1. Make sure that you are not blocking the licensing server IP addresses on the servers firewall. Imunify360 is known to block our server IPs for some reason. Our licensing server IP addresses are: IPv4: 198.27.80.6 IPv6: 2607:5300:60:2106:: You can run the following command to see if your server can connect to the licensing server. You should get a response of Verify return code: 0 (ok) if the connection was successful. openssl s_client -connect www.danami.com:443 If you get the error below that means that your server cannot connect to our licensing server (usually that means there is a firewall or connection problem): openssl s_client -connect www.danami.com:443 - returns: socket: Bad file descriptor connect:errno=9 2. Make sure that the date and time on the server is correct (The wrong time will cause the SSL certificate connection to fail). You can sync your server time using the command: /usr/sbin/ntpdate -b -s time.nist.gov 3. Many times this error can be fixed by restarting the Plesk panel: /etc/init.d/psa restart 4. Lastly make sure your openssl and curl packages are up to date: // Centos / RHEL yum update openssl curl // Debian / Ubuntu apt-get update openssl curl 5. If you have tried all of the above steps and you are still not able to connect to the licensing server please open a support ticket and include your servers IP address. The tech will run some tests on our side to see what the problem is.
View Full Article...

How to test SpamAssassin To test Anti-spam (SpamAssassin), it is necessary to send a Gtube test spam email using the command below (Replacing emailonserver@example.com with a real email account on the server): Centos / RHEL / CloudLinux: echo "XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X" | mail -S smtp=localhost -r sender@example.com -s "Spam test example" emailonserver@example.com Debian / Ubuntu: apt-get install s-nail echo "XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X" | s-nail -S smtp=localhost -r sender@example.com -s "Spam test example" emailonserver@example.com If the Anti-spam is working correctly you will see it listed in the Warden log under Logs -> Message Log. While testing, note that Gtube test email gives +1000 scores to spam. So, even if a mailbox is in the whitelist, mail still be detected as spam because whitelisted email gets -100 scores. How to test ClamAV To test Anti-virus(ClamAV), it is necessary to download the eicar test virus email and send it using the command below (Replacing emailonserver@example.com with a real email account on the server): Centos / RHEL / CloudLinux: wget http://www.eicar.org/download/eicar.com.txt echo "TEST MESSAGE w/ ATTACHMENT" | mail -S smtp=localhost -r sender@example.com -s "A/V test example" -a eicar.com.txt emailonserver@example.com Debian / Ubuntu: apt-get install s-nail wget http://www.eicar.org/download/eicar.com.txt echo "TEST MESSAGE w/ ATTACHMENT" | s-nail -S smtp=localhost -r sender@example.com -s "A/V test example" -a eicar.com.txt emailonserver@example.com If the Anti-virus is working correctly you will see it get blocked and it will be listed in the Warden log under Logs -> Message Log.
View Full Article...

Warden requires that you use the ClamAV packages from the EPEL repository. In order to prevent the wrong packages from being installed you must add the line exclude=clam* to any conflicting repositories.
For example if you have the imunify360 repo enabled . Edit the file /etc/yum.repos.d/imunify360.repo Before: [imunify360] name=EL-7 - Imunify360 baseurl=https://repo.imunify360.cloudlinux.com/defense360//el/7/updates/x86_64/ username=defense360 password=nraW!F@$x4Xd6HHQ enabled=1 gpgcheck=1 gpgkey=https://repo.imunify360.cloudlinux.com/defense360//RPM-GPG-KEY-CloudLinux After: [imunify360] name=EL-7 - Imunify360 baseurl=https://repo.imunify360.cloudlinux.com/defense360//el/7/updates/x86_64/ username=defense360 password=nraW!F@$x4Xd6HHQ enabled=1 gpgcheck=1 gpgkey=https://repo.imunify360.cloudlinux.com/defense360//RPM-GPG-KEY-CloudLinux exclude=clam* After this is done the extension installer will be able to complete successfully.
View Full Article...

You can change the interface language under Settings -> Application Settings -> Locale
View Full Article...

