Re: [AMaViS-user] what should happen when many filters match ?
Gérald Macinenti wrote: mouss a écrit : What is the general rule when multiple filters match ? if it's a virus, we don't care if it's banned, bad hdr or spam. it's handled as a virus. this rules seams fair to me, but in fact, if it is a virus and has bad header and we have virus set to D_PASS and badh to D_DISCARD, the mail is blocked, so actual behaviour of the program doesn't follow the rule you describe, is this a bug ? I've encountered something similar. IIRC, it was a customer who had disabled antispam (spam_lover = 1), but enabled the removal of banned files (banned_files_lover = 0). That meant that if a mail was spam and had a bad file, the mail would still get through. I checked the perl logic back then, and it seemed to be a problem with the priority of which the rules was checked. So it went ok, this thing is spam and has a banned file, but the recipient wants spam, so we deliver I attempted to fix it, but eventually gave up. // Tom --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_idv37alloc_id865op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] amavis-stats-0.1.19 no data in domain.com
Without providing more details I am unable to conclude your possible problems and solutions. -- Dale On Dec 16, 2005, at 05:24 , Ramdas Phutane wrote: On 12/13/05, Ramdas Phutane [EMAIL PROTECTED] wrote: Hi Group, New bie here I have installed the amavis-stats-0.1.19 on my Linux server with Amavisd-new 2.3.3 . But I am not able to see the domain-wise graphs / stats. -- The /usr/local/var/lib/amavis-stats/amavis-stats.* are getting updated properly. /usr/local/var/lib/amavis-stats/domain.com/amavis-stats.count 0 bytes /usr/local/var/lib/amavis-stats/domain.com/amavis-stats.seen 0 bytes /usr/local/var/lib/amavis-stats/domain.com/amavis-stats.state 58 bytes [EMAIL PROTECTED] #cat domain.com/amavis-stats.state pos: 12378614 lastupdate: 1134474900 LC_TIME: C spamsess: - Please forgive if I have missed any earlier posts. Any one please help. I am stuck with this problem. In case I need to give more inputs please let me know Thanx Regards Phutane --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_idv37alloc_id865op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/ --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_idv37alloc_id865op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] amavis-stats-0.1.19 no data in domain.com
Dale Walsh [EMAIL PROTECTED] [2005-12-16 08:50]: Without providing more details I am unable to conclude your possible problems and solutions. -- Dale Dale, I am having the same problem as Ramdas and I sent you an e-mail about it a week or so back, I think. I'm running amavisd-new 2.3.3-r2 on a Gentoo Linux box. I'm using syslog-ng. When I configure amavis-stats to use my domains, it never sees them. It only sees the name of the mailserver and localhost. I'm wondering if you could share the regex you are using to match, maybe it's something in the patten matching? Here's why my entries look like in syslog: Dec 13 16:12:48 megatron.howsyournetwork.com amavis[9165]: (09165-06) Passed CLEAN, [10.252.238.82] [EMAIL PROTECTED] - [EMAIL PROTECTED], Message-ID: [EMAIL PROTECTED], mail_id: PH4Q+ZX4of7N, Hits: -1.44, 1140 ms Dec 15 13:52:26 megatron.howsyournetwork.com amavis[19904]: (19904-11) Passed SPAM, [125.209.132.42] [EMAIL PROTECTED] - [EMAIL PROTECTED], Message-ID: [EMAIL PROTECTED], mail_id: 0B9VkRob8yA9, Hits: 7.537, 1030 ms In these examples, domain2.com and domain3.com are domains that I relay for. Shane -- Shane Hickey [EMAIL PROTECTED]: Network/System Consultant GPG KeyID: 777CBF3F Key fingerprint: 254F B2AC 9939 C715 278C DA95 4109 9F69 777C BF3F --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] what should happen when many filters match ?
