Archive for the ‘ezmlm’ Category

How to rotate clamd/freshclam log files

Sunday, January 27th, 2008

At some point you may get the following message in freshclam.log file:

  1. Log size = 3701814, max = 1048576
  2. LOGGING DISABLED (Maximal log file size exceeded).

That means that you reached the maximum allowed log size defined by LogFileMaxSize parameter found in clamd.conf and basically logging was disabled.

So, how to rotate freshclam.log?

There is a way to rotate ClamAV log files using newsyslog. In order to do this edit /etc/newsyslog.conf and add the following line (all in one line), following by killall -HUP syslogd:

  1. /var/log/clamav/freshclam.log qscand:qscand 644 3 * $W0D1 Z /var/run/clamav/freshclam.pid 1

It does look like a standard newsyslog entry with four values worth mentioning though. qscand:qscand is the one who runs clamd/freshclam (I use clamd with qmail-scanner). The second one $W0D1 means rotate every week on Sunday at 1AM. The third and the forth one /var/run/clamav/freshclam.pid 1 mean that the signal number 1 will be sent to the daemon’s process ID (/var/run/clamav/freshclam.pid) which stands for HUP (hang up). In other words we just restart freshclam after each sucessfull log rotation.

Check man newsyslog.conf and man kill for more details in case interested.

PS: I beleive you can rotate clamd.log the same way assuming that you would change PID to /var/run/clamav/clamd.pid, not tested though.

PSS [20080528]: Confirmed. Same technique works fine with clamd.log as well.

  1. /var/log/clamav/clamd.log qscand:qscand 644 3 * $W0D1 Z /var/run/clamav/clamd.pid 1

ezmlm & mailing group being subscriber of another mailing group

Thursday, January 24th, 2008

Let’s say there is ezmlm created mailing group (dev at kaba1ah dot org) and it is included into another ezmlm based group (office at kaba1ah dot org). If you send a message to office at kaba1ah dot org delivery to dev at kaba1ah dot org will be rejected with the following error:

  1. failure: ezmlm-reject:_fatal:_List_address_must_be_in_To:_or_Cc:_(#5.7.0)/

In order to bypass this error check .qmail-office which is responsible for office at kaba1ah dot org mailing list. I use vpopmail so the requested file is located at /home/vpopmail/domains/kaba1ah.org/.qmail-office and replace

  1. |/usr/local/bin/ezmlm-reject '/home/vpopmail/domains/kaba1ah.org/office'

with

  1. |/usr/local/bin/ezmlm-reject -T '/home/vpopmail/domains/kaba1ah.org/office'

Note -T added after ezmlm-reject. This would do the trick. Just out of curiosity: according to man ezmlm-reject:

  1. -T Do not require the list  address in the “To:'' or “Cc:'' header(s).

Finally, here is an entry in ezmlm FAQ:

8.1 Requiring the list address in To:/Cc: headers.

SPAM or junk mail is usually sent by mailing a single message to a large number of (unwilling) recipients. As such, it usually does not contain the E-mail address of all recipients (remember, junk mailers pay for these address lists). By rejecting messages that do not have the list address in the To: or Cc: header(s) a large fraction of spam to the list can be filtered out.

This filter function is activated by default, but will work only if you specify the list directory on the ezmlm-reject(1) command line. To disable this restriction, remove the “DIR” argument from the ezmlm-reject(1) command line, or add the “-T” switch.

By default, this error is logged, and an error message is sent to the sender. Since virtually all the failures will be SPAM and virtually all spam has a faked SENDER, most of these error messages will go to the postmaster. Thus, you may want to use the ezmlm-reject “-q” switch (quiet) to suppress the sender notification.