MailWatch 1.0.4 (http://mailwatch.sourceforge.net) is a set of php scripts allowing you to view real time mail stats on your server.

The steps in this posts are for a new install only... See the second post on this thread for upgrade instructions.

The procedure was tested by me on Ensim Pro X.3 for RHEL4. This procedure should also be compatible with any Ensim X. We cannot verify whether this procedure will work on any other platform, however we'd love to hear from anyone whom may have a success story to share.

This HOWTO assumes the reader has a working installation of MailScanner and has an administrator level understanding on how MailScanner works. Please do not proceed with this installation if you don’t meet these requirements and are not comfortable making moderate system modifications.

To perform this installation you need the following.
MYSQL_ROOT_PASSWORD You should already have this
MAILWATCH_ADMIN_PASSWORD You will need to assign one
MAILWATCH_WEB_LOGIN This is the login you will use to access the mailwatch web interface
MAILWATCH_WEB_PASSWORD This is the password for the login above
MAILWATCH_WEB_FULL_NAME This is the full name of the user

Simply replace all instances of the above variables with their actual values in the steps below.

1. Ensure you are running MailScanner 4.43 or later. If you need to upgrade, I have a howto for that here... http://forums.theplanet.com/index.php?showtopic=56002

If you use f-prot, you need the bug fix for the f-prot wrapper over there as well.

2. Log into server as admin

3. Download the mailwatch software.



4. Unwind the distribution

tar xfz mailwatch-1.0.4.tar.gz
cd mailwatch-1.0.4

5. Create configuration file for mailwatch php scripts

cp mailscanner/conf.php.example mailscanner/conf.php
vi mailscanner/conf.php

Look for
define(DB_USER, 'root');
define(DB_PASS, '');

and change to
define(DB_USER, 'mailwatch');
define(DB_PASS, 'MAILWATCH_ADMIN_PASSWORD');

Look for
define(QUARANTINE_USE_FLAG, false);

and change to
define(QUARANTINE_USE_FLAG, true);

Fix any other settings you would like to change. I recommened fixing DATE_FORMAT if you are in the US.

6. Update database user/password in MailWatch.pm, SQLBlackWhiteList.pm, and SQLSpamSettings.pm files

vi MailWatch.pm

Look for
my($db_user) = "root";
my($db_pass) = "";

and change it to
my($db_user) = "mailwatch";
my($db_pass) = "MAILWATCH_ADMIN_PASSWORD";

Repeat for SQLBlackWhiteList.pm and SQLSpamSettings.pm

7. Update MailWatch.pm to reduce the messages dumped into maillog and ultimatly mailed out in LogWatch.

vi MailWatch.pm



8. create required temp folder that had gone missing in 1.0.4 tarball

mkdir mailscanner/temp

9. Become root

su

10. Change perms on /var/lib/mysql to actually be allowed to create a database

chmod 775 /var/lib/mysql

11. Create database

/usr/bin/mysql --password=MYSQL_ROOT_PASSWORD < create.sql

12. Change perms on /var/lib/mysql back to ensim locked down configuration

chmod 755 /var/lib/mysql

13. Create mailwatch admin db user

/usr/bin/mysql --password=MYSQL_ROOT_PASSWORD

At the mysql> prompt type:



14. Create web login for MailWatch

/usr/bin/mysql mailscanner -u mailwatch --password=MAILWATCH_ADMIN_PASSWORD

At the mysql> prompt type



You should see:
(Query OK, 1 row affected)

15. Move mailwatch files into web root

mv mailscanner /var/www/html

16. set permissions

chown -R root:apache /var/www/html/mailscanner
chmod g+w /var/www/html/mailscanner/images/cache
chmod g+w /var/www/html/mailscanner/temp

