Virtual changelog

Changelog

Close this window to continue.

16 SEP 2011
There is a bug in the autoresponder (vacation.pl). If a person that has an autoresponder activated is in the Cc: field, the sender is receiving the autoresponse message from a person listed in To: field, not from the person that has an autoresponder activated. Run this command to fix the issue. This changes line 342 of the script ($orig_to is changed to $email):

sed -i "s/do_mail_sendmail (\$orig_to/do_mail_sendmail (\$email/" /var/spool/vacation/vacation.pl

09 SEP 2011
If you are using policyd-weight, please make this change to avoid scoring higher than normal:

sed -i "s/'IX_MANITU',/'IX_MANITU'/" /usr/sbin/policyd-weight
sed -i "s/ 'rbl.ipv6-world.net'/#'rbl.ipv6-world.net'/" /usr/sbin/policyd-weight
/etc/init.d/policyd-weight stop
/etc/init.d/policyd-weight start

15 MAY 2011
IMPORTANT There is a Dovecot bug that allows blank passwords to be used when using the default_pass_scheme = PLAIN.
This situation MUST be corrected. To do so, disallow CRAM-MD5 clients from using blank passwords:

sed -i "s/AND active = '1'/AND active = '1' AND clear <> ''/" /etc/dovecot/dovecot-crammd5.conf
/etc/init.d/dovecot restart
cat /etc/dovecot/dovecot-crammd5.conf

Insure that the password_query entry line has the added: " AND clear <> '' " addition at the end:
password_query = SELECT clear AS password FROM mailbox WHERE username = '%u' AND active = '1' AND clear <> ''

You may want to also restart Postfix:
/etc/init.d/postfix restart

This assumes that you are still selecting the clear text password from a field called 'clear' in the mailbox table of the postfix database.
If users are unable to log in after this change is made, insure that they have a password set in the 'password' field (use PostfixAdmin to update if needed), or if they use CRAM-MD5 authentication, make sure they have a plain text password set in the 'clear' field of the 'mailbox' table in the 'postfix' database.
Passwords in the 'clear' field must be entered manually by the administrator. You can use PHPMyAdmin to edit the field if so desired.
Going forward, http://verchick.com/mecham/public_html/spam/dovecot-crammd5.conf.txt has been updated. Note that this change does not mean that you are required to place passwords in the 'clear' field. Most clients will use the 'password' field for authentication. Only clients that are only able to authenticate using CRAM-MD5 will require a password in the 'clear' field.

15 MAY 2011
To avoid possible backscatter from internal users and people sending banned attachments, I suggest you
vi /etc/amavis/conf.d/50-user and then change:
$final_banned_destiny     = D_BOUNCE;
to:
$final_banned_destiny     = D_DISCARD;

Also, in the MYNETS and TRUSTED policy banks I suggest no longer bouncing spam from internal users (because your internal users may also be forging sender address). So remove or comment out this line in each of the two policy banks::

  final_spam_destiny => D_BOUNCE, # so the sender knows they are a spammer

and then restart amavisd-new

28 AUG 2010
Bad news, the SQL msgs table (in the amavis database) is supposed to be cleaned up on a daily basis by the /etc/cron.daily/ztrim-amavis script but the data type of the msgs.time_iso field is incorrect. This means the date/time arithmetic does not work and the result is some tables have not been cleaned since January 1st 2010. I personally do not have a production system running, so I did not notice the error. I'm really surprised that no one mentioned that their MailZu quarantines were not getting purged. I did mention in the document that if the database grows forever "you or I made a mistake". To correct the issue, we need to change the data type and then run the cleanup script.

To correct the data type, log into mysql (using roots_password):
mysql -p

and run the following commands:
USE amavis;
ALTER TABLE `msgs` CHANGE `time_iso` `time_iso` TIMESTAMP NOT NULL DEFAULT 0;

The msgs, msgrcpt, maddr and quarantine tables may be huge. Running the cleanup script may take a very long time, and may even crash. If you use the following script, a file called /etc/trim-amavis-msgs.sql is updated and populated with SQL statements. Millions of statements may be created (one for each record that is to be deleted) and the file may grow quite large. If you run out of disk space, of course your system could crash. To determine approximately how many (mega/giga) bytes the file may grow to, count the number of records in the msgs table (SELECT COUNT(*) FROM msgs;) and multiply by 57. Two million records would create a file about 114MB in size. To run the script (but read ahead before you run this):
/etc/cron.daily/ztrim-amavis

Note that there is a possibility that if you start running the script and it takes many hours, that the script will start running again at 6:25 AM due to the fact that it resides in /etc/cron.daily. I suggest temporarily preventing it from automatically running by moving it into /usr/sbin before running it:
mv /etc/cron.daily/ztrim-amavis /usr/sbin
Then of course, move it back to /etc/cron.daily when complete:
mv /usr/sbin/ztrim-amavis /etc/cron.daily
The script deletes records older than 24 days. If you calculate that the /etc/trim-amavis-msgs.sql file that will be created will be too large for your system, then you should delete records incrementally. You can count the number of much older records and then calculate how large the file will be. For example, here I count the number of records older than 120 days:
SELECT COUNT(*) FROM msgs WHERE time_iso < NOW() - INTERVAL 120 DAY;
After finding a reasonable number of records, we could then modify the number of days to look back on in /usr/sbin/trim-amavis-msgs before running ztrim-amavis. Please make a backup of the file before modifying it, and chmod 750 the backup file to prevent password snooping. This process of changing the number of days and then running the ztrim-amavis script may need to be repeated a number of times until the tables are brought down do a reasonable size.

