[AMaViS-user] RBL Monitoring.

2007-06-26 Thread Azfar Hashmi 
Is there any way to monitor my ips in RBLs.
-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

Re: [AMaViS-user] Faster purging of SQL logging database

2007-06-26 Thread Hanne Moa 
On 6/15/07, Mark Martinec [EMAIL PROTECTED] wrote:
 The README.sql-pg in amavisd-new distribution suggests
 the following SQL clauses to purge old records from a database:

 DELETE FROM msgs WHERE time_iso  now() - INTERVAL '3 weeks';

The script that does this on my amavis-setup had a convenient bug in
it so that it refused to run, leading to no deletion, leading to a
database larger than 4 gigabytes, leading to the above taking days. (I
only let it run for 48 hours though before I started looking for more
efficient methods.)

The problem is the foreign key constraints on msgrcpt.

I found a solution:
* put/have a proxy in front of the amavis-server to queue mail
* stop postfix+amavis on the amavis-server
* rename msgrcpt to msgrcpt_old (alter table...)
* record the grants and foreign key constraints somewhere, for
instance via  pg_dump(1)
* make a new msgrcpt that lacks all foreign key constraints
* make a temporary table of all new mail_id in msgs (flip the comparison)
* copy from msgrcpt_old all fields with new mail_ids (insert with
inner join with temp-table)
* drop msgrcpt_old (and suddenly the db was two gigs smaller...)
* THEN delete old msgs with the standard method
* add foreign keys to the new msgrcpt
* fix the grants
* turn on amavis and postfix

Voila, takes less than 30 minutes, including typing/pasting, on 3.4
million rows in msgs/4.2 million rows in msgrcpt which should be a
small enough delay for most uses.

Also, if on a 32-bit linux system, set SHMALL (sysctl(1)) to the
amount of memory on the server and SHMMAX to at least a gigabyte
provided you have more than a gig on the system.

 DELETE FROM msgs WHERE time_iso  now() - INTERVAL '1 h' AND content IS NULL;

This was only a few hundred messages so with an index on time_iso this
was quick.

 DELETE FROM maddr WHERE id IN (
   SELECT id FROM maddr LEFT JOIN (
 SELECT sid AS id, 1 AS f FROM msgs UNION ALL
 SELECT rid AS id, 1 AS f FROM msgrcpt
   ) AS u USING(id) WHERE u.f IS NULL);

 I'd be interested in your experience before I update
 the documentation.

DELETEs are expensive but SELECTs are quick. The cost (through EXPLAIN
query) of the above for my data (after getting rid of old messages)
was cost=1623113.61..1765429.58 rows=1664586 width=6.

So instead, I used temporary tables to get a list of maddr.ids to
delete, and the cost for the final delete was
cost=86070.32..177104.67 rows=1247620 width=6, an order of magnitude
less.

As it says in the postgres-docs, what is speedy for a small db might
not be speedy for a large one. It seems that for postgres, using
temporary tables can pay in a big way.


HM

-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

[AMaViS-user] False positive BANNED on message using charset GB2312

2007-06-26 Thread Daniel J McDonald 
I think this message is just spam, and not something nefarious, but
amavisd flagged it as BANNED due to an exe.  Can anyone tell if this
really was malware?


