[AMaViS-user] How to automatically report SPAM to spamcop

[MJ]

Hi,
I am running postfix 2.2.4 on Solaris 8 with amavisd-new.2.3.2,
SpamAssassin 3.1.0 and Clamav 0.8.7.1 as an AV/AS gateway to my main
email system. Since we are any ISP and we received thousands of SPAM
messages I want to report these messages to spamcop. I have gone through
the faq's on spamcop site and some docs on spamassassin site but still I
didn't get a clear idea how to configure this. Can any one guide me on
this.

Second question is that am using postfix to check the rbls, is it OK or
I need to check this in amavisd?

Thanks,
MJ




---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

[AMaViS-user] Re: How to automatically report SPAM to spamcop

[Jim Knuth]

Heute (28.12.2005/13:07 Uhr) schrieb MJ ([EMAIL PROTECTED]),

 Hi,
 I am running postfix 2.2.4 on Solaris 8 with amavisd-new.2.3.2,
 SpamAssassin 3.1.0 and Clamav 0.8.7.1 as an AV/AS gateway to my main
 email system. Since we are any ISP and we received thousands of SPAM
 messages I want to report these messages to spamcop. I have gone through
 the faq's on spamcop site and some docs on spamassassin site but still I
 didn't get a clear idea how to configure this. Can any one guide me on
 this.

 Second question is that am using postfix to check the rbls, is it OK

it`s the only (the best IMHO) way or maybe turn on the RBL checks of SA.

  or I need to check this in amavisd?

amavis can`t do this.

 Thanks,
 MJ


-- 
Viele Grüße, Kind regards,
 Jim Knuth
 [EMAIL PROTECTED]
 ICQ #277289867 - VoIP: +49 (0) 322 212 044 67
 Key ID: 0x1F78066F
--
Zufalls-Zitat
--
Das letzte Wort des Bergsteigers:
So, der Haken hält.
--
Der Text hat nichts mit dem Empfänger der Mail zu tun
--
Virus free. Checked by NOD32 Version 1.1341 Build 6516  27.12.2005

[AMaViS-user] forwarding viruses to host

[Miro Dietiker, MD Systems]

Hi!

I'm running two servers with amavisd-new under debian with postfix.

On Server A there is a spam collection account [EMAIL PROTECTED], where
all viruses have to be delivered to.
On host B all spam found should be delivered to Server A into the
spam.collect account.

If now Server A receives SPAM, I can see two messages in the
spam.collect box. The SPAM mail itself, and a resport for each SPAM with
title SPAM FROM xxx

If Server B receives SPAM, I can see three messages since (I expect)
server B identifies spam, generates a SPAM FROM message to Server A,
forwards SPAM itself to Server A, where server A also identifies message
as SPAM again and produces a second report...
This second report always shows up as SPAM FROM (?) where the
exclamation mark is present.

What would be the right or common way to forward that Mails?
I already was thinking of using a transport from B to A, not being
handled via amavis but i don't want to switch off too much checks and
don't want to open unnecessary ports .

Any suggestions to this setup?

Thanks a lot

+---+  +---+
| Miro Dietiker |  | MD Systems Miro Dietiker  |
+---+  +---+




---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

[AMaViS-user] Allowing exe files in zip format

[MJ]

Hi,
I am running postfix 2.2.4 on Solaris 8 with amavisd-new.2.3.2,
SpamAssassin 3.1.0 and Clamav 0.8.7.1 as an AV/AS gateway to my main
email system. We want our users to be able to send exe files in compress
form (.zip) how can I configure amavisd not to bann exe files in zip
format.

Thanks,
MJ




---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

[AMaViS-user] Are there any C programmers on this list who may have some available time?

[Dale Walsh]

I'm in the midst of rewriting some PHP code for an amavisd-new  
utility and I'm looking for people who have some time they could  
devote to converting some small code to C.


I've delegated the majority / bulk of the work to myself but have a  
half dozen more small routines to convert and was wondering if I  
could obtain some assistance with them.


All interested parties please respond off list.

