[AMaViS-user] Russion SPAM
Hi, I am running postfix 2.2.4 on Solaris 8 with amavisd-new.2.3.2, SpamAssassin 3.1.0 and Clamav 0.8.7.1 as an AV/AS gateway to my main email system. Twice in last week our Spamassassin didn't detected sort of Russion SPAM where most of the addresses were starting from "ann..." and most of the domains were ".ru" Any idea to block this SPAM. MJ --- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642 ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] Want to allow *.* in .zip format
Hi, I am running postfix 2.2.4 on Solaris 8 with amavisd-new.2.3.2, SpamAssassin 3.1.0 and Clamav 0.8.7.1 as an AV/AS gateway to my main email system. Few weeks ago I uncommented following line of my amavisd.conf to allow .exe files in zip format. I have tested simply by compressing single exe file and sending it thourgh my mail server and it was successfully deliver. [ qr'^\.(zip|rar|arc|arj|zoo)$'=> 0 ], # allow any within such archives Today, one our users tried send a zip files containing bunch of files (some of them were .exe and .zip also), but the sender received a bounced message with following error. Diagnostic-Code: smtp; 550 5.7.1 Message content rejected, id=04518-07 - BANNED: multipart/mixed | application/x-zip-compressed,.zip,RouterSim.zip | .exe,.exe-ms,RouterSim2 Can some one tell me why this double standard? Why it works with my tests but not with users sending .exe files in zip format. Thanks, MJ --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642 ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] Want to allow *.* in .zip format
Hi, I am running postfix 2.2.4 on Solaris 8 with amavisd-new.2.3.2, SpamAssassin 3.1.0 and Clamav 0.8.7.1 as an AV/AS gateway to my main email system. Few weeks ago I uncommented following line of my amavisd.conf to allow .exe files in zip format. I have tested simply by compressing single exe file and sending it thourgh my mail server and it was successfully deliver. [ qr'^\.(zip|rar|arc|arj|zoo)$'=> 0 ], # allow any within such archives Today, one our users tried send a zip files containing bunch of files (some of them were .exe and .zip also), but the sender received a bounced message with following error. Diagnostic-Code: smtp; 550 5.7.1 Message content rejected, id=04518-07 - BANNED: multipart/mixed | application/x-zip-compressed,.zip,RouterSim.zip | .exe,.exe-ms,RouterSim2 Can some one tell me why this double standard? Why it works with my tests but not with users sending .exe files in zip format. Thanks, MJ --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642 ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
RE: [AMaViS-user] Allowing exe files in zip format
>This one would interest me too ...
>Which var did you passed this option? May you pass the paragraph here?
>In my debian amavisd.conf is no such uncommentable line.
I am using amavisd-new.2.3.2 and by default it has commented line under
"$banned_filename_re " paragraph, I just uncommented. Here is the
paragraph
MJ
--
$banned_filename_re = new_RE(
# qr'^UNDECIPHERABLE$', # is or contains any undecipherable components
# block certain double extensions anywhere in the base name
qr'\.[^./]*[A-Za-z][^./]*\.(exe|vbs|pif|scr|bat|cmd|com|cpl|dll)\.?$'i,
# qr'\{[0-9a-z]{4,}(-[0-9a-z]{4,}){0,7}\}?'i, # Class ID extensions -
CLSID
qr'^application/x-msdownload$'i, # block these MIME
types
qr'^application/x-msdos-program$'i,
qr'^application/hta$'i,
# qr'^message/partial$'i, # rfc2046 MIME type
# qr'^message/external-body$'i, # rfc2046 MIME type
# [ qr'^\.(Z|gz|bz2)$' => 0 ], # allow any in Unix-compressed
[ qr'^\.(rpm|cpio|tar)$' => 0 ], # allow any in Unix-type
archives
[ qr'^\.(zip|rar|arc|arj|zoo)$'=> 0 ], # allow any within such
archives
qr'.\.(exe|vbs|pif|scr|bat|cmd|com|cpl)$'i, # banned extension - basic
#
qr'.\.(ade|adp|app|bas|bat|chm|cmd|com|cpl|crt|emf|exe|fxp|grp|hlp|hta|
#inf|ins|isp|js|jse|lnk|mda|mdb|mde|mdw|mdt|mdz|msc|msi|msp|mst|
#ops|pcd|pif|prg|reg|scr|sct|shb|shs|vb|vbe|vbs|
#wmf|wsc|wsf|wsh)$'ix, # banned ext - long
# qr'.\.(mim|b64|bhx|hqx|xxe|uu|uue)$'i, # banned extension - WinZip
vulnerab.
qr'^\.(exe-ms)$', # banned file(1) types
# qr'^\.(exe|lha|tnef|cab|dll)$', # banned file(1) types
);
--
---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems? Stop! Download the new AJAX search engine that makes
searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
RE: [AMaViS-user] Allowing exe files in zip format
Hi, Got it. I uncommented the following line in /etc/amavisd.conf and it solved my problem. [ qr'^\.(zip|rar|arc|arj|zoo)$'=> 0 ], # allow any within such archives Thanks, MJ --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] Allowing exe files in zip format
Hi, I am running postfix 2.2.4 on Solaris 8 with amavisd-new.2.3.2, SpamAssassin 3.1.0 and Clamav 0.8.7.1 as an AV/AS gateway to my main email system. We want our users to be able to send exe files in compress form (.zip) how can I configure amavisd not to bann exe files in zip format. Thanks, MJ --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] How to automatically report SPAM to spamcop
Hi, I am running postfix 2.2.4 on Solaris 8 with amavisd-new.2.3.2, SpamAssassin 3.1.0 and Clamav 0.8.7.1 as an AV/AS gateway to my main email system. Since we are any ISP and we received thousands of SPAM messages I want to report these messages to spamcop. I have gone through the faq's on spamcop site and some docs on spamassassin site but still I didn't get a clear idea how to configure this. Can any one guide me on this. Second question is that am using postfix to check the rbls, is it OK or I need to check this in amavisd? Thanks, MJ --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
RE: [AMaViS-user] RATWARE_ZERO_TZ
Hi Mark, Thanks for your reply, still I have a confusion can define in simple words the meaning of this rule? Why it triggers mostly when the message is from hotmail and also a particular sender from hotmail? MJ --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
RE: [AMaViS-user] RATWARE_ZERO_TZ
Thanks Michael, here is another example with full header Received: from hotmail.com (bay20-f13.bay20.hotmail.com [64.4.54.102]) by mailgate2.cyberia.net.sa (Postfix) with ESMTP id A33A71F07EF for <[EMAIL PROTECTED]>; Tue, 20 Dec 2005 17:44:05 +0300 (GMT) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Tue, 20 Dec 2005 06:44:01 -0800 Message-ID: <[EMAIL PROTECTED]> Received: from 212.138.113.13 by by20fd.bay20.hotmail.msn.com with HTTP; Tue, 20 Dec 2005 14:44:01 GMT X-Originating-IP: [212.138.x.x] X-Originating-Email: [EMAIL PROTECTED] X-Sender: [EMAIL PROTECTED] From: "MJ" <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: Cyberia Date: Tue, 20 Dec 2005 14:44:01 + Mime-Version: 1.0 Content-Type: text/html; format=flowed X-OriginalArrivalTime: 20 Dec 2005 14:44:01.0705 (UTC) FILETIME=[D1462190:01C60573] X-Spam-Status: Yes, hits=7.111 tag=2 tag2=6.31 kill=6.31 tests=[AWL=1.372, BAYES_50=0.001, DNS_FROM_RFC_ABUSE=0.2, DNS_FROM_RFC_POST=1.708, HTML_50_60=0.134, HTML_MESSAGE=0.001, INVALID_TZ_GMT=0.5, MIME_HTML_ONLY=0.001, MSGID_FROM_MTA_HEADER=0, RATWARE_ZERO_TZ=3.196, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] X-Spam-Score: 7.111 X-Spam-Level: *** X-Spam-Flag: YES --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] RATWARE_ZERO_TZ
Hi, I am running postfix 2.2.4 on Solaris 8 with amavisd-new.2.3.2, SpamAssassin 3.1.0 and Clamav 0.8.7.1 as an AV/AS gateway to my main email system. Some messages specially from hotmail.com are getting very high scores, specially RATWARE_ZERO_TZ, can some one tell me what is RATWARE_ZERO_TZ and do I need to reduce the score for this? Below is one example header. X-Spam-Status: Yes, hits=8.216 tag=2 tag2=6.31 kill=6.31 tests=[AWL=0.614, BAYES_50=0.001, DNS_FROM_RFC_ABUSE=0.2, DNS_FROM_RFC_POST=1.708, HTML_MESSAGE=0.001, INVALID_TZ_GMT=1.042, MIME_HTML_ONLY=0.001, MSGID_FROM_MTA_HEADER=0, RATWARE_ZERO_TZ=3.196, RCVD_IN_SORBS_WEB=1.456, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] X-Spam-Score: 8.216 Thanks, MJ --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] Error in processing
Hi I am running postfix 2.2.4 on Solaris 8 with amavisd-new.2.3.2, SpamAssassin 3.1.0 and Clamav 0.8.7.1 as an AV/AS gateway to my main email system. Today I saw following errors when I executed "postqueue -p" command to get the queue. Any idea? (host 127.0.0.1[127.0.0.1] said: 451 4.5.0 Error in processing, id=00129-06-3, parts_decode_ext FAILED: run_command (open pipe): Can't fork at /usr/local/lib/perl5/5.8.5/sun4-solaris/IO/File.pm line 176, line 51089. at /usr/local/sbin/amavisd line 1851, line 51089. (in reply to end of DATA command)) Thanks, MJ --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] SA is blocking messages from hotmail
