Testing Integration of SpamAssassin with Sun Java Messaging server 6
I have deployed Sun Java Messaging 6.0 server & spamassassin on a
single host and i integrated both by using steps in the .pdf document
(Sun java messaging 6 admin guide).
The integration is follows
1) option.dat file
--
spamfilter1_config_file1=/data/sunjava/msgconfigdatafiles/config/spamassassin.o pt
spamfilter1_library1=/data/sunjava/Sunmsg/lib/libspamass.so
spamfilter1_optional=1
spamfilter1_string_action=data:,addtag "[PROBABLE SPAM DETECTED: $U]";
spamfilter1_null_action=data:,require "fileinto"; fileinto "SPAM_CAN"
2) spamassassin.opt file
root@# more spamassassin.opt
HOST=127.0.0.1
PORT=783
DEBUG=1
MODE=1
3) I'm planning filter the messages by using (conversion)channels so my conversion channel entry is shown below
! conversion
conversion logging nowarnpost nosendpost subdirs 20 threaddepth 32 maxjobs 12 pool DEFAULT
destinationspamfilter1optin spam
conversion-daemon
Now i have to test the integration for that i have sent some messages
sucessfully to my MTA and now i have the following ques?
1) spamd is running in my server & now i want to know whether it is
receiving the message or not?
2) As per the .pdf document (Sun Java Messaging 6.0 admin guide)
it is mentioned that all the log messages for spamassassin will be
avaliable in/msg_svr_base/data/tcp_local_slave.log* file.
but in my MTA there is no tcp_local_slave.log* file so i want to know
whether i have to create this file or it will be manually created during
installation ?
3) Can any one help me how to test this integration and my MTA status is
shown below
mailsrv 185821 0 11:33:03 ?0:00 /data/sunjava/Sunmsg/lib/imapd
mailsrv 185801 0 11:33:02 ?0:00 /data/sunjava/Sunmsg/lib/enpd
mailsrv 185851 0 11:33:04 ?0:00 /data/sunjava/Sunmsg/lib/imsched
mailsrv 185841 0 11:33:04 ?0:00 /data/sunjava/Sunmsg/lib/mshttpd
mailsrv 185831 0 11:33:03 ?0:00 /data/sunjava/Sunmsg/lib/popd
mailsrv 187321 0 11:56:04 ?0:00
/data/sunjava/Sunmsg/lib/dispatcher
mailsrv 185811 0 11:33:02 ?0:01 /data/sunjava/Sunmsg/lib/stored
mailsrv 187361 0 11:56:04 ?0:00
/data/sunjava/Sunmsg/lib/job_controller
root 185791 0 11:33:02 ?0:00 /data/sunjava/Sunmsg/lib/watcher
INADDR_ANY 49994 /data/sunjava/Sunmsg/config/j
Thanks in advance
Jai
[2509 byte] By [
bsnl-nib] at [2007-11-26 10:11:01]
# 1
First remove additional "1" from options.dat. There was a mistake in docs.
Wrong:
spamfilter1_config_file1=/data/sunjava/msgconfigdatafiles/config/spamassassin.o pt
spamfilter1_library1=/data/sunjava/Sunmsg/lib/libspamass.so
Ok:
spamfilter1_config_file=/data/sunjava/msgconfigdatafiles/config/spamassassin.o pt
spamfilter1_library=/data/sunjava/Sunmsg/lib/libspamass.so
First test spamassasin alone by sending test files:
./spamassassin < sample-spam.txt
Then send test mails and watch log file. It should be there.
Why you want to use conversion channel?
Use ims-ms or tcp_local channel to scan incomming messages.
# 2
Hi Piotr
Thanks for your reply!
My organization told us to do msf filtering through CONVERSION Channel
that's why we are using this channel.
ok i will remove the additional '1' in option.dat file but i don't have
my log files
mail.log_current and tcp_local_slave.log*
In order to create log file i have added LOGGING keyword to default notices
in imta.cnf file as shown below and i have done cnbuild and restart to MTA.
but still i'm not getting my log files.
- --
! part II : channel blocks
!
defaults notices 1 2 4 7 copywarnpost copysendpost postheadonly noswitchchannel immnonurgent maxjobs 7 defaulthost dataone.in
dataone.in logging
- -
Can please give the answer for following questions
1) whether i have to create the log files manually ? if YES please
tell me how to do it?
2) can you tell me that the integration which i have done is
correct or wrong? if i have to add any entries please
let me know ?
Thanks in Advance
# 3
Conversion channel is used when a special library is not available.
For spamassassin there is a library so there is no need for conversion which is slower than native library scanning.
Leave conversion channel and make tcp_local looks like
! tcp_local
tcp_local smtp mx single_sys remotehost inner switchchannel identnonenumeric sub
dirs 20 maxjobs 7 pool SMTP_POOL maytlsserver maysaslserver saslswitchchannel tc
p_auth missingrecipientpolicy 0 [b]destinationspamfilter1optin spam[/b]
tcp-daemon
Logs from SA in tcp_local_slave* are made without additional config.
