[AMaViS-user] Newbie - Banned stops spam check?
I have amavis-new running with clamAV and spamassasin, all is good, and we have been altering settings chipping away at the spam getting through to the users, but now the majority is gone, I have noticed the remainder of the spam is showing no spam score.. but have this header X-Amavis-Alert: BANNED, message contains part: multipart/mixed | application/zip,.zip,Fees_2008-2009.zip | .exe,.exe-ms,Fees_2008-2009.doc.exe or similar the business get a lot of attachments, and zips, and exe's so we allow all banned to pass to the end user.. but I suspect that these spam mails would be spotted by spamassasin, if they were given the chance!!! so I guess what I am asking is... 1) is it correct that if the banned spots a mail, that it doesn't go onto span scoring? 2) can I tell it to spam check them anyway? 3) Since I don't Ban anything , could i disable that part, and then it would pick up the spam score? Thanks in advance Nathan - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Suppress recipient delimiters on outgoing mail?
On Sun, Oct 12, 2008 at 12:56 PM, Sahil Tandon <[EMAIL PROTECTED]> wrote: > John Andersen <[EMAIL PROTECTED]> wrote: >> I can see it in the logs. > > I use 2.6.1; just sent a SPAMMY test email to [EMAIL PROTECTED] > as well as [EMAIL PROTECTED] The former was sent > without an address extension while "+spam" was added to the local > part of the latter. This is consistent with what mouss said and the > following comment in the code: > > # If decided to pass viruses (or spam) to certain recipients using > # %lovers_maps_by_ccat, or by %final_destiny_by_ccat resulting in D_PASS, > # one may set the corresponding %addr_extension_maps_by_ccat to some string, > # and the recipient address will have this string appended as an address > # extension to a local-part (mailbox part) of the address. This extension > # can be used by a final local delivery agent for example to place such mail > # in different folder. Leaving these variable undefined or empty string > # prevents appending address extension. Recipients which do not match access > # lists in @local_domains_maps are not affected (i.e. non-local recipients > # do not get address extension appended). > > Well perhaps I did unwittingly set everything local. 2.4.3 is pretty old. I followed the docs in setting up the @local_domains_maps but I think those docs were wrong at that time, according to stuff I've read. I found this page helpful: http://www.engardelinux.com/modules/index/list_archives.cgi?list=amavis&page=0175.html&month=2008-07 I now have to wait till my user sends out her somewhat spammy newsletter again. -- --JSA- Someone stole my tag line, so now I have this rental. - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Suppress recipient delimiters on outgoing mail?
> Is this a case of local recipients forwarding to non-local domains > (aliases pointing to non-local recipeints)? I believe in this case the > [EMAIL PROTECTED] address would be rewritten as > [EMAIL PROTECTED] > > [EMAIL PROTECTED] [EMAIL PROTECTED] > Sorry, should have read user+spam, not spam+user. This alias seems to get the +spam when address rewriting is disabled before amavisd-new, but is enabled after amavisd-new. In other words: smtp inet n - - - - smtpd -o content_filter=smtp-amavis:[127.0.0.1]:10024 -o receive_override_options=no_address_mappings -- Gary V - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Suppress recipient delimiters on outgoing mail?
Sahil Tandon a écrit :
> John Andersen <[EMAIL PROTECTED]> wrote:
>
>
>> On Sun, Oct 12, 2008 at 2:12 AM, mouss <[EMAIL PROTECTED]> wrote:
>>
>>> John Andersen a écrit :
>>>
We scan mail inbound and outbound via Amavisd-New. (2.4.3 via Opensuse).
Occasionally someone will send something outbound that might get flagged
as spammy. Amavis then attaches our recipient delimiter +spam on the
outbound mail, all of which bounce.
>>> amavisd-new will only do that if the recipient is "local". so it looks
>>> like you defined remote domains as local. Is it so?
>>>
>> No, of course not.
>>
>> The users send mail thru our server whether locally attached or roaming
>> via authenticated (ssl) connections.
>>
>> Mail to some foreign address, say a gmail account or a ISP somewhere
>> is being scanned, and if found spammy (over our rather tight threshold)
>> is getting recipient delimiters appended.
>>
>> This is in spite of your assertion this can not happen.
>>
>> I can see it in the logs.
>>
>
> I use 2.6.1; just sent a SPAMMY test email to [EMAIL PROTECTED]
> as well as [EMAIL PROTECTED] The former was sent
> without an address extension while "+spam" was added to the local
> part of the latter. This is consistent with what mouss said and the
> following comment in the code:
>
> # If decided to pass viruses (or spam) to certain recipients using
> # %lovers_maps_by_ccat, or by %final_destiny_by_ccat resulting in D_PASS,
> # one may set the corresponding %addr_extension_maps_by_ccat to some string,
> # and the recipient address will have this string appended as an address
> # extension to a local-part (mailbox part) of the address. This extension
> # can be used by a final local delivery agent for example to place such mail
> # in different folder. Leaving these variable undefined or empty string
> # prevents appending address extension. Recipients which do not match access
> # lists in @local_domains_maps are not affected (i.e. non-local recipients
> # do not get address extension appended).