-- Dale



---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

Re: [AMaViS-user] Problem with Amavisd-new forking children endlessly

[Mark Martinec]

Mike,

 In Gregory's case it was a systemwide ldap problem, discovered by strace:
 | I ran the strace -f and it looks like some sort of ldap (!?) problem
 | now. It segfaults right after trying to load .ldaprc from the
 | /var/amavis directory. Nothing mentioning ldap in my amavisd.conf file,
 | however LDAP is used for other things on the system.

 What steps should I take to try to fix this.

First you need to find out what is wrong.

 I updated/re-installed perl and its modules and openldap works
 just fine.  How do I use the strace -f?

man strace

for example:
  # su vscan
  $ strace -f -t -o 0.log amavisd debug

strace can also attach to an already running process,
using option -p

 Is anyone else using Fedora Core 4?
 If so, did amavis work out of the box?

Don't know. I'd say that for most people it would work
out of the box, otherwise we would see more complaints
on the mailing list.

  Mark


---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

Re: [AMaViS-user] forwarding viruses to host

[Gary V]

MD wrote:

 Hi!

 I'm running two servers with amavisd-new under debian with postfix.

 On Server A there is a spam collection account [EMAIL PROTECTED], where
 all viruses have to be delivered to.
 On host B all spam found should be delivered to Server A into the
 spam.collect account.

 If now Server A receives SPAM, I can see two messages in the
 spam.collect box. The SPAM mail itself, and a resport for each SPAM with
 title SPAM FROM xxx

 If Server B receives SPAM, I can see three messages since (I expect)
 server B identifies spam, generates a SPAM FROM message to Server A,
 forwards SPAM itself to Server A, where server A also identifies message
 as SPAM again and produces a second report...
 This second report always shows up as SPAM FROM (?) where the
 exclamation mark is present.

 What would be the right or common way to forward that Mails?
 I already was thinking of using a transport from B to A, not being
 handled via amavis but i don't want to switch off too much checks and
 don't want to open unnecessary ports .

 Any suggestions to this setup?

 Thanks a lot

 +---+  +---+
 | Miro Dietiker |  | MD Systems Miro Dietiker  |
 +---+  +---+

I'm not exactly clear on all points of your setup but
maybe this would work (or at least give you one idea).
At some appropriate place in main.cf create a
check_client_access map that will use a policy bank if
the mail originates from server B. Then only bypass checks
if mail from that client is addressed to [EMAIL PROTECTED] 

check_client_access hash:/etc/postfix/amavis_quarantine

/etc/postfix/amavis_quarantine:
192.168.1.15 FILTER smtp-amavis:[127.0.0.1]:10026

in amavisd.conf:
$inet_socket_port = [10024,10026];

Then set up a policy bank. This will override amavisd-new's
configured settings for any message received on port 10026.

$interface_policy{'10026'} = 'QUARANTINE';

$policy_bank{'QUARANTINE'} = {
 bypass_spam_checks_maps = [[qw( [EMAIL PROTECTED] )]],
 bypass_banned_checks_maps = [[qw( [EMAIL PROTECTED] )]],
 bypass_virus_checks_maps = [[qw( [EMAIL PROTECTED] )]],
 bypass_header_checks_maps = [[qw( [EMAIL PROTECTED] )]],
 spam_lovers_maps = [[qw( [EMAIL PROTECTED] )]],
 banned_files_lovers_maps = [[qw( [EMAIL PROTECTED] )]],
 virus_lovers_maps = [[qw( [EMAIL PROTECTED] )]],
 bad_header_lovers_maps = [[qw( [EMAIL PROTECTED] )]],
};

Gary V






Gary V



---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

AW: [AMaViS-user] Allowing exe files in zip format

[Miro Dietiker, MD Systems]

This one would interest me too ...
Which var did you passed this option? May you pass the paragraph here?

In my debian amavisd.conf is no such uncommentable line.

Thanks!

+---+  +---+
| Miro Dietiker |  | MD Systems Miro Dietiker  |
+---+  +---+

-Ursprüngliche Nachricht-
Von: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Im Auftrag von MJ
Gesendet: Mittwoch, 28. Dezember 2005 15:55
An: amavis-user@lists.sourceforge.net
Betreff: RE: [AMaViS-user] Allowing exe files in zip format

Hi,

Got it. I uncommented the following line in /etc/amavisd.conf and it
solved my problem.