17. move MailWatch.pm, SQLBlackWhiteList.pm, and SQLSpamSettings.pm files into place and set ownership

mv MailWatch.pm SQLBlackWhiteList.pm SQLSpamSettings.pm /usr/lib/MailScanner/MailScanner/CustomFunctions
chown root:root /usr/lib/MailScanner/MailScanner/CustomFunctions/MailWatch.pm
chown root:root /usr/lib/MailScanner/MailScanner/CustomFunctions/SQLBlackWhiteList.pm
chown root:root /usr/lib/MailScanner/MailScanner/CustomFunctions/SQLSpamSettings.pm

18. Fix bug in db_clean.php

vi tools/db_clean.php

Find
#!/usr/bin/php -qn

change to
#!/usr/bin/php -q

Find
dbquery("DELETE LOW_PRIORITY FROM maillog WHERE timestamp < (now() - INTERVAL 60 DAY)");

change to:
dbquery("DELETE LOW_PRIORITY FROM maillog WHERE date < (now() - INTERVAL 60 DAY)");

19. Copy mailq.php into place and set permissions

mv mailq.php /usr/local/bin
chown root:root /usr/local/bin/mailq.php

20. Copy other needed scripts into place and set permissions

mv tools/db_clean.php /usr/local/bin
mv tools/quarantine_maint.php /usr/local/bin
mv tools/quarantine_report.php /usr/local/bin
mv tools/sendmail_relay.php /usr/sbin

chown root:root /usr/local/bin/db_clean.php
chown root:root /usr/local/bin/quarantine_maint.php
chown root:root /usr/local/bin/quarantine_report.php
chown root:root /usr/sbin/sendmail_relay.php

21. Set up cron job to run mailq.php

vi /etc/cron.d/mailwatch

copy the following contents into this file



22. Check MailScanner settings so that it now logs to MailWatch

vi /etc/MailScanner/MailScanner.conf

Set the following MailScanner variables (if not already)

Always Looked Up Last = &MailWatchLogging
Detailed Spam Report = yes
Include Scores In SpamAssassin Report = yes
Quarantine Whole Message = yes
Quarantine Whole Message As Queue Files = no
Quarantine User = root
Quarantine Group = apache
Quarantine Permissions = 0660
Quarantine Dir = /var/spool/MailScanner/quarantine
Is Definitely Not Spam = &SQLWhitelist
Is Definitely Spam = &SQLBlacklist
Required SpamAssassin Score = &SQLSpamScores
High SpamAssassin Score = &SQLHighSpamScores

You will need to evaluate the settings for the following to determine if these types of messages will be quarantine. (I recommend at least turning on Quarantine Infections, and adding "store" to the High Scoring Spam Actions and High Spam Actions)
Quarantine Infections
Quarantine Silent Viruses
Spam Actions
High Scoring Spam Actions
Non Spam Actions

23. Stop MailScanner

/sbin/service MailScanner stop

24. Consolidate .spamassassin folder so that bayes db is accesible to apache and root users and set perms on it and the shared quarantine folder

mkdir /etc/MailScanner/.spamassassin
mv ~/.spamassassin/* /etc/MailScanner
rmdir ~/.spamassassin
ln -s /etc/MailScanner/.spamassassin ~
ln -s /etc/MailScanner/.spamassassin /var/www
chown root:apache /etc/MailScanner/.spamassassin
chmod g+rwxs /etc/MailScanner/.spamassassin
chown root:apache /var/spool/MailScanner/quarantine
chmod g+rwx /var/spool/MailScanner/quarantine

25. Update MailScanner's spamassassin settings to use new bayes location.

vi /etc/MailScanner/spam.assassin.prefs.conf

Find:
# bayes_file_mode 0770
and change it to
bayes_file_mode 0770

26. Make sure /etc/cron.daily/clean.quarantine is disabled

vi /etc/cron.daily/clean.quarantine

Ensure you have
$disabled = 1;

If not change it.