You have set DEBUG=1 in spamassassin.opt so there is no need to add master_debug or slave_debug in certain channel but you can do it.
# 4
Hi
Thanks!
Here i have made a mistake, Actually in our old servers the entry for
spamassassin is in tcp_intranet channel and they have configured
clamav through conversion channel.
This is our old server's entry for spamassassin
- -
tcp_intranet smtp mx single_sys subdirs 20 noreverse maxjobs 5 pool SMTP_POOL maytlsserver allowswitchchannel saslswitchchanne
l tcp_auth sourcebrightmailoptin spam threaddepth 32
tcp_intranet-daemon
- --
# 5
Here i have made a mistake, Actually in our old servers the entry for
spamassassin is in tcp_intranet channel and they have configured
clamav through conversion channel.
Hm. I run clamav, but not through the conversion channel.
We now provide the same hooks for clamav as for SpamAssassin.
Here's my setup for that. You need current patches on 6.2 for this to work.
! tcp_local
tcp_local smtp mx remotehost inner switchchannel identnonenumeric subdirs 20 maxjobs 2 pool SMTP_POOL maytlsserver maysaslserver saslswitchchannel tcp_auth missingrecipientpolicy 0 daemon smtp.comcast.net mailfromdnsverify backoff "pt30m" "pt2h" "pt4h" sourcespamfilter2 sourcespamfilter1optin spam
tcp-daemon
spamfilter1 is SpamAssassin. Spamfilter2 is ClamAV
option.dat has:
spamfilter2_config_file=/opt/SUNWmsgsr/config/clamav.opt
spamfilter2_library=/opt/SUNWmsgsr/lib/libclamav.so
spamfilter2_optional=1
spamfilter2_string_action=data:,require ["jettison"];jettison;
This isn't documented, yet, but the libclamav.so is in current patches, and is supported.
MUCH cleaner, easier, faster, better than using the conversion channel for anything.
Prior to this, I used another product, "ClamSMTP" to wrap ClamAV, and used our "aliasdetourhost" mechanism to send messages to ClamAV. That worked well, too, but this is even better.
# 6
Hi jay
Thanks for your Information
We have our clamav library (libclamav.so) installed in following dir
- --
root@ # pwd
/usr/local/lib
root@ # ls
libbz2.alibclamav.la libclamav.so.1libexpatw.a libexpatw.solibexpatw.so.1.5.0 libclamav.a libclamav.so libclamav.so.1.0.17 libexpatw.la libexpatw.so.1pkgconfig
- --
this is my msg version
-
root@-- # ./imsimta version
Sun Java(tm) System Messaging Server 6.2-3.04 (built Jul 15 2005)
libimta.so 6.2-3.04 (built 01:43:03, Jul 15 2005)
SunOS ndlbbpa1-a-fixed 5.9 Generic_118558-28 sun4u sparc SUNW,Sun-Fire-V240
-
As my organization told us to do the msg scanning through conversion channel
So here's my setup for that
mappings file
-
CONVERSION
in-chan=tcp_auth;out-chan=tcp_*;convert yes
in-chan=tcp_auth;out-chan=tcp_*;convert yes
-
imta.cnf file
- -
! conversion
sourcespamfilter2optin virus
conversion-daemon
- --
option.dat file
- --
spamfilter2_config_file=/data/sunjava/Sunmsg/config/clamav.opt
spamfilter2_library=/usr/local/lib/libclamav.so
spamfilter2_optional=1
Spamfilte2_string_action=data:,addtag "[PROBABLE SPAM DETECTED]";
-
1) can you tell me the options which i have to specify in my
clamav.opt file? if possible give me example file.
2) I think the above setup is correct and if i have to made any
changes please let me know?
3) In your option.dat file you have specified
sourcespamfilter2 sourcespamfilter1optin spam
here you have not specified "virus" for sourcespamfilter2 is it correct ?
Thanks in Advance
Jai
# 7
As my organization told us to do the msg scanning through conversion channel
makes exactly no sense. You need to talk to "my organization", and let them know that the conversion channel isn't the best way..........
It's likely the worst way to implement ClamAV with Messaging Server.
# 8
Hi Jay
Thanks for your Info & I've already spoken to them and now they are planning to implement this (clamav)
through ims-ms channel
so can you please give me the details for following ques
which options i have to specify in the clamav.opt file?if possible
give me the example file?
Thanks in Advance
# 9
> Hi Jay
>
> Thanks for your Info & I've already spoken to them
> and now they are planning to implement this (clamav)
>
> through ims-ms channel
I'm sorry, unless you mean, "using the integration technique", the above makes no sense. ims-ms channel is used for delivering mail to the store, and nothing else.