[ qr'^\.(zip|rar|arc|arj|zoo)$'= 0 ],  # allow any within such archives

Thanks,

MJ







---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log
files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/



---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_idv37alloc_id865op=click
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

RE: [AMaViS-user] Allowing exe files in zip format

[MJ]

This one would interest me too ...
Which var did you passed this option? May you pass the paragraph here?

In my debian amavisd.conf is no such uncommentable line.

I am using amavisd-new.2.3.2 and by default it has commented line under
$banned_filename_re  paragraph, I just uncommented. Here is the
paragraph
MJ
--
$banned_filename_re = new_RE(
# qr'^UNDECIPHERABLE$',  # is or contains any undecipherable components

  # block certain double extensions anywhere in the base name
 
qr'\.[^./]*[A-Za-z][^./]*\.(exe|vbs|pif|scr|bat|cmd|com|cpl|dll)\.?$'i,

# qr'\{[0-9a-z]{4,}(-[0-9a-z]{4,}){0,7}\}?'i,  # Class ID extensions -
CLSID

  qr'^application/x-msdownload$'i,  # block these MIME
types
  qr'^application/x-msdos-program$'i,
  qr'^application/hta$'i,

# qr'^message/partial$'i, # rfc2046 MIME type
# qr'^message/external-body$'i,   # rfc2046 MIME type

# [ qr'^\.(Z|gz|bz2)$'   = 0 ],  # allow any in Unix-compressed
  [ qr'^\.(rpm|cpio|tar)$'   = 0 ],  # allow any in Unix-type
archives
  [ qr'^\.(zip|rar|arc|arj|zoo)$'= 0 ],  # allow any within such
archives

  qr'.\.(exe|vbs|pif|scr|bat|cmd|com|cpl)$'i, # banned extension - basic
#
qr'.\.(ade|adp|app|bas|bat|chm|cmd|com|cpl|crt|emf|exe|fxp|grp|hlp|hta|
#inf|ins|isp|js|jse|lnk|mda|mdb|mde|mdw|mdt|mdz|msc|msi|msp|mst|
#ops|pcd|pif|prg|reg|scr|sct|shb|shs|vb|vbe|vbs|
#wmf|wsc|wsf|wsh)$'ix,  # banned ext - long

# qr'.\.(mim|b64|bhx|hqx|xxe|uu|uue)$'i,  # banned extension - WinZip
vulnerab.

  qr'^\.(exe-ms)$',   # banned file(1) types
# qr'^\.(exe|lha|tnef|cab|dll)$', # banned file(1) types
);

--




---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

Re: [AMaViS-user] Amavis Spam Modul kill Connection of postfix

[Mark Martinec]

Michael,

 This is the amavis log file. I don't find the problem.
 https://mail.lug-wt.de/amavis.log

It doesn't tell much, except that you only have one virus
scanner and even that one is listed in a secondary (backup) list.
That by itself is not a problem, although eventually you would
probably want to install and enable clamd or some other daemonized
virus scanner.

Increase the $log_level (to 5) or run: amavisd debug
and watch the log until the problem with spam scanning occurs.
If the problem is within SA, running  # amavisd debug-sa
could also be useful.

  Mark


---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

Re: [AMaViS-user] Multiple recipient question with postfix

[Gary V]

RHutton wrote:

 It has been a long time since I have worked with Amavis, but there 
 used to be some pretty severe limitations on applying per recipient 
 policies (eg. one recipient dropping, while another recipient quarantines, 
 while another tags and passes) if the email was passed directly from 
 postfix without having the destination expansion done first.  Is this 
 still an issue?

