Guide updated on 29th of February 2016

Install qmail-scanner


qmail-scanner is an alternate queuing system for qmail.

Qmail-scanner is going to allow us to integrate Clam Antivirus and SpamAssassin into our qmail server's mail queue. Once qmail-scanner is installed, there will be a master script that is filled with configuration options that help you to tailor the functionality of Clam Antivirus and SpamAssassin to your needs.

We have patched qmail source to support it on step 2 and we have implemented it on step 10. It's now time to install it ;-)

More info about qmail-scanner can be found here and explanation about the used patched version here

All the configuration options can be found here

cd /downloads/
tar zxvf q-s-2.11st-20130319.tgz
cd /downloads/qmail-scanner-2.11st/contrib

cc -o qmail-scanner-queue qmail-scanner-queue.c
mv /downloads/qmail-scanner-2.11st/contrib/qmail-scanner-queue /var/qmail/bin/qmail-scanner-queue
chown qscand:qscand /var/qmail/bin/qmail-scanner-queue
chmod 6755 /var/qmail/bin/qmail-scanner-queue

cd /downloads/qmail-scanner-2.11st/

./configure --admin postmaster --domain your_domain --local-domains "your_domain" --sa-quarantine 5 --ignore-eol-check yes --add-dscr-hdrs yes --notify psender,admin --sa-report yes --fix-mime 1 --unzip 1 --archive 0 --silent-viruses auto --redundant no --log-crypto 0

./configure --admin postmaster --domain your_domain --local-domains "your_domain" --sa-quarantine 5 --ignore-eol-check yes --add-dscr-hdrs yes --notify psender,admin --sa-report yes --fix-mime 1 --unzip 1 --archive 0 --silent-viruses auto --redundant no --log-crypto 0 --install yes

ln -s /var/spool/qscan /var/log/qmail/qscan

Let's test it ... First swich to a non-privilegied user account

su - non-privilegied_user_account
/var/qmail/bin/qmail-scanner-queue.pl -g

You should have an answer like this:

perlscanner: generate new DB file from /var/spool/qscan/quarantine-events.txt
perlscanner: total of 35 entries.

Switch back to root account:

exit

Add it in the logrotation system

cp /downloads/qmail-scanner-2.11st/contrib/logrotate.qmail-scanner /etc/logrotate.d/qmail-scanner
chmod 644 /etc/logrotate.d/qmail-scanner

Launch qmail

qmailctl restart
qmailctl stat

You should see something like that:

/service/qmail-send: up (pid 17762) 63 seconds
/service/qmail-send/log: up (pid 17763) 63 seconds
/service/qmail-smtpd: up (pid 18500) 63 seconds
/service/qmail-smtpd/log: up (pid 17767) 63 seconds
/service/qmail-smtpdssl: up (pid 18496) 63 seconds
/service/qmail-smtpdssl/log: up (pid 17773) 63 seconds
messages in queue: 0
messages in queue but not yet preprocessed: 0


If you notice than some service stays at 1 second, check the corresponding log to debug it

tail /var/log/qmail/qmail-send/current
tail /var/log/qmail/qmail-smtpd/current
tail /var/log/qmail/qmail-smtpdssl/current

Test combinaison of qmail-scanner, spamassassin and clamav

cd /downloads/qmail-scanner-2.11st/contrib
chmod 755 test_installation.sh
./test_installation.sh -doit

You should have an answer like this

Sending standard test message - no viruses... 1/4
done!

Sending eicar test virus - should be caught by perlscanner module... 2/4
done!

Sending eicar test virus with altered filename - should only be caught by commercial anti-virus modules (if you have any)... 3/4
done!

Sending bad spam message for anti-spam testing - In case you are using SpamAssassin... 4/4



If you have enabled $sa_quarantine, $sa_delete or $sa_reject the
spam-message wont't arrive to the recipients. But if you have enabled
(good idea!) 'minidebug' or 'debug' you should check
/var/spool/qscan/qmail-queue.log (or where ever you have the log).


Done!

Finished test. Now go and check Email sent to postmaster@domain.tld and/or the log..

