[AMaViS-user] How to automatically report SPAM to spamcop
Hi, I am running postfix 2.2.4 on Solaris 8 with amavisd-new.2.3.2, SpamAssassin 3.1.0 and Clamav 0.8.7.1 as an AV/AS gateway to my main email system. Since we are any ISP and we received thousands of SPAM messages I want to report these messages to spamcop. I have gone through the faq's on spamcop site and some docs on spamassassin site but still I didn't get a clear idea how to configure this. Can any one guide me on this. Second question is that am using postfix to check the rbls, is it OK or I need to check this in amavisd? Thanks, MJ --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] Re: How to automatically report SPAM to spamcop
Heute (28.12.2005/13:07 Uhr) schrieb MJ ([EMAIL PROTECTED]), Hi, I am running postfix 2.2.4 on Solaris 8 with amavisd-new.2.3.2, SpamAssassin 3.1.0 and Clamav 0.8.7.1 as an AV/AS gateway to my main email system. Since we are any ISP and we received thousands of SPAM messages I want to report these messages to spamcop. I have gone through the faq's on spamcop site and some docs on spamassassin site but still I didn't get a clear idea how to configure this. Can any one guide me on this. Second question is that am using postfix to check the rbls, is it OK it`s the only (the best IMHO) way or maybe turn on the RBL checks of SA. or I need to check this in amavisd? amavis can`t do this. Thanks, MJ -- Viele Grüße, Kind regards, Jim Knuth [EMAIL PROTECTED] ICQ #277289867 - VoIP: +49 (0) 322 212 044 67 Key ID: 0x1F78066F -- Zufalls-Zitat -- Das letzte Wort des Bergsteigers: So, der Haken hält. -- Der Text hat nichts mit dem Empfänger der Mail zu tun -- Virus free. Checked by NOD32 Version 1.1341 Build 6516 27.12.2005
[AMaViS-user] forwarding viruses to host
Hi! I'm running two servers with amavisd-new under debian with postfix. On Server A there is a spam collection account [EMAIL PROTECTED], where all viruses have to be delivered to. On host B all spam found should be delivered to Server A into the spam.collect account. If now Server A receives SPAM, I can see two messages in the spam.collect box. The SPAM mail itself, and a resport for each SPAM with title SPAM FROM xxx If Server B receives SPAM, I can see three messages since (I expect) server B identifies spam, generates a SPAM FROM message to Server A, forwards SPAM itself to Server A, where server A also identifies message as SPAM again and produces a second report... This second report always shows up as SPAM FROM (?) where the exclamation mark is present. What would be the right or common way to forward that Mails? I already was thinking of using a transport from B to A, not being handled via amavis but i don't want to switch off too much checks and don't want to open unnecessary ports . Any suggestions to this setup? Thanks a lot +---+ +---+ | Miro Dietiker | | MD Systems Miro Dietiker | +---+ +---+ --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] Allowing exe files in zip format
Hi, I am running postfix 2.2.4 on Solaris 8 with amavisd-new.2.3.2, SpamAssassin 3.1.0 and Clamav 0.8.7.1 as an AV/AS gateway to my main email system. We want our users to be able to send exe files in compress form (.zip) how can I configure amavisd not to bann exe files in zip format. Thanks, MJ --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] Are there any C programmers on this list who may have some available time?
