[AMaViS-user] amavisd child hang
Hi, I have a linux server with the latest version of amavisd and SpamAssassin. Sometimes some mail cause amavisd child to hang. After that the server stop delivering mail to recipient and increasing load of the server, and i must kill amavisd child. I have set the debug level og amavisd to 5, and what i see is that processing mail is stopped after CALLING SA check: Sep 28 08:48:53 C015689-posta2 amavis[10934]: (10934-01) timer set to 318 s for SA (was 478 s) Sep 28 08:48:53 C015689-posta2 amavis[10934]: (10934-01) calling SA parse, SA version 3.2.3, 3.002003, data as GLOB Sep 28 08:48:53 C015689-posta2 amavis[10934]: (10934-01) CALLING SA check what can i do? I can't understand... -- Paolo De Marco - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] F-Prot 6 Daemon support for amavisd-new
Hi folks, yesterday I had the time to fix the support for the new f-prot version. Just add: ['F-Prot 6', \ask_daemon, [SCAN FILE {}/*\nQUIT\n,'127.0.0.1:10200'], qr/^(0|8|64) /, qr/^1 /, qr/^1 infected: ([^]+)/ ], to your config. Since yesterday it has processed a few hundredthousand mails and everything seems to be fine. Note: Return code 8 means that some kind of restriction has been raised (Scan restriction caused scan to skip files (maxdepth directories, maxdepth archives, exclusion list, etc).) and 64 means that the file could not be scanned (At least one object was not scanned (encrypted file, unsupported/unknown compression method, corrupted or invalid file).) Depending on your setup you may want to remove this error codes from being reported as clean, but thats on your own. You should also not have the entry for the old and the new fprotd active as they use the same ports which means that both will be detected as working. Alex - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] Problem To and CC header rewrite
Hello, I have a amavisd-new + spamassassin + postfix server. If we receive an e-mail with a long line in To or CC header (more than 255 characters), we don´t receive this line completely. It's as if amavisd-new would rewrite incorrectly the header. Is there any limit in to or cc header? This limit could be changed.Regards. _ MSN Video. http://video.msn.com/?mkt=es-es - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Problem To and CC header rewrite
Pablo Garcia, I have a amavisd-new + spamassassin + postfix server. I assume this is a post-queue filtering setup, not a milter setup. If we receive an e-mail with a long line in To or CC header (more than 255 characters), we don´t receive this line completely. It's as if amavisd-new would rewrite incorrectly the header. Is there any limit in to or cc header? This limit could be changed. There is no such limit in amavisd (nor in Postfix as far as I know). I tried with 300 and with 1100 character To lines, and there are no problems, these come through normally. Note that RFC 2822 limits lines in a header section to 998 characters (plus CRLF), and if allowed ($allow_fixing_improper_header=1) amavisd will truncate these to 998 characters (not to 255). So it seems you are seeing some other component breaking longer header lines. Mark - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] what is 'originating' flag ?
On 1/16/08, Rajkumar S wrote: Hi, The term 'originating' flag comes up quite often when I am searching to exclude some mails (from particular ip, SMTP AUTH and localhost) from scanning. But I could not find any docs specifying what it is. Any pointers to docs will be helpful here. search: http://www.ijs.si/software/amavisd/release-notes.txt for: policy banks now contain a new key 'originating' Appears to me (could be wrong) some routines need to know whether a message originates from us (client is in our network, client is authenticated, etc.) and once this state is known (or once it is set), it's more efficient to store this info in a single boolean variable than it is to calulate this state each time it's needed. Plus, having the state in a single variable makes it easy to manipulate. Also links to any docs on policy maps. http://www.ijs.si/software/amavisd/amavisd-new-docs.html#pbanks http://www200.pair.com/mecham/spam/bypassing.html Thanks, raj Gary V - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] local maps
