[AMaViS-user] Confused on a Spam Score
I recently had an email message blocked that I'm confused on. Initially we had thought that it was blocked because of the .docx attachment, but when we checked it was blocked as spam, not as a banned file. Examining the headers showed the following line for X-Spam-Status. All triggered rules should cause a score of -1.44, which shows, but then there is a +40 appended after that indicating a higher score. What would cause this score modification? Yes, score=-1.44+40 tag=-999 tag2=5 kill=5 tests=[ALL_TRUSTED=-1.44] Thanks. Mike Gaskins CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential, proprietary, and/or privileged information protected by law. If you are not the intended recipient, you may not read, use, copy, or distribute this e-mail message or its attachments. If you believe you have received this e-mail message in error, please contact the sender by reply e-mail or telephone immediately and destroy all copies of the original message. -- Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA -OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise -Strategies to boost innovation and cut costs with open source participation -Receive a $600 discount off the registration fee with the source code: SFAD http://p.sf.net/sfu/XcvMzF8H ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Strange error after upgrade to 2.6.1
I got this figured out. Apparently CPAN was updating a Perl installation in /usr/lib/perl5/site_perl, whereas Amavisd-new was picking up packages in /usr/lib/perl5/vendor_perl. Because of that some modules that I thought I'd updated (namely, MIME::Tools) where still picking up the older versions that didn't have needed functionality. Mike [EMAIL PROTECTED] wrote on 10/03/2008 09:40:12 AM: > [EMAIL PROTECTED] > 10/03/2008 10:05 AM > > To > > amavis-user@lists.sourceforge.net > > cc > > Subject > > [AMaViS-user] Strange error after upgrade to 2.6.1 > > I switched my mail filter server yesterday from our older setup running > amavisd-new 2.4.2, to an updated system running 2.6.1. Everything > appeared to be going fine, but when I came in this morning I have about > 15-20 messages stuck in my mail queue displaying the following message: > > forwarding FAILED: Can't locate object method "is_encoded" via package > "Amavis::MIME::Body::OnOpenFh" at /usr/local/sbin/amavisd line 7038, > line 5440. (in reply to end of DATA command)) > > Google hasn't proved very helpful on this one. The only mention I can > even find of "Amavis::MIME::Body::OnOpenFH" is in the Amavisd release > notes. > > Thanks. - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] Strange error after upgrade to 2.6.1
I switched my mail filter server yesterday from our older setup running amavisd-new 2.4.2, to an updated system running 2.6.1. Everything appeared to be going fine, but when I came in this morning I have about 15-20 messages stuck in my mail queue displaying the following message: forwarding FAILED: Can't locate object method "is_encoded" via package "Amavis::MIME::Body::OnOpenFh" at /usr/local/sbin/amavisd line 7038, line 5440. (in reply to end of DATA command)) Google hasn't proved very helpful on this one. The only mention I can even find of "Amavis::MIME::Body::OnOpenFH" is in the Amavisd release notes. Thanks. Michael Gaskins Berkeley County Government I.T. Project Manager [EMAIL PROTECTED] 843-719-4759 - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] Backscatter
Ok, I'm not sure what has happened, but my own email address along with many of my users is being used as a forged sender address for a lot of spam, and I'm getting pummeled by backscatter (as in I just came back from lunch after having cleared them out and had 27 more delivery failure messages waiting on me - many users on my system are experiencing similar volumes). I was thinking: given that the proper way to generate a bounce is to have the actual outgoing server generate it to it's own users, does anyone here see any issue with configuring rules that would block any delivery failure messages that aren't originating from my own server? Thanks. Mike Gaskins - This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Prevent banned notification in case of high spam score?
