[AMaViS-user] [Fwd: [Clamav-users] Sanesecurity Changes]
FYI... This change affects @virus_name_to_spam_score_maps, used to turn Sanesecurity ClamAV hits into spam scores. Note the new naming scheme: Eg: @virus_name_to_spam_score_maps = (new_RE( # [ qr'^(Email|HTML)\.(Phishing|Spam|Scam[a-z0-9]?)\.'i => 0.1 ], [ qr'^Sanesecurity\.Malware\.' => undef ], [ qr'^Sanesecurity\. (Hdr|Img|ImgO|Junk|Doc|ScamL|Scam4| Job|Stk|Loan|Spam|Porn|Bou|Dipl|Cred)\.'x => 10.1 ], [ qr'^(MSRBL-Images/)' => 2.1 ], [ qr'^(MSRBL-SPAM\.)'=> 5.1 ], )); Mike Original Message Subject: [Clamav-users] Sanesecurity Changes Date: Mon, 6 Oct 2008 13:37:48 +0100 (BST) From: Steve Basford Reply-To: ClamAV users ML <[EMAIL PROTECTED]> To: ClamAV users ML <[EMAIL PROTECTED]> Hi All, There are a few changes to the Sanesecurity signature names and database names (including updated downlaod scripts). Please read the following, as it contains all the information on the new changes: http://www.sanesecurity.co.uk/clamav/changes.pdf Cheers, Steve Sanesecurity - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] SecuritySage DNSBL is dead & listing the universe
For those who haven't yet noticed, the SecuritySage DNSBL is returning 127.0.0.1 to all queries; this was checked in at least some versions of SpamAssassin, so check your configurations. You might be using it and not realizing it. This is not a good way to shut down a DNSBL, but unfortunately not everybody reads the RFCs or is even aware that there is an RFC for DNSBL operators. -- Clifton -- Clifton Royston -- [EMAIL PROTECTED] / [EMAIL PROTECTED] President - I and I Computing * http://www.iandicomputing.com/ Custom programming, network design, systems and network consulting services - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] avoid rescan same message-id (refer me to FAQ please)
Jo Rhett <[EMAIL PROTECTED]> wrote: > I could swear that this is a common FAQ item, but right now my > searches are only turning up a thread about how to setup postfix to > avoid rescanning released items. > > Very simple: due to limitations in the ticketing system software, I > have to pipe some messages to an alias entry that either discards the > message or remails to it specific people. Right now this means every > message gets scanned twice, with headers added twice. > > Is there a useful way to tag a message locally so that it won't be > rescanned if *our* amavisd has already scanned it? Yes I realize that > this could be forged remotely. > > Or should I approach it differently to avoid scanning localhost > submitted items? Sorry if you've seen this already, but just in case: http://archive.netbsd.se/?ml=amavis-user&a=2008-06&t=7665285 -- Sahil Tandon <[EMAIL PROTECTED]> - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] avoid rescan same message-id (refer me to FAQ please)
I could swear that this is a common FAQ item, but right now my searches are only turning up a thread about how to setup postfix to avoid rescanning released items. Very simple: due to limitations in the ticketing system software, I have to pipe some messages to an alias entry that either discards the message or remails to it specific people. Right now this means every message gets scanned twice, with headers added twice. Is there a useful way to tag a message locally so that it won't be rescanned if *our* amavisd has already scanned it? Yes I realize that this could be forged remotely. Or should I approach it differently to avoid scanning localhost submitted items? -- Jo Rhett Net Consonance : consonant endings by net philanthropy, open source and other randomness - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] amavisd-new-2.5.3 - domain rejected
That's a postfix issue. You need to allow the domain/Mta/user before the command 'reject_unknown_recipient_domain' In your postfix main.cf > -Original Message- > From: Tom Brown [mailto:[EMAIL PROTECTED] > Sent: Monday, October 06, 2008 9:54 AM > To: amavis-user@lists.sourceforge.net > Subject: [AMaViS-user] amavisd-new-2.5.3 - domain rejected > > > Hi > > I am trying to recieve a mail from a riskadvisory.net address > and its being rejected due to the sender domain not existing > - As i cant change anything at the senders end is there > anything i can do to get this mail to me? > > Oct 6 14:48:49 sw19 postfix/smtpd[15308]: NOQUEUE: reject: RCPT from > mail.RiskAdvisory.net[217.150.119.107]: 450 > <[EMAIL PROTECTED] > sory.net>: Sender address rejected: Domain not found; > from=<[EMAIL PROTECTED]> > to=<[EMAIL PROTECTED]> proto=ESMTP helo= > > thanks > > > -- > --- > This SF.Net email is sponsored by the Moblin Your Move > Developer's challenge Build the coolest Linux based > applications with Moblin SDK & win great prizes Grand prize > is a trip for two to an Open Source event anywhere in the > world http://moblin-contest.org/redirect.php?banner_id=100&url=/ > ___ > AMaViS-user mailing list > AMaViS-user@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/amavis-user > AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 > AMaViS-HowTos:http://www.amavis.org/howto/ > - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] amavisd-new-2.5.3 - domain rejected
