PDA

Bekijk Volledige Versie : ClamAV probleem



IT-worX
20/11/05, 16:26
Gisteren eventjes clamav op mijn server (met DA) geïnstalleerd. En nu blijkt dat er sindsdien geen enkele mail doorkomt! Heb al verschillende mails naar mezelf gestuurd, meerdere mailadressen (met meerdere domeinen) aangemaakt etc, maar op geen enkel komt de mail toe. Ook niet als ik deze vanaf het mailadres van mijn provider (telenet), of via hotmail/gmail verstuur...

Heeft er iemand enig idee wat ik misgedaan heb? Teveel mail is misérie, maar geen is ook bizar hoor :D

IT-worX
20/11/05, 18:12
Even wat bijkomende info:

ClanAV is geïnstalleerd dmv volgende howto: http://www.directadmin.com/forum/showthread.php?threadid=10478&highlight=clamav

OS is Fedora Core 3

Deimos
20/11/05, 18:19
Draait clamav? Draait exim? Wat is de output van de paniclog van exim? (normaal /var/log/exim/paniclog)

IT-worX
20/11/05, 18:24
@deimos, bedankt voor de tip ivm de paniclog (weeral iets dat we weten ;-)). Exim draait weldegelijk, maar hoe kan je zien of ClamAV draait? Zie namelijk niets in de init.d staan?

[root@asterix init.d]# service exim status
exim (pid 2389 30057) is running...

[root@asterix init.d]# vi /var/log/exim/paniclog
2005-11-20 04:22:14 1EdfmQ-0001Bw-3T User 0 set for local_delivery transport is on the never_users list
2005-11-20 04:22:15 1EdfmQ-0001C2-SN User 0 set for local_delivery transport is on the never_users list

Deimos
20/11/05, 18:37
ps auxww | grep clam

Verder heb je over het algemeen meer aan een tail /var/log/exim/paniclog ipv vi /var/log/exim/paniclog

IT-worX
20/11/05, 18:41
[root@asterix ~]# ps auxww | grep clam
clamav 29906 0.0 0.0 3672 876 ? Ss Nov19 0:00 /usr/local/bin/freshclam -d -c 24
root 29910 0.0 0.8 11516 8976 ? Ss Nov19 0:00 /usr/local/sbin/clamd
root 2815 0.0 0.0 3700 676 pts/0 S+ 17:24 0:00 grep clam

[root@asterix ~]# tail /var/log/exim/paniclog
2005-11-20 04:22:14 1EdfmQ-0001Bw-3T User 0 set for local_delivery transport is on the never_users list
2005-11-20 04:22:15 1EdfmQ-0001C2-SN User 0 set for local_delivery transport is on the never_users list


Bedankt om te helpen btw Deimos. Zo zie je maar dat je elke dag iets bijleert. Gelukkig dat ik nooit in de full-business hosting gestapt ben. Zou nogal wat probs geven ;-).

Deimos
20/11/05, 18:43
Clamd draait dus. Kan je wellicht ook clamav.log tailen? Meen dat de locatie standaard /var/log/clamd.log is

IT-worX
20/11/05, 18:49
Deze blijkt niet in de /var/log/ te zitten Deimos. Op welke manier kan ik zoeken waar dit zich bevind? whereis helpt precies niet veel :)

Wido
20/11/05, 18:56
Origineel geplaatst door IT-worX
Deze blijkt niet in de /var/log/ te zitten Deimos. Op welke manier kan ik zoeken waar dit zich bevind? whereis helpt precies niet veel :) locate?

IT-worX
20/11/05, 18:58
Met locate clamd.log is er eveneens niets te vinden. Eveneens bedankt voor je hulp trouwens!

Deimos
20/11/05, 19:06
Origineel geplaatst door IT-worX
Met locate clamd.log is er eveneens niets te vinden. Eveneens bedankt voor je hulp trouwens!
Log file heet bij mij clamav en staat in /var/log Je kunt ook zoeken met:

locate clam | grep log

IT-worX
20/11/05, 19:12
Dit is het enige dat ik met dit commando tevoorschijn kreeg... Kan het zijn dat er nooit een log is aangemaakt?

[root@asterix /]# locate clam | grep log
/root/software/clamav/clamav-0.87.1/config.log
/home/clamav/.bash_logout
/etc/log.d/scripts/services/clam-update
/etc/log.d/scripts/services/clamav-milter
/etc/log.d/scripts/services/clamav
/etc/log.d/conf/logfiles/clam-update.conf
/etc/log.d/conf/services/clamav.conf
/etc/log.d/conf/services/clam-update.conf
/etc/log.d/conf/services/clamav-milter.conf

ju5t
20/11/05, 19:39
pico /etc/clamd.conf
## Uncomment:
## LogFile /var/log/clamd.log
## Save & Exit

ps aux|grep clamd
kill -9 pid
/usr/local/sbin/clamd

## Nu moeten er berichten te zien zijn in /var/log/clamd.log
tail -f /var/log/clamd.log


Daarnaast moet je even kijken wat er in de mainlog van exim staat.



tail -f /var/log/exim/mainlog


En stuur ondertussen jezelf een e-mail.
Wat komt er in je logs dan?

IT-worX
20/11/05, 19:53
[root@asterix ~]# tail -f /var/log/cmad.log
Archive: Recursion level limit set to 8.
Archive: Files limit set to 1000.
Archive: Compression ratio limit set to 250.
Archive support enabled.
Archive: RAR support disabled.
Portable Executable support enabled.
Mail files support enabled.
OLE2 support enabled.
HTML support enabled.
Self checking every 1800 seconds.

Dit kwam erbij bij "tail -f /var/log/exim/mainlog"

2005-11-20 18:36:26 1Edt74-00013b-D7 H=asia.telenet-ops.be [195.130.137.74] F=<info@it-worx.be> temporarily rejected after DATA: unknown ACL verb in "check_message"

//edit: voor degene die willen testen: wht@it-worx.be :)

//edit: blijkbaar zijn er nog met dit probleem...even dit daar doorspitten :) http://www.directadmin.com/forum/printthread.php?threadid=3860&perpage=122

IT-worX
20/11/05, 20:03
2005-11-20 18:46:28 SMTP command timeout on TLS connection from mgw-x1.nokia.com [131.228.20.21]


Kan iemand verklaren wat dit is? Iemand dit dmv SMTP een mail probeert te versturen via mijn server? Of ben ik verkeerd?

IT-worX
20/11/05, 20:33
Heeft iemand anders nog een oplossing?

wv-
20/11/05, 21:01
waarschijnlijk foutje in exim.conf. Dubbelcheck alles nog eens dat je toegevoegd hebt. Let op typfouten, afgebroken regels ,etc.

Tuinslak
20/11/05, 21:04
[195.130.137.74] F=<info@it-worx.be> temporarily rejected after DATA: unknown ACL verb in "check_message"

Change:

# ACL that is used after the DATA command
check_message:
accept

To this:

# ACL that is used after the DATA command
check_message:
# Virus Check
deny message = This message contains a virus or other malware ($malware_name)
demime = *
malware = *
accept

Do a Ctrl-X and save.


gedaan?

IT-worX
20/11/05, 21:28
@ Tuinslak : dit is reeds aangepast, zonder resulstaat
@wv- : heb alles reeds meerdere malen gedubbelchecked...

