Re: [AMaViS-user] Amavis bad header dropping attachments on some mails
On 11/16/2010 8:14 PM, Jay Mobile wrote: > Dear Noel, > > How can I find if the message is "defanging" ? > > > check the logs. -- Beautiful is writing same markup. Internet Explorer 9 supports standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3. Spend less time writing and rewriting code and more time creating great experiences on the web. Be a part of the beta today http://p.sf.net/sfu/msIE9-sfdev2dev ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user Please visit http://www.ijs.si/software/amavisd/ regularly For administrativa requests please send email to rainer at openantivirus dot org
Re: [AMaViS-user] Multiple postfix servers using a single amavis server
On 11/16/2010 12:17 PM, Matias Banchoff wrote: > Hello, > I have a question regarding the $forward_method variable. > I have two postfix servers and only one amavis server installed. Is > it possible to have amavis check mails from both postfix servers and > reinject the email to the corresponding server. > I ask because $forward_method allows only one IP Address. The idea is > to have one postfix per domain and all those emails being checked with > only one amavis. > > Thank you! > From the RELEASE_NOTES... To make it possible for several hosts to share one content checking daemon, the IP address and/or the port number in $forward_method and $notify_method may be specified as an asterisk. An asterisk in the colon-separated second field (host) will be replaced by the SMTP client peer address (i.e. the MTA host). An asterisk in the third field (tcp port) will be replaced by the incoming SMTP/LMTP session port number plus one. This obsoletes the previously used less flexible configuration parameter $relayhost_is_client. An example: $forward_method = 'smtp:*:*'; $notify_method = 'smtp:[127.0.0.1]:10025'; The same functionality can also by achieved by using a bigger hammer, the policy banks. These may completely replace the global settings for $forward_method and $notify_method, based on incoming port number; -- Beautiful is writing same markup. Internet Explorer 9 supports standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3. Spend less time writing and rewriting code and more time creating great experiences on the web. Be a part of the beta today http://p.sf.net/sfu/msIE9-sfdev2dev ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user Please visit http://www.ijs.si/software/amavisd/ regularly For administrativa requests please send email to rainer at openantivirus dot org
Re: [AMaViS-user] Amavis bad header dropping attachments on some mails
On 11/16/2010 3:49 AM, Jay Mobile wrote: > Dear all, > I recently encountered an issue where my clients tell that they see the > e-mail body but the attachment Is not present. I checked the mail.log and saw > Passed BAD-HEADER , quarantine: H/badh for the suspecting mails. This is only > encountered from a specific sender only. can u pls help me in resolving this > thanks! > > Kind Regards > Jay Does amavisd-new report defanging the message? If not, then the message arrived broken and amavisd-new simply reported the fact. -- Noel Jones -- Beautiful is writing same markup. Internet Explorer 9 supports standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3. Spend less time writing and rewriting code and more time creating great experiences on the web. Be a part of the beta today http://p.sf.net/sfu/msIE9-sfdev2dev ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user Please visit http://www.ijs.si/software/amavisd/ regularly For administrativa requests please send email to rainer at openantivirus dot org
Re: [AMaViS-user] BAD-HEADER-[0-9]
On 11/3/2010 11:51 AM, Ralf Hildebrandt wrote:
> What exactly does the number behind BAD-HEADER- mean?
> # zfgrep -i BAD-HEADER /var/log/OLD/*/mail.log* | awk '{print $8}' | sort |
> uniq -c | sort -n
>2 BAD-HEADER-3,
> 27 BAD-HEADER-6,
> 125 BAD-HEADER-1,
> 259 BAD-HEADER-4,
> 496 BAD-HEADER-5,
> 2958 BAD-HEADER-8,
> 5436 BAD-HEADER-2,
>10564 BAD-HEADER-7,
>
found this in the main program...
CC_BADH.',1', "id=%n - BAD HEADER: MIME error",
CC_BADH.',2', "id=%n - BAD HEADER: nonencoded 8-bit
character",
CC_BADH.',3', "id=%n - BAD HEADER: contains invalid
control character",
CC_BADH.',4', "id=%n - BAD HEADER: line made up
entirely of whitespace",
CC_BADH.',5', "id=%n - BAD HEADER: line longer than RFC
2822 limit",
CC_BADH.',6', "id=%n - BAD HEADER: syntax error",
CC_BADH.',7', "id=%n - BAD HEADER: missing required
header field",
CC_BADH.',8', "id=%n - BAD HEADER: duplicate header field",
CC_BADH,"id=%n - BAD HEADER",
-- Noel Jones
--
Achieve Improved Network Security with IP and DNS Reputation.
Defend against bad network traffic, including botnets, malware,
phishing sites, and compromised hosts - saving your company time,
money, and embarrassment. Learn More!
http://p.sf.net/sfu/hpdev2dev-nov
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
Please visit http://www.ijs.si/software/amavisd/ regularly
For administrativa requests please send email to rainer at openantivirus dot
org
Re: [AMaViS-user] Header check ?