This discussion presents a large set of problems. In general I think it has to be decided up front if a message triggers a PASS on any of the four tests whether the results of subsequent tests are ignored or not. To simplify and make things consistent, I am thinking that maybe it should be true that making someone a lover *should* be the functional equivalent of setting $final_*_destiny = D_PASS; for that recipient in all four cases. If you establish that once a PASS is given, the mail is delivered, this is the simplest and most predictable scenario but at a cost of flexibility. If you establish that even if a previous test triggers a PASS, subsequent tests can override the decision, it becomes more complicated (but also more flexible). You would have to come up with scenarios where subsequent tests could selectively decide whether a message would PASS or not (some of which could be done with *lovers maps). The problem would be where you have someone that (for example) wants viruses, but does not wish to get any spam. You can't make them a spam lover in this case, so I think you would have to make the spam test conditional on the result of the virus test. To account for every possible case of what a user may desire, you might have to come up with stuff like: If virus test triggers PASS, ignore result from all subsequent tests. If virus test triggers PASS, honor result from banned but ignore spam and badh tests. If virus test triggers PASS, honor result from banned and spam, but ignore badh test. If virus test triggers PASS, honor result from spam, but ignore banned and badh tests. ... virus PASS banned 0 1 1 0 1 1 1 0 0 spam0 0 1 1 0 1 1 0 1 badh0 0 0 0 1 0 1 1 1 0 = ignore 1 = honor and so on for each remaining test, which if resulted in a PASS would then follow its own (shorter) logic table of subsequent tests. Throw in *bypass* and account for multi-recipient mail and all in all it makes for a fun thought process. Gary V --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] amavis logs error: SA TIMED OUT
Martin wrote: Hello, since 1 or 2 days i'm getting many log entries from amavis that SA timed out (examples see below). What i found out so far is that most of those mails have bigger attachments (up to 5MB), mostly CAD data. Martin Bärtl http://marc.theaimsgroup.com/?l=amavis-userm=113461291328931w=2 Gary V --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] amavis logs error: SA TIMED OUT
Martin, since 1 or 2 days i'm getting many log entries from amavis that SA timed out (examples see below). What i found out so far is that most of those mails have bigger attachments (up to 5MB), mostly CAD data. Messages larger than $sa_mail_body_size_limit are not sumitted to SA for checking, the default limit is 200 kB. Have you increased this setting substantially? SA scanning time goes rouggly linear with message size, and (since very large spam is quite rare), it makes sense to not waste time at spam-scanning large messages. Mark --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] TROUBLE in process_request: Error writing a SMTP response to the socket: Broken pipe at (eval 38)
Hi All, since I added 0.0.0.0 this in /usr/sbin/amavisd : @inet_acl = qw( 127.0.0.1 [::1] 0.0.0.0/0 10.15.4.0/24 10.15.80.0/24 192.168.1.0/24 ); to fix the DENIED ACCESS from IP 0.0.0.0, policy bank '' that was causing amavisd to stuck and be very slow My log file is full of this : Dec 16 09:44:43 amavis[10166]: TIMING [total 5026 ms] - bdb-open: 5026 (100%) 100, rundown: 0 (0%)100 Dec 16 09:44:43 amavis[10161]: (10161-01) TROUBLE in process_request: Error writing a SMTP response to the socket: Broken pipe at (eval 38) line 813. Dec 16 09:44:43 amavis[10161]: (10161-01) Requesting process rundown after fatal error Dec 16 09:44:44 amavis[10155]: (10155-01) SMTP shutdown: Error writing a SMTP response to the socket: Bad file descriptor at (eval 38) line 813.\n Dec 16 09:44:45 amavis[10162]: (10162-01) TROUBLE in process_request: Error writing a SMTP response to the socket: Broken pipe at (eval 38) line 813. Dec 16 09:44:45 amavis[10162]: (10162-01) Requesting process rundown after fatal error Dec 16 09:44:45 amavis[10156]: (10156-01) SMTP shutdown: Error writing a SMTP response to the socket: Bad file descriptor at (eval 38) line 813.\n iptables block everyting but the postfix server... anybody have an idea ??? -- Rene Bouchard System Administrator [EMAIL PROTECTED] Tel: 1-613-562-9847 ext. 162 Fax: 1-613-562-4768 Cel: 1-613-277-4435 ePALS Classroom Exchange http://www.epals.com/ The World's Leading Provider of School-Safe Email and Collaborative Technology For The Education Market Serving 5.5 Million Students and Teachers in 191 Countries. --- ePALS Classroom Exchange Terms apply to this e-mail http://www.epalscorp.com/emailterms - --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Customize notify messages