IT-worX
20/11/05, 21:35
[root@asterix ~]# cat /etc/exim.conf |more
################################################## ####################
# Runtime configuration file for Exim #
######### IMPORTANT ########## IMPORTANT ########## IMPORTANT ########
# WARNING! Be sure to back up your previous exim.conf file before #
# attempting to use this exim.conf file. #
# #
# Do may not use this exim.conf Exim configuration file unless you #
# make the required modifications to your Exim configuration #
# following the instructions found below, in the section marked #
# "MODIFICATION INSTRUCTIONS". #
# #
# This is version "RSS-1.0da" of the exim.conf file as distributed #
# by nobaloney.net. #
# #
# The "RSS" stands for "Really Stop Spam", as the author believes #
# this distribution of the exim.conf file will Really Stop Spam. #
# Note that "Really Stop Spam" is both a trademark and a service #
# mark of nobaloney.net. #
# #
# The "da" stands for DirectAdmin as this distribution of the #
# exim.conf file is specific to the DirectAdmin control panel #
# installation. More information about DirectAdmin may be found at #
# http://www.directadmin.com. #
# #
# This Exim configuration file has been modified from the original #
# as distributed with Exim 4. The modifications have been made by: #
# #
# Jeff Lasman #
# nobaloney.net #
# P. O. Box 52672 #
# Riverside, CA 92517 #
# info@nobaloney.net #
# (909) 324-9706 #
# #
# Note that neither nobaloney.net nor Jeff Lasman have any #
# affiliation with DirectAdmin. #
# #
################################################## ####################
# #
# The most recent version of this distribution may always be #
# downloaded from the website at #
# #
# http://www.nobaloney.net/exim/exim.conf.spamblocked #
# #
################################################## ####################
# #
# Portions of this file are taken from the exim.conf file as #
# distributed with Exim 4, which includes the following copyright #
# notice: #
# #
# Copyright © 2002 University of Cambridge, Cambridge, UK #
# #
# Portions of this file are taken from the exim.conf file as #
# distributed with DirectAdmin (http://www.directadmin.com/), #
# #
# © 2003 JBMC Software, St Albert, AB, Canada #
# #
# Portions of this file are written by Jeff Lasman, of #
# nobaloney.net and are copyright as follows: #
# #
# Copyright © 2004 nobaloney.net, Riverside, Calif., USA #
# #
# The entire Exim 4 distribution, including this file, is #
# distributed under the GNU GENERAL PUBLIC LICENSE, Version 2, #
# June 1991. If you do not have a copy of the GNU GENERAL #
# PUBLIC LICENSE you may download it, in it's entirety, from #
# the website at #
# #
# http://www.nobaloney.net/exim/gnu-gpl-v2.txt #
# #
################################################## ####################
# #
# This file is divided into several parts, all but the first of #
# which are# headed by a line starting with the word "begin". Only #
# those parts that are required need to be present. Blank lines, and #
# lines starting with # are ignored. #
# #
######### IMPORTANT ########## IMPORTANT ########## IMPORTANT ########
# #
# Whenever you change Exim's configuration file, you *must* remember #
# to HUP the Exim daemon, because it will not pick up the new #
# configuration until you do. However, any other Exim processes that #
# are started, for example, a process started by an MUA in order to #
# send a message, will see the new configuration as soon as it is in #
# place. #
# #
# You do not need to HUP the daemon for changes in auxiliary files #
# that are referenced from this file. They are read every time they #
# are used. #
# #
# It is usually a good idea to test a new configuration for #
# syntactic correctness before installing it (for example, by #
# running the command "exim -C /config/file.new -bV"). #
# #
### MODIFICATION INSTRUCTIONS ########## MODIFICATION INSTRUCTIONS ###
# #
# YOU MUST MAKE THE FOLLOWING CHANGES TO DIRECTADMIN: #
# 1) Add a file /etc/virtual/blacklist_domains #
# This file should contain the domain names of so-called legal #
# spammers and other spam sources that do not always get caught #
# by blocklists, but that, nevertheless, you do not want to be #
# able to send spam to your domains on your server for which #
# you've enabled spamblocking. #
# #
# 2) Add a file /etc/virtual/whitelist_from #
# This file should contain the fully-qualified hostnames or IP#s #
# of servers that you DO want to be able to get email from even #
# if they're otherwise caught by blocklists. Your own domain #
# need not be listed here to enable you to get unblock requests, #
# whitelisting of email to your "errors" address will be handled #
# separately, below. #
# #
# 3) Add a file /etc/virtual/use_rbl_domains #
# This is a list of domains on your server that want spamblocking #
# to be used for them so they won't get spam. Spam will not be #
# blocked for any domains on your server unless they're listed #
# in this file. Note that the domain names in this file should #
# follow the same format as the domain names in the #
# /etc/virtual/domains file. You may just copy the domains file #
# to this file if you wish to use spamblocking for all your #
# domains but we recommend giving your domain users a choice. #
# #
# Note that the above files should have the same ownership and #
# permissions as /etc/virtual/domains. Normally this should be: #
# owner = mail, group = mail, chmod 644. #
# #
# YOU MUST MAKE THE FOLLOWING MODIFICATIONS TO YOUR WEBISTE: #
# #
# Note that if anyone is blocked while trying to send you a #
# legitimate (non-spam) email, the "non-delivery" message they'll #
# get will include a reference to a webpage where they'll need to #
# vist to get their email addressed unblocked. You should create #
# such a webpage before you implement this file. The webpage may #
# include either a form for them to send you the information you #
# need to unblock them, or instructions for them to email you so you #
# can unblock them. #
# #
# You'll need the full name of their server to unblock them, by #
# putting the server name into the /etc/virtual/whitelist_from #
# file. There are two ways you can get this information: #
# #
# 1) You can create a form that will ask them for the address #
# they're trying to reach, the address they're sending the email #
# from, and the canonical name of their email server. Since they #
# may not know the name of their email server, this must be #
# optional, and if they leave it blank you'll have to find their #
# attempt to send email in your exim /var/log/exim/rejectlog file #
# and get the name of the server from there. #
# #
# 2) You can ask them to send you an email from the same address #
# that they were blocked from, but to (for example) #
# "errors@example.com" (but changing it to an address you want to #
# use, at one of your domains). When they send you the email you #
# should be able to find the name of their server in the headers #
# of the incoming email. #
# #
# Either way, you'll need to put the canonical name of their #
# nameserver into your /etc/virtual/whitelist_from file. #
# #
# You won't use the name they're sending email to for any purpose, #
# except possibly to verify the attempt in your #
# /var/log/exim/rejectlog file. It's really just a "red-herring" so #
# no one will just send you their email address and server name so #
# they can then spam your users. #
# #
# YOU MUST MAKE THE FOLLOWING MODIFICATIONS TO THIS FILE: #
# #
# Wherever you find the domain name "example.com" you must make #
# changes to customize this file for your server. If you leave #
# the sample "example.com" domain in this file then you will most #
# likely get false positives hits as spam and you will not notify #
# the senders how to be unblocked. #
# #
# YOU MUST change "example.com" to the domain name you'll be using #
# for an explanation website for anyone who gets blocked who #
# shouldn't be blocked (see notes above). #
# #
# Additionally, wherever "example.com" is used in an error message #
# being sent because an email is blocked, you should make sure that #
# the domain name includes any optional page you want senders to be #
# sent to in order to get themselves unblocked. #
# #
######## OPTIONAL MODIFICATIONS ###### OPTIONAL MODIFICATIONS ########
# #
# Optional modifications are marked below as: #
# # OPTIONAL MODIFICATIONS #
# #
# Check below for any optional modifications you wish to make to #
# this exim.conf file before installing it. #
# #
# Any settings below should not be commented out, uncommented, or #
# changed, unless they're marked with the OPTIONAL MODIFICATIONS #
# line unless you're sure what you are doing or you may break your #
# exim server configuration. #
# Should you break your exim configuration you should reinstall your ## exim.conf file from scratch, either from a backup of the file you #
# used previously, or from one newly downloaded from our site (see #
# above) or from DirectAdmin. #
# #
################################################## ####################

# Specify your host's canonical name here. This should normally be the fully
# qualified "official" name of your host. If this option is not set, the
# uname() function is called to obtain the name. In many cases this does
# the right thing and you need not set anything explicitly.
av_scanner = clamd:/var/run/clamav/clamd
# primary_hostname =

# Specify the domain you want to be added to all unqualified addresses
# here. An unqualified address is one that does not contain an "@" character
# followed by a domain. For example, "caesar@rome.ex" is a fully qualified
# address, but the string "caesar" (i.e. just a login name) is an unqualified
# email address. Unqualified addresses are accepted only from local callers by
# default. See the receiver_unqualified_{hosts,nets} options if you want
# to permit unqualified addresses from remote sources. If this option is
# not set, the primary_hostname value is used for qualification.

