Copfilter 2.1.92beta6 for IPCop 2.1.7 released

This forum is for all copfilter version 2 support related questions in English. (IPCop version 2)

Re: Copfilter 2.1.92beta6 for IPCop 2.1.7 released

Postby lhoedl » 04 Dec 2014 12:29

Hi,

i tried to debug p3scan and got this log:

/var/log/copfilter/default/opt/p3scan/etc/init.d/copfilter_p3scan debug >> /tmp/p3scandebug 2>&1
Code: Select all
POP3 Traffic-Scan aktiviert auf GREEN: lan-1

p3scan abgebrochen Done
Starte p3scan im Debug-Modus
POP3 Traffic-Scan aktiviert auf GREEN: lan-1
Iptables Firewall-Regeln aktiv:
Table: nat    Chain: PREROUTING         0        0 REDIRECT   tcp  --  lan-1  *       0.0.0.0/0            0.0.0.0/0            tcp dpt:110 redir ports 8110
09:04:13 p3scan[32396]: P3Scan Version 2.3.2
09:04:13 p3scan[32396]: Selected scannertype: bash (Bash file invocation scanner)
09:04:13 p3scan[32396]: Listen now on 0.0.0.0:8110
/bin/chown: invalid group: ‘spam:spam’
09:04:13 p3scan[32396]: Changing uid (we are root)
09:04:13 p3scan[32396]: Running as user: spam
09:04:13 p3scan[32396]: RX compiled succesfully
09:04:13 p3scan[32396]: p3scan.conf:
09:04:13 p3scan[32396]: pidfile: /var/log/copfilter/default/opt/p3scan/var/run/p3scan.pid
09:04:13 p3scan[32396]: maxchilds: 10
09:04:13 p3scan[32396]: ip: Any
09:04:13 p3scan[32396]: port: 8110
09:04:13 p3scan[32396]: targetip/port disabled
09:04:13 p3scan[32396]: user: spam
09:04:13 p3scan[32396]: notifydir: /var/log/copfilter/default/opt/p3scan/tmp
09:04:13 p3scan[32396]: virusdir: /var/log/copfilter/default/opt/p3scan/tmp
09:04:13 p3scan[32396]: justdelete: disabled
09:04:13 p3scan[32396]: bytesfree: 20000
09:04:13 p3scan[32396]: demime: disabled
09:04:13 p3scan[32396]: scanner: /var/log/copfilter/default/opt/tools/bin/mailscanner.sh
09:04:13 p3scan[32396]: virusregexp: (.*)Infection:[[:space:]](.*)$
09:04:13 p3scan[32396]: broken: enabled
09:04:13 p3scan[32396]: checkspam: disabled
09:04:13 p3scan[32396]: spamcheck: /var/log/copfilter/default/opt/mail-spamassassin/default/bin/spamc
09:04:13 p3scan[32396]: debug: enabled
09:04:13 p3scan[32396]: quiet: disabled
09:04:13 p3scan[32396]: template: /var/log/copfilter/default/opt/p3scan/etc/p3scan.mail
09:04:13 p3scan[32396]: subject: *** VIRUS ***
09:04:13 p3scan[32396]: notify: Per instruction, the message has been deleted.
09:04:13 p3scan[32396]: emailport: 25
09:04:13 p3scan[32396]: smtprset: Virus detected! P3scan rejected message!
09:04:13 p3scan[32396]: smtpsize: not checking.
09:04:13 p3scan[32396]: sslport: 995
09:04:13 p3scan[32396]: mail: /bin/mail
09:04:13 p3scan[32396]: timeout: 120
09:04:13 p3scan[32396]: altvnmsg: enabled
09:04:13 p3scan[32396]: useurl: disabled
09:04:13 p3scan[32396]: emergcon: root@localhost postmaster@localhost
09:04:13 p3scan[32396]: TOP processing enabled
09:04:13 p3scan[32396]: PIPELINING processing disabled
09:04:13 p3scan[32396]: STLS processing disabled
09:04:13 p3scan[32396]: Waiting for connections.....
09:28:35 p3scan[32396]: Forked, pid=1757, numprocs=1
09:28:35 p3scan[1757]: setting the virusdir to /var/log/copfilter/default/opt/p3scan/tmp/children/1757/
09:28:35 p3scan[1757]: Initialize Context
09:28:35 p3scan[1757]: starting proxy
09:28:35 p3scan[1757]: POP3S Connection from 10.10.11.162:42422
09:28:35 p3scan[1757]: Real-server address is x.x.x.x:995
09:28:35 p3scan[1757]: starting mainloop
09:28:35 p3scan[1757]: --> 
09:28:35 p3scan[1757]: --> ÀÀÀ
09:28:35 p3scan[1757]: --> ÀÀ
ÀÀ
09:28:35 p3scan[1757]: -->
09:28:35 p3scan[1757]: <-- +OK POP server ready H migmx111 0MhWlP-1YJ2pT34M6-00N2sG
09:28:35 p3scan[1757]: <-- -ERR unknown command
09:28:35 p3scan[1757]: <-- -ERR unknown command
09:28:35 p3scan[1757]: <-- -ERR unknown command
09:28:35 p3scan[1757]: <-- -ERR unknown command
09:28:35 p3scan[1757]: Closing connection (no more input from client)
09:28:35 p3scan[1757]: Session done (Clean Exit). Mails: 0 Bytes: 0
09:28:35 p3scan[1757]: do_sigterm_proxy, signal -1
09:28:35 p3scan[1757]: Uninit context
09:28:35 p3scan[1757]: context_uninit done, exiting now
09:28:35 p3scan[32396]: waitpid: child 1757 died with status 0, numprocs is now 0
09:28:35 p3scan[32396]: Erasing /var/log/copfilter/default/opt/p3scan/tmp/children/1757/ contents
09:28:35 p3scan[32396]: Removing directory /var/log/copfilter/default/opt/p3scan/tmp/children/1757/
09:33:25 p3scan[32396]: Forked, pid=1834, numprocs=1
09:33:25 p3scan[1834]: setting the virusdir to /var/log/copfilter/default/opt/p3scan/tmp/children/1834/
09:33:25 p3scan[1834]: Initialize Context
09:33:25 p3scan[1834]: starting proxy
09:33:25 p3scan[1834]: POP3S Connection from 10.10.11.182:53229
09:33:25 p3scan[1834]: Real-server address is x.x.x.x:995
09:33:25 p3scan[1834]: starting mainloop
09:33:25 p3scan[1834]: --> 
09:33:25 p3scan[1834]: --> À   ÀÀÀ(À'ÀÀÀÀÀ&À%À*À)ÀÀÀÀÀÀÀ
lhoedl
 
