MailWatch
MailWatch copied to clipboard
mailwatch
Cant get MailWatch and Mailscanner to log in to MySQL
I am having this issue for quite some time and it seems that I can't find solution... and I think that I read the "whole internet". It's really driving me mad.
Anyway, my Linux distro is Centos 7. I set up email postfix server with MailScanner and spamassasin and everything is working as it should.
I wanted to deploy Mailwatch in order to be able to monitor spam messages and to release quarantined messages from quarantine. I followed instructions on Mailwatch site, installed MySQL version 5.6.35, MailWatch 1.2.0 RC3, followed all instructions about setting up MailScanner.conf, installed all Perl modules (DBI, DBD-MySQL, Perl Encoding::FixLatin...). Of course double checked db name, db user, db passwd in MailWatch.pm in /usr/share/MailScanner/MailScanner/CustomFunctions but my DB not logging any message...
From MailWatch web interface I can "see" my qurantine folders (named by date) but when I click on any of those links it just show "Displaying page 0 of 0 - Records 1 to 0 of 0". I double checked permissions in /var/spool/MailScanner/quarantine and they are owned by user postfix and group is apache with permissions 770.
In /var/log/maillog I can see "Config: calling custom end function MailWatchLogging", "Started SQL Logging child", "Config: calling custom end function SQLWhitelist", "Starting up SQL Whitelist" and "Logging message BB09129AA2.A4AEB to SQL" but no "BB09129AA2.A4AEB: Logged to MailWatch SQL"
In addition I can insert white and black list entries to mailscanner db from MailWatch web interface...
Any help would be appreciated, I am really stacked here...
@branko77 - Can you run mailscanner in debug mode and see if anything is highlighted there? I usually find debug mode helpful when there are strange issues with mailwatch / mailscanner.
I have this problem on 1 of my nodes but then I restarted it and it started working again. It happened the other day again, but in a panic I restarted the machine again and it started logging again. I am using freebsd and sendmail though. I would suggest you enable the debugging in the perl script MailWatch.pm possibly, so you can see what might be happening. I assume you can connect to mysql using the -h switch to the remote server hosting mailwatch? Or are you logging to mysql locally?
I am loging localy. I tried with new Mailscanner 5.0.3 but no luck... same thing happening... Tried debug mode MailWatch.pm but no luck as well. My distro is Centos 7 and I am using Postfix... It simply not working... I don't know what else to try...
On Jan 3, 2017 14:38, "mealerz" [email protected] wrote:
I have this problem on 1 of my nodes but then I restarted it and it started working again. It happened the other day again, but in a panic I restarted the machine again and it started logging again. I am using freebsd and sendmail though. I would suggest you enable the debugging in the perl script MailWatch.pm possibly, so you can see what might be happening. I assume you can connect to mysql using the -h switch to the remote server hosting mailwatch? Or are you logging to mysql locally?
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/mailwatch/1.2.0/issues/333#issuecomment-270115756, or mute the thread https://github.com/notifications/unsubscribe-auth/AXbXsPcARtVWMy3piJ9EPZwBgaVXzNyJks5rOk9igaJpZM4LN2r0 .
What does 'mailscanner --lint' return? What does 'php-v' return? What does 'rpm -qa | grep php' return?
MailScanner --lint Trying to setlogsock(unix)
Reading configuration file /etc/MailScanner/MailScanner.conf Read 1501 hostnames from the phishing whitelist Read 13027 hostnames from the phishing blacklists
Checking version numbers... Version number in MailScanner.conf (5.0.3) is correct.
Your envelope_sender_header in spamassassin.conf is correct. MailScanner setting GID to (89) MailScanner setting UID to (89)
Checking for SpamAssassin errors (if you use it)... Using SpamAssassin results cache Connected to SpamAssassin cache database SpamAssassin reported no errors. Connected to Processing Attempts Database Created Processing Attempts Database successfully There are 281 messages in the Processing Attempts Database Using locktype = posix MailScanner.conf says "Virus Scanners = clamav" Found these virus scanners installed: clamavmodule
Filename Checks: Windows/DOS Executable (1 eicar.com) Other Checks: Found 1 problems Virus and Content Scanning: Starting 1.message: Eicar-Test-Signature FOUND
./1/eicar.com: Eicar-Test-Signature FOUND
Virus Scanning: ClamAV found 2 infections Infected message 1 came from 10.1.1.1 Virus Scanning: Found 2 viruses
Virus Scanner test reports: ClamAV said "eicar.com contains Eicar-Test-Signature"
If any of your virus scanners (clamavmodule) are not listed there, you should check that they are installed correctly and that MailScanner is finding them correctly via its virus.scanners.conf.