X-Envelope-To: [EMAIL PROTECTED]
X-Quarantine-ID: lGMnl3xEtzBg
X-Amavis-Alert: BANNED, message contains part: text/plain,.exe
X-Spam-Flag: YES
X-Spam-Score: 32.294
X-Spam-Level: 
X-Spam-Status: Yes, score=32.294 tag=-99 tag2=4.5 kill=6.31
tests=[BODY_8BITS=1.5, BOTNET_BADDNS=0.01, BOTNET_CLIENT=0.01,
BOTNET_CLIENTWORDS=0, BOTNET_IPINHOSTNAME=0, BOTNET_W=2,
CHARSET_FARAWAY=3.2, CHARSET_FARAWAY_HEADER=3.2,
DKIM_POLICY_SIGNSOME=0, L_P0F_UNKN=0.8, L_UNVERIFIED_YAHOO=2.5,
MIME_CHARSET_FARAWAY=2.45, RAZOR2_CF_RANGE_51_100=0.5,
RAZOR2_CF_RANGE_E4_51_100=1.5, RAZOR2_CHECK=0.5,
RCVD_IN_BL_SPAMCOP_NET=2.188, RCVD_IN_PBL=0.509,
RCVD_IN_SORBS_DUL=1.615, RCVD_IN_SORBS_WEB=1.117,
RCVD_IN_XBL=2.896,
RDNS_NONE=0.1, TVD_SPACE_RATIO=2.899,
UNWANTED_LANGUAGE_BODY=2.8]
X-Amavis-OS-Fingerprint: UNKNOWN [65535:49:1:52:M1440,N,W2,N,N,S:.:?:?],
(link: IPv6/IPIP)
Received: from sa.austinenergy.com ([127.0.0.1])
by localhost (sa.austinenergy.com [127.0.0.1]) (amavisd-new,
port 10025)
with LMTP id lGMnl3xEtzBg for [EMAIL PROTECTED];
Mon, 25 Jun 2007 22:36:18 -0500 (CDT)
X-Greylist: from auto-whitelisted by SQLgrey-1.7.5
Received: from yahoo.com.cn (unknown [121.35.200.235])
by sa.austinenergy.com (Postfix) with ESMTP id 00852BFF
for [EMAIL PROTECTED]; Mon, 25 Jun 2007 22:36:10 -0500
(CDT)
From: =?GB2312?B?ysC8zbmry74=?= [EMAIL PROTECTED]
Subject: =?GB2312?B?tPqh+r+qt6Kh+saxLw==?=
To: [EMAIL PROTECTED]
Content-Type: text/plain;charset=GB2312
Content-Transfer-Encoding: 8bit

The file command does evaluate the text as executable:
[EMAIL PROTECTED] ~]$ file foo2.txt
foo2.txt: COM executable for DOS

The content appears to be just text: a greeting, a paragraph, and an
email for more information:

[EMAIL PROTECTED] ~]$ cat -v foo2.txt
M-8M-:M-TM-pM-HM-K/;
M-NM-RM-KM-M-?M-IM-RM-TM-OM-rM-MM-bM-LM-aM-9M-)M-6M-`M-SM-`M-!
M-6M-!M-!M-KM-0~~M-FM-1M-!M-!M-!M-7M-M-_M-LM-eM-SM-PM-#M-:M-IM-LM-RM-5
M-!M-M-9M-$M-RM-5M-!M-M-=M-(M-VM-~M-0M-2M-WM-0M-!
M-M-FM-dM-KM-{M-7M-~M-NM-qM-!M-M-9M-cM-8M-fM-!M-M-WM-bM-AM-^ M-!
M-M-2M-MM-RM-{M-6M-(M-6M-n M-!M-
M-9M-zM-M-JM-:M-#M-TM-KM-!
M-M-9M-zM-DM-ZM-TM-KM-JM-dM-5M-HM-7M-~M-FM-1M-5M-HM-!
M-#M-FM-UM-MM-(M-KM-0~~M-FM-1M-OM-jM-OM-8M-KM-0M-BM-JM-?M-IM-8M-y
M-M-]M-5M-XM-GM-xM-!M-M-PM-PM-RM-5M-!M-M-FM-1M-6M-nM-4M-sM-PM-!
M-IM-LM-LM-8!