# qualify_domain =

# If you want unqualified recipient addresses to be qualified with a different
# domain to unqualified sender addresses, specify the recipient domain here.
# If this option is not set, the qualify_domain value is used.

# qualify_recipient =

# the next line is required to start the smtp auth script included
# in DirectAdmin

perl_startup = do '/etc/exim.pl'

# the next line is required to start the system_filter included in
# DirectAdmin to refuse potentiallly harmful payloads in
# email messages

system_filter = /etc/system_filter.exim


# SET SOME MEANINGFUL LIMITS
# OPTIONAL MODIFICATIONS:
# These defaults work for us; you may wish to modify them
# for your environment

message_size_limit = 20M
smtp_receive_timeout = 5m
smtp_accept_max = 100
message_body_visible = 3000

# ALLOW UNDERSCORE IN EMAIL DOMAIN NAME
# domains shouldn't use the underscore character "_" but some
# may. Because John Postel, one of the architects of the Internet,
# said "Be liberal in what you accept and conservative in what you
# transmit, we choose to allow underscore in email domain names so we
# can receive email form domains which use the underscore character
# in their domain name.
# OPTIONAL MODIFICATIONS:
# These defaults work for us; you may wish to modify them
# for your environment

helo_allow_chars = _

# CHANGE LOGGING BEHAVIOR
# We weren't happy with the default Exim logging behavior through
# syslog; it didn't give us enough information. So we turned off
# syslog behavior and changed the logging behavior to give us what we
# felt was more helpful information. You may choose to delete or modify
# this section.
# OPTIONAL MODIFICATIONS:
# These defaults work for us; you may wish to modify them
# for your environment

# define what to log:
# define the => log lines
# +delivery_size
# +sender_on_delivery
#
# define the <= log lines:
# +received_recipients
# +received_sender
# +smtp_confirmation
# +subject
#
# define other non '<= =>' log lines:
# +smtp_incomplete_transaction
###################################
# define what to not log:
# define other non "<= =>' log lines:
# -dnslist_defer
# -host_lookup_failed
# -queue_run
# -rejected_header
# -retry_defer
# -skip_delivery
###################################

log_selector = \
+delivery_size \
+sender_on_delivery \
+received_recipients \
+received_sender \
+smtp_confirmation \
+subject \
+smtp_incomplete_transaction \
-dnslist_defer \
-host_lookup_failed \
-queue_run \
-rejected_header \
-retry_defer \
-skip_delivery

syslog_duplication = false

# These options specify the Access Control Lists (ACLs) that
# are used for incoming SMTP messages - after the RCPT and DATA
# commands, respectively.

acl_smtp_rcpt = check_recipient
acl_smtp_data = check_message

# define local lists

domainlist blacklist_domains = lsearch;/etc/virtual/blacklist_domains
domainlist whitelist_from = lsearch;/etc/virtual/whitelist_from
domainlist local_domains = lsearch;/etc/virtual/domains
domainlist relay_domains = lsearch;/etc/virtual/domains : localhost
domainlist use_rbl_domains = lsearch;/etc/virtual/use_rbl_domains
hostlist relay_hosts = net-lsearch;/etc/virtual/pophosts : 127.0.0.1
hostlist auth_relay_hosts = *

# If you want to accept mail addressed to your host's literal IP address, for
# example, mail addressed to "user@[111.111.111.111]", then uncomment the
# following line, or supply the literal domain(s) as part of "local_domains"
# above. You also need to comment "forbid_domain_literals" below. This is not
# recommended for today's Internet.

# DO NOT ALLOW HOST LITERALS
# OPTIONAL MODIFICATIONS:
# These defaults work for us; you may wish to uncomment the line
# below and change the allow_domain_literals line below to true
# to allow domain literals in your environment

# local_domains_include_host_literals


# The following line prevents Exim from recognizing addresses of the form
# "user@[111.111.111.111]" that is, with a "domain literal" (an IP address)
# instead of a named domain. The RFCs still require this form, but it makes
# little sense to permit mail to be sent to specific hosts by their IP address
# in the modern Internet, and this ancient format has been used by those
# seeking to abuse hosts by using them for unwanted relaying. If you really
# do want to support domain literals, remove the following line, and see
# also the "domain_literal" router below.

allow_domain_literals = false

# No local deliveries will ever be run under the uids of these users (a colon-
# separated list). An attempt to do so gets changed so that it runs under the
# uid of "nobody" instead. This is a paranoic safety catch. Note the default
# setting means you cannot deliver mail addressed to root as if it were a
# normal user. This isn't usually a problem, as most sites have an alias for
# root that redirects such mail to a human administrator.

never_users = root

# DO HOST LOOKUP
# OPTIONAL MODIFICATIONS:
# The setting below causes Exim to do a reverse DNS lookup on all incoming
# IP calls, in order to get the true host name. If you feel this is too
# expensive, you can specify the networks for which a lookup is done, or
# remove the setting entirely.

host_lookup = *

# DISALLOW IDENT CALLBACKS
# OPTIONAL MODIFICATIONS:
# Exim may be set to make RFC 1413 (ident) callbacks for all incoming SMTP
# calls. You can limit the hosts to which these calls are made, and/or change
# the timeout that is used. If you set the timeout to zero, all RFC 1413 calls
# are disabled. RFC 1413 calls are cheap and can provide useful information
# for tracing problem messages, but some hosts and firewalls have problems
# with them. This can result in a timeout instead of an immediate refused
# connection, leading to delays on starting up an SMTP session. By default
# we disable callbacks for incoming SMTP calls. You may change
# rfc1413_query_timeout to 30s or some other positive number of seconds to
# enable callbacks for incoming SMTP calls.

rfc1413_hosts = *
rfc1413_query_timeout = 0s

# BOUNCE MESSAGES
# OPTIONAL MODIFICATIONS:
# When Exim can neither deliver a message nor return it to sender, it
# "freezes" the delivery error message (aka "bounce message"). There are also
# other circumstances in which messages get frozen. They will stay on the
# queue forever unless one or both of the following options is set.