I'm in the midst of rewriting some PHP code for an amavisd-new utility and I'm looking for people who have some time they could devote to converting some small code to C. I've delegated the majority / bulk of the work to myself but have a half dozen more small routines to convert and was wondering if I could obtain some assistance with them. All interested parties please respond off list. -- Dale --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Problem with Amavisd-new forking children endlessly
Mike, In Gregory's case it was a systemwide ldap problem, discovered by strace: | I ran the strace -f and it looks like some sort of ldap (!?) problem | now. It segfaults right after trying to load .ldaprc from the | /var/amavis directory. Nothing mentioning ldap in my amavisd.conf file, | however LDAP is used for other things on the system. What steps should I take to try to fix this. First you need to find out what is wrong. I updated/re-installed perl and its modules and openldap works just fine. How do I use the strace -f? man strace for example: # su vscan $ strace -f -t -o 0.log amavisd debug strace can also attach to an already running process, using option -p Is anyone else using Fedora Core 4? If so, did amavis work out of the box? Don't know. I'd say that for most people it would work out of the box, otherwise we would see more complaints on the mailing list. Mark --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] forwarding viruses to host
MD wrote: Hi! I'm running two servers with amavisd-new under debian with postfix. On Server A there is a spam collection account [EMAIL PROTECTED], where all viruses have to be delivered to. On host B all spam found should be delivered to Server A into the spam.collect account. If now Server A receives SPAM, I can see two messages in the spam.collect box. The SPAM mail itself, and a resport for each SPAM with title SPAM FROM xxx If Server B receives SPAM, I can see three messages since (I expect) server B identifies spam, generates a SPAM FROM message to Server A, forwards SPAM itself to Server A, where server A also identifies message as SPAM again and produces a second report... This second report always shows up as SPAM FROM (?) where the exclamation mark is present. What would be the right or common way to forward that Mails? I already was thinking of using a transport from B to A, not being handled via amavis but i don't want to switch off too much checks and don't want to open unnecessary ports . Any suggestions to this setup? Thanks a lot +---+ +---+ | Miro Dietiker | | MD Systems Miro Dietiker | +---+ +---+ I'm not exactly clear on all points of your setup but maybe this would work (or at least give you one idea). At some appropriate place in main.cf create a check_client_access map that will use a policy bank if the mail originates from server B. Then only bypass checks if mail from that client is addressed to [EMAIL PROTECTED] check_client_access hash:/etc/postfix/amavis_quarantine /etc/postfix/amavis_quarantine: 192.168.1.15 FILTER smtp-amavis:[127.0.0.1]:10026 in amavisd.conf: $inet_socket_port = [10024,10026]; Then set up a policy bank. This will override amavisd-new's configured settings for any message received on port 10026. $interface_policy{'10026'} = 'QUARANTINE'; $policy_bank{'QUARANTINE'} = { bypass_spam_checks_maps = [[qw( [EMAIL PROTECTED] )]], bypass_banned_checks_maps = [[qw( [EMAIL PROTECTED] )]], bypass_virus_checks_maps = [[qw( [EMAIL PROTECTED] )]], bypass_header_checks_maps = [[qw( [EMAIL PROTECTED] )]], spam_lovers_maps = [[qw( [EMAIL PROTECTED] )]], banned_files_lovers_maps = [[qw( [EMAIL PROTECTED] )]], virus_lovers_maps = [[qw( [EMAIL PROTECTED] )]], bad_header_lovers_maps = [[qw( [EMAIL PROTECTED] )]], }; Gary V Gary V --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
AW: [AMaViS-user] Allowing exe files in zip format
This one would interest me too ... Which var did you passed this option? May you pass the paragraph here? In my debian amavisd.conf is no such uncommentable line. Thanks! +---+ +---+ | Miro Dietiker | | MD Systems Miro Dietiker | +---+ +---+ -Ursprüngliche Nachricht- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von MJ Gesendet: Mittwoch, 28. Dezember 2005 15:55 An: amavis-user@lists.sourceforge.net Betreff: RE: [AMaViS-user] Allowing exe files in zip format Hi, Got it. I uncommented the following line in /etc/amavisd.conf and it solved my problem. [ qr'^\.(zip|rar|arc|arj|zoo)$'= 0 ], # allow any within such archives Thanks, MJ --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/ --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_idv37alloc_id865op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
