Re: [AMaViS-user] penpals triggered on outbound, not inbound.

2007-09-07 Thread Nate 
At 05:29 PM 9/7/2007, Mark Martinec wrote:

> > Of additional note, when I add a little more debugging code to
> > amavisd in the penpals sections, it seems regardless if a domain is
> > local or not (or even in cases where @local_domain_maps is undefined
> > i find the following:
> >
> > lookup(0,$sender,@{ca('local_domains_maps')})  ALWAYS returns Y
> >
> > This is a result of having a wildcard (@.) entry in my mysql users
> > table which specifies @. as local.
>
>Which means that all mail is considered inbound or internal-to-internal.
>
> > By changing this to N in the database, it seems to have solved the
> > majority of my issue.
>
>Assuming you have all your domains listed in a SQL table 'users',
>this gives you what is needed.


I either have domain entries or individual user entries in the users 
table with local as Y.  All other users should fall into the wildcard 
@. category and not be scanned for spam or penpals.  I think this 
accomplishes it all and doesn't leave any holes of coverage.

- Nate


-
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

Re: [AMaViS-user] penpals triggered on outbound, not inbound.

2007-09-07 Thread Mark Martinec 
Nate,

> Of additional note, when I add a little more debugging code to
> amavisd in the penpals sections, it seems regardless if a domain is
> local or not (or even in cases where @local_domain_maps is undefined
> i find the following:
>
> lookup(0,$sender,@{ca('local_domains_maps')})  ALWAYS returns Y
>
> This is a result of having a wildcard (@.) entry in my mysql users
> table which specifies @. as local.

Which means that all mail is considered inbound or internal-to-internal.

> By changing this to N in the database, it seems to have solved the
> majority of my issue.

Assuming you have all your domains listed in a SQL table 'users',
this gives you what is needed.

  Mark

-
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

Re: [AMaViS-user] penpals triggered on outbound, not inbound.

2007-09-07 Thread Mark Martinec 
Nate,

> In this setup, there are thousands of domains being scanned, and
> amavis as well as postfix utilize a mysql db to determine where
> to forward the email after it's scanned via a postfix transport
> table.  With this setup, I typically leave @mynetworks and
> @local_domains_maps undefined and the setup works great.

This does not allow amavisd to distinguish between incoming,
outgoing, and internal mail.  Depending on your intended use
of features, this may or may not be important.

> I am experimenting with penpals now and when I activate it with my
> current config it seems to only log a penpals scan on one in every
> few thousand messages.  Even messages which the SQL statement should
> hit (and does hit if i run the SQL statement by hand) are ignored by
> amavis for penpals purposes.  I modified my @mynetworks and
> @local_domains_maps to have valid data for the local network and my
> test domain I'm working with.  The results of this caused all
> outbound email from anywhere in @mynetworks to get penpals attributes
> checked when the sql statement returned data;

Yes, this is normal. Inbound, and internal-to-internal mail
is checked for pen pals, matching it to a previous mail
originating from inside.

> however, no inbound email would ever produce penpals log entries.

Is not even checked, or just does not find a matching record in a database?

Turn up log level to 4 and grep the log for a string 'penpals:' .
(the more important of these log entries are at log level 2, one is
at level 3, the rest is at 4; log level 5 would also show SQL clauses
being executed).

> Of course my goal is for penpals to mark incoming emails, not outgoing.

Incoming and internal is supposed to be checked, outgoing not.

> Do these symtoms ring any familiar bells for anyone that might point
> out where i goofed?

- all recipients matching @local_domains_maps (except when sender is the
  same as recipient) should result in a penpals SQL query;

- for a query to match some previous mail in the opposite direction,
  that mail must have exactly matching sender and recipient address
  (swapped), or at least have a matching previous sender _and_
  and match on Message-ID. Make sure virtual_alias_maps and canonical
  (when used) is not causing mismatches.

- to save cycles, a ham message with low spam score which does not need
  pen pals help is not checked, and on the other extreme, an high
  scoring spam which would not have a chance of being saved
  even by a maximum pen pals contribution, is not checked either.
  To override these two optimization steps for test purposes, set:
$penpals_threshold_low = undef;
$penpals_threshold_high = undef;

- one additional condition: unauthenticated senders from outside (i.e.
  not having IP matching @mynetworks) _and_ using a local domain address
  do not receive a pen pals bonus. Make sure your @mynetworks is correct. 