Oliver, As i study the source i found out that user notifications are handled by 'delivery_status_notification' and admin notifications handled somewhere else. Right. But in both cases the first (or only) plain-text portion of the notification comes from its corresponding template (by calling sub expand) and these templates contain (or not contain) a %H macro call, which (if present) expands to original mail header. Removing the %H from each template makes the header inclusion in the first (or only) part of notification the go away. The delivery_status_notification routine, besides taking the expanded template and placing it as a first item in MIME tree, also appends two more DSN MIME components, as per rfc3462/rfc3464. This only applies to sender notififications, but not to recipient and admin notifications, as there are not governed by these RFCs. In the former of both, the original mail-header (contained by %H macro) is hard-coded and does not depend on the existence of this macro. This only holds true for third DSN mime part as per rfc3462/rfc3464. Also the From To and Date fields cannot be set by the template because they will be forced to some other value in this sub. Right. This change was made to overcome problems with proper placement of these headers when Resent-* header fields also need to be inserted. So far I don't think it's a big sacrifice. Redesigning templates to support MIME structure and other bells is on a to-do list, but not high on priority. I got familar with the macro processor (expand()), but i think it would be much clearer if there are different templates for BANNED HEADER FAILURE and VIRUS indications. Is there a chance to do this? It might be cleaner. It evolved this way through a series of small changes through the history. At the moment I have other worries with 2.4.0, so don't hold your breath. You're right about the RFC, but our customers don't know anything about this. And they don't worry if it's missing. But MUA know about these, and don't bother reader with them unless necessary/requested. But they worry if there is a Mail with massive information that they don't understand and likely to erase the message instead of reading it. I don't want to create a new thread about whether or not RFC conventions should be strict or not. I just decided not to do so in that special case. Edit delivery_status_notification if necessary. Admittedly the third part of DSN (RFC3462) is optional, so by removing it the NDN would still be standards compliant. I'll consider it when I'll be implementing the full DSN support, planned for 2.4.0. Checking the Postfix bounce(8) man page and the sendmail PrivacyOptions I only see option to restrict mail body inclusion in bounces, but no controls over mail header inclusion in DSN. Until these two most popular mailers offer such option, I don't see pressing need for amavisd-new to outsmart them and be more flexible. So it would be very fine if one could decide if the message-header is to be included by using %H in his template. You are refering to the third item in the DSN (RFC 3462) MIME structure, not to the first part (the plain-text one), where %H does have a full control. Mark --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] Differing levels of spam