Hi I am running postfix 2.2.4 on Solaris 8 with amavisd-new.2.3.2, SpamAssassin 3.1.0 and Clamav 0.8.7.1 as an AV/AS gateway to my main email system. I have recently upgraded the old SA 3.0.4 to 3.1.0. Since the upgrade I am facing a problem that all the messages coming from hotmail.com are getting unneccary high scores and most of them are getting blocked. I am running all default config with no local rules. I have only following lines in /etc/mail/spamassassin/local.cf as most of the config is in /etc/amavisd.conf. Please help. lock_method flock use_razor2 0 use_dcc 0 use_pyzor 0 - Following are few examples of messages coming from hotmail and getting high scores. I tried sames messages by yahoo and they are not getting such high score. -A message with just "Test" in subject and nothing in the body.-- X-Spam-Status: Yes, hits=8.216 tag=2 tag2=6.31 kill=6.31 tests=[AWL=0.614, BAYES_50=0.001, DNS_FROM_RFC_ABUSE=0.2, DNS_FROM_RFC_POST=1.708, HTML_MESSAGE=0.001, INVALID_TZ_GMT=1.042, MIME_HTML_ONLY=0.001, MSGID_FROM_MTA_HEADER=0, RATWARE_ZERO_TZ=3.196, RCVD_IN_SORBS_WEB=1.456, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] X-Spam-Score: 8.216 -A legitimate message in Arabic with subject line also in Arabic- X-Spam-Status: Yes, hits=7.053 tag=2 tag2=6.31 kill=6.31 tests=[AWL=-2.563, BAYES_50=0.001, DNS_FROM_RFC_ABUSE=0.2, DNS_FROM_RFC_POST=1.708, HTML_MESSAGE=0.001, INVALID_TZ_GMT=1.042, MIME_BASE64_NO_NAME=0.224, MIME_BASE64_TEXT=1.885, MIME_BOUND_NEXTPART=0.278, MSGID_FROM_MTA_HEADER=0, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, SUBJ_ILLEGAL_CHARS=4.279] X-Spam-Score: 7.053 X-Spam-Level: *** -A legitimate messages with lots of text in subject and body-- X-Spam-Status: Yes, hits=8.251 tag=2 tag2=6.31 kill=6.31 tests=[AWL=0.273, BAYES_50=0.001, DNS_FROM_RFC_ABUSE=0.2, DNS_FROM_RFC_POST=1.708, HTML_30_40=0.374, HTML_MESSAGE=0.001, INVALID_TZ_GMT=1.042, MIME_HTML_ONLY=0.001, MSGID_FROM_MTA_HEADER=0, RATWARE_ZERO_TZ=3.196, RCVD_IN_SORBS_WEB=1.456, SPF_PASS=-0.001] X-Spam-Score: 8.251 -A legitimate messages with lots of text in subject and body-- X-Spam-Status: No, hits=4.176 tagged_above=2 required=6.31 tests=[AWL=-0.229, BAYES_50=0.001, DNS_FROM_RFC_ABUSE=0.2, DNS_FROM_RFC_POST=1.708, INVALID_TZ_GMT=1.042, MSGID_FROM_MTA_HEADER=0, RCVD_IN_SORBS_WEB=1.456, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] X-Spam-Level: Thanks, MJ --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
RE: [AMaViS-user] Upgrading from SA 3.0.4 to SA 3.1.0
Hi Mark, I did the upgrade and all went OK. In the syslog now I can see the version is "3.001000". Will this new version block more SPAM than the previous version? My understanding is that each new version of SA has a new set of rules to encounter the current Spammers and their techniques, right? Junaid -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mark Martinec Sent: Tuesday, November 29, 2005 2:31 PM To: amavis-user@lists.sourceforge.net Subject: Re: [AMaViS-user] Upgrading from SA 3.0.4 to SA 3.1.0 MJ, > Thanks for your reply. Do I need to perform following tasks to upgrade > Bayesian database? As suggested in the UPGRADE file? > - run "sa-learn --rebuild", this will sync your journal > - upgrade SA to 3.0.0 > - run "sa-learn --sync", which will cause the db format to be > upgraded Yes, it is needed. As far as amavisd-new is concerned: just follow the usual SA upgrade instructions. Wherever it mentions spamd, think amavisd. > Secondly, how crucial is to upgrade amavisd-new from 2.3.2 to 2.3.3? See its release notes and decide for yourself if any of these fixes apply to your setup. It is probably not that crucial, but 2.3.3 is the best we have so far, so why not benefit. Mark --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/ --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
RE: [AMaViS-user] Upgrading from SA 3.0.4 to SA 3.1.0
Mark, >Should work by just installing Mail::SpamAssassin over an older >version. Check your local rules by: su vscan -c 'spamassassin --lint', >there are few minor differences which might be encountered if local >rules are heavily >used. Also upgrade SARE rules (if used) after >upgrading SA. With 3.1 the Razor and DCC are off by default and need to be enabled if needed, but this is not your concern as you are not using them. You may consider taking the opportunity and moving your Bayes db to SQL, as SA 3.1 brings some performance and reliability improvements when >choosing: bayes_store_module Mail::SpamAssassin::BayesStore::MySQL >While at it, you can upgrade amavisd-new to 2.3.3. Hi Mark, Thanks for your reply. Do I need to perform following tasks to upgrade Bayesian database? As suggested in the UPGRADE file? == Due to the database format change, you will want to do something like this when upgrading: - stop running spamassassin/spamd (ie: you don't want it to be running during the upgrade) - run "sa-learn --rebuild", this will sync your journal. if you skip this step, any data from the journal will be lost when the DB is upgraded. - upgrade SA to 3.0.0 - run "sa-learn --sync", which will cause the db format to be upgraded. if you want to see what is going on, you can add the "-D" option. - test the new database by running some sample mails through SpamAssassin, and/or at least running "sa-learn --dump" to make sure the data looks valid. - start running spamassassin/spamd again == Secondly, how crucial is to upgrade amavisd-new from 2.3.2 to 2.3.3? Thanks, MJ --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] Upgrading from SA 3.0.4 to SA 3.1.0
Hi, I am running postfix 2.2.4 on Solaris 8 with amavisd-new.2.3.2, SpamAssassin 3.0.4 and Clamav 0.8.7.1 as an AV/AS gateway to my main email system. Now I want to upgrade SA from version 3.0.4 to 3.1.0. I have read the UPGRADE file and the release notes but still I have doubts. Can I simply run "install Mail::SpamAssassin" ? Or I need some configuration changes. My system is in production so I want to be on the safe side. I have only following lines in /etc/mail/spamassassin/local.cf as most of the config is in /etc/amavisd.conf. lock_method flock use_razor2 0 use_dcc 0 use_pyzor 0 - Thanks, MJ --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] How to increase the score for specific recipient
Hi,
I want to add some positive score (black list) to all the incoming
messages to [EMAIL PROTECTED] to achieve this objective, I tried to add
the following line in /etc/amavisd.conf
'[EMAIL PROTECTED]' => 3.0,
But it give gives the following error
Sep 17 10:26:42 mailgate1 postfix/smtp[1370]: [ID 197553 mail.info]
1974445F75: to=<[EMAIL PROTECTED]>, relay=127.0.0.1[127.0.0.1],
delay=87, status=deferred (host 127.0.0.1[127.0.0.1] said: 451 4.5.0
Error in processing, id=01521-01-2, spam-wb-list FAILED: Can't use
string ("3") as an ARRAY ref while "strict refs" in use at (eval 39)
line 178. (in reply to end of DATA command))
Any idea how can I get this result?
Thanks,
MJ
---
SF.Net email is sponsored by:
Tame your development challenges with Apache's Geronimo App Server.
Download it for free - -and be entered to win a 42" plasma tv or your very
own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
RE: [AMaViS-user] FW: How to increase the score for specific recipient
Hi Gary,
Actually hiding or changing the address is not an option at the moment.
I will go for this option of increasing the score as you have suggested.
Thanks,
MJ
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Gary V
Sent: Sunday, September 18, 2005 5:25 PM
To: amavis-user@lists.sourceforge.net
Subject: Re: [AMaViS-user] FW: How to increase the score for specific
recipient
MJ wrote:
> Hi Gary,
> Thanks for your reply. If you don't suggest this method then how we
> can achieve this objective as there are some address like
> [EMAIL PROTECTED], [EMAIL PROTECTED] which receive too much junk
> daily.
> Thanks,
> MJ.
I see, well I guess in a way this would end up doing something similar,
but would be a more correct way to do it:
let's say you have set:
$sa_kill_level_deflt = 8.0;
Then you could give those two recipients a lower kill level:
@spam_kill_level_maps = (
{ '[EMAIL PROTECTED]' => 5.0,
'[EMAIL PROTECTED]' => 5.0 },
\$sa_kill_level_deflt, # catchall default
);
>
> Here is an excerpt from amavisd.conf:
> @score_sender_maps = ({ # a by-recipient hash lookup table,
> # results from all matching recipient tables are
> summed
> # ## per-recipient personal tables (NOTE: positive: black, negative:
> white) # '[EMAIL PROTECTED]' => [{'[EMAIL PROTECTED]' =>
> 10.0}], <...> });
> I would think you could interpolate this to:
> '[EMAIL PROTECTED]' => [{'.' => 3.0}],
> Inflating the score from every sender is an unusual thing to do, but I
> could see how it might be used for testing.
Gary V
---
SF.Net email is sponsored by:
Tame your development challenges with Apache's Geronimo App Server.
Download it for free - -and be entered to win a 42" plasma tv or your
very own Sony(tm)PSP. Click here to play:
http://sourceforge.net/geronimo.php
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
---
SF.Net email is sponsored by:
Tame your development challenges with Apache's Geronimo App Server.