>
> so can you please give me the details for following
> ques
>
> which options i have to specify in the clamav.opt
> file?if possible
> give me the example file?
Here's my working files and parts:
imta.cnf:
! tcp_local
tcp_local smtp mx remotehost inner switchchannel identnonenumeric subdirs 20 maxjobs 2 pool SMTP_POOL maytlsserver maysaslserver saslswitchchannel tcp_auth missingrecipientpolicy 0 daemon smtp.comcast.net mailfromdnsverify backoff "pt30m" "pt2h" "pt4h" sourcespamfilter2 sourcespamfilter1optin spam
tcp-daemon
spamfilter1 is SpamAssassin
spamfilter2 is ClamAV
option.dat, relevant section:
spamfilter1_library=/opt/SUNWmsgsr/lib/libspamass.so
spamfilter1_config_file=/var/opt/SUNWmsgsr/config/spamassassin.opt
spamfilter1_optional=1
spamfilter1_string_action=data:,require "fileinto"; fileinto "$U";
spamfilter2_config_file=/opt/SUNWmsgsr/config/clamav.opt
spamfilter2_library=/opt/SUNWmsgsr/lib/libclamav.so
spamfilter2_optional=1
spamfilter2_string_action=data:,require ["jettison"];jettison;
!MM_DEBUG=5
log_connection=1
clamav.opt:
HOST=127.0.0.1
PORT=3310
MODE=1
DEBUG=0
spamassassin.opt:
HOST=127.0.0.1
PORT=789
MODE=0
VERDICT=spam
DEBUG=0
Yes, these are pretty simple. I don't bother with headers, and file all spam into a "spam" folder, for everybody. I simply junk virus positives.
>
>
>
> Thanks in Advance
# 10
Hi JayThanks for your kind reply
# 11
OOPS, that is the answer I looking for.... sorry did not read before I post,
Question, I am using InterScan VirusWall TM 3.81 for UNIX , can I use spamfilter2_library=/opt/SUNWmsgsr/lib/libclamav.so
as interface for Trend virus scanner?
there is not libclamav.so in my system, does it come with lates JMS?
# ./imsimta version
Sun Java(tm) System Messaging Server 6.2 (built Dec 2 2004)
libimta.so 6.2 (built 00:34:23, Dec 2 2004)
SunOS melpop02 5.10 Generic sun4u sparc SUNW,Ultra-80
maybe outdate to far? lucky we are still doing test.
# 12
Hi JerryYou have to Install Updated patch to get that library.Jai
# 13
Yes, you need an updated patch to get the ClamAV library. No, you can't use it for anything other than ClamAV.
# 14
Hi Jay
Is this patch you mentioned?
http://sunsolve.sun.com/search/document.do?assetkey=1-21-118207-51-1
I did not found file libclamav.so. But I found a libclamav.so in ClamAV binary package from http://www.citrus-it.co.uk/clamav/is that one?
If no. could you please tell me pach id?
In you docs, you mention use Amavis-NEW to call ClamAV, Can't ClamAV self return back MTA? and I look into clamd.conf, no where define next smtp hop.
Can I use clamav without Amavis-NEW ? Do you know when the integration b/t ClamAV and JMS 6.X will happen?
# 15
> Here's my setup for that. You need current patches
> on 6.2 for this to work.
Could you tell me patch ID? Thanks
>
> ! tcp_local
> tcp_local smtp mx remotehost inner switchchannel
identnonenumeric subdirs 20 maxjobs 2 pool SMTP_POOL
maytlsserver maysaslserver saslswitchchannel tcp_auth
missingrecipientpolicy 0 daemon smtp.comcast.net
mailfromdnsverify backoff "pt30m" "pt2h" "pt4h"
sourcespamfilter2 sourcespamfilter1optin spam
tcp-daemon
>
> spamfilter1 is SpamAssassin. Spamfilter2 is ClamAV
sourcespamfilter2 sourcespamfilter1optin spam ?
should be?
sourcespamfilter2option spam sourcespamfilter1optin spam
OR
sourcespamfilter2option virus sourcespamfilter1optin spam
I think "virus" or "spam" is not important, important is some thing come back from LDAP, right?
>
>
> option.dat has:
>
> spamfilter2_config_file=/opt/SUNWmsgsr/config/clamav.opt
> spamfilter2_library=/opt/SUNWmsgsr/lib/libclamav.so
> spamfilter2_optional=1
> spamfilter2_string_action=data:,require ["jettison"];jettison;
# 16
have installed patch 118207-51# ./imsimta versionSun Java(tm) System Messaging Server 6.2-6.01 (built Apr 3 2006)libimta.so 6.2-6.01 (built 11:20:35, Apr 3 2006)still not found libclamav.so file
# 17
me either - is it in 118207-51?
# 18
I search whole system, did not find the file!
# 19
It's in -58, at least. It gets put here:/opt/SUNWmsgsr/lib/libclamav.soIt is not the same file that ClamAV comes with.