 Thanks,
 Rob

 Rob Hutton
 DataScan Technologies

This Postfix thread is related.
http://marc.theaimsgroup.com/?l=postfix-usersm=113488134818192w=2


Gary V



---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

Re: [AMaViS-user] How to automatically report SPAM to spamcop

[Mark Martinec]

MJ,

 I am running postfix 2.2.4 on Solaris 8 with amavisd-new.2.3.2,
 SpamAssassin 3.1.0 and Clamav 0.8.7.1 as an AV/AS gateway to my main
 email system. Since we are any ISP and we received thousands of SPAM
 messages I want to report these messages to spamcop. I have gone through
 the faq's on spamcop site and some docs on spamassassin site but still I
 didn't get a clear idea how to configure this. Can any one guide me on
 this.

A command 'spamassassin --report' can learn/report spam to
dcc, pyzor, razor, spamcop and to local bayes. A different question
is how to let your users submit such mail, and solutions in this area
are highly site-specific.  

 Second question is that am using postfix to check the rbls, is it OK or
 I need to check this in amavisd?

It is generally better to move all/most RBL checks from MTA to SA (local.cf).

A default SA installation is already doing many RBL and URIBL checks,
so it is likely you already have them in SA. The RBL checks done by MTA
have an advantage they can reject mail before it is received, but it
has a huge disadvantage that a false-positive (too eager RBL) can
block a valid mail far too easily. Combining RBL checks with other
SA tests makes false positives and broken/malicious RBLs less distructive.

  Mark



---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

Re: [AMaViS-user] Allowing exe files in zip format

[Clifton Royston]

On Wed, Dec 28, 2005 at 05:10:06PM +0100, Miro Dietiker, MD Systems wrote:
 I am using amavisd-new.2.3.2 and by default it has commented line under
 $banned_filename_re  paragraph, I just uncommented. Here is the
 paragraph
 MJ
 
 Huh ... i tried to resolve my exact version but amavisd-new supports no
 -V and my debian says no such version string, just Version:
 20030616p10-5

  You have quite an old version of amavisd-new (over 2 years out of
date, as the version indicates.) It will work OK, but you might
consider upgrading.  The version you run is missing many newer
features, and an upgrade might be required to use newest versions of
SpamAssassin; I forget.

  -- Clifton

-- 
Clifton Royston  --  [EMAIL PROTECTED] / [EMAIL PROTECTED]
   President  - I and I Computing * http://www.iandicomputing.com/
 Custom programming, network design, systems and network consulting services


---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

Re: [AMaViS-user] RE: How to clean /var/spool/amavis directory automatically

[Gary V]

lkolchin wrote:

 Hi,

 I've run (find /var/spool/amavis -type d -name 'amavis-*' -prune -mmin +30 
 -exec rm -rf {} \;
 Restarted amavisd-new, clamAV and postfix, and it seems to work OK now,
 But I want to avoid this in the future and find the cause of that bug.

 These are the versions installed on my server:
 amavisd-new-20030616p9-3.6Tue Sep  6 16:46:59 2005
 spamassassin-2.64-3.2 Tue Sep  6 16:46:51 2005
 perl-spamassassin-2.64-3.2Tue Sep  6 16:46:30 2005

 As far as I can see I've started to get status=deferred messages at Dec 22 
 04:24:01 and this message repeated every 16 min.
 not only for [EMAIL PROTECTED] user but also for other users:
 -

 Dec 22 04:24:01 mail postfix/pipe[24644]: 054301BB9B: to=[EMAIL PROTECTED], 
 relay=cyrus, delay=231660, status=defer
 red (temporary failure)
 Dec 22 04:24:01 mail postfix/pipe[24641]: 49FB41F5F9: to=[EMAIL PROTECTED], 
 relay=cyrus, delay=142821, status=defer
 red (temporary failure)
 Dec 22 04:24:01 mail postfix/pipe[24644]: 9D4321F5CA: to=[EMAIL PROTECTED], 
 relay=cyrus, delay=230213, status=defer
 red (temporary failure)

The above appears to be a problem with cyrus (or the user's mailbox? Dunno).