Download it for free - -and be entered to win a 42" plasma tv or your very
own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
RE: [AMaViS-user] FW: How to increase the score for specific recipient
Hi Gary,
Thanks for your reply. If you don't suggest this method then how we can
achieve this objective as there are some address like
[EMAIL PROTECTED], [EMAIL PROTECTED] which receive too much junk
daily.
Thanks,
MJ.
Here is an excerpt from amavisd.conf:
@score_sender_maps = ({ # a by-recipient hash lookup table,
# results from all matching recipient tables are
summed
# ## per-recipient personal tables (NOTE: positive: black, negative:
white)
# '[EMAIL PROTECTED]' => [{'[EMAIL PROTECTED]' => 10.0}],
<...>
});
I would think you could interpolate this to:
'[EMAIL PROTECTED]' => [{'.' => 3.0}],
Inflating the score from every sender is an unusual thing to do, but I
could see how it might be used for testing.
Gary V
---
SF.Net email is sponsored by:
Tame your development challenges with Apache's Geronimo App Server.
Download it for free - -and be entered to win a 42" plasma tv or your
very
own Sony(tm)PSP. Click here to play:
http://sourceforge.net/geronimo.php
___
AMaViS-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
---
SF.Net email is sponsored by:
Tame your development challenges with Apache's Geronimo App Server.
Download it for free - -and be entered to win a 42" plasma tv or your very
own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] FW: How to increase the score for specific recipient
Hi,
I want to add some positive score (black list) to all the incoming
messages to [EMAIL PROTECTED] to achieve this objective, I tried to add
the following line in /etc/amavisd.conf
'[EMAIL PROTECTED]' => 3.0,
But it give gives the following error
Sep 17 10:26:42 mailgate1 postfix/smtp[1370]: [ID 197553 mail.info]
1974445F75: to=<[EMAIL PROTECTED]>, relay=127.0.0.1[127.0.0.1],
delay=87, status=deferred (host 127.0.0.1[127.0.0.1] said: 451 4.5.0
Error in processing, id=01521-01-2, spam-wb-list FAILED: Can't use
string ("3") as an ARRAY ref while "strict refs" in use at (eval 39)
line 178. (in reply to end of DATA command))
Any idea how can I get this result?
Thanks,
MJ
---
SF.Net email is sponsored by:
Tame your development challenges with Apache's Geronimo App Server.
Download it for free - -and be entered to win a 42" plasma tv or your very
own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
RE: [AMaViS-user] Amavisd-new stopped
Yes, a clean boot solved my problem as well. It happened first time in last two months since I launched this server. MJ -Original Message- From: Mark Burdick [mailto:[EMAIL PROTECTED] Sent: Wednesday, September 07, 2005 5:10 PM To: MJ; amavis-user@lists.sourceforge.net Subject: RE: [AMaViS-user] Amavisd-new stopped I had something similar happen to me once... Amavais was attempting to unpack a single message, and the process was consuming more and more memory until the server ran out and crashed. What I ended up doing was the following: Clean boot the server. Immediately start watching (via "top") amavis processes to see if one kept running and consuming more and more memory (I was originally just looking for what was sucking up memory because of the errors I was seeing that were crashing the server). When I found the Amavis process, I traced the queue number of the message it was working on. Then, I placed that message on hold in Postfix so that it would not be injected into Amavis for processing. I continued to monitor the server to ensure the problem wasn't occurring on other messages. About once per hour, I would unhold the message and watch the memory consumption. After about twelve hours, the message actually passed through the server without crashing it. The message in question was from Switzerland, was valid, and contained a couple of bitmap images. --- MJ <[EMAIL PROTECTED]> wrote: > Hi, > > The swap space is 2 GB, exactly double of the RAM, which recommended. > > Thanks, > MJ > > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Gary V > Sent: Wednesday, September 07, 2005 4:48 PM > To: amavis-user@lists.sourceforge.net > Subject: Re: [AMaViS-user] Amavisd-new stopped > > > MJ wrote: > > > Hi, > > This morning I have several entries like following in > /var/log/syslog > > > == > > Sep 6 01:03:20 mailgate1 amavis[363]: [ID 702911 mail.error] > > (00363-07) TROUBLE in check_mail: parts_decode_ex t FAILED: > > run_command (open > > pipe): Can't fork at > /usr/local/lib/perl5/5.8.5/sun4-solaris/IO/File.pm > > line 176, < > GEN6>> line 6001. at /usr/local/sbin/amavisd line 1851, line > GEN6>> 6001. > > > Sep 6 01:05:03 mailgate1 amavis[398]: [ID 702911 mail.error] > > (00398-08) TROUBLE in check_mail: parts_decode_ex t FAILED: > > run_command (open > > pipe): Can't fork at > /usr/local/lib/perl5/5.8.5/sun4-solaris/IO/File.pm > > line 176. a t /usr/local/sbin/amavisd line 1851. > > > Sep 6 01:05:06 mailgate1 amavis[517]: [ID 702911 mail.error] > > (00517-04) TROUBLE in check_mail: parts_decode_ex t FAILED: > > run_command (open > > pipe): Can't fork at > /usr/local/lib/perl5/5.8.5/sun4-solaris/IO/File.pm > > line 176, < > GEN6>> line 2122. at /usr/local/sbin/amavisd line 1851, line > GEN6>> 2122. > > == > > > Also I have following in /var/adm/messages > > > == > > > Sep 6 05:48:01 mailgate1 tmpfs: [ID 518458 kern.warning] WARNING: > > /tmp: File system full, swap space limit exceeded Sep 6 07:19:16 > > mailgate1 tmpfs: [ID 518458 kern.warning] WARNING: /tmp: File > system > > full, swap space limit exceeded Sep 6 08:37:03 mailgate1 tmpfs: > [ID > > 518458 kern.warning] WARNING: /tmp: File system full, swap space > limit > > > exceeded Sep 6 09:05:37 mailgate1 tmpfs: [ID 518458 kern.warning] > > WARNING: /tmp: File system full, swap space limit exc eeded > > == > > > Finally amaisd-new (2.3.2) stopped responding and I need to restart > > > the server (Solaris 8). Can any one highlight what causes this swap > FS > > > problem? I have two GB of Swap and the server is running fine since > > > more than one month. MJ > > I would guess these are both a result of your tmpfs size being too > small. > > Gary V > > > > --- > SF.Net email is Sponsored by the Better Software Conference & EXPO > September 19-22, 2005 * San Francisco, CA * Development Lifecycle > Practices Agile & Plan-Driven Development * Managing Projects & Teams > * > Testing & QA Security * Process Improvement & Measurement * > http://www.sqe.com/bsce5sf > ___ > AMaViS-user mailing list > AMaViS-user@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/amavis-user > AMa
RE: [AMaViS-user] Amavisd-new stopped
Hi, The swap space is 2 GB, exactly double of the RAM, which recommended. Thanks, MJ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gary V Sent: Wednesday, September 07, 2005 4:48 PM To: amavis-user@lists.sourceforge.net Subject: Re: [AMaViS-user] Amavisd-new stopped MJ wrote: > Hi, > This morning I have several entries like following in /var/log/syslog > == > Sep 6 01:03:20 mailgate1 amavis[363]: [ID 702911 mail.error] > (00363-07) TROUBLE in check_mail: parts_decode_ex t FAILED: > run_command (open > pipe): Can't fork at /usr/local/lib/perl5/5.8.5/sun4-solaris/IO/File.pm > line 176, < GEN6>> line 6001. at /usr/local/sbin/amavisd line 1851, line GEN6>> 6001. > Sep 6 01:05:03 mailgate1 amavis[398]: [ID 702911 mail.error] > (00398-08) TROUBLE in check_mail: parts_decode_ex t FAILED: > run_command (open > pipe): Can't fork at /usr/local/lib/perl5/5.8.5/sun4-solaris/IO/File.pm > line 176. a t /usr/local/sbin/amavisd line 1851. > Sep 6 01:05:06 mailgate1 amavis[517]: [ID 702911 mail.error] > (00517-04) TROUBLE in check_mail: parts_decode_ex t FAILED: > run_command (open > pipe): Can't fork at /usr/local/lib/perl5/5.8.5/sun4-solaris/IO/File.pm > line 176, < GEN6>> line 2122. at /usr/local/sbin/amavisd line 1851, line GEN6>> 2122. > == > Also I have following in /var/adm/messages > == > Sep 6 05:48:01 mailgate1 tmpfs: [ID 518458 kern.warning] WARNING: > /tmp: File system full, swap space limit exceeded Sep 6 07:19:16 > mailgate1 tmpfs: [ID 518458 kern.warning] WARNING: /tmp: File system > full, swap space limit exceeded Sep 6 08:37:03 mailgate1 tmpfs: [ID > 518458 kern.warning] WARNING: /tmp: File system full, swap space limit > exceeded Sep 6 09:05:37 mailgate1 tmpfs: [ID 518458 kern.warning] > WARNING: /tmp: File system full, swap space limit exc eeded > == > Finally amaisd-new (2.3.2) stopped responding and I need to restart > the server (Solaris 8). Can any one highlight what causes this swap FS > problem? I have two GB of Swap and the server is running fine since > more than one month. MJ I would guess these are both a result of your tmpfs size being too small. Gary V --- SF.Net email is Sponsored by the Better Software Conference & EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/ --- SF.Net email is Sponsored by the Better Software Conference & EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] Amavisd-new stopped
Hi, This morning I have several entries like following in /var/log/syslog == Sep 6 01:03:20 mailgate1 amavis[363]: [ID 702911 mail.error] (00363-07) TROUBLE in check_mail: parts_decode_ex t FAILED: run_command (open pipe): Can't fork at /usr/local/lib/perl5/5.8.5/sun4-solaris/IO/File.pm line 176, < GEN6> line 6001. at /usr/local/sbin/amavisd line 1851, line 6001. Sep 6 01:05:03 mailgate1 amavis[398]: [ID 702911 mail.error] (00398-08) TROUBLE in check_mail: parts_decode_ex t FAILED: run_command (open pipe): Can't fork at /usr/local/lib/perl5/5.8.5/sun4-solaris/IO/File.pm line 176. a t /usr/local/sbin/amavisd line 1851. Sep 6 01:05:06 mailgate1 amavis[517]: [ID 702911 mail.error] (00517-04) TROUBLE in check_mail: parts_decode_ex t FAILED: run_command (open pipe): Can't fork at /usr/local/lib/perl5/5.8.5/sun4-solaris/IO/File.pm line 176, < GEN6> line 2122. at /usr/local/sbin/amavisd line 1851, line 2122. == Also I have following in /var/adm/messages == Sep 6 05:48:01 mailgate1 tmpfs: [ID 518458 kern.warning] WARNING: /tmp: File system full, swap space limit exceeded Sep 6 07:19:16 mailgate1 tmpfs: [ID 518458 kern.warning] WARNING: /tmp: File system full, swap space limit exceeded Sep 6 08:37:03 mailgate1 tmpfs: [ID 518458 kern.warning] WARNING: /tmp: File system full, swap space limit exceeded Sep 6 09:05:37 mailgate1 tmpfs: [ID 518458 kern.warning] WARNING: /tmp: File system full, swap space limit exc eeded == Finally amaisd-new (2.3.2) stopped responding and I need to restart the server (Solaris 8). Can any one highlight what causes this swap FS problem? I have two GB of Swap and the server is running fine since more than one month. MJ --- SF.Net email is Sponsored by the Better Software Conference & EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] TROUBLE in check_mail
