Re: [AMaViS-user] amavis-stats-0.1.19 (manual log processing)
Not at this time, you can run the daemon from the command line, and quit it after it has run (it runs at 0...5..10..15..55 of the hour so you may have to wait for it to execute). It doesn't use much memory so leaving the daemon running shouldn't be a problem. I'm considering some tools to do maintenance and what not but probably wont have anything concrete until I've completed the conversion to C. The php script conversion to C is almost complete and aside from that, converting the daemon perl script to C is a first for me so if anyone has experience in area I'd appreciate the assistance. If I could get the per script converted to source I could then go about removing the module dependancies. My understanding of the conversion is that the modules must be separated to individual '.pm' files before conversion. so this: mustangrestomods:/temp2/amavis-stats-0.1.20 root# cat $(which amavis- stats) | grep ^package package AmavisStats::Boot; package AmavisStats::Conf; package AmavisStats::Daemonize; package AmavisStats::Lock; package AmavisStats::Log; package AmavisStats::Util; package AmavisStats; mustangrestomods:/temp2/amavis-stats-0.1.20 root# would turn into: AmavisStats.pm AmavisStats/Boot.pm AmavisStats/Conf.pm AmavisStats/Daemonize.pm AmavisStats/Lock.pm AmavisStats/Log.pm AmavisStats/Util.pm before the actual conversion which should be fairly easy to achieve. -- Dale On Dec 17, 2005, at 03:24 , Lawrence Wong wrote: Hi, Does anyone know if there is a commandline tool available for amavis-stats to manually generate data from saved log files rather than via the auto amavis-stats daemon. TIA! __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/ --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Bayes database
Jim wrote: Heute (17.12.2005/05:03 Uhr) schrieb Gary V ([EMAIL PROTECTED]), Is there a tutorial for someone like me to start using mysql w/Amavis and SA? This should help you with SpamAssassin: http://www200.pair.com/mecham/spam/debian-spamassassin-sql.html and I would read the README.sql for amavisd-new: http://www.ijs.si/software/amavisd/README.sql.txt To get you started, I copied the database scheme from the README for the users, mailaddr, wblist and policy tables to a website that you can wget. On my system I add a user 'amavis' that can only read data, and a user 'amavisu' that can maintain the data, you should change the 'passwd': cd /usr/local/src wget http://www200.pair.com/mecham/spam/basic_users_v1.sql mysql -u root -p CREATE DATABASE amavisd; USE amavisd; SOURCE basic_users_v1.sql; GRANT SELECT ON amavisd.* TO [EMAIL PROTECTED] IDENTIFIED BY 'passwd'; GRANT CREATE, DROP, ALTER, SELECT, INSERT, UPDATE, DELETE ON amavisd.* TO [EMAIL PROTECTED] IDENTIFIED BY 'passwd'; FLUSH PRIVILEGES; use amavisd; show tables; describe policy; In amavisd.conf, I added: @lookup_sql_dsn = ( ['DBI:mysql:amavisd:localhost', 'amavis', 'passwd'] ); Also take a look at: http://infocenter.guardiandigital.com/archive/amavis/2004/Dec/0316.html I also started to make some personal notes that I can share (I don't really know if they are accurate however): ### The purpose of the policy_id field will be apparent when we add some data to the policy table, but what is the 'priority' field used for? If you were to read README.lookups, you would see that recipient lookups in hash tables are performed starting with the most specific data (the full email address) and end with the most general data (a catchall). Here is the example of the order of lookups performed when using a hash table: [EMAIL PROTECTED] [EMAIL PROTECTED] user+foo@ user@ sub.example.com .sub.example.com .example.com .com . For SQL, the structure of what is looked up is a little different, but we still want the lookups performed in the same 'specific' to 'general' order, for example: [EMAIL PROTECTED] [EMAIL PROTECTED] user+foo user @example.com @.example.com @.com @. The key is that the SQL SELECT statement used in the program uses the priority field to create this order (in descending order): From the amavisd source code: # The SQL select clause to fetch per-recipient policy settings # The %k will be replaced by a comma-separated list of query addresses # (e.g. full address, domain only, catchall). Use ORDER if there # is a chance that multiple records will match - the first match wins # If field names are not unique (e.g. 