# Amavisd-new and quarantine.. not working (SOLVED)

## hanj

Hello

I've been running with amavisd-new/spammassassin/postfix/mysql for some time without any problems. I've been 'passing' SPAM to  my users, and now I'm trying to implement the squirrelmail plugin amavisnewsql, which is a pretty cool system that allows releasing quarantined spam, etc. Anyway, I have two mailservers running identical packages and configs (minus some settings ie:host, etc). The first server I made adjustments to amavisd.conf to quarantine mail and not pass (D_DISCARD) with bsmtp as method. Everything worked great, spam was quarantined, and squirrelmail can release.

Now, when I tried to implement the same settings on server number two, I'm unable to get any spams in the quarantine, they are all discarded. The confs are basically the same, I'll post server twos related config blocks, let me know if you need other sections (didn't want to paste the entire config in here).

```
$final_virus_destiny      = D_DISCARD;  # (defaults to D_DISCARD)

$final_banned_destiny     = D_DISCARD;  # (defaults to D_BOUNCE)

$final_spam_destiny       = D_DISCARD;  # (defaults to D_BOUNCE)

$final_bad_header_destiny = D_PASS;  # (defaults to D_PASS), D_BOUNCE suggested

$QUARANTINEDIR = "$MYHOME/quarantine";

$virus_quarantine_method        = 'bsmtp:virus-%i-%n';

$spam_quarantine_method         = 'bsmtp:spam-%b-%i-%n';

$banned_files_quarantine_method = 'bsmtp:banned-%i-%n';

$bad_header_quarantine_method   = 'bsmtp:badh-%i-%n';

$sa_local_tests_only = 0; 

$sa_mail_body_size_limit = 200*1024;

$sa_tag_level_deflt  = -999;

$sa_tag2_level_deflt = 5.0;

$sa_kill_level_deflt = $sa_tag2_level_deflt;

$sa_dsn_cutoff_level = 10;

$sa_spam_subject_tag = '***SPAM*** ';

$sa_spam_level_char = '*';

$sa_spam_report_header = 1;

$first_infected_stops_scan = 1;
```

bsmtp format is needed for the squirrelmail plugin. I almost want to say that this is the problem. It's like amavis is not seeing the method, and thinks it's undefined, therefore quarantine is disabled. Also another odd thing is 'bad-headers'. I have it set as D_PASS, but those ARE getting quarantined? I'll provide a listing of that directory further down.

Here are the examples of working and non-working mail.log messages..

server one (working)

```
one.comp.com amavis[6145]: (06145-01) Blocked SPAM, [xxx.xxx.xxx.xxx] <spamtest@yahoo.com> -> <hanji@comp1.com>, quarantine: spam-b656d886d31fa6cf7dda84229074c8e9-20060909-120747-06145-01, Message-ID: <20060909180746.24913.qmail@web52708.mail.yahoo.com>, mail_id: c9mpi3PEX+bF, Hits: 14.42, 5584 ms

Sep  9 12:07:53 one.comp.com postfix/smtp[26823]: 4EA6C654058: to=<hanji@comp1.com>, relay=localhost[127.0.0.1], delay=7, status=sent (250 2.7.1 Ok, discarded, id=06145-01 - SPAM)
```

server two (not working)

```
Sep  9 15:15:42 two.comp.com amavis[30591]: (30591-01) Blocked SPAM, [xxx.xxx.xxx.xxx] <spamtest@yahoo.com> -> <hanji@comp2.com>, Message-ID: <20060909211523.58527.qmail@web52703.mail.yahoo.com>, mail_id: VJp+JxIRUZbM, Hits: 20.162, 9187 ms

Sep  9 15:15:42 two.comp.com postfix/smtp[29881]: 65D5DA23B3E: to=<hanji@comp2.com>, relay=localhost[127.0.0.1], delay=18, status=sent (250 2.7.1 Ok, discarded, id=30591-01 - SPAM)
```

Here are my relevent packages (same on both servers including the same USE flags)

```
mail-filter/amavisd-new-2.4.1

mail-mta/postfix-2.2.10

dev-db/mysql-4.1.21

mail-filter/spamassassin-3.1.3