Jo, Can amavis lookup a map via SQL or not? Yes, as Gary already showed how (quoting a text from amavisd.conf-sample). If you have some of the users and their settings in SQL tables 'users' and 'policy' (amavis schema), but want to extend the 'users' table with a list of remaining local domains, just use a UNION of the 'users' table with whatever list of domains you can fabricate by a SELECT from your existing postfix schema. Mark - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] $sql_select_white_black_list not working on amavis 2.4.2-6.1
Jordi, i've got a debian etch server, with amavis 2.4.2-6.1 and postfix 2.3.8-2. Reading throught different manual pages on the Internet i've managed to set up all the configuration i wanted except one thing, the white-black lists. I want them to work on the mysql server, and i've been already trying for 2 days with no luck at all. I create the following tables: CREATE TABLE `wblist` (... CREATE TABLE `mailaddr` (... I put some values into each table. Then, i've tried so many selects into de amavis configuration, none of them working. For example: $sql_select_white_black_list = 'SELECT wb FROM wblist LEFT JOIN mailaddr ON wblist.sid=mailaddr.id'. ' WHERE (wblist.rid=?)' . ' AND (mailaddr.email IN (%k))'. ' ORDER BY mailaddr.priority DESC'; are you supplying a correct user.id (to be matched with wblist.rid)? or just... $sql_select_white_black_list = 'SELECT B FROM wblist'; which to my undesrtanding that would mark anything as BLACKMAILED. ...if there are any records in the wblist table. Jan 16 11:24:04 postfix01.glusterproves /usr/sbin/amavisd-new[4223]: (04223-01) wbl: checking sender [EMAIL PROTECTED] Jan 16 11:24:04 postfix01.glusterproves /usr/sbin/amavisd-new[4223]: (04223-01) lookup_sql_field(id) (WARN: no such field in the SQL table), How is your table 'users' set up? It appears it is lacking the 'id' field. This table lists your recipients (individually or just their domain(s)). Mark - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] README.sql
Other than what I mentioned about sending test messages from trusted users (users in a policy bank that allows spam to pass for example), nothing comes to mind. I would prepare a spam message (gtube for example): http://spamassassin.apache.org/gtube/gtube.txt and send it from a hotmail or yahoo account (that is not whitelisted) and place the sender's address in: @debug_sender_maps = ( ['[EMAIL PROTECTED]'] ); The first email received from this sender (after amavisd-new is reloaded) will log at $log_level 5. I would then look at all the log entries for this particular transaction and see if you can discover the problem. If not, maybe you could post it to a http server for others to look at. av4:~ # tail -f /var/log/amavis | grep [EMAIL PROTECTED] Jan 17 17:26:35 av4 amavis[340]: (00340-02-38) ESMTP MAIL FROM:[EMAIL PROTECTED] SIZE=3894\r\n Jan 17 17:26:35 av4 amavis[340]: (00340-02-38) ESMTP 250 2.1.0 Sender [EMAIL PROTECTED] OK Jan 17 17:26:35 av4 amavis[340]: (00340-02-38) ESMTP::10024 /var/amavis/scan/amavis-20080117T172354-00340: [EMAIL PROTECTED] - [EMAIL PROTECTED] SIZE=3894 Received: from av4.sttspa.it ([127.0.0.1]) by localhost (av4.stt.vir [127.0.0.1]) (amavisd-new, port 10024) with ESMTP for [EMAIL PROTECTED]; Thu, 17 Jan 2008 17:26:35 +0100 (CET) Jan 17 17:26:35 av4 amavis[340]: (00340-02-38) find_or_save_addr: record inserted, id=1522, [EMAIL PROTECTED] Jan 17 17:26:35 av4 amavis[340]: (00340-02-38) save_info_preliminary: 1522, [EMAIL PROTECTED], new Jan 17 17:26:35 av4 amavis[340]: (00340-02-38) Checking: XhbGjz-Z0mgS [72.14.214.231] [EMAIL PROTECTED] - [EMAIL PROTECTED] Jan 17 17:26:42 av4 amavis[340]: (00340-02-38) wbl: checking sender [EMAIL PROTECTED] Jan 17 17:26:42 av4 amavis[340]: (00340-02-38) query_keys: [EMAIL PROTECTED], pesce@, gmail.com, .gmail.com, .com, . Jan 17 17:26:42 av4 amavis[340]: (00340-02-38) lookup_hash([EMAIL PROTECTED]), no matches Jan 17 17:26:42 av4 amavis[340]: (00340-02-38) lookup (blacklist_sender) = undef, [EMAIL PROTECTED] does not match Jan 17 17:26:42 av4 amavis[340]: (00340-02-38) query_keys: [EMAIL PROTECTED], pesce@, gmail.com, .gmail.com, .com, . Jan 17 17:26:42 av4 amavis[340]: (00340-02-38) lookup_hash([EMAIL