 Dec 22 04:24:31 mail postfix/smtp[24635]: connect to 24.on.cc[66.246.195.41]: 
 Connection timed out (port 25)
 Dec 22 04:24:31 mail postfix/smtp[24635]: 2DD121F5CB: to=[EMAIL PROTECTED], 
 relay=none, delay=202768, status=deferred (connect t
 o 24.on.cc[66.246.195.41]: Connection timed out)
 Dec 22 04:24:31 mail postfix/smtp[24637]: connect to 
 linux.uovs.ac.za[196.21.181.2]: Connection timed out (port 25)
 Dec 22 04:24:31 mail postfix/smtp[24639]: connect to 24.on.cc[66.246.195.41]: 
 Connection timed out (port 25)
 Dec 22 04:24:31 mail postfix/smtp[24640]: connect to 
 linux.uovs.ac.za[196.21.181.2]: Connection timed out (port 25)
 Dec 22 04:24:31 mail postfix/smtp[24637]: 801141F5E5: to=[EMAIL PROTECTED], 
 relay=none, delay=202450, status=deferred (
 connect to linux.uovs.ac.za[196.21.181.2]: Connection timed out)
 Dec 22 04:24:31 mail postfix/smtp[24639]: 8F64F1C4EE: to=[EMAIL PROTECTED], 
 relay=none, delay=202451, status=deferred (connect t
 o 24.on.cc[66.246.195.41]: Connection timed out)
 Dec 22 04:24:31 mail postfix/smtp[24640]: E771C1B44E: to=[EMAIL PROTECTED], 
 relay=none, delay=202770, status=deferred (
 connect to linux.uovs.ac.za[196.21.181.2]: Connection timed out)
 ---

The above appear to be normal undeliverable DSNs, not a problem.

 It seems that some users got this message and some got their mail as they 
 should.

What message are you referring to?

 I see TROUBLE message on Dec 25 22:45:48 (See below):
 
 Dec 25 22:45:48 mail amavis[27727]: (27727-04) TROUBLE in check_mail: 
 decoding2-get-file-types FAILED: timed out
 Dec 25 22:45:48 mail amavis[27727]: (27727-04) PRESERVING EVIDENCE in 
 /var/spool/amavis/amavis-20051225T222829-27727
 Dec 25 22:45:48 mail amavis[27727]: (27727-04) TIMING [total 627447 ms] - 
 SMTP EHLO: 1 (0%), SMTP pre-MAIL: 0 (0%), SMTP pre-
 DATA-flush: 3 (0%), SMTP DATA: 46 (0%), body hash: 1 (0%), mime_decode: 31 
 (0%), rundown: 627363 (100%)

This is where the amavisd-new problem is. Don't know what the cause
is. What does 'postconf message_size_limit' say? Maybe you should show
the output of 'amavisd debug' so we can see what versions of external
programs you are using. Maybe it would be of some use to see the
entire set of amavisd log entries for this particular message.

grep '27727-04' /var/log/maillog (for example)

It may be of use to also look at the preserved evidence:
/var/spool/amavis/amavis-20051225T222829-27727/email.txt
to see if it tells any stories.

 Dec 25 22:45:49 mail postfix/smtpd[28010]: too many errors after RCPT from 
 bzq-224-205.red.bezeqint.net[212.179.224.205]
 Dec 25 22:45:49 mail postfix/smtpd[28010]: disconnect from 
 bzq-224-205.red.bezeqint.net[212.179.224.205]
 Dec 25 22:45:50 mail postfix/smtpd[28010]: connect from 
 mr1.haifa.ac.il[132.74.1.39]

The above log entries are unrelated to any of this, and are normal.

 Any thoughts/suggestions?

 Regards,
 Leon

Gary V



---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

Re: [AMaViS-user] Multiple recipient question with postfix

[RHutton]

Does amavis support the lmtp per user responses now?  It did not use to. I 
am using 2.2 with Maia. 

Thanks,
Rob

Rob Hutton
DataScan Technologies



Gary V [EMAIL PROTECTED] 
Sent by: [EMAIL PROTECTED]
12/28/2005 11:15 AM

To
amavis-user@lists.sourceforge.net
cc

Subject
Re: [AMaViS-user] Multiple recipient question with postfix






RHutton wrote:

 It has been a long time since I have worked with Amavis, but 
there 
 used to be some pretty severe limitations on applying per recipient 
 policies (eg. one recipient dropping, while another recipient 
quarantines, 
 while another tags and passes) if the email was passed directly from 
 postfix without having the destination expansion done first.  Is this 
 still an issue?