Check the first statistics

/var/spool/qscan/log-report.sh /var/spool/qscan/qmail-queue.log

You should have an answer like this

5 Messages processed
1 Virus Eicar-Test-Signature
1 Spam quarantined
1 Policy blocked

OPTIONAL : You can receive daily statistics

echo '/var/spool/qscan/log-report.sh /var/spool/qscan/qmail-queue.log |mail YOUR E-MAIL ADDRESS' > /etc/cron.daily/qmailscanner-report
chmod 755 /etc/cron.daily/qmailscanner-report

Test Qmail


Users comments
Thibs - 01/08/2014 14:51

@Eric : Thanks for your help. I'm currently (and finally) working on an updated version and all your remarks were really useful

Eric - 27/06/2014 05:55

Fresh install of Debian 7.5 Wheezy

Lots of issues all due to the suidperl.  How I got it to finally work here, I have NO clue,  I've been at this for a number of hours.

 

Eric - 20/06/2014 18:03

Once I went to the ./configure line, I ended up having to create the following directory:

/var/spool/qscan

in order to copy the quarantine-events.txt file.

Marco - 05/05/2014 17:05

Hello,

I recently upgraded spamassassin to version 3.4.0

Having difficulty getting qmailscanner to recognize the upgrade.

I tried:

# sudo -u qscand /var/qmail/bin/qmail-scanner-queue.pl -z

(no errors)

then

# chown qscand:qscand /var/spool/qscan/qmail-scanner-queue-version.txt

(no errors)

qmailscanner reports the 3.2.4 version of spamassassin in the X-Qmail-Scanner-Diagnostics portion of the received email header.

Suggestions?

Bstd - 11/04/2014 04:22

For all of those who applied the sudo fix by Antartica for Debian 7, there is a small but yet very important thing to do. You should add to the /etc/sudoers file the following line:

Defaults        env_keep +="TCPREMOTEIP TCPREMOTEHOST TCPREMOTEINFO REMOTE_OS REMOTE_COUNTRY QS_SPAMASSASSIN SA_ONLYDELETE_HOST SA_WHITELIST"

The reason behind this is that by default sudo resets the environment variables when executing the command. Thus qmail-scanner cannot recognize the important info regarding the incoming mail and treats everything as coming from localhost, which leads to passing everything without scanning. The above line preserves the important ENV variables for qmail-scanner.

Hope this helps.

 

Greets,

bstd

Richard - 23/03/2014 18:57

 

Hi Nikolay,

The syslog fix works stopping the console messages. But it still places messages in /var/log/messages. 

I've been using an older version wich was logging to /var/log/maillog. 

Is it possible to change this behaviour?

Thanks,

Richard

 

Nikolay zaynelov - 22/02/2014 22:36

@Keven

open /etc/rsyslog.conf and find the line starting with

*.emerg

add ;user.none right after it:

*.emerg;user.none ......

and the messages will dissapear. For some reason the wrapper does not use the proper syslog facility (eventually).

Mikoml - 14/02/2014 01:09

I install now debian 7 with perl 5.14.2

i tested all with no effect

i write 2 line in /var/qmail/bin/qmail-scanner-queue.pl

1: my $real_uid="qscand";

2: my $effective_uid="qscand";

next i change permissions folders und files /var/spool/qscand

now all work super with no problem

Keven - 25/09/2013 14:07

@Antartica,  follow your steps, everything is fine. but only one thing make me crazy.

on consol/terminal, I always get system message like this,

"Message from syslogd@host.domain.tld  at Sep 25 6:50:28 ...

 qmail-scanner-queue.pl: qmail-scanner[23636]: Clear:RC:1(127.0.0.1): ...."

I have no idea, why this happening.

if I comment this code line, "ALL ALL=(qscand) NOPASSWD: /var/qmail/bin/qmail-scanner-queue.pl", then there is no consol message.

anyone has same problem?