```

Here are the permissions on the non working quarantine directory. Also notice the bad-header (badh) quarntine files?? I definitely don't get why those are going in.. when I said pass it.

```
drwxr-x--- 3 amavis amavis   248 Sep  9 15:44 .

drwxr-xr-x 8 amavis amavis   456 Sep  9 15:38 ..

-rw-r----- 1 amavis amavis     0 Sep  9 15:25 .keep

drwxr-xr-x 2 amavis amavis    48 Sep  9 13:09 .notstored

-rw-r----- 1 amavis amavis 11513 Sep  9 14:07 badh-20060909-140735-12365-01

-rw-r----- 1 amavis amavis  5406 Sep  9 14:28 badh-20060909-142848-12365-06

-rw-r----- 1 amavis amavis  5488 Sep  9 15:08 badh-20060909-150807-02881-02
```

I'll also include my /etc/spamassassin/local.cf file, in case there is something I missed in there, but I'm pretty sure that amavis handles the quarantie.

```
bayes_auto_learn 1 

bayes_auto_learn_threshold_nonspam 1 

bayes_auto_learn_threshold_spam 14.00

bayes_store_module      Mail::SpamAssassin::BayesStore::MySQL

bayes_sql_dsn           DBI:mysql:postfix:localhost

bayes_sql_username      postfix

bayes_sql_password      password_removed

bayes_auto_expire       1

bayes_expiry_max_db_size 100000

add_header all Level _STARS(*)_

skip_rbl_checks         0

use_razor2              1

use_dcc                 1

use_pyzor               1

use_bayes               1

ok_languages            en

ok_locales              en
```

Thanks in advance!

hanji

----------

## hanj

So, I think it's something internally. I copied config from working server one to not-working server two. Changed the host name values and local_domains info.. and still no quarantine.