To remove Amavis from the postfix configuration without uninstalling Warden run the following commands: If using Plesk Obsidian (18.X) postconf -MX smtp-amavis/unix postconf -MX 127.0.0.1:10025/inet postconf -PX submission/inet/content_filter postconf -PX smtps/inet/content_filter postconf -PX pickup/fifo/content_filter postconf -X content_filter postconf -X receive_override_options service postfix restart If using Plesk Onyx (17.X) sed -i '/^smtp-amavis \|127.0.0.1:10025 /d' /etc/postfix/master.cf sed -i -e 's/ -o content_filter=smtp-amavis:\[127.0.0.1\]:10026//g' /etc/postfix/master.cf sed -i -e 's/ -o content_filter=smtp-amavis:\[127.0.0.1\]:10027//g' /etc/postfix/master.cf postconf -X content_filter postconf -X receive_override_options service postfix restart After you determine what is causing the problem with Amavis  you can add Amavis back to the postfix configuration by re-running the Warden installer from the command line. It will re-add the removed lines back to the postfix configuration: /usr/local/psa/admin/bin/modules/warden/install.sh
View Full Article...

By default mail with bad headers is quarantined for review but are still delivered to the users mailbox. If you would like to change this to discard mail with bad headers you can change the setting under Warden -> Settings -> Filter Settings -> Final bad header destiny from pass to discard. To disable all bad header tests: To disable all bad header tests on Centos/RHEL edit the file /etc/amavisd/warden.conf or on Debian/Ubuntu edit the file /etc/amavis/conf.d/99-warden and search for the @bypass_header_checks_maps option. Change from: @bypass_header_checks_maps = (\%bypass_header_checks, \@bypass_header_checks_acl, \$bypass_header_checks_re); Change to: @bypass_header_checks_maps = [1]; To disable all bad header tests for a specific policy bank: If we want to keep bad header tests enabled for incoming email but disable them for our own users. Edit the file /etc/amavisd/warden.conf or on Debian/Ubuntu edit the file /etc/amavis/conf.d/99-warden and add the bypass_header_checks_maps => [1] line to the SUBMISSION and SENDMAIL policy banks: ## POLICY BANKS # submission, SMTPS services $policy_bank{'SUBMISSION'} = { originating => 1, warnbadhsender => 0, terminate_dsn_on_notify_success => 0, bypass_header_checks_maps => [1], }; # sendmail, pickup services $interface_policy{'10027'} = 'SENDMAIL'; $policy_bank{'SENDMAIL'} = { originating => 1, warnbadhsender => 0, terminate_dsn_on_notify_success => 0, bypass_header_checks_maps => [1], }; To disable specific bad header tests: There is an $allowed_header_tests option by which you can define what should be looked up during the bad-header checks, and the list is as follows: other catchall for everything else - normally not used mime Bad MIME (sub)headers or bad MIME structure 8bit Invalid non-encoded 8-bit characters in header control Invalid control characters in header (CR or NUL) empty Folded header field made up entirely of whitespace long Header line longer than RFC 2822 limit of 998 characters syntax Header field syntax error missing Missing required header field multiple Duplicate or multiple occurrence of a header field To disable certain tests on Centos/RHEL edit the file /etc/amavisd/warden.conf or on Debian/Ubuntu edit the file /etc/amavis/conf.d/99-warden and search for the $allowed_header_tests option. Setting a test to 0 will disable that test: $allowed_header_tests{'multiple'} = 0; $allowed_header_tests{'missing'} = 0; After making these changes restart Amavis: // Centos/RHEL/Cloudlinux systemctl restart amavisd // Debian/Ubuntu systemctl restart amavisd-new  
View Full Article...