[EMAIL PROTECTED] wrote on 03/13/2008 09:09:48 PM: > The spam score is only available if it is cached from some previous > check of a message with the same contents, or in case of multi-recipient > mail where some recipients are set to bypass banned checks. If there is > no other need for spam checking and a message contains a banned contents, > then spam checking is skipped. > > I dont't see any obvious solution, except to (temporarily?) disable > banned recipient notifications, of lift a ban on zip and let spam checks > take over. > > Mark Well, I don't think I can get rid of the notifications, but I'll check with the powers that be and see if they don't mind taking zips out of banned status. Most malicious stuff that might be contained within the zip should still be caught, so there's probably no huge reason to block them at this point. Thanks. Mike - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] Prevent banned notification in case of high spam score?
I've run into a problem lately. I have a ton of spam coming in that is being scored quite highly and properly, but they tried to hide their spam message inside a zip file. It's not actually a virus, so the zip doesn't get hit by ClamAV. The problem is that Banned status seems to be higher priority than Spam, and we generate a warning message to a user if they get a banned file (whereas spam is quarantined with no message and Viruses are just discarded with no notification). So, this stuff is all getting blocked but the zip files within are generating a ton of banned file notifications to my users. Is there any easy way to solve this? I notice that the Spam score is still calculated even for Banned notifications - perhaps there could be a threshold where if a message with a Banned file type has a certain Spam score it will discard it and not send a notification? Thanks. Mike Gaskins - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] (!!)TROUBLE in child_init_hook: BDB no dbS: Lock table is out of available locker entries, . at (eval 38) line 30.
[EMAIL PROTECTED] wrote on 03/10/2008 08:07:16 AM: > On Friday 07 March 2008 17:25, Luis Daniel Lucio Quiroz wrote: > > Does anybody has any way to fix this, this is common now at my server: > > > > (!!)TROUBLE in child_init_hook: BDB no dbS: Lock table is out of available > > locker entries, . at (eval 38) line 30. > > FYI: > After an upgrade of BerkeleyDB (perl modul) from 0.26 to 0.33 I get the same > errors. I'm experiencing this issue as well. It started cropping up back in January and typically would choke the email server each weekend. I'd come back on Mondays and restart the amavisd-new daemon and it'd run fine for a while longer and then would bomb out again (typically a few days later - and almost any Friday that it was left running it would almost always crash). At the time I updated virtually everything that I could figure touched the email components of the system - all Perl modules, BerkeleyDB, amavisd-new, etc. One thing that did seem to help for a while was moving my pre-forked process count from 2 to 5. After doing that the issue went away for roughly a month, but it happened again this weekend. Updated amavisd-new again and moved the process count up to 6. I'm also crafting up a Perl script that checks the mail queue volume and once it passes 500 messages (which is excessive for our system - when working properly it rarely passes 30 messages in queue) it will restart the amavisd-new daemon (limited to 1 restart per day though). I'm running on Gentoo 2007.0 Server. Mike Gaskins - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Amavisd-new does not start after yum install on fc3
[EMAIL PROTECTED] wrote on 12/11/2006 10:19:09 AM: > Problem in the Amavis::Unpackers code: Archive::Zip version 1.14 > required--this is only version 1.01 at (eval 50) line 21. > > BEGIN failed--compilation aborted at (eval 50) line 21. Looks like your Achive::Zip package is out of date. Use Fedora's tools or PEAR to grab a newer version. Mike - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] Messages getting caught in Postfix's Queue
I know that I mentioned Postfix in the subject but I think the behaviour I'm witnessing is caused by Amavisd-new. I am building up lots and lots of messages caught in my postfix queue with the following message: (host 127.0.0.1[127.0.0.1] said: 421 4.3.2 Service shutting down, closing channel (in reply to end of DATA command)) This appears to be Amavisd-new rejecting the message from being accepted for scanning. Most mail seems to be coming through fine, so in general the system is working. I looked into the issue and noticed that every message that is being rejected has a '?' (question-mark) character as part of the sender address. Is amavisd-new intentionally rejecting this messages? If so wouldn't it be better to reject using a 500 code rather than a 400? All the messages causing this message do appear to be Spam BTW, so delivery isn't an issue. It's just that they're cluttering up the queue. Thanks. Mike Gaskins - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] Determining which rules a clean message violated