RE: [AMaViS-user] Allowing exe files in zip format
This one would interest me too ... Which var did you passed this option? May you pass the paragraph here? In my debian amavisd.conf is no such uncommentable line. I am using amavisd-new.2.3.2 and by default it has commented line under $banned_filename_re paragraph, I just uncommented. Here is the paragraph MJ -- $banned_filename_re = new_RE( # qr'^UNDECIPHERABLE$', # is or contains any undecipherable components # block certain double extensions anywhere in the base name qr'\.[^./]*[A-Za-z][^./]*\.(exe|vbs|pif|scr|bat|cmd|com|cpl|dll)\.?$'i, # qr'\{[0-9a-z]{4,}(-[0-9a-z]{4,}){0,7}\}?'i, # Class ID extensions - CLSID qr'^application/x-msdownload$'i, # block these MIME types qr'^application/x-msdos-program$'i, qr'^application/hta$'i, # qr'^message/partial$'i, # rfc2046 MIME type # qr'^message/external-body$'i, # rfc2046 MIME type # [ qr'^\.(Z|gz|bz2)$' = 0 ], # allow any in Unix-compressed [ qr'^\.(rpm|cpio|tar)$' = 0 ], # allow any in Unix-type archives [ qr'^\.(zip|rar|arc|arj|zoo)$'= 0 ], # allow any within such archives qr'.\.(exe|vbs|pif|scr|bat|cmd|com|cpl)$'i, # banned extension - basic # qr'.\.(ade|adp|app|bas|bat|chm|cmd|com|cpl|crt|emf|exe|fxp|grp|hlp|hta| #inf|ins|isp|js|jse|lnk|mda|mdb|mde|mdw|mdt|mdz|msc|msi|msp|mst| #ops|pcd|pif|prg|reg|scr|sct|shb|shs|vb|vbe|vbs| #wmf|wsc|wsf|wsh)$'ix, # banned ext - long # qr'.\.(mim|b64|bhx|hqx|xxe|uu|uue)$'i, # banned extension - WinZip vulnerab. qr'^\.(exe-ms)$', # banned file(1) types # qr'^\.(exe|lha|tnef|cab|dll)$', # banned file(1) types ); -- --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Amavis Spam Modul kill Connection of postfix
Michael, This is the amavis log file. I don't find the problem. https://mail.lug-wt.de/amavis.log It doesn't tell much, except that you only have one virus scanner and even that one is listed in a secondary (backup) list. That by itself is not a problem, although eventually you would probably want to install and enable clamd or some other daemonized virus scanner. Increase the $log_level (to 5) or run: amavisd debug and watch the log until the problem with spam scanning occurs. If the problem is within SA, running # amavisd debug-sa could also be useful. Mark --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Multiple recipient question with postfix
RHutton wrote: It has been a long time since I have worked with Amavis, but there used to be some pretty severe limitations on applying per recipient policies (eg. one recipient dropping, while another recipient quarantines, while another tags and passes) if the email was passed directly from postfix without having the destination expansion done first. Is this still an issue? Thanks, Rob Rob Hutton DataScan Technologies This Postfix thread is related. http://marc.theaimsgroup.com/?l=postfix-usersm=113488134818192w=2 Gary V --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] How to automatically report SPAM to spamcop
MJ, I am running postfix 2.2.4 on Solaris 8 with amavisd-new.2.3.2, SpamAssassin 3.1.0 and Clamav 0.8.7.1 as an AV/AS gateway to my main email system. Since we are any ISP and we received thousands of SPAM messages I want to report these messages to spamcop. I have gone through the faq's on spamcop site and some docs on spamassassin site but still I didn't get a clear idea how to configure this. Can any one guide me on this. A command 'spamassassin --report' can learn/report spam to dcc, pyzor, razor, spamcop and to local bayes. A different question is how to let your users submit such mail, and solutions in this area are highly site-specific. Second question is that am using postfix to check the rbls, is it OK or I need to check this in amavisd? It is generally better to move all/most RBL checks from MTA to SA (local.cf). A default SA installation is already doing many RBL and URIBL checks, so it is likely you already have them in SA. The RBL checks done by MTA have an advantage they can reject mail before it is received, but it has a huge disadvantage that a false-positive (too eager RBL) can block a valid mail far too easily. Combining RBL checks with other SA tests makes false positives and broken/malicious RBLs less distructive. Mark --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Allowing exe files in zip format
