Tag Archives: Zimbra

Zimbra : Update SpamAssassin using proxy – corrected

In this previous post I explained what to configure in order to update SpamAssassin using a proxy server. While the steps resulted in a successful update of the SpamAssassin rules, it also resulted in the following error in auth.log.

Error message

In /var/log/auth.log

Sep 26 12:52:41 zimbra saslauthd[20344]: zmauth: authenticating against elected url 'https://mail.rivy.org:7073/service/admin/soap/' ...
Sep 26 12:52:41 zimbra saslauthd[20344]: authentication against url 'https://mail.rivy.org:7073/service/admin/soap/' caused error 'curl_easy_perform: error(56): Received HTTP code 403 from proxy after CONNECT'
Sep 26 12:52:41 zimbra saslauthd[20344]: url 'https://mail.rivy.org:7073/service/admin/soap/' will not be used for (at least) 600 seconds
Sep 26 12:52:41 zimbra saslauthd[20344]: Authentication cycle re-elected url https://mail.rivy.org:7073/service/admin/soap/, giving up ...
Sep 26 12:52:41 zimbra saslauthd[20344]: auth_zimbra: rivy auth failed: curl_easy_perform: error(56): Received HTTP code 403 from proxy after CONNECT
Sep 26 12:52:41 zimbra saslauthd[20344]: do_auth         : auth failure: [user=rivy] [service=smtp] [realm=] [mech=zimbra] [reason=Unknown]

Roll back

Remove the last 2 lines which were added to /opt/zimbra/.bashrc

export https_proxy="http://proxy.example.org:3128"
export http_proxy="http://proxy.example.org:3128"

Create a new bashrc for spamassassin

Create a new file and add the 2 lines that contain your outbound proxy settings.

vim /opt/zimbra/.bashrc_for_spamassassin

Add the 2 lines in that single file, save the file and set the correct owner and permissions.

chown zimbra:zimbra /opt/zimbra/.bashrc_for_spamassassin
chmod 444 /opt/zimbra/.bashrc_for_spamassassin

Test

Testing can be done by executing this command and checking the return code.

zimbra@zimbra:~$ . /opt/zimbra/.bashrc;. /opt/zimbra/.bashrc_for_spamassassin; /opt/zimbra/libexec/zmsaupdate
zimbra@zimbra:~$ echo $?
0
zimbra@zimbra:~$

Update crontab

Execute this command as zimbra user.

crontab -e

Look for the following block of text.

#
# Spam rule updates
#
45 0 * * * . /opt/zimbra/.bashrc; /opt/zimbra/libexec/zmsaupdate

And change like this to include your new .bashrc_for_spamassassin

#
# Spam rule updates
#
45 0 * * * . /opt/zimbra/.bashrc; . /opt/zimbra/.bashrc_for_spamassassin; /opt/zimbra/libexec/zmsaupdate

All done now…

Zimbra : Update SpamAssassin using proxy – broken

Please don’t follow these steps, as you’ll get authentication problems when authentication over SMTP. Have a look at this post.

How to configure Zimbra to download SpamAssassin antispam updates using a proxy.

Make configuration change

Start by editing this file.

/opt/zimbra/.bashrc

Then add the following 2 lines. Change them to the hostname or ip address and port of your proxy server.

export https_proxy="http://proxy.example.org:3128"
export http_proxy="http://proxy.example.org:3128"

And save the file.

Test SpamAssassin update

Run the following command as zimbra user. If it doesn’t display an error, you’re good.

. /opt/zimbra/.bashrc; /opt/zimbra/libexec/zmsaupdate

Automatic daily updates

Each night, your zimbra installation will attempt to update the spamassassin definitions at midnight + 45 minutes. The update is triggered by the following crontab entry.

#
# Spam rule updates
#
45 0 * * * . /opt/zimbra/.bashrc; /opt/zimbra/libexec/zmsaupdate

There is no need to create this entry. It should already exists as part of the default zimbra installation.

You want to update ClamAV using a proxy?

Zimbra : Update ClamAV using proxy

How to configure Zimbra to download clamav antivirus updates using a proxy.
Start by editing this file.

/opt/zimbra/conf/freshclam.conf.in

Then look for the following section.

#HTTPProxyServer myproxy.com
#HTTPProxyPort 1234
#HTTPProxyUsername myusername
#HTTPProxyPassword mypass

Uncomment at least the first 2 configuration statement. If the proxy requires authentication, uncomment the last 2 statements as well. Also specify the correct proxy server. This can be a hostname or IP address.
After saving the change, make sure to restart Zimbra

zmcontrol restart

Now wait for freshclam to run and you’ll find the updated files in the following directory.

zimbra@mail:~$ cd /opt/zimbra/data/clamav/db/
zimbra@mail:~/data/clamav/db$ ls -altr
total 121156
-rw-r----- 1 zimbra zimbra 109143933 Sep 22 10:45 main.cvd
-rw-r----- 1 zimbra zimbra  14809239 Sep 22 10:45 daily.cvd
-rw-r----- 1 zimbra zimbra     86357 Sep 22 10:45 bytecode.cvd
drwxr-xr-x 4 zimbra zimbra      4096 Sep 22 10:45 ..
-rw------- 1 zimbra zimbra        52 Sep 22 10:45 mirrors.dat
drwxr-xr-x 2 zimbra zimbra      4096 Sep 22 10:45 .
zimbra@mail:~/data/clamav/db$

You want to update SpamAssassin using a proxy?