# This option unfreezes unfreezes bounce messages after two days, tries
# once more to deliver them, and ignores any delivery failures.

ignore_bounce_errors_after = 2d

# This option cancels (removes) frozen messages that are older than five days.

timeout_frozen_after = 5d

# TRUSTED USERS
# OPTIONAL MODIFICATIONS:
# if you must add additional trusted users, do so here; continue the
# colon-delimited list

trusted_users = mail:majordomo:apache:diradmin




# SSL/TLS cert and key
tls_certificate = /etc/exim.cert
tls_privatekey = /etc/exim.key

tls_advertise_hosts = *
#auth_over_tls_hosts = *

################################################## ####################
# ACLs #
################################################## ####################

begin acl

# ACL that is used after the RCPT command
check_recipient:

# we accept if the source is local SMTP (i.e. not over TCP/IP).
# We do this by testing for an empty sending host field.
accept hosts = :

# Deny for local domains if local parts begin with a dot or
# contain @ % ! / |
deny domains = +local_domains
local_parts = ^[.] : ^.*[@%!/|]

# allow local users to send outgoing messages using slashes
# and vertical bars in their local parts but blocks outgoing
# local parts that begin with a dot, slash, or vertical bar
# but allows them within the local part. The sequence \..\
# is barred. The usage of @ % and ! is barred as before. The
# motiviation is to prevent your users (or their virii) from
# mounting certain kinds of attacks on reverse sites.

deny domains = !+local_domains
local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./

# accept email from anyone in the whitelist_from list
accept domains = +whitelist_from

# accept mail to postmaster in any local domain, regardless of source
accept local_parts = postmaster
domains = +local_domains

# accept mail to abuse in any local domain, regardless of source
accept local_parts = abuse
domains = +local_domains

# accept mail to hostmaster in any local domain, regardless of source
accept local_parts = hostmaster
domains =+local_domains

# OPTIONAL MODIFICATIONS:
# If the page you're using to notify senders of blocked email of how
# to get their address unblocked will use a web form to send you email so
# you'll know to unblock those senders, then you may leave these lines
# commented out. However, if you'll be telling your senders of blocked
# email to send an email to errors@yourdomain.com, then you should
# replace "errors" with the left side of the email address you'll be
# using, and "example.com" with the right side of the email address and
# then uncomment the second two lines, leaving the first one commented.
# Doing this will mean anyone can send email to this specific address,
# even if they're at a blocked domain, and even if your domain is using
# blocklists.

# accept mail to errors@example.com, regardless of source
# accept local_parts = errors
# domains = example.com

# deny so-called "legal" spammers"
# but do bypass all checking for whitelisted host names
deny message = You may think you're legal but you're still an unwanted spammer
# only for domains that do want to be tested against RBLs
domains = +use_rbl_domains
sender_domains = +blacklist_domains

# Deny unless sender address can be verified:
# This statement requires the sender address to be verified before any
# subsequent ACL statement can be used. If verification fails, the incoming
# recipient address is refused. Verification consists of trying to route the
# address, to see if a bounce message could be delivered to it. In the case of
# remote addresses, basic verification checks only the domain.

#require verify = sender

# Deny stuff from insecure hosts & spammers. No exceptions for known users.
# but do bypass all checking for whitelisted host names
deny message = to unblock $sender_host_name see http://www.example.com/
# only for domains that do want to be tested against RBLs
domains = +use_rbl_domains
# only smtp.dnsbl.sorbs.net = 127.0.0.5
dnslists = sbl.spamhaus.org : \
relays.ordb.org : \
dnsbl.sorbs.net=127.0.0.5

# Next deny stuff from more "fuzzy" blacklists
# but do bypass all checking for whitelisted host names
deny message = to unblock $sender_host_name see http://www.example.com/
hosts = !+relay_hosts
domains =+use_rbl_domains
!authenticated = *
# dnslists not including spam.dnsbl.sorbs.net
dnslists = bl.spamcop.net : \
dnsbl.njabl.org : \
cbl.abuseat.org : \
dnsbl.sorbs.net!=127.0.0.6

deny message = to unblock $sender_host_name see http://www.example.com/
domains =+use_rbl_domains
# rhsbl list is name based
dnslists = rhsbl.sorbs.net/$sender_address_domain

# accept if address is in a local domain as long as recipient can be verified
accept domains = +local_domains
endpass
verify = recipient

# accept if address is in a domain for which we relay as long as recipient
# can be verified
accept domains = +relay_domains
endpass
verify=recipient

# accept if message comes for a host for which we are an outgoing relay
# recipient verification is omitted because many MUA clients don't cope
# well with SMTP error responses. If you are actually relaying from MTAs
# then you should probably add recipient verify here

accept hosts = +relay_hosts
accept hosts = +auth_relay_hosts
endpass
message = authentication required
authenticated = *
deny message = relay not permitted

# default at end of acl causes a "deny", but line below will give
# an explicit error message:
deny message = relay not permitted

# ACL that is used after the DATA command
check_message:
# Virus Check
deny message = This message contains a virus or other malware
($malware_name)
demime = *
malware = *
accept

################################################## ####################
# AUTHENTICATION CONFIGURATION #
################################################## ####################

# There are no authenticator specifications in this default configuration file.

begin authenticators

plain:
driver = plaintext
public_name = PLAIN
server_condition = "${perl{smtpauth}}"
server_set_id = $2

login:
driver = plaintext
public_name = LOGIN
server_prompts = "Username:: : Password::"
server_condition = "${perl{smtpauth}}"
server_set_id = $1


################################################## ####################
# REWRITE CONFIGURATION #
################################################## ####################

# There are no rewriting specifications in this default configuration file.

################################################## ####################
# ROUTERS CONFIGURATION #
# Specifies how remote addresses are handled #
################################################## ####################
# ORDER DOES MATTER #
# A remote address is passed to each in turn until it is accepted. #
################################################## ####################

begin routers

# Remote addresses are those with a domain that does not match any item
# in the "local_domains" setting above.

# This router routes to remote hosts over SMTP using a DNS lookup. Any domain
# that resolves to an IP address on the loopback interface (127.0.0.0/8) is
# treated as if it had no DNS entry.

lookuphost:
driver = dnslookup
domains = ! +local_domains
ignore_target_hosts = 127.0.0.0/8
condition = "${perl{check_limits}}"
transport = remote_smtp
no_more

# This router routes to remote hosts over SMTP by explicit IP address,
# when an email address is given in "domain literal" form, for example,
# <user@[192.168.35.64]>. The RFCs require this facility. However, it is
# little-known these days, and has been exploited by evil people seeking
# to abuse SMTP relays. Consequently it is commented out in the default
# configuration. If you uncomment this router, you also need to comment out
# "forbid_domain_literals" above, so that Exim can recognize the syntax of
# domain literal addresses.

# domain_literal:
# driver = ipliteral
# transport = remote_smtp

################################################## ####################
# DIRECTORS CONFIGURATION #
# Specifies how local addresses are handled #
################################################## ####################
# ORDER DOES MATTER #
# A local address is passed to each in turn until it is accepted. #
################################################## ####################

# Local addresses are those with a domain that matches some item in the
# "local_domains" setting above, or those which are passed back from the
# routers because of a "self=local" setting (not used in this configuration).

# Spam Assassin
spamcheck_director:
driver = accept
condition = "${if and { \
{!def:h_X-Spam-Flag:} \
{!eq {$received_protocol}{spam-scanned}} \
{!eq {$received_protocol}{local}} \
{exists{/home/${lookup{$domain}lsearch{/etc/virtual/domainowners}{$value}}/.spamassassin/user_prefs}} \
} {1}{0}}"
retry_use_local_part
transport = spamcheck
no_verify

majordomo_aliases:
driver = redirect
allow_defer
allow_fail
data = ${if exists{/etc/virtual/${domain}/majordomo/list.aliases}{${lookup{$local_part}lsearch{/etc/virtual/${domain}/majordomo/list.aliase
s}}}}
domains = lsearch;/etc/virtual/domainowners
file_transport = address_file
group = daemon
pipe_transport = majordomo_pipe
retry_use_local_part
no_rewrite
user = majordomo

majordomo_private:
driver = redirect
allow_defer
allow_fail
#condition = "${if eq {$received_protocol} {local} {true} {false} }"
condition = "${if or { {eq {$received_protocol} {local}} \
{eq {$received_protocol} {spam-scanned}} } {true} {false} }"
data = ${if exists{/etc/virtual/${domain}/majordomo/private.aliases}{${lookup{$local_part}lsearch{/etc/virtual/${domain}/majordomo/private.
aliases}}}}
domains = lsearch;/etc/virtual/domainowners
file_transport = address_file
group = daemon
pipe_transport = majordomo_pipe
retry_use_local_part
user = majordomo

