clapf problems

Forum for getting help with Project Gamera, Spamassassin, Clamav, qmail-scanner and other anti-spam tools.
faris
Long Time Forum Regular
Long Time Forum Regular
Posts: 2321
Joined: Thu Dec 09, 2004 11:19 am

clapf problems

Unread post by faris »

I've just tried installing clapf on a Centos 6 system with Plesk 12 and Postfix (obviously)

It initially moaned about some gsl stuff, but that was easily resolved.

But then it moaned about libmysqlclient.so.18 being missing.

And unfortunately that's provided by mysql-libs which itself wants to install the Atomic MySQL and Atomic php 5.4 which I don't want here.

Any hints?
--------------------------------
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>
scott
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 8355
Joined: Wed Dec 31, 1969 8:00 pm
Location: earth
Contact:

Re: clapf problems

Unread post by scott »

Use the mysqclient18 package
faris
Long Time Forum Regular
Long Time Forum Regular
Posts: 2321
Joined: Thu Dec 09, 2004 11:19 am

Re: clapf problems

Unread post by faris »

Thanks Scott. That did it. Shame "yum provides" didn't suggest it :-(

Unfortunately I keep running into roadblocks. I have it working with spamassassin, but I'm seeing mysterious errors in the logs (e.g. "No valid data from sql table") and I'm not sure if it is working with clamd or not (although it did detect the EICAR test string and dropped the message, so that's encouraging).

But WOW -- this is one serious little program with some wonderful looking options. And Postfix itself seems rather wonderful and amazingly configurable.

Faris.
--------------------------------
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>
scott
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 8355
Joined: Wed Dec 31, 1969 8:00 pm
Location: earth
Contact:

Re: clapf problems

Unread post by scott »

The author recently set up on bitbucket here:

https://bitbucket.org/jsuto/clapf

The version in the rpm is probably more than a year out of date, so it could stand a refresh.
faris
Long Time Forum Regular
Long Time Forum Regular
Posts: 2321
Joined: Thu Dec 09, 2004 11:19 am

Re: clapf problems

Unread post by faris »

Ah, I didn't look at the version number on the rpm. I'll try compiling from source and following the new install instructions. There's a web gui and things I want to investigate.
--------------------------------
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>
faris
Long Time Forum Regular
Long Time Forum Regular
Posts: 2321
Joined: Thu Dec 09, 2004 11:19 am

Re: clapf problems

Unread post by faris »

Well, after an epic 2 hour struggle, I managed to compile from source and it is working with spamassassin and clamd.

I learned the following:

1) Scott, you must have spent many more hours than I did trying to get this to work and turn it into an RPM. Thank you.
2) The "invalid key" errors I was seeing refer to entries in clapf.conf that it didn't understand
3) The RPM version was talking to clamd after all. If it wasn't then you'd see obvious errors.
4) I'm still getting "No valid data from sql table" with the compiled from source version.
5) My compiled version is probably not configured well and I'm not going to use it.


Sooo.....Scott...what do I have to bribe you with to get you to turn your brain the size of a planet back to clapf and maybe to create an up to date RPM with an up to date default configuration?
--------------------------------
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>
scott
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 8355
Joined: Wed Dec 31, 1969 8:00 pm
Location: earth
Contact:

Re: clapf problems

Unread post by scott »

What would help (I promise this is easier than it looks) is to have a look at the .spec file used to craft the RPM:

http://updates.atomicorp.com/channels/s ... clapf.spec

The part that matters is %build, this is the basic configuration setup that you're probably messing with the most.

Or if there is a configuration step that has to happen before the install, that is under %pre (example: create a user)

or %post for after the product is installed (example: Add service to startup).
faris
Long Time Forum Regular
Long Time Forum Regular
Posts: 2321
Joined: Thu Dec 09, 2004 11:19 am

Re: clapf problems

Unread post by faris »

I've had a look and it doesn't quite help me. It did point out some interesting stuff to me though, thanks.