Eric - 08/07/2013 16:17

Typo in the quick fix, here is what I ran and it worked:

chown qscand:qscand /var/spool/qscan/*

 


 

Antartica - 17/06/2013 21:29

Another tip: if you initialized qmail-scanner-queue.pl with suid and suid wasn't supported, the permissions of

/var/spool/qscand/qmail-scanner-queue-version.txt

could be wrongly generated. They should be qscand:qscand

Quick fix:
# chmod qscad:qscand
/var/spool/qscand/*
Antartica - 17/06/2013 21:22

Warning: malformed code in my previous post (somehow a < has been dropped; the getpwuid call is: getpwuid($<):

===CUT===

$ENV{'PATH'}='/bin:/usr/bin';
$whoami = getpwuid($<) || "unknown";
if($whoami ne "qscand") {
    exec("/usr/bin/sudo -u qscand /var/qmail/bin/qmail-scanner-queue.pl") || die;
}

===CUT===

Sorry for the inconvenience.

Antartica - 17/06/2013 21:08

In Wheezy (Debian 7), doing the "./test_installation.sh -doit" results in the error "qmail-inject: fatal: qq temporary problem (#4.3.0)" mentioned in other posts.

I've finally found a way to make it work.

The problem is that qmail-scanner-queue.pl is executing as "root" and clamav as qscand, so clamav can't chdir into the directory qmail-scanner-queue.pl creates to check viruses.

I tried to fix it using suid and the C wrapper but strangely the error persisted (although when calling the wrapper manually the suid was being honoured :-? ). I uninstalled the C wrapper.

My final solution (that works) is using sudo and modifying  qmail-scanner-queue.pl so that it reloads with the correct user using sudo (to be clear: with this approach there is no need for the C wrapper)

So, steps to fix it:

1. Install sudo

# apt-get install sudo

2. Execute "visudo"

# visudo

3. Add the following line

ALL ALL=(qscand) NOPASSWD: /var/qmail/bin/qmail-scanner-queue.pl

4. Save and exit

5. Edit /var/qmail/bin/qmail-scanner-queue.pl

# vi /var/qmail/bin/qmail-scanner-queue.pl

6. Go to line 71

:71

7. Add the following lines

$ENV{'PATH'}='/bin:/usr/bin';
$whoami = getpwuid($) || "unknown";
if($whoami ne "qscand") {
    exec("/usr/bin/sudo -u qscand /var/qmail/bin/qmail-scanner-queue.pl") || die;
}

8. Save and exit (:wq)

Try again the
# cd /downloads/qmail-scanner-2.10st/contrib
# ./test_installation.sh -doit

...and this time it should work :)

NOTE: the step of:
/var/qmail/bin/qmail-scanner-queue.pl -g
has to be changed to
# sudo -u qscand /var/qmail/bin/qmail-scanner-queue.pl -g
as the "reexec" inside the modified qmail-scanner-queue.pl doesn't pass parameters.
Eric - 08/05/2013 21:45

Being stupid and having just completed a complete install on Squeeze, I thought it would be okay to start fresh with wheezy, NOT.

Got through almost everything until here, and I have no idea what you mean by using the C wrapper.

"For all the users with setuid issues: check thart you use the C wrapper as QMAILQUEUE"

I looked around and could not find any instructions at all.  

Michiel - 17/03/2013 23:22

For all the users with setuid issues: check thart you use the C wrapper as QMAILQUEUE and check the following URL:

https://www.tnpi.net/internet/mail/toaster/filtering/content/qmail-scanner.shtml (permissions on both qmail-scanner-queue.pl 0750 and qmail-scanner.queue 4755 should be set correct, then the wrapper works perfect on ubuntu 12.04 and debian wheezy!

Thibs - 24/01/2013 22:12

This could help you if you are facing strange non-delivered mail with attachment : http://blog.gmane.org/gmane.mail.qmail.scanner/month=20121101

Francesco - 08/10/2012 19:18

@Tokie:

Stesso problema, risolto cosi:

export LANG=en_GB
export LC_ALL=en_GB
export LANGUAGE=en_GB
riavvi la shell ed è tutto ok :)

Zhay - 15/05/2012 14:30

@Zhay

miss http://qmailrocks.thibs.com/qmail-ucspi.php

done with installing ucspi-ssl :D

Zhay - 15/05/2012 14:15

rooo@xxx:~# qmailctl stat
/service/qmail-send: up (pid 2365) 397 seconds
/service/qmail-send/log: up (pid 2364) 397 seconds
/service/qmail-smtpd: up (pid 2358) 397 seconds
/service/qmail-smtpd/log: up (pid 2359) 397 seconds
/service/qmail-smtpdssl: up (pid 4740) 1 seconds
/service/qmail-smtpdssl/log: up (pid 2367) 397 seconds
messages in queue: 0
messages in queue but not yet preprocessed: 0

