworx.src.rpm

#wget http://updates.interworx.info/iworx/SRPMS/experimental/tnef-1.2.3.1-100.iworx.src.rpm

#wget http://updates.interworx.info/iworx/SRPMS/experimental/maildrop-1.6.3-100.iworx.src.rpm

#rpm -i qmail-scanner-1.22-100.iworx.src.rpm

#rpm -i maildrop-1.6.3-100.iworx.src.rpm

#rpm -i tnef-1.2.3.1-100.iworx.src.rpm

#rpmbuild ?bb tnef.spec

#rpm -i clamav-0.74-100.iworx.i386.rpm

#rpm -i clamav-devel-0.74-100.iworx.i386.rpm

#rpm -i SpamAssassin-2.63-100.iworx.i386.rpm

#rpm -i perl-Mail-SpamAssassin-2.63-100.iworx.i386.rpm

#rpm -i SpamAssassin-2.63-100.iworx.i386.rpm

#rpm -i tnef-1.2.3.1-100.iworx.i386.rpm

But, the build process for maildrop and qmail-scanner failed as:

rpmbuild -bb maildrop.spec

error: Failed build dependencies:
vpopmail >= 5.3.8 is needed by maildrop-1.6.3-100.iworx
courier-imap is needed by maildrop-1.6.3-100.iworx

rpmbuild -bb qmail-scanner.spec

error: Failed build dependencies:
qmail is needed by qmail-scanner-1.22-100.iworx

These are the iworx packages that are available.
[root@server1 SPECS]# rpm -qa |grep iworx
proftpd-1.2.8p-1.iworx
qmail-pop3d-toaster-1.03-1.iworx
ucspi-tcp-toaster-doc-0.88-1.iworx
interworx-nodeworx-1.7.1-1.iworx
djbdns-1.05-1.iworx
clamav-0.74-100.iworx
SpamAssassin-2.63-100.iworx
webalizer-2.01_10-1.iworx
daemontools-toaster-doc-0.76-1.iworx
interworx-siteworx-1.7.1-1.iworx
daemontools-toaster-0.76-1.iworx
mod_watch-4.3-1.iworx
vpopmail-toaster-doc-5.4.0-1.iworx
interworx-1.7.1-1.iworx
perl-Mail-SpamAssassin-2.63-100.iworx
httpd-devel-2.0.40-21.5.iworx
ucspi-tcp-toaster-0.88-1.iworx
qmail-toaster-doc-1.03-1.iworx
tnef-1.2.3.1-100.iworx
SpamAssassin-tools-2.63-100.iworx
qmail-toaster-1.03-1.iworx
httpd-manual-2.0.40-21.5.iworx
vpopmail-toaster-5.4.0-1.iworx
courier-imap-toaster-doc-2.1.2-1.iworx
courier-imap-toaster-2.1.2-1.iworx
clamav-devel-0.74-100.iworx

And I upgraded mysql from 3.1 to 4.1.17:
MySQL-client-4.1.7-0
MySQL-shared-4.0.20-0
MySQL-server-4.1.7-0

The problem that I could not install maildrop and qmail-scanner is because of all packages are iworx toaster packages instead of ordinary iworx packages.Please suggest a solution to install and configure maildrop and qmailscanner and make to work with TOASTER IWORX packages[My thinking may be wrong].
If this process wont work please suggest good alternatives to avoid spam and scan virus using clam scan.
I posted a ticket and the interworx staff asked to upgrade iworx CP to 1.8.1. I dont want to experiment and get hindered.We are using redhat 9.

thank you,
Ignacius

you may need to use the FORCE option (-f) to override the dependancies. As I understand it qmail-toaster is a variation of qmaail and should work the same.

Since you’re dealing with qmail and that’s his specialty I’ll let Chris handle ot of it doesn’t work :wink:

There’s nothing to fear about the upgrade, just use the script they give you to go from 1.7.1 to 1.8.0 and then do a yum update to go to 1.8.1. It was very painless for me and I’m by no means a Linux guru. The script leads you right through it, and as I recall i didn’t have to do anything but type two lines of code:

wget http://updates.interworx.info/iworx/scripts/171to180.sh
sh 171to180.sh or ./171to180.sh

and let it do it’s work.