M-NM-RM-KM-M-SM-kM-HM-+M-9M-zM-8M-wM-5M-XM-GM-xM-8M-wM-PM-PM-RM-5M-5M-DM-9M-+M-KM-M-SM-PM-7M-[EMAIL
 PROTECTED]

M-AM-*M-OM-5M-5M-gM-;M-0: 13798217166   M-PM-mM-OM-HM-IM-z
M-5M-gM-WM-SM-SM-JM-OM-d: [EMAIL PROTECTED]  


[EMAIL PROTECTED] ~]$ hexdump foo2.txt
000 bab8 f0d4 cbc8 3b2f 200a 2020 ce20 cbd2
010 bfbe d2c9 cfd4 cdf2 cce2 b9e1 b6a9 d3e0
020 a1e0 a1b6 cba1 7eb0 c67e a1b1 a1a1 beb7
030 ccdf d3e5 a3d0 c9ba d2cc 0ab5 a2a1 a4b9
040 b5d2 a2a1 a8bd fed6 b2b0 b0d7 a2a1 e4c6
050 fbcb feb7 f1ce a2a1 e3b9 e6b8 a2a1 e2d7
060 dec1 a120 b2a2 d2cd b6fb b6a8 20ee a2a1
070 b90a bcfa baca d4a3 a1cb b9a2 c4fa d4da
080 cacb b5e4 b7c8 7ea2 b1c6 c8b5 a3a1 d5c6
090 a8cd b0cb 7e7e b1c6 eacf b8cf b0cb cac2
0a0 c9bf f9b8 be0a b5dd c7d8 a1f8 d0a2 d2d0
0b0 a1b5 c6a2 b6b1 b4ee d0f3 c9a1  21b8
0c0 0a0a 2020 ce20 cbd2 d3be c8eb b9ab b8fa
0d0 b5f7 c7d8 b8f8 d0f7 d2d0 b5b5 b9c4 cbab
0e0 d3be b7d0 c6a2 d2b1 ceb5 c0f1 cdb4 a1f9
0f0 0aa3 c10a cfaa b5b5 bbe7 3ab0 3120 3733
100 3839 3132 3137 3636 2020 d020 cfed c9c8
110 0afa e7b5 d3d7 cad3 e4cf 203a 7578 6168
120 6669 6e65 3667 3838 3140 3632 632e 6d6f
130 2020 000a  
133



-- 
Daniel J McDonald, CCIE # 2495, CISSP # 78281, CNX
Austin Energy
http://www.austinenergy.com

-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

[AMaViS-user] memory leak problem in version amavisd-new-2.4.3 (20060930)

2007-06-26 Thread Prashant Dabre 
Hi,

I am currently using amavisd-new-2.3.1. While upgrading to version 2.4.3 
, I started getting memory problem. I have not changed my old amavisd 
conf file which I am using with amavisd-new-2.3.1 .

I have also tried to increase the log level of amavis to 5 but not found 
any error in maillog.  Are there any memory related issues reported for 
this version amavisd-new-2.4.3 (20060930) ?

I am using Red Hat Enterprise Linux ES release 4 (Nahant). Following is 
the output of top command :
*
1. **Available **Memory  before upgrading amavis*
-
top - 02:26:41 up 6 days, 15:13,  4 users,  load average: 0.05, 0.16, 0.11
Tasks: 111 total,   1 running, 110 sleeping,   0 stopped,   0 zombie
Cpu(s):  0.2% us,  0.1% sy,  0.0% ni, 99.8% id,  0.0% wa,  0.0% hi,  0.0% si
Mem:   2075220k total,  1194740k used,   *880480k free*,45140k buffers
Swap:  1048568k total,64512k used,   984056k free,   403400k cached
-

*2. **Available** Memory after **upgrading amavis to 2.4.3 (after 3 hours)*
-
top - 05:38:55 up 6 days, 18:25,  4 users,  load average: 0.17, 0.05, 0.01
Tasks: 108 total,   1 running, 107 sleeping,   0 stopped,   0 zombie
Cpu(s):  0.8% us,  0.3% sy,  0.0% ni, 96.6% id,  2.1% wa,  0.1% hi,  0.1% si
Mem:   2075220k total,  1783916k used,   *291304k free*,49876k buffers
Swap:  1048568k total,64504k used,   984064k free,   862464k cached