Hi, This morning I have several enteries like following in /var/log/syslog == Sep 6 01:03:20 mailgate1 amavis[363]: [ID 702911 mail.error] (00363-07) TROUBLE in check_mail: parts_decode_ex t FAILED: run_command (open pipe): Can't fork at /usr/local/lib/perl5/5.8.5/sun4-solaris/IO/File.pm line 176, < GEN6> line 6001. at /usr/local/sbin/amavisd line 1851, line 6001. Sep 6 01:05:03 mailgate1 amavis[398]: [ID 702911 mail.error] (00398-08) TROUBLE in check_mail: parts_decode_ex t FAILED: run_command (open pipe): Can't fork at /usr/local/lib/perl5/5.8.5/sun4-solaris/IO/File.pm line 176. a t /usr/local/sbin/amavisd line 1851. Sep 6 01:05:06 mailgate1 amavis[517]: [ID 702911 mail.error] (00517-04) TROUBLE in check_mail: parts_decode_ex t FAILED: run_command (open pipe): Can't fork at /usr/local/lib/perl5/5.8.5/sun4-solaris/IO/File.pm line 176, < GEN6> line 2122. at /usr/local/sbin/amavisd line 1851, line 2122. == Also I have following in /var/adm/messages == Sep 6 05:48:01 mailgate1 tmpfs: [ID 518458 kern.warning] WARNING: /tmp: File system full, swap space limit exc eeded Sep 6 07:19:16 mailgate1 tmpfs: [ID 518458 kern.warning] WARNING: /tmp: File system full, swap space limit exc eeded Sep 6 07:19:55 mailgate1 last message repeated 1 time Sep 6 08:37:03 mailgate1 tmpfs: [ID 518458 kern.warning] WARNING: /tmp: File system full, swap space limit exc eeded Sep 6 09:05:37 mailgate1 tmpfs: [ID 518458 kern.warning] WARNING: /tmp: File system full, swap space limit exc eeded == Finally amaisd-new (2.3.2) stopped responding and I need to restart the server (Solaris 8). Can any one hight what causes this swap FS problem? I have two GB of Swap and the server is running fine since more than one month. MJ --- SF.Net email is Sponsored by the Better Software Conference & EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
RE: [AMaViS-user] sa_kill_level_deft=5.0 for an ISP
Thanks for your suggestion. One more question, do I need to add "use_bays 1" in my /etc/mail/spamassassin/local.cf or it is default and no need to add? MJ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Cami Sent: Sunday, August 21, 2005 4:58 PM To: [EMAIL PROTECTED] Subject: Re: [AMaViS-user] sa_kill_level_deft=5.0 for an ISP MJ wrote: > > Cami wrote: >> >> 5.0 is a bit low for an ISP, especially if you are using all >> the additional rules provided by http://www.rulesemporium.com. >> >> That being said, i recommend that you collect statistics on the >> amount of mail that score between 5.0 -> 6.3 so you can see the >> type of impact the change will have, and try to guestimate the >> amount of false positives doing so will cause. > > No, we are not using any custom rule, please suggest few to me. Read through http://www.rulesemporium.com/rules.htm and use the rules which you wish to. Cami --- SF.Net email is Sponsored by the Better Software Conference & EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf ___ AMaViS-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/ --- SF.Net email is Sponsored by the Better Software Conference & EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf ___ AMaViS-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
RE: [AMaViS-user] sa_kill_level_deft=5.0 for an ISP
No, we are not using any custom rule, please suggest few to me. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Cami Sent: Sunday, August 21, 2005 4:47 PM To: [EMAIL PROTECTED] Subject: Re: [AMaViS-user] sa_kill_level_deft=5.0 for an ISP MJ wrote: > We are an ISP and quite satisfied with our AV/AS gateway based on > postfix, amavisd-new, clamav and SA. At the moment the value for > sa_kill_level_deft is default i.e. 6.31. I am thinking to make it 5.0. > Did any one (specially ISP) has experience how it will behave with 5.0? > I mean it is too much and will reject legitimate emails? 5.0 is a bit low for an ISP, especially if you are using all the additional rules provided by http://www.rulesemporium.com. That being said, i recommend that you collect statistics on the amount of mail that score between 5.0 -> 6.3 so you can see the type of impact the change will have, and try to guestimate the amount of false positives doing so will cause. Cami --- SF.Net email is Sponsored by the Better Software Conference & EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf ___ AMaViS-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/ --- SF.Net email is Sponsored by the Better Software Conference & EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf ___ AMaViS-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] sa_kill_level_deft=5.0 for an ISP
Hi, We are an ISP and quite satisfied with our AV/AS gateway based on postfix, amavisd-new, clamav and SA. At the moment the value for sa_kill_level_deft is default i.e. 6.31. I am thinking to make it 5.0. Did any one (specially ISP) has experience how it will behave with 5.0? I mean it is too much and will reject legitimate emails? MJ --- SF.Net email is Sponsored by the Better Software Conference & EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf ___ AMaViS-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
RE: [AMaViS-user] Negative SA Score
#grep [EMAIL PROTECTED] temp_file -2.2 (-42154.7/19583) -- [EMAIL PROTECTED]|ip=212.107 Please comment. Thanks MJ -Original Message- From: Gary V [mailto:[EMAIL PROTECTED] Sent: Monday, August 08, 2005 5:35 PM To: MJ Cc: amavis-user@lists.sourceforge.net Subject: Re: [AMaViS-user] Negative SA Score MJ wrote: > I agree that changing log level will give me more details but I want to > investigate this particular case, so where to look for negative scores, > I didn't put under any negative score list. > Thanks, > MJ This assumes you do not use SQL for your whitelist. I don't know if the problem is in your auto-whitelist, but you can investigate: You can use the tool called check_whitelist to both clean and view auto-whitelist entries. I comes with the source code in the tools directory. Copy it to your .spamassassin directory and 'chmod +x' it. Read the file for usage. ./check_whitelist auto-whitelist > temp.file grep sender temp.file Then read: "Why does the AWL sometimes assign scores the "wrong way"?" http://wiki.apache.org/spamassassin/AwlWrongWay If you do use SQL, I'm sure you could simply run a statement to find the same or similar data. Gary V --- SF.Net email is Sponsored by the Better Software Conference & EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
RE: [AMaViS-user] Negative SA Score
I agree that changing log level will give me more details but I want to investigate this particular case, so where to look for negative scores, I didn't put under any negative score list. Thanks, MJ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Stephen Carter Sent: Monday, August 08, 2005 11:20 AM To: [EMAIL PROTECTED]; amavis-user@lists.sourceforge.net Subject: Re: [AMaViS-user] Negative SA Score >>> "MJ" <[EMAIL PROTECTED]> 08/08/05 7:38 AM >>> >Hi, >I am unable to understand why this user is getting negative score, he is >sending relaying huge number of messages but amavis is not stoping and >insteady assigning a negative score. Any help would be appreciated. > >MJ In /etc/amavisd.conf, increase the log level setting to 2 or more (5 is good for short term troubleshooting and you'll get a LOT of info) which will show you exactly what rules were triggered and their associated score, which will help you find why the e-mail was scored that way. Additionally there are many options for MTA's that let you test some basic info and stop many spam from even entering the gateway in the first place such as verifying the sender's domain. These options vary depending on the MTA you are using, and are very well documented on the homepage of whatever MTA you are using. SteveC --- SF.Net email is Sponsored by the Better Software Conference & EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/ --- SF.Net email is Sponsored by the Better Software Conference & EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] Negative SA Score
Hi, I am unable to understand why this user is getting negative score, he is sending relaying huge number of messages but amavis is not stoping and insteady assigning a negative score. Any help would be appreciated. Aug 8 00:42:51 mailgate2 postfix/smtpd[1762]: [ID 197553 mail.info] 5C5451F109C: client=unknown[212.107.125.113] Aug 8 00:42:53 mailgate2 amavis[1839]: [ID 702911 mail.notice] (01839-02) Passed CLEAN, [212.107.125.113] [212.107.125.113] <[EMAIL PROTECTED]> -> <[EMAIL PROTECTED]>, Message-ID: <[EMAIL PROTECTED]>, mail_id: pdo+PBzNfJht, Hits: -2.152, 2105 ms MJ --- SF.Net email is Sponsored by the Better Software Conference & EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] Logo
Hi, I am running two servers running postfix 2.2.4 on Solaris 8 with amavisd-new.2.3.2, SpamAssassin 3.04 and Clamav 0.86 as an AV/AS gateway to my main email system. It is very successful in combating SPAM and Viruses. Is there any logo we can put on our website for example "We are using Amavis/SpamAssassin/Clamav etc"? MJ --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
RE: [AMaViS-user] DCC and UDP Ports
Hi Michael, Got it. From where I can get IPs of public DCC Server? Thanks, MJ --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
RE: [AMaViS-user] Decoding Problem