Tim

relative links below:

http://interworx.info/forums/showthread.php?t=268

http://interworx.info/forums/showthread.php?t=166

http://updates.interworx.info/iworx/scripts/171to180.txt

mysqld is not starting [error]

Dear friend,

I did as per:
http://interworx.info/iworx-cp/support/docs/install/script.php
http://updates.interworx.info/iworx/RPMS/
http://updates.interworx.info/iworx/scripts/iworx-cp-install.sh

Now the packages have been upgraded properly:
the list of packages is:
yum-conf-1.0-101.iworx
daemontools-0.76-100.iworx
apr-devel-0.9.4-100.iworx
ucspi-tcp-0.88-100.iworx
rrdtool-1.0.48-100.iworx
php-iworx-4.3.9-2.iworx
libmcrypt-2.5.7-100.iworx
webalizer-2.01_10-100.iworx
mod_ssl-2.0.51-101.iworx
libmcrypt-devel-2.5.7-100.iworx
httpd-devel-2.0.51-101.iworx
qmail-pop3d-1.03-101.iworx
interworx-nodeworx-1.8.1-1.iworx
perl-Mail-SpamAssassin-2.63-100.iworx
djbdns-1.05-100.iworx
mysql-client-4.0.21-104.iworx
apr-util-0.9.4-100.iworx
mysql-server-4.0.21-104.iworx
vpopmail-5.4.0-100.iworx
httpd-2.0.51-101.iworx
curl-devel-7.12.1-100.iworx
mysql-shared-4.0.21-104.iworx
tnef-1.2.3.1-100.iworx
SpamAssassin-tools-2.63-100.iworx
mod_watch-4.3-100.iworx
apr-util-devel-0.9.4-100.iworx
proftpd-1.2.10-100.iworx
courier-imap-2.1.2-100.iworx
php-4.3.9-101.iworx
analog-5.32-100.iworx
httpd-iworx-2.0.51-1.iworx
interworx-1.8.1-1.iworx
mysql-devel-4.0.21-104.iworx
interworx-siteworx-1.8.1-1.iworx
httpd-manual-2.0.51-101.iworx
php-mysql-4.3.9-101.iworx
ucspi-tcp-doc-0.88-100.iworx
qmail-doc-1.03-101.iworx
courier-imap-doc-2.1.2-100.iworx
php-imap-4.3.9-101.iworx
qmail-1.03-101.iworx
apr-0.9.4-100.iworx
yum-headers-1.0-100.iworx
curl-7.12.1-100.iworx
perl-Compress-Zlib-1.33-101.iworx
perl-Archive-Zip-1.13-101.iworx
awstats-6.1-101.iworx
mysql-iworx-4.0.21-3.iworx
daemontools-doc-0.76-100.iworx
vpopmail-doc-5.4.0-100.iworx
php-pear-4.3.9-101.iworx
rrdtool-devel-1.0.48-100.iworx

The sites created through siteworx account are available …
But, those that were mapped a DNS record were not available…
I wanted to run localhost mysqld daemon.I get :

/etc/init.d/mysqld start

It shows OK
But,Output of /etc/init.d/mysqld status:-
mysqld dead but subsys locked

Now,I am unable to connect to mysql databases in localhost.But, the databases are as such in /var/lib/mysql DIRECTORY…
When i did:
cat /var/log/mysqld.log
it shows
050105 02:15:09 mysqld started
050105 2:15:09 Fatal error: Can’t open privilege tables: File ‘/usr/share/mysql
/charsets/?.conf’ not found (Errcode: 2)
050105 2:15:09 Aborting

How do I make the mysqld service in /etc/init.d/mysqld work properly?

thank you,
Ignacius

Everything is working fine - with solution[one doubt]

Dear friend,
Everything works perfectly now:
1] I edited the /etc/httpd/conf/httpd.conf file and enters the virtualhost,and other left out settings from the /etc/httpd/conf/httpd.conf.bak [previous apache’s config file]
#/etc/init.d/httpd restart
Now, the sites that were directly mapped to IP [only DNS record and no site worx account] are working.

