1 Topic by zuotoski

  • zuotoski
  • Member
  • Offline
  • Registered: 2016-06-14
  • Posts: 72

Topic: Active Directory integration and SpamAssassin + Amavis

==== Required information ====
- iRedMail version (check /etc/iredmail-release): iRedMail-0.9.5-1
- Linux/BSD distribution name and version: Ubuntu 14.04.4 LTS
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): Windows 2003 Active Directory
- Web server (Apache or Nginx): Apache/2.4.7 (Ubuntu)
- Manage mail accounts with iRedAdmin-Pro? No
- Related log if you're reporting an issue: as follows...
====

Hi!
   I don't remember why, but when I installed and setup iRedMail with Active Directory, I've deactivated SpamAssassin and Amavis. Maybe some suggesntion/mandatory configuartion that was in the documentations, I don't really remember.

   Now, can it be activated with AD integration? If so, how, please?

Thanks,
Alex

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: Active Directory integration and SpamAssassin + Amavis

*) Enable services: amavis, clamav-daemon, clamav-freshclam.
*) Enable 'content_filter=inet:[127.0.0.1]:10024' in /etc/postfix/main.cf.
*) Enable 'content_filter=inet:[127.0.0.1]:10026' in /etc/postfix/master.cf, transport "submission".

3 Reply by zuotoski

  • zuotoski
  • Member
  • Offline
  • Registered: 2016-06-14
  • Posts: 72

Re: Active Directory integration and SpamAssassin + Amavis

Thanks for the fast reply, appreciated. Just to confirm:

1) When you say "enable service" you mean to start it when system boots? I don't know if these services are already enabled and/or installed (sorry for my iognorance);

2) /etc/postfix/main.cf

Should I leave it as it is? The line with "content_filter = smtp-amavis:[127.0.0.1]:10024"

#
# Dovecot SASL support.
#
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/dovecot-auth
virtual_transport = dovecot
dovecot_destination_recipient_limit = 1
content_filter = smtp-amavis:[127.0.0.1]:10024
smtp-amavis_destination_recipient_limit = 1
relay_recipient_maps =
smtpd_sasl_local_domain = here_goes_my_domain.com.br

3) /etc/postfix/master.cf

Should I comment out from "submission inet n" until "-o milter_macro_daemon_name=ORIGINATING"?

tlsproxy  unix  -       -       -       -       0       tlsproxy
#submission inet n       -       -       -       -       smtpd
#  -o syslog_name=postfix/submission
#  -o smtpd_tls_security_level=encrypt
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_reject_unlisted_recipient=no
#  -o smtpd_client_restrictions=$mua_client_restrictions
#  -o smtpd_helo_restrictions=$mua_helo_restrictions
#  -o smtpd_sender_restrictions=$mua_sender_restrictions
#  -o smtpd_recipient_restrictions=
#  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
#smtps     inet  n       -       -       -       -       smtpd
#  -o syslog_name=postfix/smtps
#  -o smtpd_tls_wrappermode=yes
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_reject_unlisted_recipient=no
#  -o smtpd_client_restrictions=$mua_client_restrictions
#  -o smtpd_helo_restrictions=$mua_helo_restrictions
#  -o smtpd_sender_restrictions=$mua_sender_restrictions
#  -o smtpd_recipient_restrictions=
#  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
#628       inet  n       -       -       -       -       qmqpd

Thanks! smile

4 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: Active Directory integration and SpamAssassin + Amavis

zuotoski wrote:

1) When you say "enable service" you mean to start it when system boots?

YES.

zuotoski wrote:

2) /etc/postfix/main.cf

Should I leave it as it is? The line with "content_filter = smtp-amavis:[127.0.0.1]:10024"

YES.

zuotoski wrote:

3) /etc/postfix/master.cf

Should I comment out from "submission inet n" until "-o milter_macro_daemon_name=ORIGINATING"?

tlsproxy  unix  -       -       -       -       0       tlsproxy
#submission inet n       -       -       -       -       smtpd
#  -o syslog_name=postfix/submission
#  -o smtpd_tls_security_level=encrypt
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_reject_unlisted_recipient=no
#  -o smtpd_client_restrictions=$mua_client_restrictions
#  -o smtpd_helo_restrictions=$mua_helo_restrictions
#  -o smtpd_sender_restrictions=$mua_sender_restrictions
#  -o smtpd_recipient_restrictions=
#  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING

Be careful, there're 2 "submission" transports in master.cf, the first one is shipped by Postfix, the second one was added by iRedMail during installation. And you should update the second one.

iRedMail doesn't configure or use 'smtps', it's deprecated. And you should not use it.

