[AMaViS-user] RCVD_ILLEGAL_IP
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, a big Italian ISP is using 1.x.x.x for its internal network. This annoying behaviour is triggering a lot of false positive spam reports because of RCVD_ILLEGAL_IP is worth 3.196 spam points. Assuming that complaining with the folks of above-mentioned ISP is more than worthless, how can I adjust the spam point of RCVD_ILLEGAL_IP within Amavisd-new? Thank you. Ciao, luigi - -- / +--[Luigi Rosa]-- \ You can tune a filesystem, but you can't tuna fish. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkmFj8kACgkQ3kWu7Tfl6ZR21gCeLs0i3PBK11NnAk4WJFnxAH5o P5UAnA+ezR69djLFMRZztl/7Jm4LlZKu =4vzo -END PGP SIGNATURE- -- This SF.net email is sponsored by: SourcForge Community SourceForge wants to tell your story. http://p.sf.net/sfu/sf-spreadtheword ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] RCVD_ILLEGAL_IP
Luigi Rosa a écrit : Hi, a big Italian ISP is using 1.x.x.x for its internal network. This annoying behaviour is triggering a lot of false positive spam reports because of RCVD_ILLEGAL_IP is worth 3.196 spam points. Assuming that complaining with the folks of above-mentioned ISP is more than worthless, how can I adjust the spam point of RCVD_ILLEGAL_IP within Amavisd-new? within amavisd-new? no. but you can change it spamassassin configuration. for example, by adding score RCVD_ILLEGAL_IP 1.2 to your local.cf. or you can disable the rule altogether by setting the score to 0, or by using meta score RCVD_ILLEGAL_IP (0) instead. Followup on the spamassassin-users list please. -- This SF.net email is sponsored by: SourcForge Community SourceForge wants to tell your story. http://p.sf.net/sfu/sf-spreadtheword ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] How to disable Spamassassin module/enable connection to spamd?
Filip,
for testing purposes I'd welcome not to use SpamAssassin module and to
force usage of spamd. I just found theese three commented lines near
'sub check {' in amavisd but nothing more in Google, docs, mailing-lists
etc. Need help, please! I'm desperate! :)
# expects spamd started like the following:
# spamd -H /var/amavis/home -r /var/amavis/home/spamd.pid -s user \
# -u vscan -g vscan -x -P -m 20
The Amavis::SpamControl::SpamdClient module is experimental,
its only purpose was to exercise/troubleshoot spamd by feeding it
queries from amavisd and comparing results to direct checking,
then logging a result only, and NOT contributing to results.
One problem is service stability/predictability, as spamd spawns
additional child processes on demand, which clashes with the
fixed number of available services assumed by amavisd.
One technical problem still not completely solved is a requirement
of a spamc/spamd protocol to know the exact message size in advance,
which is difficult to meet under certain circumstances.
Not to be used for production use!
If you want to experiment, the following change (to 2.6.2)
enables it and fixes one bug:
--- amavisd.orig2008-12-15 01:50:09.0 +0100
+++ amavisd 2009-02-01 15:51:49.0 +0100
@@ -13405,5 +13405,5 @@
{ @Amavis::Conf::av_scanners = @Amavis::Conf::av_scanners_backup = () }
-undef $extra_code_antispam_spamc; # just disable it, only used for testing
+#undef $extra_code_antispam_spamc; # just disable it, only used for testing
my($bpscm) = ca('bypass_spam_checks_maps');
@@ -20739,5 +20739,5 @@
defined $nbytes or die Error reading: $!;
}
- $spamd_handle-dataend; $smtp_session-transaction_ends;
+ $spamd_handle-dataend;
$spamd_handle-flush;
undef $hdr_prefix; # release storage
Then grep the log (log level at least 2, preferably 5), search for 'spamd'.
Mark
--
This SF.net email is sponsored by:
SourcForge Community
SourceForge wants to tell your story.
http://p.sf.net/sfu/sf-spreadtheword
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] What has been blocked here?
