Re: [AMaViS-user] what should happen when many filters match ?

[Tom Sommer]

Gérald Macinenti wrote:
mouss a écrit : 


What is the general rule when multiple filters match ?


if it's a virus, we don't care if it's banned, bad hdr or spam. it's
handled as a virus.


this rules seams fair to me, but in fact, if it is a virus and has bad
header and we have virus set to D_PASS and badh to D_DISCARD, the mail
is blocked, so actual behaviour of the program doesn't follow the rule
you describe, is this a bug ?


I've encountered something similar.

IIRC, it was a customer who had disabled antispam (spam_lover = 1), but 
enabled the removal of banned files (banned_files_lover = 0).


That meant that if a mail was spam and had a bad file, the mail would 
still get through.


I checked the perl logic back then, and it seemed to be a problem with 
the priority of which the rules was checked.


So it went ok, this thing is spam and has a banned file, but the 
recipient wants spam, so we deliver


I attempted to fix it, but eventually gave up.

// Tom



---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_idv37alloc_id865op=click
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

Re: [AMaViS-user] amavis-stats-0.1.19 no data in domain.com

[Dale Walsh]

Without providing more details I am unable to conclude your possible  
problems and solutions.


-- Dale

On Dec 16, 2005, at 05:24 , Ramdas Phutane wrote:


On 12/13/05, Ramdas Phutane [EMAIL PROTECTED] wrote:

Hi Group,

New bie here
I have installed the  amavis-stats-0.1.19 on my Linux server with
Amavisd-new 2.3.3 .
But I am not able to see the domain-wise graphs / stats.
--
The /usr/local/var/lib/amavis-stats/amavis-stats.* are getting  
updated properly.
 /usr/local/var/lib/amavis-stats/domain.com/amavis-stats.count 0  
bytes

 /usr/local/var/lib/amavis-stats/domain.com/amavis-stats.seen 0 bytes
 /usr/local/var/lib/amavis-stats/domain.com/amavis-stats.state 58  
bytes


[EMAIL PROTECTED] #cat domain.com/amavis-stats.state
pos: 12378614
lastupdate: 1134474900
LC_TIME: C
spamsess:
-

Please forgive if I have missed any earlier posts.


Any one please help.
I am stuck with this problem.

In case I need to give more inputs please let me know
Thanx  Regards
Phutane


---
This SF.net email is sponsored by: Splunk Inc. Do you grep through  
log files

for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD  
SPLUNK!

http://ads.osdn.com/?ad_idv37alloc_id865op=click
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/





---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_idv37alloc_id865op=click
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

Re: [AMaViS-user] amavis-stats-0.1.19 no data in domain.com

[Shane Hickey]

Dale Walsh [EMAIL PROTECTED] [2005-12-16 08:50]:
 Without providing more details I am unable to conclude your possible  
 problems and solutions.
 
 -- Dale

Dale,
I am having the same problem as Ramdas and I sent you an e-mail about 
it a week or so back, I think.  I'm running amavisd-new 2.3.3-r2 on a Gentoo 
Linux box.  I'm using syslog-ng.  When I configure amavis-stats to use my 
domains, it never sees them.  It only sees the name of the mailserver and 
localhost.  I'm wondering if you could share the regex you are using to match, 
maybe it's something in the patten matching?

Here's why my entries look like in syslog:

Dec 13 16:12:48 megatron.howsyournetwork.com amavis[9165]: (09165-06)
Passed CLEAN, [10.252.238.82] [EMAIL PROTECTED] -
[EMAIL PROTECTED], Message-ID: [EMAIL PROTECTED],
mail_id: PH4Q+ZX4of7N, Hits: -1.44, 1140 ms

Dec 15 13:52:26 megatron.howsyournetwork.com amavis[19904]: (19904-11)
Passed SPAM, [125.209.132.42] [EMAIL PROTECTED] -
[EMAIL PROTECTED], Message-ID:
[EMAIL PROTECTED], mail_id: 0B9VkRob8yA9, Hits:
7.537, 1030 ms

In these examples, domain2.com and domain3.com are domains that I relay for.