We are using Clamav. It seems this error occurs occasionally. Following are the logs of last 18 hours and this message appears 6 times during this period. Thanks, MJ grep Decoding /var/log/syslog === Jul 31 00:01:10 mailgate1 amavis[21254]: [ID 702911 mail.warning] (21254-07) Decoding of p002 (Zip archive data, at least v1.0 to extract) failed, leaving it unpacked: IO error: reading data : Jul 31 01:52:40 mailgate1 amavis[23470]: [ID 702911 mail.warning] (23470-01) Decoding of p002 (Zip archive data, at least v1.0 to extract) failed, leaving it unpacked: IO error: reading data : Jul 31 01:57:30 mailgate1 amavis[23490]: [ID 702911 mail.warning] (23490-03) Decoding of p002 (Zip archive data, at least v1.0 to extract) failed, leaving it unpacked: IO error: reading data : Jul 31 01:57:45 mailgate1 amavis[23487]: [ID 702911 mail.warning] (23487-03) Decoding of p002 (Zip archive data, at least v1.0 to extract) failed, leaving it unpacked: IO error: reading data : Jul 31 06:48:30 mailgate1 amavis[9114]: [ID 702911 mail.warning] (09114-05) Decoding of p002 (Zip archive data, at least v1.0 to extract) failed, leaving it unpacked: IO error: reading data : Jul 31 07:47:50 mailgate1 amavis[10291]: [ID 702911 mail.warning] (10291-09) Decoding of p002 (Zip archive data, at least v1.0 to extract) failed, leaving it unpacked: IO error: reading data : = End === -Original Message- From: Gary V [mailto:[EMAIL PROTECTED] Sent: Sunday, July 31, 2005 6:14 PM To: MJ Cc: amavis-user@lists.sourceforge.net Subject: Re: [AMaViS-user] Decoding Problem MJ wrote: > Hi, > Can someone help me why I have this error in my logs? > amavis[23470]: [ID 702911 mail.warning] (23470-01) Decoding of p002 (Zip > archive data , at least v1.0 to extract) failed, leaving it unpacked: IO > error: reading data : > Hi, > Following is the output of perl -MArchive::Zip -e'print > "$Archive::Zip::VERSION\n";' > 1.16 > Please advice. > MJ I would want to know what virus scanner (if any) you are using. Does this happen every time you send a zip through? Can you find this particular message and send it back through to see if it happens every time. If it does not, then I wonder if the "IO error: reading data :" message may be referring to a physical disk problem. Gary V --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
RE: [AMaViS-user] Decoding Problem
Hi, Following is the output of perl -MArchive::Zip -e'print "$Archive::Zip::VERSION\n";' 1.16 Please advice. MJ --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] Decoding Problem
Hi, Can someone help me why I have this error in my logs? amavis[23470]: [ID 702911 mail.warning] (23470-01) Decoding of p002 (Zip archive data , at least v1.0 to extract) failed, leaving it unpacked: IO error: reading data : MJ --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
RE: [AMaViS-user] DCC and UDP Ports
Hi Michael, Got it. From where I can get IPs of public DCC Server? Thanks, MJ --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] Statistics report with log_level=0
Hi, Is there any statistics script for reporting SPAM and Virus statistics which can work with log_level=0 of amavis. I have tried the one available at http://flakshack.com/anti-spam/wiki/index.php it works fine only if the log_level => to 2. Thanks, MJ --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
RE: [AMaViS-user] DCC and UDP Ports
No, we are opening UDP reply from any host to our mailhost. When we open specific UDP port 6277 it doesn't work, but when we open all UDP ports gt 1023 it works. Thanks, MJ --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] DCC and UDP Ports
Hi, I am running postfix 2.2.4 on Solaris 8 with amavisd-new.2.3.2, SpamAssassin 3.04 and Clamav 0.86 as an AV/AS gateway to my main email system. It is very successful in combating SPAM and Viruses (Thanks to the Authors). Now I want to install DCC to the existing server. The problem is that even we have opened UDP 6277 on our firewall but "cdcc info" doesn't work. I only work when we open all UDP ports greater than 1023, which is not very safe. Any clue what we are missing? Thanks, MJ --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] White listing specific recipients
Hi, I am running postfix 2.2.4 on Solaris 8 with amavisd-new.2.3.2, SpamAssassin 3.04 and Clamav 0.86 as an AV/AS gateway to my main email system. We are an ISP and we use to receive abuse/spam complaints on [EMAIL PROTECTED] and [EMAIL PROTECTED] . Since these complaints contain the original SPAM message, amavis is catching them as SPAM. How I can exclude these two addresses not to be scanned for incoming messages. I know about adding negating score for some sender but don't have any idea how to while list specific recipient address. Thanks, MJ --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] Problem with reporting script
Hi, I am sucessfully using "pflogsumm-1.1.0.pl" and "my-spam-report.pl" downloaded from http://www.flakshack.com/anti-spam/wiki/index.php but when I try to run 3rd script "my-virus-report.pl " which is to get Virus statistics, it is giving me following error. Can some one help in this. This script is available at http://www.xmission.com/~kn/AddClamAV/my-virus-report.txt #./my-virus-report.pl /var/log/syslog.1 --- Virus Filter Report --- Summary 0 Viruses blocked Viruses Blocked - Top 50 # Virus name --- Use of uninitialized value in concatenation (.) or string at ./my-virus-report.pl line 106, <> line 19. Virus types detected --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] Limiting Incomming SMTP Sessions
Hi, I have question more related to postfix but it is integrated with amavis, therefore I am posting on this list to get help from expert of both amavis and postfix. I am running postfix 2.2.4 on Solaris 8 with amavisd-new.2.3.2, SpamAssassin 3.04 and Clamav 0.86 as an AV/AS gateway to my main email system. I want to limit the number of incoming SMTP sessions to avoid any abuse. After reading the docs I found that "default_process_limit" parameter is overall responsible for controlling processes however we can override the process limit for specific daemon by editing the master.cf file of postfix. In the end of this mail I have included partial /etc/postfix/master.cf apart from other lines not related to this discussion. I have two questions. 1- Max number of incoming smtp session my server will accept is 20, right? 2- I want to limit incoming smtp session from single client using " smtpd_client_connection_count_limit". Do I need to add this in main.cf or I just need to replace below mentioned line "-o smtpd_client_connection_count_limit = 0" from master.cf with "-o smtpd_client_connection_count_limit = 10". The confusion is that which one will be effective? The one below in master.cf or it should be in main.cf Partial master.cf smtp-amavis unix - - n - 20 smtp -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes -o max_use=20 127.0.0.1:10025 inet n - n - - smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_delay_reject=no -o smtpd_client_restrictions=permit_mynetworks,reject -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks_style=host -o mynetworks=127.0.0.0/8 -o strict_rfc821_envelopes=yes -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 -o smtpd_client_connection_count_limit=0 -o smtpd_client_connection_rate_limit=0 -o receive_override_options=no_header_body_checks,no_unknown_recipient_chec ks === Thanks MJ --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
RE: [AMaViS-user] gmp is there but still "GNU MP 2 or newer NOT FOUND "
Found the solution. I was not setting the variable ABI=32 during the compilation of GMP which is required on Solaris MJ --- This SF.Net email is sponsored by the 'Do More With Dual!' webinar happening July 14 at 8am PDT/11am EDT. We invite you to explore the latest in dual core and dual graphics technology at this free one hour event hosted by HP, AMD, and NVIDIA. To register visit http://www.hp.com/go/dualwebinar ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] gmp is there but still "GNU MP 2 or newer NOT FOUND "
Even though I have installed "gmp-4.1" but I still getting following error while compiling clamav-0.86.1 on Solaris. Before I have successfully enabled this feature but this I couldn't. Any one can help? configure: WARNING: ** GNU MP 2 or newer NOT FOUND - digital signature support will be disabled ! MJ --- This SF.Net email is sponsored by the 'Do More With Dual!' webinar happening July 14 at 8am PDT/11am EDT. We invite you to explore the latest in dual core and dual graphics technology at this free one hour event hosted by HP, AMD, and NVIDIA. To register visit http://www.hp.com/go/dualwebinar ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
RE: [AMaViS-user] Value of $max_servers and $max_requests
Hi, Do we need to modify any valune in /etc/postfix/master.cf to make it similar to $max_servers? MJ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mark Martinec Sent: Wednesday, June 29, 2005 4:16 PM To: amavis-user@lists.sourceforge.net Subject: Re: [AMaViS-user] Value of $max_servers and $max_requests MJ, > I am running amavisd-new with SA and Claimav on solaris based postfix > box with almost 4000 users. Can some suggest me what should be the value > of $max_servers and $max_requests. The $max_requests is non-critical, just keep a default (10 or 20 or 50 is fine). $max_servers is the crucial performance knob. Too small and the machine is underutilized, too much and you end up with overbooked memory and swapping. It depends how powerful CPU is, how much memory is available, how many messages per hour, and what SA network tests you have enabled. If memory is not a problem (e.g. 1 GB), without long-latency SA network tests enabled a number would be 5 to 10. With high-latency network tests and particularly with Razor (and when you see the machine is underutilized and there are messages waiting to be processes) you may need to bump up the value to 20 or even 30, if there is sufficient memory available and you need to squeeze most of the box. I would say for 4000 users a value between 5 and 10 would be a good starting point. With low memory (e.g. 256 MB) a value of 2 or 3 would probably do. See also http://www.ijs.si/software/amavisd/amavisd-new-magdeburg-20050519.pdf Mark --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/ --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