domain_filter:
driver = redirect
allow_filter
no_check_local_user
condition = "${if exists{/etc/virtual/${domain}/filter}{yes}{no}}"
user = "mail"
file = /etc/virtual/${domain}/filter
file_transport = address_file
pipe_transport = virtual_address_pipe
retry_use_local_part
no_verify

uservacation:
driver = accept
condition = ${lookup{$local_part} lsearch {/etc/virtual/${domain}/vacation.conf}{yes}{no}}
require_files = /etc/virtual/${domain}/reply/${local_part}.msg
transport = uservacation
unseen

userautoreply:
driver = accept
condition = ${lookup{$local_part} lsearch {/etc/virtual/${domain}/autoresponder.conf}{yes}{no}}
require_files = /etc/virtual/${domain}/reply/${local_part}.msg
transport = userautoreply
unseen

virtual_aliases_nostar:
driver = redirect
allow_defer
allow_fail
data = ${if exists{/etc/virtual/${domain}/aliases}{${lookup{$local_part}lsearch{/etc/virtual/${domain}/aliases}}}}
file_transport = address_file
group = mail
pipe_transport = virtual_address_pipe
retry_use_local_part
unseen
#include_domain = true

virtual_user:
driver = accept
condition = ${if eq {}{${if exists{/etc/virtual/${domain}/passwd}{${lookup{$local_part}lsearch{/etc/virtual/${domain}/passwd}}}}}{no}{yes}}
domains = lsearch;/etc/virtual/domainowners
group = mail
retry_use_local_part
transport = virtual_localdelivery

virtual_aliases:
driver = redirect
allow_defer
allow_fail
data = ${if exists{/etc/virtual/$domain/aliases}{${lookup{$local_part}lsearch*{/etc/virtual/$domain/aliases}}}}
file_transport = address_file
group = mail
pipe_transport = virtual_address_pipe
retry_use_local_part
#include_domain = true

# This director handles forwarding using traditional .forward files.
# If you want it also to allow mail filtering when a forward file
# starts with the string "# Exim filter", uncomment the "filter" option.
# The check_ancestor option means that if the forward file generates an
# address that is an ancestor of the current one, the current one gets
# passed on instead. This covers the case where A is aliased to B and B
# has a .forward file pointing to A. The three transports specified at the
# end are those that are used when forwarding generates a direct delivery
# to a file, or to a pipe, or sets up an auto-reply, respectively.

userforward:
driver = redirect
allow_filter
check_ancestor
check_local_user
no_expn
file = $home/.forward
file_transport = address_file
pipe_transport = address_pipe
reply_transport = address_reply
no_verify

system_aliases:
driver = redirect
allow_defer
allow_fail
data = ${lookup{$local_part}lsearch{/etc/aliases}}
file_transport = address_file
pipe_transport = address_pipe
retry_use_local_part
# user = exim

localuser:
driver = accept
check_local_user
condition = "${if eq {$domain} {$primary_hostname} {yes} {no}}"
transport = local_delivery

# This director matches local user mailboxes.

################################################## ####################
# TRANSPORTS CONFIGURATION #
################################################## ####################
# ORDER DOES NOT MATTER #
# Only one appropriate transport is called for each delivery. #
################################################## ####################

# A transport is used only when referenced from a director or a router that
# successfully handles an address.


# Spam Assassin
begin transports

spamcheck:
driver = pipe
batch_max = 100
command = /usr/sbin/exim -oMr spam-scanned -bS
current_directory = "/tmp"
group = mail
home_directory = "/tmp"
log_output
message_prefix =
message_suffix =
return_fail_output
no_return_path_add
transport_filter = /usr/bin/spamc -u ${lookup{$domain}lsearch*{/etc/virtual/domainowners}{$value}}
use_bsmtp
user = mail
# must use a privileged user to set $received_protocol on the way back in!


#majordomo
majordomo_pipe:
driver = pipe
group = daemon
return_fail_output
user = majordomo

# This transport is used for local delivery to user mailboxes in traditional
# BSD mailbox format. By default it will be run under the uid and gid of the
# local user, and requires the sticky bit to be set on the /var/mail directory.
# Some systems use the alternative approach of running mail deliveries under a
# particular group instead of using the sticky bit. The commented options below
# show how this can be done.

local_delivery:
driver = appendfile
delivery_date_add
envelope_to_add
file = /var/mail/$local_part
group = mail
mode = 0660
return_path_add
user = ${local_part}

## for delivering virtual domains to their own mail spool

virtual_localdelivery:
driver = appendfile
create_directory
delivery_date_add
directory_mode = 700
envelope_to_add
file = /var/spool/virtual/${domain}/${local_part}
group = mail
mode = 660
return_path_add
user = "${lookup{$domain}lsearch*{/etc/virtual/domainowners}{$value}}"
quota = ${if exists{/etc/virtual/${domain}/quota}{${lookup{$local_part}lsearch*{/etc/virtual/${domain}/quota}{$value}{0}}}{0}}

## vacation transport
uservacation:
driver = autoreply
file = /etc/virtual/${domain}/reply/${local_part}.msg
from = "${local_part}@${domain}"
log = /etc/virtual/${domain}/reply/${local_part}.log
no_return_message
subject = "${if def:h_Subject: {Autoreply: $h_Subject:} {I am on vacation}}"
text = "\
------ ------\n\n\
This message was automatically generated by email software\n\
The delivery of your message has not been affected.\n\n\
------ ------\n\n"
to = "${sender_address}"
user = mail
#once = /etc/virtual/${domain}/reply/${local_part}.once

userautoreply:
driver = autoreply
bcc = ${lookup{${local_part}} lsearch {/etc/virtual/${domain}/autoresponder.conf}{$value}}
file = /etc/virtual/${domain}/reply/${local_part}.msg
from = "${local_part}@${domain}"
log = /etc/virtual/${domain}/reply/${local_part}.log
no_return_message
subject = "${if def:h_Subject: {Autoreply: $h_Subject:} {Autoreply Message}}"
to = "${sender_address}"
user = mail
#once = /etc/virtual/${domain}/reply/${local_part}.once

# This transport is used for delivering messages over SMTP connections.
remote_smtp:
driver = smtp

# This transport is used for handling pipe deliveries generated by alias
# or .forward files. If the pipe generates any standard output, it is returned
# to the sender of the message as a delivery error. Set return_fail_output
# instead of return_output if you want this to happen only when the pipe fails
# to complete normally. You can set different transports for aliases and
# forwards if you want to - see the references to address_pipe in the directors
# section below.

address_pipe:
driver = pipe
return_output

virtual_address_pipe:
driver = pipe
group = nobody
return_output
user = "${lookup{$domain}lsearch* {/etc/virtual/domainowners}{$value}}"

# This transport is used for handling deliveries directly to files that are
# generated by aliasing or forwarding.

address_file:
driver = appendfile
delivery_date_add
envelope_to_add
return_path_add

# This transport is used for handling autoreplies generated by the filtering
# option of the forwardfile director.

address_reply:
driver = autoreply

################################################## ####################
# RETRY CONFIGURATION #
################################################## ####################

# This single retry rule applies to all domains and all errors. It specifies
# retries every 15 minutes for 2 hours, then increasing retry intervals,
# starting at 1 hour and increasing each time by a factor of 1.5, up to 16
# hours, then retries every 8 hours until 4 days have passed since the first
# failed delivery.

# Domain Error Retries
# ------ ----- -------


begin retry

* * F,2h,15m; G,16h,1h,1.5; F,4d,8h


# End of Exim 4 configuration

IT-worX
20/11/05, 22:00
Zou iemand mij hiermee (desnoods betalend) kunnen helpen?

Alvast bedankt!