Shane

-- 
Shane Hickey [EMAIL PROTECTED]: Network/System Consultant
GPG KeyID: 777CBF3F
Key fingerprint: 254F B2AC 9939 C715 278C  DA95 4109 9F69 777C BF3F


---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

Re: [AMaViS-user] what should happen when many filters match ?

[Gary V]

This discussion presents a large set of problems. In general I think
it has to be decided up front if a message triggers a PASS on any
of the four tests whether the results of subsequent tests are ignored
or not.

To simplify and make things consistent, I am thinking that maybe it
should be true that making someone a lover *should* be the functional
equivalent of setting $final_*_destiny = D_PASS; for that recipient
in all four cases.

If you establish that once a PASS is given, the mail is delivered,
this is the simplest and most predictable scenario but at a cost of
flexibility.

If you establish that even if a previous test triggers a PASS,
subsequent tests can override the decision, it becomes more
complicated (but also more flexible). You would have to come up with
scenarios where subsequent tests could selectively decide whether a
message would PASS or not (some of which could be done with *lovers
maps). The problem would be where you have someone that (for example)
wants viruses, but does not wish to get any spam. You can't make them
a spam lover in this case, so I think you would have to make the spam
test conditional on the result of the virus test. To account for every
possible case of what a user may desire, you might have to come up with
stuff like:

If virus test triggers PASS, ignore result from all subsequent tests.
If virus test triggers PASS, honor result from banned but ignore spam and badh 
tests.
If virus test triggers PASS, honor result from banned and spam, but ignore badh 
test.
If virus test triggers PASS, honor result from spam, but ignore banned and badh 
tests.
...

virus   PASS
banned  0 1 1 0 1 1 1 0 0
spam0 0 1 1 0 1 1 0 1
badh0 0 0 0 1 0 1 1 1

0 = ignore
1 = honor

and so on for each remaining test, which if resulted in a PASS would
then follow its own (shorter) logic table of subsequent tests.

Throw in *bypass* and account for multi-recipient mail and all in all
it makes for a fun thought process.

Gary V



---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

Re: [AMaViS-user] amavis logs error: SA TIMED OUT

[Gary V]

Martin wrote:

 Hello, 
 
 since 1 or 2 days i'm getting many log entries from amavis that SA timed out 
 (examples see below). What i found out so far is that most of those mails 
 have bigger attachments (up to 5MB), mostly
 CAD data.
  
 Martin Bärtl

http://marc.theaimsgroup.com/?l=amavis-userm=113461291328931w=2

Gary V



---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

Re: [AMaViS-user] amavis logs error: SA TIMED OUT

[Mark Martinec]

Martin,

 since 1 or 2 days i'm getting many log entries from amavis that SA timed
 out (examples see below). What i found out so far is that most of those
 mails have bigger attachments (up to 5MB), mostly CAD data.

Messages larger than $sa_mail_body_size_limit are not sumitted to SA
for checking, the default limit is 200 kB. Have you increased this
setting substantially? SA scanning time goes rouggly linear with message
size, and (since very large spam is quite rare), it makes sense to
not waste time at spam-scanning large messages.

  Mark 


---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

[AMaViS-user] TROUBLE in process_request: Error writing a SMTP response to the socket: Broken pipe at (eval 38)

[Rene Bouchard]

Hi All,

since I added 0.0.0.0 this in /usr/sbin/amavisd :
@inet_acl   = qw( 127.0.0.1   [::1] 0.0.0.0/0 10.15.4.0/24 10.15.80.0/24 
192.168.1.0/24 );

to fix the DENIED ACCESS from IP 0.0.0.0, policy bank ''
that was causing amavisd to stuck and be very slow


My log file is full of this :