  PID USER  PR  NI  VIRT  RES  SHR S %CPU %MEMTIME+  COMMAND
30679 amavis16   0 86492  74m 4948 S  0.0  3.7   0:16.58 amavisd
30682 amavis16   0 62076  51m 4948 S  3.0  2.5   0:16.00 amavisd
30685 amavis16   0 60760  49m 4944 S  0.0  2.5   0:07.40 amavisd
 3276 root  16   0  509m  48m  15m S  0.0  2.4  43:59.04 ns-slapd
30678 amavis16   0 54208  43m 4952 S  0.0  2.1   0:10.68 amavisd
30686 amavis16   0 52700  41m 4944 S  0.0  2.1   0:03.15 amavisd
30687 amavis16   0 52452  41m 4948 S  0.0  2.1   0:03.89 amavisd
30684 amavis16   0 52396  41m 4944 S  0.0  2.0   0:02.75 amavisd
30645 amavis16   0 50912  39m 4816 S  0.0  2.0   0:00.38 amavisd
30680 amavis16   0 50912  39m 4816 S  0.0  2.0   0:00.00 amavisd
30681 amavis16   0 50912  39m 4816 S  0.0  2.0   0:00.00 amavisd
30683 amavis16   0 50912  39m 4816 S  0.0  2.0   0:00.00 amavisd


Thanks,
Prashant Dabre





--
 The sender of this email subscribes to Perimeter eSecurity's email
 anti-virus service. This email has been scanned for malicious code and is
 believed to be virus free. For more information on email security please
 visit: http://www.perimeterusa.com/email-defense-content.html
 This communication is confidential, intended only for the named recipient(s)
 above and may contain trade secrets or other information that is exempt from
 disclosure under applicable law. Any use, dissemination, distribution or
 copying of this communication by anyone other than the named recipient(s) is
 strictly prohibited. If you have received this communication in error, please
 delete the email and immediately notify our Command Center at 203-541-3444.

 Thanks 
-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

Re: [AMaViS-user] RBL Monitoring.

2007-06-26 Thread Xueron Nee 
Hi Azfar Hashmi,

Here is a simple perl script to do this :)

#!/usr/bin/perl -w
use strict;
use Net::RBLClient;
die Usage: $0 file or ip.add.re.ss ...\n unless scalar(@ARGV);

my @target = ();
foreach my $ip_list (@ARGV) {
if ($ip_list =~ /$Net::RBLClient::ip_pat/o and not -f $ip_list) {
push @target, $ip_list;
} else {
die '$ip_list' is not an ip address or filename\n unless -f $ip_list;
open FD,  $ip_list or die cannot open file '$ip_list': $!\n;
while (FD) {
chomp;
next if /^#/;
if (/$Net::RBLClient::ip_pat/o) {
push @target, $;
}
}
close FD;
}
}

my @rblserver = qw(
bl.spamcop.net
zen.spamhaus.org
cbl.abuseat.org
dnsbl.njabl.org
dnsbl.sorbs.net
spam.dnsbl.sorbs.net
dynablock.njabl.org
list.dsbl.org
multihop.dsbl.org
relays.ordb.org
unconfirmed.dsbl.org
blackholes.mail-abuse.org
rbl.softworking.com
);

my $rblclient = Net::RBLClient-new(
lists   = [EMAIL PROTECTED],
query_txt   = 0,
server  = '127.0.0.1' # DNS server
);

# check
my $result = {};
foreach my $ip (@target) {
print checking $ip ...\n;
$rblclient-lookup($ip);
my %listed_hash = $rblclient-listed_hash();
if (scalar keys %listed_hash) {
foreach my $rbl (keys %listed_hash) {
print \t$rbl;
$result-{$rbl}-{$ip} = $listed_hash{$rbl};
$result-{$rbl}-{$ip} =~ s/^\s*|\s*$//g;
}
}
}