'id'), the later field overwrites the # earlier in a hash returned by lookup, which is why we use '*,users.id'. $sql_select_policy = 'SELECT *,users.id FROM users LEFT JOIN policy ON users.policy_id=policy.id'. ' WHERE users.email IN (%k) ORDER BY users.priority DESC'; So, given a recipient address of '[EMAIL PROTECTED]', the SQL SELECT statement that determines the policy for a given recipient would end up looking like this: SELECT *,users.id FROM users LEFT JOIN policy ON users.policy_id=policy.id WHERE users.email IN ([EMAIL PROTECTED], [EMAIL PROTECTED], user4+spam, user4, @example.com, @.example.com, @.com, @.) ORDER BY users.priority DESC; ### This is just a start (but a usable one) for amavisd-new tables. Great tutorial. :) And very simply explained. Thank you, Gary Thanks Jim. If the example data is studied in the README it becomes apparent what form the data needs to be in. I should also mention once you have your data entered, and need to change something, of course you should begin studying SQL, but to cheat: UPDATE users SET policy_id=6 WHERE email='[EMAIL PROTECTED]'; Here we change the policy for [EMAIL PROTECTED] In addition to studying: http://www.ijs.si/software/amavisd/README.lookups.txt this link may be useful: http://marc.theaimsgroup.com/?l=amavis-userm=113320135827485w=2 I have not started to play with the wblist, but along with README.sql I think these links could help with understanding wblist. http://www.ijs.si/software/amavisd/amavisd-new-docs.html#wblist http://marc.theaimsgroup.com/?l=amavis-userm=113173915721641w=2 Gary V --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
RE: [AMaViS-user] Logwatch script
I'm using amavisd-new 2.3.2 on a CentOS-4 box (with postfix, SA and ClamAV). Trying to get summaries of amavis logs with Logwatch. The logwatch version is 5.2.2. Both amavisd and logwatch are the original Redhat rpms. In the logwatch report clean messages are correctly reported, but all other messages get chucked under **Unmatched Entries**. In other works none of the spam, virus, or banned log entries are recognized by the logwatch script. (I saw this issue discussed about a year ago on the list, but no resolution) Does anyone have an updated script for logwatch that matches the format of the amavid log files.? Yes, but this requires you to update logwatch. This version is you have is very dated, and much of logwatch has changed significantly, so the amavisd filter script will not work with your 5.2.2 version. Update from http://www2.logwatch.org:8080/tabs/download/ and grab the 7.1 RPM. -Mike --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] Feature request: milter interface
Hello, I would like to ask your opinion about the following... Many commercial virus and spam filtering solution has a milter interface and it is obviously much more efficient than the good old command line scanning, or the smtp in, smtp out method. It would be a clear win (at least this is what I think) for the virus scanners and an even more interesting stuff for doing spam filtering. ps: there is a perl interface to milter: http://search.cpan.org/~mglee/Net-Milter-0.08/Milter.pm Thanks, -- Attila Nagy e-mail: [EMAIL PROTECTED] Free Software Network (FSN.HU) phone: +3630 306 6758 ISOs: http://www.fsn.hu/?f=download --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Bayes database
Jim wrote: Heute (17.12.2005/16:57 Uhr) schrieb Gary V ([EMAIL PROTECTED]), In addition to studying: http://www.ijs.si/software/amavisd/README.lookups.txt this link may be useful: http://marc.theaimsgroup.com/?l=amavis-userm=113320135827485w=2 I have not started to play with the wblist, but along with README.sql I think these links could help with understanding wblist. http://www.ijs.si/software/amavisd/amavisd-new-docs.html#wblist http://marc.theaimsgroup.com/?l=amavis-userm=113173915721641w=2 Thanks again, but what I don`t understand at all is the part http://www.ijs.si/software/amavisd/amavisd-new-docs.html#score_sender I`ve try this (for example): rid sid wb 2 1 W -5 (see the whitespace, I`ve tried with and without) and gets the following errors. --snip Dec 14 07:28:37 server2 amavis[25393]: (25393-02) Passed CLEAN, [213.165.64.21] [213.165.64.21] [EMAIL PROTECTED] - [EMAIL PROTECTED] .de, Message-ID: [EMAIL PROTECTED], mail_id: mcNbYBQdshCl, Hits: -2.7-5, 6728 ms Dec 14 07:28:37 server2 amavis[25393]: (25393-02) Passed CLEAN, [EMAIL PROTECTED] - [EMAIL PROTECTED], Hits: -2.7-5, tag=-.9, tag2=3.5, kill=4.5, L/Y/0/0 Dec 14 07:28:37 server2 amavis[25393]: (25393-02) WARN save_info_final: sql execute: sts=, Insecure dependency in parameter 7 of DBI::st=HASH(0x94f9544)-execute method call while running with -T switch at (eval 39) line 127, GEN8 line 154. at (eval 39) line 131, GEN8 line 154. break = and so forth 5x Dec 14 07:28:45 server2 amavis[25393]: (25393-02) ERROR sql_storage: too many retries on storing final, info not saved Dec 14 07:28:45 server2 postfix/lmtp[25626]: C251BA95: to=[EMAIL PROTECTED], relay=127.0.0.1[127.0.0.1]:10024, delay=15, delays=0. 