PROTECTED]), no matches Jan 17 17:26:42 av4 amavis[340]: (00340-02-38) lookup (whitelist_sender) = undef, [EMAIL PROTECTED] does not match Jan 17 17:26:42 av4 amavis[340]: (00340-02-38) lookup_re([EMAIL PROTECTED]), no matches Jan 17 17:26:42 av4 amavis[340]: (00340-02-38) query_keys: [EMAIL PROTECTED], pesce@, gmail.com, .gmail.com, .com, . Jan 17 17:26:42 av4 amavis[340]: (00340-02-38) lookup_hash([EMAIL PROTECTED]), no matches Jan 17 17:26:42 av4 amavis[340]: (00340-02-38) lookup (score_sender[EMAIL PROTECTED]) = undef, [EMAIL PROTECTED] does not match Jan 17 17:26:43 av4 amavis[340]: (00340-02-38) SPAM-KILL, [EMAIL PROTECTED] - [EMAIL PROTECTED], score=999.164, kill=6.31 Jan 17 17:26:43 av4 amavis[340]: (00340-02-38) lookup (spam_quarantine_bysender_to) = undef, [EMAIL PROTECTED] does not match Jan 17 17:26:43 av4 amavis[340]: (00340-02-38) header: X-Envelope-From: [EMAIL PROTECTED]\n Jan 17 17:26:43 av4 amavis[340]: (00340-02-38) DO_QUARANTINE, sender: [EMAIL PROTECTED] av4:/etc # cat /var/log/mail | grep EB81B7502A2 Jan 17 17:24:45 av4 postfix/smtpd[1464]: EB81B7502A2: client=hu-out-0506.google.com[72.14.214.231] Jan 17 17:24:46 av4 postfix/cleanup[834]: EB81B7502A2: message-id=[EMAIL PROTECTED] Jan 17 17:24:46 av4 postfix/qmgr[405]: EB81B7502A2: from=[EMAIL PROTECTED], size=3894, nrcpt=1 (queue active) Jan 17 17:26:44 av4 postfix/smtp[2004]: EB81B7502A2: to=[EMAIL PROTECTED], relay=127.0.0.1[127.0.0.1]:10024, conn_use=38, delay=118, delays=0.65/110/0/8, dsn=4.5.0, status=deferred (host 127.0.0.1[127.0.0.1] said: 451 4.5.0 Error in processing, id=00340-02-38, quar+notif FAILED: Explicit forwarding, but not all recips done at /usr/local/sbin/amavisd line 3083. (in reply to end of DATA command)) Please note all 'RO tables' are empty. rocsca - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] README.sql
Rocco, av4:~ # tail -f /var/log/amavis | grep [EMAIL PROTECTED] ... Jan 17 17:26:42 av4 amavis[340]: (00340-02-38) lookup (score_sender[EMAIL PROTECTED]) = undef, [EMAIL PROTECTED] does not match Jan 17 17:26:43 av4 amavis[340]: (00340-02-38) SPAM-KILL, [EMAIL PROTECTED] - [EMAIL PROTECTED], score=999.164, kill=6.31 Jan 17 17:26:43 av4 amavis[340]: (00340-02-38) lookup Jan 17 17:26:43 av4 amavis[340]: (00340-02-38) DO_QUARANTINE, sender: [EMAIL PROTECTED] and what comes next? Search the log for all '\(00340-02-38\)' entries. Please note all 'RO tables' are empty. These are irrelevant as long as @lookup_sql_dsn is left empty. Mark - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] $sql_select_white_black_list not working on amavis 2.4.2-6.1
Hi, i'll check it out again and let you know something. Thank you. En/na Mark Martinec ha escrit: Jordi, i've got a debian etch server, with amavis 2.4.2-6.1 and postfix 2.3.8-2. Reading throught different manual pages on the Internet i've managed to set up all the configuration i wanted except one thing, the white-black lists. I want them to work on the mysql server, and i've been already trying for 2 days with no luck at all. I create the following tables: CREATE TABLE `wblist` (... CREATE TABLE `mailaddr` (... I put some values into each table. Then, i've tried so many selects into de amavis configuration, none of them working. For example: $sql_select_white_black_list = 'SELECT wb FROM wblist LEFT JOIN mailaddr ON wblist.sid=mailaddr.id'. ' WHERE (wblist.rid=?)' . ' AND (mailaddr.email IN (%k))'. ' ORDER BY mailaddr.priority DESC'; are you supplying a correct user.id (to be matched with wblist.rid)? or just... $sql_select_white_black_list = 'SELECT B FROM wblist'; which to my undesrtanding that would mark anything as BLACKMAILED. ...if there are any records in the wblist table. Jan 16 11:24:04 postfix01.glusterproves /usr/sbin/amavisd-new[4223]: (04223-01) wbl: checking sender [EMAIL PROTECTED] Jan 16 11:24:04 postfix01.glusterproves /usr/sbin/amavisd-new[4223]: (04223-01) lookup_sql_field(id) (WARN: no such field in the SQL table), How is your table 'users' set up? It appears it is lacking the 'id' field. This table lists your recipients (individually or just their domain(s)). Mark - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/ - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] what is 'originating' flag ?