Posts: 12
Joined: 24 Nov 2014 12:15

Re: Copfilter 2.1.92beta6 for IPCop 2.1.7 released

Postby ShelbyGT500 » 04 Dec 2014 14:49

Hi,

Please type
Code: Select all
chown -R spam:copfilter /var/log/copfilter/default/opt/mail-spamassassin
chown -R spam:copfilter /var/log/copfilter/default/opt/p3scan

Regards.
ShelbyGT500
 
Posts: 846
Joined: 13 May 2010 22:37
Location: FRANCE

Re: Copfilter 2.1.92beta6 for IPCop 2.1.7 released

Postby lhoedl » 06 Dec 2014 15:19

Hi,

i did like you said:
lhoedl wrote:chown -R spam:copfilter /var/log/copfilter/default/opt/mail-spamassassin
chown -R spam:copfilter /var/log/copfilter/default/opt/p3scan


but it seems, there is still a problem with the group rights - isn it?

Code: Select all
POP3 Traffic-Scan aktiviert auf GREEN: lan-1

p3scan abgebrochen Done
Starte p3scan im Debug-Modus
POP3 Traffic-Scan aktiviert auf GREEN: lan-1
Iptables Firewall-Regeln aktiv:
Table: nat    Chain: PREROUTING         0        0 REDIRECT   tcp  --  lan-1  *       0.0.0.0/0            0.0.0.0/0            tcp dpt:110 redir ports 8110
14:08:52 p3scan[14463]: P3Scan Version 2.3.2
14:08:52 p3scan[14463]: Selected scannertype: bash (Bash file invocation scanner)
14:08:52 p3scan[14463]: Listen now on 0.0.0.0:8110
/bin/chown: invalid group: ‘spam:spam’
14:08:52 p3scan[14463]: Changing uid (we are root)
14:08:52 p3scan[14463]: Running as user: spam
14:08:52 p3scan[14463]: RX compiled succesfully
14:08:52 p3scan[14463]: p3scan.conf:
14:08:52 p3scan[14463]: pidfile: /var/log/copfilter/default/opt/p3scan/var/run/p3scan.pid
14:08:52 p3scan[14463]: maxchilds: 10
14:08:52 p3scan[14463]: ip: Any
14:08:52 p3scan[14463]: port: 8110
14:08:52 p3scan[14463]: targetip/port disabled
14:08:52 p3scan[14463]: user: spam
14:08:52 p3scan[14463]: notifydir: /var/log/copfilter/default/opt/p3scan/tmp
14:08:52 p3scan[14463]: virusdir: /var/log/copfilter/default/opt/p3scan/tmp
14:08:52 p3scan[14463]: justdelete: disabled
14:08:52 p3scan[14463]: bytesfree: 20000
14:08:52 p3scan[14463]: demime: disabled
14:08:52 p3scan[14463]: scanner: /var/log/copfilter/default/opt/tools/bin/mailscanner.sh
14:08:52 p3scan[14463]: virusregexp: (.*)Infection:[[:space:]](.*)$
14:08:52 p3scan[14463]: broken: enabled
14:08:52 p3scan[14463]: checkspam: disabled
14:08:52 p3scan[14463]: spamcheck: /var/log/copfilter/default/opt/mail-spamassassin/default/bin/spamc
14:08:52 p3scan[14463]: debug: enabled
14:08:52 p3scan[14463]: quiet: disabled
14:08:52 p3scan[14463]: template: /var/log/copfilter/default/opt/p3scan/etc/p3scan.mail
14:08:52 p3scan[14463]: subject: *** VIRUS ***
14:08:52 p3scan[14463]: notify: Per instruction, the message has been deleted.
14:08:52 p3scan[14463]: emailport: 25
14:08:52 p3scan[14463]: smtprset: Virus detected! P3scan rejected message!
14:08:52 p3scan[14463]: smtpsize: not checking.
14:08:52 p3scan[14463]: sslport: 995
14:08:52 p3scan[14463]: mail: /bin/mail
14:08:52 p3scan[14463]: timeout: 120
14:08:52 p3scan[14463]: altvnmsg: enabled
14:08:52 p3scan[14463]: useurl: disabled
14:08:52 p3scan[14463]: emergcon: root@localhost postmaster@localhost
14:08:52 p3scan[14463]: TOP processing enabled
14:08:52 p3scan[14463]: PIPELINING processing disabled
