[AMaViS-user] How to skip the chekicng of the password protected zip files
Hi I'd like to ask how to kip the chekicng of the password protected zip files Now it's UNDECIPHERABLE so it is banned ( blocked ) What should I change in the config file? I'm using amavisd 2.2.1 Thanks pet -- Come build with us! The BlackBerryreg; Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9#45;12, 2009. Register now#33; http://p.sf.net/sfu/devconf ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] p0f problem
I would of thought I would have this issue, but I don't. This is cause I explicity state what ip my smtp server binds to (ipv4 address). So since it isn't using a default binding it doesn't bind to ipv6 and use ipv4 mapping. I haven't upgraded our network to ipv6 yet, since there are several critical parts that need to be replaced first for this to happen. Only thing on my server bound to ipv6 is ssh. Quoting Vytautas Kasparavicius vy...@plasta.lt: Thanks, That works. Strange that I'm first who facing this problem on Fedora11 with courier-0.62.1, amavisd-new-2.6.4 and p0f-2.0.8-5.fc11. Mark Martinec ra??: Seems your OS is providing IPv4 addresses in a form of 'IPv4-mapped IPv6 addresses'. The p0f daemon only supports IPv4 addresses, and the p0f-analyzer.pl does not rewrite an 'IPv4-mapped IPv6 addresses' into an IPv4 address, so the query is ignored. I can provide a patch for p0f-analyzer to rewrite 'IPv4-mapped IPv6 addresses' into an IPv4 address for the sake of p0f daemon, Try the following patch to p0f-analyzer.pl, which should treat an 'IPv4-mapped IPv6 addresses' as an IPv4 address: --- p0f-analyzer.pl~ 2009-09-28 20:43:50.0 +0200 +++ p0f-analyzer.pl 2009-09-28 20:43:24.0 +0200 @@ -123,6 +123,15 @@ if ($src_ip =~ /^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\z/) { # IPv4 -} elsif ($src_ip =~ /^ (?: IPv6: )? [0-9a-f]{0,4} - (?: : [0-9a-f]{0,4} | \. [0-9]{1,3} ){2,8} \z/xsi) { +} elsif ($src_ip =~ /^ + (?: (?: IPv6: )? 0{0,4} (?: : 0{0,4} ){1,4} : : )? + ( \d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3} )\z/xsi) { + $src_ip = $1; # IPv4-mapped IPv6 address, alternative dec, form +} elsif ($src_ip =~ /^ (?: IPv6: )? + [0-9a-f]{0,4} (?: : [0-9a-f]{0,4} ){2,7} + \z/xsi) { + $src_ip =~ s/^IPv6://i; +} elsif ($src_ip =~ /^ (?: IPv6: )? + [0-9a-f]{0,4} (?: : [0-9a-f]{0,4} ){2,5} : + \d{1,3} (?: \. \d{1,3} ){3} \z/xsi) { $src_ip =~ s/^IPv6://i; } else { undef $src_ip } Mark -- Come build with us! The BlackBerryreg; Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9#45;12, 2009. Register now#33; http://p.sf.net/sfu/devconf ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/ -- Come build with us! The BlackBerryreg; Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9#45;12, 2009. Register now#33; http://p.sf.net/sfu/devconf ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/ -- Come build with us! The BlackBerryreg; Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9#45;12, 2009. Register now#33; http://p.sf.net/sfu/devconf ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] Mails not passed to amavisd-new
Hello, I'm not sure if I should send this to the Postfix or to this mailing list, as I don't know where the error is. I've got the following setup: Postfix (2.5.5), Dovecot (1.1.11), Amavisd-new (2.6.2) on Ubuntu 9.04 Server. Amavis is set up according to the official Ubuntu Server guide [1], however, no mails seem to arrive at Amavis. This is the output of telnet localhost 10024: snip Trying ::1... telnet: connect to address ::1: Connection refused Trying 127.0.0.1... Connected to localhost (127.0.0.1). Escape character is '^]'. 220 [127.0.0.1] ESMTP amavisd-new service ready ehlo localhost 250-[127.0.0.1] 250-VRFY 250-PIPELINING 250-SIZE 250-ENHANCEDSTATUSCODES 250-8BITMIME 250-DSN 250 XFORWARD NAME ADDR PORT PROTO HELO SOURCE /snip I've even increased the loglevel in Amavis, but there is absolutely no activity in the log when new mails arrive. I'm absolutely lost here, googling unsuccessfully for hours and hours. I've got the feeling it's just a minor configuration issue somewhere, but I can't seem to find out. Below is my 50-user; if you need more information or log excerpts, just let me know. I didn't want to bloat this mail with unnecessary logs. snip of /etc/amavis/conf.d/50-user $DO_SYSLOG = 0; $LOGFILE = /var/log/amavis.log; # (defaults to empty, no log) $log_level = 2; @local_domains_acl = qw(.); $final_virus_destiny = D_DISCARD; $final_banned_destiny = D_BOUNCE; $final_spam_destiny = D_PASS; $spam_quarantine_to = undef; $final_bad_header_destiny = D_PASS; $sa_spam_subject_tag = '***SPAM*** '; $sa_tag_level_deflt = undef; $sa_tag2_level_deflt = 5; $sa_kill_level_deflt = 20; $sa_dsn_cutoff_level = 10; # Do not modify anything below this line - 1; # ensure a defined return /snip Cheers, Robert [1] https://help.ubuntu.com/9.04/serverguide/C/mail-filtering.html -- Come build with us! The BlackBerryreg; Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9#45;12, 2009. Register now#33; http://p.sf.net/sfu/devconf ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] adding header to mail