php -v PHP 5.4.16 (cli) (built: Nov 6 2016 00:29:02) Copyright (c) 1997-2013 The PHP Group Zend Engine v2.4.0, Copyright (c) 1998-2013 Zend Technologies
rpm -qa | grep php php-pear-Auth-SASL-1.0.6-5.el7.noarch php-intl-5.4.16-42.el7.x86_64 php-pear-Mail-Mime-1.10.0-1.el7.noarch php-cli-5.4.16-42.el7.x86_64 php-odbc-5.4.16-42.el7.x86_64 php-php-gettext-1.0.12-1.el7.noarch php-mcrypt-5.4.16-7.el7.x86_64 php-xmlrpc-5.4.16-42.el7.x86_64 php-tidy-5.4.16-7.el7.x86_64 php-mysqlnd-5.4.16-42.el7.x86_64 php-kolab-net-ldap3-1.0.3-1.el7.noarch php-pear-Net-Socket-1.0.14-1.el7.noarch php-pear-Net-IDNA2-0.1.1-10.el7.noarch php-fpm-5.4.16-42.el7.x86_64 php-mbstring-5.4.16-42.el7.x86_64 php-gd-5.4.16-42.el7.x86_64 php-pear-Net-LDAP2-2.1.0-1.el7.noarch php-common-5.4.16-42.el7.x86_64 php-pecl-memcache-3.0.8-4.el7.x86_64 phpMyAdmin-4.4.15.9-1.el7.noarch php-5.4.16-42.el7.x86_64 php-snmp-5.4.16-42.el7.x86_64 php-ldap-5.4.16-42.el7.x86_64 php-pear-Net-Sieve-1.3.4-4.el7.noarch php-soap-5.4.16-42.el7.x86_64 php-pdo-5.4.16-42.el7.x86_64 php-process-5.4.16-42.el7.x86_64 php-imap-5.4.16-7.el7.x86_64 php-pecl-apcu-4.0.11-1.el7.x86_64 php-tcpdf-dejavu-sans-fonts-6.2.11-1.el7.noarch php-pear-1.9.4-21.el7.noarch php-bcmath-5.4.16-42.el7.x86_64 php-pear-Net-SMTP-1.7.2-1.el7.noarch php-devel-5.4.16-42.el7.x86_64 php-pspell-5.4.16-42.el7.x86_64 php-xml-5.4.16-42.el7.x86_64 php-mssql-5.4.16-7.el7.x86_64 php-tcpdf-6.2.11-1.el7.noarch
On Tue, Jan 3, 2017 at 3:13 PM, mealerz [email protected] wrote:
What does 'mailscanner --lint' return? What does 'php-v' return? What does 'rpm -qa | grep php' return?
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/mailwatch/1.2.0/issues/333#issuecomment-270122462, or mute the thread https://github.com/notifications/unsubscribe-auth/AXbXsB2iNS_5-W11eFjobkMXXf0lA23cks5rOleMgaJpZM4LN2r0 .
Please try 'grep "Always Looked Up Last" /etc/MailScanner/MailScanner.conf'
My Mailscanner.conf has option Always Looked Up Last = &MailWatchLogging I will try with php56-mysql and will let you know... thanks for your help
On Tue, Jan 3, 2017 at 3:29 PM, mealerz [email protected] wrote:
Also have you tried installing php56-mysql or even better php56-mysqli ?
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/mailwatch/1.2.0/issues/333#issuecomment-270125784, or mute the thread https://github.com/notifications/unsubscribe-auth/AXbXsF5elqLwq7V0uN7KWTGRB0-_q889ks5rOltAgaJpZM4LN2r0 .
Hmm, there must be something wrong with that pm file then as mailscanner is not reading it. If mailscanner is reading it and you restarted mailscanner, then you should see stuff like this on a lint test - Trying to setlogsock(unix)
Reading configuration file /usr/local/etc/MailScanner/MailScanner.conf Reading configuration file /usr/local/etc/MailScanner/conf.d/README Read 868 hostnames from the phishing whitelist Read 5807 hostnames from the phishing blacklists Config: calling custom init function SQLWhitelist Starting up SQL Whitelist Read 13536 whitelist entries Config: calling custom init function SQLBlacklist Starting up SQL Blacklist Read 16703 blacklist entries Config: calling custom init function MailWatchLogging Started SQL Logging child Config: calling custom init function SQLNoScan Read 333 No Spam Scan entries Config: calling custom init function SQLHighSpamScores Read 970 high Spam entries Config: calling custom init function SQLSpamScores Read 970 Spam entries
Maybe show us 'ls -l /usr/share/MailScanner/MailScanner/CustomFunctions/'
Have you tried just grabbing that file again and just entering the mysql credentials and restarting mailscanner?