57/0.01/0.01/15, dsn=2.6.0, status=sent (250 2.6.0 Ok, id=25393-02, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 76654 FE8) --snap How must one make that right? Or is it not really possible? A mistake in the instructions? Or whatever!? So Jim, you made me get involved in wblist today. ;) Are you talking about: the field wblist.wb is numeric, representing score points, instead of containing a character W or B or space; The means your choices would be: a positive number a negative number a W a B a space I think you can choose only one. BTW, I had: $sql_select_white_black_list = undef; in my amavisd.conf which of course made me scratch my head when trying to get SQL wblist to function. I don't know what to tell you about the 'Insecure dependency' (taint problem) for save_info_final. Fix the wblist.wb and test again. Gary V --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Bayes database
Heute (18.12.2005/01:10 Uhr) schrieb Gary V ([EMAIL PROTECTED]), Jim wrote: How must one make that right? Or is it not really possible? A mistake in the instructions? Or whatever!? So Jim, you made me get involved in wblist today. ;) I`m so sorry for this. *gg* Are you talking about: the field wblist.wb is numeric, representing score points, instead of containing a character W or B or space; The means your choices would be: a positive number a negative number a W a B a space I think you can choose only one. you mean I can only write -5 or +500 or W or B? It`s logically *uuh, i`m sooo stupid* ;) And then (for example -500) show by scanning in the header = 2-500 = Endresult -498 BTW, I had: $sql_select_white_black_list = undef; in my amavisd.conf which of course made me scratch my head when trying to get SQL wblist to function. you mean, this a good way? I don't know what to tell you about the 'Insecure dependency' (taint problem) for save_info_final. Fix the wblist.wb and test again. I`ll try this out. Gary V -- Viele Grüße, Kind regards, Jim Knuth [EMAIL PROTECTED] ICQ #277289867 - VoIP: +49 (0) 322 212 044 67 Key ID: 0x1F78066F -- Zufalls-Zitat -- Let's fetz! sprach der Frosch und sprang in den Ventilator. -- Der Text hat nichts mit dem Empfänger der Mail zu tun -- Virus free. Checked by NOD32 Version 1.1327 Build 6468 17.12.2005 --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_idv37alloc_id865op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Logwatch script
[EMAIL PROTECTED] wrote: I'm using amavisd-new 2.3.2 on a CentOS-4 box (with postfix, SA and ClamAV). Trying to get summaries of amavis logs with Logwatch. The logwatch version is 5.2.2. Both amavisd and logwatch are the original Redhat rpms. In the logwatch report clean messages are correctly reported, but all other messages get chucked under **Unmatched Entries**. In other works none of the spam, virus, or banned log entries are recognized by the logwatch script. (I saw this issue discussed about a year ago on the list, but no resolution) Does anyone have an updated script for logwatch that matches the format of the amavid log files.? Yes, but this requires you to update logwatch. This version is you have is very dated, and much of logwatch has changed significantly, so the amavisd filter script will not work with your 5.2.2 version. Update from http://www2.logwatch.org:8080/tabs/download/ and grab the 7.1 RPM. -Mike Hello Mike: I've updated to logwatch 7.1, but still no luck. Here's a clip from the logwatch report: ### LogWatch 7.1 (11/12/05) Processing Initiated: Sun Dec 18 08:55:44 2005 Date Range Processed: yesterday ( 2005-Dec-17 ) Period is day. Detail Level of Output: 0 Type of Output: unformatted Logfiles for Host: www.arava.co.il ## - amavis Begin 7 messages checked and passed. **Unmatched Entries** Blocked SPAM, LOCAL [192.168.10.3] [83.84.135.63] [EMAIL PROTECTED] - [EMAIL PROTECTED], quarantine: spam-3gO1Eb4uansl.gz, Message-ID: [EMAIL PROTECTED], mail_id: 3gO1Eb4uansl, Hits: 18.891, 10056 ms: 1 Time(s) Passed BAD-HEADER, LOCAL [192.168.10.3] [130.94.6.248] [EMAIL PROTECTED] - [EMAIL PROTECTED], Message-ID: [EMAIL PROTECTED], mail_id: 4F8FT0dJsCer, Hits: 3.92, 16065 ms: 1 Time(s) Blocked SPAM, LOCAL [192.168.10.3] [62.195.90.36] [EMAIL PROTECTED] - [EMAIL PROTECTED], quarantine: spam-BYJ6n8ZuIwOK.gz, Message-ID: [EMAIL PROTECTED], mail_id: BYJ6n8ZuIwOK, Hits: 26.993, 16980 ms: 1 Time(s) As you see all amavis messages (except the CLEAN ones) appear under **Unmatched Entries**. What else can I try? Thanks, Micha --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/