Hello list, maybe I wasn't clear. So I will try to explain it again. I'm using SpamAssassin with the URICountry Plugin. Now I would like to add a X-URI-Country: header to the scanned message. Therefore I added the following lines to the URICountry.pm module: # Build a string of all found countries and export it as a tag my $countries = ; foreach my $country (keys(%countries)) { $countries .= uc($country) . ; } chop $countries; $opts-{permsgstatus}-set_tag (URICOUNTRY, $countries); I put the whole plugin into the appendix. Then I added the following lines to amavisd-custom.conf: package Amavis::Custom; use strict; sub new { my($class,$conn,$msginfo) = @_; bless {}, $class; } sub before_send { my($self,$conn,$msginfo) = @_; my($uri_country) = $msginfo-supplementary_info('URICOUNTRY'); if (defined $uri_country $uri_country ne '') { my($hdr_edits) = $msginfo-header_edits; my($all_local) = !grep { !$_-recip_is_local } @{$msginfo- per_recip_data}; $hdr_edits-add_header('X-URI-Countries', $uri_country) if $all_local; } }; 1; # insure a defined return I can use the URICOUNTRY tag with the command 'spamassassin' (e.g. in a template like 30_text_de.cf). But amavisd doesn't add a header because URICOUNTRY is empty (=). Why doesn't amavisd see the content of URICOUNTRY? The concept I like to use is the same as with the RelayCountry plugin. I guess the problem is that the RelayCountry plugin is collecting its data much earlier (in the sub function extract_metadata) as the URICountry plugin. The URICountry plugin is collecting its data in the sub function parsed_metadata. Both plugins set the tag in the parsed_metadata function. But only the RelayCountry plugin can create an additional header (with put_metadata) in the extract_metadata function. So maybe the problem is that the plugin can't create an additional header and assign it to the tag. But on the other side is amavisd only evaluating the tag and not the header. So, any ideas why amavisd can not read the content of the tag URICOUNTRY? I use: amavisd-new 2.6.2 and SpamAssassin 3.2.5 Thanks for your help. Greetings Stefan -- Come build with us! The BlackBerryreg; Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9#45;12, 2009. Register now#33; http://p.sf.net/sfu/devconf___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] How to skip the chekicng of the password protected zip files
On 10/5/2009 10:23 AM, Jevos, Peter wrote: Hi I'd like to ask how to kip the chekicng of the password protected zip files Now it's UNDECIPHERABLE so it is banned ( blocked ) What should I change in the config file? I'm using amavisd 2.2.1 Under the $banned_filename_re section of your amavisd.conf, comment out the line that looks something like qr'^UNDECIPHERABLE$', # is or contains any undecipherable components -- Noel Jones -- Come build with us! The BlackBerryreg; Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9#45;12, 2009. Register now#33; http://p.sf.net/sfu/devconf ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Mails not passed to amavisd-new
On 10/5/2009 12:37 PM, Robert Markula wrote: Hello, I'm not sure if I should send this to the Postfix or to this mailing list, as I don't know where the error is. If mail is never passed to amavisd-new, it's a postfix configuration problem. I've got the following setup: Postfix (2.5.5), Dovecot (1.1.11), Amavisd-new (2.6.2) on Ubuntu 9.04 Server. Amavis is set up according to the official Ubuntu Server guide [1], however, no mails seem to arrive at Amavis. Check your postfix configuration. Specifically, check if postconf content_filter returns what you think you've set. After that, check the mail log to see what postfix does with the mail. Also, the setup guide configures postfix to only filter mail that arrives via SMTP; mail sent via the sendmail command (logged as pickup by postfix) is intentionally not filtered. If you need more help, see http://www.postfix.org/DEBUG_README.html#mail -- Noel Jones -- Come build with us! The BlackBerryreg; Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9#45;12, 2009. Register now#33; http://p.sf.net/sfu/devconf ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] How to skip the chekicng of the password protected zip files