This is not a amavis problem but a postfix configuration issue.. still, here's the solution :) In /etc/postfix/main.cf, in your "smtpd_client_restrictions" section, add this as the first entry: check_client_access hash:/etc/postfix/whitelist_clients create /etc/postfix/whitelist_clients and add this line in it : 217.150.119.107 OK Run "postmap /etc/postfix/whitelist_clients" Reload postfix Have a nice day :) -Message d'origine- De : Tom Brown [mailto:[EMAIL PROTECTED] Envoyé : 6 octobre 2008 09:54 À : amavis-user@lists.sourceforge.net Objet : [AMaViS-user] amavisd-new-2.5.3 - domain rejected Hi I am trying to recieve a mail from a riskadvisory.net address and its being rejected due to the sender domain not existing - As i cant change anything at the senders end is there anything i can do to get this mail to me? Oct 6 14:48:49 sw19 postfix/smtpd[15308]: NOQUEUE: reject: RCPT from mail.RiskAdvisory.net[217.150.119.107]: 450 <[EMAIL PROTECTED] sory.net>: Sender address rejected: Domain not found; from=<[EMAIL PROTECTED]> to=<[EMAIL PROTECTED]> proto=ESMTP helo= thanks - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/ - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] amavisd-new-2.5.3 - domain rejected
> This is not a amavis problem but a postfix configuration issue.. still, > here's the solution :) > > In /etc/postfix/main.cf, in your "smtpd_client_restrictions" section, add > this as the first entry: > check_client_access hash:/etc/postfix/whitelist_clients > > create /etc/postfix/whitelist_clients and add this line in it : > 217.150.119.107 OK > > Run "postmap /etc/postfix/whitelist_clients" > Reload postfix > > Have a nice day :) > thanks for the info - now resolved thanks - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Black- Whitelists
Silvio, > unset PERLIO; /usr/sbin/amavisd-new reload > Error in config file "/etc/amavisd.conf": Error reading from > /var/amavis/home/black: Ungültiger Dateideskriptor at /usr/sbin/amavisd-new > line 2609, line 4. > > The most likely reason is that the last line of your text file > > is not terminated with a NL. > Thank you for the tip, but furthermore gets angry amavisd-new with me. > How I put down him the email addresses or Domainnamen there. You did check that the last line of a text file /var/amavis/home/black ends up with a newline, did you? > Now: > @.domain1.com > @.domain2.com As Noel Jones already told you, the correct syntax is without the '@', e.g.: .domain1.com .domain2.com See README.lookups, section HASH LOOKUPS. Mark - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] amavisd-new-2.5.3 - domain rejected
Hi I am trying to recieve a mail from a riskadvisory.net address and its being rejected due to the sender domain not existing - As i cant change anything at the senders end is there anything i can do to get this mail to me? Oct 6 14:48:49 sw19 postfix/smtpd[15308]: NOQUEUE: reject: RCPT from mail.RiskAdvisory.net[217.150.119.107]: 450 <[EMAIL PROTECTED] sory.net>: Sender address rejected: Domain not found; from=<[EMAIL PROTECTED]> to=<[EMAIL PROTECTED]> proto=ESMTP helo= thanks - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Virus Warning Delivery Rules
Erin, > Sorry but no one has any idea where I can start looking to fix this? Sorry for a slow response. The proper solution is more intricate than it appears (involves improving quarantine duplicate suppression), I expect to have it in 2.6.2. > If 2 (userA, and userB) that are in the TO, CC or BCC (or any > combination of those) and one (userA) has virus scanning and the other > (userB) does not they both get a virus warning but the second one > (userB) also gets the virus. > > I need to supress the virus warning mail for the second user(userB). > > Can some one please show me what to look for? A quick-fix workaround is to suppress a recipient notification for recipients which will be getting a message anyway (like virus/spam lovers, or a normal clean delivery): --- amavisd~2008-06-29 02:37:58.0 +0200 +++ amavisd 2008-10-06 16:09:13.0 +0200 @@ -11969,4 +11969,7 @@ } elsif (!c('warn_offsite') && !$r->recip_is_local) { $wr = 0; # do not notify foreign recipients +} elsif ($r->recip_destiny == D_PASS) { + do_log(5,"skip recipient notifications - mail will be delivered"); + $wr = 0; # do not notify recips which will be getting the message anyway # } elsif (! defined($msginfo->sender_contact) ) { # (not general enough) # do_log(5,"skip recipient notifications for unknown sender"); Alternatively, use per-recipient @warnvirusrecip_maps lookup list and enable recipient notifications only for users which have virus checking enabled. For virus-checking usesr like userA, instead of sending a separate recipient notification, it is probably better to pack a warning message directly in the passed infected message by using a defanging mechanism: $defang_virus=1; and turn off recipient notifications. Mark - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Write my own rulesets for spamassassin