Mark

-
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

Re: [AMaViS-user] penpals triggered on outbound, not inbound.

2007-09-07 Thread Nate 
Of additional note, when I add a little more debugging code to 
amavisd in the penpals sections, it seems regardless if a domain is 
local or not (or even in cases where @local_domain_maps is undefined 
i find the following:

lookup(0,$sender,@{ca('local_domains_maps')})  ALWAYS returns Y

This is a result of having a wildcard (@.) entry in my mysql users 
table which specifies @. as local.

By changing this to N in the database, it seems to have solved the 
majority of my issue.

- Nate

At 03:44 PM 9/7/2007, Nate wrote:
>I know this must be something I've overlooked as it just seem so
>silly that penpals would work in reverse order.
>
>All outbound email from my location sends through a SMTP server which
>forwards to the AMAVIS filtering server before leaving the
>network.  Inbound email comes into the AMAVIS server, and once
>reviewed by amavis is forwarded to the SMTP server for POP3/IMAP access.
>
>In this setup, there are thousands of domains being scanned, and
>amavis as well as postfix utilize a mysql db to determine where to
>forward the email after it's scanned via a postfix transport
>table.  With this setup, I typically leave @mynetworks and
>@local_domains_maps undefined and the setup works great.
>
>I am experimenting with penpals now and when I activate it with my
>current config it seems to only log a penpals scan on one in every
>few thousand messages.  Even messages which the SQL statement should
>hit (and does hit if i run the SQL statement by hand) are ignored by
>amavis for penpals purposes.  I modified my @mynetworks and
>@local_domains_maps to have valid data for the local network and my
>test domain I'm working with.  The results of this caused all
>outbound email from anywhere in @mynetworks to get penpals attributes
>checked when the sql statement returned data; however, no inbound
>email would ever produce penpals log entries.
>
>Of course my goal is for penpals to mark incoming emails, not outgoing.
>
>Do these symtoms ring any familiar bells for anyone that might point
>out where i goofed?
>
>Thanks,
>
>- Nate
>
>
>-
>This SF.net email is sponsored by: Microsoft
>Defy all challenges. Microsoft(R) Visual Studio 2005.
>http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/
>___
>AMaViS-user mailing list
>AMaViS-user@lists.sourceforge.net
>https://lists.sourceforge.net/lists/listinfo/amavis-user
>AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
>AMaViS-HowTos:http://www.amavis.org/howto/


-
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

[AMaViS-user] penpals triggered on outbound, not inbound.

2007-09-07 Thread Nate 
I know this must be something I've overlooked as it just seem so 
silly that penpals would work in reverse order.

All outbound email from my location sends through a SMTP server which 
forwards to the AMAVIS filtering server before leaving the 
network.  Inbound email comes into the AMAVIS server, and once 
reviewed by amavis is forwarded to the SMTP server for POP3/IMAP access.

In this setup, there are thousands of domains being scanned, and 
amavis as well as postfix utilize a mysql db to determine where to 
forward the email after it's scanned via a postfix transport 
table.  With this setup, I typically leave @mynetworks and 
@local_domains_maps undefined and the setup works great.

I am experimenting with penpals now and when I activate it with my 
current config it seems to only log a penpals scan on one in every 
few thousand messages.  Even messages which the SQL statement should 
hit (and does hit if i run the SQL statement by hand) are ignored by 
amavis for penpals purposes.  I modified my @mynetworks and 
@local_domains_maps to have valid data for the local network and my 
test domain I'm working with.  The results of this caused all 
outbound email from anywhere in @mynetworks to get penpals attributes 
checked when the sql statement returned data; however, no inbound 
email would ever produce penpals log entries.

Of course my goal is for penpals to mark incoming emails, not outgoing.

Do these symtoms ring any familiar bells for anyone that might point 
out where i goofed?