On 10/5/2009 10:23 AM, Jevos, Peter wrote: Hi I'd like to ask how to kip the chekicng of the password protected zip files Now it's UNDECIPHERABLE so it is banned ( blocked ) What should I change in the config file? I'm using amavisd 2.2.1 Under the $banned_filename_re section of your amavisd.conf, comment out the line that looks something like qr'^UNDECIPHERABLE$', # is or contains any undecipherable components Dear Noel thaks for your answer I did it before already but it doesn't work here is my conf: $banned_filename_re = new_RE( # qr'^UNDECIPHERABLE$', # is or contains any undecipherable components # block certain double extensions anywhere in the base name qr'\.[^./]*\.(exe|vbs|pif|scr|bat|cmd|com|cpl|dll)\.?$'i, And the log is: Oct 5 21:37:16 mailgate amavis[32461]: (32461-03) p003 1 Content-Type: multipart/mixed Oct 5 21:37:16 mailgate amavis[32461]: (32461-03) p001 1/1 Content-Type: text/plain, size: 284 B, name: Oct 5 21:37:16 mailgate amavis[32461]: (32461-03) p002 1/2 Content-Type: application/force-download, size: 748191 B, name: test.zip Oct 5 21:37:16 mailgate amavis[32461]: (32461-03) do_unzip: p002, 1 members are encrypted, none extracted, archive retained Oct 5 21:37:17 mailgate amavis[32461]: (32461-03) spam_scan: not wasting time on SA, message longer than 262144 bytes: 1552+1011324 ... Oct 5 21:37:17 mailgate amavis[32461]: (32461-03) Blocked CLEAN, [xxx] [x] xxx - xxx, Message-ID: 4616.85.160.14.123.1254771424.s, Hits: -, 2245 ms thanks -- Come build with us! The BlackBerryreg; Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9#45;12, 2009. Register now#33; http://p.sf.net/sfu/devconf___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] How to skip the chekicng of the password protected zip files
On 10/5/2009 2:46 PM, Jevos, Peter wrote: On 10/5/2009 10:23 AM, Jevos, Peter wrote: Hi I'd like to ask how to kip the chekicng of the password protected zip files Now it's UNDECIPHERABLE so it is banned ( blocked ) What should I change in the config file? I'm using amavisd 2.2.1 Under the $banned_filename_re section of your amavisd.conf, comment out the line that looks something like qr'^UNDECIPHERABLE$', # is or contains any undecipherable components Dear Noel thaks for your answer I did it before already but it doesn't work here is my conf: $banned_filename_re = new_RE( # qr'^UNDECIPHERABLE$', # is or contains any undecipherable components # block certain double extensions anywhere in the base name qr'\.[^./]*\.(exe|vbs|pif|scr|bat|cmd|com|cpl|dll)\.?$'i, And the log is: Oct 5 21:37:16 mailgate amavis[32461]: (32461-03) p003 1 Content-Type: multipart/mixed Oct 5 21:37:16 mailgate amavis[32461]: (32461-03) p001 1/1 Content-Type: text/plain, size: 284 B, name: Oct 5 21:37:16 mailgate amavis[32461]: (32461-03) p002 1/2 Content-Type: application/force-download, size: 748191 B, name: test.zip Oct 5 21:37:16 mailgate amavis[32461]: (32461-03) do_unzip: p002, 1 members are encrypted, none extracted, archive retained Oct 5 21:37:17 mailgate amavis[32461]: (32461-03) spam_scan: not wasting time on SA, message longer than 262144 bytes: 1552+1011324 ... Oct 5 21:37:17 mailgate amavis[32461]: (32461-03) Blocked CLEAN, [xxx] [x]xxx - xxx, Message-ID:4616.85.160.14.123.1254771424.s, Hits: -, 2245 ms Looks like you snipped out the part of the log that shows why the mail was blocked. -- Noel Jones -- Come build with us! The BlackBerryreg; Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9#45;12, 2009. Register now#33; http://p.sf.net/sfu/devconf ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Mails not passed to amavisd-new
