****************************************************************************************** FAQ (OT means OFF TOPIC) ######################################################################################### ## basics - i'm trying to install copfilter but when i try to extract it with the command tar xzvf copfilter-0.0.95.tgz i get the following error Gzip: stdin: not in Gzip format Tar: child returned status 1 Tar: error exit delayed from previous error this means that the file you downloaded has not been downloaded complety, or there were some error when downloading, try to download the whole file again and extract once more also disable your local antivirus program, as it could prevent you from downloading copfilter also try to download the file directly, without a download manager or without a proxy inbetween - i have installed copfilter, but i am really confused as how to use it, how do i configure the clients (ports/server) to point to ? if all copfilter services are running (visible in the webgui), then no additional configuration is necessary on your clients, copfilter *transparently* scans your pop3 emails, the client doesn't even know that its emails are being scanned ! - how do i know that my emails have been scanned ? either have a look at the email headers (in outlook - open email - view - options) and check for a line similar to this one X-P3Scan: Version 1.0.99-05dev by / then this email has been scanned and passed through copfilter or send yourself a testspam or a testvirus email to receive a in the subject ***SPAM*** tagged spam mail or a virus notification email possible through the command line /var/log/copfilter/default/tests/make_all_tests.sh or in the webgui by activating the following checkbox and clicking on "Save settings and activate" "Test all functions (logs to screen)" or even from a website: http://www.testvirus.org - i'm getting this or a similar error when running the test email scripts: sendEmail - EXITING - The remote server returned the error: 554 SMTP synchronization error just try again, sometimes the smtp server or the smtp client don't respond in time ######################################################################################### ## performance issues - what is the recommended hardware ? for performance issues at least a 266MHz CPU and 128MB of RAM are recommended, of course the more the better, but after you double this you won't see any more big differences if anybody has some tests i'd like to include them here, you can measure speed of both virus scanners and of spamassassin by using make_all_tests.sh - why do i have such a poor network throughput when copying the package from windows with pscp to ipcop ? thats a putty problem, update to newest version 0.54 - how can i accelerate the scanning pop3 email scanning and retrieval ? only by deactivating some features, but this which will degrade spam regonition and virus recognition - how can i improve spam recognition: edit /var/log/copfilter/default/opt/mail-spamassassin/etc/mail/spamassassin/local.cf #activate the following to improve spam recognition #use_dcc 1 use_dcc 1 #activate the following to improve spam recognition #use_razor2 1 use_razor2 1 and copy all *.cf files from /copfilter/opt/mail-spamassassin/etc/mail/spamassassin/improve_spam_detection to /copfilter/opt/mail-spamassassin/etc/mail/spamassassin and restart spamd - performance is so bad, can i have my ipcop machine download (example with fetchmail) and scan all emails in the background, so that i can fetch them to my email client much faster than doing this online ? no this package is not an email server only a pop3 proxy, but i'm considering adding above in a separate package, don't ask me when, i'll announce it on my webpage - how can i decrease memory usage ? delete all .cf files (except local.cf) in /var/log/copfilter/opt/mail-spamassassin/etc/mail/spamassassin) saves you about 8MB of RAM adding .cf files in this directory increases spamassassin's memory requirements ######################################################################################### ## network issues - i have a mail server in ORANGE and/or BLUE, so i want my emails scanned from RED -> ORANGE RED -> BLUE RED -> GREEN YES, thanks to simon dot parsons at jrc dot co dot uk, he tested exactly this, in order to get this running you have to modify the start and debug section of /var/log/copfilter/default/opt/p3scan/etc/init.d/p3scan delete the following line: iptables -t nat -A P3SCAN -p tcp -i eth0 --dport pop3 -j REDIRECT --to 8110 > /dev/null 2>&1 and insert these new lines: iptables -t nat -A P3SCAN -p tcp -i eth0 -o eth3 --dport pop3 -j REDIRECT --to 8110 > /dev/null 2>&1 iptables -t nat -A P3SCAN -p tcp -i eth1 -o eth3 --dport pop3 -j REDIRECT --to 8110 > /dev/null 2>&1 iptables -t nat -A P3SCAN -p tcp -i eth2 -o eth3 --dport pop3 -j REDIRECT --to 8110 > /dev/null 2>&1 whereas eth0 = GREEN eth1 = BLUE eth2 = ORANGE ech3 = RED if above doesn't work try these less restriktiv rules ( these rules don't use the -o parameter): iptables -t nat -A P3SCAN -p tcp -i eth0 --dport pop3 -j REDIRECT --to 8110 > /dev/null 2>&1 iptables -t nat -A P3SCAN -p tcp -i eth1 --dport pop3 -j REDIRECT --to 8110 > /dev/null 2>&1 iptables -t nat -A P3SCAN -p tcp -i eth2 --dport pop3 -j REDIRECT --to 8110 > /dev/null 2>&1 - i'd like some users of the RED zone to access my mail server in ORANGE (not verified by myself, but peter told me that this works for him) step by step guide from peter dot schnuerer at schnuerer dot com 1. install package 2. open ipcop remote-access port 8110 in services 3. remove all ip forwarding in "services" of ipcop for the mail sedrver 4. edit /var/log/copfilter/default/opt/p3scan/etc/init.d/p3scan replace each appearance of eth0 with eth2 or what ever "RED" interface is in start() and debug() function enter before the line #start daemon: iptables -t nat -A OUTPUT -j DNAT -d MY_PUBIC_MAIL_SERVER -p tcp --dport pop3 --to-destination MY_DMZ_MAIL_SERVER_IP:110 > /dev/null 2>&1 in debug() and stop() function after the line iptables -t nat -F P3SCAN > /dev/null 2>&1 iptables -t nat -D OUTPUT -j DNAT -d MY_PUBIC_MAIL_SERVER -p tcp --dport pop3 --to-destination MY_DMZ_MAIL_SERVER_IP:110 > /dev/null 2>&1 ######################################################################################### ## license issues - do i have to pay if i use fprot ? read http://www.f-prot.com/products/home_use/linux/ for more details from their website: "F-Prot Antivirus for Linux Workstations is FREE for use by personal users on personal workstations" if you are a business, please buy fprot @ http://www.f-prot.com/products/corporate_users/unix/ ######################################################################################### ## troubleshooting - HELP, i can't download anymore emails, what can i do ? just stop the pop3proxy by doing a /etc/init.d/rc.d/p3scan stop and everything should be as it was before you installed this package - i get error like " line 3: /etc/global_settings: No such file or directory ", what can i do about it? close your session and open a new one (logout/login) so that env variables can be loaded - what should i do if my email client reports an error that a timeout on email receival has occured ? increase the pop3 timeout (read p3scan section further below), if that doesn't help stop p3scan: check if p3scan is running via "/etc/rc.d/init.d/p3scan status" if its running then try to stop it (no mail and spam scanning will occur) if its not running try to stop it with the "/etc/rc.d/init.d/p3scan stop" command - i configured lots of settings in varios configurations files, and after updating all changes are gone are they lost ? no they, all of the files you configured are still in the /var/log/copfilter/ pop3proxy <---> pop3server ------- ----------- ---------- | | LAN |port 8110 | Internet |port 110 | | |----------------| |----------------| | | | | | | | ------- ----------- ---------- client machine ipcop pop3.yourprovider.com (example) mozilla, evolution p3scan netscape, outlook first your pop3client (evolution,mozilla,outlook,..) requests to download email from your pop3 server then the pop3proxy (p3scan) running on ipcop intercepts this request and starts downloading your email+attachments (this can take a while on a slow internet connection), in the meantime your pop3client doesn't get any data or packets from the pop3proxy (posibilly causing a timeout if the mail download on the server takes too long) after the download has finished the pop3proxy scans the fully downloaded email+attachments for viruses and for spam in the meanwhile the pop3client has to wait until the proxy finishes with scanning, during this time the pop3client doesn't get any answer from the pop3proxy and so the client runs into a timeout if the timeout values on the pop3client is smaller than the time it takes the proxy to finish scanning your email+attachments, the slower your connection the higher you should configure your timeout example: fetchmail: poll 195.3.96.71 protocol pop3 timeout 1200: outook 2000 10min Tools/Services -> internet mail service outlook XP 20min Tools/Services -> internet mail service if you are unsure configure the highest possible timeout values (max. about 20min) - can i modify mailscanner.sh ? yes but it will get overwritten if you install fprot via the script you will have to make the same modifications to opt/tools/bin/backup/mailscanner.sh_fprot_template so that you don't lose your settings when installing fprot - how does p3scan scan for viruses, spam etc ? p3scan intercepts the outgoing p3 connection and then starts mailscanner.sh (read MANUAL for exact location) which does the following: 0. renattach renames dangerous attachments 1. ripmime rips the email apart, message + attachments are separated 2. clamav the message and attachments are scanned for viruses with the clamav virus scanner 3. fprot the message and attachments are scanned for viruses with the fprot virus scanner 4. spamassassin the message and attachments are scanned for spam with the spamassassin spam scanner (spamc) - how to i debug p3scan you can then start p3scan again in debug mode to check whats wrong while trying to receive email "/etc/rc.d/init.d/p3scan debug" -> now try to receive email from mail client and watch the screen output ######################################################################################### ## spamassassin - how can i test if my email is scanned for spam ? read the TESTING file - how can i improve spam recognition ? see performance section above for more detail - what are these files about ? mail-spamassassin/default/share/spamassassin/* mail-spamassassin/etc/mail/spamassassin/* in this 2 directories i added rules for better recognition of german spam - how can i configure the package so that spam mails get automatically deleted ? i don't recommend it, since the emails would then be gone for sure i recommend: create a new rule in your email client which automatically sorts emails with this special subject ***** SPAM ***** into a "spam" folder, this way you can take a quick look if there are any false positive mails and afterwards delete all of them manually, if you insist on deleting spam mails automatically create a rule which automatically deletes them - what do the numbers in *** SPAM *** [16.22/07.00] mean ? the first number is the actual score the email got from spamassassin the second number is the actual configured minimum score which needs to be reached so that spamassassin marks the email as SPAM - can i change the minimum score which is needed so that a mail is marked as spam yes, in local.cf (read MANUAL for exact path) - some emails are not recognized as spam, what can i do ? check if spam recognition is working, read the TESTING file put the domain or the email address into the blacklist in local.cf (read MANUAL for exact path) - how can i start spamassassin in debug mode stop and then start the spam daemon in debug mode, then read /var/log/messages for details, while trying to receive email "/etc/rc.d/init.d/spamd stop" "/etc/rc.d/init.d/spamd debug" tail -f /var/log/messages -> now get email from a client and watch messages on screen output - an email was wrongly recognized as spam, or a spam mail was not recognized as spam, can i add email adresses or domains to white- or blacklists ? yes, add email adresses or whole domains to white- or blacklists in local.cf (read MANUAL for exact location) ######################################################################################### ## rules_du_jour - rules du jour is trying to upate a list but hangs since the URL is not valid anymore, or since the URL is currently not working, what is happening ? rules_du_jour uses wget to retrieve the list, wget has a default timeout of 900sec (15min) before aborting the connection, my_rules_du_jour will probably update the rule_du_jour script if the URL is permanently down ######################################################################################### ## renattach - what is renattach quote from their website: renattach is a fast and efficient UNIX stream filter that can rename or delete potentially dangerous e-mail attachments. It's a highly effective way of protecting end-users from harmful mail content (worms/viruses) by disabling or removing attachments that may be accidentally executed by users. - how does renattach work, how can i disable/modify it ? this program is enabled by default, you can change its settings in renattach.conf (read MANUAL for exact program location) if you want to disable it comment the line starting with "renattach" in p3scan.conf (read MANUAL for exact program location) - renattach filters exe files, i don't want this, what can i do ? delete the EXE extension from the badlist line in renattach.conf (read MANUAL for exact program location) - does renattach delete any attachments ? i configured it so that attachments are only renamed and not deleted ! but if you want this feature you can configure it - which attachments does renattach rename ? badlist = ADE, ADP, BAS, BAT, CHM, CMD, COM, CPL, CRT, EML, EXE badlist = HLP, HTA, INF, INS, ISP, JS, JSE, LNK, MDB badlist = MDE, MSC, MSH, MSI, MSP, MST, NWS, OCX, PCD, PIF, REG badlist = SCR, SCT, SHB, SHS, URL, VB, VBE, VBS, WSC, WSF, WSH ######################################################################################### ## f-prot clamav - how can i test if my email is scanned for viruses ? read the TESTING file - how do i know if the virus signatures get updated ? check on the webgui or: read TESTING or check manually: check the version of the signatures: show installed virus definition files dates: f-prot -v |head |grep created freshclam |grep cvd (read MANUAL for exact program location) - how can i update the virus signatures manually ? use the webgui or read the MANUAL file - how can i change the virus signature download intervall ? use the webgui or read the MANUAL file - when clamav makes an update, i receive an email, how can i modify this email ? the email gets sent in this script /var/log/copfilter/default/opt/tools/bin/check-updates_clamav.sh if you want to modify something you would have to edit this script accordingly, basically i write some information to a temporary file $TMP_FILE3 and then the contents of this file gets sent via email with the command cat $TMP_FILE3 | ######################################################################################### ## privoxy - how do i know if privoxy is working ? open the URL http://config.privoxy.org -> if you get a web configuration page of privoxy, installation is ok you have to configure your web browsers proxy settings so that your web browser uses privoxy proxy: your ipcop machine port : 8118 - how does privoxy work ? the privoxy daemon listens on port 8118 for requests, if any browser sends a request for a web page to port 8118 to the machine where privoxy is installed, then privoxy accepts this request, after processing it, the request gets forwarder to the local web proxy squid on port 800, which then forwards the request to port 80 to a web server on the internet so if somebody wants to use privoxy then squid should be enabled web browser <---> web filter <---> web proxy <--> web server ------- -------------------------------- --------- | | LAN |port 8118 port 800| Internet |port 80 | | |----------------| |------------| | | | | | | | ------- -------------------------------- --------- client machine ipcop machine ipcop machine www.ipcop.org (example) mozilla, opera, privoxy squid internet explorer - how can i disable/enable privoxy quickly ? 