Edit:
Exim start niet meer ... geeft volgende fout:
[root@asterix ~]# /usr/sbin/exim start
2005-11-20 20:58:59 Exim configuration error in line 556 of /etc/exim.conf:
error in ACL: unknown ACL condition/modifier in "($malware_name)"

ju5t
20/11/05, 23:48
Hiermee kun je je huidige configuratie resetten naar defaults:


wget -O /etc/exim.conf http://files.directadmin.com/services/exim.conf
wget -O /etc/exim.pl http://files.directadmin.com/services/exim.pl
chmod 755 /etc/exim.pl
cd /etc/virtual
touch whitelist_from
touch blacklist_domains
touch use_rbl_domains
echo 0 > limit
mkdir usage
chown mail:mail whitelist_from blacklist_domains use_rbl_domains limit usage

Hierna Exim restarten en je mail is in ieder geval weer in de lucht.
Je zal dan wel alle aanpassingen opnieuw moeten uitvoeren. Zoals bijvoorbeeld Spamblocker en ClamAV.

IT-worX
21/11/05, 00:30
@getUP: heb deze actie die u omschrijft ondernomen en alles werkt terug zoals voorheen!

Bedankt!

Deltaned
21/11/05, 07:03
Dit alles is gewoon te vinden op http://www.directadmin.com/forum of http://help.directadmin.com hoor.

Succes er mee

IT-worX
21/11/05, 13:22
Deltaned, is via deze tutorial gebeurd:
http://www.directadmin.com/forum/showthread.php?threadid=10478&highlight=clamav

Blijkbaar moet er een fout inzitten, want telkens als ik dit doe komt mijn mail niet meer toe?

ju5t
21/11/05, 17:07
Als je het stuk config wat ik heb aangegeven in de tutorial paste in je eigen config, zorg dan dat alle regels die daar op 1 lijn staan ook in je config op 1 lijn staan.

Zou je de configuraties van zowel clamd.conf als freshclam.conf willen posten?

IT-worX
21/11/05, 17:22
In clamd.conf en freshclam.conf staat alles als commentaar?
Denk dat daar dus al een eerste fout zit?


[root@asterix ~]# tail /etc/clamd.conf
#ClamukoIncludePath /students

# Set the exclude paths. All subdirectories are also excluded.
# Default: disabled
#ClamukoExcludePath /home/guru

# Don't scan files larger than ClamukoMaxFileSize
# Value of 0 disables the limit.
# Default: 5M
#ClamukoMaxFileSize 10M

[root@asterix ~]# tail /etc/freshclam.conf
# Default: disabled
#OnOutdatedExecute command

# Don't fork into background.
# Default: disabled
#Foreground

# Enable debug messages in libclamav.
# Default: disabled
#Debug

ju5t
21/11/05, 17:28
Zou je de complete config willen posten in plaats van het laatste eind?

IT-worX
21/11/05, 17:32
Believe it or not...but that's the whole config :s Daar zal dus al het eerste probleem zijn dan?

[root@asterix ~]# tail /etc/clamd.conf
#ClamukoIncludePath /students

# Set the exclude paths. All subdirectories are also excluded.
# Default: disabled
#ClamukoExcludePath /home/guru

# Don't scan files larger than ClamukoMaxFileSize
# Value of 0 disables the limit.
# Default: 5M
#ClamukoMaxFileSize 10M

[root@asterix ~]# tail /etc/freshclam.conf
# Default: disabled
#OnOutdatedExecute command

# Don't fork into background.
# Default: disabled
#Foreground

# Enable debug messages in libclamav.
# Default: disabled
#Debug

Dit zijn alle bestanden die ik heb mbt clamav. Heeft u deze allemaal nodig? Of enkel de /etc files?

[root@asterix ~]# locate freshclam.conf
/root/software/clamav/clamav-0.87.1/docs/man/freshclam.conf.5
/root/software/clamav/clamav-0.87.1/docs/man/freshclam.conf.5.in
/root/software/clamav/clamav-0.87.1/etc/freshclam.conf
/usr/local/man/man5/freshclam.conf.5
/etc/freshclam.conf
[root@asterix ~]# locate clamd.conf
/root/software/clamav/clamav-0.87.1/docs/man/clamd.conf.5.in
/root/software/clamav/clamav-0.87.1/docs/man/clamd.conf.5
/root/software/clamav/clamav-0.87.1/etc/clamd.conf
/usr/local/man/man5/clamd.conf.5
/etc/clamd.conf

ju5t
21/11/05, 17:36
cat /etc/freshclam.conf
## Of:
pico /etc/freshclam.conf

tail laat slechts het einde zien.
freshclam.conf en clamd.conf zijn voldoende.

IT-worX
21/11/05, 17:40
Ah kijk eens aan weer wat bijgeleerd :)

[root@asterix ~]# cat /etc/clamd.conf | more
##
## Example config file for the Clam AV daemon
## Please read the clamd.conf(5) manual before editing this file.
##


# Comment or remove the line below.
#Example

# Uncomment this option to enable logging.
# LogFile must be writable for the user running daemon.
# A full path is required.
# Default: disabled
LogFile /var/log/cmad.log

# By default the log file is locked for writing - the lock protects against
# running clamd multiple times (if want to run another clamd, please
# copy the configuration file, change the LogFile variable, and run
# the daemon with --config-file option).
# This option disables log file locking.
# Default: disabled
#LogFileUnlock

# Maximal size of the log file.
# Value of 0 disables the limit.
# You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes)
# and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes). To specify the size
# in bytes just don't use modifiers.
# Default: 1M
#LogFileMaxSize 2M

# Log time with each message.
# Default: disabled
#LogTime

# Also log clean files. Useful in debugging but drastically increases the
# log size.
# Default: disabled
#LogClean

# Use system logger (can work together with LogFile).
# Default: disabled
#LogSyslog

# Specify the type of syslog messages - please refer to 'man syslog'
# for facility names.
# Default: LOG_LOCAL6
#LogFacility LOG_MAIL

# Enable verbose logging.
# Default: disabled
#LogVerbose

# This option allows you to save a process identifier of the listening
# daemon (main thread).
# Default: disabled
#PidFile /var/run/clamd.pid

# Optional path to the global temporary directory.
# Default: system specific (usually /tmp or /var/tmp).
#TemporaryDirectory /var/tmp

# Path to the database directory.
# Default: hardcoded (depends on installation options)
#DatabaseDirectory /var/lib/clamav

# The daemon works in a local OR a network mode. Due to security reasons we
# recommend the local mode.


# Path to a local socket file the daemon will listen on.
# Default: disabled
LocalSocket /tmp/clamd

# Remove stale socket after unclean shutdown.
# Default: disabled
FixStaleSocket

# TCP port address.
# Default: disabled
#TCPSocket 3310

# TCP address.
# By default we bind to INADDR_ANY, probably not wise.
# Enable the following to provide some degree of protection
# from the outside world.
# Default: disabled
#TCPAddr 127.0.0.1

# Maximum length the queue of pending connections may grow to.
# Default: 15
#MaxConnectionQueueLength 30


# Clamd uses FTP-like protocol to receive data from remote clients.
# If you are using clamav-milter to balance load between remote clamd daemons
# on firewall servers you may need to tune the options below.

