In this previous post I explained what to configure in order to update SpamAssassin using a proxy server. While the steps resulted in a successful update of the SpamAssassin rules, it also resulted in the following error in auth.log.
Error message
In /var/log/auth.log
Sep 26 12:52:41 zimbra saslauthd[20344]: zmauth: authenticating against elected url 'https://mail.rivy.org:7073/service/admin/soap/' ... Sep 26 12:52:41 zimbra saslauthd[20344]: authentication against url 'https://mail.rivy.org:7073/service/admin/soap/' caused error 'curl_easy_perform: error(56): Received HTTP code 403 from proxy after CONNECT' Sep 26 12:52:41 zimbra saslauthd[20344]: url 'https://mail.rivy.org:7073/service/admin/soap/' will not be used for (at least) 600 seconds Sep 26 12:52:41 zimbra saslauthd[20344]: Authentication cycle re-elected url https://mail.rivy.org:7073/service/admin/soap/, giving up ... Sep 26 12:52:41 zimbra saslauthd[20344]: auth_zimbra: rivy auth failed: curl_easy_perform: error(56): Received HTTP code 403 from proxy after CONNECT Sep 26 12:52:41 zimbra saslauthd[20344]: do_auth : auth failure: [user=rivy] [service=smtp] [realm=] [mech=zimbra] [reason=Unknown]
Roll back
Remove the last 2 lines which were added to /opt/zimbra/.bashrc
export https_proxy="http://proxy.example.org:3128" export http_proxy="http://proxy.example.org:3128"
Create a new bashrc for spamassassin
Create a new file and add the 2 lines that contain your outbound proxy settings.
vim /opt/zimbra/.bashrc_for_spamassassin
Add the 2 lines in that single file, save the file and set the correct owner and permissions.
chown zimbra:zimbra /opt/zimbra/.bashrc_for_spamassassin chmod 444 /opt/zimbra/.bashrc_for_spamassassin
Test
Testing can be done by executing this command and checking the return code.
zimbra@zimbra:~$ . /opt/zimbra/.bashrc;. /opt/zimbra/.bashrc_for_spamassassin; /opt/zimbra/libexec/zmsaupdate zimbra@zimbra:~$ echo $? 0 zimbra@zimbra:~$
Update crontab
Execute this command as zimbra user.
crontab -e
Look for the following block of text.
# # Spam rule updates # 45 0 * * * . /opt/zimbra/.bashrc; /opt/zimbra/libexec/zmsaupdate
And change like this to include your new .bashrc_for_spamassassin
# # Spam rule updates # 45 0 * * * . /opt/zimbra/.bashrc; . /opt/zimbra/.bashrc_for_spamassassin; /opt/zimbra/libexec/zmsaupdate
All done now…
Pingback: Zimbra : Update SpamAssassin using proxy - broken - Thomas Elsen Security Blog
I am having some problem on the CURL Operation Time Out. I am not sure does this part of the SpamAssassin Problem
Apr 9 22:04:19 mail saslauthd[7837]: authentication against url ‘https://mail.server.com:7073/service/admin/soap/’ caused error ‘curl_easy_perform: error(28): Operation timed out after 15000 milliseconds with 0 out of 0 bytes received’
Apr 9 22:04:19 mail saslauthd[7837]: url ‘https://mail.server.com:7073/service/admin/soap/’ will not be used for (at least) 600 seconds
Apr 9 22:04:19 mail saslauthd[7837]: Authentication cycle re-elected url https://mail.server.com:7073/service/admin/soap/, giving up …
When I face this problem, I need to restart zimbra – zmcontrol restart