2 possible solutions: a)make a bookmark to http://config.privoxy.org/toggle , here you can click on enable/disable or b) use a Bookmarklet: go to http://config.privoxy.org/toggle and use the Bookmarklets to make the toggle window popup example use "Privoxy - Enable" then you can enable/disable privoxy just by clicking on a bookmark! (IE:drag and drop the link to your favorites) - how can i disable above feature/disallow my users from deactivating privoxy? set "enable-remote-toggle" to "0" in the "config" file ######################################################################################### ## other questions and questions regarding other applications in relation to copfilter - can old versions be deleted ? yes, use the uninstall.sh script (starting from 0.0.94) yes just delete /var/log/copfilter/ also all installation files in /root (except the copfilter link) can be deleted example: rm /root/copfilter_200405060256.tgz /root/copfilter_200405060256_setup.tgz /root/setup.sh - does this package support MS Exchange server ? no, this package only supports email clients which fetch their email via pop3 protocol - does this package support virus scanning of SMTP mails ? no, this is only a pop3 proxy and not a smtp proxy, but i'm considering in adding one soon - does this pacakge support virus scanning of HTTP traffic ? no it doesn't, you can could use dansguardian, there is a AV plugin for it available i'm considering adding a plugin for squid which does http virus scanning, but this will take quite a while - i have a mail server running on my ipcop machine, does this package work for me as well ? a user reported he had postfix running and it didn't affect copfilter if anybody has fetchmail running on ipcop through copfilter i'd like to know about it - how can i install this package into a different directory, will you support this in the future ? probably not, since i statically compile programs so that they know where their config file are if you insist you can mkdir /mynewlocation mkdir /var/log/copfilter -> where everything should go to mount --bind /mynewlocation /var/log/copfilter thanks to robert l. for this - p3scan, clamav, ... is available in a new version, when will you include a the new version ? normally i update all versions in a newer release of the package, so if you would like to see a newer version, wait for the next pacakge - can this or that feature be included ? first read the TODO file to see if your request has already been taken into account - is this addon supported on Mandrake MNF, Smoothwall, E-Smith, Clarkconnect,... NO, this addon is only supported on IPCop, and i will not make it compatible to any other distro, but if you like, modify the addon yourself and inform me of its availabiltiy so that other users can benifit from it, you can also ask me for support on porting to a different distro - where can i find other firewall distros? Mandrake MNF http://www.mandrakesoft.com/products/mnf Smoothwall http://www.smoothwall.org express version for free (this is what ipcop forked from) E-Smith SME http://www.e-smith.org free ClarkConnect http://www.clarkconnect.org free home edition Astaro http://www.astaro.com/ free for home use m0n0wall http://neon1.net/m0n0wall/ for embedded PCs, free Engarde http://www.engardelinux.org - OT: how can i enable the backspace key in vi (since in 1.4.0a11 this wasn't working anymore) type the following in a terminal or add to /etc/rc.d/rc.local stty erase ^v - OT: if i live in switzerland, which time servers can i use in the ipcop time server admin web pages ? ntp.metas.ch swisstime.ethz.ch - OT: how do i install fritzdsl card ? (answer in german) 1. ipcop neu installieren (version 1.4.0b3) 2. diesen fehler ausbessern (sollte in der naechsten beta behoben sein) in der datei /var/ipcop/header.pl die zeile use locale; auskommentieren sollte also nachher so aussehen: # use locale; ...dies behebt den bekannten "Dial Failed 512" Fehler (dazu muesst ihr euch mit einem ssh client einloggen und mit einem editor das file aendern, geht ssh client ist zb. putty http://www.chiark.greenend.org.uk/~sgtatham/putty ) wer das nicht kann, sollte auf die naechste beta warte, da ist dieser fehler behoben 3. das file fcdsl-1.4.0b3.tgz runterladen (die 1.4.0b3 bekommt ihr auch hier) http://prdownloads.sourceforge.net/ipcop/?sort_by=date&sort=desc 4. obiges file entpacken zb. mit powerarchiver http://www.powerarchiver.com/ es sollten dann 2 files da sein: fcdsl.o.gz und license.txt 5. das file fcdsl.o.gz wieder entpacken - auch mit powerarchiver dann sollte nur noch das file fcdsl.o ueberig sein 6. dieses fcdsl.o file mit dem upload menu hochladen