Dec 16 09:44:43 amavis[10166]: TIMING [total 5026 ms] - bdb-open: 5026 (100%)
100, rundown: 0 (0%)100
Dec 16 09:44:43 amavis[10161]: (10161-01) TROUBLE in process_request: Error 
writing a SMTP response to the socket: Broken pipe at (eval 38) line 813.
Dec 16 09:44:43 amavis[10161]: (10161-01) Requesting process rundown after 
fatal error
Dec 16 09:44:44 amavis[10155]: (10155-01) SMTP shutdown: Error writing a SMTP 
response to the socket: Bad file descriptor at (eval 38) line 813.\n
Dec 16 09:44:45 amavis[10162]: (10162-01) TROUBLE in process_request: Error 
writing a SMTP response to the socket: Broken pipe at (eval 38) line 813.
Dec 16 09:44:45 amavis[10162]: (10162-01) Requesting process rundown after 
fatal error
Dec 16 09:44:45 amavis[10156]: (10156-01) SMTP shutdown: Error writing a SMTP 
response to the socket: Bad file descriptor at (eval 38) line 813.\n


iptables block everyting but the postfix server...

anybody have an idea ???

-- 
Rene Bouchard
System Administrator
[EMAIL PROTECTED]
Tel: 1-613-562-9847 ext. 162
Fax: 1-613-562-4768
Cel: 1-613-277-4435

ePALS Classroom Exchange
http://www.epals.com/
The World's Leading Provider of School-Safe Email and Collaborative 
Technology For The Education Market
Serving 5.5 Million Students and Teachers in 191 Countries.

---

ePALS Classroom Exchange Terms apply to this e-mail
http://www.epalscorp.com/emailterms
-


---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

Re: [AMaViS-user] Customize notify messages

[Mark Martinec]

Oliver,

 As i study the source i found out that user
 notifications are handled by 'delivery_status_notification' and admin
 notifications handled somewhere else.

Right. But in both cases the first (or only) plain-text portion
of the notification comes from its corresponding template
(by calling sub expand) and these templates contain (or not contain)
a %H macro call, which (if present) expands to original mail header.

Removing the %H from each template makes the header inclusion
in the first (or only) part of notification the go away.

The delivery_status_notification routine, besides taking the
expanded template and placing it as a first item in MIME tree,
also appends two more DSN MIME components, as per rfc3462/rfc3464.
This only applies to sender notififications, but not to
recipient and admin notifications, as there are not governed
by these RFCs.

 In the former of both, the original mail-header (contained by %H
 macro) is hard-coded and does not depend on the existence of this macro.

This only holds true for third DSN mime part as per rfc3462/rfc3464.

 Also the From To and Date fields cannot be set by the template
 because they will be forced to some other value in this sub.

Right. This change was made to overcome problems with proper
placement of these headers when Resent-* header fields also
need to be inserted. So far I don't think it's a big sacrifice.
Redesigning templates to support MIME structure and other bells
is on a to-do list, but not high on priority.

 I got familar with the macro processor (expand()), but i think it
 would be much clearer if there are different templates for BANNED
 HEADER FAILURE and VIRUS indications. Is there a chance to do this?

It might be cleaner. It evolved this way through a series of small
changes through the history. At the moment I have other worries
with 2.4.0, so don't hold your breath.

 You're right about the RFC, but our customers don't know anything
 about this. And they don't worry if it's missing.

But MUA know about these, and don't bother reader with them
unless necessary/requested.

 But they worry if 
 there is a Mail with massive information that they don't understand
 and likely to erase the message instead of reading it.
 I don't want to create a new thread about whether or not RFC
 conventions should be strict or not. I just decided not to do so in
 that special case.

Edit delivery_status_notification if necessary.
Admittedly the third part of DSN (RFC3462) is optional,
so by removing it the NDN would still be standards compliant.
I'll consider it when I'll be implementing the full DSN support,
planned for 2.4.0.