# Close the connection when the data size limit is exceeded.
# The value should match your MTA's limit for a maximal attachment size.
# Default: 10M
#StreamMaxLength 20M

# Limit port range.
# Default: 1024
#StreamMinPort 30000
# Default: 2048
#StreamMaxPort 32000

# Maximal number of threads running at the same time.
# Default: 10
#MaxThreads 20

# Waiting for data from a client socket will timeout after this time (seconds).
# Value of 0 disables the timeout.
# Default: 120
#ReadTimeout 300

# Waiting for a new job will timeout after this time (seconds).
# Default: 30
#IdleTimeout 60

# Maximal depth directories are scanned at.
# Default: 15
#MaxDirectoryRecursion 20

# Follow directory symlinks.
# Default: disabled
#FollowDirectorySymlinks

# Follow regular file symlinks.
# Default: disabled
#FollowFileSymlinks

# Perform internal sanity check (database integrity and freshness).
# Default: 1800 (30 min)
#SelfCheck 600

# Execute a command when virus is found. In the command string %v will
# be replaced by a virus name.
# Default: disabled
#VirusEvent /usr/local/bin/send_sms 123456789 "VIRUS ALERT: %v"


# Run as a selected user (clamd must be started by root).
# Default: disabled
#User clamav

# Initialize supplementary group access (clamd must be started by root).
# Default: disabled
#AllowSupplementaryGroups

# Stop daemon when libclamav reports out of memory condition.
#ExitOnOOM

# Don't fork into background.
# Default: disabled
#Foreground

# Enable debug messages in libclamav.
# Default: disabled
#Debug

# Do not remove temporary files (for debug purposes).
# Default: disabled
#LeaveTemporaryFiles


# By default clamd uses scan options recommended by libclamav. This option
# disables recommended options and allows you to enable selected ones below.
# DO NOT TOUCH IT unless you know what you are doing.
# Default: disabled
#DisableDefaultScanOptions

##
## Executable files
##

# PE stands for Portable Executable - it's an executable file format used
# in all 32-bit versions of Windows operating systems. This option allows
# ClamAV to perform a deeper analysis of executable files and it's also
# required for decompression of popular executable packers such as UPX, FSG,
# and Petite.
# Default: enabled
#ScanPE

# With this option clamav will try to detect broken executables and mark
# them as Broken.Executable
# Default: disabled
#DetectBrokenExecutables


##
## Documents
##

# This option enables scanning of Microsoft Office document macros.
# Default: enabled
#ScanOLE2

##
## Mail files
##

# Enable internal e-mail scanner.
# Default: enabled
ScanMail

# If an email contains URLs ClamAV can download and scan them.
# WARNING: This option may open your system to a DoS attack.
# Never use it on loaded servers.
# Default: disabled
#MailFollowURLs


##
## HTML
##

# Perform HTML normalisation and decryption of MS Script Encoder code.
# Default: enabled
#ScanHTML


##
## Archives
##

# ClamAV can scan within archives and compressed files.
# Default: enabled
#ScanArchive

# Due to license issues libclamav does not support RAR 3.0 archives (only the
# old 2.0 format is supported). Because some users report stability problems
# with unrarlib it's disabled by default and you must uncomment the directive
# below to enable RAR 2.0 support.
# Default: disabled
#ScanRAR

# The options below protect your system against Denial of Service attacks

# using archive bombs.

# Files in archives larger than this limit won't be scanned.
# Value of 0 disables the limit.
# Default: 10M
#ArchiveMaxFileSize 15M

# Nested archives are scanned recursively, e.g. if a Zip archive contains a RAR
# file, all files within it will also be scanned. This options specifies how
# deep the process should be continued.
# Value of 0 disables the limit.
# Default: 8
#ArchiveMaxRecursion 9

# Number of files to be scanned within an archive.
# Value of 0 disables the limit.
# Default: 1000
#ArchiveMaxFiles 1500

# If a file in an archive is compressed more than ArchiveMaxCompressionRatio
# times it will be marked as a virus (Oversized.ArchiveType, e.g. Oversized.Zip)
# Value of 0 disables the limit.
# Default: 250
#ArchiveMaxCompressionRatio 300

# Use slower but memory efficient decompression algorithm.
# only affects the bzip2 decompressor.
# Default: disabled
#ArchiveLimitMemoryUsage

# Mark encrypted archives as viruses (Encrypted.Zip, Encrypted.RAR).
# Default: disabled
#ArchiveBlockEncrypted

# Mark archives as viruses (e.g. RAR.ExceededFileSize, Zip.ExceededFilesLimit)
# if ArchiveMaxFiles, ArchiveMaxFileSize, or ArchiveMaxRecursion limit is
# reached.
# Default: disabled
#ArchiveBlockMax


##
## Clamuko settings
## WARNING: This is experimental software. It is very likely it will hang
## up your system!!!
##

# Enable Clamuko. Dazuko (/dev/dazuko) must be configured and running.
# Default: disabled

#ClamukoScanOnAccess

# Set access mask for Clamuko.
# Default: disabled
#ClamukoScanOnOpen
#ClamukoScanOnClose
#ClamukoScanOnExec

# Set the include paths (all files in them will be scanned). You can have
# multiple ClamukoIncludePath directives but each directory must be added
# in a seperate line.
# Default: disabled
#ClamukoIncludePath /home
#ClamukoIncludePath /students

# Set the exclude paths. All subdirectories are also excluded.
# Default: disabled
#ClamukoExcludePath /home/guru

# Don't scan files larger than ClamukoMaxFileSize
# Value of 0 disables the limit.
# Default: 5M
#ClamukoMaxFileSize 10M


[root@asterix ~]# cat /etc/freshclam.conf | more
##
## Example config file for freshclam
## Please read the freshclam.conf(5) manual before editing this file.
## This file may be optionally merged with clamd.conf.
##


# Comment or remove the line below.
#Example

# Path to the database directory.
# WARNING: It must match clamd.conf's directive!
# Default: hardcoded (depends on installation options)
#DatabaseDirectory /var/lib/clamav

# Path to the log file (make sure it has proper permissions)
# Default: disabled
#UpdateLogFile /var/log/freshclam.log

# Enable verbose logging.
# Default: disabled
#LogVerbose

# Use system logger (can work together with UpdateLogFile).
# Default: disabled
#LogSyslog

# Specify the type of syslog messages - please refer to 'man syslog'
# for facility names.
# Default: LOG_LOCAL6
#LogFacility LOG_MAIL

# This option allows you to save the process identifier of the daemon
# Default: disabled
#PidFile /var/run/freshclam.pid

# By default when started freshclam drops privileges and switches to the
# "clamav" user. This directive allows you to change the database owner.
# Default: clamav (may depend on installation options)
#DatabaseOwner clamav

# Initialize supplementary group access (freshclam must be started by root).
# Default: disabled
#AllowSupplementaryGroups

# Use DNS to verify virus database version. Freshclam uses DNS TXT records
# to verify database and software versions. With this directive you can change
# the database verification domain.
# Default: enabled, pointing to current.cvd.clamav.net
#DNSDatabaseInfo current.cvd.clamav.net

# Uncomment the following line and replace XY with your country
# code. See http://www.iana.org/cctld/cctld-whois.htm for the full list.
# Default: There is no default, which results in an error when running freshclam
#DatabaseMirror db.XY.clamav.net

# database.clamav.net is a round-robin record which points to our most
# reliable mirrors. It's used as a fall back in case db.XY.clamav.net is
# not working. DO NOT TOUCH the following line unless you know what you
# are doing.
DatabaseMirror database.clamav.net

# How many attempts to make before giving up.
# Default: 3 (per mirror)
#MaxAttempts 5

# Number of database checks per day.
# Default: 12 (every two hours)
#Checks 24

# Proxy settings
# Default: disabled
#HTTPProxyServer myproxy.com
#HTTPProxyPort 1234
#HTTPProxyUsername myusername
#HTTPProxyPassword mypass

# Use aaa.bbb.ccc.ddd as client address for downloading databases. Useful for
# multi-homed systems.
# Default: Use OS'es default outgoing IP address.
#LocalIPAddress aaa.bbb.ccc.ddd