On Wed, Dec 28, 2005 at 05:10:06PM +0100, Miro Dietiker, MD Systems wrote: I am using amavisd-new.2.3.2 and by default it has commented line under $banned_filename_re paragraph, I just uncommented. Here is the paragraph MJ Huh ... i tried to resolve my exact version but amavisd-new supports no -V and my debian says no such version string, just Version: 20030616p10-5 You have quite an old version of amavisd-new (over 2 years out of date, as the version indicates.) It will work OK, but you might consider upgrading. The version you run is missing many newer features, and an upgrade might be required to use newest versions of SpamAssassin; I forget. -- Clifton -- Clifton Royston -- [EMAIL PROTECTED] / [EMAIL PROTECTED] President - I and I Computing * http://www.iandicomputing.com/ Custom programming, network design, systems and network consulting services --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] RE: How to clean /var/spool/amavis directory automatically
lkolchin wrote: Hi, I've run (find /var/spool/amavis -type d -name 'amavis-*' -prune -mmin +30 -exec rm -rf {} \; Restarted amavisd-new, clamAV and postfix, and it seems to work OK now, But I want to avoid this in the future and find the cause of that bug. These are the versions installed on my server: amavisd-new-20030616p9-3.6Tue Sep 6 16:46:59 2005 spamassassin-2.64-3.2 Tue Sep 6 16:46:51 2005 perl-spamassassin-2.64-3.2Tue Sep 6 16:46:30 2005 As far as I can see I've started to get status=deferred messages at Dec 22 04:24:01 and this message repeated every 16 min. not only for [EMAIL PROTECTED] user but also for other users: - Dec 22 04:24:01 mail postfix/pipe[24644]: 054301BB9B: to=[EMAIL PROTECTED], relay=cyrus, delay=231660, status=defer red (temporary failure) Dec 22 04:24:01 mail postfix/pipe[24641]: 49FB41F5F9: to=[EMAIL PROTECTED], relay=cyrus, delay=142821, status=defer red (temporary failure) Dec 22 04:24:01 mail postfix/pipe[24644]: 9D4321F5CA: to=[EMAIL PROTECTED], relay=cyrus, delay=230213, status=defer red (temporary failure) The above appears to be a problem with cyrus (or the user's mailbox? Dunno). Dec 22 04:24:31 mail postfix/smtp[24635]: connect to 24.on.cc[66.246.195.41]: Connection timed out (port 25) Dec 22 04:24:31 mail postfix/smtp[24635]: 2DD121F5CB: to=[EMAIL PROTECTED], relay=none, delay=202768, status=deferred (connect t o 24.on.cc[66.246.195.41]: Connection timed out) Dec 22 04:24:31 mail postfix/smtp[24637]: connect to linux.uovs.ac.za[196.21.181.2]: Connection timed out (port 25) Dec 22 04:24:31 mail postfix/smtp[24639]: connect to 24.on.cc[66.246.195.41]: Connection timed out (port 25) Dec 22 04:24:31 mail postfix/smtp[24640]: connect to linux.uovs.ac.za[196.21.181.2]: Connection timed out (port 25) Dec 22 04:24:31 mail postfix/smtp[24637]: 801141F5E5: to=[EMAIL PROTECTED], relay=none, delay=202450, status=deferred ( connect to linux.uovs.ac.za[196.21.181.2]: Connection timed out) Dec 22 04:24:31 mail postfix/smtp[24639]: 8F64F1C4EE: to=[EMAIL PROTECTED], relay=none, delay=202451, status=deferred (connect t o 24.on.cc[66.246.195.41]: Connection timed out) Dec 22 04:24:31 mail postfix/smtp[24640]: E771C1B44E: to=[EMAIL PROTECTED], relay=none, delay=202770, status=deferred ( connect to linux.uovs.ac.za[196.21.181.2]: Connection timed out) --- The above appear to be normal undeliverable DSNs, not a problem. It seems that some users got this message and some got their mail as they should. What message are you referring to? I see TROUBLE message on Dec 25 22:45:48 (See below): Dec 25 22:45:48 mail amavis[27727]: (27727-04) TROUBLE in check_mail: decoding2-get-file-types FAILED: timed out Dec 25 22:45:48 mail amavis[27727]: (27727-04) PRESERVING EVIDENCE in /var/spool/amavis/amavis-20051225T222829-27727 Dec 25 22:45:48 mail amavis[27727]: (27727-04) TIMING [total 627447 ms] - SMTP EHLO: 1 (0%), SMTP pre-MAIL: 0 (0%), SMTP pre- DATA-flush: 3 (0%), SMTP DATA: 46 (0%), body hash: 1 (0%), mime_decode: 31 (0%), rundown: 627363 (100%) This is where the amavisd-new problem is. Don't know what the cause is. What does 'postconf message_size_limit' say? Maybe you should show the output of 'amavisd debug' so we can see what versions of external programs you are using. Maybe it would be of some use to see the entire set of amavisd log entries for this particular message. grep '27727-04' /var/log/maillog (for example) It may be of use to also look at the preserved evidence: /var/spool/amavis/amavis-20051225T222829-27727/email.txt to see if it tells any stories. Dec 25 22:45:49 mail postfix/smtpd[28010]: too many errors after RCPT from bzq-224-205.red.bezeqint.net[212.179.224.205] Dec 25 22:45:49 mail postfix/smtpd[28010]: disconnect from bzq-224-205.red.bezeqint.net[212.179.224.205] Dec 25 22:45:50 mail postfix/smtpd[28010]: connect from mr1.haifa.ac.il[132.74.1.39] The above log entries are unrelated to any of this, and are normal. Any thoughts/suggestions? Regards, Leon Gary V --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Multiple recipient question with postfix