 

tail /var/log/qmail/qmail-smtpdssl/current

@400000004fb2645f3548a5dc ERROR: sslserver not found in PATH [/var/qmail/bin:/usr/local/bin:/usr/bin:/bin]

 

installing on lucid 10.04 ... :((

Stephend - 23/03/2012 13:42

@Radiotrib: So far the only way I have found to get pass the error mentioned by Goofy is to make the clamav daemon run as root. This is far from ideal and I am still searching for another solution. So far I am been looking for roughly 3 weeks and it is driving me mad. I have checked the qmail-scanner mailing list and found someone else with the same issue but there is no solution mention in the email thread.

http://www.mail-archive.com/qmail-scanner-general@lists.sourceforge.net/msg07486.html

Radiptrib - 23/03/2012 13:34

Forget my last comment ... most of my issues were being caused by permissions orpblems after I reinstalled over a previous install. Almost all done now except for pyzor ... and another problem which I noted on the relevant page.

Radiotrib - 21/03/2012 18:57

I get exactly the same symptoms as Goofy when I try to run the test, but his solution doesn't work at all for me. I'm running on Ubuntu 1.04, and the Perl doesn't support suid any more ,s I have to use the C wrapper ...

I was always used to using softlimit, but that also seems to have evaporated from the qmail world since last time i installed it.

Any advce ?? anyone ??

 

Thibs - 25/01/2012 10:13

@Tokie :

Try dpkg-reconfigure locales

Choose the locales you want to install. Choose at least it_IT ISO-8859-1

Then select it_IT ISO-8859-1 as default

Note that I'm not sure of this solution ... but as the author of the patch is italian, I suppose he has an italian translation ;-)

Tokie - 20/01/2012 09:43

Hi to all,

i'm an italian user and I had the following matter:

root@debian:/downloads/qmail-scanner-2.10st# ./configure --admin postmaster --domain wivagroup.com --local-domains "wivagroup.com" --sa-quarantine 5 --ignore-eol-check yes --add-dscr-hdrs yes --notify psender,admin --sa-report yes --fix-mime 1 --unzip 1 --archive 0 --silent-viruses auto --redundant no --log-crypto 0

   Building Qmail-Scanner 2.10st-20111118...


                ***** NOTE ******

Qmail-Scanner doesn't have language translations for it_IT.UTF-8


root@debian:/downloads/qmail-scanner-2.10st#

I don't have found a solution on internet, so I modify the file configure replacing the en-GB with it_IT.

configure it's too big to past here; if anyone needs the files contact me by email.

Bye

Jevgenijus - 19/01/2012 20:20

I've done this task in another way, I've cutted off the patch bit with antivirus and antispam part.

Thibs - 18/01/2012 00:30

@Jevgenijus : If you want to avoid it, you just have to comment QMAILQUEUE variable in /etc/service/qmail-smtpd/run


 

 

 

Jevgenijus - 17/01/2012 21:00

Like an option it could be nice have a choice to make installation without antivirus ant antispam filtering, cause where are sistems who goes after Antispam/antivirus gateways, so nothing to check, all emails are already checked or tagged with some spam flags:)

Thibs - 28/11/2011 15:02

@Dbrandib : Check page removemta.php for complete procedure on how to remove installed MTA

Dbrandib - 24/11/2011 22:01

Solved!!! I have a sendmail running on 25 port. I did not remove it properly. After check processes by  netstat -anp |grep LIST I found that process running. I killed it, remove package, restart qmail and now everything is fine.

Regards

Dbrandib - 24/11/2011 17:26

Dear all,

 

after follow all guide I have an error on qmail-smtpd. The error is:

" tcpserver: fatal: unable to bind: address already used"

 

Any idea?

Regards

Thibs - 17/11/2011 23:12

@lawrence : I'm currently testing simscan and I plan to make a page about it. My only fear is about the last release date (4 years ago).