# build report
my $text = '';
foreach my $rbl (keys %$result) {
$text .= $rbl\n;
foreach my $ip (keys %{$result-{$rbl}}) {
#$text .= sprintf(%-28s %-20s %16s\n, $name, $ip, 
$result-{$rbl}-{$ip});
$text .= \t$ip\n;
}
$text .= \n;
}

... send the result to your email or save as html to view with browser ...


Azfar Hashmi wrote:
 Is there any way to monitor my ips in RBLs.
 -
 This SF.net email is sponsored by DB2 Express
 Download DB2 Express C - the FREE version of DB2 express and take
 control of your XML. No limits. Just data. Click to get it now.
 http://sourceforge.net/powerbar/db2/
 ___
 AMaViS-user mailing list
 AMaViS-user@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/amavis-user
 AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
 AMaViS-HowTos:http://www.amavis.org/howto/


-- 
Xueron Nee [EMAIL PROTECTED]


-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

Re: [AMaViS-user] False positive BANNED on message using charset GB2312

2007-06-26 Thread Noel Jones 
At 11:19 AM 6/26/2007, Daniel J McDonald wrote:
I think this message is just spam, and not something nefarious, but
amavisd flagged it as BANNED due to an exe.  Can anyone tell if this
really was malware?


X-Envelope-To: [EMAIL PROTECTED]
X-Quarantine-ID: lGMnl3xEtzBg
X-Amavis-Alert: BANNED, message contains part: text/plain,.exe
...
The file command does evaluate the text as executable:
[EMAIL PROTECTED] ~]$ file foo2.txt
foo2.txt: COM executable for DOS

*probably* just a false-positive of file(1) matching on the funny 
character set.

-- 
Noel Jones 


-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

Re: [AMaViS-user] memory leak problem in version amavisd-new-2.4.3 (20060930)

2007-06-26 Thread Mark Martinec 
Prashant Dabre,

 I am currently using amavisd-new-2.3.1. While upgrading to version 2.4.3

Why would one want to 'upgrade' to a nine months old version?

 I have not changed my old amavisd conf file which I am using
 with amavisd-new-2.3.1 . 

Ok.

 I started getting memory problem. I have also tried to increase
 the log level of amavis to 5 but not found any error in maillog.

 Are there any memory related issues reported for 
 this version amavisd-new-2.4.3 (20060930) ?

Not that I would know.

 I am using Red Hat Enterprise Linux ES release 4 (Nahant). Following is
 the output of top command :

This doesn't tell much. The output of ps would be more informative.

   PID USER  PR  NI  VIRT  RES  SHR S %CPU %MEMTIME+  COMMAND
 30679 amavis16   0 86492  74m 4948 S  0.0  3.7   0:16.58 amavisd

Ok, and what was the VIRT/RES/SHR with previous version?
50-90 MB of virtual memory per process looks pretty much normal.
Have you kept the number of child processes the same?

  Mark

-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

Re: [AMaViS-user] False positive BANNED on message using charset GB2312

2007-06-26 Thread Mark Martinec 
Daniel,

 I think this message is just spam, and not something nefarious, but
 amavisd flagged it as BANNED due to an exe.  Can anyone tell if this
 really was malware?

 The file command does evaluate the text as executable:
 [EMAIL PROTECTED] ~]$ file foo2.txt
 foo2.txt: COM executable for DOS

Noel Jones writes:
 *probably* just a false-positive of file(1) matching on the funny
 character set.

Indeed. A misclassification by file(1). Interestingly an older
version (4.12) of file(1) classifies it as 'ISO-8859 text',
which is fine.

The following patch to amavisd (or to amavisd.conf if you have
an assignment to $map_full_type_to_short_type_re there,
overriding the default), maps 'COM executable for DOS' to
'asc', which is a form of a plain text.

--- amavisd~Fri Jun 22 17:50:51 2007
+++ amavisd Tue Jun 26 20:31:58 2007
@@ -1038,2 +1038,3 @@
 [qr/\bexecutable for MS Windows\b/  = ['exe','exe-ms'] ],
+[qr/^COM executable for DOS\b/  = 'asc'],  # misclassified?
 [qr/^(MS-)?DOS executable\b(?!.*\(COM\))/   = ['exe','exe-ms'] ],


Mark

-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

Re: [AMaViS-user] Amavis/SA configured but not processing mail

2007-06-26 Thread Joshua J. Kugler 
On Monday 25 June 2007 19:31, Mike Cappella wrote:
  But I don't see any headers added to the messages.  I used
  http://wiki.apache.org/spamassassin/IntegratedInPostfixWithAma
  vis to help me with my setup.  Can someone point me to
  something I might be missing?
 Have you verified that spamassassin is actually being called for the mail
 in question?

That's what I'm trying to do.  In reply to another e-mail, I have these lines 
in my config file:

$X_HEADER_TAG = 'X-Virus-Scanned';
$X_HEADER_LINE = $myproduct_name $myversion_id ($myversion_date) at 
$mydomain;

I have looked through the config file, and I haven't found anything that 
enables spamassassin, so I don't really know if it is being called.  I guess 
my question is not so much about headers as how do I tell Amavis to pass the 
message through Spamassassin, because so far I haven't found the config 
switch to do so.

 amavis does not use spamd; you do not need to run it.  It loads the
 Mail::SpamAssassin modules upon startup.

Cool.

j

-- 
Joshua Kugler   
Lead System Admin -- Senior Programmer
http://www.eeinternet.com
PGP Key: http://pgp.mit.edu/  ID 0xDB26D7CE
PO Box 80086 -- Fairbanks, AK 99708 -- Ph: 907-456-5581 Fax: 907-456-3111

-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

Re: [AMaViS-user] RBL Monitoring.

2007-06-26 Thread mouss 
Xueron Nee wrote:
 Hi Azfar Hashmi,

 Here is a simple perl script to do this :)

 #!/usr/bin/perl -w
 [snip]
   

a less sofisticated shell version:

#!/bin/sh

ip_list=`grep -v ^# /path/to/ips`
rbl_zones=`grep -v ^# /path/to/rbls`

check_ip()
{
ip=$1
zone=$2

rev_ip=`echo $ip |  awk -F. '{print $4 . $3 . $2 . $1}'`
host $rev_ip.$zone | grep -m 1 has address
}


for ip in $ip_list; do
  for zone in $rbl_zones; do
check_ip $ip $zone
  done
done






-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

Re: [AMaViS-user] Amavis/SA configured but not processing mail

2007-06-26 Thread Gary V 
Gary wrote:
 The next question would be - are you sending mail to amavisd-new
 at all? What MTA are you using?

Also, don't test by sending mail from the local machine using sendmail
or similar. Send from an external client via SMTP.

Gary V



-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

Re: [AMaViS-user] Amavis/SA configured but not processing mail

2007-06-26 Thread Joshua J. Kugler 
On Tuesday 26 June 2007 14:29, Gary V wrote:
 Joshua wrote:
  Have you verified that spamassassin is actually being called for the
  mail in question?
 
  That's what I'm trying to do.  In reply to another e-mail, I have these
  lines in my config file:
 
  $X_HEADER_TAG = 'X-Virus-Scanned';
  $X_HEADER_LINE = $myproduct_name $myversion_id ($myversion_date) at
  $mydomain;
 
  I have looked through the config file, and I haven't found anything that
  enables spamassassin, so I don't really know if it is being called.  I
  guess my question is not so much about headers as how do I tell Amavis to
  pass the message through Spamassassin, because so far I haven't found the
  config switch to do so.