2]I downloaded mysql-4.1.17 source RPM from experimental section of iworx packages and installed it and ran:
#cd /usr/src/redhat/SPECS
#rpmbuild -bb mysql.spec

And I installed[rpm -U] all the created rpms except mysql-max

Now the mysqld is working perfectly.

========================================================
I have a doubt:
[root@server1 conf]# rpm -qa | grep mysql
mysql-server-4.1.7-100.iworx
mysql-shared-4.0.21-104.iworx
mysql-bench-4.1.7-100.iworx
mysql-devel-4.1.7-100.iworx
php-mysql-4.3.9-101.iworx
mysql-iworx-4.0.21-3.iworx
mysql-client-4.1.7-100.iworx

When I try to install /usr/src/redhat/RPMS/i386/mysql-shared-4.1.7-100.iworx.i386.rpm, i get:

[root@server1 i386]# rpm -U mysql-shared-4.1.7-100.iworx.i386.rpm
error: Failed dependencies:
libmysqlclient.so.12 is needed by (installed) php-iworx-4.3.9-2.iworx
libmysqlclient.so.12 is needed by (installed) proftpd-1.2.10-100.iworx
libmysqlclient.so.12 is needed by (installed) php-mysql-4.3.9-101.iworx

Should I leave it as such or I have to install it any way. If so, How to?

thank you,
Ignacius

Hello,

for me you should have it in
/usr/lib/libmysqlclient.so.12

Did you tried to install the mysql-shared-4.0.21-104.iworx (current version in interworx-cp 1.8.1) rather than the experimental one ?

For me your pbm is like a dependency pbm. I recommand you to install all the “normal” rpm delivers with a 1.8.1 interworx-cp release.

mysql-server-4.0.21-104.iworx
mysql-shared-4.0.21-104.iworx
mysql-client-4.0.21-104.iworx
mysql-iworx-4.0.21-3.iworx
php-mysql-4.3.9-101.iworx
mysql-devel-4.0.21-104.iworx

But if you absolutly need last rpms, I think that the MySQL-shared-compat rpm may help you.

About spamassassin and clamav I have them running on my interworx box.
In the experimental interworx acrhves it is not the last version of spamassassin (the last one is 3.x)

If you need help to install them (but from the tar.gz not the .rpm) I may help you

Pascal

give the procedure for tar based installation - I will try to modify files from rpms

Dear pascal,
You please give the procedure that you followed to install spamasssassin,clamav and qmail-scanner fron source. I will try to replicate the same procedure using the rpms provided by iworx.
If it doesnt work, lI will do that by installing all these from source.

thank you,
Ignacius

Hello,

I understand that you find it’s better to use rpm rather than .tar as it allow you to easily uninstall pgms, whitout thinking about dependancies.

The only problem you will have is that the spamassasin, clamav, … have not the same version. My tuto is for a spamassassin 3 and not 2.x

anyway, here is my tuto in zipped html format (see the attachment)

Personnaly I update the tcpserver wrapper rather than the /etc/rc.d/init.d/smtp file to change the qmail queue to the qmail-scanner queue. Also I update the /service/smtp/run file to increase softlimit

Do not hesitate if you have any pbm

Pascal

I have uninstalled all iworx experimental rpms …

Dear friend,
I am going to install as per your tutorial…

thank you,
Ignacius

help needed in setting up the last step- sending mails through qmail-scanner

Dear pascal,
I installed pyrazor instead of razor and did the necessary changes in spamassassin config file.
Everything has been setup.
I have completed till:
edit the file /service/smtp/run : vi /service/smtp/run and change to 15000000

Begining of the file here …< >

exec /usr/bin/softlimit -m 15000000
/usr/bin/tcpserver -v -R -S -p -x $TCP_CDB -c “$MAXSMTPD”
-u “$QMAILDUID” -g “$NOFILESGID” 0 smtp
$RBLSMTPD $BLACKLIST $SMTPD $HOSTNAME $VCHKPW /bin/true 2>&1

The rest of the file … < >

Now define what mail is to be sent through the Qmail-Scanner.