Does amavis support the lmtp per user responses now? It did not use to. I am using 2.2 with Maia. Thanks, Rob Rob Hutton DataScan Technologies Gary V [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 12/28/2005 11:15 AM To amavis-user@lists.sourceforge.net cc Subject Re: [AMaViS-user] Multiple recipient question with postfix RHutton wrote: It has been a long time since I have worked with Amavis, but there used to be some pretty severe limitations on applying per recipient policies (eg. one recipient dropping, while another recipient quarantines, while another tags and passes) if the email was passed directly from postfix without having the destination expansion done first. Is this still an issue? Thanks, Rob Rob Hutton DataScan Technologies This Postfix thread is related. http://marc.theaimsgroup.com/?l=postfix-usersm=113488134818192w=2 Gary V --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/ --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Problem with Amavisd-new forking children endlessly
Mark Martinec wrote: Mike, In Gregory's case it was a systemwide ldap problem, discovered by strace: | I ran the strace -f and it looks like some sort of ldap (!?) problem | now. It segfaults right after trying to load .ldaprc from the | /var/amavis directory. Nothing mentioning ldap in my amavisd.conf file, | however LDAP is used for other things on the system. What steps should I take to try to fix this. First you need to find out what is wrong. I updated/re-installed perl and its modules and openldap works just fine. How do I use the strace -f? man strace for example: # su vscan $ strace -f -t -o 0.log amavisd debug strace can also attach to an already running process, using option -p Is anyone else using Fedora Core 4? If so, did amavis work out of the box? Don't know. I'd say that for most people it would work out of the box, otherwise we would see more complaints on the mailing list. Mark I think my perl install is just messed up. I am not sure how. All I have done is follow the INSTALL file that came with amavis. I do know that amavisd-new works fine with fedora core 4 because I tried it on one of my other FC4 machines and it runs fine. very odd. --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Multiple recipient question with postfix
The problem used to be twofold. 1) There was no way of specifying system maximums. Eg. drop anything with a spam score higher then 30, or quarentine all virus emails. The user could always override the maximums. 2) If an email was sent to three recipients, and one of them passed it, then all recipients would get it because amavis did not modify the envelope. Thanks, Rob Rob Hutton DataScan Technologies Gary V [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 12/28/2005 01:16 PM To amavis-user@lists.sourceforge.net cc Subject Re: [AMaViS-user] Multiple recipient question with postfix RHutton wrote: Does amavis support the lmtp per user responses now? It did not use to. I am using 2.2 with Maia. Thanks, Rob Rob Hutton DataScan Technologies I'm not sure this answers your question, but read: http://www.ijs.si/software/amavisd/README.postfix.txt and look for: ALTERNATIVE FOR POSTFIX OLDER THAN 2.2 Gary V --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/ --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
AW: [AMaViS-user] forwarding viruses to host
Ups... subject mistake ... I primarily talk of SPAM forwarding. Virus forwarding works with no trouble, since the virus is being removed on source complaining server .. so the notification to the collect server is unpolluted... But that SPAM-Forwarding still is unclear.. (so replace all virus with spam to understand my question right ...sorry) Isn't it possible (or what arguments against) to make a spam report with original message attached as a file? Or any other suggestion about configuring that central spam collector? Thanks - Miro +---+ +---+ | Miro Dietiker | | MD Systems Miro Dietiker | +---+ +---+ -Ursprüngliche Nachricht- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von Miro Dietiker, MD Systems Gesendet: Mittwoch, 28. Dezember 2005 13:36 An: amavis-user@lists.sourceforge.net Betreff: [AMaViS-user] forwarding viruses to host Hi! I'm running two servers with amavisd-new under debian with postfix. On Server A there is a spam collection account [EMAIL PROTECTED], where all viruses have