Two of my main problems are:

1) Is the fact that tcpwrapper support (see below) is not enabled significant?
In the Debian prerequisites he has libwrap0-dev which doesn't exist as a RH package.
The closest I can come to that is tcp_wrappers-devel and tcp_wrappers-libs but both are installed.

Code: Select all

run as user: clapf
clapf directory: /var/clapf


database: mysql
tre library: yes
gsl library: yes
zip library: yes
tcpwrappers support: no
clamd support: yes
2) This is stupid of me, but I can't seem to figure out how to change the location of clapf.conf. It insists on putting it in /usr/local/etc/clapf.conf
I can't spot what to specify when doing a .configure. I expect I'm going to D'OH very loudly over this.
--------------------------------
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>
scott
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 8355
Joined: Wed Dec 31, 1969 8:00 pm
Location: earth
Contact:

Re: clapf problems

Unread post by scott »

> 1) Is the fact that tcpwrapper support (see below) is not enabled significant?
> tcpwrappers support: no

Depends on if you want it implemented or not. Take a look at the config.log and configure script to see what path its looking for the header file in. Or you could open up a request in the issue tracker. This isnt a super common condition, but sometimes you'll have one distro put the headers in a dir that isnt the same on RHEL. Upstream might have only known about that other location, so you'd need to update the configure script to know about it.


> 2) This is stupid of me, but I can't seem to figure out how to change the location of clapf.conf. It insists on putting it in /usr/local/etc/clapf.conf

A shortcut is to specify --prefix=/usr. The %{__configure} macro in the spec file does this for you automatically (along with a lot of other things that head this off).
faris
Long Time Forum Regular
Long Time Forum Regular
Posts: 2321
Joined: Thu Dec 09, 2004 11:19 am

Re: clapf problems

Unread post by faris »

OK. Thanks.

Well, I got it working in a way that I felt was "clean", but it turned out it wasn't talking to spamassassin and I couldn't figure out why. And that took 3 hours. On top of that, there are still too many things I'm not happy with. Some of the .configure settings you use are no longer valid with the latest version, particularly the "policy" option, so I'm not confident about how it will support multiple domains and per-user settings.

In contrast, I had a go with amavisd-new with much more success in next to no time, but from a post by kalamari on this forum, there seems to be some complication that I didn't quite understand and didn't have the energy left to investigate.

I'm starting to give up on postfix :-(
--------------------------------
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>
scott
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 8355
Joined: Wed Dec 31, 1969 8:00 pm
Location: earth
Contact:

Re: clapf problems

Unread post by scott »

Im starting work on the latest clapf which is purely out of the bitbucket repo. Its shifted considerably since the last time I did a full rundown with it. The package now supports memcached, and sphinx (unclear on how much the latter is required or not).

There are very early packages available in atomic-testing now if you want to take a look. Id especially be interested in any updates that could help clean up the integration side of things with it.
faris
Long Time Forum Regular
Long Time Forum Regular
Posts: 2321
Joined: Thu Dec 09, 2004 11:19 am

Re: clapf problems

Unread post by faris »

Thanks Scott.

Something odd going on here though.....

Code: Select all

atomic-testing                                                                                                                         | 3.4 kB     00:00
Resolving Dependencies
--> Running transaction check
---> Package clapf.x86_64 0:0.5.2-3.el6.art will be installed
--> Processing Dependency: libzip.so.1()(64bit) for package: clapf-0.5.2-3.el6.art.x86_64
--> Processing Dependency: libtre.so.5()(64bit) for package: clapf-0.5.2-3.el6.art.x86_64
--> Processing Dependency: libgslcblas.so.0()(64bit) for package: clapf-0.5.2-3.el6.art.x86_64
--> Processing Dependency: libgsl.so.0()(64bit) for package: clapf-0.5.2-3.el6.art.x86_64
--> Processing Dependency: libclapf.so()(64bit) for package: clapf-0.5.2-3.el6.art.x86_64
--> Running transaction check
---> Package clapf.x86_64 0:0.5.2-3.el6.art will be installed
--> Processing Dependency: libclapf.so()(64bit) for package: clapf-0.5.2-3.el6.art.x86_64
---> Package gsl.x86_64 0:1.13-1.el6 will be installed
---> Package libzip.x86_64 0:0.9-3.1.el6 will be installed
---> Package tre.x86_64 0:0.8.0-12.el6.art will be installed
--> Finished Dependency Resolution
Error: Package: clapf-0.5.2-3.el6.art.x86_64 (atomic-testing)
           Requires: libclapf.so()(64bit)
 You could try using --skip-broken to work around the problem
 You could try running: rpm -Va --nofiles --nodigest
But