I could’nt understand:
if you don’t want to virusscan all mail, you can selectively nominate which IP ranges should or shouldn’t be checked by setting the QMAILQUEUE variable via your /etc/tcprules.d/tcp.smtp file rather than inside the supervise/smtp/run file. Refer to the Qmail-Scanner home page for setup examples.

I personnaly update the tcpserver wrapper rather than the /etc/rc.d/init.d/smtp file

Edit  /etc/tcprules.d/tcp.smtp : vi /etc/tcprules.d/tcp.smtp

127.:allow,RELAYCLIENT=""
192.168.0.:allow,RELAYCLIENT="",RBLSMTPD="";QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl"
213.30.139:allow,RELAYCLIENT="",QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl"
:allow,QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl"

The adress 127 absolutly need to be present 127.
The parameter RBLSMTPD="" put SpamAssassin OFF et QMAILQUEUE gives the qmail queue to use (here the qmail-scanner queue)

Then you have to rebuild the database

# tcprules /etc/tcprules.d/smtp.cdb /etc/tcprules.d/tcp.smtp.tmp &lt; /etc/tcprules.d/tcp.smtp

Please help how to setup the last step in detail

thank you
ignacius

lol no pbm

just do this :

vi /service/smtp/run

and change to 15000000

you should have something like this

exec /usr/bin/softlimit -m 15000000
/usr/bin/tcpserver -v -R -S -p -x $TCP_CDB -c “$MAXSMTPD”
-u “$QMAILDUID” -g “$NOFILESGID” 0 smtp
$RBLSMTPD $BLACKLIST $SMTPD $HOSTNAME $VCHKPW /bin/true 2>&1

then you have to tell to qmail that you want your emails must be checked with spamassassin

to do this there could have few methods, but I did this one.
So just edit your vi /etc/tcprules.d/tcp.smtp

vi /etc/tcprules.d/tcp.smtp

then add the qmail-scanner queue rather than the qmail one. Like this all mails will be checked with spamassassin

So just add these lines

127.:allow,RELAYCLIENT=""
:allow,QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl"

For your information :

  • The adress 127 absolutly need to be present 127.
  • The parameter RBLSMTPD="" put SpamAssassin OFF et QMAILQUEUE gives the qmail queue to use (here the qmail-scanner queue)

After this, you have to rebuild your tcp wrapper rules.

so just do

tcprules /etc/tcprules.d/smtp.cdb /etc/tcprules.d/tcp.smtp.tmp < /etc/tcprules.d/tcp.smtp

that’s it

But normally a new release of interworx-cp should be done this month with this feature enable (spamassassin). It should be better than this solution as I think they’ll use withelist management in a database. So maybe it’d be better to wait just few days.

Pascal

completed spamassassin -clamav based scanning - thank you

Dear pascal,
As per the tutorial and your instructions I have completed the installation and setup properly.
Thank you very much.[If any problem means I will reply in this same thread]

thank you,
Ignacius

upgradation to iworx 2.0.3 with the above setup

Dear pascal,
I am about to upgrade iworx packages. I manually setup clamav,pyrazor,dcc,spamassassin,qmail-scanner in iworx 1.8[as per previous messages posted by me in this thread].
Is it ok to upgrade as such through yum-update?

This is the output of my yum update:

[root@qxsys root]# yum update
Gathering header information file(s) from server(s)
Server: Red Hat Linux 9 - Base
Server: Red Hat Linux 9 - Fedora Legacy - Updates
Server: InterWorx-CP - Generic
Server: InterWorx-CP - Red Linux 9
Server: Red Hat Linux 9 - Updates
Finding updated packages
Downloading needed headers
Resolving dependencies
…Unable to satisfy dependencies
Package spamassassin-tools needs perl-Mail-SpamAssassin = 3.0.2-1, this is not available.
[root@qxsys root]# rpm -qa | grep ssass
spamassassin-tools-3.0.2-1
spamassassin-3.0.2-1
perl-Mail-SpamAssassin-3.0.2-1

What might be the problem?

thank you,
N.Nallu Ignacius

Te best way in this case is to open a support ticket :slight_smile:

A simple doubt

Dear pascal,
I reverted things back to the previous state[before spam/clam av scanning].