RE: [AMaViS-user] what to do with Quarantined messages
Thanks -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mark Martinec Sent: Wednesday, June 29, 2005 10:36 AM To: amavis-user@lists.sourceforge.net Subject: Re: [AMaViS-user] what to do with Quarantined messages MJ, > Can some one suggest what is the best policy to deal with quarantined > messages which are storing in /var/amavis/virusmais. Is there any > built-function to remove very old messages from this directory? Or we > have to write a cron script for this? Search recent RELEASE_NOTES for: release from quarantine functionality is now a built-in feature; An utility amavisd-release became available with amavisd-new-2.3.0. A project "MailZu" may also be of interest to you - see amavisd-new web page, the "Contributed and related software" section. For simple manual release one can use mini_sendmail. Mark --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/ --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
RE: [AMaViS-user] what to do with Quarantined messages
Thanks, -Original Message- From: Michael Scheidell [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 29, 2005 11:41 AM To: MJ; amavis-user@lists.sourceforge.net Subject: RE: [AMaViS-user] what to do with Quarantined messages find /var/amavis/virusmails -type f -mtime +7 -delete Should do it on most *nix systems. Disclaimer: *Not to be taken internally, or after heavy drinking. *If bleeding occurs, or if pregnant, see a doctor. *Your mileage may vary -- Michael Scheidell, CTO 561-999-5000, ext 1131 SECNAP Network Security Corporation Keep up to date with latest information on IT security: Real time security alerts: http://www.secnap.com/news --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
RE: [AMaViS-user] Value of $max_servers and $max_requests
I have two load-balanced SUN servers one with 4 GB RAM and 3 CPUS, the other one with 1GB and Two CPUS. I will 20 for first server and 15 on second one. Thanks, MJ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mark Martinec Sent: Wednesday, June 29, 2005 4:16 PM To: amavis-user@lists.sourceforge.net Subject: Re: [AMaViS-user] Value of $max_servers and $max_requests MJ, > I am running amavisd-new with SA and Claimav on solaris based postfix > box with almost 4000 users. Can some suggest me what should be the value > of $max_servers and $max_requests. The $max_requests is non-critical, just keep a default (10 or 20 or 50 is fine). $max_servers is the crucial performance knob. Too small and the machine is underutilized, too much and you end up with overbooked memory and swapping. It depends how powerful CPU is, how much memory is available, how many messages per hour, and what SA network tests you have enabled. If memory is not a problem (e.g. 1 GB), without long-latency SA network tests enabled a number would be 5 to 10. With high-latency network tests and particularly with Razor (and when you see the machine is underutilized and there are messages waiting to be processes) you may need to bump up the value to 20 or even 30, if there is sufficient memory available and you need to squeeze most of the box. I would say for 4000 users a value between 5 and 10 would be a good starting point. With low memory (e.g. 256 MB) a value of 2 or 3 would probably do. See also http://www.ijs.si/software/amavisd/amavisd-new-magdeburg-20050519.pdf Mark --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/ --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] Value of $max_servers and $max_requests
Hi, I am running amavisd-new with SA and Claimav on solaris based postfix box with almost 4000 users. Can some suggest me what should be the value of $max_servers and $max_requests. Thanks, MJ --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
RE: [AMaViS-user] what to do with Quarantined messages
Thanks, every one who replied. I got the idea now. MJ -Original Message- From: email builder [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 29, 2005 1:06 PM To: Michael Scheidell; MJ; amavis-user@lists.sourceforge.net Subject: RE: [AMaViS-user] what to do with Quarantined messages --- Michael Scheidell <[EMAIL PROTECTED]> wrote: > find /var/amavis/virusmails -type f -mtime +7 -delete > > Should do it on most *nix systems. we do this weekly: find /var/amavis/quarantine -atime +90 -print0 | xargs -0 rm -f __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] what to do with Quarantined messages
Hi, Can some one suggest what is the best policy to deal with quarantined messages which are storing in /var/amavis/virusmais. Is there any built-function to remove very old messages from this directory? Or we have to write a cron script for this? Thanks, MJ --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
RE: [AMaViS-user] Can't connect to UNIX socket /var/run/clamav/clamd
The issue has already been resolved. Thanks, MJ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mohammad Junaid Sent: Wednesday, June 08, 2005 7:37 PM To: amavis-user@lists.sourceforge.net Subject: [AMaViS-user] Can't connect to UNIX socket /var/run/clamav/clamd Hi, Can someone help with following error? amavis[556]: [ID 702911 mail.error] (00556-05) ClamAV-clamd av-scanner FAILED: Too many retries to talk to /var /run/clamav/clamd (Can't connect to UNIX socket /var/run/clamav/clamd: No such file or directory) at (eval 39) line 264. Jun 8 17:11:53 sune amavis[556]: [ID 702911 mail.error] (00556-05) WARN: all primary virus scanners failed, considering backups earun 8 17:11:53 sune amavis[556]: [ID 702911 mail.debug] (00556-05) Using (ClamAV-clamscan): /usr/local/bin/clamscan --stdout --di sable-summary -r --tempdir=/var/amavis/tmp /var/amavis/tmp/amavis-20050608T165159-00556/parts --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/ --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
RE: [AMaViS-user] What will happen during failure of amavisd
Which parameter is responsible for this retry? My objective is that messages received during temporary unavailability of amavisd, should be delivered once amavisd starts again. How to achieve this objective? Thanks, MJ --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
RE: [AMaViS-user] What will happen during failure of amavisd
For testing, I stopped amavisd and sent one message from yahoo. It generates following error in my syslog postfix/smtp[338]: [ID 197553 mail.info] connect to 127.0.0.1[127.0.0.1]: Connection refused I then started amavisd but it didn't deliver the pending message. After that I ran postqueue -f to force the delivery of messages in the queue and I receive that message along with several other 2 3 day old messages. Why amavisd didn't deliver those messages which were arrived while amavisd was not running, can any one help on this? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sven Riedel Sent: Tuesday, June 14, 2005 5:55 PM To: amavis-user@lists.sourceforge.net Subject: RE: [AMaViS-user] What will happen during failure of amavisd Hi, > My question is that in case amavisd daemon stop > running due to some reason, the Server will not be able receive new > emails? Or postfix will keep receiving emails but with no scanning? It depends on your setup. If you're using a pre-queueing content filter you won't be able to receive mail until amavis is up and running again. If you're using amavis as a post-queing content filter, you won't lose any mail. It will all remain in the queue until amavis is running again, or the queue lifetime runs out (in which case a bounce is sent back to the sender). The usual postfix queue lifetime is 5 days, so you're on the safe side there. If you've set up amavis according to the amavis postfix README, you'll have a post-queueing content filter, which I'd recommend to use anyway. Regs, Sven --- This SF.Net email is sponsored by: NEC IT Guy Games. How far can you shotput a projector? How fast can you ride your desk chair down the office luge track? If you want to score the big prize, get to know the little guy. Play to win an NEC 61" plasma display: http://www.necitguy.com/?r ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/ --- This SF.Net email is sponsored by: NEC IT Guy Games. How far can you shotput a projector? How fast can you ride your desk chair down the office luge track? If you want to score the big prize, get to know the little guy. Play to win an NEC 61" plasma display: http://www.necitguy.com/?r=20 ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] What will happen during failure of amavisd
Hi, I am using a an AV/AS gateway using postfix, clamav, Spamassassin and amavisd-new on Solaris. My question is that in case amavisd daemon stop running due to some reason, the Server will not be able receive new emails? Or postfix will keep receiving emails but with no scanning? MJ --- This SF.Net email is sponsored by: NEC IT Guy Games. How far can you shotput a projector? How fast can you ride your desk chair down the office luge track? If you want to score the big prize, get to know the little guy. Play to win an NEC 61" plasma display: http://www.necitguy.com/?r=20 ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
RE: [AMaViS-user] 3 questions regarding SpamAssassin
Hi,
I am sorry, in an effort to limit the length of email during posting the
amavisd.conf, I was using "grep -v '#' amavisd.conf" not to get
commented lines, due to this reason I got incomplete amavisd.conf and
sent to you. My apologies for inconvenience. Below is the complete
amavisd.conf for review (Sorry again for full length file).
Now as you suggested that I should use /etc/mail/spamassassin/local.cf
as the Spamassassin config file. I have created one similar to one which
I found on the net.(it is also included below) almost all the parameters
are set to default.
If every thing is set to default value, is there any real need to define
these parameters? I didn't notice any change after creating this file.
Please look at both cfg files and suggest what to do next.
I know I am asking for too much but believe me I have spent several days
to read about on the net but still I have confusion.