 Thanks,
 Rob

 Rob Hutton
 DataScan Technologies

This Postfix thread is related.
http://marc.theaimsgroup.com/?l=postfix-usersm=113488134818192w=2


Gary V



---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log 
files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/





---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

Re: [AMaViS-user] Problem with Amavisd-new forking children endlessly

[Mike Wesner]

Mark Martinec wrote:


Mike,

 


In Gregory's case it was a systemwide ldap problem, discovered by strace:
| I ran the strace -f and it looks like some sort of ldap (!?) problem
| now. It segfaults right after trying to load .ldaprc from the
| /var/amavis directory. Nothing mentioning ldap in my amavisd.conf file,
| however LDAP is used for other things on the system.
 


What steps should I take to try to fix this.
   



First you need to find out what is wrong.

 


I updated/re-installed perl and its modules and openldap works
just fine.  How do I use the strace -f?
   



man strace

for example:
 # su vscan
 $ strace -f -t -o 0.log amavisd debug

strace can also attach to an already running process,
using option -p

 


Is anyone else using Fedora Core 4?
If so, did amavis work out of the box?
   



Don't know. I'd say that for most people it would work
out of the box, otherwise we would see more complaints
on the mailing list.

 Mark


 



I think my perl install is just messed up.  I am not sure how. All I 
have done is follow the INSTALL file that came with amavis.  I do know 
that amavisd-new works fine with fedora core 4 because I tried it on one 
of my other FC4 machines and it runs fine.  very odd.






---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

Re: [AMaViS-user] Multiple recipient question with postfix

[RHutton]

The problem used to be twofold.

1) There was no way of specifying system maximums.  Eg. drop anything with 
a spam score higher then 30, or quarentine all virus emails.  The user 
could always override the maximums.

2) If an email was sent to three recipients, and one of them passed it, 
then all recipients would get it because amavis did not modify the 
envelope.

Thanks,
Rob

Rob Hutton
DataScan Technologies



Gary V [EMAIL PROTECTED] 
Sent by: [EMAIL PROTECTED]
12/28/2005 01:16 PM

To
amavis-user@lists.sourceforge.net
cc

Subject
Re: [AMaViS-user] Multiple recipient question with postfix






RHutton wrote:

 Does amavis support the lmtp per user responses now?  It did not use to. 
I 
 am using 2.2 with Maia. 

 Thanks,
 Rob

 Rob Hutton
 DataScan Technologies

I'm not sure this answers your question, but read:
http://www.ijs.si/software/amavisd/README.postfix.txt
and look for:
ALTERNATIVE FOR POSTFIX OLDER THAN 2.2

Gary V



---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log 
files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/





---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

AW: [AMaViS-user] forwarding viruses to host

[Miro Dietiker, MD Systems]

Ups... subject mistake ...

I primarily talk of SPAM forwarding. Virus forwarding works with no
trouble, since the virus is being removed on source complaining server
.. so the notification to the collect server is unpolluted...

But that SPAM-Forwarding still is unclear..
(so replace all virus with spam to understand my question right
...sorry)

Isn't it possible (or what arguments against) to make a spam report
with original message attached as a file?
Or any other suggestion about configuring that central spam collector?

Thanks - Miro

+---+  +---+
| Miro Dietiker |  | MD Systems Miro Dietiker  |
+---+  +---+


-Ursprüngliche Nachricht-
Von: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Im Auftrag von Miro
Dietiker, MD Systems
Gesendet: Mittwoch, 28. Dezember 2005 13:36
An: amavis-user@lists.sourceforge.net
Betreff: [AMaViS-user] forwarding viruses to host

Hi!

I'm running two servers with amavisd-new under debian with postfix.

On Server A there is a spam collection account [EMAIL PROTECTED], where
all viruses have to be delivered to.
On host B all spam found should be delivered to Server A into the
spam.collect account.