Checking the Postfix bounce(8) man page and the sendmail PrivacyOptions
I only see option to restrict mail body inclusion in bounces,
but no controls over mail header inclusion in DSN. Until these two
most popular mailers offer such option, I don't see pressing need
for amavisd-new to outsmart them and be more flexible.

 So it would be very fine if one could decide if the message-header is
 to be included by using %H in his template.

You are refering to the third item in the DSN (RFC 3462) MIME structure,
not to the first part (the plain-text one), where %H does have a full control.

  Mark


---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

[AMaViS-user] Differing levels of spam

[Benedict White]

Hi.

Last June I wrote asking if we could get multiple levels of spam. 
(See post 
http://sourceforge.net/mailarchive/message.php?msg_id=8655463) 

So that different strings could be attached to different scores of spam.

I was told this was a low priority, (fair enough) Has it moved up the priority 
list?

Or alternatively is there an updated patch that does a similar version to the 
one I applied before?

I would realy like to use a more up to date version of Amavis, which I still 
think is great.

I still suck at perl programming though, so still can't contribute much. : - (

Kind regards




Benedict White
[EMAIL PROTECTED]

Computer Systems Engineering Ltd
tel (44) 1444 238070
fax (44) 1444 441414



---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_idv37alloc_id865op=click
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

Re: [AMaViS-user] Unpacker für StuffIt

[Mark Martinec]

Oliver,

 i wonder if anyone has made a module to handle stuffit-archives
 (sit,sit-x) from Macintosh with amavis.
 There is a Linux commandline-unpacker freely available at stuffit.com.

Here is a patch to get you going.
I only tried it casually for the lack of interesting archives.

  Mark

---
--- amavisd.origWed Nov 30 14:03:27 2005
+++ amavisd Fri Dec 16 19:42:25 2005
@@ -308,5 +308,5 @@
   $arc $bzip2 $lzop $lha $unarj $gzip $uncompress $unfreeze
   $unrar $zoo $pax $cpio $ar $rpm2cpio $cabextract $ripole $tnef
-  $gunzip $bunzip2 $unlzop
+  $gunzip $bunzip2 $unlzop $unstuff
 )],
   );
@@ -785,4 +785,5 @@
   [qr/^(\S+\s+)?tar archive\b/i   = 'tar'],
   [qr/^(\S+\s+)?cpio archive\b/i  = 'cpio'],
+  [qr/^StuffIt Archive\b/i= 'sit'],
   [qr/^Debian binary package\b/i  = 'deb'],  # standard Unix archive (ar)
   [qr/^current ar archive\b/i = 'a'],# standard Unix archive (ar)
@@ -849,4 +850,5 @@
 sub Amavis::Unpackers::do_tnef($$);
 sub Amavis::Unpackers::do_tnef_ext($$$);
+sub Amavis::Unpackers::do_unstuff($$$);
 sub Amavis::Unpackers::do_executable($$@);
 
