[AMaViS-user] banning .exe attachments, but not if inside .zip files
Hi, I'm trying to have exe files banned in attachments, unless they are inside a zip file. Currently amavis seems to inspect the attachments themselves in addition to the contents of archives in order to decide if a mail should be banned or not. I'm currently using banned_filename_maps = [ new_RE( qr|.*\.exe$|i, ) ], inside policy bank. Any way to, say, whitelist zip files before banning exe files? (Oh, and in light of current Bugtraq news regarding malformed zips, I still want amavis to unpack archives for my virus scanners...) Regs, Sven -- BAGHUS GmbH EDV und Internetdienstleistungen Staffelseestr. 2 81477 München Tel.: 0 89 / 8 71 81 - 4 84 Fax.: 0 89 / 8 71 81 - 4 88 www.baghus.net, [EMAIL PROTECTED] HRB: 144283, USt-IdNr: DE224865405 -- --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_idt77alloc_id492op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Ldap and amavis 2.3.1
Hi, thanks for reply, I figured out and it works. I have a environment with extern and intern mailing configured. So if usera want to send intern to userb a mail with a banned file i have to set the attribute for usera and userb in the ldap dir. usera and userb are also allowed to send banned files through the internet. Is there a solution to allow intern users to send banned files, but not to the Internet? greetings Paul -- Original Message --- From: Michael Hall [EMAIL PROTECTED] To: amavis-user@lists.sourceforge.net Sent: Tue, 14 Jun 2005 21:10:08 +0200 (CEST) Subject: Re: [AMaViS-user] Ldap and amavis 2.3.1 On Tue, Jun 14, 2005 at 01:45:54PM +0200, [EMAIL PROTECTED] wrote: Hi all, I configured amavis with ldap. Since the $banned_files_lovers_ldap setup is gone, How can i use the attribute amavisBannedFilesLover ? Do I have create a lookup for this attribute or does amavis itself? Cause amavis is searching for spam attributes itself. Just use it like any other attribute, all the available attributes are in the schema file, in order to use them all you need to do is set a value for them in users directory entry. -- Mike Hall, System Admin - Rock Island Communications [EMAIL PROTECTED] System Admin - riverside.org, ssdd.org [EMAIL PROTECTED] --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477alloc_id=16492op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/ --- End of Original Message --- --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477alloc_id=16492op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] local_domain_maps and read_hash
I understand that one is supposed to use @local_domains_maps to list the local delivery domains. Currently I use @local_domains_maps = (1); ,which works fine But I would like to switch to something similar to this: @local_domains_maps = ( read_hash(/etc/postfix/amavis_listofdomains) ); However, how should the format of the textfile be? I tried: Domain.com Domain2.com Domain3.com Etc But it didnt work as expected Any ideas? -- JFØ --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_idt77alloc_id492op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] local_domain_maps and read_hash
Johan wrote: I understand that one is supposed to use @local_domains_maps to list the local delivery domains. Currently I use @local_domains_maps = (1); ,which works fine But I would like to switch to something similar to this: @local_domains_maps = ( read_hash(/etc/postfix/amavis_listofdomains) ); However, how should the format of the textfile be? I tried: Domain.com Domain2.com Domain3.com Etc But it didnt work as expected Any ideas? -- JFØ Here is someone with the same problem, see if you can find answers here: http://marc.theaimsgroup.com/?l=amavis-userm=09820614111w=2 http://marc.theaimsgroup.com/?l=amavis-userm=45227116436w=2 @local_domains_maps = ( read_hash(/etc/postfix/amavis_listofdomains),[.$mydomain] ); make sure local_domains_acl is commented out. You might also try revising entries: .domain.com .domain2.com .domain3.com or .domain.com 1 .domain2.com 1 .domain3.com 1 Gary V --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477alloc_id=16492op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] deleteing msgs at sa_dsn_cutoff_level?
Here is what I have for SA $sa_tag_level_deflt = -1999; # add spam info headers if at, or above that level $sa_tag2_level_deflt = 5.0; # add 'spam detected' headers at that level $sa_kill_level_deflt = 10.00; # triggers spam evasive actions # at or above that level: bounce/reject/drop, # quarantine, and adding mail address extension $sa_dsn_cutoff_level = 15.00; # spam level beyond which a DSN is not sent, # effectively turning D_BOUNCE into D_DISCARD; # undef disables this feature and is a default; This is for a site wide gateway and everyone here wants me to handle it for them. They do not want any user prefs of any kind. What I want is this: Always tag the msg. Mark the subject if score over 5. Redirect the msg to a single quar. email address on the server if over 10. this is all working. Now I would like to outright delete the msg if the score is over 15. Again, all my users are in agreement w/ this brutal msg. Is this addition directive possible and if so, how would I do it? Would I need to provide any other config files to help set this up? TIA Mike Schrauder Specialty Blades, Inc. --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_idt77alloc_id492op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] deleteing msgs at sa_dsn_cutoff_level?
