In July, after fixing the usual issues with SSL certificates, somehow customers stopped receiving mail. We fixed that by with CP Email Debugger (reset serverwide).

But since then mail doesn’t seem to pass through MailScanner/MailWatch. It does go through spamassassin and AV, but doesn’t show up in MailWatch nor is any blacklisted mail quarantined.

Non of the later updates of CP automatically reset or fixed the issue. We removed MailScanner completely, as well as spamassassin and re-installed it. Another try with Email Debugger did not fix it.

MailWatch keeps saying “MailScanner:| NO |0 proc(s)” & “Postfix:| NO |0 proc(s)”.

We tried the install process of MailScanner: Howto - Postfix - MailScanner
This resulted in MailScanner picking up mail again, scanned and blocked correctly, but never delivered any mail to any mailbox. Tried 8 - How to Install/Remove MailScanner on CyberPanel (removing header_checks from postfix).
Because no mail was delivered, we reset the whole thing again with Email Debugger.

The server is on Ubuntu 22.04. CP Current Version: 2.3 Build: 7.

MailScanner seems to be running:
service mailscanner status
● mailscanner.service - LSB: MailScanner daemon
Loaded: loaded (/usr/lib/MailScanner/init/ms-init; enabled; vendor preset: enabled)
Active: active (running) since Thu 2024-10-24 09:37:37 UTC; 18min ago
Docs: man:systemd-sysv-generator(8)
Process: 175034 ExecStart=/usr/lib/MailScanner/init/ms-init start (code=exited, status=0/SUCCESS)
Main PID: 175627 (MailScanner: ma)
Tasks: 6 (limit: 19057)
Memory: 575.9M
CPU: 11.360s
CGroup: /system.slice/mailscanner.service
├─175627 “MailScanner: master process sleeping”
├─175628 “MailScanner: waiting for messages”
├─175642 “MailScanner: waiting for messages”
├─175653 “MailScanner: waiting for messages”
├─175659 “MailScanner: waiting for messages”
└─175665 “MailScanner: waiting for messages”

okt 24 09:37:34 boxapps systemd[1]: Starting LSB: MailScanner daemon…
okt 24 09:37:34 boxapps ms-init[175034]: MailScanner starting …
okt 24 09:37:36 boxapps su[175607]: (to nobody) root on none
okt 24 09:37:36 boxapps su[175607]: pam_unix(su:session): session opened for user nobody(uid=65534) by (uid=0)
okt 24 09:37:36 boxapps su[175607]: pam_unix(su:session): session closed for user nobody
okt 24 09:37:37 boxapps MailScanner[175605]: MailScanner setting GID to postfix (124)
okt 24 09:37:37 boxapps MailScanner[175605]: MailScanner setting UID to postfix (115)
okt 24 09:37:37 boxapps ms-init[175034]: MailScanner started with process id 175627
okt 24 09:37:37 boxapps systemd[1]: Started LSB: MailScanner daemon.

MailScanner --lint
Trying to setlogsock(unix)

Reading configuration file /etc/MailScanner/MailScanner.conf
Reading configuration file /etc/MailScanner/conf.d/README
Read 868 hostnames from the phishing whitelist
Read 5807 hostnames from the phishing blacklists
Config: calling custom init function SQLBlacklist
MailWatch: Starting up MailWatch SQL Blocklist
MailWatch: Read 801 blocklist entries
Config: calling custom init function MailWatchLogging
Config: calling custom init function SQLWhitelist
MailWatch: Starting up MailWatch SQL Allowlist
MailWatch: Read 32 allowlist entries

Checking version numbers…
Version number in MailScanner.conf (5.4.4) is correct.

Your envelope_sender_header in spamassassin.conf is correct.
MailScanner setting GID to (124)
MailScanner setting UID to (115)

Checking for SpamAssassin errors (if you use it)…
Using SpamAssassin results cache
Connected to SpamAssassin cache database
SpamAssassin reported no errors.
Connected to Processing Attempts Database
Created Processing Attempts Database successfully
There are 0 messages in the Processing Attempts Database
Using locktype = posix
MailScanner.conf says “Virus Scanners = clamav”
Found these virus scanners installed:

Filename Checks: Windows/DOS Executable (1 eicar.com)
Other Checks: Found 1 problems
Virus and Content Scanning: Starting

If any of your virus scanners ()
are not listed there, you should check that they are installed correctly
and that MailScanner is finding them correctly via its virus.scanners.conf.
Config: calling custom end function SQLBlacklist
MailWatch: Closing down MailWatch SQL Blocklist
Config: calling custom end function MailWatchLogging
Config: calling custom end function SQLWhitelist
MailWatch: Closing down MailWatch SQL Allowlist

No MailScanner info in /var/log/mail.log

Settings in MailScanner.conf:
Run As User = postfix
Run As Group = postfix
Incoming Queue Dir = /var/spool/postfix/hold
Outgoing Queue Dir = /var/spool/postfix/incoming
Incoming Work Dir = /var/spool/MailScanner/incoming
Quarantine Dir = /var/spool/MailScanner/quarantine
PID file = /var/run/MailScanner.pid
MTA = postfix

We tried several possible solutions online - both on CP support and any other source - but have not successed in getting MailScanner going again.
Anyone a suggestion? A clean install of CP is not an option since it’s a live server with several customers.

Since the day I met Cyberpanel, I have never seen mailscanner and mailwatch working properly. Even the forum help topics opened regarding these issues are almost never answered.

is there an update on this? i have issues as well with mailscanner.

You’ll be waiting in vain, unless you buy a license for a fee. If you want to manage your email security automatically, you have to pay.

I always had a problem with MailScanner too but when i did clean install after that notorious security breach. I chose Ubuntu 22.04 (before i had Centos 7) and clean install of Cyberpanel 2.3.9 and DKIM and MailScanner started working as it should.

Edit: sorry i didn’t notice you mentioned clean install is not an option, i had 50 clients and had to reinstall as fast as i can after that hack, managed to relaunch in 2 days. With manually recreate 1000 email accounts and restore mail backups, If you only have few clients that does not sound too terribly you can do it on weekend, just inform them beforehand.