Many Thanks,
MJ
- /etc/mail/spamassassin/local.cf--
use_bays1
bayes_auto_learn1
report_safe 1
skip_rbl_checks 0
use_razor2 1
use_dcc 0
use_pyzor 0
ok_languagesall
ok_locales all
--End--
---/etc/amavisd.conf
use strict;
# a minimalistic configuration file for amavisd-new with all necessary
settings
#
# see amavisd.conf-default for a list of all variables with their
defaults;
# see amavisd.conf-sample for a traditional-style commented file;
# for more details see documentation in INSTALL, README_FILES/*
# and at http://www.ijs.si/software/amavisd/amavisd-new-docs.html
# COMMONLY ADJUSTED SETTINGS:
# @bypass_virus_checks_maps = (1); # uncomment to DISABLE anti-virus
code
# @bypass_spam_checks_maps = (1); # uncomment to DISABLE anti-spam
code
$max_servers = 2;# number of pre-forked children (2..15 is
common)
$daemon_user = 'clamav'; # (no default; customary: vscan or
amavis)
$daemon_group = 'clamav'; # (no default; customary: vscan or
amavis)
$mydomain = '***mydomain.com'; # a convenient default for other
settings
$MYHOME = '/var/amavis'; # a convenient default for other settings
$TEMPBASE = "$MYHOME/tmp"; # working directory, needs to be created
manually
$ENV{TMPDIR} = $TEMPBASE;# environment variable TMPDIR
$QUARANTINEDIR = "$MYHOME/virusmails";
# $quarantine_subdir_levels = 1; # add level of subdirs to disperse
quarantine
# $daemon_chroot_dir = $MYHOME; # chroot directory or undef
# $db_home = "$MYHOME/db";
# $helpers_home = "$MYHOME/var"; # prefer $MYHOME clean and owned by
root?
# $pid_file = "$MYHOME/var/amavisd.pid";
# $lock_file = "$MYHOME/var/amavisd.lock";
#NOTE: create directories $MYHOME/tmp, $MYHOME/var, $MYHOME/db manually
@local_domains_maps = ( [".$mydomain"] );
# @mynetworks = qw( 127.0.0.0/8 [::1] [FE80::]/10 [FEC0::]/10
# 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 );
$log_level = 3; # verbosity 0..5
$log_recip_templ = undef;# disable by-recipient level-0 log entries
$DO_SYSLOG = 1; # log via syslogd (preferred)
$SYSLOG_LEVEL = 'mail.debug';
$enable_db = 1; # enable use of BerkeleyDB/libdb (SNMP and
nanny)
$enable_global_cache = 1;# enable use of libdb-based cache if
$enable_db=1
$inet_socket_port = 10024; # listen on this local TCP port(s) (see
$protocol)
# $unix_socketname = "$MYHOME/amavisd.sock"; # when using sendmail
milter
$sa_tag_level_deflt = 2.0; # add spam info headers if at, or above
that level
$sa_tag2_level_deflt = 6.31; # add 'spam detected' headers at that level
$sa_kill_level_deflt = 6.31; # triggers spam evasive actions
$sa_dsn_cutoff_level = 9;# spam level beyond which a DSN is not sent
$sa_quarantine_cutoff_level = 20; # spam level beyond which quarantine
is off
$sa_mail_body_size_limit = 200*1024; # don't waste time on SA if mail is
larger
$sa_local_tests_only = 0;# only tests which do not require internet
access?
$sa_auto_whitelist = 1; # turn on AWL in SA 2.63 or older
(irrelevant
# for SA 3.0, cf option is
'use_auto_whitelist')
$X_HEADER_TAG = 'X-Virus-Scanned';
$X_HEADER_LINE = "by amavisd-new at $mydomain";
$remove_existing_x_scanned_headers = 0;
# @lookup_sql_dsn =
# ( ['DBI:mysql:database=mail;host=127.0.0.1;port=3306', 'user1',
'passwd1'],
# ['DBI:mysql:database=mail;host=host2', 'username2', 'password2'],
# ["DBI:SQLite:dbname=$MYHOME/sql/mail_prefs.sqlite", '', ''] );
# @storage_sql_dsn = @lookup_sql_dsn; # none, same, or separate
database
$virus_admin = "[EMAIL
RE: [AMaViS-user] 3 questions regarding SpamAssassin
>These assing the score to a message, $sa_kill_level_deflt does the killing if the sum of the scores for that particular message exceeds $sa_kill_level_deflt How SA calculates the "sum of the scores"? Sorry for repetitive questions. Thanks, MJ --- This SF.Net email is sponsored by: NEC IT Guy Games. How far can you shotput a projector? How fast can you ride your desk chair down the office luge track? If you want to score the big prize, get to know the little guy. Play to win an NEC 61" plasma display: http://www.necitguy.com/?r=20 ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
RE: [AMaViS-user] 3 questions regarding SpamAssassin
Thanks Daniel and Gary and others.
Actually I am trying to configure an anitivirus/antispam gateway using
postfix,spamassassin,clamav and amavisd on solaris. SpamAssasin is
giving me tough time. I have read so many articles, but still I don't
know what to do next. Few people suggests me that with amavisd there is
no need to configure anything in /etc/mail/spamassassin/local.cf as
every thing will be controled by /etc/amavisd.conf, therefore I left it
empty". I have testing spam checking is running but I want to
know more about before putting it into the production. Can some guide me
what to do next.
I know this not good but I have confustion so I am copying my
amavisd.conf here, if some one can look at it and guide me if it is
correct or not.
use strict;
$QUARANTINEDIR = "$MYHOME/virusmails";
@local_domains_maps = ( [".$mydomain"] );
$SYSLOG_LEVEL = 'mail.debug';
$X_HEADER_TAG = 'X-Virus-Scanned';
$X_HEADER_LINE = "by amavisd-new at $mydomain";
$remove_existing_x_scanned_headers = 0;
@addr_extension_virus_maps = ('virus');
@addr_extension_spam_maps = ('spam');
@addr_extension_banned_maps = ('banned');
@addr_extension_bad_header_maps = ('badh');
$path = '/usr/local/sbin:/usr/local/bin:/usr/sbin:/sbin:/usr/bin:/bin';
$MAXLEVELS = 14;
$MAXFILES = 1500;
$sa_spam_subject_tag = '***SPAM*** ';
$final_virus_destiny = D_BOUNCE;
$final_spam_destiny = D_BOUNCE;
@viruses_that_fake_sender_maps = (new_RE(
));
@keep_decoded_original_maps = (new_RE(
qr'^(ASCII(?! cpio)|text|uuencoded|xxencoded|binhex)'i,
));
$banned_filename_re = new_RE(
qr'\.[^./]*[A-Za-z][^./]*\.(exe|vbs|pif|scr|bat|cmd|com|cpl|dll)\.?$'i,
qr'^application/x-msdos-program$'i,
qr'^application/hta$'i,
);
[qr'^(bulkmail|offers|cheapbenefits|earnmoney|foryou)@'i =>
5.0],
[qr'^(greatcasino|investments|lose_weight_today|market\.alert)@'i=>
5.0],
[qr'^(money2you|MyGreenCard|new\.tld\.registry|opt-out|opt-in)@'i=>
5.0],
[qr'^(optin|saveonlsmoking2002k|specialoffer|specialoffers)@'i =>
5.0],
[qr'^(stockalert|stopsnoring|wantsome|workathome|yesitsfree)@'i =>
5.0],
[qr'^(your_friend|greatoffers)@'i=>
5.0],
[qr'^(inkjetplanet|marketopt|MakeMoney)\d*@'i=>
5.0],
),
'[EMAIL PROTECTED]'=> -3.0,
'[EMAIL PROTECTED]' => -3.0,
'[EMAIL PROTECTED]'=> -3.0,
'[EMAIL PROTECTED]' => -3.0,
'bugtraq@securityfocus.com' => -3.0,
'[EMAIL PROTECTED]' => -3.0,
'[EMAIL PROTECTED]' => -3.0,
'[EMAIL PROTECTED]' => -3.0,
'[EMAIL PROTECTED]'=> -3.0,
'[EMAIL PROTECTED]' => -3.0,
'[EMAIL PROTECTED]'=> -3.0,
'[EMAIL PROTECTED]' => -3.0,
'[EMAIL PROTECTED]' => -3.0,
'[EMAIL PROTECTED]' => -3.0,
'[EMAIL PROTECTED]'=> -3.0,
'[EMAIL PROTECTED]' => -3.0,
'[EMAIL PROTECTED]' => -3.0,
'[EMAIL PROTECTED]' => -3.0,
'[EMAIL PROTECTED]' => -3.0,
'[EMAIL PROTECTED]' => -3.0,
'[EMAIL PROTECTED]' => -3.0,
'[EMAIL PROTECTED]'=> -3.0,
'[EMAIL PROTECTED]'=> -3.0,
'[EMAIL PROTECTED]'=> -5.0,
'[EMAIL PROTECTED]' => -3.0,
'returns.groups.yahoo.com' => -3.0,
'[EMAIL PROTECTED]' => -3.0,
lc('[EMAIL PROTECTED]')=> -3.0,
lc('[EMAIL PROTECTED]') => -5.0,
'[EMAIL PROTECTED]' => 3.0,
'.example.net' => 1.0,
},
});
@decoders = (
['mail', \&do_mime_decode],
['asc', \&do_ascii],
['uue', \&do_ascii],
['hqx', \&do_ascii],
['ync', \&do_ascii],
['F',\&do_uncompress, ['unfreeze','freeze -d','melt','fcat'] ],
['Z',\&do_uncompress, ['uncompress','gzip -d','zcat'] ],
['gz', \&do_gunzip],
['gz', \&do_uncompress, 'gzip -d'],
['bz2', \&do_uncompress, 'bzip2 -d'],
['lzo', \&do_uncompress, 'lzop -d'],
['rpm', \&do_uncompress, ['rpm2cpio.pl','rpm2cpio'] ],
['cpio', \&do_pax_cpio, ['pax','gcpio','cpio'] ],
['tar', \&do_pax_cpio, ['pax','gcpio','cpio'] ],
['tar', \&do_tar],
['deb', \&do_ar, 'ar'],
['zip', \&do_unzip],
['rar', \&do_unrar, ['rar','unrar'] ],
['arj', \&do_unarj, ['arj','unarj'] ],
['arc', \&do_arc,['nomarch','arc'] ],
['zoo', \&do_zoo, 'zoo'],
['lha', \&do_lha, 'lha'],
['cab', \&do_cabextract, 'cabextract'],
['tnef', \&do_tnef_ext,'tnef'],
['tnef', \&do_tnef],
['exe', \&do_executable, ['rar','unrar'], 'lha', ['arj','unarj'] ],
);
@av_scanners = (
['ClamAV-clamd',
\&ask_daemon, ["CONTSCAN {}\n", "/var/amavis/clamd.socket"],
qr/\bOK$/, qr/\bFOUND$/,
qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
['KasperskyLab AVP - aveclient',
['/usr/local/kav/bin/aveclient','/usr/loc
RE: [AMaViS-user] 3 questions regarding SpamAssassin
