[AMaViS-user] Fwd: amavisd-release and socket
OK, I changed the $socket_name to 127.0.01:10024 and I can now connect to the amavisd-new daemon. But when I execute the command: # amavisd-release spam-2zAVsTgWNieU.gz my logs show the output below (this is with log_level = 5) and appears to be hung. Can anybody explain to me what I am doing wrong here? thanks, mike Dec 6 07:42:09 ren0406 amavis[30448]: loaded base policy bank Dec 6 07:42:09 ren0406 amavis[30448]: lookup_ip_acl (inet_acl): key=" 127.0.0.1" matches "127.0.0.1", result=1 Dec 6 07:42:09 ren0406 amavis[30448]: prolong_timer after new request - timer reset: remaining time = 480 s Dec 6 07:42:09 ren0406 amavis[30448]: process_request: suggested_protocol="" on TCP Dec 6 07:42:09 ren0406 amavis[30448]: (30448-01) SMTP> 220 [127.0.0.1] ESMTP amavisd-new service ready Dec 6 07:42:09 ren0406 amavis[30448]: (30448-01) idle_proc, 4: was busy, 5.7 ms, total idle 0.000 s, busy 0.006 s Dec 6 07:42:09 ren0406 amavis[30448]: (30448-01) idle_proc, 5: was idle, 0.4 ms, total idle 0.000 s, busy 0.006 s Dec 6 07:42:09 ren0406 amavis[30448]: (30448-01) prolong_timer after reading SMTP command: remaining time = 480 s Dec 6 07:42:09 ren0406 amavis[30448]: (30448-01) SMTP< request=release\r\n Dec 6 07:42:09 ren0406 amavis[30448]: (30448-01) SMTP: 500 5.5.2 Error: bad syntax; PENALIZE: request=release\r\n Dec 6 07:42:14 ren0406 amavis[30448]: (30448-01) SMTP> 500 5.5.2 Error: bad syntax Dec 6 07:42:14 ren0406 amavis[30448]: (30448-01) idle_proc, 6: was busy, 5004.1 ms, total idle 0.000 s, busy 5.010 s Dec 6 07:42:14 ren0406 amavis[30448]: (30448-01) idle_proc, 5: was idle, 0.1 ms, total idle 0.001 s, busy 5.010 s Dec 6 07:42:14 ren0406 amavis[30448]: (30448-01) prolong_timer after reading SMTP command: remaining time = 475 s Dec 6 07:42:14 ren0406 amavis[30448]: (30448-01) SMTP< quar_type=Z\r\n Dec 6 07:42:14 ren0406 amavis[30448]: (30448-01) SMTP: 500 5.5.2 Error: bad syntax; PENALIZE: quar_type=Z\r\n Dec 6 07:42:19 ren0406 amavis[30448]: (30448-01) SMTP> 500 5.5.2 Error: bad syntax Dec 6 07:42:19 ren0406 amavis[30448]: (30448-01) idle_proc, 6: was busy, 5003.9 ms, total idle 0.001 s, busy 10.014 s Dec 6 07:42:19 ren0406 amavis[30448]: (30448-01) idle_proc, 5: was idle, 0.1 ms, total idle 0.001 s, busy 10.014 s Dec 6 07:42:19 ren0406 amavis[30448]: (30448-01) prolong_timer after reading SMTP command: remaining time = 470 s Dec 6 07:42:19 ren0406 amavis[30448]: (30448-01) SMTP< mail_id=2zAVsTgWNieU\r\n Dec 6 07:42:19 ren0406 amavis[30448]: (30448-01) SMTP: 500 5.5.2 Error: bad syntax; PENALIZE: mail_id=2zAVsTgWNieU\r\n Dec 6 07:42:24 ren0406 amavis[30448]: (30448-01) SMTP> 500 5.5.2 Error: bad syntax Dec 6 07:42:24 ren0406 amavis[30448]: (30448-01) idle_proc, 6: was busy, 5003.9 ms, total idle 0.001 s, busy 15.018 s Dec 6 07:42:24 ren0406 amavis[30448]: (30448-01) idle_proc, 5: was idle, 0.1 ms, total idle 0.001 s, busy 15.018 s Dec 6 07:42:24 ren0406 amavis[30448]: (30448-01) prolong_timer after reading SMTP command: remaining time = 465 s Dec 6 07:42:24 ren0406 amavis[30448]: (30448-01) SMTP< mail_file= spam-2zAVsTgWNieU.gz\r\n Dec 6 07:42:24 ren0406 amavis[30448]: (30448-01) SMTP: 500 5.5.2 Error: bad syntax; PENALIZE: mail_file=spam-2zAVsTgWNieU.gz\r\n Dec 6 07:42:29 ren0406 amavis[30448]: (30448-01) SMTP> 500 5.5.2 Error: bad syntax Dec 6 07:42:29 ren0406 amavis[30448]: (30448-01) idle_proc, 6: was busy, 5003.9 ms, total idle 0.001 s, busy 20.021 s Dec 6 07:42:29 ren0406 amavis[30448]: (30448-01) idle_proc, 5: was idle, 0.1 ms, total idle 0.001 s, busy 20.021 s Dec 6 07:42:29 ren0406 amavis[30448]: (30448-01) prolong_timer after reading SMTP command: remaining time = 460 s Dec 6 07:42:29 ren0406 amavis[30448]: (30448-01) SMTP< \r\n Dec 6 07:42:29 ren0406 amavis[30448]: (30448-01) SMTP: 500 5.5.2 Error: bad syntax; PENALIZE: \r\n Dec 6 07:42:34 ren0406 amavis[30448]: (30448-01) SMTP> 500 5.5.2 Error: bad syntax Dec 6 07:42:34 ren0406 amavis[30448]: (30448-01) idle_proc, 6: was busy, 5003.9 ms, total idle 0.001 s, busy 25.025 s -- Forwarded message -- From: Mike Kenny <[EMAIL PROTECTED]> Date: Dec 6, 2007 6:52 AM Subject: amavisd-release and /var/ To: amavis-user@lists.sourceforge.net Hi, we are using amavisd-new-2.3.3-17.2 on SuSE 10. It is configured to use INET, not UNIX, sockets as this was considered to provide more flexibility in a multi-server environment. Now we want to start using amavisd-release to release false positives. This is reporting: Can't connect to UNIX socket /var/amavis/amavisd.sock: No such file or directory at /usr/sbin/amavisd-release line 191. The path referred to above does not appear anywhere in our configuration file, nor should it as we are using INET port 10024 for amavis. What do I need to change to enabel this functionality? Bearing in mind that we will want to execute the release from a remote server. Is this a configuration issue? Or
[AMaViS-user] amavisd-release and /var/