I certanly will try that... I am not at work until January 9 so I will try then...
On Jan 3, 2017 15:46, "mealerz" [email protected] wrote:
Hmm, there must be something wrong with that pm file then as mailscanner is not reading it. If mailscanner is reading it and you restarted mailscanner, then you should see stuff like this on a lint test - Trying to setlogsock(unix)
Reading configuration file /usr/local/etc/MailScanner/MailScanner.conf Reading configuration file /usr/local/etc/MailScanner/conf.d/README Read 868 hostnames from the phishing whitelist Read 5807 hostnames from the phishing blacklists Config: calling custom init function SQLWhitelist Starting up SQL Whitelist Read 13536 whitelist entries Config: calling custom init function SQLBlacklist Starting up SQL Blacklist Read 16703 blacklist entries
Config: calling custom init function MailWatchLogging Started SQL Logging child Config: calling custom init function SQLNoScan Read 333 No Spam Scan entries Config: calling custom init function SQLHighSpamScores Read 970 high Spam entries Config: calling custom init function SQLSpamScores Read 970 Spam entries
Maybe show us 'ls -l /usr/share/MailScanner/MailScanner/CustomFunctions/'
Have you tried just grabbing that file again and just entering the mysql credentials and restarting mailscanner?
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/mailwatch/1.2.0/issues/333#issuecomment-270129557, or mute the thread https://github.com/notifications/unsubscribe-auth/AXbXsJnvitAfMdfLg-LrG1zLAhN7uoj9ks5rOl9HgaJpZM4LN2r0 .
@mealerz Maybe show us 'ls -l /usr/share/MailScanner/MailScanner/CustomFunctions/'
On my side for Mailscanner, I don't have the same path.
/etc/MailScanner/custom -> /usr/share/MailScanner/perl/custom .pm inside custom/.
Debian mailscanner 5.0.3-7
Yes that is right path for a new 5.x version of MailScanner Old versions used /usr/share/MailScanner/MailScanner/CustomFunctions/ path
On Tue, Jan 3, 2017 at 3:54 PM, Stéphane [email protected] wrote:
@mealerz https://github.com/mealerz Maybe show us 'ls -l /usr/share/MailScanner/MailScanner/CustomFunctions/'
On my side for Mailscanner, I don't have the same path.
/etc/MailScanner/custom -> /usr/share/MailScanner/perl/custom .pm inside custom/.
Debian mailscanner 5.0.3-7
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/mailwatch/1.2.0/issues/333#issuecomment-270131422, or mute the thread https://github.com/notifications/unsubscribe-auth/AXbXsJt7U6CLzv0w7amCPW6IjGEz_Ceyks5rOmEjgaJpZM4LN2r0 .
I don't have a centos machine with mailscanner on. Mine is /usr/local/lib/MailScanner/MailScanner/CustomFunctions on FreeBSD. I just went by an old thread somewhere. What is 'grep "Custom Functions Dir" /etc/MailScanner/MailScanner.conf' ?
So I am back... Yesterday I tried with fresh new installation of 5.5.52-MariaDB, Mailscanner 5.0.3 and Mailwatch 1.2.0 - RC4 on another Centos 7.3.1611 with PHP 5.4.16 and everythong works like charm... I was delighted and couldn't wait to try fresh installation on my production server. I tried it this morning (couldn't manage to install MariaDB - when I try with "yum install mariadb" it install MYSQL server - but I suppose it is not a problem) but nevertheless... It still not working! And now I am getting new error that I didn't saw before: MailWatch: Error: unexpected connection from 192.168.3.1 at /usr/share/MailScanner/perl/custom/MailWatch.pm line 115 And still nothing in db or in web interface of MailWatch...
On Tue, Jan 3, 2017 at 4:04 PM, mealerz [email protected] wrote:
I don't have a centos machine with mailscanner on. Mine is /usr/local/lib/MailScanner/MailScanner/CustomFunctions on FreeBSD. I just went by an old thread somewhere. What is 'grep "Custom Functions Dir" /etc/MailScanner/MailScanner.conf' ?