Mike wrote: Here is what I have for SA $sa_tag_level_deflt = -1999; # add spam info headers if at, or above that level $sa_tag2_level_deflt = 5.0; # add 'spam detected' headers at that level $sa_kill_level_deflt = 10.00; # triggers spam evasive actions # at or above that level: bounce/reject/drop, # quarantine, and adding mail address extension $sa_dsn_cutoff_level = 15.00; # spam level beyond which a DSN is not sent, # effectively turning D_BOUNCE into D_DISCARD; # undef disables this feature and is a default; This is for a site wide gateway and everyone here wants me to handle it for them. They do not want any user prefs of any kind. What I want is this: Always tag the msg. Mark the subject if score over 5. Redirect the msg to a single quar. email address on the server if over 10. this is all working. Now I would like to outright delete the msg if the score is over 15. Again, all my users are in agreement w/ this brutal msg. Is this addition directive possible and if so, how would I do it? Would I need to provide any other config files to help set this up? TIA Mike Schrauder Specialty Blades, Inc. Version 2.3.0 and newer support $sa_quarantine_cutoff_level (@spam_quarantine_cutoff_level_maps) see http://www200.pair.com/mecham/spam/amavisd-hack.txt If you decide to upgrade, upgrade to 2.3.1, not 2.3.0. Gary V --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477alloc_id=16492op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Q: spam lovers?
Annette wrote: Am 14.06.2005 16:5 Uhr schrieb Sven Riedel unter [EMAIL PROTECTED]: Hi, with amavisd-new and centralized SA and dspam: Is there an easy possibility for an user to decide to opt-out from the spam-checks of amavisd-new by itself? For dspam there would be a nice $USERHOME/.nodspam. Is there an option for amavisd similiar to that one? There is nothing built in that I know of. But since the config file is in essence a perl script that is invoked with perls 'do'-function (q.v.) you'll be able to write a small loop in the config file that will build your spam_lovers_map for you. (Mark will correct me if I said anything wrong here :) ). Regs, Sven Meanwhile I also found bypass_spam_checks_map. Is it better to configure spam_lovers or bypass_spam_checks, if a mail receiver generelly want to opt-out from the centralized spam-checks? Whats the main difference between these two maps? I am guessing that making someone a spam_lover might be safer for multi-recipient mail. Read this post: http://marc.theaimsgroup.com/?l=amavis-userm=111308882604523w=2 Notice it says: When setting bypass* to true for some recipient, you should in almost all cases also want to set *lover to true for this recipient. bypass_spam_checks does just that, no spam checking is performed. For a spam_lover, checks are performed, but the message is passed to the recipient regardless of the spam score (provided it is not first quarantined or deleted by virus checks). Furthermore I assume difficulties to realize no-spam-check for someone, if a mail to a list or alias this user is on is receiving by amavis. I read some hints, that for lists of receivers amavis process the mail for every receiver, ignoring opt-out settings, if not all receivers agree not to check the mail. So what with members of spam_lovers oder bypass_spam_check if they are on a mail alias list? I also have a hard time conceptualizing what would happen. Why don't you simply configure it each way and send some sample spam mails through with multiple recipients and observe what happens? Even if we knew the answer, I'm sure you would test it anyway. Try it with the spam_lover (or bypassed recipient) as the To: recipient and then someone else as the To: recipient. best regards, Annette Gary V --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477alloc_id=16492op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] benchmark question