@@ -879,4 +881,5 @@
 *do_tnef_ext = \Amavis::Unpackers::do_tnef_ext;
 *do_tnef = \Amavis::Unpackers::do_tnef;
+*do_unstuff  = \Amavis::Unpackers::do_unstuff;
 *do_executable   = \Amavis::Unpackers::do_executable;
 sub new_RE { Amavis::Lookup::RE-new(@_) }
@@ -920,4 +923,5 @@
 ['tnef', \Amavis::Unpackers::do_tnef_ext,   \$tnef],
 ['tnef', \Amavis::Unpackers::do_tnef],
+['sit',  \Amavis::Unpackers::do_unstuff,\$unstuff],
 ['exe',  \Amavis::Unpackers::do_executable, \$unrar,\$lha,\$unarj],
   );
@@ -14272,4 +14276,27 @@
   if ($eval_stat ne '') { chomp($eval_stat); die do_pax_cpio: $eval_stat\n }
   $name_clash ? 2 : 1;
+}
+
+# command line unpacker from stuffit.com for Linux
+# decodes Macintosh StuffIt archives and others
+sub do_unstuff($$$) {
+  my($part, $tempdir, $archiver) = @_;
+  my($archiver_name) = basename((split(' ',$archiver))[0]);
+  snmp_count(OpsDecBy\u${archiver_name});
+  ll(4)  do_log(4,sprintf(Expanding archive %s, using %s,
+$part-base_name, $archiver_name));
+  mkdir($tempdir/parts/unstuff, 0750)
+or die Can't mkdir $tempdir/parts/unstuff: $!;
+  my($proc_fh,$pid) = run_command(undef, 1, $archiver, '-q',
+   -d=$tempdir/parts/unstuff, $part-full_name);
+  my($nbytes,$buff); my($output) = '';
+  while (($nbytes=$proc_fh-read($buff,4096))  0) { $output .= $buff }
+  defined $nbytes or die Error reading: $!;
+  my($err); $proc_fh-close or $err = $!;
+  $?==0 or die (exit_status_str($?,$err).' '.$output);
+  my($b) = flatten_and_tidy_dir($tempdir/parts/unstuff,
+$tempdir/parts, $part);
+  consumed_bytes($b, 'do_unstuff');
+  1;
 }
 



---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

Re: [AMaViS-user] TROUBLE in process_request: Error writing a SMTP response to the socket: Broken pipe at (eval 38)

[Mark Martinec]

Rene,

 since I added 0.0.0.0 this in /usr/sbin/amavisd :
 @inet_acl = qw( 127.0.0.1 [::1] 0.0.0.0/0 10.15.4.0/24 );
 to fix the DENIED ACCESS from IP 0.0.0.0, policy bank ''
 that was causing amavisd to stuck and be very slow

Btw, I suggested to add 0.0.0.0 to the list (mask /32 is a default),
not 0.0.0.0/0, which allows anyone in. But this is now besides the point.

 iptables block everyting but the postfix server...

Ok, that fixes the security side.

 My log file is full of this :

 Dec 16 09:44:43 amavis[10166]: TIMING [total 5026 ms] - bdb-open: 5026
 (100%) 100, rundown: 0 (0%)100
 Dec 16 09:44:43 amavis[10161]: (10161-01) TROUBLE in process_request: Error
 writing a SMTP response to the socket: Broken pipe at (eval 38) line 813.
 Dec 16 09:44:43 amavis[10161]: (10161-01) Requesting process rundown after
 fatal error
 Dec 16 09:44:44 amavis[10155]: (10155-01) SMTP shutdown: Error writing a
 SMTP response to the socket: Bad file descriptor at (eval 38) line 813.

So it seems the 0.0.0.0 was just a red herring, the real issue is
somewhere deeper. Inability to write response back to the socket
indicates the client has already disconnected at this point in time.
Pehaps it has disconnected immediately, which could explain the
Net::Server's inability to obtain its IP address - client being already
disconnected at the time Net::Server tried to fetch a peer IP address
on a socket would result in seing an 'unspecified' IP address.

Collect the complete log of events at log level 5, pertaining to
one request (e.g. the 10161-01 above, use grep), along with the
Postfix log entries pertaining to this same connection.
It would not hurt to also collect a tcpdump of the tcp session.

This should explain whether the client (Postfix smtp service)
really disconnected immediately, or after a timeout, or did
some other event cause a tcp session to break, making amavisd
(and Net::Server) think the client disconnected. Perhaps some
firewall issue? Or a tcp protocol stack problem.

  Mark


---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

Re: [AMaViS-user] Notification template: banned filename

[Mark Martinec]

Oliver,

 I found what '%F' results in a notification mail is overkilled for
 most users. Is there a similar macro to just expand to the real filename,
 without anything else ? 

I agree the %F is very talkative for a casual user. Mostly for running out of 
single-character names for macros a shorter version is currently not 
available - you can either modify the expansion of %F or sacrifice one of the 
remaining few available letters for such purpose.