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/mailwatch/1.2.0/issues/333#issuecomment-270133829, or mute the thread https://github.com/notifications/unsubscribe-auth/AXbXsP0wLZMMKtEc4uGMbGo11hXaBhwYks5rOmN9gaJpZM4LN2r0 .
Mailwatch.pm expect all connections to be from localhost on the loopback interface (127.0.0.1). It seems in your case connections are coming from 192.168.3.1 instead, hence it's rejecting the connection.
Ok, that part is clear to me, but my conf consist of 2 NIC and one of them is configured as 192.168.3.1 is there something I can do?
On Thu, Jan 12, 2017 at 10:32 AM, asuweb [email protected] wrote:
Mailwatch.pm expect all connections to be from localhost on the loopback interface (127.0.0.1). It seems in your case connections are coming from 192.168.3.1 instead, hence it's rejecting the connection.
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/mailwatch/1.2.0/issues/333#issuecomment-272116155, or mute the thread https://github.com/notifications/unsubscribe-auth/AXbXsAPIc7aB7Gx0YarNGhuI6iVe8ubGks5rRfMwgaJpZM4LN2r0 .
You could try changing the relevant line in Mailwatch.pm to:
if ($dotted_quad ne "192.168.3.1") { Line 114
Ok, I will and let you know asap Thanks!
On Thu, Jan 12, 2017 at 10:37 AM, asuweb [email protected] wrote:
You could try changing the relevant line in Mailwatch.pm to:
if ($dotted_quad ne "192.168.3.1") { Line 114
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/mailwatch/1.2.0/issues/333#issuecomment-272117163, or mute the thread https://github.com/notifications/unsubscribe-auth/AXbXsKKvM-q9NeE2iBhrd91-gpffKRPdks5rRfROgaJpZM4LN2r0 .
Oh f**k this works!!!!! THANK YOU!!! THANK YOU!!! THANK YOU!!!
I can see messages in recent messages tab... However I can see warning on the top of the mailwatch page that says: Warning: mysqli::mysqli(): Headers and client library minor version mismatch. Headers:50550 Library:50635 in /var/www/html/mailscanner/database.php on line
51 Any idea regarding this?
And another thing, I can not see any quarantined message, I can see "date links" in the quarantine tab but when I click on any of them I get "Displaying page 0 of 0 - Records 1 to 0 of 0"
On Thu, Jan 12, 2017 at 10:39 AM, Branko Markovic < [email protected]> wrote:
Ok, I will and let you know asap Thanks!
On Thu, Jan 12, 2017 at 10:37 AM, asuweb [email protected] wrote:
You could try changing the relevant line in Mailwatch.pm to:
if ($dotted_quad ne "192.168.3.1") { Line 114
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/mailwatch/1.2.0/issues/333#issuecomment-272117163, or mute the thread https://github.com/notifications/unsubscribe-auth/AXbXsKKvM-q9NeE2iBhrd91-gpffKRPdks5rRfROgaJpZM4LN2r0 .
Update... quarantine is working Only this warning is displayed on the top of the browser
On Thu, Jan 12, 2017 at 11:47 AM, Branko Markovic < [email protected]> wrote:
Oh f**k this works!!!!! THANK YOU!!! THANK YOU!!! THANK YOU!!!
I can see messages in recent messages tab... However I can see warning on the top of the mailwatch page that says: Warning: mysqli::mysqli(): Headers and client library minor version mismatch. Headers:50550 Library:50635 in /var/www/html/mailscanner/database.php on line
51 Any idea regarding this?
And another thing, I can not see any quarantined message, I can see "date links" in the quarantine tab but when I click on any of them I get "Displaying page 0 of 0 - Records 1 to 0 of 0"
On Thu, Jan 12, 2017 at 10:39 AM, Branko Markovic < [email protected]> wrote:
Ok, I will and let you know asap Thanks!
On Thu, Jan 12, 2017 at 10:37 AM, asuweb [email protected] wrote:
You could try changing the relevant line in Mailwatch.pm to:
if ($dotted_quad ne "192.168.3.1") { Line 114
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/mailwatch/1.2.0/issues/333#issuecomment-272117163, or mute the thread https://github.com/notifications/unsubscribe-auth/AXbXsKKvM-q9NeE2iBhrd91-gpffKRPdks5rRfROgaJpZM4LN2r0 .