Gary, Ah, Ok. Currently no reliable way for amavisd-new to know when a client has authenticated via the MTA, so in this case (for example) originating must be explicitly set (via a policy bank). Exactly. The default for @mynetworks lists private address space, so can I assume that if this is not changed, and only the default policy bank is loaded, that $originating is true for private addresses? Yes. (yes for mail coming from these IP addresses; this information is passed from Postfix to amavisd with a XFORWARD smtp command, or from an AM.PDP milter through attribute 'client_address') Or is it required to create a MYNETS policy bank (even an empty one) so $originating is true for addresses in @mynetworks? No, it is not required (but doesn't hurt). For the purpose of backwards compatibility, it suffices that IP address is found in @mynetworks_maps - as documented in the RELEASE_NOTES: It is a boolean variable, turned on automatically in the currently loaded policy bank when a smtp client's IP address matches @mynetworks_maps, to retain full compatibility with existing setups. Mark - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] what is 'originating' flag ?
On 1/17/08, Mark Martinec wrote: Appears to me (could be wrong) some routines need to know whether a message originates from us (client is in our network, client is authenticated, etc.) and once this state is known (or once it is set), it's more efficient to store this info in a single boolean variable than it is to calulate this state each time it's needed. Plus, having the state in a single variable makes it easy to manipulate. Yes, sort of. It is not a matter of efficiency, but setting the state of the originating flag is the only way that amavisd can be told whether a message was submitted from our users (from internal networks or by authenticated roaming users), as opposed to all other mail. Mark Ah, Ok. Currently no reliable way for amavisd-new to know when a client has authenticated via the MTA, so in this case (for example) originating must be explicitly set (via a policy bank). The default for @mynetworks lists private address space, so can I assume that if this is not changed, and only the default policy bank is loaded, that $originating is true for private addresses? Or is it required to create a MYNETS policy bank (even an empty one) so $originating is true for addresses in @mynetworks? -- Gary V - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Duplicate setup on secondary MX
Rob, I was wondering if there is a way to duplicate a current amavis setup on a new machine? as each time i simply installed form scratch and then copied over the /etc/spamassassin/local.cf file or files in that dir Also copied over all files in /etc/amavis/conf.d Yes, this should pretty much do it. You may need to adjust $myhostname (if explicitly configured), and possibly a list of networks in @mynetworks, and the trusted_networks and internal_networks in local.cf Howerver , i get spam coming through on the new machine that gets stopped on the current machine... so i figure i would copy over the bayes files too Yes, it would help too. And maybe the AWL database, if in use. and i restarted SA, but still its not the same, should i have run a bayes command to initialize that copied over bayes database? Is you bayes kept in a bdb database on a file? If versions of a berkeley db are the same, it would suffice to copy the directory with database files. If both mailers are in the same network, you may decide to let them use the same SQL database for bayes and awl. Anyone use an secondary MX server with Amavis? Which forwards emails not the the primary MX, but right to the pop server? Don't know, probably. It is a possibility too, when both mailers are located close to a mailbox server. Mark - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] amavisd no SPAM for users in aliases
Christophe, I'm using amavisd-2.3.3 and it's really works fine. 90% of my users wants to receive SPAM tagged with the $sa_spam_subject_tag, when the $sa_kill_level_deflt is over, so users have SPAM tagged, so this is the default policy for SPAM in my company. So you either have a $final_spam_destiny=D_PASS, or you have all recipients declared as spam lovers. BUT : when users leaves my company , I do a forward of his INTERNAL email to a EXTERNAL email ( hotmail, yahoo...), so today some external domain blocks my domain because they think I forward SPAM, while it is tagged ! So : Who can I do with amavis to DISCARD SPAM with a $sa_kill_level_deflt lower to my default policy for users who are listed in files : aliases and canonical postfix files ? The $final_spam_destiny can be set to D_DISCARD (or D_BOUNCE), and all your recipients EXPECT THE RELOCATED ONES should be listed as spam lovers. You can use any of the following lookup tables: %spam_lovers, or @spam_lovers_acl, or $spam_lovers_re. If you have only a few relocated users, use the _acl, e.g.: @spam_lovers_acl = qw( [EMAIL PROTECTED] [EMAIL PROTECTED] . ); (the '!' makes the listed users NOT spam lovers, the final dot makes all the rest spam lovers - README.lookups). If you have many such users, it is better to use a hash lookup, e.g.: %spam_lovers = ( '[EMAIL PROTECTED]' = 0, '[EMAIL PROTECTED]' = 0, '.' = 1, ); (keep addresses in lower case) A function read_hash() can be called from amavisd.conf to read the %spam_lovers from a file, if desired. See RELEASE_NOTES. Mark - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] amavisd-new accepting e-mails from a remote machine
Jordi Moles wrote: hi, i've got 2 debian servers, one with postfix and the other one with amavisd-new running. I've read a lot of examples about how to set up amavisd-new to filter emails that come from postfix. The thing is that in amavisd.conf i have to put something like this: $forward_method = 'smtp:[*]:10025'; i mean... if i write: $forward_method = 'smtp:[192.168.1.10]:10025'; where 192.168.1.10 is the postfix's ip address... it works fine. But the idea is to have an amavis server that filters from many different servers. How can i tell amavis to send the filtered mail to the ip address it came from? From amavisd.conf-sample: # To make it possible for several hosts to share one content checking daemon, # the IP address and/or the port number in $forward_method and $notify_method # may be spacified as an asterisk. An asterisk in the colon-separated # second field (host) will be replaced by the SMTP client peer address, # An asterisk in the third field (tcp port) will be replaced by the incoming # SMTP/LMTP session port number plus one. This obsoletes the previously used # less flexible configuration parameter $relayhost_is_client. An example: # $forward_method = 'smtp:*:*'; $notify_method = 'smtp:*:10587'; -- Noel Jones - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] what is 'originating' flag ?