Code: Select all

clapf-0.4.7.4-2.el6.art.x86_64 : a modular network filter for postfix
Repo        : atomic
Matched from:
Filename    : /usr/lib64/libclapf.so



clapf-0.5.2-3.el6.art.x86_64 : a modular network filter for postfix
Repo        : atomic-testing
Matched from:
Filename    : /usr/lib64/libclapf.so
--------------------------------
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>
scott
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 8355
Joined: Wed Dec 31, 1969 8:00 pm
Location: earth
Contact:

Re: clapf problems

Unread post by scott »

Got a fix for that library thing coming up. The next thing to tackle here is an architecture problem I could really use a hand with. The latest source tree assumes that clapf will exist in a more Project Gamera-like smarthost configuration. It has a web interface to manage it, and requires mysql, sphinx, and (possibly) memcached (or redis?).

I'm assuming that there is value here in following the same path as qmail-scanner/project-gamera where we have:

1) Project Gamera for postfix using clapf, this will need the full stack (mysql,sphinx, memcached, a web server, and web front end) and most importantly an installation dialog.

2) clapf for environments like Plesk (maybe mysql, probably not sphinx, memcached, or web interface) where we dont want installation dialog. I think. You tell me

So my first architecture issue here is that when building clapf you cant optionally enable/disable things at runtime. If you enable mysql, and memcached support when it is built it will require those parts in order to work.

So because of this issue I cant make one universal clapf like happened with qmail-scanner. Its going to need to be built differently and named differently, like maybe:

Project-Gamera version:
clapf
clapf-web

Plesk version:
clapf-plesk or plesk-clapf

Then again I could be overthinking all this. The last version of clapf was much tighter, and didnt require a questionnaire to complete the install. This new one I havent found a way around that yet, and I think it would be a barrier to adoption if you had to do it. Unless someone wanted to help put together a plesk plugin to automate that part.
faris
Long Time Forum Regular
Long Time Forum Regular
Posts: 2321
Joined: Thu Dec 09, 2004 11:19 am

Re: clapf problems

Unread post by faris »

I would say that PG works fine as it is. In conjunction with SpamDyke, it does everything it needs to do with little fuss. So I'd say ignore a PG-like situation and concentrate on a shared hosting Plesk situation where Postfix offers significant benefits.

I didn't think Clapf *required* memcached - it didn't even come into the equation when I was playing with the source. Maybe that was my problem :-) Anyway, I'm not sure of the advantages of having/requiring memcached on a hosting server? So if we can do without it, lets not require it.

I got the impression that sphinx was to do with searching in the web gui?

The gui is optional, but would be very useful with Plesk. Having access to it in the same way as Haggybear's SpamDyke Control Panel within Plesk would be very neat, but I would be concerned with security issues if we allowed end users access (e.g. to configure per-domain settings, which is something Haggy's SCP allows but it does so securely somehow).

Anyway, I don't think I can help much with any coding. But I can test on Plesk 12.1.x as much as you want.
--------------------------------
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>
faris
Long Time Forum Regular
Long Time Forum Regular
Posts: 2321
Joined: Thu Dec 09, 2004 11:19 am

Re: clapf problems

Unread post by faris »

I'm bored so I'm back at looking at clapf again or amavisd again.

Every time I look at Plesk 12.x I feel a stronger urge to ditch qmail and switch to postfix.
But with no option in Plesk to integrate clamav, I really need to get either clapf or amavisd working in a reliable way.

Scott, have you had any more time to poke clapf into submission?
--------------------------------
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>
Post Reply