27. Restart MailScanner

/sbin/service MailScanner start

28. Disable php safe mode for the php scripts that need it.

vi /etc/httpd/conf.d/mailwatch.conf

Add the following lines to the end of the file:

<Directory /var/www/html/mailscanner/>
php_admin_flag safe_mode 0
</Directory>

29. restart httpd

/sbin/service httpd restart

30. Set up sendmail_relay service installed and running.

mv tools/sendmail_relay.init /etc/rc.d/init.d
chown root:root /etc/rc.d/init.d/sendmail_relay.init
ln -s /etc/rc.d/init.d/sendmail_relay.init /etc/rc.d/init.d/mailwatch
/sbin/chkconfig --add mailwatch

31. start sendmail_relay

/sbin/service mailwatch start

32. Fix perms on bayes.mutex

Versions of spamassasin 3.0.x ignore the bayes_file_mode option for the bayes.mutex file which prevents the use of sa-learn functions of mailwatch.
This may be fixed in spamassassin 3.1.x, but I have not tested it. If it is fixed, this step is not needed.

The workaround

chmod 660 /etc/MailScanner/.spamassassin/bayes.mutex

33. Restart spamassassin

/sbin/service spamassassin restart

34. Exit root

exit

35. Cleanup (optional)

cd ..
rm -fr mailwatch

That’s it. MailWatch is now installed. You should now be able to access it as:

http://ip.address/mailscanner
You’ll need to login using the account specified in step 12.

BTW, I strongly recommend you add 127.0.0.1 to the whitelist. You need to if you plan to release messages from the quarrantine and not have your message reblocked. Also you will prevent the accidental blocking of messages that originate on your server.

Good luck.

If you had installed mailwatch version 1.0.3 using my original howto, here's the steps you need to upgrade to 1.0.4.

Start your upgrade by performing step 2, 3, 4, 5, 8, and 9 from the install instrucitons above.

Then type the following command
mv /var/www/html/mailscanner /var/www/html/mailscanner.old

Then complete the upgrade by performing step 15, 16, 19, 34, and 35.

That should do it.

Enjoy.

I'm curious Artie, have you seen any noticable increase in avg. server load using Mailwatch?

Artie,

Referring back to the 0.5.1 thread, we DID get the Quaratine almost fully functional. There is an issue with the SA-Learn and Bayes functionality, but the main gist is that you have to change the Ensim layout that distributes the Quarantine files from doing so to each domain to doing so to a centralized point in the server.

This hasn't affected the Mailwatch nor MailScanner/SA functionality and finally allows Ensim users to get the quarantine area working.

Bayes obviously has to be done from this same point, it can't easily work per-user or per-domain sadly with the chroot'ed High Security site setups (at least we can't make that fly). When you 'move' this, you can feed spam & ham into Bayes manually but not via the Quaratine GUI portion (working with Steve Freegard on this, some funky perms thing AGAIN).

You may want to check/test my last posts in the previous How-To thread on the modifications and consider adding them to these as they should have the same effect.

I will note we're not insane enough YET to try the 1.X.X versions while they battle out the bugs on the MailWatch list (thus the immediate update patch and several more that will come in the next week or so). Steve has provided an auto-upgrade method, we've not tried it yet either as we got 0.5.1 working after months of tinkering and why mess up a good thing!

More to come from our end, we're working with Ensim 4.0.2 FC1 in comparison to your RHEL setups, as usual...

Dave

Jeff,

With the 0.5.1 we didn't note a large increase in load averages, but it must be noted we're using the CyberGuard CG630 external firewall to block IP range packets to just SMTP prior to the MS/SA/ClamAV/MailWatch package even getting them. That alone reduced the LA's by 50% on average.

No clue on the 1.X.X versions just yet, but the word on the new versions from the MW List is that this version is a bit more streamlined and should actually reduce the LA by 10% due to the way it now handles many functions.