> I mean does each similar message increments the ratio? >Of course not. Can you please what is the concept of $sa_kill_level_deflt in amavisd.conf and what relationship does it has with /usr/local/share/spamassassin/50_scores.cf. Many thanks, MJ --- This SF.Net email is sponsored by: NEC IT Guy Games. How far can you shotput a projector? How fast can you ride your desk chair down the office luge track? If you want to score the big prize, get to know the little guy. Play to win an NEC 61" plasma display: http://www.necitguy.com/?r=20 ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
RE: [AMaViS-user] 3 questions regarding SpamAssassin
> Which score set are you talking about? I am talking about the set of four scores defined in /usr/local/share/spamassassin/50_scores.cf > The score is per message. If the score of the message exceeds the limit, the action is taken. I mean does each similar message increments the ratio? Thanks, MJ --- This SF.Net email is sponsored by: NEC IT Guy Games. How far can you shotput a projector? How fast can you ride your desk chair down the office luge track? If you want to score the big prize, get to know the little guy. Play to win an NEC 61" plasma display: http://www.necitguy.com/?r=20 ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] 3 questions regarding SpamAssassin
Hi, I configuring amavisd-new with Postfix SpamAssassin and clamav on Solaris, to act as AV/AS gateway to our main mail system. I have gone through several docs on the web and also "perldoc Mail::SpamAssassin::Conf" but still I have few basic questions. Any help in this regard will be highly appreciated. 1- How Spam checking is enabled with amavisd even there is no SpamAssassin daemon running. My question is that do I need to run any SpamAssassin daemon? If yes then which one spamd or Spamassasin, also why Spam checking works even if there is no daemon running? 2- How can I know that which score set (0,1,2,3) is applicable? Most of my config is default, so I don't know it is using "Bayes" and "Network Tests" or not. 3- I have confusion in score/hits. If one item has score 2 and my kill tag is set to 6 then if 3 messages pass through amavis with same item, it will be blocked as SPAM? MJ --- This SF.Net email is sponsored by: NEC IT Guy Games. How far can you shotput a projector? How fast can you ride your desk chair down the office luge track? If you want to score the big prize, get to know the little guy. Play to win an NEC 61" plasma display: http://www.necitguy.com/?r=20 ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] Can't connect to UNIX socket /var/run/clamav/clamd
Hi, Can someone help with following error? amavis[556]: [ID 702911 mail.error] (00556-05) ClamAV-clamd av-scanner FAILED: Too many retries to talk to /var /run/clamav/clamd (Can't connect to UNIX socket /var/run/clamav/clamd: No such file or directory) at (eval 39) line 264. Jun 8 17:11:53 sune amavis[556]: [ID 702911 mail.error] (00556-05) WARN: all primary virus scanners failed, considering backups earun 8 17:11:53 sune amavis[556]: [ID 702911 mail.debug] (00556-05) Using (ClamAV-clamscan): /usr/local/bin/clamscan --stdout --di sable-summary -r --tempdir=/var/amavis/tmp /var/amavis/tmp/amavis-20050608T165159-00556/parts --- This SF.Net email is sponsored by: NEC IT Guy Games. How far can you shotput a projector? How fast can you ride your desk chair down the office luge track? If you want to score the big prize, get to know the little guy. Play to win an NEC 61" plasma display: http://www.necitguy.com/?r=20 ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
RE: [AMaViS-user] Starting amavis at system startup "/etc/init.d/functions: not found"
Thanks for your help. Now it is working.
MJ
-Original Message-
From: Mike Cappella [mailto:[EMAIL PROTECTED]
Sent: Tuesday, June 07, 2005 8:07 PM
To: 'MJ'
Subject: RE: [AMaViS-user] Starting amavis at system startup
"/etc/init.d/functions: not found"
I'm sorry, here's the update. I had changed a function call to "echo"
which
both echo its output then ran the program, but that of course would not
run
the program.
This should fix:
---
#!/bin/sh
#
# amavisd This script controls the amavisd-new daemon.
# (to be used with version amavisd-new-20020630 or later)
#
# description: amavisd is an interface between MTA and content checkers
# processname: amavisd
# pidfile: /var/amavis/amavisd.pid
prog="/usr/local/sbin/amavisd"
prog_base="$(basename ${prog})"
prog_config_file="/etc/amavisd.conf"
RETVAL=0
# See how we were called.
case "$1" in
start)
echo $"Starting ${prog_base}:" ${prog} -c ${prog_config_file}
${prog} -c ${prog_config_file}
RETVAL=$?
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/${prog_base}
echo
;;
stop)
echo $"Shutting down ${prog_base}:" ${prog} -c
${prog_config_file}
stop
${prog} -c ${prog_config_file} stop
RETVAL=$?
if [ $RETVAL -eq 0 ] ; then
echo "${prog_base} stopped"
rm -f /var/lock/subsys/${prog_base}
else
echo
fi
;;
restart)
$0 stop
$0 start
RETVAL=$?
;;
reload)
echo $"Reloading ${prog_base}:" ${prog} -c ${prog_config_file}
reload
RETVAL=$?
;;
*)
echo "Usage: $0 {start|stop|status|restart|reload}"
exit 1
esac
exit $RETVAL
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of MJ
Sent: Tuesday, June 07, 2005 9:17 AM
To: 'Mike Cappella'
Cc: amavis-user@lists.sourceforge.net
Subject: RE: [AMaViS-user] Starting amavis at system startup
"/etc/init.d/functions: not found"
Initially it was giving error for the directory /var/lock/subsystems,
then I
created the directory. Now it is not giving any error but still it is
not
running.
MJ
---
This SF.Net email is sponsored by: NEC IT Guy Games. How far can you
shotput a projector? How fast can you ride your desk chair down the
office
luge track?
If you want to score the big prize, get to know the little guy.
Play to win an NEC 61" plasma display: http://www.necitguy.com/?r=20
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
---
This SF.Net email is sponsored by: NEC IT Guy Games. How far can you shotput
a projector? How fast can you ride your desk chair down the office luge track?
If you want to score the big prize, get to know the little guy.
Play to win an NEC 61" plasma display: http://www.necitguy.com/?r=20
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
RE: [AMaViS-user] Starting amavis at system startup "/etc/init.d/functions: not found"
Initially it was giving error for the directory /var/lock/subsystems, then I created the directory. Now it is not giving any error but still it is not running. MJ --- This SF.Net email is sponsored by: NEC IT Guy Games. How far can you shotput a projector? How fast can you ride your desk chair down the office luge track? If you want to score the big prize, get to know the little guy. Play to win an NEC 61" plasma display: http://www.necitguy.com/?r=20 ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
RE: [AMaViS-user] Starting amavis at system startup "/etc/init.d/functions: not found"
Hi, Thanks. What modifications are required? I commented functions line but now it is giving error on other lines. MJ --- This SF.Net email is sponsored by: NEC IT Guy Games. How far can you shotput a projector? How fast can you ride your desk chair down the office luge track? If you want to score the big prize, get to know the little guy. Play to win an NEC 61" plasma display: http://www.necitguy.com/?r=20 ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] Starting amavis at system startup "/etc/init.d/functions: not found"
Hi, I have installed "amavisd-new-2.3.1" on Solaris 8. I want to start amavis during system startup, and I have copied "amavisd_init.sh" as "/etc/init.d/amavis", also I have created softlink in rc2. When I run "/etc/init.d/amavis" start, it gives me following error. /etc/init.d/amavis: /etc/init.d/functions: not found Please help --- This SF.Net email is sponsored by: NEC IT Guy Games. How far can you shotput a projector? How fast can you ride your desk chair down the office luge track? If you want to score the big prize, get to know the little guy. Play to win an NEC 61" plasma display: http://www.necitguy.com/?r=20 ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] No primary av scanner
Hi, I am testing amavisd-new along with SpamAssassin and ClamAV on solaris 8. Things are going fine but I am wondering that why amavisd logs this error "No primary av scanner" , Found secondary av scanner ClamAV-clamscan at /usr/local/bin/clamscan. My question is that what is the difference between primary and secondary av scanner? Is it due to some configuration problem or some thing else? MJ --- This SF.Net email is sponsored by Yahoo. Introducing Yahoo! Search Developer Network - Create apps using Yahoo! Search APIs Find out how you can build Yahoo! directly into your own Applications - visit http://developer.yahoo.net/?fr=offad-ysdn-ostg-q22005 ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