>
>
and the code (2.6.1) has
if ($is_local && $delim ne '') {
# append address extensions to mailbox names if desired
my($ext_map) = $r->setting_by_contents_category(
cr('addr_extension_maps_by_ccat'));
...
so it's subject to "$is_local".
and I've used extensions a long time ago and it worke
-
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Suppress recipient delimiters on outgoing mail?
On 10/12/08, Sahil Tandon <[EMAIL PROTECTED]> wrote: > John Andersen <[EMAIL PROTECTED]> wrote: > > > On Sun, Oct 12, 2008 at 2:12 AM, mouss <[EMAIL PROTECTED]> wrote: > > > John Andersen a écrit : > > >> We scan mail inbound and outbound via Amavisd-New. (2.4.3 via Opensuse). > > >> > > >> Occasionally someone will send something outbound that might get flagged > > >> as spammy. Amavis then attaches our recipient delimiter +spam on the > > >> outbound mail, all of which bounce. > > >> > > > > > > amavisd-new will only do that if the recipient is "local". so it looks > > > like you defined remote domains as local. Is it so? > > > > No, of course not. > > > > The users send mail thru our server whether locally attached or roaming > > via authenticated (ssl) connections. > > > > Mail to some foreign address, say a gmail account or a ISP somewhere > > is being scanned, and if found spammy (over our rather tight threshold) > > is getting recipient delimiters appended. > > > > This is in spite of your assertion this can not happen. > > > > I can see it in the logs. > > I use 2.6.1; just sent a SPAMMY test email to [EMAIL PROTECTED] > as well as [EMAIL PROTECTED] The former was sent > without an address extension while "+spam" was added to the local > part of the latter. This is consistent with what mouss said and the > following comment in the code: > > # If decided to pass viruses (or spam) to certain recipients using > # %lovers_maps_by_ccat, or by %final_destiny_by_ccat resulting in D_PASS, > # one may set the corresponding %addr_extension_maps_by_ccat to some string, > # and the recipient address will have this string appended as an address > # extension to a local-part (mailbox part) of the address. This extension > # can be used by a final local delivery agent for example to place such mail > # in different folder. Leaving these variable undefined or empty string > # prevents appending address extension. Recipients which do not match access > # lists in @local_domains_maps are not affected (i.e. non-local recipients > # do not get address extension appended). > > -- > Sahil Tandon <[EMAIL PROTECTED]> > Is this a case of local recipients forwarding to non-local domains (aliases pointing to non-local recipeints)? I believe in this case the [EMAIL PROTECTED] address would be rewritten as [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] -- Gary V - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Suppress recipient delimiters on outgoing mail?
John Andersen <[EMAIL PROTECTED]> wrote: > On Sun, Oct 12, 2008 at 2:12 AM, mouss <[EMAIL PROTECTED]> wrote: > > John Andersen a écrit : > >> We scan mail inbound and outbound via Amavisd-New. (2.4.3 via Opensuse). > >> > >> Occasionally someone will send something outbound that might get flagged > >> as spammy. Amavis then attaches our recipient delimiter +spam on the > >> outbound mail, all of which bounce. > >> > > > > amavisd-new will only do that if the recipient is "local". so it looks > > like you defined remote domains as local. Is it so? > > No, of course not. > > The users send mail thru our server whether locally attached or roaming > via authenticated (ssl) connections. > > Mail to some foreign address, say a gmail account or a ISP somewhere > is being scanned, and if found spammy (over our rather tight threshold) > is getting recipient delimiters appended. > > This is in spite of your assertion this can not happen. > > I can see it in the logs. I use 2.6.1; just sent a SPAMMY test email to [EMAIL PROTECTED] as well as [EMAIL PROTECTED] The former was sent without an address extension while "+spam" was added to the local part of the latter. This is consistent with what mouss said and the following comment in the code: # If decided to pass viruses (or spam) to certain recipients using # %lovers_maps_by_ccat, or by %final_destiny_by_ccat resulting in D_PASS, # one may set the corresponding %addr_extension_maps_by_ccat to some string, # and the recipient address will have this string appended as an address # extension to a local-part (mailbox part) of the address. This extension # can be used by a final local delivery agent for example to place such mail # in different folder. Leaving these variable undefined or empty string # prevents appending address extension. Recipients which do not match access # lists in @local_domains_maps are not affected (i.e. non-local recipients # do not get address extension appended). -- Sahil Tandon <[EMAIL PROTECTED]> - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Suppress recipient delimiters on outgoing mail?
