Add clamav & spamassassin after installation

mandrael · January 5, 2023, 1:32pm

Hi, I know there are some threads about this, but I don’t know how to add the special config of the Hestia install script:

github.com

hestiacp/hestiacp/blob/ee10e2275139684fc9a2d32169d0da702cea5ad2/install/hst-install-ubuntu.sh#L1747-L1768


      
          #----------------------------------------------------------#
          #                     Configure ClamAV                     #
          #----------------------------------------------------------#
          
          
if [ "$clamd" = 'yes' ]; then
              gpasswd -a clamav mail > /dev/null 2>&1
              gpasswd -a clamav Debian-exim > /dev/null 2>&1
              cp -f $HESTIA_INSTALL_DIR/clamav/clamd.conf /etc/clamav/
              update-rc.d clamav-daemon defaults
              echo -ne "[ * ] Installing ClamAV anti-virus definitions... "
              /usr/bin/freshclam >> $LOG &
              BACK_PID=$!
              spin_i=1
              while kill -0 $BACK_PID > /dev/null 2>&1 ; do
                  printf "\b${spinner:spin_i++%${#spinner}:1}"
                  sleep 0.5
              done
              echo
              systemctl start clamav-daemon >> $LOG
              check_result $? "clamav-daemon start failed"

This file has been truncated. show original

I installed both spamassassin and clamaav:
apt install spamassassin clamav clamav-daemon

Then edited the hestia config file:
nano /usr/local/hestia/conf/hestia.conf

At the beginning:
ANTISPAM_SYSTEM=‘spamassassin’
ANTIVIRUS_SYSTEM=‘clamav-daemon’

And in the panel I edited the exim4 config file by uncommenting those lines:
SPAMASSASSIN = yes
SPAM_SCORE = 50
SPAM_REJECT_SCORE = 100
CLAMD = yes

By now it seems okay, but how to get the special configuration from the install script?

Can someone copy an paste the lines, which I can put into an sh-file to run the final configuration of both spamassassin and clamav?

Is there any difference between running it on Debian or Ubuntu? I run Debian.

Thanks!

eris · January 5, 2023, 8:34pm

Run the commands listed in the installer:

HESTIA_INSTALL_DIR = is by default /usr/local/hestia/install/deb/

And the config can be found there

gpasswd -a clamav mail > /dev/null 2>&1
gpasswd -a clamav Debian-exim > /dev/null 2>&1
cp -f /usr/local/hestia/install/deb/clamav/clamd.conf /etc/clamav/
update-rc.d clamav-daemon defaults
systemctl start clamav-daemon

    echo "[ * ] Configuring SpamAssassin..."
    update-rc.d spamassassin defaults > /dev/null 2>&1
    sed -i "s/ENABLED=0/ENABLED=1/" /etc/default/spamassassin
    systemctl start spamassassin >> $LOG
    check_result $? "spamassassin start failed"
    unit_files="$(systemctl list-unit-files |grep spamassassin)"
    if [[ "$unit_files" =~ "disabled" ]]; then
        systemctl enable spamassassin > /dev/null 2>&1
    fi

I you use Debian use the Debian installer as basis. Also use the last release version

github.com

hestiacp/hestiacp/blob/release/install/hst-install-debian.sh

#!/bin/bash

# ======================================================== #
#
# Hestia Control Panel Installer for Debian
# https://www.hestiacp.com/
#
# Currently Supported Versions:
# Debian 10, 11
#
# ======================================================== #

#----------------------------------------------------------#
#                  Variables&Functions                     #
#----------------------------------------------------------#
export PATH=$PATH:/sbin
export DEBIAN_FRONTEND=noninteractive
RHOST='apt.hestiacp.com'
GPG='gpg.hestiacp.com'
VERSION='debian'

This file has been truncated. show original

mandrael · January 7, 2023, 4:04pm

Hi eris, thanks for your answer. I entered the commands you sent, but don’t know how to handle if, fi etc. Best option would be an update script, which works after installation.

Anyway, after entering all relevant lines (without the if, …) spamassassin and clamav still don’t work. I see the processes running, but there are no clamav/spamassassin headers in the mails.

On Ultahost with high cpu and ram I got this message and doesn’t see spamassassinor clamav installing:

NGINX Web / Proxy Server
- Apache Web Server (as backend)
- PHP-FPM Application Server
- Bind DNS Server
- Exim Mail Server + ClamAV + SpamAssassin
- Dovecot POP3/IMAP Server
- MariaDB Database Server
- Vsftpd FTP Server
- Firewall (iptables) + Fail2Ban Access Monitor

Raphael · January 7, 2023, 4:13pm

u sure it doesnt install it?

mandrael · January 7, 2023, 4:21pm

Thanks ScIT, sorry I just noticed it and deleted the last part of the question. Then I saw you already answered. I only looked at the enumeration and not the +ClamAV and +Spamassassin.
(I recovered the text)

Still on my main server spamassassin and clamav are running, but no visible effect on the mails, at least not in headers. How can I definitely test if both services scan mails?

eris · January 7, 2023, 4:25pm

ClamAV:

Spam

mandrael · January 7, 2023, 4:57pm

Thanks to you both, I found the problem. Some time ago I activated antispam and antivirus via hestia cli (v-add-mail-domain-antispam & v-add-mail-domain-antivirus). The ticks were activated in the panel. Now they weren’t. I activated them via panel and the test spam mail was marked and moved into the folder “spam”, not “junk”. So there is still a small issue with moving mails into the right folder.

mandrael · January 7, 2023, 5:34pm

Okay, I solved the junk/spam folder issue this way:

nano /etc/roundcube/config.inc.php

// See real folder names in Roundcube, only temp. activated:
// Disable localization of the default folder names listed above
$config['show_real_foldernames'] = true; 

// default folder to store spam messages
// NOTE: Use folder names with namespace prefix (INBOX. on Courier-IMAP)
$config['junk_mbox'] = 'Spam';

Some users still had Junk as default mailbox. I checked the database.

opened PhpMyAdmin, cp.domain.tld/phpmyadmin (or via panel)
entered the login data in config.inc.php
checked table “users”
in some preferences there still was junk_mbox = Junk. I changed it to Spam.

Now everything is running as expected.
Best, Michael

mandrael · January 8, 2023, 11:35am

/etc/default/spamassassin

# Prior to version 3.4.2-1, spamd could be enabled by setting
# ENABLED=1 in this file. This is no longer supported. Instead, please
# use the update-rc.d command, invoked for example as "update-rc.d
# spamassassin enable", to enable the spamd service.

eris · January 8, 2023, 11:44am

That why we also run:
systemctl enable spamassassin > /dev/null 2>&1

eris · January 8, 2023, 11:45am

Just checked:

Ubuntu 20.04

# /etc/default/spamassassin
# Duncan Findlay

# WARNING: please read README.spamd before using.
# There may be security risks.

# If you're using systemd (default for jessie), the ENABLED setting is
# not used. Instead, enable spamd by issuing:
# systemctl enable spamassassin.service
# Change to "1" to enable spamd on systems using sysvinit:
ENABLED=1

Debian 11

root@dev:/etc/default# cat spamassassin 
# /etc/default/spamassassin
# Duncan Findlay

# WARNING: please read README.spamd before using.
# There may be security risks.

# Prior to version 3.4.2-1, spamd could be enabled by setting
# ENABLED=1 in this file. This is no longer supported. Instead, please
# use the update-rc.d command, invoked for example as "update-rc.d
# spamassassin enable", to enable the spamd service.

system · February 7, 2023, 11:46am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.