With 0.5.1 & the CG630, I've happily watched my 5 min. LA's drop to as low as 0.04-0.10 many times during the day. Don't let the LA's fool you as the sampling methods used, especially if you're using MRTG (not the MailScanner MRTG), tend to show more of the 'peaks' when it's handling mail briefly and cause you to think you're running 1.0+ constantly.

Mailwatch's LA display does show a more accurate report and tends to match the charting on MailScanner-MRTG as well. Doing a 'top' from the command line and changing the refresh rate to 1, display lines to 25 will show you matching stats on the top line there.

Last, note that we've noticed the IMAP activity from users opening SquirrelMail sessions (especially if they use them heavily between users on the same server) will drive your LA's up into the 1.4-2.0 range in the 5 min. samples. Annoying!

Dave

I've been Mailwatch 0.5.1 successfully for months, after installing with your HOWTO. I performed the upgrade yesterday afternoon (also from your HOWTO) and it appeared to be successful. However, since the upgrade, I have had nothing new show up in the MailWatch list.

I don't know where to begin. Any thoughts?

As I'm sure Artie will mention, this is a How-To and not a solutions
base unless the How-To has something incorrect inside to be fixed.

So.... where's the real help? Here! vvvvvvv

Send 'subscribe' to:

[email="mailwatch-users@lists.sourceforge.net"]mailwatch-users@lists.sourceforge.net[/email]

Nothing else in the Subject or Body of your request.

This is the Official Mailing List of MailWatch, with the Author Steve Freegard on constant monitoring. Once subscribed you can also go to Sourceforge and read the Archives to catch up on things, especially since the 1.0.X releases hit the streets.

There have been multiple little bugs in the new releases, so your problem is not uncommon and that's the FASTEST place to get solutions.

In our case we had periods where nothing seemed to be coming into MailWatch, usually indicating problems with MySQL and logging. This is why we haven't rushed to move up to 1.X.X because it took months to finally determine why ours was working, stopped and came back (see other thread).

Post your problem there, add as much detail as possible, Steve & the Gang will help you get it fixed. Could be as simple as installing one of the patches or code-fixes that have been on that List recently.

HTH!

Dave

I had this issue come up from the older version of mailwatch.. But when I select the lint function or if I tried to update rules from the mailwatch program.. the screen just goes to a empty version of what used to be a filled screen and says it took 0.000 seconds to complete.. I checked the error logs and it is looking for certain programs out of my / directory, like "ps", "ls","spamassassin" and .. odd yes.. this should be pulling them from /bin or somthing.. also with the new version of mailwatch I had to place a copy of unzip in the / directory in order for it to do the GeoIP update.. I dont think its mailwatch program that is to blame.. I think its a php path issue.. I am just wondering if any one would know how to fix this.. this did work at one time.. but I upgraded to php5 tehn downgraded to php4.3.11 then this happened..


Help!!

excerpt from /var/log/httpd/error_log

sh: line 1: /spamassassin: No such file or directory
sh: line 1: /ps: No such file or directory
sh: line 1: /ps: No such file or directory
sh: line 1: /ps: No such file or directory
sh: line 1: /ps: No such file or directory
sh: line 1: /ls: No such file or directory

I cant get past this part

INSERT INTO users VALUES ('MAILWATCH_WEB_LOGIN',md5('MAILWATCH_WEB_PASSWORD '),’MAILWATCH_WEB_FULL_NAME’,'A');

when I fill in the blanks it gives me an error

ERROR 1136: Column count doesn't match value count at row 1

any help?

ok here is what it should say

INSERT INTO users VALUES ('MAILWATCH_WEB_LOGIN',md5('MAILWATCH_WEB_PASSWORD'),'MAILWATCH_WEB_FULL_NAME','A',0);



theres is an extra ,0 at the end

and it works

OK, i have made significant revisions to the howto, more to come in the next few days. Enjoy.

Ok, I've followed the instructions above, and it seems to be installed correctly. I am on Fedora 1, Ensim 4.0.3.