On Sun, Oct 12, 2008 at 2:12 AM, mouss <[EMAIL PROTECTED]> wrote: > John Andersen a écrit : >> We scan mail inbound and outbound via Amavisd-New. (2.4.3 via Opensuse). >> >> Occasionally someone will send something outbound that might get flagged >> as spammy. Amavis then attaches our recipient delimiter +spam on the >> outbound mail, all of which bounce. >> > > amavisd-new will only do that if the recipient is "local". so it looks > like you defined remote domains as local. Is it so? No, of course not. The users send mail thru our server whether locally attached or roaming via authenticated (ssl) connections. Mail to some foreign address, say a gmail account or a ISP somewhere is being scanned, and if found spammy (over our rather tight threshold) is getting recipient delimiters appended. This is in spite of your assertion this can not happen. I can see it in the logs. > > whatever you do, you can have amavisd-new listen on two ports, say 10024 > for inbound mail and 10586 for outbound mail. then use policy banks to > have different configs for these ports. and have your MTA pass inbound > to 10024 and outbound to 10586. with postfix, you can use the FILTER > statement to do this (if your port 25 receives both inbound and > outbound), or you could simply force outbound mail to use the standard > submission port (587) instead of 25. This seems a rather long way to go to avoid a bug. And by the way, clients connect on port 465. -- --JSA- Someone stole my tag line, so now I have this rental. - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Error
On 10/12/08, Hannes Hellinger <[EMAIL PROTECTED]> wrote: > Thank you, > the problem was: > > drwxr-xr-x 57 nobody nogroup 4096 Oct 12 09:12 /etc > > I changed it to > > drwxr-xr-x 57 root root 4096 Oct 12 09:12 /etc > > Are the permissions ok ? drwxr-xr-x > That's what I have, 0755 Of course Mark is right about the entire path to /usr/share/amavis/conf.d also, as a couple config files are stored there too. sfa:~# ls -ld / drwxr-xr-x 23 root root 4096 2008-10-11 19:24 / sfa:~# ls -ld /etc drwxr-xr-x 64 root root 4096 2008-10-12 07:56 /etc sfa:~# ls -ld /etc/amavis drwxr-xr-x 4 root root 4096 2008-10-12 07:56 /etc/amavis sfa:~# ls -ld /etc/amavis/conf.d drwxr-xr-x 2 root root 4096 2008-10-12 07:56 /etc/amavis/conf.d sfa:~# ls -ld /usr drwxr-xr-x 11 root root 4096 2007-06-01 07:55 /usr sfa:~# ls -ld /usr/share drwxr-xr-x 82 root root 4096 2008-10-12 07:56 /usr/share sfa:~# ls -ld /usr/share/amavis drwxr-xr-x 3 root root 4096 2008-10-12 07:56 /usr/share/amavis sfa:~# ls -ld /usr/share/amavis/conf.d drwxr-xr-x 2 root root 4096 2008-10-12 07:56 /usr/share/amavis/conf.d sfa:~# ls -l /etc/amavis/conf.d total 56 -rw-r--r-- 1 root root 1458 2007-02-24 11:30 01-debian -rw-r--r-- 1 root root 692 2007-02-24 11:30 05-domain_id -rw-r--r-- 1 root root 235 2007-02-24 11:30 05-node_id -rw-r--r-- 1 root root 13907 2007-02-24 11:30 15-av_scanners -rw-r--r-- 1 root root 554 2007-02-24 11:30 15-content_filter_mode -rw-r--r-- 1 root root 9187 2007-02-24 11:30 20-debian_defaults -rw-r--r-- 1 root root 573 2007-02-24 11:30 25-amavis_helpers -rw-r--r-- 1 root root 2130 2007-02-24 11:30 30-template_localization -rw-r--r-- 1 root root 318 2007-02-24 11:30 50-user sfa:~# ls -l /usr/share/amavis/conf.d total 8 -rw-r--r-- 1 root root 855 2007-02-24 11:30 10-debian_scripts -rw-r--r-- 1 root root 648 2007-02-24 11:30 20-package -- Gary V - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Suppress recipient delimiters on outgoing mail?
sorry for the dups. there's a problem somewhere... lost connection with mx.sourceforge.net[216.34.181.68] while sending end of data -- message may be sent more than once - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Suppress recipient delimiters on outgoing mail?
John Andersen a écrit : > We scan mail inbound and outbound via Amavisd-New. (2.4.3 via Opensuse). > > Occasionally someone will send something outbound that might get flagged > as spammy. Amavis then attaches our recipient delimiter +spam on the > outbound mail, all of which bounce. > amavisd-new will only do that if the recipient is "local". so it looks like you defined remote domains as local. Is it so? > Is there anyway to prevent Plus addressing from being added by > amavisd on outbound mail. > > I can't think of a single good reason to apply local extensions > to outgoing mail. > whatever you do, you can have amavisd-new listen on two ports, say 10024 for inbound mail and 10586 for outbound mail. then use policy banks to have different configs for these ports. and have your MTA pass inbound to 10024 and outbound to 10586. with postfix, you can use the FILTER statement to do this (if your port 25 receives both inbound and outbound), or you could simply force outbound mail to use the standard submission port (587) instead of 25. - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