Hello, I've tried some internal testing and I'm quite surprised. Here are my results: amavis+clamd+SA: start - Wed Jun 15 19:41:36 CEST 2005 finish - Wed Jun 15 19:47:58 CEST 2005 queue empty - Jun 15 20:01:38 amavis+clamd, SA disabled (@bypass_spam_checks_maps = (1);) start - Wed Jun 15 18:30:19 CEST 2005 finish - Wed Jun 15 18:36:39 CEST 2005 queue empty - Jun 15 18:46:55 amavis+SA, clamd disabled (@bypass_virus_checks_maps = (1);) start - Wed Jun 15 18:50:51 CEST 2005 finish - Wed Jun 15 18:57:15 CEST 2005 queue empty - Jun 15 19:10:47 amavis, both clamd and SA disabled start - Wed Jun 15 19:20:36 CEST 2005 finish - Wed Jun 15 19:26:49 CEST 2005 queue empty - Jun 15 19:36:46 amavis completly turned off (disabled by Postfix' content_filter) start - Wed Jun 15 19:12:32 CEST 2005 finish - Wed Jun 15 19:17:40 CEST 2005 queue empty - Jun 15 19:17:41 Seems like the main delay is caused by amavis alone... turning on clamd and SA doesn't make much difference. I certainly wasn't expecting this. Does anybody have some explanation? My testing environment is RedHat Enterprise Linux 3, running on SunFire V20z, one processor, kernel 2.4.21-32.0.1.EL, 3GB RAM. Postfix 2.1.5, amavisd-new 2.3.1, SA 3.0.4 with SARE rules. AWL and Bayes DBs are in MySQL database. I've generated 200 x 50 mails - 50 runs of script: #!/bin/bash X=200 while [ $X -gt 0 ]; do cat ./$(($X%10+1)) |sendmail tester X=$(($X-1)) done [EMAIL PROTECTED] test]# ls -l [0-9]* -rw-r--r--1 root root 2444 Jun 9 14:04 1 -rw-r--r--1 root root 4881 Jun 9 14:05 10 -rw-r--r--1 root root 4200 Jun 9 14:04 2 -rw-r--r--1 root root38935 Jun 9 14:04 3 -rw-r--r--1 root root56037 Jun 9 14:06 4 -rw-r--r--1 root root 174319 Jun 9 14:05 5 -rw-r--r--1 root root11535 Jun 9 14:06 6 -rw-r--r--1 root root 135883 Jun 9 14:05 7 -rw-r--r--1 root root 1921 Jun 9 14:05 8 -rw-r--r--1 root root 9594 Jun 9 14:05 9 These are some examples of mails that recently arrived to our mailsystem. Spam, ham, anything. I can give more details if needed. -- *** Pavel Urban ([EMAIL PROTECTED]) IOL system disaster Internet OnLine, owned by Cesky Telecom, a.s. (www.ct.cz) *** Vegetables should not operate electronic equipment. Computer Stupidities, http://rinkworks.com/stupid/ *** --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477alloc_id=16492op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] log entries
[amavisd-new 2.3.1-rc3] I've got the following entires and I'm wondering what it's about because I only see them on one server and it occurs immediately following the completion of each scanned e-mail. Entries in question: Jun 15 15:50:12 uawebhost.com /usr/bin/amavisd [16060]: (16060-05) extra modules loaded: NDBM_File.pm, Tie/Hash.pm Here's a sample of the amavis.log Jun 15 15:47:29 uawebhost.com /usr/bin/amavisd[15929]: (15929-06) ESMTP::10024 /var/amavis/tmp/amavis-20050615T153425-15929: [EMAIL PROTECTED] - [EMAIL PROTECTED] Received: SIZE=7753 from uawebhost.com ([127.0.0.1]) by mail.uawebhost.com (uawebhost.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 15929-06 for [EMAIL PROTECTED]; Wed, 15 Jun 2005 15:47:29 -0400 (EDT) Jun 15 15:47:30 uawebhost.com /usr/bin/amavisd[15929]: (15929-06) Checking: cSDsIu3IRhDg [EMAIL PROTECTED] - [EMAIL PROTECTED] Jun 15 15:47:30 uawebhost.com /usr/bin/amavisd[15929]: (15929-06) FWD via SMTP: [EMAIL PROTECTED] - [EMAIL PROTECTED], 250 2.6.0 Ok, id=15929-06, from MTA([127.0.0.1]:10025): 250 Ok: queued as 7C1994D5596 Jun 15 15:47:30 uawebhost.com /usr/bin/amavisd[15929]: (15929-06) Passed CLEAN , [EMAIL PROTECTED] - [EMAIL PROTECTED] , Message-ID: [EMAIL PROTECTED] , Hits: 0 Jun 15 15:47:30 uawebhost.com /usr/bin/amavisd[15929]: (15929-06) Jun 15 15:47:30 uawebhost.com /usr/bin/amavisd[15929]: (15929-06) extra modules loaded: NDBM_File.pm, Tie/Hash.pm Jun 15 15:50:11 uawebhost.com /usr/bin/amavisd[16060]: (16060-05) ESMTP::10024 /var/amavis/tmp/amavis-20050615T153645-16060: [EMAIL PROTECTED] - [EMAIL PROTECTED],[EMAIL PROTECTED] Received: SIZE=1854 from uawebhost.com ([127.0.0.1]) by mail.uawebhost.com (uawebhost.