I'm currently using a the common Postfix/Amavisd-new/SpamAssassin combo to filter messages before passing them onto my Lotus Domino server. This is working well, and I've written a little PHP frontend to handle quarantine searches as well as releasing/training on messages. To facilitate training I "quarantine" clean messages for 7 days along with all the others. The problem I have, is in finding out which SpamAssassin rules a clean message actually triggered. These show up in the headers of the delivered message, but not in the quarantined message nor anywhere in the database (that I can find). Aside from going to the receiving user's mailbox and examining the delivered message, is there any way I can determine this? Michael Gaskins Berkeley County Government Trainer/Application Developer (IT Department) [EMAIL PROTECTED] 843-719-4759 - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Permissions on amavisd.sock
Mark Martinec wrote on 09/29/2006 09:09:10 AM:
> > (patch against 2.4.2, but should apply to other versions as well):
>
> Actually my previous patch was not too clever, it affected
> file protection of pid file as well. Strike it, and try this one:
>
> --- amavisd.orig Tue Jun 27 13:31:56 2006
> +++ amavisd Fri Sep 29 15:08:00 2006
> @@ -6867,4 +6867,12 @@
> }
>
> +sub post_configure_hook {
> + umask(0007); # affect protection of Unix sockets created by
Net::Server
> +}
> +
> +sub post_bind_hook {
> + umask(0027); # restore our preferred umask
> +}
> +
> ### Net::Server hook
> ### This hook occurs in the parent (master) process after chroot,
This worked for me. Thanks.
Michael Gaskins
-
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] Permissions on amavisd.sock
I've run into a bit of a problem and figured I'd ask here before beating my head on the desk too much :). I need a user other than amavisd or root to be able to release messages from quarantine. This user has been added to my amavis group, but the permissions on the amavisd.sock file don't allow group writes. As a result when this user runs amavisd-release they get an error. I can manually chmod the file to give it group write persmissions and it works fine, but as soon as I restart amavisd-new it gets recreated with the old permissions and it breaks again. Anybody got any insight on making this file get created with group-write permissions each time? Or any suggestion on an alternative release procedure would be welcome too. Thanks. Mike Gaskins - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Amavisd-new and GroupWise integration
[EMAIL PROTECTED] wrote on 08/01/2006 04:42:45 PM: > Hello there. I've got amavisd-new version 2.4.2 installed on a mail > server that is destined to be a gateway machine to our internal > GroupWise 6.5 server. I have not yet configured amavisd to look up > valid users on the GW server, but it looks like I can use an LDAP search > for that. My real question is this: I want to test this setup for a > day or two with just a small subset of my GW users. It looks like I can > set up a map to feed to bypass_spam_checks and bypass_virus_checks, but > is there an inverse option to this? As in, "only perform checks for > these users" instead of "don't perform checks for these users"? Or am I > misunderstanding how to use this? > > Thanks, > Ed Barrett You'll generally want to do this in your main MTA, not within amavisd-new itself. I'm using Lotus Domino as my main system (Postfix running as MTA on gateway), and basically just have a Perl script query my Domino server every other hour, build a list of valid users, and then have Postfix check against that list before accepting a message. Mike Gaskins - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] Amavisd-new Content field in msgs table (SQL information storage)
I'm working on writing an inhouse program to manage our Amavisd-new quarantine, and wanted to be able to differentiate between a message that amavisd-new had flagged as spam and a message that had been trained as spam. My question is pretty simple: after quarantine information has been stored into the database, does Amavisd-new use any of that information anymore? My thought was to change the content field to 'TS' once a message had been specifically trained as spam, and 'TC' when it had been trained as clean/valid. Would this negatively affect the operation of Amavisd-new? Thanks, Mike Gaskins - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