The single-character macro name limitation needs lifting, and perhaps adding
ability to specify arguments to a macro call could also aleviate the problem.
I haven't yet come to this, it most likely won't happen for 2.4.0.
If you need it now, you will have to hack the code.

  Mark


---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

Re: [AMaViS-user] adding original-to header with envelope information in amavisd-new?

[Mark Martinec]

Lars,

 I'm running amavisd-new, clamav and postfix on my mail-gateways. We use
 virtual-tables to route all our e-mail on the gateways to
 [EMAIL PROTECTED] and the mail-gateways delivers to local-delivery
 servers that delivers to mailboxes.

 All this of course works like a charm. The problem is that I need to add
 an original-to header with the original envelope address. Postfix has
 the x-original-to header but it gets destroyed by this setup
 (x-original-to is  [EMAIL PROTECTED] since it's rewritten by
 mail-gateway and there is no way to change this in postfix).

 Is there any simple way to get amavisd-new to add the envelope adress to
 a custom header in the e-mail? Since we filter all mail with amavisd-new
 it seems like a patch could fix this problem.
 Have anybody tried to do this with amavisd-new? Any good reasons for me
 not to try it? Any pointers to where in the code this could be done
 smoothly.

There is one fundamental problem: a message can have multiple recipients.
Adding x-original-to for all recipients would violate sender's privacy
(consider mailing lists or Bcc). Splitting a message before it reaches a 
content filter is an option, although not very appealing one (it can bump up 
average load by a factor of 2 or more).

Technically, insering an additional header field in amavisd
is not hard, just call $hdr_edits-append_header(...) with
required additional headers, perhaps somewhere in sub 
add_forwarding_header_edits_per_recip or in 
add_forwarding_header_edits_common.

  Mark


---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

[AMaViS-user] Bayes database

[Rocco Scappatura]

Hello,

I'm using spamassassin with database MySQL.

I have many problem when I try to restore dumped data to another DBMS (for
high availability pupouse).

Infact, I have often problems like this:

mysql2:/home/rocsca/slave # mysql -u root  bayes.sql
ERROR 1062 (23000) at line 245: Duplicate entry '4-ÈÜ?' for key 1

Is an encoding problem? Anyone had similar problem?

Thanks



---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_idv37alloc_id865op=click
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

Re: [AMaViS-user] amavis-stats-0.1.19 no data in domain.com

[Gary Buckmaster]

 I recieve a lot of e-mail (2-300 daily just for amavis-stats), I skip
 about 1/2 of them because it's too difficult to process them all.

 Most of the issues are configuration issues, simple things like
 adding a site to your appache config instead of adding an include for
 the alias file and trying to read the wrong log file.


Forgive the question if its considered inflammatory or based on a
naive point of view, but why is anyone bothering using amavis-stats
anymore?  Wasn't development for amavis-stats discontinued many years
ago in exchange for another, more modular project, which apparently
has also been abandoned?


---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_idv37alloc_id865op=click
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

[AMaViS-user] logging spam, but not adding headers below sa_kill_level_deflt

[John Beamon]

I have two mail filtering servers ahead of my mailbox server, running 
postfix-2.1.5-9, amavisd-new-20030616p10-5 and apamassassin-3.0.3 on 
stock Debian Sarge.  I have noticed recently that server1 is identifying 
spammish mail in its logs, but it is not adding headers to mail below 
the quarantine score.  I have a second, AFAIK identical, filtering 
server that is adding headers above 1.0 and flagging above 3.5 as 
expected.  That server's messages still bear headers when they reach the 
mailbox server.


This is an example of the symptom.  Starting amavis on filtering server1 
with the following log definitions:


$DO_SYSLOG = 0;
$LOGFILE = /var/log/amavis.log;
$log_level = 4

I get this in the log for a given message.