Thanks,

- Nate


-
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

Re: [AMaViS-user] skip amavis for relay_domains

2007-09-07 Thread Gary V 
On 9/7/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
> Hi guys,
>
> I just setup a Postfix + Amavis server a while back (after finally
> getting away from a Qmail installation I really didn't like).
>
> I'm using virtual domains, and a few other fancy features (like database
> storage of those virtual domain mailboxes), and for the most part I like
> the install.
>
> One small issue that's been bugging me is this:
>
> I relay email for one other domain (I'm that one's backup MX and vice
> versa), but it appears that my amavis install is scanning every email
> that comes in for them before forwarding it to their domain.
>
> That step is completely unnecessary (and possibly harmful due to
> whitelists, etc.) since that domain does it's own filtering.  There are
> also of course the issues of somewhat reduced performance on my side.
>
> All that I want Postfix and/or Amavis to do is immediately forward email
> for this backup MX domain to that domain.
>
> If searched around through several documents with very little success.
> I have already implemented an approach to stop scanning of locally
> generated email (defined by SASL authenticated users).  Would doing the
> same thing for relay_domains be done similarly?
>
> I'm sure I've missed something fairly simple as I'm sure anyone who
> relays email as a backup MX would want the same behavior.
>
> transport_maps wouldn't have anything to do with this, would it?
>

There are a couple ways to do this.
This is one where you configure amavisd-new to bypass recipients:
http://www200.pair.com/mecham/spam/bypassing.html#9

If you have another IP address available:
http://www200.pair.com/mecham/spam/bypassing.html#3

You may be tempted to use a check_recipient_access map to work around
amavisd-new (by setting a transport override that reinjects the
message back to the reinjection port):

smtpd_recipient_restrictions =
  check_recipient_access hash:/etc/postfix/amavis_bypass
  <...>

/etc/postfix/amavis_bypass:
domain.tld FILTER smtp:[127.0.0.1]:10025

But:
"It may be worth mentioning that in Postfix, content_filter and FILTER
are mechanisms used to override a given message's transport. All
recipients of the message are affected. It is not acceptable to use
the FILTER mechanism in a check_recipient_access map to attempt to
override the transport for a particular recipient when there is a
possibility a message for that recipient may also be addressed to
other recipients. The result would be all of those recipients are
filtered, whether they are listed in the map or not."

-- 
Gary V

-
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

Re: [AMaViS-user] rbl in SA or in MTA, which is better

2007-09-07 Thread Clifton Royston 
On Fri, Sep 07, 2007 at 01:07:30PM -0600, Miguel wrote:
> I mean, both can do the same tests, where is the best place to do that?
> regards

  Either or both, depending.

  You may see a significant reduction in the load on your mailserver if
you check high-reliability BLs like the CBL or the Spamhaus XBL (which
includes the CBL) in the MTA, and then check a broader range of BLs in
SA under amavisd.  But it really depends on your situation and your
userbase.

  -- Clifton

-- 
Clifton Royston  --  [EMAIL PROTECTED] / [EMAIL PROTECTED]
   President  - I and I Computing * http://www.iandicomputing.com/
 Custom programming, network design, systems and network consulting services

-
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

Re: [AMaViS-user] rbl in SA or in MTA, which is better

2007-09-07 Thread mouss 
Miguel wrote:
> I mean, both can do the same tests, where is the best place to do that?
> regards

do both:

- use few "safe" DNSBLs (zen.spamhaus.org for example) in the MTA to 
reject transaction without having to process data or queue the message

- use whatever DNSBLs you want in SA.

- you can combine "moderately safe" DNSBLs in something like 
policyd-weight, to get scoring at SMTP time.



-
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >>  http://get.splunk.com/
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

[AMaViS-user] skip amavis for relay_domains

2007-09-07 Thread list-amavis-user 
Hi guys,

I just setup a Postfix + Amavis server a while back (after finally 
getting away from a Qmail installation I really didn't like).

I'm using virtual domains, and a few other fancy features (like database 
storage of those virtual domain mailboxes), and for the most part I like 
the install.

One small issue that's been bugging me is this:

I relay email for one other domain (I'm that one's backup MX and vice 
versa), but it appears that my amavis install is scanning every email 
that comes in for them before forwarding it to their domain.

That step is completely unnecessary (and possibly harmful due to 
whitelists, etc.) since that domain does it's own filtering.  There are 
also of course the issues of somewhat reduced performance on my side.