Gary V write, On 1/16/08, Rajkumar S wrote: The term 'originating' flag comes up quite often when I am searching to exclude some mails (from particular ip, SMTP AUTH and localhost) from scanning. But I could not find any docs specifying what it is. Any pointers to docs will be helpful here. search: http://www.ijs.si/software/amavisd/release-notes.txt for: policy banks now contain a new key 'originating' Right. Appears to me (could be wrong) some routines need to know whether a message originates from us (client is in our network, client is authenticated, etc.) and once this state is known (or once it is set), it's more efficient to store this info in a single boolean variable than it is to calulate this state each time it's needed. Plus, having the state in a single variable makes it easy to manipulate. Yes, sort of. It is not a matter of efficiency, but setting the state of the originating flag is the only way that amavisd can be told whether a message was submitted from our users (from internal networks or by authenticated roaming users), as opposed to all other mail. Mark - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] amavisd-new accepting e-mails from a remote machine
hi, i've got 2 debian servers, one with postfix and the other one with amavisd-new running. I've read a lot of examples about how to set up amavisd-new to filter emails that come from postfix. The thing is that in amavisd.conf i have to put something like this: $forward_method = 'smtp:[*]:10025'; i mean... if i write: $forward_method = 'smtp:[192.168.1.10]:10025'; where 192.168.1.10 is the postfix's ip address... it works fine. But the idea is to have an amavis server that filters from many different servers. How can i tell amavis to send the filtered mail to the ip address it came from? Thank you. - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] amavisd-new accepting e-mails from a remote machine
Jordi Moles wrote: hi, i've got 2 debian servers, one with postfix and the other one with amavisd-new running. I've read a lot of examples about how to set up amavisd-new to filter emails that come from postfix. The thing is that in amavisd.conf i have to put something like this: $forward_method = 'smtp:[*]:10025'; i mean... if i write: $forward_method = 'smtp:[192.168.1.10]:10025'; where 192.168.1.10 is the postfix's ip address... it works fine. But the idea is to have an amavis server that filters from many different servers. How can i tell amavis to send the filtered mail to the ip address it came from? look at the amavisd.conf-sample: $forward_method = 'smtp:*:*'; should do if all postfixers listen on $port+1 (in your case, $port=10024 and $port+1=10025). - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] MySQL client_addr using dual Exim MTA
Richard, ...but I've modified the amavisd binary to find a client ip address in a header added by the MTA. I'm sure I'm not the only person with a requirement for this feature so I'll document what I did: 'UPDATE msgs SET content=?, quar_type=?, quar_loc=?, dsn_sent=?,'. 'UPDATE msgs SET client_addr=?, content=?, quar_type=?, quar_loc=?, ... The code above looks for a header called 'X-My-ClientAddr' in the original message, which (if XFORWARD didn't get there first) is used as the original client's IP address. As per Mark's earlier email on the topic, the message headers aren't available during the insert operation (ins_msg query) so I've had to modify the second 'upd_msg' query to insert the value into the database. This does mean that we're updating that field twice per message but that's not exactly going to add a massive overhead to the server. Does the message when it reaches amavisd already contain