Noel Jones wrote: Also, the setup guide configures postfix to only filter mail that arrives via SMTP; mail sent via the sendmail command (logged as pickup by postfix) is intentionally not filtered. Noel, you definately saved my day! That was the problem. In my master.cf I had these lines set: snip pickupfifo n - - 60 1 pickup # Do not classify spam notifications as spam. -o content_filter= -o receive_override_options=no_header_body_checks /snip Which of course does what the comment says... by deactivating the checking on mails sent via sendmail. It's like the scales fell from my eyes. After removing these lines it worked as expected. Whew! Thank you very, very much, Noel! Robert -- Come build with us! The BlackBerryreg; Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9#45;12, 2009. Register now#33; http://p.sf.net/sfu/devconf ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] How to skip the chekicng of the password protected zip files
Hi I'd like to ask how to kip the chekicng of the password protected zip files Now it's UNDECIPHERABLE so it is banned ( blocked ) What should I change in the config file? I'm using amavisd 2.2.1 Under the $banned_filename_re section of your amavisd.conf, comment out the line that looks something like qr'^UNDECIPHERABLE$', # is or contains any undecipherable components Looks like you snipped out the part of the log that shows why the mail was blocked. -- Noel Jones So here is the log once again: Oct 5 22:33:43 mailgate amavis[4342]: (04342-02) p003 1 Content-Type: multipart/mixed Oct 5 22:33:43 mailgate amavis[4342]: (04342-02) p001 1/1 Content-Type: text/plain, size: 565 B, name: Oct 5 22:33:43 mailgate amavis[4342]: (04342-02) p002 1/2 Content-Type: application/force-download, size: 748191 B, name: test.zip Oct 5 22:33:43 mailgate amavis[4342]: (04342-02) do_unzip: p002, 1 members are encrypted, none extracted, archive retained Oct 5 22:33:43 mailgate amavis[4342]: (04342-02) spam_scan: not wasting time on SA, message longer than 262144 bytes: 1552+1011605 ... Oct 5 22:33:44 mailgate postfix/cleanup[4608]: A3C63A2465: reject: header Subject: ***UNCHECKED*** [Fwd: test] from localhost[127.0.0.1]; from=xx to=xx proto=ESMTP helo=localhost: 5.7.1 Amavis checked Oct 5 22:33:45 mailgate amavis[4342]: (04342-02) mail_via_smtp: 550 5.6.0 Failed, id=04342-02, from MTA: 550 5.7.1 Amavis checked Oct 5 22:33:45 mailgate amavis[4342]: (04342-02) Blocked CLEAN, [xx] [xx] xx - xx, Message-ID: 4705.85.160.37.107.1254774812.squir...@mail.oriflame.biz, Hits: -, 1959 ms Oct 5 22:33:45 mailgate postfix/smtpd[4259]: disconnect from localhost[127.0.0.1] thanks -- Come build with us! The BlackBerryreg; Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9#45;12, 2009. Register now#33; http://p.sf.net/sfu/devconf___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] How to skip the chekicng of the password protected zip files
On 10/5/2009 3:47 PM, Jevos, Peter wrote: Hi I'd like to ask how to kip the chekicng of the password protected zip files Now it's UNDECIPHERABLE so it is banned ( blocked ) What should I change in the config file? I'm using amavisd 2.2.1 Under the $banned_filename_re section of your amavisd.conf, comment out the line that looks something like qr'^UNDECIPHERABLE$', # is or contains any undecipherable components Looks like you snipped out the part of the log that shows why the mail was blocked. -- Noel Jones So here is the log once again: Oct 5 22:33:43 mailgate amavis[4342]: (04342-02) p003 1 Content-Type: multipart/mixed Oct 5 22:33:43 mailgate amavis[4342]: (04342-02) p001 1/1 Content-Type: text/plain, size: 565 B, name: Oct 5 22:33:43 mailgate amavis[4342]: (04342-02) p002 1/2 Content-Type: application/force-download, size: 748191 B, name: test.zip Oct 5 22:33:43 mailgate amavis[4342]: (04342-02) do_unzip: p002, 1 members are encrypted, none extracted, archive retained Oct 5 22:33:43 mailgate amavis[4342]: (04342-02) spam_scan: not wasting time on SA, message longer than 262144 bytes: 1552+1011605 ... Oct 5 22:33:44 mailgate postfix/cleanup[4608]: A3C63A2465: reject: header Subject: ***UNCHECKED*** [Fwd: test] from localhost[127.0.0.1]; from=xx to=xx proto=ESMTP helo=localhost: 5.7.1 Amavis checked The mail is blocked by a postfix header_checks rule when amavis tries to reinject it. Don't do that. Oct 5 22:33:45 mailgate amavis[4342]: (04342-02) mail_via_smtp: 550 5.6.0 Failed, id=04342-02, from MTA: 550 5.7.1 Amavis checked Oct 5 22:33:45 mailgate amavis[4342]: (04342-02) Blocked CLEAN, [xx] [xx]xx - xx, Message-ID:4705.85.160.37.107.1254774812.squir...@mail.oriflame.biz, Hits: -, 1959 ms Oct 5 22:33:45 mailgate postfix/smtpd[4259]: disconnect from localhost[127.0.0.1] -- Noel Jones -- Come build with us! The BlackBerryreg; Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9#45;12, 2009. Register now#33; http://p.sf.net/sfu/devconf ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/