All that I want Postfix and/or Amavis to do is immediately forward email 
for this backup MX domain to that domain.

If searched around through several documents with very little success. 
I have already implemented an approach to stop scanning of locally 
generated email (defined by SASL authenticated users).  Would doing the 
same thing for relay_domains be done similarly?

I'm sure I've missed something fairly simple as I'm sure anyone who 
relays email as a backup MX would want the same behavior.

transport_maps wouldn't have anything to do with this, would it?

-
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >>  http://get.splunk.com/
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

Re: [AMaViS-user] rbl in SA or in MTA, which is better

2007-09-07 Thread Dave McGuire 
On Sep 7, 2007, at 3:15 PM, Alexander Wirt wrote:
>> I mean, both can do the same tests, where is the best place to do  
>> that?
>> regards
> If you don't have the option to merge the results of several rbls  
> together,
> don't use them at smtp time. RBLs make errors, several freemailer, big
> providers and others got regulary on several blacklist.  
> Additionally you
> don't want to give control over your E-Mail traffic into *one* hand.
>
> SA ist the best choice you have under most circumstances. There the  
> result of
> the RBL is "part" of the score and not a ultimativly decision.

   I have to agree here, but on my systems at least, having the MTA  
do it ahead of amavis means much less traffic going through the  
lumbering pig that is SpamAssassin.  I'd love to have the RBL stuff  
folded into the main scoring system but I'd need three times the  
hardware for all that slow-ass Perl code. :-(

-Dave

-- 
Dave McGuire
Port Charlotte, FL
Farewell Ophelia, 9/22/1991 - 7/25/2007




-
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >>  http://get.splunk.com/
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

Re: [AMaViS-user] rbl in SA or in MTA, which is better

2007-09-07 Thread Miguel 
Alexander Wirt escribió:
> Miguel schrieb am Freitag, den 07. September 2007:
>
>   
>> I mean, both can do the same tests, where is the best place to do that?
>> regards
>> 
> If you don't have the option to merge the results of several rbls together,
> don't use them at smtp time. RBLs make errors, several freemailer, big
> providers and others got regulary on several blacklist. Additionally you
> don't want to give control over your E-Mail traffic into *one* hand. 
>
> SA ist the best choice you have under most circumstances. There the result of
> the RBL is "part" of the score and not a ultimativly decision. 
>
> Hope that helps
>
> Alex
>   
OK, totally clear,
thanks

>
>   


-
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >>  http://get.splunk.com/
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

Re: [AMaViS-user] rbl in SA or in MTA, which is better

2007-09-07 Thread Alexander Wirt 
Miguel schrieb am Freitag, den 07. September 2007:

> I mean, both can do the same tests, where is the best place to do that?
> regards
If you don't have the option to merge the results of several rbls together,
don't use them at smtp time. RBLs make errors, several freemailer, big
providers and others got regulary on several blacklist. Additionally you
don't want to give control over your E-Mail traffic into *one* hand. 

SA ist the best choice you have under most circumstances. There the result of
the RBL is "part" of the score and not a ultimativly decision. 

Hope that helps

Alex


-
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >>  http://get.splunk.com/
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

Re: [AMaViS-user] rbl in SA or in MTA, which is better

2007-09-07 Thread Martin Svensson 

Unless you want to block emails solely based on the RBL response, do it in SA. 
Then the response will add to the total score, which is the preferred way 
(AFAIK).

//Martin

On Friday 07 September 2007 21:07:30 Miguel wrote:
> I mean, both can do the same tests, where is the best place to do that?
> regards
>

-
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >>  http://get.splunk.com/
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

[AMaViS-user] rbl in SA or in MTA, which is better

2007-09-07 Thread Miguel 
I mean, both can do the same tests, where is the best place to do that?
regards

-
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >>  http://get.splunk.com/
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

Re: [AMaViS-user] error uvupdate

2007-09-07 Thread MrC 
Markus Edholm wrote:
> Hi All,
> 
> I´m having some errors for uvupdate
> sometimes my hourly update works nice but occasionally i got this:
> 
> Virus Scan for Linux v4.16.0
> Copyright (c) 1992-2004 Networks Associates Technology Inc. All rights
> reserved.
> (408) 988-3832  LICENSED COPY - Nov 13 2001
> 
> Scan engine v5.2.00 for Linux.
> Virus data file v4100 created Sep 07 2007
> Scanning for 318845 viruses, trojans and variants.
> 
> /bin/tar: This does not look like a tar archive
> /bin/tar: Skipping to next header

I use my own download script that I wrote a while ago, so I'm not sure 
what the uvupdate script is doing.