Hi, we are using amavisd-new-2.3.3-17.2 on SuSE 10. It is configured to use INET, not UNIX, sockets as this was considered to provide more flexibility in a multi-server environment. Now we want to start using amavisd-release to release false positives. This is reporting: Can't connect to UNIX socket /var/amavis/amavisd.sock: No such file or directory at /usr/sbin/amavisd-release line 191. The path referred to above does not appear anywhere in our configuration file, nor should it as we are using INET port 10024 for amavis. What do I need to change to enabel this functionality? Bearing in mind that we will want to execute the release from a remote server. Is this a configuration issue? Or can it be addressed on the command line? (I can find not documentation on amavisd-release and my PERL was rusty 10 years and has not improved) mike - SF.Net email is sponsored by: The Future of Linux Business White Paper from Novell. From the desktop to the data center, Linux is going mainstream. Let it simplify your IT future. http://altfarm.mediaplex.com/ad/ck/8857-50307-18918-4 ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] amavis as a proxy
Thanks Noel. I hadn't considered the STARTTLS issue (and probably many others). Not what I wanted to hear, but better that I hear it now than later mike On 9/25/07, Noel Jones <[EMAIL PROTECTED]> wrote: > > At 01:25 AM 9/25/2007, Mike Kenny wrote: > >We are in the unfortunate position of supporting an ISP environment where > >our users either connect to our SMTP servers and their mail gets filtered > by > >our defenses or they can connect to an smtp server of their choice (i.e. > we > >don't block port 25). In the latter case the spam defenses may not be as > >effective as we would like. This results in mail leaving our network > >containing some spam. This obviously won't do. > > > >Since many of our users are corporates who insist on using their own > servers > >for reasons of legalese insertion, signatures, corporate image, etc. we > need > >to place a proxy on port 25 traffic to apply our own rules to mail, > before > >it reaches the target server. Postix, it seems, is not designed for this > >purpose and introduces all sorts of header re-writing issues in order to > >maintain the appearance of passing directly through the target smtp. I > have > >been wondering what would be the impact of bypassing the MTA and using > >amavisd-new as the proxy. > > > >I have run some minimal tests with amavisd listening on port 25 and > postfix > >on a second machine. In so far as I have been able to test this > >configuration it appears to be doing what I want. Spam gets blocked by > the > >amavis server, mails that pass through appear to never have touched our > >servers, bounce messages from the target server are passed directly to > the > >real sender, bypassing our servers. > > > >Because of the nature of the usage of our service most connections to > this > >environment will be from MUAs rather than MTAs. > > > >I feel that I must be missing something, that it can't be as easy as it > >appears to be. I just am not sure where I should be looking. I know that > I > >may have issues with bounce notifications from amavisd (I have been > unable > >to test this properly yet) and that there be timing issues while a > sending > >MTA waits for an OK from amavisd. Also, I am not sure about the message > >integrity. If amavisd was to die during processing, where would the > message > >be? Or would this be any different than normal usage of amavis? > > > >I know that the above is not the way things should be done but, in my > >defense, a) I have no choice due to the way my employers operate and b) > it > >will only be short term solution pending implementation of a more > permanent > >solution. > > > >Any comments, warnings, pointers, etc. greatly appreciated. > > > >mike > > Amavisd-new is not designed as a transparent proxy, and is unlikely > to perform very well when used in that manner. The two biggest > problems I can think of are a) amavisd-new is designed to connect to > a specified endpoint, not to an arbitrary server on the internet and > b) will not propagate STARTTLS sessions, preventing MUA submitters > from logging on to servers that require TLS before they will do AUTH > - a common configuration. I expect there are other practical reasons > this isn't a very good idea, such as simply throughput limitations. > What about privacy issues? Do you have the right to intercept mail > from paying customers in this manner? > > I think you and your customers are better off if you simply block > outbound port 25 by default and then unblock for static IP customers > on request - maybe just let them send an email or fill out a web form > rather than calling tech support. Then an automated check of the > more widely used RBLs for IPs listed in your customer range every so > often. You may already have a pretty good idea of who is running > their own mail server and can proactively unblock them. > > For customers that use an MUA to submit mail to some "foreign" > server, nearly all servers offer service on the "submission" port > just for this purpose; most shouldn't need access to port 25. I > understand this will require some customers to change settings on > their mail software, so may be rather distasteful to your > organization. Presented as a method to increase customer security > and improve service may make it more palatable. > > Anyway, HTH. > > -- > Noel Jones > > - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] amavis as a proxy