Dec 16 15:43:22 server1.franklinamerican.com amavisd-new[13045]: 
(13045-06) SPAM-TAG, [EMAIL PROTECTED] - 
[EMAIL PROTECTED], Yes, hits=5.3 tagged_above=1.0 required=3.5 
tests=AWL, BAYES_99, HTML_90_100, HTML_IMAGE_RATIO_02, HTML_MESSAGE, 
HTML_MIME_NO_HTML_TAG, MIME_HTML_ONLY


I find this in the headers of the delivered message on the mailbox 
server. (snipped)


Return-Path: [EMAIL PROTECTED]
Received: from server1.franklinamerican.com ([127.0.0.1])
	by localhost (server1.franklinamerican.com [127.0.0.1]) (amavisd-new, 
port 10024)

with ESMTP id 13045-06 for [EMAIL PROTECTED];
Fri, 16 Dec 2005 15:43:21 -0600 (CST)
Date: Fri, 16 Dec 2005 15:43:16 -0600 (CST)
From: More Coupons [EMAIL PROTECTED]
Reply-To: E-Family Values [EMAIL PROTECTED]
To: Fake User [EMAIL PROTECTED]
Subject: Jamie, Here's more free coupons for your baby
Mime-Version: 1.0
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
X-MRX: miinquufqwlxlwlvulvkuvll sswnilkiilkvwnnxik lllquiqusk
X-Virus-Scanned: by amavis at mx1.franklinamerican.com
X-Virus-Scanned: by amavis at imap.franklinamerican.com

... followed by the message body.  There are no X-Spam-Level: headers, 
as there are from the other incoming server for any score above 1.0. 
For the record, messages quarantined for scoring above the kill level DO 
have X-Spam-Level: headers.  I'm not sure whether to post the 
amavisd.conf from the filtering servers or the Postfix conf from the 
mailbox server.  I have an 'sdiff -s' comparison of the two filtering 
servers' amavis.conf and spamassassin local.cf files.


The mailbox server's Postfix config is a fairly common smtpd -o 
content_filter=smtp-amavis:[127.0.0.1]:10024 that returns via :10025. 
There is no header-rewriting configured into Postfix.  I welcome any 
suggestions as to what would cause this and any specific requests for 
relevant info to help the cause.  Thanks.


--
John Beamon
Systems Administrator
Franklin American Mortgage Co.
em: [EMAIL PROTECTED]



---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

Re: [AMaViS-user] Bayes database

[Chris]

Rocco Scappatura wrote:
 Hello,
 
 I'm using spamassassin with database MySQL.
 
 I have many problem when I try to restore dumped data to another DBMS (for
 high availability pupouse).
 
 Infact, I have often problems like this:
 
 mysql2:/home/rocsca/slave # mysql -u root  bayes.sql
 ERROR 1062 (23000) at line 245: Duplicate entry '4-ÈÜ?' for key 1
 
 Is an encoding problem? Anyone had similar problem?
 
 Thanks

Is there a tutorial for someone like me to start using mysql w/Amavis
and SA?


-- 
Best regards,
Chris

It's always darkest before ... daylight saving time.



---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_idv37alloc_id865op=click
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

Re: [AMaViS-user] Bayes database

[jleaver+amavis]

Mark Martinec wrote:

Rocco,

  

I'm using spamassassin with database MySQL.
I have many problem when I try to restore dumped data to another DBMS (for
high availability pupouse).

Infact, I have often problems like this:

mysql2:/home/rocsca/slave # mysql -u root  bayes.sql
ERROR 1062 (23000) at line 245: Duplicate entry '4-ÈÜ?' for key 1

Is an encoding problem? Anyone had similar problem?



Corrupted database, needs repair:

$ mysql sa
  REPAIR TABLE bayes_expire, bayes_seen, bayes_token, awl;

It happens from time to time with MyISAM storage engine,
and it never happened again since I switched Bayes to InnoDB engine
and started using the new SA 3.1 plugin for MySQL - placing the
following in local.cf:
   bayes_store_module  Mail::SpamAssassin::BayesStore::MySQL

See file sql/README.bayes in the SA distribution.