Try re-downloading the file manually using ftp and comparing your 
versions.  You might also enable some debug on your uvupdate script to 
record what is actually being downloaded.

I notice your uvscan version is several years old. I believe the 4.x 
series is no longer supported.  I notice dat file version is 4100.  This 
is ancient.

   Virus data file v5114 created Sep 06 2007
   Scanning for 317556 viruses, trojans and variants.

I've update since then from 5.1 and to 5.2, as part of the annual 
"maintenance" fee.  However, both the 5.x releases offer nothing by 
marketing nonsense in their NEW FEATURES section of the release notes. 
In fact, the NEW FEATURES section in both contain the exact same text:

NEW FEATURES:

-   More protection : Automatic identification and
 removal of viruses delivering the next generation
 of best-of-breed anti-virus scanning engines.
 It offers improved protection against existing,
 new and potential threats and increases the depth
 and breadth of the protection we provide.

-   It's faster than before : We've listened to our
 customers who asked for a faster Engine and it
 delivers superior performance to current McAfee
 Anti-Virus products on all supported platforms.

-   Support for many more packed-executable formats
 in which known malware is often re-packaged
 for obfuscation purposes.

MrC


> /bin/tar: Error exit delayed from previous errors
> /bin/tar: This does not look like a tar archive
> /bin/tar: Skipping to next header
> /bin/tar: Error exit delayed from previous errors
> /bin/tar: This does not look like a tar archive
> /bin/tar: Skipping to next header
> /bin/tar: Error exit delayed from previous errors
> /bin/tar: This does not look like a tar archive
> /bin/tar: Skipping to next header
> /bin/tar: Error exit delayed from previous errors
> /bin/tar: This does not look like a tar archive
> /bin/tar: Skipping to next header
> /bin/tar: Error exit delayed from previous errors
> /bin/tar: This does not look like a tar archive
> /bin/tar: Skipping to next header
> /bin/tar: Error exit delayed from previous errors
> Virus Scan for Linux v4.16.0
> Copyright (c) 1992-2004 Networks Associates Technology Inc. All rights
> reserved.
> (408) 988-3832  LICENSED COPY - Nov 13 2001
> 
> Scan engine v5.2.00 for Linux.
> Virus data file v4100 created Sep 07 2007
> Scanning for 318845 viruses, trojans and variants.
> 
> 
> 
> and sometimes this:
> 
> Virus Scan for Linux v4.16.0
> Copyright (c) 1992-2004 Networks Associates Technology Inc. All rights
> reserved.
> (408) 988-3832  LICENSED COPY - Nov 13 2001
> 
> Scan engine v5.2.00 for Linux.
> Virus data file v4100 created Sep 06 2007
> Scanning for 318831 viruses, trojans and variants.
> 
> /bin/tar: Unexpected EOF in archive
> /bin/tar: Error is not recoverable: exiting now
> /bin/tar: Unexpected EOF in archive
> /bin/tar: Error is not recoverable: exiting now
> /bin/tar: Unexpected EOF in archive
> /bin/tar: Unexpected EOF in archive
> /bin/tar: Error is not recoverable: exiting now
> Virus Scan for Linux v4.16.0
> Copyright (c) 1992-2004 Networks Associates Technology Inc. All rights
> reserved.
> (408) 988-3832  LICENSED COPY - Nov 13 2001
> Missing or invalid DAT:  /usr/local/uvscan/scan.dat
> Virus Scan for Linux v4.16.0
> Copyright (c) 1992-2004 Networks Associates Technology Inc. All rights
> reserved.
> (408) 988-3832  LICENSED COPY - Nov 13 2001
> 
> Scan engine v5.2.00 for Linux.
> Virus data file v4100 created Sep 06 2007
> Scanning for 318831 viruses, trojans and variants.