14:08:52 p3scan[14463]: STLS processing disabled
14:08:52 p3scan[14463]: Waiting for connections.....


any advice appreciated :)
lhoedl
 
Posts: 12
Joined: 24 Nov 2014 12:15

Re: Copfilter 2.1.92beta6 for IPCop 2.1.7 released

Postby ShelbyGT500 » 06 Dec 2014 17:14

Hi,
lhoedl wrote:but it seems, there is still a problem with the group rights - isn it?
Yes, but your probleme is not due to this issue in your log- many users have it, and it doesn't prevent P3scan to work).

I don't see what happens.
Perhaps an issue with mailscanner, copfilter_functions file or other files used for filtering. So Have a try to install Virus scanner mod (you don't need to install other virus scanner to use it, if you don't want them).
A last thing, have a try with using english lang on IPCOP.

If this is not working, the faster solution would be to uninstall and reinstall correctly copfilter.

Regards.

ShelbyGT500
ShelbyGT500
 
Posts: 846
Joined: 13 May 2010 22:37
Location: FRANCE

Re: Copfilter 2.1.92beta6 for IPCop 2.1.7 released

Postby Severus » 07 Dec 2014 00:32

Hi,

any chance you edited your mailscanner.sh or copfilter_funtions with another editor than vi?
This would have broken these files because of special characters within are not correctly handled by other editors.

regards
Severus
Severus
Site Admin
 
Posts: 457
Joined: 10 Dec 2009 07:01
Location: Nürnberg - Germany

Re: Copfilter 2.1.92beta6 for IPCop 2.1.7 released

Postby ljr0 » 28 Jan 2015 10:21

I'm doing a fresh install with this version. I don't know if I broke the previous versions, but I posted my thinks for allowing a public IP address in the Email Server IP Address (a portforwarding rule to this IP Address - not visible in IPCop Webgui - will be automatically be created) field. Now with version, I get this message: Invalid SMTP Email forward server (required if Scan incoming SMTP email on RED is turned to on). This is useless to me. I use to over come this by having a second server that acted as a proxy server on the orange and then forward the email out side but this is too cumbersome.

If this is the wave of the future, I will have to find another solution as copfilter will not work for me in this fashion. Please advise.
ljr0
 
Posts: 122
Joined: 21 Jan 2010 22:03

Re: Copfilter 2.1.92beta6 for IPCop 2.1.7 released

Postby ljr0 » 28 Jan 2015 11:02

Severus wrote:Hi,

any chance you edited your mailscanner.sh or copfilter_funtions with another editor than vi?
This would have broken these files because of special characters within are not correctly handled by other editors.

regards
Severus


No. The file I used for the mailscanner.sh was created for me. Something changed in the scanner and it no longer looks at the spamc.conf file for modifying the size which defaults to 512K. Knowing this limitation of copfilter, I was getting emails over that limit that were mostly pictures, but it was never checked against any spam filters because it was too large. This new version doesn't look at that file at all. karesmakro modified mailscanner.sh and added a size option back in 2.1.92beta4. Since it was custom, it didn't make it into this release.