Hi. Last June I wrote asking if we could get multiple levels of spam. (See post http://sourceforge.net/mailarchive/message.php?msg_id=8655463) So that different strings could be attached to different scores of spam. I was told this was a low priority, (fair enough) Has it moved up the priority list? Or alternatively is there an updated patch that does a similar version to the one I applied before? I would realy like to use a more up to date version of Amavis, which I still think is great. I still suck at perl programming though, so still can't contribute much. : - ( Kind regards Benedict White [EMAIL PROTECTED] Computer Systems Engineering Ltd tel (44) 1444 238070 fax (44) 1444 441414 --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_idv37alloc_id865op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Unpacker für StuffIt
Oliver, i wonder if anyone has made a module to handle stuffit-archives (sit,sit-x) from Macintosh with amavis. There is a Linux commandline-unpacker freely available at stuffit.com. Here is a patch to get you going. I only tried it casually for the lack of interesting archives. Mark --- --- amavisd.origWed Nov 30 14:03:27 2005 +++ amavisd Fri Dec 16 19:42:25 2005 @@ -308,5 +308,5 @@ $arc $bzip2 $lzop $lha $unarj $gzip $uncompress $unfreeze $unrar $zoo $pax $cpio $ar $rpm2cpio $cabextract $ripole $tnef - $gunzip $bunzip2 $unlzop + $gunzip $bunzip2 $unlzop $unstuff )], ); @@ -785,4 +785,5 @@ [qr/^(\S+\s+)?tar archive\b/i = 'tar'], [qr/^(\S+\s+)?cpio archive\b/i = 'cpio'], + [qr/^StuffIt Archive\b/i= 'sit'], [qr/^Debian binary package\b/i = 'deb'], # standard Unix archive (ar) [qr/^current ar archive\b/i = 'a'],# standard Unix archive (ar) @@ -849,4 +850,5 @@ sub Amavis::Unpackers::do_tnef($$); sub Amavis::Unpackers::do_tnef_ext($$$); +sub Amavis::Unpackers::do_unstuff($$$); sub Amavis::Unpackers::do_executable($$@); @@ -879,4 +881,5 @@ *do_tnef_ext = \Amavis::Unpackers::do_tnef_ext; *do_tnef = \Amavis::Unpackers::do_tnef; +*do_unstuff = \Amavis::Unpackers::do_unstuff; *do_executable = \Amavis::Unpackers::do_executable; sub new_RE { Amavis::Lookup::RE-new(@_) } @@ -920,4 +923,5 @@ ['tnef', \Amavis::Unpackers::do_tnef_ext, \$tnef], ['tnef', \Amavis::Unpackers::do_tnef], +['sit', \Amavis::Unpackers::do_unstuff,\$unstuff], ['exe', \Amavis::Unpackers::do_executable, \$unrar,\$lha,\$unarj], ); @@ -14272,4 +14276,27 @@ if ($eval_stat ne '') { chomp($eval_stat); die do_pax_cpio: $eval_stat\n } $name_clash ? 2 : 1; +} + +# command line unpacker from stuffit.com for Linux +# decodes Macintosh StuffIt archives and others +sub do_unstuff($$$) { + my($part, $tempdir, $archiver) = @_; + my($archiver_name) = basename((split(' ',$archiver))[0]); + snmp_count(OpsDecBy\u${archiver_name}); + ll(4) do_log(4,sprintf(Expanding archive %s, using %s, +$part-base_name, $archiver_name)); + mkdir($tempdir/parts/unstuff, 0750) +or die Can't mkdir $tempdir/parts/unstuff: $!; + my($proc_fh,$pid) = run_command(undef, 1, $archiver, '-q', + -d=$tempdir/parts/unstuff, $part-full_name); + my($nbytes,$buff); my($output) = ''; + while (($nbytes=$proc_fh-read($buff,4096)) 0) { $output .= $buff } + defined $nbytes or die Error reading: $!; + my($err); $proc_fh-close or $err = $!; + $?==0 or die (exit_status_str($?,$err).' '.$output); + my($b) = flatten_and_tidy_dir($tempdir/parts/unstuff, +$tempdir/parts, $part); + consumed_bytes($b, 'do_unstuff'); + 1; } --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] TROUBLE in process_request: Error writing a SMTP response to the socket: Broken pipe at (eval 38)
Rene, since I added 0.0.0.0 this in /usr/sbin/amavisd : @inet_acl = qw( 127.0.0.1 [::1] 0.0.0.0/0 10.15.4.0/24 ); to fix the DENIED ACCESS from IP 0.0.0.0, policy bank '' that was causing amavisd to stuck and be very slow Btw, I suggested to add 0.0.0.0 to the list (mask /32 is a default), not 0.0.0.0/0, which allows anyone in. But this is now besides the point. iptables block everyting but the postfix server... Ok, that fixes the security side. My log file is full of this : Dec 16 09:44:43 amavis[10166]: TIMING [total 5026 ms] - bdb-open: 5026 (100%) 100, rundown: 0 (0%)100 Dec 16 09:44:43 amavis[10161]: (10161-01) TROUBLE in process_request: Error writing a SMTP response to the socket: Broken pipe at (eval 38) line 813. Dec 16 09:44:43 amavis[10161]: (10161-01) Requesting process rundown after fatal error Dec 16 09:44:44 amavis[10155]: (10155-01) SMTP shutdown: Error writing a SMTP response to the socket: Bad file descriptor at (eval 38) line 813. So it seems the 0.0.0.0 was just a red herring, the real issue is somewhere