It does not seem to be logging spam. I have double and triple checked and passwords are all correct. The status window on the mailwatch page says MailScanner and Scanmail YES.

In the Tools area I can connct to the database. I see that teh SQL is being queries from the maillog file

Config: calling custom init function MailWatchLogging
Sep 6 18:09:46 servername MailScanner[28631]: Started SQL Logging child

Any ideas?

Thanks

What are you seeing in your maillog as the mail process through the system. Do you see MailScanner even scanning those?

Here is an excerpt from my mail log from 2 mins ago.

Sep 6 18:47:02 servername MailScanner[5574]: New Batch: Scanning 1 messages, 2763 bytes
Sep 6 18:47:03 servername MailScanner[5574]: Virus and Content Scanning: Starting
Sep 6 18:47:03 servername MailScanner[5574]: Uninfected: Delivered 1 messages
Sep 6 18:47:04 servername virthostmail[9004]: Chrooting to /home/virtual/site1/fst
Sep 6 18:47:04 servername MailScanner[9005]: MailScanner E-Mail Virus Scanner version 4.36.4 starting...
Sep 6 18:47:04 servername sendmail[9004]: j86Ml4jE009004: from=, size=2597, class=-60, nrcpts=1, msgid=<20050906224801.A77DC12814@sc8-sf-spam2.sourceforge.net>, proto=ESMTP, relay=root@localhost
Sep 6 18:47:04 servername sendmail[9003]: j86Ml0bN008989: to=, delay=00:00:04, xdelay=00:00:00, mailer=virthostmail, pri=230147, relay=servername.com, dsn=2.0.0, stat=Sent (j86Ml4jE009004 Message accepted for delivery)
Sep 6 18:47:04 servername MailScanner[9005]: Config: calling custom init function MailWatchLogging
Sep 6 18:47:04 servername spamd[27744]: connection from localhost.localdomain [127.0.0.1] at port 53433
Sep 6 18:47:04 servername spamd[27744]: info: setuid to wolfe@servername.com succeeded
Sep 6 18:47:04 servername spamd[27744]: processing message <20050906224801.A77DC12814@sc8-sf-spam2.sourceforge.net> for wolfe@servername.com:22005.
Sep 6 18:47:04 servername MailScanner[9005]: Started SQL Logging child
Sep 6 18:47:04 servername spamd[27744]: clean message (0.2/4.0) for wolfe@servername.com:22005 in 0.2 seconds, 2916 bytes.
Sep 6 18:47:04 servername spamd[27744]: result: . 0 - NO_REAL_NAME scantime=0.2,size=2916,mid=<20050906224801.A77DC12814@sc8-sf-spam2.sourceforge.net>,autolearn=no
Sep 6 18:47:04 servername spamd[7915]: server hit by SIGCHLD
Sep 6 18:47:04 servername spamd[7915]: handled cleanup of child pid 27744
Sep 6 18:47:04 servername spamd[7915]: server successfully spawned child process, pid 9016
Sep 6 18:47:04 servername sendmail[9007]: j86Ml4jE009004: to=, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=140773, dsn=2.0.0, stat=Sent

yeah, it looks like MailScanner isn't even seeing the message which implies that you have virus scanning disabled on your server. (IE ensim uses mailscanner for its virus scanning). So the messages are simply being delivered to the virtual sites and passed to spamd using the virtual sites spam settings.

For MailScanner to see the email, you need to have virus scanning enabled in Ensim. Then in MailScanner you can configure your settings to perform spam checking in mailscanner as well so that mailwatch gets nice spam metrics too.

Of course given the way ensim has spamassassin used in the virtual domains via spamd this means you will be double checking your messages for spam. Personally this is how i have it configured. I have a server level check that scans all mail using a uniform policy to get the worst of the spam out, and then anything that passes through will be checked by the user and virtual site admin controlled spam settings.

