Jacobs "Blog"

Installing MailWatch

I have had a really shit day today, potentially getting my first 'written warning' at work for missing something pretty important which is a pretty weird thing for a sysadmin, I find. I've decided to cathart by progressing my MailWatch installation.

This is a stub btw. Idk if i'll ever finish it.

Error I received, which prompted this article:

Can't exec "mysql_config": No such file or directory at Makefile.PL line 561.
Can't find mysql_config. Use --mysql_config option to specify where mysql_config is located. Failed to determine directory of mysql.h

The suggested fix everywhere is to install libmysqlclient-dev from Aptitude however we run CentOS, making this harder. Most people don't really talk about it and if you're like me, thinking it's looking for a config file then you're wrong. It's actually a command it's searching for and yum whatprovides mysql_config tells me exactly where I needed to look.

yum -y install MariaDB-devel

I was then able to run cpan -i DBD::mysql


The next error that I received was MailWatch silently failing to show any data what-so-ever.

I found that in status.php, the table of emails received is generated by the db_colorised_table function and that the developer has never heard of Smarty. Urgh. Spaghetti code... lovely.

Looking at the function, I identified the point after $sql was executed by the custom function dbquery() and that the developer loads the number of rows with $rows = $sth->num_rows;. Before the spaghetti of if ($rows > 0) I added if ($rows < 1) { echo "I can't see any mail: $row"; } and funnily enough, that's now what status.php tells me.

So now I have identified part of the why, I just need the... well... how come?

Let's look at $sql. Obviously, the following failed to garner any results: if ($rows < 1) { echo "I can't see any mail. $rows - $fields <br /><hr />"; print_r($sth->fetch_rows()) ;}

Are you shocked? lol.

What's $sql though?

SELECT id AS id2, hostname AS host, DATE_FORMAT(timestamp, '%d/%m/%y %H:%i:%s') AS datetime, from_address, to_address, subject, size as size, isspam, ishighspam, spamwhitelisted, spamblacklisted, virusinfected, nameinfected, otherinfected, sascore, report, ismcp, issamcp, ishighmcp, mcpsascore, released, salearn, '' AS status FROM maillog WHERE (to_address = 'itadmin' OR to_address like 'itadmin,%' OR to_address like '%,itadmin' OR to_address like '%,itadmin,%' OR from_address = 'itadmin') ORDER BY date DESC, time DESC LIMIT 50

which cleans up to look like;

SELECT 
 id AS id2,
 hostname AS host,
 DATE_FORMAT(timestamp, '%d/%m/%y %H:%i:%s') AS datetime,
 from_address,
 to_address,
 subject,
 size as size,
 isspam,
 ishighspam,
 spamwhitelisted,
 spamblacklisted,
 virusinfected,
 nameinfected,
 otherinfected,
 sascore,
 report,
 ismcp,
 issamcp,
 ishighmcp,
 mcpsascore,
 released,
 salearn,
 '' AS status
FROM maillog
WHERE 
 (to_address = '<myloggedinuser>' OR to_address like '<myloggedinuser>, %' OR to_address like '%, <myloggedinuser>' OR to_address like '%, <myloggedinuser>, %' OR from_address = '<myloggedinuser>')
ORDER BY date DESC, time DESC LIMIT 50

This-and-that aside, it's the "where" clause that has me concerned. Here, we're only selecting lines that some-what match my logged in user which is not ideal. This leads me to believe one thing; I'm not logged in with an admin account.

I have found that the reason why my MailWatch pages were empty despite data being in the database is because I didn't correctly setup my user when I installed the database. MailWatch has usergroups to change what data people can see, and what I have done is miss the "type" field when I created my user.

Let's look at that install line:

INSERT INTO users SET username = 'admin', password = MD5('<password>'), fullname = '<name>', type = 'A'

You'll see 'type = a', which I missed because I did this:

INSERT INTO users (username, password, fullname) values ('..', MD5('..'), '..');

Live and learn. Hopefully helps someone in the future. The following fixed it for me:

update mailscanner.users set type = 'a' where username = '<myuser>';

It's important to learn here; that if you're not seeing everything or mailwatch is only showing some data, it's worth checking your account type.

It's worth noting that I do not use ldap - yet - because this is a tool solely for me to monitor a quarantine queue.