[TUTORIAL] Advancing Proxmox Mail Gateway (especially Spam and Virus Detection)

Hi anyone else has been getting this recently?

Code:
/etc/cron.hourly/sa-update:
Possible unintended interpolation of @infoadvertising in string at /tmp/.spamassassin4845VvIzhdtmp/70_HS_header.cf, rule HS_HEADER_1771, line 1.
rules: failed to compile Mail::SpamAssassin::Plugin::Check::_head_tests_0_5, skipping:
    (Global symbol "@infoadvertising" requires explicit package name (did you forget to declare "my @infoadvertising"?) at /tmp/.spamassassin4845VvIzhdtmp/70_HS_header.cf, rule HS_HEADER_1771, line 1.)
channel: lint check of update failed, channel failed
 
It looks like heutger is Offline since May 2021.
I hope he is OK, but I am planning to rewrite all 15 pages in one new post, because a lot changed.
Some configurations are EOL and in PMG 7 some features are by default available.
Hello Maxim,
do you have any news on the summary of this forum tread?
 
I followed this tutorial for very long time and it's working fine.
Until now received this error from sa-update cronjob after updated to PMG 7.3 that shipped along with SpamAssassin 4.0

Code:
/etc/cron.hourly/sa-update:
plugin: failed to parse plugin (from @INC): Can't locate Mail/SpamAssassin/Plugin/Hashcash.pm in @INC (you may need to install the Mail::SpamAssassin::Plugin::Hashcash module) (@INC contains: lib /usr/share/perl5 /etc/perl /usr/local/lib/x86_64-linux-gnu/perl/5.32.1 /usr/local/share/perl/5.32.1 /usr/lib/x86_64-linux-gnu/perl5/5.32 /usr/lib/x86_64-linux-gnu/perl-base /usr/lib/x86_64-linux-gnu/perl/5.32 /usr/share/perl/5.32 /usr/local/lib/site_perl) at (eval 133) line 1.

config: deprecated setting used, change country_db_type to geodb_module
config: deprecated setting used, change country_db_path to geodb_options
geodb: MaxMind::DB::Reader (GeoIP2) module load failed: Can't locate MaxMind/DB/Reader.pm in @INC (you may need to install the MaxMind::DB::Reader module) (@INC contains: /var/lib/spamassassin/compiled/5.032/4.000000 /var/lib/spamassassin/compiled/5.032/4.000000/auto lib /usr/share/perl5 /etc/perl /usr/local/lib/x86_64-linux-gnu/perl/5.32.1 /usr/local/share/perl/5.32.1 /usr/lib/x86_64-linux-gnu/perl5/5.32 /usr/lib/x86_64-linux-gnu/perl-base /usr/lib/x86_64-linux-gnu/perl/5.32 /usr/share/perl/5.32 /usr/local/lib/site_perl)
plugin: failed to parse plugin (from @INC): Can't locate Mail/SpamAssassin/Plugin/Hashcash.pm in @INC (you may need to install the Mail::SpamAssassin::Plugin::Hashcash module) (@INC contains: /var/lib/spamassassin/compiled/5.032/4.000000 /var/lib/spamassassin/compiled/5.032/4.000000/auto lib /usr/share/perl5 /etc/perl /usr/local/lib/x86_64-linux-gnu/perl/5.32.1 /usr/local/share/perl/5.32.1 /usr/lib/x86_64-linux-gnu/perl5/5.32 /usr/lib/x86_64-linux-gnu/perl-base /usr/lib/x86_64-linux-gnu/perl/5.32 /usr/share/perl/5.32 /usr/local/lib/site_perl) at (eval 214) line 1.