Ah, this is simple. It's a php safe mode issue. Check the step (currently) 22 in the HOWTO and set that and the lint should work amoung other features.

The geoip not working issues is solved with the creation of the temp directory in step 14 above... The install instructions for mailwatch left out this crucial step.

How do I go about enabling Virus scanning in Ensim? Right now it is set up in the Appliance Administrator to scan e-mail, but I can't find a virus scanner option.

Also, how do I configure MailScanner?

For some reason when I upgraded to SA 3.0.2 everything seemed to stop working for the spam controls.

I'm also still running MailScanner 4.36. Could that be affecting it?

I appreciate any feedback you have.

Wolfe

Yeah, the "Mail Scanning" portion under the Email Services is the place to enable it. But then you have to enable the Mail Scanner services in each of your domains on the server you wish to have this support for it.


Now this is a big question. MailScanner has literally hundreds of options... Most of which are in the /etc/MailScanner/MailScanner.conf file. It's worth reading through. The problem is the topic of MailScanner itself is a large one and kinda out of the scope of this thread which is specifically to get mailwatch to work. You probably better served looking at threads specific to MailScanner's operations in regards to howto configure that application. This is one reason, I strongly recommend at the start of this howto, that the admin have a full understanding of how MailScanner works before following the HOWTO.


Well keep in mind, the spam controls in ensim are wholly separate from those in MailScanner (if enabled MailScanner will call spamassassin, and then ensim will call it again on the same email). I used to publish a howto to to upgrade spamassassin but that only covered the 2.6x versions. The 3.0 versions did not work with Ensim until Ensim released support for it with an often modified and released hotfix which has proved troublesome for some. I assume you installed it from that hotfix right? If so, you should be able to upgrade to spamassassin 3.0.4 using the standard installer and then simply putting Ensim through maintenance mode. This may clear up your spam issues. Although from the looks of your log, it does appear that the spam checks are being called.

Personally, now that I'm at RHEL4, and ensim 4.0.4, I no longer have to worry about spamassassin installed. up2date take care of it for me.



The main issue is you wont be able to access some of the newer features in Mailwatch... However, you really should update MailScanner. I have a howto for this linked from the original post.

Upgrading MailScanner fixed the problem.

Thanks for the reply. I appreciate it.

ok, the howto now is feature complete I believe. It now has the ability to quarantine the messages, and manipulate the messages from the quarantine, and also you can control the white and black lists now.


There are some bugs I need to shake out. One, the ability to pass a message in quarantine to the sa learn functions doesn't seem to work.

ok, after running serveral days of testing it seems as if this howto is complete. So I am removing the beta designator.

I have also updated the HOWTO to include a step to overcome a bug with spamassassin using the wrong permissions for bayes.mutex

Enjoy.

I have updated the instructions above to support MailWatch 1.0.3.

If you have 1.0.2 installed, here the upgrade steps.
Basically you will reperform some of the steps you did suring the install and add a few minor tweaks in betweek.

Reperform Step 2
Reperform Step 3
Reperform Step 4
Reperform Step 5
Reperform Step 6
Reperform Step 7
Reperform Step 8
Reperform Step 9

Now stop MailScanner
/sbin/service MailScanner stop

Now upgrade Database

php upgrade.php
/usr/bin/mysql --password=MYSQL_ROOT_PASSWORD

At the mysql> prompt type:

CODE

GRANT FILE ON *.* TO mailwatch@localhost IDENTIFIED BY 'MAILWATCH_ADMIN_PASSWORD';

FLUSH PRIVILEGES;

exit

Move old mailwatch file out of the way
mv /var/www/html/mailscanner /var/www/html/mailscanner.old

Reperform Step 15
Reperform Step 16
Reperform Step 17
Reperform Step 18
Reperform Step 19

Set the following in your /etc/MailScanner/MailScanner.conf file

Required SpamAssassin Score = &SQLSpamScores
High SpamAssassin Score = &SQLHighSpamScores


Start MailScanner
/sbin/service MailScanner start

Reperform Step 32
Reperform Step 33

That should be all. You should now be at version 1.0.3

After you upgrade, you need to flush any records out of the inq and outq table that were there before the upgrade. You can see them, because the host field will be null. Those records will remain permanently if not removed manually.