a Received header field inserted by your Exim? If so, it can be used in place of your X-My-ClientAddr, and provides a standards-based solution. The amavisd 2.6.0 brings a more realiable and flexible parser of Received header fields, so the following patch to 2.6.0-pre3 puts it to good use when XFORWARD information is not available, obtaining the IP address from the top (or the second) Received field. (it also fixes a bug in sub get_header_field_body) --- amavisd.origSun Dec 30 02:20:52 2007 +++ amavisd Thu Jan 17 21:12:30 2008 @@ -1049,5 +1049,5 @@ 'upd_msg' = 'UPDATE msgs SET content=?, quar_type=?, quar_loc=?, dsn_sent=?,'. - ' spam_level=?, message_id=?, from_addr=?, subject=?'. # ,p0f=? + ' spam_level=?, message_id=?, from_addr=?, subject=?, client_addr=?'. ' WHERE mail_id=?', 'ins_rcp' = @@ -5825,6 +5825,6 @@ sub get_header_field_body { my($self,$field_name,$j) = @_; - my($j); my($f_i,$f_n,$f) = $self-get_header_field($field_name,$j); - defined $f ($j=index($f,':')) = 0 ? substr($f,$j+1) : $f; + my($k); my($f_i,$f_n,$f) = $self-get_header_field($field_name,$j); + defined $f ($k=index($f,':')) = 0 ? substr($f,$k+1) : $f; } @@ -6207,6 +6207,7 @@ # use vars qw(@publicnetworks_maps); -sub best_try_originator_ip($) { - my($msginfo) = @_; +sub best_try_originator_ip($;$) { + my($msginfo,$search_top_down) = @_; + $search_top_down = 0 if !defined $search_top_down; @publicnetworks_maps = ( Amavis::Lookup::Label-new('publicnetworks'), @@ -6216,17 +6217,19 @@ :::0:0/96 !:: !::1 !FF00::/8 !FE80::/10 !FEC0::/10 ::/0)) ) if [EMAIL PROTECTED]; # rfc3330, rfc3513 - my($first_received_from_ip); - for (my $j = -1; $j = -6; $j--) { # bottom-up, first six chronologically + my($received_from_ip); + my(@search_list) = $search_top_down ? (0,1) # the topmost two Received flds + : (-1,-2,-3,-4,-5,-6); # bottom-up, first six chronologically + for my $j (@search_list) { # walk through a list of Received field indices my($r) = $msginfo-get_header_field_body('received',$j); last if !defined $r; -$first_received_from_ip = fish_out_ip_from_received($r); -if ($first_received_from_ip ne '') { +$received_from_ip = fish_out_ip_from_received($r); +if ($received_from_ip ne '') { my($is_public,$fullkey,$err) = -lookup_ip_acl($first_received_from_ip,@publicnetworks_maps); +lookup_ip_acl($received_from_ip,@publicnetworks_maps); last if (!defined($err) || $err eq '') $is_public; } } - do_log(5, best_try_originator_ip: %s, $first_received_from_ip); - $first_received_from_ip; + do_log(5, best_try_originator_ip: %s, $received_from_ip); + $received_from_ip; } @@ -9324,4 +9327,9 @@ collect_some_info($msginfo); my($mail_size) = $msginfo-msg_size; # use corrected ESMTP size +if (!defined($msginfo-client_addr)) { + my($ip) = best_try_originator_ip($msginfo,1); + do_log(3, client IP address unknown, fetching from Received: %s, $ip); + $msginfo-client_addr($ip); +} my($file_generator_object) = # maxfiles 0 disables the $MAXFILES limit @@ -17356,5 +17364,7 @@ $conn_h-execute($upd_msg, $content_type, $quar_type, $q_to, $dsn_sent, - 0+untaint($spam_level), $m_id, $from, $subj, # $os_fp, + 0+untaint($spam_level), $m_id, $from, $subj, + untaint($msginfo-client_addr), #maybe we have a better info now + # $os_fp, $mail_id);# $rfc2822_sender, $rfc2822_from, # SQL_CHAR, SQL_VARCHAR, SQL_VARBINARY, SQL_BLOB, SQL_INTEGER, SQL_FLOAT, Mark - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net
Re: [AMaViS-user] amavisd child hang
