[atomic-testing] clapf 0.4.3, a mail scanner for postfix

[scott]

This is an update announcement for the ClapF package for all distros except fedora 12. ClapF is an anti-spam/anti-virus module for postfix. It is designed to emulate as many features of qmail-scanner as possible, to bring the same functionality to Plesk environments using postfix.

Changelog:
* MySQL schema optimisations
* Zombie handling via the XFORWARD feature and the TRE library
* Locale fixes
* Added a postconf-like utility, clapfconf
* New counter to the 'delays=' to show how much time clapf
needs to acquire a message from postfix.
* Training is possible without actually storing the original email.
* Enhanced the maillog.pl utility to be able to handle mysql databases as well.
* Possible spam can be identified with both a '[spam???]' prefix in the
Subject: line, and with an extra header line.
* Bugfix ClapF-6 - fixes issue where the spam/antispam objects are not added to the Makefile by default
* Bugfix ClapF-7 - fixes missing definition for the rc container.
* Bugfix #XXX, on the cron jobs using the right syntax and path

To upgrade:
yum --enablerepo=atomic-testing upgrade clapf

To install:
yum --enablerepo=atomic install clapf

[Waylanderl]

hi scott,

thx for the update, but, its me? i just upgraded and get still the same cron errors...

exactly the same errors just the ver. number changes from 0.4.2 to 0.4.3

sorry for my bad english

way

[scott]

Try removing clapf, and then re-installing it.

[Waylanderl]

hi scott,

i removed and re-installed it.

the clapf start bring me three errors.

unknown key: "avg_addr"
unknown key: "avg_port"
unknown key: "spaminess_of_too_much_spam_in_top15"

then i restarted postfix.

get still the cron errors, but now it looks like sa is no longer invoked by clapf.

no subject changin and no X-Clapf-spamicity lines in the headers.

any hint?

thanks!

centos 5.4, plesk 9.2.3 centos basic channels and your repos

/edit: is there a way to get the 0.42 back? the cron errors sux, but it work with clamav/sa
a yum --enablerepo=atomic-testing downgrade clapf wouldnt work

[scott]

That is really weird, avg is the avast anti-virus scanner. Support for that isnt even compiled in according to the configuration information. Thats got to be a bug, the good news is the clapf developer is super super fast about fixing things.

[breun]

I'm not familiar with clapf, but are you sure that avg_* is referring to Avast and not AVG by AVG Technologies (formerly known as Grisoft)?

[Waylanderl]

is there a way to go back to 0.4.2 via yum?

or maybe another solution?

way

[breun]

You can install the yum-allowdowngrade package (if available for your OS, not on EL4 for instance), which adds downgrade options to yum.

Or you can download the RPM from the repository and then install it using 'rpm -Uvh --oldpackage <RPM-file>'.

[gshelton]

I think I may have fixed the error that I was getting. (I posted it to the 0.4.2 thread by mistake.)

Anyway, in the cron.d folder I edited the clapf file to be as so:

Code: Select all

59 * * * * root /usr/share/doc/clapf-0.4.3.1/stat/process_syslog.pl `date '+%b\ %e\ %H'` < /var/log/maillog >> /var/lib/clapf/stat/clapf.stat
1 * * * * root /usr/share/doc/clapf-0.4.3.1/stat/clapf-rrd-update.sh /var/lib/clapf/stat/clapf-ham-spam.rrd `tail -1 /var/lib/clapf/stat/clapf.stat | awk '{$

The most important part being the change of:

Code: Select all

`date '+%b\ %e\ %H'` 

From:

Code: Select all

`date +%b\ %e\ %H` 

(Note the addition of ' marks.

[gshelton]

Nope. The above did not fix my issues.

[Kalimari]

Anyone having luck with fixing the clapf cron errors?

The errors:
unknown key: "avg_addr"
unknown key: "avg_port"
relate to settings in /etc/clapf.conf for AVG's avgscan - not sure about this one yet:
unknown key: "spaminess_of_too_much_spam_in_top15"

Running yum --enablerepo=atomic install clapf leaves quite a few things out (e.g. /var/lib/clapf/stat/clapf.stat, mysql/db setup and cron errors), reading up on the various aspects (postfix+clampf+clamav+spamasaassin) of documentation doesn't quite cover everything.

Currently using Plesk's Mail->Preferences->DNSBL service to replace most of spamdyke did (although Spamdyke DID disable BL checks on port 587 if the user authenticated - may pose a spam loophole later). Postfix sends messages out to clamav successfully, but spamassassin never seems to come into the mix, this lets a lot of spam through that was previously caught by the Qmail system - Switched over to postfix yesterday after problems with Qmail on Plesk 9.3 (as noted by others: http://www.atomicorp.com/forum/viewtopic.php?f=4&t=3771), bounced messages kept getting stuck in a loop eventually maxing out CPU/memory. The combination of spamdyke (without greylisting), qmail-scanner, clamav, spamassassin+bayes_db was catching 99.9% of bad mail, but the loop/overload problem was untennable.

I feel committed to sticking with Postfix as I can see that fine-tuning has the potential to yield great results, but at the moment set-up is catching 90% of spam and there are a lot of errors with cron and missing mysql database.

I will post on any successs as and when I get there, if anyone else has any tips I'd be grateful to share and produce docs/guide from the combined findings.

Thanks

[scott]

If you come up with any implementation fixes, config file changes, etc. Please post them here.

[Kalimari]

Steadily working through postfix/clampf/spamassassin/clamav configuration/settings, not all issues ironed out yet, but will post my findings once I have something to share.

[BruceLee]

just an info: the loop bounces causing high cpu load are not caused by the combination of spamdyke, qmail, clamav and qmail-scanner. it's a bug in plesk's qmail. bounced or failure messages go to postmaster@hostXY...they can not be "delivered" and get bounced to postmaster@hostname again and so on.
I had this error too and fixed it by adding fqdn hostname in /var/qmail/control/locals and deleting the bounces messages
and adding a domain that exactly matches the hostname.
Also there is an article with a fix from Parallels that might sove the problem too but does not work with qmail-scanner at the moment >> https://atomicorp.com/forums/viewtopic.php?f=4&t=3941

[Kalimari]

BruceLee, yes you are correct, I should have been clearer - thanks for the info, it may help others. Tried various solutions, but having to live without qmail-scanner or with a steady increase in bounces meant qmail set-up became too unreliable. So far fairly happy with the switch to postfix/clapf, but it does require a lot of figuring out...