Warden makes changes to the following lines in /etc/postfix/master.cf: Before (lines may vary according to your servers operating system): # pickup pickup fifo n - n 60 1 pickup # SMTPS port (465) smtps inet n - n - - smtpd -o smtpd_tls_wrappermode=yes # submission port (587) (if enabled) submission inet n - n - - smtpd -o smtpd_enforce_tls=yes -o smtpd_tls_security_level=may -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination After: # pickup pickup fifo n - n 60 1 pickup -o content_filter=smtp-amavis:[127.0.0.1]:10027 # SMTPS port (465) smtps inet n - n - - smtpd -o smtpd_tls_wrappermode=yes -o content_filter=smtp-amavis:[127.0.0.1]:10026 # submission port (587) (if enabled) submission inet n - n - - smtpd -o smtpd_enforce_tls=yes -o smtpd_tls_security_level=may -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination -o content_filter=smtp-amavis:[127.0.0.1]:10026 # amavis smtp-amavis unix - - - - 2 smtp -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes -o max_use=20 -o smtp_tls_security_level=none # postfix-reentry 127.0.0.1:10025 inet n - - - - smtpd -o syslog_name=postfix-reentry -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_delay_reject=no -o smtpd_client_restrictions=permit_mynetworks,reject -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_data_restrictions=reject_unauth_pipelining -o smtpd_end_of_data_restrictions= -o mynetworks=127.0.0.0/8 -o strict_rfc821_envelopes=yes -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 -o smtpd_client_connection_count_limit=0 -o smtpd_client_connection_rate_limit=0 -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks -o smtp_tls_security_level=none Warden also adds the following line in /etc/postfix/main.cf: content_filter = smtp-amavis:[127.0.0.1]:10024 If you want the Warden installer to try and repair these files you can run the Warden installer from the command line: /usr/local/psa/admin/bin/modules/warden/install.sh
View Full Article...

After upgrading to Warden 2.02-1 mail is stuck in the queue. You might see this in the mail log: SELECT command denied to user 'danami_warden'@'localhost' for table 'domain_aliases' at (eval 99) line 173., , Sep 19 04:05:58 mail amavis[6135]: (06135-01) (!!)TROUBLE in process_request: sql exec: err=1142, 42000, DBD::mysql::st execute failed: SELECT command denied to user 'danami_warden'@'localhost' for table 'domain_aliases' at (eval 99) line 173. at (eval 102) line 333. Sep 19 04:05:58 mail amavis[6135]: (06135-01) (!)Requesting process rundown after fatal error mailq recive 127.0.0.1[127.0.0.1] while receiving the initial server greeting Run this command to fix the error: mysql -u admin -p`cat /etc/psa/.psa.shadow` -s -N -e "GRANT SELECT ON psa.domain_aliases TO 'danami_warden'@'localhost'; FLUSH PRIVILEGES;" 2>/dev/null After you are sure that Amavis is working again you can tell postfix to retry delivery of mail in queue with the command: postqueue -f This bug is fixed in Warden 2.02-2 which was published in the Plesk extension directory on 09/21/2020.
View Full Article...

Centos / RHEL / CloudLinux Configuration files: // amavis (Content Filter Settings) /etc/amavisd/warden.conf // spamassassin (Anti-spam Settings) /etc/mail/spamassassin/local.cf // clamd scan deamon (Anti-virus Settings) /etc/clamd.d/scan.conf // clamav signature update (Anti-virus Signature Settings) /etc/freshclam.conf // dovecot (IMAP learning) /etc/dovecot/conf.d/99-warden.conf Restarting Services: // amavis restart systemctl restart amavisd // amavis log file tail -f /var/log/maillog // clamav restart systemctl restart clamd@scan // clamav log file tail -f /var/log/clamd.scan // dovecot restart systemctl restart dovecot // dovecot log file tail -f /var/log/maillog Debian / Ubuntu // amavis (Content Filter Settings) /etc/amavis/conf.d/99-warden.conf // spamassassin (Anti-spam Settings) /etc/mail/spamassassin/local.cf // clamd scan deamon (Anti-virus Settings) /etc/clamav/clamd.conf // clamav signature update (Anti-virus Signature Settings) /etc/clamav/freshclam.conf // dovecot (IMAP learning) /etc/dovecot/conf.d/99-warden.conf Restarting Services: // amavis restart /etc/init.d/amavis restart // amavis log file tail -f /var/log/maillog // clamav restart /etc/init.d/clamav-daemon restart // clamav log file tail -f /var/log/clamav/clamav.log // dovecot restart systemctl restart dovecot // dovecot log file tail -f /var/log/maillog
View Full Article...

Go to Warden -> Settings -> Filter Settings and change the Log template option from short to verbose. 2. Now you should see a breakdown of any matched rules when clicking on a message entry in the message log.
View Full Article...

Download the latest RAR packages for Linux x64 from rarlab.com. The latest version at the time this article was written is version 5.9.1. Extract the tar.gz package and copy the rar and unrar binaries to your /usr/local/bin directory: wget https://www.rarlab.com/rar/rarlinux-x64-5.9.1.tar.gz tar -zxvf rarlinux-*.tar.gz cd rar cp rar unrar /usr/local/bin Restart Amavis: // Centos / RHEL / CloudLinux systemctl restart amavisd // Debian / Ubuntu systemctl restart amavisd-new
View Full Article...