I plan to describe dovecot too. As far as I know, the standard Debian package is compiled with the option "--without-vpopmail". I have to decide if I'll described how to recompile the package with vpopmail or if I'll describe with MySQL authentication

Lawrence - 17/11/2011 19:26

I would actually suggest dumping qmail-scanner, and using simscan.

Its a lot faster, and less resource heavy.

 

Also slots in quite nicely with qmailrocks/jms with minimal changes.

 

Similar for courier - I use dovecot - again, much easier to install, and use.  

 

Thibs - 24/10/2011 21:17

@Lawmanlkm

Those links should interrest you :

https://www.antagonism.org/mail/tnefclean-maildrop.shtml

https://www.antagonism.org/mail/policy-qms.shtml

 

 

 

Thibs - 20/10/2011 14:42

@Lawmanlkm

aptitude install tnef

Lawmanlkm - 11/10/2011 07:22

How to integrate tnef decoder with qmail-scanner in order to prevent winmail.dat?

Hip0 - 02/08/2011 19:43

One step before testing with qmailscan, that is missed is:

/etc/init.d/clamav-daemon restart

/etc/init.d/clamav-freshclam restart

 

If this two commands are missed:

 

 

root@debian:/downloads/qmail-scanner-2.08st/contrib# ./test_installation.sh -doit

 

Sending standard test message - no viruses... 1/4

qmail-inject: fatal: qq temporary problem (#4.3.0)

Bad error. qmail-inject died

 

Kfcs - 06/02/2011 14:05

It seems that I needed to restart the system after installing demontools in order for svscan to be started. Alternatively svscan could be startde manually.

 

This fixed it.

 

Thibs - 16/01/2011 21:11

@KFCS It seems you've missed something at this step

Kfcs - 09/01/2011 02:32

On Lucid. When trying to atart/stat qmail, I got:

root@kfcs:/downloads/qmail-scanner-2.08st# qmailctl start
Starting qmail

qmail-send supervise not running
qmail-smtpd supervise not running
qmail-smtpd supervise not running
root@kfcs:/downloads/qmail-scanner-2.08st# qmailctl stat
/service/qmail-send: unable to open supervise/ok: file does not exist
/service/qmail-send/log: unable to open supervise/ok: file does not exist
/service/qmail-smtpd: unable to open supervise/ok: file does not exist
/service/qmail-smtpd/log: unable to open supervise/ok: file does not exist
/service/qmail-smtpdssl: unable to open supervise/ok: file does not exist
/service/qmail-smtpdssl/log: unable to open supervise/ok: file does not exist
messages in queue: 0
messages in queue but not yet preprocessed: 0
root@kfcs:/downloads/qmail-scanner-2.08st#

 

Goofy - 15/08/2010 19:13

Hmm, while doing this on LUCID got stuck here for a while...

Complaining when executing ./test_installation.sh -doit about:
qmail-inject: fatal: qq temporary problem (#4.3.0)
Bad error. qmail-inject died

Errors in /var/log/clamav/clamav.log ->
 WARNING: lstat() failed on: /var/spool/qscan/tmp/mail<numbers>

Errors in /var/log/qmail/qscan/qmail-queue.log ->
 subj='Qmail-Scanner test (1/4): inoffensive message', via local process <number> <data> error_condition: X-Qmail-Scanner-2.08st: clamdscan: corrupt or unknown clamd scanner error or memory/resource/perms problem - exit status 512/2

Errors in /var/log/kern/log ->
type=1503 audit(<number>):  operation="open" pid=<number> parent=1 profile="/usr/sbin/clamd" requested_mask="r::" denied_mask="r::" fsuid=168 ouid=168 name="/var/spool/qscan/tmp/mail<number>/"

It turns out that the APP-ARMOR profile for clamav is not correct....

By executing "aa-complain /usr/sbin/clamd" the profile is put in complain mode and the command "./test_installation.sh -doit" is doing it's job :-)

 


Color Coded Qmail Installation Key
  Regular Black Text     Qmail installation notes and summaries by the author.
  Bold Black Text     Commands to be run by you, the installer.
  Bold/Regular Red Text    Vital and/or critical information.
  Regular Blue text     Denotes helpful tips and hints or hyperlinks.
  Regular Orange Text     Command line output.
  Bold/Regular green text     Denotes the contents of a file or script.