Solved

amavisd-new, redhat linux 9, sendmail and AVG virus scanner

Posted on 2004-03-27
10
984 Views
Last Modified: 2007-12-19
I have installed the AVG virus scanner daemon on Redhat Linux 9, hooked up Dazuko, and also (I think) configured amavisd-new so that it uses the AVG scanner (when I run the amavisd-new daemon in debug mode it apparently starts up fine and conencts it to the avg scanner).

However, I'm now having trouble hooking amavisd-new up to sendmail. amavisd. I added the following lines to sendmail.mc and regenerated sendmail.cf

dnl
dnl Change Mlocal to use AMaViS-Perl
define(`AMAVIS_LOCAL_MAILER_ARGS', `-d $u')
define(`LOCAL_MAILER_ARGS',`amavis $f $u' LOCAL_MAILER_PATH AMAVIS_LOCAL_MAILER_ARGS)dnl
define(`LOCAL_MAILER_PATH', `/usr/sbin/amavis')dnl
dnl please set the path to your procmail accordingly!
dnl the following works only with sendmail 8.10.x or above
MODIFY_MAILER_FLAGS(`LOCAL', `-m-f-r')dnl

I then restarted sendmail, and sent myself a test message. This got bounced with an error 255. The error log shows the following

Mar 27 10:59:36 garcia sendmail[4995]: starting daemon (8.12.8): SMTP+queueing@01:00:00
Mar 27 10:59:36 garcia sm-msp-queue[5004]: starting daemon (8.12.8): queueing@01:00:00
Mar 27 11:00:43 garcia sendmail[5017]: i2RB0fDD005017: from=<drjohnbrooke@hotmail.com>, size=830, class=0, nrcpts=1, msgid=<Sea2-F41iCMI2q5Knp50002bd4e@hotmail.com>, proto=ESMTP, daemon=MTA, relay=sea2-f41.sea2.hotmail.com [207.68.165.41]
Mar 27 11:00:43 garcia amavisd[5019]: starting.  amavis 0.3.12 Tue Jan 27 18:30:14 GMT 2004
Mar 27 11:00:44 garcia amavisd[5022]: mail forwarding failed, retry: Insecure dependency in exec while running with -T switch at /usr/sbin/amavis line 581, <GEN0> line 26. (message-id=<Sea2-F41iCMI2q5Knp50002bd4e@hotmail.com>)
Mar 27 11:00:44 garcia amavisd[5022]: do_exit:481 - ending execution with 75
Mar 27 11:00:44 garcia amavisd[5019]: do_exit:594 - ending execution with 255
Mar 27 11:00:44 garcia sendmail[5018]: i2RB0fDD005017: to=<drjohn@contingent-solutions.com>, delay=00:00:02, xdelay=00:00:01, mailer=local, pri=31044, dsn=5.3.0, stat=unknown mailer error 255
Mar 27 11:00:44 garcia sendmail[5018]: i2RB0fDD005017: i2RB0iDD005018: DSN: unknown mailer error 255
Mar 27 11:00:45 garcia sendmail[5018]: i2RB0iDD005018: to=<drjohnbrooke@hotmail.com>, delay=00:00:01, xdelay=00:00:01, mailer=esmtp, pri=32068, relay=mx4.hotmail.com. [65.54.167.230], dsn=2.0.0, stat=Sent ( <200403271100.i2RB0iDD005018@localhost.localdomain> Queued mail for delivery)

So what am I doing wrong here?

John
0
Comment
Question by:JohnBrookeContingent
  • 4
  • 4
10 Comments
 
LVL 44

Expert Comment

by:Karl Heinz Kremer
ID: 10694222
It looks like Amavis has a problem with the Perl -T flag ('tainted') - or the other way around. I found one report (even though for RH 8) that describes this symptom: http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=107532
- unfortunately without a solution.

You could try to upgrade to a newer version of Amavis.
You could also try to remove the -T from the first line of the /usr/sbin/amavis script - BUT THIS MAY OPEN YOUR SYSTEM TO SECURITY PROBLEMS.
0
 

Author Comment

by:JohnBrookeContingent
ID: 10694267
I'm using amavisd-new-200030616 - is there something newer than this?

I went back to the README files for amavisd-new and the configuration change they recommend is to put in

MODIFY_MAILER_FLAGS(`LOCAL',`-r')dnl
define(`LOCAL_MAILER_ARGS',`amavis $f $u --' LOCAL_MAILER_PATH `-d $u')dnl
define(`LOCAL_MAILER_PATH',`/usr/local/sbin/amavis')dnl

However, this still doesn't work. The message doesn't get bounced this time, it gets deferred....

Mar 27 12:15:14 garcia sendmail[5614]: i2RCFDR8005614: from=<drjohnbrooke@hotmail.com>, size=819, class=0, nrcpts=1, msgid=<Sea2-F20AODDD3OaiPZ0002c108@hotmail.com>, proto=ESMTP, daemon=MTA, relay=sea2-f20.sea2.hotmail.com [207.68.165.20]
Mar 27 12:15:14 garcia amavisd[5616]: starting.  amavis 0.3.12 Tue Jan 27 18:30:14 GMT 2004
Mar 27 12:15:15 garcia amavisd[5619]: mail forwarding failed, retry: Insecure dependency in exec while running with -T switch at /usr/local/sbin/amavis line 581, <GEN0> line 25. (message-id=<Sea2-F20AODDD3OaiPZ0002c108@hotmail.com>)
Mar 27 12:15:15 garcia amavisd[5619]: do_exit:481 - ending execution with 75
Mar 27 12:15:15 garcia amavisd[5616]: do_exit:594 - ending execution with 75
Mar 27 12:15:15 garcia sendmail[5615]: i2RCFDR8005614: to=<drjohn@contingent-solutions.com>, delay=00:00:02, xdelay=00:00:01, mailer=local, pri=31033, dsn=4.0.0, stat=Deferred: local mailer (/usr/local/sbin/amavis) exited with EX_TEMPFAIL

The problem still seems to be the -T switch.

What exactly is the security issue? I don't want to open security holes, I'm trying to close them!!

0
 
LVL 44

Expert Comment

by:Karl Heinz Kremer
ID: 10694361
The -T switch makes Perl scripts more secure. You can find more about this in this FAQ: http://gunther.web66.com/FAQS/taintmode.html

0
 
LVL 44

Expert Comment

by:Karl Heinz Kremer
ID: 10694368
What exactly is line 581 in the amavis script? Which version of Perl are you running?
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 

Author Comment

by:JohnBrookeContingent
ID: 10697789
The section of the amavis script in question is

        # sending mail, sendmail version
        # For sendmail, we call the "real" local delivery agent
                                                                               
        open(MAIL, "|-") || exec($LDA, @LDAARGS);
        while (<$fh>) {
                next if ($seen_xheader == 0 && m/^$X_HEADER_TAG:/o);
                if ($seen_xheader == 0 && m/\A\r?\n\Z/) {
                        print MAIL "$X_HEADER_TAG: $X_HEADER_LINE\n";
                        $seen_xheader = 1;
                }
                print MAIL $_;
        }
                                                                               
        close(MAIL);

Line 581 is the "open (MAIL, "|-") || exec($LDA, @LDAARGS);"

I seem to be running Perl v5.8.0.
0
 
LVL 44

Expert Comment

by:Karl Heinz Kremer
ID: 10697996
I'm also using Perl v5.8.0, my Amavis version is 0.3.12pre8 (Mar 17 2003), and it does not have this line (and I also don't have this problem). Maybe the solution is not to install a newer version, but an older version of Amavis.
0
 

Author Comment

by:JohnBrookeContingent
ID: 10702196
Well, I tried running the Amavis script without the -T switch on Perl, and it didn't fall over but any messages went into some sort of black hole somewhere and never re-emerged. I'll investigate going backwards to an older version of Amavis, though at the moment I can't find the particular version you're running.
0
 

Author Comment

by:JohnBrookeContingent
ID: 11332521
In the end I switched from Sendmail to Postfix - it was a lot easier to configure amavisd to work with it....
0
 

Accepted Solution

by:
modulo earned 0 total points
ID: 12096526
PAQed, with points refunded (125)

modulo
Community Support Moderator
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Join & Write a Comment

​Being a Managed Services Provider (MSP) has presented you  with challenges in the past— and by meeting those challenges you’ve reaped the rewards of success.  In 2014, challenges and rewards remain; but as the Internet and business environment evol…
Hello EE, Today we will learn how to send all your network traffic through Tor which is useful to get around censorship and being tracked all together to a certain degree. This article assumes you will be using Linux, have a minimal knowledge of …
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now