Policy Banks Policy banks are sets of Amavis configurations that are applied to specific email senders. You can set-up policy banks to allow clients on your internal network to bypass Anti-spam/Anti-virus scanning, allowing particular senders to attach files that are banned for other senders. Policy Banks in Warden Policy bank identifiers are logged with each message. This means it's easy to find out what email was sent though a particular service. For example if you want to see email that was sent using PHP scripts on the server you can just select the SENDMAIL policy (The PHP mail fuction is sent out using the postfix sendmail wrapper). To see what email was sent out using the submission or SMTPS ports you can select the SUBMISSION policy. You can add the policy column to the message log by clicking on the columns button at the button of the grid. MYNETS - mail that originated from your network.
SENDMAIL - mail that was sent using the posfix sendmail wrapper or pickup services (typically PHP scripts).
SUBMISSION - mail that was sent using the submission or SMTPS services (ports 587 or 465).

Editing a Policy To make changes to a specific policy on Centos/RHEL edit the file /etc/amavisd/warden.conf or on Debian/Ubuntu edit the file /etc/amavis/conf.d/99-warden and search for the POLICY BANKS section:
## POLICY BANKS # submission, SMTPS services $interface_policy{'10026'} = 'SUBMISSION'; $policy_bank{'SUBMISSION'} = { originating => 1, warnbadhsender => 0, terminate_dsn_on_notify_success => 0, }; # sendmail, pickup services $interface_policy{'10027'} = 'SENDMAIL'; $policy_bank{'SENDMAIL'} = { originating => 1, warnbadhsender => 0, terminate_dsn_on_notify_success => 0, }; For example if you wanted to disable spam filtering for the SUBMISSION services only you could set the bypass_spam_checks_maps option in the SUBMISISON policy to: $policy_bank{'SUBMISSION'} = { originating => 1, warnbadhsender => 0, terminate_dsn_on_notify_success => 0, bypass_spam_checks_maps => [1], }; After making the changes restart Amavis: // Centos/RHEL/Cloudlinux systemctl restart amavisd // Debian/Ubuntu systemctl restart amavisd-new  
View Full Article...

When looking at the mail log of the server you see this log entry from Amavis: Aug 3 01:00:20 el7p17 amavis[114160]: (114160-02) NOTICE: reconnecting in response to: err=2006, HY000, DBD::mysql::st execute failed: MySQL server has gone away at (eval 130) line 173. Amavis tries to use a persistent connection to mariadb but the server has dropped the connection so Amavis has to try again to re-establish the connection. How to Fix:
Check that wait_timeout mysql variable in your /etc/my.cnf configuration file is large enough (don't forget to also check for the value in your /etc/my.cnf.d/ directory overriding the default). It is recommended that you set the variable to its default value within the [mysqld] section: [mysqld] wait_timeout = 28800 Restart MariaDB: systemctl restart mariadb.service Once you’ve made these changes, and restarted your MariaDB server, the issue should be fixed.
View Full Article...

No greylisting should not be used with the Amavis content filter (Warden will disable greylisting when first installed). If greylisting is enabled when using a content filter then outgoing email will be greylised causing improper delays for outgoing email. Warden has a nightly task which will automatically disable greylisting if it's enabled. If you accidentally enabled the old legacy spam filter settings you can re-run the Warden installer on the command line to disable them again: Centos / RHEL / CloudLinux /usr/local/psa/admin/bin/modules/warden/install.sh Debian / Ubuntu /opt/psa/admin/bin/modules/warden/install.sh
View Full Article...

Amavis will prepend to Subject (for local recipients only) if mail could not be decoded or checked entirely, e.g. due to password-protected archives. To disable this on Centos/RHEL edit the file /etc/amavisd/amavisd.conf or on Debian/Ubuntu edit the file /etc/amavis/conf.d/99-warden and add the line (before the last line 1;): $undecipherable_subject_tag = undef; After making the changes restart Amavis: // Centos/RHEL/Cloudlinux systemctl restart amavisd // Debian/Ubuntu systemctl restart amavisd-new
View Full Article...

View All...