deeper. Inability to write response back to the socket indicates the client has already disconnected at this point in time. Pehaps it has disconnected immediately, which could explain the Net::Server's inability to obtain its IP address - client being already disconnected at the time Net::Server tried to fetch a peer IP address on a socket would result in seing an 'unspecified' IP address. Collect the complete log of events at log level 5, pertaining to one request (e.g. the 10161-01 above, use grep), along with the Postfix log entries pertaining to this same connection. It would not hurt to also collect a tcpdump of the tcp session. This should explain whether the client (Postfix smtp service) really disconnected immediately, or after a timeout, or did some other event cause a tcp session to break, making amavisd (and Net::Server) think the client disconnected. Perhaps some firewall issue? Or a tcp protocol stack problem. Mark --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Notification template: banned filename
Oliver, I found what '%F' results in a notification mail is overkilled for most users. Is there a similar macro to just expand to the real filename, without anything else ? I agree the %F is very talkative for a casual user. Mostly for running out of single-character names for macros a shorter version is currently not available - you can either modify the expansion of %F or sacrifice one of the remaining few available letters for such purpose. The single-character macro name limitation needs lifting, and perhaps adding ability to specify arguments to a macro call could also aleviate the problem. I haven't yet come to this, it most likely won't happen for 2.4.0. If you need it now, you will have to hack the code. Mark --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] adding original-to header with envelope information in amavisd-new?
Lars, I'm running amavisd-new, clamav and postfix on my mail-gateways. We use virtual-tables to route all our e-mail on the gateways to [EMAIL PROTECTED] and the mail-gateways delivers to local-delivery servers that delivers to mailboxes. All this of course works like a charm. The problem is that I need to add an original-to header with the original envelope address. Postfix has the x-original-to header but it gets destroyed by this setup (x-original-to is [EMAIL PROTECTED] since it's rewritten by mail-gateway and there is no way to change this in postfix). Is there any simple way to get amavisd-new to add the envelope adress to a custom header in the e-mail? Since we filter all mail with amavisd-new it seems like a patch could fix this problem. Have anybody tried to do this with amavisd-new? Any good reasons for me not to try it? Any pointers to where in the code this could be done smoothly. There is one fundamental problem: a message can have multiple recipients. Adding x-original-to for all recipients would violate sender's privacy (consider mailing lists or Bcc). Splitting a message before it reaches a content filter is an option, although not very appealing one (it can bump up average load by a factor of 2 or more). Technically, insering an additional header field in amavisd is not hard, just call $hdr_edits-append_header(...) with required additional headers, perhaps somewhere in sub add_forwarding_header_edits_per_recip or in add_forwarding_header_edits_common. Mark --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] Bayes database
Hello, I'm using spamassassin with database MySQL. I have many problem when I try to restore dumped data to another DBMS (for high availability pupouse). Infact, I have often problems like this: mysql2:/home/rocsca/slave # mysql -u root bayes.sql ERROR 1062 (23000) at line 245: Duplicate entry '4-ÈÜ?' for key 1 Is an encoding problem? Anyone had similar problem? Thanks --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_idv37alloc_id865op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] amavis-stats-0.1.19 no data in domain.com