config: deprecated setting used, change country_db_type to geodb_module
config: deprecated setting used, change country_db_path to geodb_options
geodb: MaxMind::DB::Reader (GeoIP2) module load failed: Can't locate MaxMind/DB/Reader.pm in @INC (you may need to install the MaxMind::DB::Reader module) (@INC contains: /var/lib/spamassassin/compiled/5.032/4.000000 /var/lib/spamassassin/compiled/5.032/4.000000/auto /var/lib/spamassassin/compiled/5.032/4.000000 /var/lib/spamassassin/compiled/5.032/4.000000/auto lib /usr/share/perl5 /etc/perl /usr/local/lib/x86_64-linux-gnu/perl/5.32.1 /usr/local/share/perl/5.32.1 /usr/lib/x86_64-linux-gnu/perl5/5.32 /usr/lib/x86_64-linux-gnu/perl-base /usr/lib/x86_64-linux-gnu/perl/5.32 /usr/share/perl/5.32 /usr/local/lib/site_perl)

It seems SA 4.0 doesn't include Hashcash and Maxmind DB Reader modules.
Tried to install Mail/SpamAssassin/Plugin/Hashcash.pm but SA will be downgraded to 3.4 automatically which is not good.

Anyone try to fix this?
 
just fyi, the hashcash plugin was deprecated before and is now removed.
quote from the spamassassin 4 release notes:

Removed plugin
--------------

HashCash module, formerly deprecated, has now been removed completely
 
Hi,
after upgrade to Proxmox MGW 7.3 there is a lot of more Spam. We used sa-update channels like described in this thread.
(for example sa.schaal-it.net).

when I run sa-update --nogpg --channel sa.schaal-it.net -D the debug message is:

Apr 13 15:02:11.273 [3894506] dbg: dns: query failed: 0.0.4.sa.schaal-it.net => NXDOMAIN
Apr 13 15:02:12.964 [3894506] dbg: channel: no updates available, skipping channel


are this rules not compatible with spamassassin 4.0 or might there be a solution to load it with the
new sa-update script ?

Best, Jan
 
I dont think of this as off topic, so what are the recommended SA Plugins that should be added?
Because we all want to block more junk.

( For me recommend is low false positives and somewhat conservative practices)
My init.pre only has SPF/DKIM & URIDNSBL.

Then for local.cf I have:
use_bayes 0 bayes_auto_expire 0 bayes_learn_to_journal 1 ok_languages all include /usr/share/spamassassin-extra/kam_sa-channels_mcgrail_com.cf

Thanks!
 
I've been re-visiting these guides recently, and lots has changed...

fail2ban now needs to use nftables instead of iptables, the given DCC stuff doesn't seem to work at all - I don't seem to get any mail scanned by DCC...

I'm wondering if anyone has updated these guides in a while?
 
I've been re-visiting these guides recently, and lots has changed...

fail2ban now needs to use nftables instead of iptables, the given DCC stuff doesn't seem to work at all - I don't seem to get any mail scanned by DCC...

I'm wondering if anyone has updated these guides in a while?

Currently no. I opened some posts and bug/feature requests instead. With the most recent versions I would suggest:

1. Use a good set of blacklists, I recently provided a good set, just some has been shutdown since then, but the remaining lists work well (as well as the paid list and zenhaus most up to date list)
2. Although now deactivated by default, use bayes and AWL and find a way to learn spam and ham from your users to the system
3. Block spam sources (as it seems to be recognized by senders to be blocked instead of getting through)
4. You may (may conflict with 3.) play around with quarantine and be able to differ from block, quarantine, ham

I recently reinstalled a fresh system and recognized as well that many adjustments aren't available any more as well as result in really small improvements (you could still do some, but you should check, how far you get with the adjustments), so I stay with blacklists and bayes.

I also on my private system block gmail at all and to be honest, really rare false-positives but many many spam is coming from the providers, which claim for (e-mail) security but by themselves have the most worse ever. Google upfront, followed by Yahoo and Microsoft.

However, I still have some topics on my whishlist, which would improve, but still waiting for, as with rspamd (recently should got better, I recently also wrote on how to replace spam assassin with rspamd, however, will still require adjustments and from my point of view rspamd is not such good as promoted, I also saw many fuzzy filters in the past and all of them are working not such good as spam assassin (trained)) conditional greylisting. As the blocklists are a really good point to trust on, they may take some time to get spam sources listed. With conditional greylisting this issue could be fixed as "maybe spam" could be delayed for later blacklist checking but won't "slow down" all legitim traffic which won't need greylisting.

Hope that helps.