From a bounce: host mail-ausfall.charite.de[193.175.70.131] said: 554 5.7.0 Reject, id=11224-17 - BANNED: image/gif,.image,.gif,cid: 1.3255452...@web26003.mail.ukl.yahoo.com (in reply to end of DATA command) An attachment of the type image/gif with ??? -- Ralf Hildebrandtralf.hildebra...@charite.de Charite - Universitätsmedizin BerlinTel. +49 (0)30-450 570-155 Geschäftsbereich IT | Abt. Netzwerk Fax. +49 (0)30-450 570-962 Hindenburgdamm 30 | 12200 Berlin -- This SF.net email is sponsored by: SourcForge Community SourceForge wants to tell your story. http://p.sf.net/sfu/sf-spreadtheword ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] Spam properly handled, but Subject is not Re-written
Problem Summary: Spam is properly identified and quarantined, but the Subject line is not re-written. I'd like the subject line to say SPAM! + the old subject line I'm new to Amavis, but experienced in Spamassassin Postfix. I recently rebuild my Debian etch (stable) eMail server and added Amavis-new and ClamAV with postfix and spamassassin. I also am using the volatile repository so that I get the most up-to-date version of amavis. I've got my spam and viral eMails being segregated for my entire domain into separate dummy user accounts. Everything is working fine, accept that the subject line is not being re-written. In other words, spam is being properly tagged and handled, but the subject line is not being replaced as it should be. Ideally, I'd like to be able to pre-pend the word SPAM and the spam score to the existing subject line. This would allow me to sort through the spam eMails and take a closer look at the ones with low scores. I've read through the lists, but have not found my problem. Could someone suggest something to try? Thanks! For reference, here are the contents of /etc/amavis/conf.d/50-user, where I made all the changes. $sa_tag_level_deflt = undef; $sa_tag2_level_deflt = 2.5; $sa_kill_level_deflt = 2.5; $sa_dsn_cutoff_level = undef; $sa_spam_subject_tag = 'SPAM!)'; $final_spam_destiny = D_DISCARD; $spam_quarantine_to = sp...@nerdworld.org; $virus_quarantine_to = vir...@nerdworld.org; Here are some sample X tags in a properly identified spam eMail: X-Quarantine-ID: UdSNBb2BxcjA X-Spam-Flag: YES X-Spam-Score: 24.995 X-Spam-Level: X-Spam-Status: Yes, score=24.995 tag=x tag2=2.5 kill=2.51 tests=[DNS_FROM_OPENWHOIS=2.431, HELO_LH_HOME=3.169, INVALID_DATE=1.651, RCVD_IN_BL_SPAMCOP_NET=2.188, RCVD_IN_PBL=0.509, RCVD_IN_XBL=2.896, RDNS_NONE=0.1, STOX_REPLY_TYPE=0.001, TVD_FINGER_02=2.72, TVD_SPACE_RATIO=2.899, URIBL_AB_SURBL=1.613, URIBL_BLACK=1.961, URIBL_JP_SURBL=2.857] -- Casey Bralla Chief Nerd in Residence The NerdWorld Organisation -- This SF.net email is sponsored by: SourcForge Community SourceForge wants to tell your story. http://p.sf.net/sfu/sf-spreadtheword ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Spam properly handled, but Subject is not Re-written
On 2/1/09 8:24 AM, Casey Bralla wrote: Problem Summary: Spam is properly identified and quarantined, but the Subject line is not re-written. I'd like the subject line to say SPAM! + the old subject line See: No spam-related headers inserted?, and How to add the spam tags to all inbound messages http://www.ijs.si/software/amavisd/#faq-spam This document will give you some idea about Debian's config file layout for amavis: http://www200.pair.com/mecham/spam/debian-amavisd-new_2.4.2.html Ideally, I'd like to be able to pre-pend the word SPAM and the spam score to the existing subject line. This would allow me to sort through the spam eMails and take a closer look at the ones with low scores. I've read through the lists, but have not found my problem. Could someone suggest something to try? For reference, here are the contents of /etc/amavis/conf.d/50-user, where I made all the changes. $sa_tag_level_deflt = undef; $sa_tag2_level_deflt = 2.5; $sa_kill_level_deflt = 2.5; $sa_dsn_cutoff_level = undef; $sa_spam_subject_tag = 'SPAM!)'; $final_spam_destiny = D_DISCARD; $spam_quarantine_to = sp...@nerdworld.org; $virus_quarantine_to = vir...@nerdworld.org; -- This SF.net email is sponsored by: SourcForge Community SourceForge wants to tell your story. http://p.sf.net/sfu/sf-spreadtheword ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Spam properly handled, but Subject is not Re-written
On 2/1/09 8:24 AM, Casey Bralla wrote: Problem Summary: Spam is properly identified and quarantined, but the Subject line is not re-written. I'd like the subject line to say SPAM! + the old subject line The idea behind not changing the subject line of quarantined mail is because at some point you may wish to release mail from quarantine. If you are releasing it, then it's likely that you are releasing it because it is not spam. If it's not spam, then having it marked as such would be confusing to the recipient(s). There is a way to add the score, for example: $sa_spam_subject_tag = 'SPAM! _SCORE_ '; But only mail actually passed to local recipients will have the subject line modified. Since your kill_level is low (in my opinion), I believe you will have to do a lot of work constantly policing the quarantine. Personally, I think you would be better off passing (and marking) some spam to your recipients. I would let them manage at least some of their spam. For example: $sa_tag2_level_deflt = 5; $sa_kill_level_deflt = 8; -- Gary V -- This SF.net email is sponsored by: SourcForge Community SourceForge wants to tell your story. http://p.sf.net/sfu/sf-spreadtheword ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