  Mark


  

For what it's worth, I've never had success dumping bayes tokens from
mysql using mysqldump even on a perfectly repaired database, the tokens
appear to be stored in binary format, but dumps as a string.   For
backup purposes, I've resorted to doing an sa-learn --backup.


---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_idv37alloc_id865op=click
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

Re: [AMaViS-user] Bayes database

[Gary V]

 Is there a tutorial for someone like me to start using mysql w/Amavis
 and SA?

This should help you with SpamAssassin:
http://www200.pair.com/mecham/spam/debian-spamassassin-sql.html

and I would read the README.sql for amavisd-new:
http://www.ijs.si/software/amavisd/README.sql.txt

To get you started, I copied the database scheme from the README for
the users, mailaddr, wblist and policy tables to a website that you
can wget. On my system I add a user 'amavis' that can only read data,
and a user 'amavisu' that can maintain the data, you should
change the 'passwd':

cd /usr/local/src
wget http://www200.pair.com/mecham/spam/basic_users_v1.sql

mysql -u root -p

CREATE DATABASE amavisd;
USE amavisd;  
SOURCE basic_users_v1.sql;
GRANT SELECT ON amavisd.* TO [EMAIL PROTECTED] IDENTIFIED BY 'passwd';

GRANT CREATE, DROP, ALTER, SELECT, INSERT, UPDATE, DELETE ON amavisd.* TO 
[EMAIL PROTECTED] IDENTIFIED BY 'passwd';

FLUSH PRIVILEGES;
use amavisd;
show tables;
describe policy;

In amavisd.conf, I added:
@lookup_sql_dsn = ( ['DBI:mysql:amavisd:localhost', 'amavis', 'passwd'] );

Also take a look at:
http://infocenter.guardiandigital.com/archive/amavis/2004/Dec/0316.html

I also started to make some personal notes that I can share (I don't
really know if they are accurate however):
###
The purpose of the policy_id field will be apparent when we add some data to the
policy table, but what is the 'priority' field used for? If you were to read
README.lookups, you would see that recipient lookups in hash tables
are performed starting with the most specific data (the full email address)
and end with the most general data (a catchall). Here is the example of the 
order
of lookups performed when using a hash table:

[EMAIL PROTECTED]
[EMAIL PROTECTED]
user+foo@
user@
sub.example.com
.sub.example.com
.example.com
.com
.

For SQL, the structure of what is looked up is a little different, but we still
want the lookups performed in the same 'specific' to 'general' order, for 
example:

[EMAIL PROTECTED]
[EMAIL PROTECTED]
user+foo
user
@example.com
@.example.com
@.com
@.

The key is that the SQL SELECT statement used in the program uses the priority 
field
to create this order (in descending order):

From the amavisd source code:
# The SQL select clause to fetch per-recipient policy settings
# The %k will be replaced by a comma-separated list of query addresses
# (e.g. full address, domain only, catchall).  Use ORDER if there
# is a chance that multiple records will match - the first match wins
# If field names are not unique (e.g. 'id'), the later field overwrites the
# earlier in a hash returned by lookup, which is why we use '*,users.id'.
$sql_select_policy =
  'SELECT *,users.id FROM users LEFT JOIN policy ON users.policy_id=policy.id'.
  ' WHERE users.email IN (%k) ORDER BY users.priority DESC';

So, given a recipient address of '[EMAIL PROTECTED]', the SQL SELECT statement 
that
determines the policy for a given recipient would end up looking like this:

SELECT *,users.id FROM users LEFT JOIN policy ON users.policy_id=policy.id 
 WHERE users.email IN ([EMAIL PROTECTED], [EMAIL PROTECTED],
 user4+spam, user4, @example.com, @.example.com, @.com, @.)
  ORDER BY users.priority DESC;

###

This is just a start (but a usable one) for amavisd-new tables.

Gary V



---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/