MailWatch doesn't seem to connect to MySQL properly - even though MailWatch has no problem accessing the DB through the web panel... there's no logging of the mails passing through the server. Does anyone know why this might be?

I cants get it to place scores in Mailwatch.. I have check the maillog and they are getting scored there..
Any suggestions?

I have (hopefully) followed the howto to a T

Working great with Ensim 3.5. There was only one thing I needed to change and that was:

"Required SpamAssassin Score = &SQLSpamScores
High SpamAssassin Score = &SQLHighSpamScores"

to read

"Required SpamAssassin Score = 5
High SpamAssassin Score = 10"

Not entirely sure why the "&SQLSpamScores" and "&SQLHighSpamScores" aren't working. Only reason I can come up with is that I'm using an older version of ensim.

Thanks!

Has anyone used these methods of training Bayes as well as the MailWatcher method?

http://forums.ev1servers.net/showthread.php?t=53736

http://forums.ev1servers.net/showthread.php?t=53736

MailWatch is training Bayes with High Score Spam as far as I can tell. I would also like to setup the Bayes address so users can chuck their spam into the mail brain but I'm not sure if the it will confict with MailWatch.

Thanks!

After installing this it is now giving me this error on all incoming messages.
The virus detector said this about the message:
Report: MailScanner: Message is too large
MailScanner: Message is too large

Please tell me where I can find the file to make the changes

Have installed mailscanner exactly as stated but am having an issue with webpage - I keep typing in username and pass which is in database but it keeps failing. I did install this on Ensim 4.1 so could that be the issue. Has anyone had a similiar problem and how did you solve it? I believe it is a MySQL issue with maybe permissions but do not know MySQL very well

Did you ever get this problem fixed, I have it as well, mails are getting scored - even gettin SPAM designated added etc.. but all emails are "clean" in the mailwatch page (which is a lie).

First of all thanks a lot for this great tutorial ArtieMcD!

One thing I've noticed about releasing emails from quarantine was that whitelisting 127.0.0.1 doesn't seem to be enough.

I've added the following to my /etc/MailScanner/rules/virus-scan.rules and /etc/MailScanner/rules/content.scanning.rules:


Now I just hope that Ensim doesn't come along erasing the whole file once I edit something in Ensim. Need to test this later I guess.

[EDIT]
I forgot to mention that I don't see any emails marked as spam in MailWatch as well. They are marked/deleted correctly in SpamAssassin though. Looking at my maillog I'd say the messages are scanned by MailScanner first and reach SpamAssassin afterwards, maybe that's why the X-Spam headers are missing in MailWatch though they are added before mail is delivered. Anyone ever found a solution?
[/EDIT]

Ok, everything else is ok except for one thing:

when using:


It just sits there and does nothing. I can see the page and all, just can't login because the user won't create via MySQL. I attempted via phpMyAdmin, but I guess since there was no md5 on it, it's rejecting the password.

Also, it's not catching anything as SPAM, SPAM Assassin catches it and is modfiying the message as we have it set to.

When viewing reports for Virus, MCP or Spam Assassin, I get the following:
Error: no rows retrieved from database

Obviously something is wrong somewhere.

The query in the how-to above was probably for an earlier version. It's wrong as well in MailWatch's install readme file of the current version . The database structure of create.sql just doesn't match the query anymore.

So for MailWatch 1.0.3 try:


ArtieMcD, you might want to fix the query in your how-to as well.

I fixed the SQL thing once I looked at the code, which was obvious.

But now since I upgraded Spam Assassin and reinstall this it seems to disable Spam Assassin really. After I upgraded, the Spam Assassin started reflagging the emails as Spam again and then once I re-ran this install .. it stops.