I recieve a lot of e-mail (2-300 daily just for amavis-stats), I skip about 1/2 of them because it's too difficult to process them all. Most of the issues are configuration issues, simple things like adding a site to your appache config instead of adding an include for the alias file and trying to read the wrong log file. Forgive the question if its considered inflammatory or based on a naive point of view, but why is anyone bothering using amavis-stats anymore? Wasn't development for amavis-stats discontinued many years ago in exchange for another, more modular project, which apparently has also been abandoned? --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_idv37alloc_id865op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] logging spam, but not adding headers below sa_kill_level_deflt
I have two mail filtering servers ahead of my mailbox server, running postfix-2.1.5-9, amavisd-new-20030616p10-5 and apamassassin-3.0.3 on stock Debian Sarge. I have noticed recently that server1 is identifying spammish mail in its logs, but it is not adding headers to mail below the quarantine score. I have a second, AFAIK identical, filtering server that is adding headers above 1.0 and flagging above 3.5 as expected. That server's messages still bear headers when they reach the mailbox server. This is an example of the symptom. Starting amavis on filtering server1 with the following log definitions: $DO_SYSLOG = 0; $LOGFILE = /var/log/amavis.log; $log_level = 4 I get this in the log for a given message. Dec 16 15:43:22 server1.franklinamerican.com amavisd-new[13045]: (13045-06) SPAM-TAG, [EMAIL PROTECTED] - [EMAIL PROTECTED], Yes, hits=5.3 tagged_above=1.0 required=3.5 tests=AWL, BAYES_99, HTML_90_100, HTML_IMAGE_RATIO_02, HTML_MESSAGE, HTML_MIME_NO_HTML_TAG, MIME_HTML_ONLY I find this in the headers of the delivered message on the mailbox server. (snipped) Return-Path: [EMAIL PROTECTED] Received: from server1.franklinamerican.com ([127.0.0.1]) by localhost (server1.franklinamerican.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 13045-06 for [EMAIL PROTECTED]; Fri, 16 Dec 2005 15:43:21 -0600 (CST) Date: Fri, 16 Dec 2005 15:43:16 -0600 (CST) From: More Coupons [EMAIL PROTECTED] Reply-To: E-Family Values [EMAIL PROTECTED] To: Fake User [EMAIL PROTECTED] Subject: Jamie, Here's more free coupons for your baby Mime-Version: 1.0 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable X-MRX: miinquufqwlxlwlvulvkuvll sswnilkiilkvwnnxik lllquiqusk X-Virus-Scanned: by amavis at mx1.franklinamerican.com X-Virus-Scanned: by amavis at imap.franklinamerican.com ... followed by the message body. There are no X-Spam-Level: headers, as there are from the other incoming server for any score above 1.0. For the record, messages quarantined for scoring above the kill level DO have X-Spam-Level: headers. I'm not sure whether to post the amavisd.conf from the filtering servers or the Postfix conf from the mailbox server. I have an 'sdiff -s' comparison of the two filtering servers' amavis.conf and spamassassin local.cf files. The mailbox server's Postfix config is a fairly common smtpd -o content_filter=smtp-amavis:[127.0.0.1]:10024 that returns via :10025. There is no header-rewriting configured into Postfix. I welcome any suggestions as to what would cause this and any specific requests for relevant info to help the cause. Thanks. -- John Beamon Systems Administrator Franklin American Mortgage Co. em: [EMAIL PROTECTED] --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Bayes database
Rocco Scappatura wrote: Hello, I'm using spamassassin with database MySQL. I have many problem when I try to restore dumped data to another DBMS (for high availability pupouse). Infact, I have often problems like this: mysql2:/home/rocsca/slave # mysql -u root bayes.sql ERROR 1062 (23000) at line 245: Duplicate entry '4-ÈÜ?' for key 1 Is an encoding problem? Anyone had similar problem? Thanks Is there a tutorial for someone like me to start using mysql w/Amavis and SA? -- Best regards, Chris It's always darkest before ... daylight saving time. --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_idv37alloc_id865op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Bayes database