Paolo, I have a linux server with the latest version of amavisd and SpamAssassin. Sometimes some mail cause amavisd child to hang. After that the server stop delivering mail to recipient and increasing load of the server, and i must kill amavisd child. I have set the debug level og amavisd to 5, and what i see is that processing mail is stopped after CALLING SA check: Sep 28 08:48:53 C015689-posta2 amavis[10934]: (10934-01) timer set to 318 s for SA (was 478 s) Sep 28 08:48:53 C015689-posta2 amavis[10934]: (10934-01) calling SA parse, SA version 3.2.3, 3.002003, data as GLOB Sep 28 08:48:53 C015689-posta2 amavis[10934]: (10934-01) CALLING SA check what can i do? I can't understand... So what happens to a process 10934 afterwards (search for \(10934-01\) in the log). If eventually the control returns and the process continues (perhaps after several minutes, or after a timeout), then the reason for long processing time needs to be found in SpamAssassin. Similarly, if control never returns to amavisd (i.e. a process crashed), it did so in the SpamAssassin code, and a reason must be found there. The bet way to do it is to find the message causing a problem (e.g. stealing it from a Postfix queue, or from a temporary directory in use by the spinning amavisd process), and feed it manually to a command line spamassassin, with debugging enabled: # su vscan -c 'spamassassin -t -D 0.msg' Alternatively, the SpamAssassin logging could be enabled in the amavisd process: # amavisd debug-sa although this produces lots of output on stderr, which might be difficult to analyze. Possible reasons for long processing within amavisd are bayes auto-expiry runs, or some problematic regular expressions in rules, most likely in SARE rules. Mark - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] README.sql
Mark, Rocco, av4:~ # tail -f /var/log/amavis | grep [EMAIL PROTECTED] ... Jan 17 17:26:42 av4 amavis[340]: (00340-02-38) lookup (score_sender[EMAIL PROTECTED]) = undef, [EMAIL PROTECTED] does not match Jan 17 17:26:43 av4 amavis[340]: (00340-02-38) SPAM-KILL, [EMAIL PROTECTED] - [EMAIL PROTECTED], score=999.164, kill=6.31 Jan 17 17:26:43 av4 amavis[340]: (00340-02-38) lookup Jan 17 17:26:43 av4 amavis[340]: (00340-02-38) DO_QUARANTINE, sender: [EMAIL PROTECTED] Jan 17 17:26:43 av4 amavis[340]: (00340-02-38) prolong_timer check done: remaini ng time = 473 s Jan 17 17:26:43 av4 amavis[340]: (00340-02-38) sending SMTP response: 451 4.5.0 Error in processing, id=00340-02-38, quar+notif FAILED: Explicit forwarding, bu t not all recips done at /usr/local/sbin/amavisd line 3083. Jan 17 17:26:43 av4 amavis[340]: (00340-02-38) ESMTP 451 4.5.0 Error in process ing, id=00340-02-38, quar+notif FAILED: Explicit forwarding, but not all recips done at /usr/local/sbin/amavisd line 3083. Jan 17 17:26:43 av4 amavis[340]: (00340-02-38) switch_to_client_time 480 s, smtp response sent Jan 17 17:26:43 av4 amavis[340]: (00340-02-38) TIMING [total 8036 ms] - lookup_s ql: 10 (0%)0, SMTP pre-DATA-flush: 3 (0%)0, SMTP DATA: 26 (0%)0, check_init: 1 ( 0%)0, digest_hdr: 1 (0%)0, digest_body: 0 (0%)0, sql-enter: 28 (0%)1, mime_decod e: 20 (0%)1, get-file-type2: 25 (0%)1, decompose_part: 2 (0%)1, decompose_part: 2 (0%)1, parts_decode: 0 (0%)1, check_header: 5 (0%)2, AV-scan-1: 96 (1%)3, AV-s can-2: 6400 (80%)82, spam-wb-list: 8 (0%)82, SA msg read: 1 (0%)82, SA parse: 4 (0%)83, SA check: 1004 (12%)95, SA finish: 19 (0%)95, update_cache: 266 (3%)99, decide_mail_destiny: 102 (1%)100, SMTP pre-response: 13 (0%)100, SMTP response: 1 (0%)100, rundown: 1 (0%)100 Jan 17 17:26:43 av4 amavis[340]: (00340-02-38) idle_proc, 6: was busy, 8026.2 ms , total idle 3.497 s, busy 296.086 s Jan 17 17:26:44 av4 amavis[340]: (00340-02-38) idle_proc, 5: was idle, 84.8 ms, total idle 3.582 s, busy 296.086 s Jan 17 17:26:44 av4 amavis[340]: (00340-02-38) ESMTP RSET\r\n Jan 17 17:26:44 av4 amavis[340]: (00340-02-38) switch_to_my_time 480 s, SMTP