Here is the output of amavis startup.. maybe someone will see something that I missed. I compared the startup to the working server.. and they're loading/not loading the same modules, etc.

```
Sep  9 14:40:31 comp /usr/sbin/amavisd[581]: Module Amavis::Conf        2.065

Sep  9 14:40:31 comp /usr/sbin/amavisd[581]: Module Archive::Tar        1.28

Sep  9 14:40:31 comp /usr/sbin/amavisd[581]: Module Archive::Zip        1.16

Sep  9 14:40:31 comp /usr/sbin/amavisd[581]: Module BerkeleyDB          0.27

Sep  9 14:40:31 comp /usr/sbin/amavisd[581]: Module Compress::Zlib      1.41

Sep  9 14:40:31 comp /usr/sbin/amavisd[581]: Module Convert::TNEF       0.17

Sep  9 14:40:31 comp /usr/sbin/amavisd[581]: Module Convert::UUlib      1.06

Sep  9 14:40:31 comp /usr/sbin/amavisd[581]: Module DBD::mysql          2.9007

Sep  9 14:40:31 comp /usr/sbin/amavisd[581]: Module DBI                 1.50

Sep  9 14:40:31 comp /usr/sbin/amavisd[581]: Module DB_File             1.814

Sep  9 14:40:31 comp /usr/sbin/amavisd[581]: Module Digest::MD5         2.33

Sep  9 14:40:31 comp /usr/sbin/amavisd[581]: Module MIME::Entity        5.417

Sep  9 14:40:31 comp /usr/sbin/amavisd[581]: Module MIME::Parser        5.417

Sep  9 14:40:31 comp /usr/sbin/amavisd[581]: Module MIME::Tools         5.417

Sep  9 14:40:31 comp /usr/sbin/amavisd[581]: Module Mail::Header        1.67

Sep  9 14:40:31 comp /usr/sbin/amavisd[581]: Module Mail::Internet      1.67

Sep  9 14:40:31 comp /usr/sbin/amavisd[581]: Module Mail::SpamAssassin  3.001003

Sep  9 14:40:31 comp /usr/sbin/amavisd[581]: Module Net::Cmd            2.26

Sep  9 14:40:31 comp /usr/sbin/amavisd[581]: Module Net::DNS            0.53

Sep  9 14:40:31 comp /usr/sbin/amavisd[581]: Module Net::SMTP           2.29

Sep  9 14:40:31 comp /usr/sbin/amavisd[581]: Module Net::Server         0.94

Sep  9 14:40:31 comp /usr/sbin/amavisd[581]: Module Razor2::Client::Version 2.82

Sep  9 14:40:31 comp /usr/sbin/amavisd[581]: Module Time::HiRes         1.82

Sep  9 14:40:31 comp /usr/sbin/amavisd[581]: Module Unix::Syslog        0.100

Sep  9 14:40:31 comp /usr/sbin/amavisd[581]: Amavis::DB code      loaded

Sep  9 14:40:31 comp /usr/sbin/amavisd[581]: Amavis::Cache code   loaded

Sep  9 14:40:31 comp /usr/sbin/amavisd[581]: SQL base code        loaded

Sep  9 14:40:31 comp /usr/sbin/amavisd[581]: SQL::Log code        NOT loaded

Sep  9 14:40:31 comp /usr/sbin/amavisd[581]: SQL::Quarantine      NOT loaded

Sep  9 14:40:31 comp /usr/sbin/amavisd[581]: Lookup::SQL code     loaded

Sep  9 14:40:31 comp /usr/sbin/amavisd[581]: Lookup::LDAP code    NOT loaded

Sep  9 14:40:31 comp /usr/sbin/amavisd[581]: AM.PDP-in proto code loaded

Sep  9 14:40:31 comp /usr/sbin/amavisd[581]: SMTP-in proto code   loaded

Sep  9 14:40:31 comp /usr/sbin/amavisd[581]: Courier proto code   NOT loaded

Sep  9 14:40:31 comp /usr/sbin/amavisd[581]: SMTP-out proto code  loaded

Sep  9 14:40:31 comp /usr/sbin/amavisd[581]: Pipe-out proto code  NOT loaded

Sep  9 14:40:31 comp /usr/sbin/amavisd[581]: BSMTP-out proto code loaded

Sep  9 14:40:31 comp /usr/sbin/amavisd[581]: Local-out proto code NOT loaded

Sep  9 14:40:31 comp /usr/sbin/amavisd[581]: OS_Fingerprint code  NOT loaded

Sep  9 14:40:31 comp /usr/sbin/amavisd[581]: ANTI-VIRUS code      loaded

Sep  9 14:40:31 comp /usr/sbin/amavisd[581]: ANTI-SPAM code       loaded

Sep  9 14:40:31 comp /usr/sbin/amavisd[581]: ANTI-SPAM-SA code    loaded

Sep  9 14:40:31 comp /usr/sbin/amavisd[581]: Unpackers code       loaded

Sep  9 14:40:31 comp /usr/sbin/amavisd[581]: Found $file            at /usr/bin/file

Sep  9 14:40:31 comp /usr/sbin/amavisd[581]: No $dspam,             not using it

Sep  9 14:40:31 comp /usr/sbin/amavisd[581]: Internal decoder for .mail

Sep  9 14:40:31 comp /usr/sbin/amavisd[581]: Internal decoder for .asc 

Sep  9 14:40:31 comp /usr/sbin/amavisd[581]: Internal decoder for .uue 

Sep  9 14:40:31 comp /usr/sbin/amavisd[581]: Internal decoder for .hqx 

Sep  9 14:40:31 comp /usr/sbin/amavisd[581]: Internal decoder for .ync 

Sep  9 14:40:31 comp /usr/sbin/amavisd[581]: Found decoder for    .F    at /usr/bin/unfreeze

Sep  9 14:40:31 comp /usr/sbin/amavisd[581]: Found decoder for    .Z    at /usr/bin/uncompress

Sep  9 14:40:31 comp /usr/sbin/amavisd[581]: Internal decoder for .gz  

Sep  9 14:40:31 comp /usr/sbin/amavisd[581]: Found decoder for    .gz   at /bin/gzip -d (backup, not used)

Sep  9 14:40:31 comp /usr/sbin/amavisd[581]: Found decoder for    .bz2  at /bin/bzip2 -d

Sep  9 14:40:31 comp /usr/sbin/amavisd[581]: No decoder for       .lzo  tried: lzop -d

Sep  9 14:40:31 comp /usr/sbin/amavisd[581]: No decoder for       .rpm  tried: rpm2cpio.pl, rpm2cpio

Sep  9 14:40:31 comp /usr/sbin/amavisd[581]: Found decoder for    .cpio at /usr/bin/pax

Sep  9 14:40:31 comp /usr/sbin/amavisd[581]: Found decoder for    .tar  at /usr/bin/pax

Sep  9 14:40:31 comp /usr/sbin/amavisd[581]: Internal decoder for .tar  (backup, not used)

Sep  9 14:40:31 comp /usr/sbin/amavisd[581]: Found decoder for    .deb  at /usr/bin/ar

Sep  9 14:40:31 comp /usr/sbin/amavisd[581]: Internal decoder for .zip 

Sep  9 14:40:31 comp /usr/sbin/amavisd[581]: Found decoder for    .rar  at /usr/bin/unrar

Sep  9 14:40:31 comp /usr/sbin/amavisd[581]: Found decoder for    .arj  at /usr/bin/unarj

Sep  9 14:40:31 comp /usr/sbin/amavisd[581]: Found decoder for    .arc  at /usr/bin/arc

Sep  9 14:40:31 comp /usr/sbin/amavisd[581]: Found decoder for    .zoo  at /usr/bin/zoo

Sep  9 14:40:31 comp /usr/sbin/amavisd[581]: Found decoder for    .lha  at /usr/bin/lha

Sep  9 14:40:31 comp /usr/sbin/amavisd[581]: Found decoder for    .cab  at /usr/bin/cabextract

Sep  9 14:40:31 comp /usr/sbin/amavisd[581]: No decoder for       .tnef tried: tnef

Sep  9 14:40:31 comp /usr/sbin/amavisd[581]: Internal decoder for .tnef

Sep  9 14:40:31 comp /usr/sbin/amavisd[581]: Found decoder for    .exe  at /usr/bin/unrar; /usr/bin/lha; /u

sr/bin/unarj

Sep  9 14:40:31 comp /usr/sbin/amavisd[581]: Using internal av scanner code for (primary) ClamAV-clamd

Sep  9 14:40:31 comp /usr/sbin/amavisd[581]: Found secondary av scanner ClamAV-clamscan at /usr/bin/clamsca

n

Sep  9 14:40:31 comp /usr/sbin/amavisd[581]: Creating db in /var/amavis/db/; BerkeleyDB 0.27, libdb 4.2
```

