Zimbra : Update SpamAssassin using proxy – corrected

In this previous post I explained what to configure in order to update SpamAssassin using a proxy server. While the steps resulted in a successful update of the SpamAssassin rules, it also resulted in the following error in auth.log.

Error message

In /var/log/auth.log

Sep 26 12:52:41 zimbra saslauthd[20344]: zmauth: authenticating against elected url 'https://mail.rivy.org:7073/service/admin/soap/' ...
Sep 26 12:52:41 zimbra saslauthd[20344]: authentication against url 'https://mail.rivy.org:7073/service/admin/soap/' caused error 'curl_easy_perform: error(56): Received HTTP code 403 from proxy after CONNECT'
Sep 26 12:52:41 zimbra saslauthd[20344]: url 'https://mail.rivy.org:7073/service/admin/soap/' will not be used for (at least) 600 seconds
Sep 26 12:52:41 zimbra saslauthd[20344]: Authentication cycle re-elected url https://mail.rivy.org:7073/service/admin/soap/, giving up ...
Sep 26 12:52:41 zimbra saslauthd[20344]: auth_zimbra: rivy auth failed: curl_easy_perform: error(56): Received HTTP code 403 from proxy after CONNECT
Sep 26 12:52:41 zimbra saslauthd[20344]: do_auth         : auth failure: [user=rivy] [service=smtp] [realm=] [mech=zimbra] [reason=Unknown]

Roll back

Remove the last 2 lines which were added to /opt/zimbra/.bashrc

export https_proxy="http://proxy.example.org:3128"
export http_proxy="http://proxy.example.org:3128"

Create a new bashrc for spamassassin

Create a new file and add the 2 lines that contain your outbound proxy settings.

vim /opt/zimbra/.bashrc_for_spamassassin

Add the 2 lines in that single file, save the file and set the correct owner and permissions.

chown zimbra:zimbra /opt/zimbra/.bashrc_for_spamassassin
chmod 444 /opt/zimbra/.bashrc_for_spamassassin

Test

Testing can be done by executing this command and checking the return code.

zimbra@zimbra:~$ . /opt/zimbra/.bashrc;. /opt/zimbra/.bashrc_for_spamassassin; /opt/zimbra/libexec/zmsaupdate
zimbra@zimbra:~$ echo $?
0
zimbra@zimbra:~$

Update crontab

Execute this command as zimbra user.

crontab -e

Look for the following block of text.

#
# Spam rule updates
#
45 0 * * * . /opt/zimbra/.bashrc; /opt/zimbra/libexec/zmsaupdate

And change like this to include your new .bashrc_for_spamassassin

#
# Spam rule updates
#
45 0 * * * . /opt/zimbra/.bashrc; . /opt/zimbra/.bashrc_for_spamassassin; /opt/zimbra/libexec/zmsaupdate

All done now…

One thought on “Zimbra : Update SpamAssassin using proxy – corrected

  1. Pingback: Zimbra : Update SpamAssassin using proxy - broken - Thomas Elsen Security Blog

Leave a Reply

Your email address will not be published. Required fields are marked *