Mark Martinec wrote: Rocco, I'm using spamassassin with database MySQL. I have many problem when I try to restore dumped data to another DBMS (for high availability pupouse). Infact, I have often problems like this: mysql2:/home/rocsca/slave # mysql -u root bayes.sql ERROR 1062 (23000) at line 245: Duplicate entry '4-ÈÜ?' for key 1 Is an encoding problem? Anyone had similar problem? Corrupted database, needs repair: $ mysql sa REPAIR TABLE bayes_expire, bayes_seen, bayes_token, awl; It happens from time to time with MyISAM storage engine, and it never happened again since I switched Bayes to InnoDB engine and started using the new SA 3.1 plugin for MySQL - placing the following in local.cf: bayes_store_module Mail::SpamAssassin::BayesStore::MySQL See file sql/README.bayes in the SA distribution. Mark For what it's worth, I've never had success dumping bayes tokens from mysql using mysqldump even on a perfectly repaired database, the tokens appear to be stored in binary format, but dumps as a string. For backup purposes, I've resorted to doing an sa-learn --backup. --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_idv37alloc_id865op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Bayes database
Is there a tutorial for someone like me to start using mysql w/Amavis and SA? This should help you with SpamAssassin: http://www200.pair.com/mecham/spam/debian-spamassassin-sql.html and I would read the README.sql for amavisd-new: http://www.ijs.si/software/amavisd/README.sql.txt To get you started, I copied the database scheme from the README for the users, mailaddr, wblist and policy tables to a website that you can wget. On my system I add a user 'amavis' that can only read data, and a user 'amavisu' that can maintain the data, you should change the 'passwd': cd /usr/local/src wget http://www200.pair.com/mecham/spam/basic_users_v1.sql mysql -u root -p CREATE DATABASE amavisd; USE amavisd; SOURCE basic_users_v1.sql; GRANT SELECT ON amavisd.* TO [EMAIL PROTECTED] IDENTIFIED BY 'passwd'; GRANT CREATE, DROP, ALTER, SELECT, INSERT, UPDATE, DELETE ON amavisd.* TO [EMAIL PROTECTED] IDENTIFIED BY 'passwd'; FLUSH PRIVILEGES; use amavisd; show tables; describe policy; In amavisd.conf, I added: @lookup_sql_dsn = ( ['DBI:mysql:amavisd:localhost', 'amavis', 'passwd'] ); Also take a look at: http://infocenter.guardiandigital.com/archive/amavis/2004/Dec/0316.html I also started to make some personal notes that I can share (I don't really know if they are accurate however): ### The purpose of the policy_id field will be apparent when we add some data to the policy table, but what is the 'priority' field used for? If you were to read README.lookups, you would see that recipient lookups in hash tables are performed starting with the most specific data (the full email address) and end with the most general data (a catchall). Here is the example of the order of lookups performed when using a hash table: [EMAIL PROTECTED] [EMAIL PROTECTED] user+foo@ user@ sub.example.com .sub.example.com .example.com .com . For SQL, the structure of what is looked up is a little different, but we still want the lookups performed in the same 'specific' to 'general' order, for example: [EMAIL PROTECTED] [EMAIL PROTECTED] user+foo user @example.com @.example.com @.com @. The key is that the SQL SELECT statement used in the program uses the priority field to create this order (in descending order): From the amavisd source code: # The SQL select clause to fetch per-recipient policy settings # The %k will be replaced by a comma-separated list of query addresses # (e.g. full address, domain only, catchall). Use ORDER if there # is a chance that multiple records will match - the first match wins # If field names are not unique (e.g. 'id'), the later field overwrites the # earlier in a hash returned by lookup, which is why we use '*,users.id'. $sql_select_policy = 'SELECT *,users.id FROM users LEFT JOIN policy ON users.policy_id=policy.id'. ' WHERE users.email IN (%k) ORDER BY users.priority DESC'; So, given a recipient address of '[EMAIL PROTECTED]', the SQL SELECT statement that determines the policy for a given recipient would end up looking like this: SELECT *,users.id FROM users LEFT JOIN policy ON users.policy_id=policy.id WHERE users.email IN ([EMAIL PROTECTED], [EMAIL PROTECTED], user4+spam, user4, @example.com, @.example.com, @.com, @.) ORDER BY users.priority DESC; ### This is just a start (but a usable one) for amavisd-new tables. Gary V --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/