Zimbra : Update SpamAssassin using proxy – corrected

2 Replies

In this previous post I explained what to configure in order to update SpamAssassin using a proxy server. While the steps resulted in a successful update of the SpamAssassin rules, it also resulted in the following error in auth.log.

Error message

In /var/log/auth.log

Sep 26 12:52:41 zimbra saslauthd[20344]: zmauth: authenticating against elected url 'https://mail.rivy.org:7073/service/admin/soap/' ...
Sep 26 12:52:41 zimbra saslauthd[20344]: authentication against url 'https://mail.rivy.org:7073/service/admin/soap/' caused error 'curl_easy_perform: error(56): Received HTTP code 403 from proxy after CONNECT'
Sep 26 12:52:41 zimbra saslauthd[20344]: url 'https://mail.rivy.org:7073/service/admin/soap/' will not be used for (at least) 600 seconds
Sep 26 12:52:41 zimbra saslauthd[20344]: Authentication cycle re-elected url https://mail.rivy.org:7073/service/admin/soap/, giving up ...
Sep 26 12:52:41 zimbra saslauthd[20344]: auth_zimbra: rivy auth failed: curl_easy_perform: error(56): Received HTTP code 403 from proxy after CONNECT
Sep 26 12:52:41 zimbra saslauthd[20344]: do_auth         : auth failure: [user=rivy] [service=smtp] [realm=] [mech=zimbra] [reason=Unknown]

Roll back

Remove the last 2 lines which were added to /opt/zimbra/.bashrc

export https_proxy="http://proxy.example.org:3128"
export http_proxy="http://proxy.example.org:3128"

Create a new bashrc for spamassassin

Create a new file and add the 2 lines that contain your outbound proxy settings.

vim /opt/zimbra/.bashrc_for_spamassassin

Add the 2 lines in that single file, save the file and set the correct owner and permissions.

chown zimbra:zimbra /opt/zimbra/.bashrc_for_spamassassin
chmod 444 /opt/zimbra/.bashrc_for_spamassassin

Test

Testing can be done by executing this command and checking the return code.

zimbra@zimbra:~$ . /opt/zimbra/.bashrc;. /opt/zimbra/.bashrc_for_spamassassin; /opt/zimbra/libexec/zmsaupdate
zimbra@zimbra:~$ echo $?
0
zimbra@zimbra:~$

Update crontab

Execute this command as zimbra user.

crontab -e

Look for the following block of text.

#
# Spam rule updates
#
45 0 * * * . /opt/zimbra/.bashrc; /opt/zimbra/libexec/zmsaupdate

And change like this to include your new .bashrc_for_spamassassin

#
# Spam rule updates
#
45 0 * * * . /opt/zimbra/.bashrc; . /opt/zimbra/.bashrc_for_spamassassin; /opt/zimbra/libexec/zmsaupdate

All done now…

Related posts:

  1. Zimbra : Update SpamAssassin using proxy – broken Please don’t follow these steps, as you’ll get authentication problems...
  2. Zimbra : Update ClamAV using proxy How to configure Zimbra to download clamav antivirus updates using...
  3. WordPress behind forward proxy How to configure WordPress behind forward proxy. The tutorial explains...
  4. Building Barnyard2 from source The guide explains everything you need to do for building...

2 thoughts on “Zimbra : Update SpamAssassin using proxy – corrected

  1. Pingback: Zimbra : Update SpamAssassin using proxy - broken - Thomas Elsen Security Blog

  2. CK Cheong

    I am having some problem on the CURL Operation Time Out. I am not sure does this part of the SpamAssassin Problem

    Apr 9 22:04:19 mail saslauthd[7837]: authentication against url ‘https://mail.server.com:7073/service/admin/soap/’ caused error ‘curl_easy_perform: error(28): Operation timed out after 15000 milliseconds with 0 out of 0 bytes received’
    Apr 9 22:04:19 mail saslauthd[7837]: url ‘https://mail.server.com:7073/service/admin/soap/’ will not be used for (at least) 600 seconds
    Apr 9 22:04:19 mail saslauthd[7837]: Authentication cycle re-elected url https://mail.server.com:7073/service/admin/soap/, giving up …

    When I face this problem, I need to restart zimbra – zmcontrol restart

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *