date:20070728

[AMaViS-user] Amavisd-new and TLS problem

2007-07-28 Thread Jordi Espasa Clofent

Hi all,

I'm setting up a CentOS box with the next mailserver combination:
Postfix+Amavisd-new+ClamAV+Spamassassin

An encrypted communications are a requisite, so I've  already configured 
IMAP+SSL (port 993) and SMTP+SSL (port 465).
The system works well if I've amavisd-new deactived:

Jul 28 13:16:58 mail postfix/smtpd[20202]: initializing the server-side 
TLS engine
Jul 28 13:16:58 mail postfix/smtpd[20202]: connect from 
221.Red-88-11-247.dynamicIP.rima-tde.net[88.11.247.221]
Jul 28 13:16:58 mail postfix/smtpd[20202]: setting up TLS connection 
from 221.Red-88-11-247.dynamicIP.rima-tde.net[88.11.247.
221]
Jul 28 13:16:58 mail postfix/smtpd[20202]: SSL_accept:before/accept 
initialization
Jul 28 13:16:58 mail postfix/smtpd[20202]: SSL_accept:error in SSLv2/v3 
read client hello A
Jul 28 13:16:58 mail postfix/smtpd[20202]: SSL_accept:error in SSLv3 
read client hello B
Jul 28 13:16:58 mail postfix/smtpd[20202]: SSL_accept:error in SSLv3 
read client hello B
Jul 28 13:16:58 mail postfix/smtpd[20202]: SSL_accept:SSLv3 read client 
hello B
Jul 28 13:16:58 mail postfix/smtpd[20202]: SSL_accept:SSLv3 write server 
hello A
Jul 28 13:16:58 mail postfix/smtpd[20202]: SSL_accept:SSLv3 write 
certificate A
Jul 28 13:16:58 mail postfix/smtpd[20202]: SSL_accept:SSLv3 write key 
exchange A
Jul 28 13:16:58 mail postfix/smtpd[20202]: SSL_accept:SSLv3 write server 
done A
Jul 28 13:16:58 mail postfix/smtpd[20202]: SSL_accept:SSLv3 flush data
Jul 28 13:16:58 mail postfix/smtpd[20202]: SSL_accept:error in SSLv3 
read client certificate A
Jul 28 13:16:58 mail postfix/smtpd[20202]: SSL_accept:error in SSLv3 
read client certificate A
Jul 28 13:16:58 mail postfix/smtpd[20202]: SSL_accept:SSLv3 read client 
key exchange A
Jul 28 13:16:58 mail postfix/smtpd[20202]: SSL_accept:error in SSLv3 
read certificate verify A
Jul 28 13:16:58 mail last message repeated 3 times
Jul 28 13:16:58 mail postfix/smtpd[20202]: SSL_accept:SSLv3 read finished A
Jul 28 13:16:58 mail postfix/smtpd[20202]: SSL_accept:SSLv3 write change 
cipher spec A
Jul 28 13:16:58 mail postfix/smtpd[20202]: SSL_accept:SSLv3 write finished A
Jul 28 13:16:58 mail postfix/smtpd[20202]: SSL_accept:SSLv3 flush data
Jul 28 13:16:58 mail postfix/smtpd[20202]: TLS connection established 
from 221.Red-88-11-247.dynamicIP.rima-tde.net[88.11.247
.221]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
Jul 28 13:16:58 mail dovecot: auth(default): client in: AUTH1 
PLAIN   service=smtpresp=hidden
Jul 28 13:16:58 mail dovecot: auth-worker(default): mysql: Connected to 
localhost (openvispadmin)
Jul 28 13:16:58 mail dovecot: auth-worker(default): 
sql([EMAIL PROTECTED]): query: SELECT password FROM mailbox WHERE
username = '[EMAIL PROTECTED]'
Jul 28 13:16:58 mail dovecot: auth(default): client out: OK 1 
[EMAIL PROTECTED]
Jul 28 13:16:58 mail postfix/smtpd[20202]: E5A01D50274: 
client=221.Red-88-11-247.dynamicIP.rima-tde.net[88.11.247.221], sasl_
method=PLAIN, [EMAIL PROTECTED]
Jul 28 13:16:59 mail postfix/cleanup[20211]: E5A01D50274: 
message-id=[EMAIL PROTECTED]
Jul 28 13:16:59 mail postfix/qmgr[20200]: E5A01D50274: 
from=[EMAIL PROTECTED], size=705, nrcpt=1 (queue active)
Jul 28 13:16:59 mail postfix/smtpd[20202]: disconnect from 
221.Red-88-11-247.dynamicIP.rima-tde.net[88.11.247.221]
Jul 28 13:17:03 mail postfix/smtp[20213]: E5A01D50274: 
to=[EMAIL PROTECTED], relay=gmail-smtp-in.l.google.com[66.249.91.27
]:25, delay=4.5, delays=0.4/0.01/0.72/3.4, dsn=2.0.0, status=sent (250 
2.0.0 OK 1185621423 c22si1389232ika)
Jul 28 13:17:03 mail postfix/qmgr[20200]: E5A01D50274: removed

But, If I active amavisd-new service:

Jul 28 13:19:17 mail postfix/smtpd[20280]: TLS connection established 
from 221.Red-88-11-247.dynamicIP.rima-tde.net[88.11.247
.221]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
Jul 28 13:19:17 mail dovecot: auth(default): client in: AUTH1 
PLAIN   service=smtpresp=hidden
Jul 28 13:19:17 mail dovecot: auth-worker(default): 
sql([EMAIL PROTECTED]): query: SELECT password FROM mailbox WHERE
username = '[EMAIL PROTECTED]'
Jul 28 13:19:17 mail dovecot: auth(default): client out: OK 1 
[EMAIL PROTECTED]
Jul 28 13:19:17 mail postfix/smtpd[20280]: DDF9FD50274: 
client=221.Red-88-11-247.dynamicIP.rima-tde.net[88.11.247.221], sasl_
method=PLAIN, [EMAIL PROTECTED]
Jul 28 13:19:18 mail postfix/cleanup[20286]: DDF9FD50274: 
message-id=[EMAIL PROTECTED]
Jul 28 13:19:18 mail postfix/qmgr[20200]: DDF9FD50274: 
from=[EMAIL PROTECTED], size=707, nrcpt=1 (queue active)
Jul 28 13:19:18 mail postfix/smtpd[20280]: disconnect from 
221.Red-88-11-247.dynamicIP.rima-tde.net[88.11.247.221]
Jul 28 13:19:18 mail postfix/smtpd[20291]: initializing the server-side 
TLS engine
Jul 28 13:19:18 mail postfix/smtpd[20291]: connect from tartarus[127.0.0.1]
Jul 28 13:19:18 mail amavis[20277]: (20277-01) Negative SMTP resp to 
DATA: 530 5.7.0 Must issue a STARTTLS command first
Jul 28 13:19:18 mail amavis[20277]: (20277-01) Negative SMTP resp. to 
QUIT: 530 5.7.0

Re: [AMaViS-user] Amavisd-new and TLS problem

2007-07-28 Thread Mark Martinec

Jordi,

 An encrypted communications are a requisite, so I've  already configured
 IMAP+SSL (port 993) and SMTP+SSL (port 465).
 The system works well if I've amavisd-new deactived:

 Jul 28 13:19:18 mail amavis[20277]: (20277-01) Negative SMTP resp to
 DATA: 530 5.7.0 Must issue a STARTTLS command first

 I've tried several options and I'm sure the problem is focused in
 amavisd-new, so the system works well (as you can se above) if I
 deactivate it.

amavisd-new does not support TLS.  If it is installed on the same
host as MTA, they are talking to each other over a loopback interface,
so there is no need for encryption of that within-a-host traffic.
Disable MTA requirement for TLS on its re-entry port 10025.

  Mark

-
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now   http://get.splunk.com/
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

Re: [AMaViS-user] How to manage spam scores?

2007-07-28 Thread mouss

Justin Kim wrote:
 Gary wrote:

 
 Justin wrote:
   
 Hello Everyone,
 I am using amavis with postfix+mysql setup.
 Amavis is scanning messages and is reinjecting messages to 
 
 postfix through
 
 smtp.
 I would like to know how can I manage spam scores so that 
 
 certain domain
 
 like yahoo.com is not getting high score.
 My user requested that there are false positive when it is sent from
 specific yahoo.com account.
 Please help!
 Justin
 
 One way would be to use @score_sender_maps. If you don't have
 this in amavisd.conf then look for it in amavisd.conf-sample
 under the heading:
   
 # ENVELOPE SENDER SOFT-WHITELISTING / SOFT-BLACKLISTING
   
 Look at both the per-recipient and site-wide examples and place
 your entries in the appropriate position(s).
   
 Another possibly method is to determine exactly what particular rule
 is causing the false positive and then zero out the score of that
 rule in local.cf.

 score SOME_YAHOO_RULE 0

 What version of SA?

 Gary V

 
 Thanks Gary,
 My SA version is 3.1.8 on redhat.
 Amavisd-new version 2.4.5
 I couldn't find the yahoo score on /usr/share/spamassassin/50_scores.cf

 Spam scores are:

 X-Spam-Flag: YES
 X-Spam-Score: 6.116
 X-Spam-Level: **
 X-Spam-Status: Yes, score=6.116 tagged_above=-999 required=5
  tests=[BIZ_TLD=1.169, DNS_FROM_RFC_ABUSE=0.479,
  DNS_FROM_RFC_POST=1.44, DNS_FROM_RFC_WHOIS=0.879, HTML_10_20=0.945,
  HTML_MESSAGE=0.001, MAILTO_TO_SPAM_ADDR=0.276,
  MSGID_FROM_MTA_ID=0.927]

 I do not know if I am on the right track to 0 out yahoo scores.
   

MSGID_FROM_MTA_ID is intriguing. are you sure the mail came from yahoo?

consider enabling Bayes and training on errors.

You can lower the scores of DNS_FROM_RFC_* just enough so that the score 
gets below 5. Or you can write meta rules to cancel these if the sending 
domain is yahoo and the like (maybe too much work though).

if you get enough legitimate mail related to .biz domains, you may 
consider lowering the score of BIZ_TLD.



-
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now   http://get.splunk.com/
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

Re: [AMaViS-user] Postfix + Amavisd-new + Amavisd-milter (Net::Server 'listen' default)

2007-07-28 Thread Mark Martinec

David Schweikert wrote:

 On Fri, Jul 27, 2007 at 17:52:58 +0200, Mark Martinec wrote:
  The problem is that even though I properly limited the number of
  amavisd connections in amavisd-milter, amavisd does have a listen
  backlog (queuing of connecting clients) of maximum 5 clients. That
  is, if I have configured to use at most 10 amavisd processes and by
  chance 6 amavisd-milter processes try to establish a connection
  simultaneously, it will fail.
 
  I don't see why it would be 5. The program flow goes like:
 
  amavisd leaves Net::Server's option 'listen' at a default.
 
  Net::Server.pm turns undef into 128:
$prop-{listen} = Socket::SOMAXCONN()
  unless defined($prop-{listen})  $prop-{listen} =~ /^\d{1,3}$/;

 Funnily enough, Socket::SOMAXCONN() returns 5 on Solaris, but I am
 pretty sure that it is not the real limit. It probably comes from
 SOMAXCONN in /usr/include/sys/socket.h, but I don't think that it is the
 real limit. I have:

 [EMAIL PROTECTED]:~$ ndd /dev/tcp tcp_conn_req_max_q
 1024

 Maybe Net::Server should be fixed instead? It probably would be even
 better to fix Socket::SOMAXCONN... I don't know if there is a faster way
 to find out the real SOMAXCONN than running ndd though. In the mean
 time, it would be nice however to have a $listen_queue_size option in
 Amavisd-new :-)

One catch there, which I'd call a Net::Server bug:

If one sets the $listen_queue_size to 1024 (as you say is a default on
Solaris), the Net::Server tests the value of a 'listen' option and sees
the number has more than three digits, and will silently give you the 
Socket::SOMAXCONN default, which is a 5 on Solaris!  Without a warning!

I think that Net::Server should:
- log a warning or call 'die' if the 'listen' option is invalid and
  is not a 0 or undef (or an empty string);
- allow values of up to 1024 at least;
- maybe even provide a more sensible default on Solaris, instead of
  a problematic Socket::SOMAXCONN;

I'm CCing this to Paul Seamons. I'd ask at least for a logged warning.
Btw, this thread is archived at: http://marc.info/?t=118553883800013r=1

  Mark

-
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now   http://get.splunk.com/
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

[AMaViS-user] Amavisd-new and TLS problem

Re: [AMaViS-user] Amavisd-new and TLS problem

Re: [AMaViS-user] How to manage spam scores?

Re: [AMaViS-user] Postfix + Amavisd-new + Amavisd-milter (Net::Server 'listen' default)

4 matches

Site Navigation

Mail list logo

Footer information