 Look for:
 # @bypass_virus_checks_maps = (1);  # uncomment to DISABLE anti-virus code
 # @bypass_spam_checks_maps  = (1);  # uncomment to DISABLE anti-spam code

 If you want to use SA, make sure you do NOT bypass spam_checks. In
 other words, @bypass_spam_checks* should be commented out. The next
 question would be - are you sending mail to amavisd-new at all? What
 MTA are you using?

Virus is un-commented, bypass_spam is commented (all occurrences I could 
find).  Here are the headers added to the mail once it hits the server 
(mail.example.com, to protect the innocent :) ).

Received: from localhost (localhost [127.0.0.1])
by mail.example.com (Postfix) with ESMTP id B554B17C06E
for [EMAIL PROTECTED]; Tue, 26 Jun 2007 12:31:39 -0800 (AKDT)
Received: from mail.example.com ([127.0.0.1])
by localhost (mail.example.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id 20201-01 for [EMAIL PROTECTED];
Tue, 26 Jun 2007 12:31:39 -0800 (AKDT)
Received: from anotherhost.net (anotherhost.net [ip.ad.dre.ss])
by mail.example.com (Postfix) with ESMTP id 794C417C06B
for [EMAIL PROTECTED]; Tue, 26 Jun 2007 12:31:39 -0800 (AKDT)

I'm using Postfix, and amavisd-new as a content filter.  Postfix passes it to 
Amavis, and then get's it back on port 10025.

I know it's something simple, but I'm not seeing it.

j

-- 
Joshua Kugler   
Lead System Admin -- Senior Programmer
http://www.eeinternet.com
PGP Key: http://pgp.mit.edu/  ID 0xDB26D7CE
PO Box 80086 -- Fairbanks, AK 99708 -- Ph: 907-456-5581 Fax: 907-456-3111

-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

Re: [AMaViS-user] Faster purging of SQL logging database

2007-06-26 Thread Mark Martinec 
HM,

 The problem is the foreign key constraints on msgrcpt.
 I found a solution:
...
 Voila, takes less than 30 minutes, including typing/pasting, on 3.4
 million rows in msgs/4.2 million rows in msgrcpt which should be a
 small enough delay for most uses.

Thanks, useful for purging majority of records.

Perhaps using old style deletion when ON DELETE CASCADE constraint
was not yet suggested could give similar results (README.sql-mysql):

--  (optional) just in case the ON DELETE CASCADE did not do its job, we may
--  explicitly delete orphaned records (with no corresponding msgs entry);
--  if ON DELETE CASCADE did work, there should be no deletions at this step
DELETE FROM quarantine
  WHERE NOT EXISTS (SELECT 1 FROM msgs WHERE mail_id=quarantine.mail_id);
DELETE FROM msgrcpt
  WHERE NOT EXISTS (SELECT 1 FROM msgs WHERE mail_id=msgrcpt.mail_id);


  DELETE FROM maddr WHERE id IN (
SELECT id FROM maddr LEFT JOIN (
  SELECT sid AS id, 1 AS f FROM msgs UNION ALL
  SELECT rid AS id, 1 AS f FROM msgrcpt
) AS u USING(id) WHERE u.f IS NULL);
 
  I'd be interested in your experience before I update
  the documentation.

 DELETEs are expensive but SELECTs are quick. The cost (through EXPLAIN
 query) of the above for my data (after getting rid of old messages)
 was cost=1623113.61..1765429.58 rows=1664586 width=6.

 So instead, I used temporary tables to get a list of maddr.ids to
 delete, and the cost for the final delete was
 cost=86070.32..177104.67 rows=1247620 width=6, an order of magnitude
 less.

 As it says in the postgres-docs, what is speedy for a small db might
 not be speedy for a large one. It seems that for postgres, using
 temporary tables can pay in a big way.