# Send the RELOAD command to clamd.
# Default: disabled
#NotifyClamd
# By default it uses the hardcoded configuration file but you can force an
# another one.
#NotifyClamd /config/file/path

# Run command after successful database update.
# Default: disabled
#OnUpdateExecute command

# Run command when database update process fails.
# Default: disabled
#OnErrorExecute command

# Run command when freshclam reports outdated version.
# In the command string %v will be replaced by the new version number.
# Default: disabled
#OnOutdatedExecute command

# Don't fork into background.
# Default: disabled
#Foreground

# Enable debug messages in libclamav.
# Default: disabled
#Debug

ju5t
21/11/05, 17:46
pico /etc/clamd.conf
## Zoek
LocalSocket /tmp/clamd

## Vervang voor
LocalSocket /var/run/clamav/clamd


Als ClamAV al draait, even afsluiten en opnieuw starten.


ps aux|grep clamd
kill -9 pid
/usr/local/sbin/clamd

En daarna even e-mailen en kijken in je logs.


tail -f /var/log/exim/mainlog

IT-worX
21/11/05, 17:48
is gebeurd. Maar moet die exim.conf nu niet terug aangepast worden?

ju5t
21/11/05, 17:50
Had je de aanpassingen gedaan aan exim.conf zoals aangegeven in de how-to nadat je deze gereset had? Zo ja, dan is het niet nodig.

Zo nee, dan wel.

IT-worX
21/11/05, 18:13
Same problem again and again...

[root@asterix ~]# /sbin/service exim restart
Shutting down exim: /etc/init.d/exim: line 40: kill: (8153) - No such process

Starting exim: 2005-11-21 17:04:46 Exim configuration error in line 558 of /etc/exim.conf:
error in ACL: unknown ACL condition/modifier in "demime = *"

ju5t
21/11/05, 18:17
Dit is een andere error.
Je gebruikt waarschijnlijk een oude versie van Exim. Even upgraden en het zou moeten werken.


wget http://files.directadmin.com/services/da_exim-4.54-1.src.rpm
rpm -ivh da_exim-4.54-1.src.rpm
cd /usr/src/redhat/SPECS
rpmbuild -bb exim.spec
cd /usr/src/redhat/RPMS/i386
rpm -Uvh --force --nodeps da_exim-4.54-1.i386.rpm

IT-worX
21/11/05, 18:23
Wget (in /root/software/exim) werkt, uitpakken met rpm -ivh da --tab-- geeft volgende fout:

[root@asterix exim]# rpm -ivh da_exim-4.54-1.src.rpm
error: cannot create %sourcedir /usr/src/redhat/SOURCES

IT-worX
21/11/05, 18:25
Is trouwens dezelfde exim die je mij gisteren hebt laten downloaden?

ju5t
21/11/05, 18:25
Gister heb je alleen de config gereset. Nu ga je Exim updaten.


mkdir -p /usr/src/redhat/
ls -alh /usr/src/redhat

Output hiervan?

Probeer het hierna nog een keer.

IT-worX
21/11/05, 18:40
[root@asterix exim]# ls -alh /usr/src/redhat/
total 16K
drwxr-xr-x 2 root root 4.0K Nov 21 17:29 .
drwxr-xr-x 3 root root 4.0K Nov 21 17:29 ..

Gaat hierna perfect! Behalve dat ik een dir heb aangemaakt heb ik toch niets speciaals gedaan? Of heeft exim juist die dir nodig?

rpmbuild onbestaande
[root@asterix SPECS]# rpmbuild -bb exim.spec
-bash: rpmbuild: command not found


PS: alvast bedankt voor je tijd en geduld...

ju5t
21/11/05, 19:02
Die dir die je aangemaakt is nodig voor het rpm -ivh commando.


up2date -u rpm-build
## OF
yum -y install rpm-build

Als je dit gedaan hebt opnieuw rpmbuild -bb exim.spec uitvoeren en verder gaan met de rest.

IT-worX
21/11/05, 19:29
bij rpmbuild -bb exim.spec volgende fout:

make[1]: *** [exim_dbmbuild.o] Error 1
make[1]: Leaving directory `/usr/src/redhat/BUILD/da_exim-4.54/build-Linux-i386'
make: *** [go] Error 2
error: Bad exit status from /var/tmp/rpm-tmp.6257 (%build)


RPM build errors:
Bad exit status from /var/tmp/rpm-tmp.6257 (%build)

IT-worX
21/11/05, 20:00
iemand enig idee wat dit kan geven?

ps: ben even uurtje weg, maar daarna terug ;-) mensjes beginnen al te zagen dat de mail niet werkt;-)

ju5t
21/11/05, 20:10
Zat eerst even in de verkeerde hoek te denken, maar dit zou het op moeten lossen.


up2date -u db4-devel

IT-worX
21/11/05, 21:38
Heb deze up2date gedaan, doch zonder resultaten?

make[1]: *** [exim_dbmbuild.o] Error 1
make[1]: Leaving directory `/usr/src/redhat/BUILD/da_exim-4.54/build-Linux-i386'
make: *** [go] Error 2
error: Bad exit status from /var/tmp/rpm-tmp.13928 (%build)


RPM build errors:
Bad exit status from /var/tmp/rpm-tmp.13928 (%build)

ju5t
21/11/05, 21:47
Is het wel geinstalleerd? Kun je nog nagaan wat up2date als resultaat geeft?


rpm -qa|grep db4

Normaal zou dit iets in de richting van moeten weergeven:
db4-4.2.52-7.1
db4-devel-4.2.52-7.1

zo niet, probeer dan:

yum -y install db4-devel

IT-worX
21/11/05, 21:50
[root@asterix SPECS]# rpm -qa|grep db4
db4-4.2.52-6
gpg-pubkey-db42a60e-37ea5438

lijkt mij dus te kloppen?

ju5t
21/11/05, 21:51
Je mist de devel package. Excuus, vorige post is verkeerd.

Edit: verbeterd.

IT-worX
21/11/05, 22:00
wget http://files.directadmin.com/servic...-4.54-1.src.rpm
rpm -ivh da_exim-4.54-1.src.rpm
cd /usr/src/redhat/SPECS
rpmbuild -bb exim.spec
cd /usr/src/redhat/RPMS/i386
rpm -Uvh --force --nodeps da_exim-4.54-1.i386.rpm

leidde tot:



[root@asterix i386]# rpm -Uvh --force --nodeps da_exim-4.54-1.i386.rpm
Preparing... ########################################### [100%]
1:da_exim warning: /etc/exim.conf created as /etc/exim.conf.rpmnew
########################################### [100%]

waarschijnlijjk renamen nu ofzo?

ju5t
21/11/05, 22:01
Geef Exim nu eens een restart?

IT-worX
21/11/05, 22:04
[root@asterix i386]# /usr/sbin/exim start
2005-11-21 20:51:48 Exim configuration error in line 561 of /etc/exim.conf:
error in ACL: unknown ACL condition/modifier in "($malware_name)"

Maar kan dit zijn omdat (zie vorig bericht) hij de exim.conf heeft opgeslaan als /etc/exim.conf.rpmnew ipv /etc/exim.conf?

ju5t
21/11/05, 22:07
Dat is niet erg.
Ik denk dat je een paar newlines verkeerd heb staan in de config.

Staat alles op dezelfde regel als je de file edit, zoals in de how-to? Post het anders als code hier. Dit breekt geen regels af namelijk.

IT-worX
21/11/05, 22:16
Begon juist de hoop op te geven, maar blijkbaar komen de mails terug binnen?

Zijn er mensen die een testmail kunnen sturen naar info AT it-worx DOT be? (en neen geen massa's;-))

IT-worX
22/11/05, 00:31
OK alles werkt dus met de gewaardeerde hulp van getUP.

Bedankt!!!