Contents removed to remove pyzor:
/usr/bin/pyzor
/usr/bin/pyzord
/usr/lib/python2.2/site-packages/pyzor
/usr/lib/python2.2/site-packages/pyzor/init.py
/usr/lib/python2.2/site-packages/pyzor/client.py
/usr/lib/python2.2/site-packages/pyzor/server.py
/usr/lib/python2.2/site-packages/pyzor/init.pyc
/usr/lib/python2.2/site-packages/pyzor/client.pyc
/usr/lib/python2.2/site-packages/pyzor/server.pyc
/usr/share/doc/pyzor
/usr/share/doc/pyzor/usage.html

Except this I had created rpms using checkinstall.
Contents removed to remove dcc:
rpm -e dcc-dccproc-1.2.66-1

Contents removed to remove spamassasin:
rpm -e perl-Mail-SpamAssassin-3.0.2-1
rpm -e spamassassin-3.0.2-1
rpm -e spamassassin-tools-3.0.2-1
userdel spamd
groupdel spamd
rm -R -f /home/spamd
rm /etc/sysconfig/spamassassin
chkconfig --del spamd
rm /etc/rc.d/init.d/spamd

Contents removed to remove clamav:
userdel clamav
groupdel clamav
rm -R -f /home/clamav
chkconfig --del clamd
rm /etc/rc.d/init.d/clamd

Removed the cron entry for : 0 * * * * /usr/local/bin/freshclam --quiet -l /var/log/clam-update.log

Contents removed to remove qmail scanner:
rpm -e maildrop-1.7.0-1.i386.rpm
rpm -e tnef-1.2.3.1-1.i386.rpm
userdel qscand
groupdel qscand
rm -R -f /home/qscand
rm /var/spool/qmailscan/qmail-scanner-queue-version.txt
rm /var/qmail/bin/qmail-scanner-queue.pl

Removed the cron entry for : 0 0 * * * /var/qmail/bin/qmail-scanner-queue.pl -z

edited /service/smtp/run and removed the line:QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl" export QMAILQUEUE

edited /etc/tcprules.d/tcp.smtp and changed to
127.:allow,RELAYCLIENT=""
:allow

tcprules /etc/tcprules.d/tcp.smtp.cdb /etc/tcprules.d/tcp.smtp.tmp < /etc/tcprules.d/tcp.smtp

edited /etc/init.d/smtp and removed the lines :
export QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl"
/etc/rc.d/init.d/spamd start
/etc/rc.d/init.d/clamd start

After this I ran yum update from console. Now, I have upgraded to iworx2.0.3 and all service are working fine.

Now, I have a simple doubt : Is the folder /var/spool/qmailscan used by interworx qmail scanner;
For your reference, the directory content is:
[root@XYZ qmailscan]# ls -la
total 428
drwxrwx— 5 552 547 4096 Jun 13 06:21 .
drwxr-xr-x 13 root root 4096 Jan 10 05:24 …
-rw------- 1 552 root 21 Jun 13 00:00 qmail-scanner-queue-version.txt
drwxrwx— 5 552 547 4096 Jan 10 05:24 quarantine
-rw-r----- 1 552 nofiles 12288 Jan 21 03:50 quarantine-attachments.db
-rw-rw---- 1 552 547 4390 Jan 21 01:48 quarantine-attachments.txt
-rw-rw---- 1 552 547 385989 Jun 13 06:12 quarantine.log
drwx------ 3 552 root 4096 Jun 13 06:35 tmp
lrwxrwxrwx 1 552 547 31 Jan 10 05:24 viruses -> /var/spool/qmailscan/quarantine
lrwxrwxrwx 1 552 547 35 Jan 10 05:24 viruses.log -> /var/spool/qmailscan/quarantine.log
drwxrwx— 5 552 547 4096 Jan 10 05:24 working

Is it safe to remove the directory /var/spool/qmailscan. The timestamp values show that the folders and their content have not changed after the upgradation.

bye,
N.Nallu Ignacius

Everything seems to be good

You could let Pyzor and Dcc as they are not in the Iworx Spamassassin install, anyway.

Pascal