I reverted back to beta4 and haven't upgraded though I'm sure we could get it working. The problem with upgrading and the upgrade messes up, is I have to retrain all of the bayesian scoring and then monitor the incoming emails and spam traps which takes weeks sometimes. During this time, I get several calls complaining about spam they never had before. It's just so frustrating.

I should mention that I am not using this for a single company domain. I am running about 30 mail domains. Copfilter was the best option I could find even though one domain is for cross dressers and another is for import export freight forwarding. So you can easily see that one domain has email that wants email that would normally get marked high on normal spam filters and the freight folks get tons of foreign email which is almost always blocked by someone's service.

If I could have my cake and eat it too, I'd love to have a service like copfilter, but manage whitelists on a per user basis, with a feature that would allow them to see what's stuck in the spam trap (not possible with copfilter since the server trapping the spam is not the server that's handling the email [thus it is a proxy server]). I would also like to manage scoring either by domain or possibly by user. I thought it'd be too much overhead for a text database (even though I'm sure it's hashed(??) or indexed in memory, so I was thinking I might be able to figure out a way to integrate posgtresql as spamassassin has features that let you specify where to store the data. But I failed at getting anywhere with this project.

I was looking at ASSP, but it requires a lot of experience to get that one up. It appears to have some of the options that I'd like (i.e. database backend) but the dev's description for installation is "just accept the defaults" so not much for customizing and there's little or no documentation. I would have tried to implement it, but the killer for me was routing all email through ASSP in order to build the whitelist which I think is just plain dangerous. I've had accounts hacked a couple of times and they started sending tons of email to addresses everywhere that would not be whitelisted normally. But again, one user's whitelist is not another user's whitelist and I don't want some of those addresses on my whitelist especially when they email themselves.

I apologize for my rant. I've been working on options since I discovered that IPCOP's VPN will not talk between some versions and now I'm forced to upgrade. It's been a week in searching for opitons trying to avoid the 1 to 2 weeks of upgrade, break, downgrade, troubleshoot, upgrade to see it's still broke, down grade and then have to retrain and monitor all the while fielding complaints and NOT getting paid for any of it.

--- End of rant.
ljr0
 
Posts: 122
Joined: 21 Jan 2010 22:03

Re: Copfilter 2.1.92beta6 for IPCop 2.1.7 released

Postby ShelbyGT500 » 28 Jan 2015 14:49

Hi ljr0,

You want to do many things with Copfilter ! :D

I think you need a dedicated solution and dedicated server for antispam.

Have a look and a try with this: http://sourceforge.net/projects/osmailcleaner/

mailcleaner is an anti-spam / anti-virus filter SMTP gateway with user and admin web interfaces, quarantine, multi-domains, multi-templates, multi-languages. Using Bayes, RBLs, Spamassassin, MailScanner, ClamAV. Based on Debian. Enterprise ready.
MailCleaner is an anti spam gateway installed between your mail infrastructure and the Internet.
It includes a complete GNU/Linux OS and a graphical web interface for user and administrative access. It comes in the form of an ISO image that contains a fully automated installer.
- fully compatible with any SMTP mail server
- routes mail on a per-domain basis
- per recipient/host whitelists and blacklists
- SMTP and LDAP/Active Directory callout for e-mail address validation
- temporary storage with retries in case of final server failure
- outgoing load balancing and/or failover

Regards.

ShelbyGT500
ShelbyGT500
 
Posts: 846
Joined: 13 May 2010 22:37
Location: FRANCE

Re: Copfilter 2.1.92beta6 for IPCop 2.1.7 released

Postby ljr0 » 28 Jan 2015 20:18

Very interesting. If mailcleaner is so powerful, why are you working on copfilter? Is there a difference between the applications?

I will certainly take a look at your suggestion. Thank you very much.
ljr0
 
Posts: 122
Joined: 21 Jan 2010 22:03

Re: Copfilter 2.1.92beta6 for IPCop 2.1.7 released

Postby ShelbyGT500 » 28 Jan 2015 22:47

Hi,

ljr0 wrote:If mailcleaner is so powerful, why are you working on copfilter?
Mmmm...No! Only Copfilter is so powerful! :D
ljr0 wrote:Is there a difference between the applications?
Mailcleaner is only an antispam/mail gateway (it is not an addon, but it is installed with its OS) .
It can not filter Http trafic or web content, for example. it is only one application among others, which seems more appropriate in your case. (in addition to Copfilter for your other needs, of course :D ! )

Regards.

ShelbyGT500
ShelbyGT500
 
Posts: 846
Joined: 13 May 2010 22:37
Location: FRANCE

PreviousNext

Return to English Copfilter v2 Support

Who is online

Users browsing this forum: No registered users and 1 guest

cron