RSET received Jan 17 17:26:44 av4 amavis[340]: (00340-02-38) ESMTP 250 2.0.0 Ok RSET Jan 17 17:26:44 av4 amavis[340]: (00340-02-38) switch_to_client_time 480 s, smtp response sent Jan 17 17:26:44 av4 amavis[340]: (00340-02-38) idle_proc, 6: was busy, 56.2 ms, total idle 3.582 s, busy 296.142 s Jan 17 17:26:44 av4 amavis[340]: (00340-02-38) idle_proc, 5: was idle, 0.2 ms, t otal idle 3.582 s, busy 296.142 s Jan 17 17:26:44 av4 amavis[340]: (00340-02-38) ESMTP XFORWARD NAME=unknown ADDR =10.38.200.62\r\n Jan 17 17:26:44 av4 amavis[340]: (00340-02-38) switch_to_my_time 480 s, SMTP XFORWARD received Jan 17 17:26:44 av4 amavis[340]: (00340-02-38) ESMTP 250 2.5.0 Ok XFORWARD Jan 17 17:26:44 av4 amavis[340]: (00340-02-38) switch_to_client_time 480 s, smtp response sent Jan 17 17:26:44 av4 amavis[340]: (00340-02-38) idle_proc, 6: was busy, 1.1 ms, t otal idle 3.582 s, busy 296.144 s Jan 17 17:26:44 av4 amavis[340]: (00340-02-38) idle_proc, 5: was idle, 0.2 ms, t otal idle 3.582 s, busy 296.144 s Jan 17 17:26:44 av4 amavis[340]: (00340-02-38) ESMTP XFORWARD PROTO=ESMTP HELO= EXCH03.bapulia.it\r\n Jan 17 17:26:44 av4 amavis[340]: (00340-02-38) switch_to_my_time 480 s, SMTP XFORWARD received Jan 17 17:26:44 av4 amavis[340]: (00340-02-38) ESMTP 250 2.5.0 Ok XFORWARD Jan 17 17:26:44 av4 amavis[340]: (00340-02-38) switch_to_client_time 480 s, smtp response sent Jan 17 17:26:44 av4 amavis[340]: (00340-02-38) idle_proc, 6: was busy, 1.0 ms, t otal idle 3.582 s, busy 296.145 s Jan 17 17:26:44 av4 amavis[340]: (00340-02-38) idle_proc, 5: was idle, 0.2 ms, t otal idle 3.582 s, busy 296.145 s Jan 17 17:26:44 av4 amavis[340]: (00340-02-38) ESMTP MAIL FROM: SIZE=11429 BO DY=8BITMIME\r\n Jan 17 17:26:44 av4 amavis[340]: (00340-02-38) switch_to_my_time 480 s, SMTP MAIL received Jan 17 17:26:44 av4 amavis[340]: (00340-02-39) check_mail_begin_task: task_count =40 Jan 17 17:26:44 av4 amavis[340]: (00340-02-39) TempDir::prepare: creating direct ory /var/amavis/scan/amavis-20080117T172644-00340 Jan 17 17:26:44 av4 amavis[340]: (00340-02-39) TempDir::prepare_file: creating f ile /var/amavis/scan/amavis-20080117T172644-00340/email.txt Jan 17 17:26:44 av4 amavis[340]: (00340-02-39) TempDir::prepare_file: layers: un ix,perlio Jan 17 17:26:44 av4 amavis[340]: (00340-02-39) lookup_ip_acl (mynetworks): key= 10.38.200.62 matches 10.0.0.0/8, result=1 Jan 17 17:26:44 av4 amavis[340]: (00340-02-39) lookup_acl(), no match Jan 17 17:26:44 av4 amavis[340]: (00340-02-39) lookup (debug_sender) = undef, does not match Jan 17 17:26:44 av4 amavis[340]: (00340-02-39) DEBUG_ONESHOT: TURNED OFF Jan 17 17:26:44 av4 amavis[340]: (00340-02-39) ESMTP MAIL FROM: SIZE=11429 BO DY=8BITMIME\r\n Please note all 'RO tables' are empty. These are irrelevant as long as @lookup_sql_dsn is left empty. And what do I have to put inside when
Re: [AMaViS-user] what is 'originating' flag ?
On Jan 17, 2008 9:05 PM, Gary V [EMAIL PROTECTED] wrote: search: http://www.ijs.si/software/amavisd/release-notes.txt for: policy banks now contain a new key 'originating' Thanks a lot! raj - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Logging SA matched rules in 2.6.0-pre3
On Jan 10, 2008 1:33 AM, Mark Martinec [EMAIL PROTECTED] wrote: Uncomment (remove the first '#') both occurrences of the: #[? %#T ||, Tests: \[[%T|,]\]]# by the end of the amavisd file (in the log entry template), or assign a replacement template to $log_templ in amavisd.conf. Thanks, I am having SA rules logged in log file. I am also using sql logging, is it possible to log the SA rules to sql also? The sample config did not have some thing like sql_select_policy for insert. raj - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/