to be delivered to. On host B all spam found should be delivered to Server A into the spam.collect account. If now Server A receives SPAM, I can see two messages in the spam.collect box. The SPAM mail itself, and a report for each SPAM with title SPAM FROM xxx If Server B receives SPAM, I can see three messages since (I expect) server B identifies spam, generates a SPAM FROM message to Server A, forwards SPAM itself to Server A, where server A also identifies message as SPAM again and produces a second report... This second report always shows up as SPAM FROM (?) where the exclamation mark is present. What would be the right or common way to forward that Mails? I already was thinking of using a transport from B to A, not being handled via amavis but i don't want to switch off too much checks and don't want to open unnecessary ports . Any suggestions to this setup? Thanks a lot +---+ +---+ | Miro Dietiker | | MD Systems Miro Dietiker | +---+ +---+ --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/ --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_idv37alloc_id865op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Multiple recipient question with postfix
RHutton wrote: The problem used to be twofold. 1) There was no way of specifying system maximums. Eg. drop anything with a spam score higher then 30, or quarentine all virus emails. The user could always override the maximums. Well, the first match wins, so someone's setting will be used (someone for example being: [EMAIL PROTECTED], @domain, @., static default), and others that come after will not. In SQL I believe you can give the 'system' (domain or catchall) higher priority, but then the individual would not have a further say for a particular setting. If a user does not configure a given setting, then lower priority settings or defaults will be used. I think to implement what you want may require two separate installations of amavisd-new. The first would (for example) quarantine then drop all viruses and drop anything over 30, then forward it to the second copy where users could do what they wish. The cleanest way may be to set up two separate servers. The downside would be the second server could get very busy if a message had 100 local recipients as I believe it would have to process all 100 of the separate messages. Amavisd-new does cache results however so if it got 100 messages with the same body, it wouldn't have to spam-check or virus check every copy. 2) If an email was sent to three recipients, and one of them passed it, then all recipients would get it because amavis did not modify the envelope. This does not reflect what I have experienced. Thanks, Rob BTW, don't CC: [EMAIL PROTECTED] Gary V --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: AW: [AMaViS-user] Allowing exe files in zip format
MD wrote: Hmm ... i like mainstream packages where ever possible, but you're right, two years of outdating sounds a little obsolete.. For next days this version will remain, but I'm thinking of upgrading to a more recent version. I also use sa from debian sarge (SA version 3.0.3 with perl 5.8.4, which works perfectly for me) or do you think this is outdated too that much? Version 3.1 works slower on my system, but it seems to catch a little more spam. If you upgrade to 3.1 you should consider moving Bayes to MySQL (if you have not already done so and if you have enough memory). Here is a document that may help there if this interests you: http://www200.pair.com/mecham/spam/debian-spamassassin-sql.html If you like, you can install spamassassin 3.1 from 'testing' provided you have configured a testing source in /etc/apt/sources.list and set priorities in /etc/apt/preferences. http://jaqque.sbih.org/kplug/apt-pinning.html With my settings (no user defined big config tables), amavisd-new uses 40MB and does a double-prefork (resulting in 120MB memory usage).. Is this also better with newer Versions - or even worse? Miro A little worse for memory usage. I have a document that may give you some ideas when you upgrade: http://www200.pair.com/mecham/spam/upgrade-amavis.html Here is my amavisd-new memory usage (version 2.3.3, spamassassin 3.1): Mem:385624k total, 325060k used,60564k free,50268k buffers Swap: 1951856k total, 2184k used, 1949672k free, 137956k cached PID USER PR NI VIRT RES SHR S %CPU %MEMTIME+ COMMAND 19600 amavis 9 0 51300 50m 47m S 0.0 13.3 0:00.02 amavisd-new 19599 amavis 9 0 51296 50m 47m S 0.0 13.3 0:00.04 amavisd-new 19595 amavis 9 0 51204 49m 47m S 0.0 13.3 0:05.26 amavisd-new Gary V --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/