We are in the unfortunate position of supporting an ISP environment where our users either connect to our SMTP servers and their mail gets filtered by our defenses or they can connect to an smtp server of their choice (i.e. we don't block port 25). In the latter case the spam defenses may not be as effective as we would like. This results in mail leaving our network containing some spam. This obviously won't do. Since many of our users are corporates who insist on using their own servers for reasons of legalese insertion, signatures, corporate image, etc. we need to place a proxy on port 25 traffic to apply our own rules to mail, before it reaches the target server. Postix, it seems, is not designed for this purpose and introduces all sorts of header re-writing issues in order to maintain the appearance of passing directly through the target smtp. I have been wondering what would be the impact of bypassing the MTA and using amavisd-new as the proxy. I have run some minimal tests with amavisd listening on port 25 and postfix on a second machine. In so far as I have been able to test this configuration it appears to be doing what I want. Spam gets blocked by the amavis server, mails that pass through appear to never have touched our servers, bounce messages from the target server are passed directly to the real sender, bypassing our servers. Because of the nature of the usage of our service most connections to this environment will be from MUAs rather than MTAs. I feel that I must be missing something, that it can't be as easy as it appears to be. I just am not sure where I should be looking. I know that I may have issues with bounce notifications from amavisd (I have been unable to test this properly yet) and that there be timing issues while a sending MTA waits for an OK from amavisd. Also, I am not sure about the message integrity. If amavisd was to die during processing, where would the message be? Or would this be any different than normal usage of amavis? I know that the above is not the way things should be done but, in my defense, a) I have no choice due to the way my employers operate and b) it will only be short term solution pending implementation of a more permanent solution. Any comments, warnings, pointers, etc. greatly appreciated. mike - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Bypass/whitlist a sender
look at either 'bypass_spam_checks' or 'score_sender_maps' I think the latter is what you require. assign the local sender a negative score, this will reduce any spam score they aquire by that amount. I think the first option above may be just for incoming, not sure about this mike On 6/28/07, Azfar Hashmi <[EMAIL PROTECTED]> wrote: > > Is it possible to whitelist or bypass spam check for specific local > sender. > - > This SF.net email is sponsored by DB2 Express > Download DB2 Express C - the FREE version of DB2 express and take > control of your XML. No limits. Just data. Click to get it now. > http://sourceforge.net/powerbar/db2/ > ___ > AMaViS-user mailing list > AMaViS-user@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/amavis-user > AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 > AMaViS-HowTos:http://www.amavis.org/howto/ > - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] clamd dying on /var/lib/clamav/clamd.socket
Hi, I am running 2 identical mail server, both using the same versions of SUSE 10.1, postfix, amavisd-new, etc. Configuration files are identical, etc. I have no problem on one of these, mx1, but it's sibling mx2 is giving me heartache. clamd dies frequently, usually early morning and late evening, with the following error(s) in /var/log/messages: Feb 13 07:13:05 mx2 amavis[5405]: (05405-06) ClamAV-clamd av-scanner FAILED: Too many retries to talk to /var/lib/clamav/clamd.socket (Can't connect to UNIX soc ket /var/lib/clamav/clamd.socket: Connection refused) at (eval 50) line 266. I cannot figure out what is happening. The sockets look the same on both systems, permissions are fine, everything SHOULD ehave identically, but it still dies on me. The only difference that I can think of is that some python scripts execute on mx2 that may place a larger load on the CPU (though this is monitored and I don't receive any alarms, which are set at 90% CPU). But, even if this is the case I don't know what parameter to tune to circumvent the issue. I have tried increasing MaxConnectionQueueLength from 15 to 30 and MaxThreads from 10 to 2 in /etc/clamav.conf in case I hitting some load issue. This had no effect and to be honest, I don't even know for sure that this is the correct configuration file. Anybody got any pointers for me? mike - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier. Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