-
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >>  http://get.splunk.com/
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

Re: [AMaViS-user] ANNOUNCE: amavisd-milter-1.3.0

2007-09-07 Thread Mark Martinec 
Adam,

> I am still a little fuzzy on the policy banks implementation details
> myself.  Does anyone know if a client is from MYNETS and does SMTP_AUTH
> which one would amavisd use or would both apply if you have settings for
> both banks?  If they both apply then what order would they be processed
> to know which takes priority?

Both apply. Actually, all policy banks that qualify are loaded
one after another, overwriting any field with a new value if
that field is explicitly present in a later policy bank.

RELEASE_NOTES:

- extended AM.PDP protocol with an attribute 'policy_bank' which may be used
  in a client's request to require loading additional policy banks, e.g.:
policy_bank=TLS,ORIGINATING,MYNETS
  Its value is a comma-separated list of policy bank names. Names of
  nonexistent banks are silently ignored, so are leading and trailing spaces
  and TABs around each name. The order of policy bank loading generally
  follows the order in which information about a message were obtained:
- interface- or socket-based policy banks (when MTA connects to amavisd);
- MYNETS (when client's IP address becomes known);
- the list of policy bank names as specified in a
  'policy_bank' attribute of AM.PDP protocol, comma-separated;
- MYUSERS (when sender's e-mail address becomes known);


Mark

-
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >>  http://get.splunk.com/
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

Re: [AMaViS-user] Amavisd-new in a separate machine

2007-09-07 Thread Noel Jones 
At 11:47 PM 9/6/2007, Justin Kim wrote:
>Okay it gets more and more tricky.
>I guess that is because I am just starting to learn some of these from
>scratch.
>I would like to have my amavis1 server to serve as main spam filter.
>And for some reason if amavis1 is down, how can I configure postfix
>server to use it's localhost amavis to filter spams?

Yes, this is possible.

>amavis unix  -   -   n   -   12smtp
> -o smtp_data_done_timeout=1200
> -o smtp_send_xforward_command=yes
> -o disable_dns_lookups=yes

add to the above:
-o smtp_fallback_relay=amavis[127.0.0.1]:10024


-- 
Noel Jones 


-
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >>  http://get.splunk.com/
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

Re: [AMaViS-user] ANNOUNCE: amavisd-milter-1.3.0

2007-09-07 Thread Adam Gibson 
Mark Martinec wrote:
> Peter,
> 
>> I have added this to my amavisd.conf file
>>
>> $policy_bank{'SMTP_AUTH'} = {
>>   originating => 1,
>>   bypass_banned_checks_maps => [1],
>>   bypass_spam_checks_maps => [1],
>>   os_fingerprint_method => undef,  # don't query p0f for internal clients
>> };
>>
>> I am just wondering if this is the correct way to do that, or if this
>> might be overkill. I do not want to have mails from authenticated users
>> checked for spam, and they should be allowed to send attachments.
> 
> Yes, looks good. If you want to guaranty spam and banned checks

I am still a little fuzzy on the policy banks implementation details 
myself.  Does anyone know if a client is from MYNETS and does SMTP_AUTH 
which one would amavisd use or would both apply if you have settings for 
both banks?  If they both apply then what order would they be processed 
to know which takes priority?

-
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >>  http://get.splunk.com/
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

[AMaViS-user] Amavisd configuration

2007-09-07 Thread зБКЮЕОС йМШС 
Hello,



I am newbie in email server. I installed Postfix, amavisd-new, spamassassin and 
clamav through fedora yum command. Now I want configurate amavisd-new, but I 
didn't find good documentation about amavisd configuration file 
(/etc/amavisd/amavisd.conf). Where i can find good cocumentation about it?



I want know, how it works! For example:



['ClamAV-clamd',

#   \&ask_daemon, "CONTSCAN {}\n", "/var/run/clamav/clamd",

  \&ask_daemon, "CONTSCAN {}\n", "127.0.0.1:3310",   

  qr/\bOK$/, qr/\bFOUND$/,

  qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ], 



How can this translate? Is it any programming language?