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 16060-05; Wed, 15 Jun 2005 15:50:11 -0400 (EDT) Jun 15 15:50:11 uawebhost.com /usr/bin/amavisd[16060]: (16060-05) Checking: PO3K+OsDSGqk [EMAIL PROTECTED] - [EMAIL PROTECTED],[EMAIL PROTECTED] Jun 15 15:50:12 uawebhost.com /usr/bin/amavisd[16060]: (16060-05) FWD via SMTP: [EMAIL PROTECTED] - [EMAIL PROTECTED], [EMAIL PROTECTED], 250 2.6.0 Ok, id=16060-05, from MTA ([127.0.0.1]:10025): 250 Ok: queued as 14D814D55DA Jun 15 15:50:12 uawebhost.com /usr/bin/amavisd[16060]: (16060-05) Passed CLEAN , [EMAIL PROTECTED] - [EMAIL PROTECTED],[EMAIL PROTECTED] , Message- ID: [EMAIL PROTECTED] , Hits: 0.374 Jun 15 15:50:12 uawebhost.com /usr/bin/amavisd[16060]: (16060-05) Jun 15 15:50:12 uawebhost.com /usr/bin/amavisd[16060]: (16060-05) extra modules loaded: NDBM_File.pm, Tie/Hash.pm --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477alloc_id=16492op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Re: SAVI glibc 2.2 version
Sophos provided me a test build that supposedly will fix these problems, but I don't have a Linux setup to test with. If you have a Linux install that ran into these issues and would like to volunteer to test a possible fix, please contact me off-list. Thanks... On Tue, 7 Jun 2005, Gary Windham wrote: I started digging into this problem after upgrading to Sophos 3.93 on our amavis servers the other day and getting bit. :) The problem is, as previously detailed, related to a pair of semaphores that the SAVI library creates upon initialization. The problem is two-fold: 1. If the SAVI initialization function is called by root, the forked Net::Server process (and children) will not be able to access the semaphores if amavisd later switches to a less-privileged user. This can be circumvented by starting the amavisd process as the less-privileged user (via 'su') or by passing the '-u' option to amavisd to invoke early dropping of privileges. 2. The semaphores created by SAVI are destroyed upon invocation of the SAVI Terminate function. This function is called by SAVI-Perl in the SAVI::Handle::DESTROY() method. Since the SAVI handle is initialized in the initial parent process, and all the children inherit this handle, any time a child process dies (i.e., after $max_requests) the SAVI::Handle::DESTROY() method is invoked, and the semaphores go bye-bye. I kludged together a workaround for this, by having amavisd set a variable ($terminateOk) in the SAVI:: namespace. The SAVI-Perl module will then check this variable in the DESTROY method and decide whether or not to call the SAVI terminate function. I'm sure this isn't the most elegant solution, but it seems to work around the problem. You can find patches for SAVI-Perl-0.30 and amavisd-new-2.3.2-pre1 here: http://www.u.arizona.edu/~windhamg/amavisd-savifix/. If anyone is interested in cleaning this up and incorporating it into amavisd-new, that would be terrific. -- Paul B. Henson | (909) 979-6361 | http://www.csupomona.edu/~henson/ Operating Systems and Network Analyst | [EMAIL PROTECTED] California State Polytechnic University | Pomona CA 91768 --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477alloc_id=16492op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] Feature request: for log_templ, different macros for spam score and boost
A request for a small change for the next version of amavisd: We'd like to log slightly more detailed info of the messages. We use log_recip_templ, and it would be nice if we could store the score reported by spam assassin with a separate value for the whitelist/blacklist boost score. --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477alloc_id=16492op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
RE: [AMaViS-user] log entries
Hi, I've got the following entires and I'm wondering what it's about because I only see them on one server and it occurs immediately following the completion of each scanned e-mail. Entries in question: Jun 15 15:50:12 uawebhost.com /usr/bin/amavisd [16060]: (16060-05) extra modules loaded: NDBM_File.pm, Tie/Hash.pm there are some modules that are only loaded/initialized when the need for them arises (the SAVI module is another one, IIRC). You should see something like that after amavis is restarted, once for each child. But if you see that after every mail... What's your $max_requests setting? Regs, Sven --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_idt77alloc_id492op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/