Haines wrote:
>> Notice all the differences, I have not seen amavisd-new produce
>> 'autolearn=no'.
>> (I set my $sa_tag2_level_deflt = 1.0; to insure it would be marked.)
> I'm following your recommendation.
No! That was *not* a recommendation, that was an explanation. You do not
want to mark spam at a score of 1.0! To insure you get X-Spam headers,
you need to make sure the recipient's domain is in @local_domains_acl
and you need to set $sa_tag_level_deflt to a low level, something like
this:
$sa_tag_level_deflt = -999.0; # add spam info headers if at, or above that
level
$sa_tag2_level_deflt = 5.0; # add 'spam detected' headers at that level
$sa_kill_level_deflt = 8.0; #$sa_tag2_level_deflt; # triggers spam evasive
actions
# at or above that level: bounce/reject/drop,
# quarantine, and adding mail address extension
>> > What other mail transport could be using spamassassin? I use postfix
>> > (exim not installed), fetchmail, amavisd-new, and as far as I know,
>> > nothing else.
>> >
>>
>> Do you have a ~/.procmailrc or /etc/procmailrc file?
>> If so, what are the contents?
> I created /etc/procmailrc a few days ago in an attempt to get postfix
> to use spamassassin. Perhaps it is amavisd-new that should instead use
> spamassassin and this rc file should be deleted.
I thought that is what we were trying to do all along. According to
the subject of this thread, you want to discard spam. You can use
amavisd-new, or you can use procmail, but with amavisd-new you also
get virus scanning (and a lot of other goodies).
>
> DROPPRIVS=yes
> PATH=/bin:/usr/bin:/usr/local/bin
> SHELL=/bin/sh
> # Spamassassin
> :0fw
> * <300000
> |/usr/bin/spamassassin
> # Spamassassin
> :0fw
> * <300000
> |/usr/bin/spamassassin
Yes. Here is where you are calling spamassassin. Mystery solved.
Didn't you just say "What other mail transport could be using
spamassassin? I use postfix (exim not installed), fetchmail,
amavisd-new, and as far as I know, nothing else."
You will also want to stop spamd, and prevent it from starting up when
the system boots. If you installed spamassassin from Debian, edit
/etc/default/spamassassin and set ENABLED=0. You should not be running
spamd if you are using amavisd-new.
> I see that in fact I have log files in /var/log/clamav going back
> several months.
Then you did not purge as I asked. If you had, your installation would
be working. The whole point of the purge was to start off with
everything configured in such a way that it would make problem solving
easier because your entire clamav/clamd configuration would be known.
> I assumed that # dpgk --purge clamav would do the trick. I just ran it
> again and get:
> (reading database ... 87261 files and directories currently installed.)
> Removing clamav ...
> However, it didn't touch the log files in /var/log/clamav although
> $apt-show-versions says clamav is currently not installed. I'll
> reinstall clamav, but not tinker with anything lest I make things
> worse.
It would have worked better if you'd follow the directions I gave you.
> As for reading the clamav.log files, I'm in the habit of using the
> zless command (I use emacs rather than vi). However, this command
> tells me the compressed file is binary. Something is wrong, so I just
> unpacked a couple to look at them. All the logs going back to
> September have zero content. The most recent log with content is 18
> September, and its typical entry is this:
> Wed Sep 7 10:42:33 2005 -> ERROR: Socket file
> /var/run/clamav/clamd.ctl could not be bound: Permission denied
> But so much water has gone over the dam that I don't know if this
> means anything. In my zeal to define my hardware firewall for
> security, I may have closed a needed port, but I don't see that my
> problems indicate this.
It think it means you should not have 'User amavis' in clamd.conf,
you should have 'User clamav'.
>> It should have removed all binaries, directories and files related to
>> clamav. If you get errors that certain /clamav directories could not be
>> removed, then they have to be very carefully removed by hand before you try
>> to reinstall clamav and clamav-daemon. In clamd.conf, make sure you have:
>> User clamav
> I have only uninstalled/reinstalled clamav, not clamav-daemon. I'm now
> removing all logs (why "carefully") and purge and reinstall both, and
> restart the daemons. All went smoothly.
> I do have "User amavis" in clamd.conf.
Wrong. Should be clamav.
If you had purged clamav/clamd, clamd.conf would have been deleted,
and then recreated, and the user would be 'clamav'.
>> Find out where this went:
>> find / -name
>> spam-ea38889258a990fcadce38ba769da151-20051104-073131-02770-03
> Apparently nowhere. Find returned nothing.
I don't have an explanation.
>> Are you sure you are editing the amavisd.conf that amavisd-new is
>> using? See if you have more than one. The one normally used by amavisd-new
>> on Debian is /etc/amavis/amavisd.conf
> No, that's it except for a backup of a version from Feb 2004 burried
> deep in a custom partition and directory (although I presume it
> couldn't be found, I commented it anyway).
> As for amavisd.conf, locate tells me there is one copy where it
> is expected and the copy burried in my custom partition.
>> grep amavisd.conf /usr/sbin/amavisd-new
>> to see which amavisd.conf amavisd-new is looking for.
> The return is: /etc/amavisd.conf
So, amavisd-new is looking for /etc/amavisd.conf. Is this where your
amavisd.conf is? You did not say where it was actually located.
This also indicates you are not using the Debian version of the
amavisd-new executable program. If you were using the Debian version
of amavisd-new, it would be looking for amavisd.conf in
/etc/amavis/amavisd.conf.
As far as your settings go in amavisd.conf, if you only have one
amavisd.conf and amavisd-new is reading that file, then I think you
probably have some of the settings listed in the file more than once.
When you do this, only the last one you entered will be used, as it
overwrites the previous assignment.
>> > $virus_quarantine_to = undef;
>> > # $QUARANTINEDIR = '/var/lib/amavis/virusmails'; (commented)
>> > I do have this virusmails directory, but it is empty.
>> > $spam_quarantine_to = undef;
>>
>> I would double check permissions and ownership of /var/lib/amavis
>>
>> chown -R amavis:amavis /var/lib/amavis
>> chmod -R 750 /var/lib/amavis
> I've got 755 for /var/lib/amavis, which should be harmless enough, I
> assume. But I find 700 for /var/lib/amavis/.spamassassin and 600 for
> its contents. I find 755 for /var/lib/amavis/virusmails. There are two
> subdirectories in /var/lib/amavis that have names in the form
> "amavis-20051104T223005-10762" which contain an empty subdirectory
> "parts" (750), and a file named "email.txt". One is actually spam, but
> has a spam score of 0 (not recognized as being spam), and the
> email.txt in the other directory is simply the report back of my last
> fetchmail run. My fetchmail just ran again as I write this, and now
> the email.txt that had a spam message has been replaced by the
> fetchmail report back that just occurred (I've no idea of what's
> happening here). I'm changing to the the permissions you recommend
> (but leaving the plain text files not executable).
Each child process amavisd creates will create a temporary directory,
something like "amavis-20051104T223005-10762". This is where
amavisd-new will unpack and scan messages it is processing. These
temporary directories are created, used for a while, then deleted.
> The /var/lib/amavis/razor-agent.log has been running the last two
> days, and seems to recognize mail as being either known spam or not
> known spam. I left its permission 640.
Gary V
-------------------------------------------------------
SF.Net email is sponsored by:
Tame your development challenges with Apache's Geronimo App Server. Download
it for free - -and be entered to win a 42" plasma tv or your very own
Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php
_______________________________________________
AMaViS-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