If now Server A receives SPAM, I can see two messages in the
spam.collect box. The SPAM mail itself, and a report for each SPAM with
title SPAM FROM xxx

If Server B receives SPAM, I can see three messages since (I expect)
server B identifies spam, generates a SPAM FROM message to Server A,
forwards SPAM itself to Server A, where server A also identifies message
as SPAM again and produces a second report...
This second report always shows up as SPAM FROM (?) where the
exclamation mark is present.

What would be the right or common way to forward that Mails?
I already was thinking of using a transport from B to A, not being
handled via amavis but i don't want to switch off too much checks and
don't want to open unnecessary ports .

Any suggestions to this setup?

Thanks a lot

+---+  +---+
| Miro Dietiker |  | MD Systems Miro Dietiker  |
+---+  +---+




---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log
files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/



---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_idv37alloc_id865op=click
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

Re: [AMaViS-user] Multiple recipient question with postfix

[Gary V]

RHutton wrote:

 The problem used to be twofold.

 1) There was no way of specifying system maximums.  Eg. drop anything with 
 a spam score higher then 30, or quarentine all virus emails.  The user 
 could always override the maximums.

Well, the first match wins, so someone's setting will be used (someone
for example being: [EMAIL PROTECTED], @domain, @., static default), and
others that come after will not. In SQL I believe you can give the
'system' (domain or catchall) higher priority, but then the individual
would not have a further say for a particular setting. If a user does
not configure a given setting, then lower priority settings or defaults
will be used. I think to implement what you want may require two
separate installations of amavisd-new. The first would
(for example) quarantine then drop all viruses and drop anything over 30, then
forward it to the second copy where users could do what they wish. The cleanest
way may be to set up two separate servers. The downside would be the second
server could get very busy if a message had 100 local recipients as I believe it
would have to process all 100 of the separate messages. Amavisd-new
does cache results however so if it got 100 messages with the same body,
it wouldn't have to spam-check or virus check every copy.

 2) If an email was sent to three recipients, and one of them passed it, 
 then all recipients would get it because amavis did not modify the 
 envelope.

This does not reflect what I have experienced.

 Thanks,
 Rob

BTW, don't CC: [EMAIL PROTECTED]

Gary V



---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

Re: AW: [AMaViS-user] Allowing exe files in zip format

[Gary V]

MD wrote:

 Hmm ... i like mainstream packages where ever possible, but you're
 right, two years of outdating sounds a little obsolete..
 For next days this version will remain, but I'm thinking of upgrading
 to a more recent version.
 I also use sa from debian sarge (SA version 3.0.3 with perl 5.8.4, which
 works perfectly for me) or do you think this is outdated too that much?

Version 3.1 works slower on my system, but it seems to catch a little
more spam. If you upgrade to 3.1 you should consider moving Bayes to
MySQL (if you have not already done so and if you have enough memory).
Here is a document that may help there if this interests you:
http://www200.pair.com/mecham/spam/debian-spamassassin-sql.html

If you like, you can install spamassassin 3.1 from 'testing'
provided you have configured a testing source in /etc/apt/sources.list
and set priorities in /etc/apt/preferences.
http://jaqque.sbih.org/kplug/apt-pinning.html

 With my settings (no user defined big config tables), amavisd-new uses
 40MB and does a double-prefork (resulting in 120MB memory usage)..
 Is this also better with newer Versions - or even worse?
 Miro

A little worse for memory usage.
I have a document that may give you some ideas when you upgrade:
http://www200.pair.com/mecham/spam/upgrade-amavis.html

Here is my amavisd-new memory usage (version 2.3.3, spamassassin 3.1):
Mem:385624k total,   325060k used,60564k free,50268k buffers
Swap:  1951856k total, 2184k used,  1949672k free,   137956k cached

  PID USER  PR  NI  VIRT  RES  SHR S %CPU %MEMTIME+  COMMAND
19600 amavis 9   0 51300  50m  47m S  0.0 13.3   0:00.02 amavisd-new
19599 amavis 9   0 51296  50m  47m S  0.0 13.3   0:00.04 amavisd-new
19595 amavis 9   0 51204  49m  47m S  0.0 13.3   0:05.26 amavisd-new

Gary V



---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/