No problem, glad it's started to work now :)
Warning: mysqli::mysqli(): Headers and client library minor version
Try a yum update and see if anything needs updating.
What version of PHP and mysql are you running?
"Displaying page 0 of 0 - Records 1 to 0 of 0"*
The date links are generated by taking the value of QUARANTINE_DAYS_TO_KEEP and generating a date link for each, regardless of whether there is anything in them.
As mailscanner hasn't been logging to mailwatch until moments ago, there is unlikely to be any quarantined mail in the maillog table of the DB, so they will be empty.
I am using PHP Version: 5.4.16
I figured out thing about quarantine but thanks anyway...
On Thu, Jan 12, 2017 at 12:09 PM, asuweb [email protected] wrote:
No problem, glad it's started to work now :)
Warning: mysqli::mysqli(): Headers and client library minor version
Try a yum update and see if anything needs updating.
What version of PHP and mysql are you running?
"Displaying page 0 of 0 - Records 1 to 0 of 0"*
The date links are generated by taking the value of QUARANTINE_DAYS_TO_KEEP and generating a date link for each, regardless of whether there is anything in them.
As mailscanner hasn't been logging to mailwatch until moments ago, there is unlikely to be any quarantined mail in the maillog table of the DB, so they will be empty.
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/mailwatch/1.2.0/issues/333#issuecomment-272136810, or mute the thread https://github.com/notifications/unsubscribe-auth/AXbXsI51xjRqb_1l2FQx2vVeMRC6-4yeks5rRgnegaJpZM4LN2r0 .
The warning is most likely due to the php version. PHP 5.6 would probably fix it
Yeah, you are probably right about that, according to google results that I found... but for now I will not upgrade my PHP... just enjoying my working MailWatch...
Thanks again for your help
On Thu, Jan 12, 2017 at 12:29 PM, asuweb [email protected] wrote:
The warning is most likely due to the php version. PHP 5.6 would probably fix it
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/mailwatch/1.2.0/issues/333#issuecomment-272140565, or mute the thread https://github.com/notifications/unsubscribe-auth/AXbXsJWbt3RIwHyCz23fzJ4ug5QFY7Zpks5rRg6jgaJpZM4LN2r0 .
Warning: mysqli::mysqli(): Headers and client library minor version
Hello! I think that you have a "mixed" PHP version installed with parts still using previous version.
Hi Stephane, do you have any idea how to solve it?
On Thu, Jan 12, 2017 at 1:17 PM, Stéphane [email protected] wrote:
Warning: mysqli::mysqli(): Headers and client library minor version
Hello! I think that you have a "mixed" PHP version installed with parts still using previous version.
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/mailwatch/1.2.0/issues/333#issuecomment-272149283, or mute the thread https://github.com/notifications/unsubscribe-auth/AXbXsAS-z9csBN4GnV4_JC4HEsF1cVPSks5rRhnGgaJpZM4LN2r0 .
PHP 5.4 is EOL
You could try replacing php-mysql with php-mysqlnd which should also fix the issue
When I try yum install php-mysqlnd I get Error: php-mysql conflicts with php-mysqlnd-5.4.16-42.el7.x86_64
On Thu, Jan 12, 2017 at 1:24 PM, asuweb [email protected] wrote:
PHP 5.4 is EOL
You could try replacing php-mysql with php-mysqlnd which should also fix the issue
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/mailwatch/1.2.0/issues/333#issuecomment-272150500, or mute the thread https://github.com/notifications/unsubscribe-auth/AXbXsCN5EVBwokf7WydcucIg1O1dYVE_ks5rRhtwgaJpZM4LN2r0 .
Yes, do the following
yum remove php-mysql
yum install php-mysqlnd
or you could use use yum-plugin-replace if you wanted to, but the above will work just fine
Are you sure that I will not mess up my Mailwatch configuration that I tried to set up for a such a long time?
On Thu, Jan 12, 2017 at 1:29 PM, asuweb [email protected] wrote:
Yes, do the following
yum remove php-mysql
yum install php-mysqlnd
or you could use use yum-plugin-replace if you wanted to, but the above will work just fine
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/mailwatch/1.2.0/issues/333#issuecomment-272151527, or mute the thread https://github.com/notifications/unsubscribe-auth/AXbXsMLG98pkiJzwNb6L0QPBQW_If4gWks5rRhzGgaJpZM4LN2r0 .