Going forward, I have corrected the database schema. After the table is cleaned up, you may optionally want to optimize the tables with the command: OPTIMIZE TABLE msgs, msgrcpt, quarantine, maddr;

Note that if you do not change the data type of the time_iso field, on January 1st 2011 all the records in the msgs table will be deleted due to the faulty date/time arithmetic. The error was introduced when the database schema was updated for amavisd-new 2.6.0. See http://verchick.com/mecham/public_html/spam/amavis-260-sqmail.sql.txt. Make sure that $timestamp_fmt_mysql = 1; is set in /etc/amavis/conf.d/50-user (it should already be there).

8 AUG 2010
It appears the new Debian squeeze release may possibly use dash as a new default for /bin/sh instead of bash. Because of differences between bash and dash, the quota-warning.sh would crash when running on a Debian squeeze system. Therefore, in the file quota-warning.sh.txt, I changed #!/bin/sh to #!/bin/bash. I also did the same for the following files: trim-amavis, trim-awl, trim-sql-awl-weekly and rmmailboxspam.

16 JUN 2010
A line at or near 224 of /usr/share/postfixadmin/config.inc.php should be corrected per this example
from:
$CONF['user_footer_link'] = "https://msa.example.com/postFixadminx/main";
to:
$CONF['user_footer_link'] = "https://msa.example.com/postFixadminx/users/main.php";

Thanks Ralph

06 JUN 2010
Bill Landry's clamav-unofficial-sigs has been updated to version 3.7.1. It is suggested to update. It may also be required to start with a fresh database.


apt-get update

rm -r /var/lib/clamav/*

apt-get install clamav clamav-daemon clamav-freshclam

freshclam




cd /etc

wget http://verchick.com/mecham/public_html/spam/clamav-unofficial-sigs.conf.txt

mv clamav-unofficial-sigs.conf clamav-unofficial-sigs.conf.old

mv clamav-unofficial-sigs.conf.txt clamav-unofficial-sigs.conf

cd /usr/sbin

wget http://verchick.com/mecham/public_html/spam/clamav-unofficial-sigs.sh.txt

mv clamav-unofficial-sigs.sh clamav-unofficial-sigs.sh.old

mv clamav-unofficial-sigs.sh.txt clamav-unofficial-sigs.sh

chmod +x clamav-unofficial-sigs.sh

clamav-unofficial-sigs.sh

04 APR 2010
Users can now browse to the CA Certificate in order to install it.

26 MAR 2010
Amavisd-new breaks messages down into components before virus scanning. Also enable virus scanners to scan the message as a whole:


sed -i "s|# qr'^MAIL$'|  qr'^MAIL$'|" /etc/amavis/conf.d/20-debian_defaults

amavisd-new reload

25 FEB 2010
Here is a change needed for SpamAssassin 3.3.0:


wget http://verchick.com/mecham/public_html/spam/awl.update.sql

mysql -u root -p sa_bayes < awl.update.sql

Enter roots_password to complete the process.

05 DEC 2009
Oops, Some of the links to page 2 of the document pointed to an obsolete document. That can't be good. Repaired that.
I added a section to upgrade to amavisd-new 2.6.4.
Updated obsolete URL to Zmanda for mysql-zrm.
I updated the sanesecurity section to use Bill Landry's newer download script.
You should run:
pyzor discover
su amavis -c 'pyzor discover'

05 APR 2009
I like to turn off the ability of the super administrators to delete domains. This is optional. This removes the link to 'del' the domain:



sed -i "s|$PALANG\['del'\]|$PALANG\[''\]|" /usr/share/postfixadmin/templates/admin_list-domain.php

To turn it back on (if you actually do need to delete a domain - along with all its mailboxes and aliases):



sed -i "s|$PALANG\[''\]|$PALANG\['del'\]|" /usr/share/postfixadmin/templates/admin_list-domain.php

27 MAR 2009
Added:

echo "^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ amavis\[[[:digit:]]+\]: \([-[:digit:]]+\) (Blocked|Passed)" >>/etc/logcheck/ignore.d.server/amavisd-new

Added a fourth patch to amavisd-new 2.6.2. If you installed your system prior to 27 MAR 2009:
cd /usr/local/src/amavisd-new-2.6.2
wget http://verchick.com/mecham/public_html/spam/amavisd.2.6.2.patch4.txt
patch -p0 < amavisd.2.6.2.patch4.txt
cp amavisd amavisd-new
cp amavisd /usr/sbin/amavisd-new
/etc/init.d/amavis restart

Please:
apt-get install pax
/etc/init.d/amavis restart

26 MAR 2009
PostfixAdmin Vacation - Out of Office sent every time.
If you applied the vacation.2211.patch.txt to vacation.pl prior to 3/26/2009,
line 174 of /var/spool/vacation/vacation.pl needs to be changed from:

      if ($e !~ /_pkey/) {

to:
      if ($e !~ /(?:_pkey|^Duplicate entry)/) {

Thanks Lucien

23 MAR 2009
In the "Create Bayes and AWL tables in MySQL" section, I fixed an error where the wrong password was entered. Changed it from amavis_password to sa_password. Thanks James.

08 MAR 2009
Initial release.

http://verchick.com/mecham/public_html/spam/virtual2.html