I don't know. Trying the CREATE TEMPORARY TABLE AS, followed by a DELETE
took about the same time as combining both in the same statement.
Building a table of maddr id-s to be purged took majority of time
(on frequent deletes where deletion does not remove lots of records):

CREATE TEMPORARY TABLE unused AS (
  SELECT id FROM maddr LEFT JOIN (
SELECT sid AS id, 1 AS f FROM msgs UNION ALL
SELECT rid AS id, 1 AS f FROM msgrcpt)
  AS u USING(id) WHERE u.f IS NULL);

DELETE FROM maddr WHERE id IN (SELECT * FROM unused);

Perhaps you had something else in mind?

Btw, both statements should probably be combined in a transaction
if amavisd is left running during purging.

  Mark



-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

Re: [AMaViS-user] Amavis/SA configured but not processing mail

2007-06-26 Thread Gary V 
Joshua wrote:

 Virus is un-commented, bypass_spam is commented (all occurrences I could 
 find).  Here are the headers added to the mail once it hits the server 
 (mail.example.com, to protect the innocent :) ).

 Received: from localhost (localhost [127.0.0.1])
 by mail.example.com (Postfix) with ESMTP id B554B17C06E
 for [EMAIL PROTECTED]; Tue, 26 Jun 2007 12:31:39 -0800 (AKDT)
 Received: from mail.example.com ([127.0.0.1])
 by localhost (mail.example.com [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 20201-01 for [EMAIL PROTECTED];
 Tue, 26 Jun 2007 12:31:39 -0800 (AKDT)
 Received: from anotherhost.net (anotherhost.net [ip.ad.dre.ss])
 by mail.example.com (Postfix) with ESMTP id 794C417C06B
 for [EMAIL PROTECTED]; Tue, 26 Jun 2007 12:31:39 -0800 (AKDT)

 I'm using Postfix, and amavisd-new as a content filter.  Postfix passes it to 
 Amavis, and then get's it back on port 10025.

 I know it's something simple, but I'm not seeing it.
 j

You won't see X-Virus-Scanned unless you are doing virus scans, but
that is another matter.

With $sa_tag_level_deflt  = -999; and
@local_domains_maps = ( [ .example.com ] );

and spam checks are not bypassed, it should work. Is there another
server downstream removing X-Spam headers? At this point you probably
are going to have to raise $log_level to 5 long enough for a message
to go through. Alternately, you can send yourself a message with your
sender address in @debug_sender_maps:

# If sender matches ACL, turn debugging fully up, just for this one message
@debug_sender_maps = ( ['[EMAIL PROTECTED]'] );

In your log look for something like:

Jun 26 20:07:19 sfa amavis[4225]: (04225-01) headers CLUSTERING: NEW CLUSTER 
[EMAIL PROTECTED]:
 score=-0.155, tag=1, tag2=0, local=1, bl=, s=, mangle=

I then get:
... header: X-Virus-Scanned: Debian amavisd-new at example.com\n
... header: X-Spam-Flag: NO\n
... header: X-Spam-Score: -0.155\n
... header: X-Spam-Level: \n
... header: X-Spam-Status: No, score=-0.155 required=8 
tests=[ALL_TRUSTED=-1.44,\n\tMISSING_SUBJECT=1.285]\n

(I mess with ALL_TRUSTED when testing)

maybe something like this to narrow it down:
grep header /var/log/maillog

Gary V


-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

Re: [AMaViS-user] Amavis/SA configured but not processing mail

2007-06-26 Thread Gary V 
Gary wrote:

 With $sa_tag_level_deflt  = -999; and
 @local_domains_maps = ( [ .example.com ] );

 and spam checks are not bypassed, it should work. Is there another
 server downstream removing X-Spam headers?

Are you using SQL or LDAP and the recipient's spam_tag_level is
observed instead of the static $sa_tag_level_deflt?

Gary V


-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/