Also, just found a virus in the quarantine.. not sure why some things are making it in, and no SPAM is.

Thanks!

hanji

----------

## hanj

After corresponding on the amavis-users mailing list (great list by the way), we were able to figure it out. The problem was related to the policy table in the database. Setting the 'spam_quarantine_to' with the value of NULL fixed everything. Not sure why this was an issue on one server and not the other.. but I'm just happy to get it working.

Thanks!

hanji

----------

## hanj

I wrote a complete howto for installing amavisnewsql plugin to squirrelmail if anyone stumbles on this thread with the same problem as me.

http://www.uno-code.com/?q=node/27

Thanks!

hanji

----------

## thoughtform

very nice. i got mine working following your guide.

question:

have you gotten p0f working with this?

i downloaded the p0f-analyzer.pl and ran it, but i don't get the header added to incoming mails.

?

----------

## hanj

 *Scorpaen wrote:*   

> very nice. i got mine working following your guide.
> 
> question:
> 
> have you gotten p0f working with this?
> ...

 

p0f? I see that it's used for passive OS detection based on SYN packets. Not sure how this applies to amavis? Maybe I'm missing something. I'm glad the guide helped you out, though!

Thanks!

hanji

----------

## thoughtform

yes there's a setting in /etc/amavisd.conf for it to check p0f and add a header to each email.

i've got p0f installed but no headers are getting added yet. still working on it...

----------