Also Bayes isn't installed to my knowledge on this box, not sure if this has any effect on the Spam Assassin.

Hi
I've installed the package and parts seem to work while others don't.
It doesn't appear to be writing to the DB in some cases but not others.

Whitelist, Blacklist, geoip_country, inq, users, mtalog, outq, sa_rules, have data in them ... but ...

audit_log, mailog, mcp_rules, saved_filters, spamscores, are all empty and seem to remain so.

Any ideas?

Many thanks ... Fizzwizz

Is there something amiss here?

May 17 02:25:15 secure MailScanner[5103]: Could not read Custom Functions directory
May 17 02:25:15 secure MailScanner[5103]: Config: calling custom init function SQLSpamScores
May 17 02:25:16 secure MailScanner[5103]: Config: calling custom init function SQLBlacklist
May 17 02:25:16 secure MailScanner[5103]: Config: calling custom init function MailWatchLogging
May 17 02:25:16 secure MailScanner[5103]: Config: calling custom init function SQLHighSpamScores
May 17 02:25:17 secure MailScanner[5103]: Config: calling custom init function SQLWhitelist


Thanks ... Fizz

Did you fix the problem?

No, so I re-installed Ensim, upgraded MailScanner, but it still doesn't work.

I'm fairly sure I have followed the How2 perfectly. I'm tired of it now. This one doesn't seem to work well with Ensim.

To be honset I'm starting to think nothing works with Ensim. The sitebackup was a total waste of time. I've been awake nearly 48 hours now doing what should have been a 4 hour restore!

These forums have died too. You used to get a reply here within 15 mins, now they take days.

Any other tips? ... Fizz

Seems to be working on Ensim 4.1

The path to clamav/* was the problem with my MailScanner.conf.

Tired & Spent ... Fizz

It seems I have the same issue with ensim 4.1!

Well, I found an issue with the configuration of the bayes database for use with MailWatch. By explicitly specifying the path to the /etc/MailScanner/bayes for the database, this setting applied to all user account, including the users in the virtual domains who cannot read that directory from their chrooted environment. So by installing MailScanner we have broken bayesian tests in spamassassin in the virtual domain tests. So I have reworked the how to get around the need to hard code the location of the bayes database and revert back to defaulting to finding it at ~/.spamassassin

When you go back and rework those parts, make sure to comment out the bayes_path line again.


Also, If you are using f-prot, I found a bug in MailScanners f-prot wrapper. Check the linked MailScanner howto for details on that issue.

Hi, I have gone through the how-to a couple times to try and get it working but no matter what I do I can't seem to login to the mailwatch page.

I don't believe there were any errors during install, and I can browse the mysql db structure and the user/pass is listed fine.

I have looked in the MailWatch forum for solutions but none of the password changing commands help for my case.

I also recently went through the mailscanner and spamassassin upgrade threads, so I am running the latest versions of those. And they appear to be working so far, although my load is a bit higher than before upgrade.

Any help would be appreciated, if I can't solve this issue myself I would be willing to hire someone to verify everything for me for a hopefully nominal fee

Thanks very much

I'm pretty sure I followed the directions correctly, I can log in and see total messages, server load etc, but it is not counting and spam or virus.

When I do: /sbin/service mailwatch restart

I get: Starting sendmail_relay: nohup: appending output to `nohup.out'

I saw someone else was having this issue, so I logged into the database and ran:
But that did not seem to make a difference.

I also tried changing:

That did not make a difference either.

I am using RHEL4, Ensim 10.1, Spam Assassin 3.1.7, and mailscanner 4.58. I'd like to get this working as it looks lilke a great tool.

Any ideas?

I have upgraded this howto to support the new 1.0.4 release of mailwatch. I also added instructions to upgrade to 1.0.4 for people who used by 1.0.3 install guide.