MailScanner 內容誤判

myspam上線之後,發生了一個很特殊的狀況,我們某個客人寄來的信,都會判斷有問題,信件的內容被MailScanner給擋了下來,原本以為是附件格式的關係(純文字 or RTF-HTML),要不然就是UTF8被檔成了Big5、歐洲編碼的關係,結果不是,是因為內容誤判。打開MailScanner加上去的付件之後,才發現,原來是內容有問題,請看藍色字部份。

This is a message from the MailScanner E-Mail Virus Protection Service
———————————————————————-
The original e-mail attachment “msg-13172-87.txt”
is on the list of unacceptable attachments for this site and has been
replaced by this warning message.

If you wish to receive a copy of the original attachment, please
e-mail helpdesk and include the whole of this message
in your request. Alternatively, you can call them, with
the contents of this message to hand when you call.

At Tue Mar 9 17:56:01 2010 the virus scanner said:
MailScanner: No programs allowed (msg-13172-87.txt)

Note to Help Desk: Look on the Everenergy () MailScanner in /var/spool/MailScanner/quarantine/20100309 (message 1E5881DE80A8.29D84).

Postmaster

For all your IT requirements visit: http://www.transtec.co.uk

Read more

maillog中出現calmav無法更新的訊息

在整合完postfix+MailScanner+Clam AV+F-prot+openwebmal+procmail+My Spam之後,在觀察maillog之後,會看到下面這些訊息。
重點在於一行 ClamAV updater /usr/local/bin/freshclam cannot be run
怎麼回事,用MailScanner帶起Clam AV之後卻無法順利的更新病毒資料庫
其實這個問題之前就有發生了,只是我把freshclam的指令寫在cron table中
Read more

My Spam “procmail: Skipped “|/usr/bin/php -Cq /var/www/html/myspam/web/index.php save_spam” 問題處理

終於做到Myspam和MailScanner的整合段,MailScanner把郵件丟給Spamassaissn中去判斷垃圾信之後,丟給prcmail,procmail再依據規則丟給Myspam來處理。

可是我在看procmail.log的時候,出現了一行訊息
procmail: Skipped “|/usr/bin/php -Cq /var/www/html/myspam/web/index.php save_spam”
意思是說,跳過傳給Myspam的處理程式,要怎麼解呢?

網友Tommy說是指令打錯了,我的指令完全完抄官方文件的,怎麼可能會打錯,所以Tommy的說法是有問題的。Tommy自己寫的MySpam安裝的內容和安裝手策上一樣。

查了一下酷學園的資料,原作者twu2學長有說,可能是selinux造成的,去查了一下httpd的error log
[Tue Mar 02 19:42:05 2010] [notice] caught SIGTERM, shutting down
[Tue Mar 02 19:42:29 2010] [notice] SELinux policy enabled; httpd running as context root:system_r:httpd_t:s0
[Tue Mar 02 19:42:29 2010] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Tue Mar 02 19:42:53 2010] [notice] Digest: generating secret for digest authentication …
[Tue Mar 02 19:42:53 2010] [notice] Digest: done
[Tue Mar 02 19:42:53 2010] [notice] mod_python: Creating 4 session mutexes based on 128 max processes and 0 max threads.
[Tue Mar 02 19:42:53 2010] [error] [client 60.251.247.2] Directory index forbidden by Options directive: /var/www/html/
[Tue Mar 02 19:42:53 2010] [notice] Apache/2.2.3 (CentOS) configured — resuming normal operations
[Wed Mar 03 01:55:37 2010] [error] [client 124.115.6.16] File does not exist: /var/www/mail/robots.txt
[Wed Mar 03 07:58:07 2010] [error] [client 124.115.6.16] File does not exist: /var/www/mail/robots.txt
果不其然,真的是selinux造成的,一般來說,我灌server,我都會把selinux關閉,不知道這次為什麼用DVD安裝的時候,沒有選項給我選。

好唄,關掉selinux吧!
vi /etc/selinux/config

SELINUX=enforcing===>SELINUX=disable

存檔 離開

修改 /etc/procmailrc

改一下規則,promailrc規則寫法不太一樣
官方的寫法是
:0
* ^X-Spam-Status: Yes{
:0: * ! ^X-MySPAM: YES
|/usr/bin/php -Cq /var/www/html/myspam/web/index.php save_spam
}

訊息是說
procmail: Skipped “|/usr/bin/php -Cq /var/www/html/myspam/web/index.php save_spam”
procmail: Closing brace unexpected
我在猜是因為{放在YES的後面照成的
去看了procmail的官法網頁
所以做了上面的規則改寫
LOGFILE=/var/log/procmail.log
MAILDIR=/var/mail

:0
* ^X-Spam-Status: Yes
{
:0
* ! ^X-MySPAM: YES
|/usr/bin/php -Cq /website/jlspam/web/index.php save_spam
}

:0 B
* ^X-Spam-Status: Yes
{
:0b
* ^X-MySPAM: YES
$DEFAULT
}

:0b
* ^X-Spam-Flag: YES
$DEFAULT

:0
* ^X-MySPAM: YES
$DEFAULT

重新開機….因為selinux改動了很多東西的設定
重開機會正常一點

==>再來玩MySpam吧!

PS.要一起看4個LOG真累(/var/log/maillog, /var/log/procmail/procmail.log,/var/log/httpd/access_log,/var/log/httpd/error_log)

2010-03-03_141404.jpg