Sebastian, > I want to write my own rules - in this case my own rules for Uribl. > If this pattern is in the mail, the score should be XX. > I enabled my own rules in local.cf in /etc/mail/spamassassin with > allow_user_rules 1 > The spamassassin --lint -D shows me > [16656] dbg: config: allowing user rules! > > My rules in local.cf are: Assuming this local.cf is in /etc/mail/spamassassin/local.cf, these are not user rules, but is a global SpamAssassin configuration file. There is no need to set allow_user_rules when rules are in /etc/mail/spamassassin/local.cf. > uri LOCAL_URI_EXAMPLE /www\.uni-leipzig.de\.de\/2009\// > score LOCAL_URI_EXAMPLE 5.1 > > But my user rules are not working - the message with > > www.uni-leipzig.de/2009 > > is not market with 5.1 points. No wonder. Your rule request the URI ends up with a slash, and yours doesn't. The rule also requires double .de\.de, which your URI does not have. > In the postfix-mailinglist a user said "if you use amavis with > spamassassin, not all the things will happen like in the spamasassin > help document". Rules in /etc/mail/spamassassin/*.cf files work normally in amavisd, just as they do with base spamassassin. Mark - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Strange error after upgrade to 2.6.1
Mike, > > forwarding FAILED: Can't locate object method "is_encoded" via package > > "Amavis::MIME::Body::OnOpenFh" at /usr/local/sbin/amavisd line 7038, > > line 5440. (in reply to end of DATA command)) > I got this figured out. Apparently CPAN was updating a Perl installation > in /usr/lib/perl5/site_perl, whereas Amavisd-new was picking up packages > in /usr/lib/perl5/vendor_perl. Because of that some modules that I > thought I'd updated (namely, MIME::Tools) where still picking up the older > versions that didn't have needed functionality. Thank you for the information. The next time google will find it :) Mark - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Another secondary virus scanner
Rocco, > > Just move it from @av_scanners to the @av_scanners_backup list > > and keep clamd as a primary virus scanner. > > I never have read the conf file completely... :-( Sorry.. > Now I have: > @av_scanners = ( ... > @av_scanners_backup = ( ... > But from docs it seems to me that in this manner every message is > scanned two time anyway.. Is this true? No. > Could I set up Amavisd-new so that I skip the secondary av scanner > if the first detect that the message is infected? Secondary scanners are skipped is at least one primary provides a definitive answer (clean or infected, not a failure). amavisd.conf-sample: # If no virus scanners from the @av_scanners list produce 'clean' nor # 'infected' status (i.e. they all fail to run or the list is empty), # then _all_ scanners from the @av_scanners_backup list are tried # (subject to $first_infected_stops_scan). When there are both # daemonized and equivalent or similar command-line scanners available, # it is customary to place slower command-line scanners in the # @av_scanners_backup list. The default choice is somewhat arbitrary, # move entries from one list to another as desired, keeping main scanners # in the primary list to avoid warnings. Mark - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] List Posting issue? (Was: Using RelayCountry with amavis?)
Per, > The X-Relay-Countries header is present in ham mail but not in messages > marked as spam. What is the additional parameter then for including it > with spams as well? Perhaps you are confusing quarantined mail with mail passed on to recipients (either ham or spam). The patch from mouss adds a X-Relay-Countries header field to passed mail, not to quarantined mail. Mark - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Another secondary virus scanner
Dave, > > Use your uvscan as a backup scanner. It won't be called unless > > clamd fails, which is just what you need. > > Is this just a matter of moving the uvscan block from @av_scanners > to @av_scanners_backup in amavisd.conf? Yes. Mark - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/