-
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >>  http://get.splunk.com/
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

Re: [AMaViS-user] some spamassassin checks not occurring

2007-09-07 Thread matthew_buckland 
Hello again,

On Thu, Sep 06, 2007 at 03:13:59PM +0100, [EMAIL PROTECTED] wrote:
> On Thu, Sep 06, 2007 at 03:53:28PM +0200, Mark Martinec wrote:
> > Matt,
> > 
> > > I think I have done it correctly this time.
> > 
> > Ok, this looks better now.
> > 
> 
> [snip lots of good stuff]
> 
> Thankyou so much for all of that information. I will study it and make
> the changes to my configuration.
> 
> 

I think that it's now working on the non-production server that I set up,
just had to point it to the correct bayes path. However this is not the
problem with the production server. I managed to run outside of chroot
environment without impacting people's email too much and when it's
running outside the chroot it gives the same score as with command line
:-) the trouble is that I don't really want to run it outside the chroot
and I'm not sure how to figure out what is different. I have debugging
output from both . If anyone can see
something obvious I (and my users) would be very very happy.


Thanks again,

Matt

-
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >>  http://get.splunk.com/
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

[AMaViS-user] error uvupdate

2007-09-07 Thread Markus Edholm 
Hi All,

I´m having some errors for uvupdate
sometimes my hourly update works nice but occasionally i got this:

Virus Scan for Linux v4.16.0
Copyright (c) 1992-2004 Networks Associates Technology Inc. All rights
reserved.
(408) 988-3832  LICENSED COPY - Nov 13 2001

Scan engine v5.2.00 for Linux.
Virus data file v4100 created Sep 07 2007
Scanning for 318845 viruses, trojans and variants.

/bin/tar: This does not look like a tar archive
/bin/tar: Skipping to next header
/bin/tar: Error exit delayed from previous errors
/bin/tar: This does not look like a tar archive
/bin/tar: Skipping to next header
/bin/tar: Error exit delayed from previous errors
/bin/tar: This does not look like a tar archive
/bin/tar: Skipping to next header
/bin/tar: Error exit delayed from previous errors
/bin/tar: This does not look like a tar archive
/bin/tar: Skipping to next header
/bin/tar: Error exit delayed from previous errors
/bin/tar: This does not look like a tar archive
/bin/tar: Skipping to next header
/bin/tar: Error exit delayed from previous errors
/bin/tar: This does not look like a tar archive
/bin/tar: Skipping to next header
/bin/tar: Error exit delayed from previous errors
Virus Scan for Linux v4.16.0
Copyright (c) 1992-2004 Networks Associates Technology Inc. All rights
reserved.
(408) 988-3832  LICENSED COPY - Nov 13 2001

Scan engine v5.2.00 for Linux.
Virus data file v4100 created Sep 07 2007
Scanning for 318845 viruses, trojans and variants.



and sometimes this:

Virus Scan for Linux v4.16.0
Copyright (c) 1992-2004 Networks Associates Technology Inc. All rights
reserved.
(408) 988-3832  LICENSED COPY - Nov 13 2001

Scan engine v5.2.00 for Linux.
Virus data file v4100 created Sep 06 2007
Scanning for 318831 viruses, trojans and variants.

/bin/tar: Unexpected EOF in archive
/bin/tar: Error is not recoverable: exiting now
/bin/tar: Unexpected EOF in archive
/bin/tar: Error is not recoverable: exiting now
/bin/tar: Unexpected EOF in archive
/bin/tar: Unexpected EOF in archive
/bin/tar: Error is not recoverable: exiting now
Virus Scan for Linux v4.16.0
Copyright (c) 1992-2004 Networks Associates Technology Inc. All rights
reserved.
(408) 988-3832  LICENSED COPY - Nov 13 2001
Missing or invalid DAT:  /usr/local/uvscan/scan.dat
Virus Scan for Linux v4.16.0
Copyright (c) 1992-2004 Networks Associates Technology Inc. All rights
reserved.
(408) 988-3832  LICENSED COPY - Nov 13 2001

Scan engine v5.2.00 for Linux.
Virus data file v4100 created Sep 06 2007
Scanning for 318831 viruses, trojans and variants.


Anyone else that experience problem or is it just my setup?

-
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >>  http://get.splunk.com/
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/