5 Reply by zuotoski

  • zuotoski
  • Member
  • Offline
  • Registered: 2016-06-14
  • Posts: 72

Re: Active Directory integration and SpamAssassin + Amavis

OK, I've managed to make everything work back again with your help - Thanks. Actually, the only thing that was missing was the option ENABLED=1 (which was 0) in /etc/default/spamassassin

I am trying to manage SpamAssassin with Webmin, it it possible? If not, how can I setup whithelists/blacklists, and also  possible messages queued by SpamAssassin/Amavis?

6 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: Active Directory integration and SpamAssassin + Amavis

zuotoski wrote:

Actually, the only thing that was missing was the option ENABLED=1 (which was 0) in /etc/default/spamassassin

This doesn't make sense. This option will run SpamAssassin daemon in the background, but iRedMail doesn't use it at all (it's called by Amavisd).

7 Reply by zuotoski (edited by zuotoski 2016-10-11 19:30:35)

  • zuotoski
  • Member
  • Offline
  • Registered: 2016-06-14
  • Posts: 72

Re: Active Directory integration and SpamAssassin + Amavis

ZhangHuangbin wrote:
zuotoski wrote:

Actually, the only thing that was missing was the option ENABLED=1 (which was 0) in /etc/default/spamassassin

This doesn't make sense. This option will run SpamAssassin daemon in the background, but iRedMail doesn't use it at all (it's called by Amavisd).

Well, how it works, I don't know, but that's what made it work. [Edited] I don't mean to be disrespectful, please don't get wrong, ok? And sure, I may be wrong about it.

I am trying to manage SpamAssassin with Webmin, is it possible? If not, how can I setup whithelists/blacklists, and also   manage possible messages queued by SpamAssassin/Amavis?

8 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: Active Directory integration and SpamAssassin + Amavis

zuotoski wrote:

I am trying to manage SpamAssassin with Webmin, is it possible? If not, how can I setup whithelists/blacklists, and also   manage possible messages queued by SpamAssassin/Amavis?

I didn't manage SA with webmin before, so cannot help in this case.

If you own an iRedAdmin-Pro license, you can manage whitelists, blacklists, (basic) spam policy on web ui directly.

9 Reply by zuotoski

  • zuotoski
  • Member
  • Offline
  • Registered: 2016-06-14
  • Posts: 72

Re: Active Directory integration and SpamAssassin + Amavis

ZhangHuangbin wrote:
zuotoski wrote:

I am trying to manage SpamAssassin with Webmin, is it possible? If not, how can I setup whithelists/blacklists, and also   manage possible messages queued by SpamAssassin/Amavis?

I didn't manage SA with webmin before, so cannot help in this case.

If you own an iRedAdmin-Pro license, you can manage whitelists, blacklists, (basic) spam policy on web ui directly.

Hi!
   Sorry for bringing this up again, but until today I couldn't make spamassassin to work. What am I missing? Do I have to install and activate procmail, too? Does it work when dovecot is using LDAP?
   Correct me if I am wrong, but if I use LDAP (Microsoft Active Directory), the web ui for iRedMail has no effect/use. If that is true, there is no point to buy a iRedMail-Pro license. I don't mean to be rude, it's a legitime question.
   Please, any help will be very much appreciated.

Thank you.

10 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: Active Directory integration and SpamAssassin + Amavis

What do you mean "couldn't make spamassassin to work"? How did you verify that?

iRedAdmin-Pro doesn't support Active Directory, so if you integrate AD with iRedMail, you don't need to buy iRedAdmin-Pro.

11 Reply by zuotoski

  • zuotoski
  • Member
  • Offline
  • Registered: 2016-06-14
  • Posts: 72

Re: Active Directory integration and SpamAssassin + Amavis

ZhangHuangbin wrote:

What do you mean "couldn't make spamassassin to work"? How did you verify that?

iRedAdmin-Pro doesn't support Active Directory, so if you integrate AD with iRedMail, you don't need to buy iRedAdmin-Pro.

Forget it, it is working great!
To know that it is working, I did the following: assigned an e-mail address to "Denied Address", then in the Procmail Spam Delivery, I chose "Append to Qmail-style mail directory .." and inserted .Junk - Saved, and tried to send a message using the blacklisted email - BAM! the e-mail went directly to my INBOX Junk folder.

I am using Webmin to Manage spamassassin.

I've mentioned the iRedAdmin-Pro, because you said that if I'd buy it, it would be possible to manage Spamassassin by the web interface. I just wanted you to know it would be unnecessary to buy the Pro version, exactly because I am using LDAP/Active Directory,

Sorry for my mistake and for taking your time.

Thank you! smile