On 10/12/2010 5:50 AM, Peter Sørensen wrote: > Hi, > > I have a situation where I need to check for a specific X-HEADER-SOMEVALUE > after > Content scanning with amavisd. I have a setup like: > > > > ð POSTFIX MTA PORT 25 => AMAVISD PORT 10024 => POSTFIX MTA PORT 10025 > > I am well aware of the possibilities in postfix to do header checks but this > will catch > The header before amavisd and I need to catch it after amavisd. > > I need to have the standard header_checks enabled in my POSTFIX MTA PORT 25 > because > In some situations I need to catch headers before amavisd > > Any ideas ? > header_checks are controlled by the postfix cleanup process. you can define a "custom" cleanup process for the postfix smtpd on 10025 with your header checks. Basic idea: # master.cf # this is a copy of the standard cleanup line: cleanup_amavisd unix n - n - 0 cleanup -o header_checks=regexp:/path/to/header_checks_amavis # this is the postfix reinjection port 127.0.0.1:10025 inet n - n - - smtpd -o cleanup_service_name=cleanup_amavisd ... other stuff ... Other examples and more details can be found in the postfix-users archives. -- Noel Jones -- Beautiful is writing same markup. Internet Explorer 9 supports standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3. Spend less time writing and rewriting code and more time creating great experiences on the web. Be a part of the beta today. http://p.sf.net/sfu/beautyoftheweb ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user Please visit http://www.ijs.si/software/amavisd/ regularly For administrativa requests please send email to rainer at openantivirus dot org
Re: [AMaViS-user] custom whitelisting rules
On 8/31/2010 2:21 AM, GP wrote: > Hi there, > > searched for some time and did not find answer, so here is my question. > Is it possible to whitelist sender-recipient domain pair with amavis? I > need rule to whitelist (skip any amavis checks) any mail from > *...@domain1.tld to *...@domain2.tld, mail from *...@domain2.tld to > *...@domain1.tld > must be checked as usual. I don't believe there is anything in amavisd-new for two-factor whitelisting. If you are pretty good with perl, I'm sure something can be added. > I have tried to do this with postfix check_policy_service in > smtpd_recipient_restrictions with no success. > > My postfix and amavis servers are separate machines and postfix > master.cf entry for content_filter is this: > > 628 inet n - n - - smtpd > -o content_filter=lmtp:amavis-server:10024 > > it seems that even if I set check_policy_service response to OK mail is > always going to amavis filter. The proper response would be FILTER foo:bar to select a content_filter, DUNNO for no filtering, no content_filter setting in postfix. Note selecting filtering based on recipient address is unreliable; a message may have multiple recipients, but only one content_filter or FILTER destination. > It is possible that it can be solved with postfix tweaks, but if I make > this work with amavis I will skip my headache reconfiguring postfix. -- Noel Jones -- This SF.net Dev2Dev email is sponsored by: Show off your parallel programming skills. Enter the Intel(R) Threading Challenge 2010. http://p.sf.net/sfu/intel-thread-sfd ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user Please visit http://www.ijs.si/software/amavisd/ regularly For administrativa requests please send email to rainer at openantivirus dot org
Re: [AMaViS-user] amavis hostname problem
On 8/9/2010 11:52 AM, Donald G. Knecht wrote: > My system uses SuSE 11.2. It is running the latest SuSE rpms. > > > > I had this working then the server rebooted and now amavis won't start. > > In fact I seem to remember bothering one of the authors about the hostname > bug. > > (There was a bug that hostnames with a hyphen weren't recognized as valid). > > I can't remember what the outcome was, but I know it was working for at > least six months. > > Now mail won't deliver. > > > > I get the following error messages: > > > > Aug 9 12:23:40 host-name postfix/smtp[6551]: connect to > 127.0.0.1[127.0.0.1]:10024: Connection refused > > > > And I think the connection is refused because amavis is not running. > > Output of netstat -tap: > > > > host-name:/ # netstat -tap > > Active Internet connections (servers and established) > > Proto Recv-Q Send-Q Local Address Foreign Address State > PID/Program name > > tcp0 0 localhost:dyna-access *:* LISTEN > 2740/clamd > > tcp0 0 localhost:783 *:* LISTEN > 2881/spamd.pid > > tcp0 0 *:sunrpc*:* LISTEN > 2095/rpcbind > > tcp0 0 *:ftp *:* LISTEN > 2805/pure-ftpd (SER > > tcp0 0 localhost:ipp *:* LISTEN > 2296/cupsd > > tcp0 0 *:smtp *:* LISTEN > 2680/master > > tcp0 0 *:22 *:* LISTEN > 2886/sshd > > tcp0 0 localhost:10025 *:* LISTEN > 2680/master > > tcp0 0 host-name.com:22 192.168.:isbconference1 > ESTABLISHED 6602/sshd: user [pr > > tcp0 0 host-name.com:smtp cvcw138.static.012:nirp > TIME_WAIT - > > tcp0 0 *:sunrpc*:* LISTEN > 2095/rpcbind > > tcp0 0 *:www-http *:* LISTEN > 2233/httpd2-itk > > tcp0 0 *:ftp *:* LISTEN > 2805/pure-ftpd (SER > > tcp0 0 localhost:ipp *:* LISTEN > 2296/cupsd > > tcp0 0 *:smtp *:* LISTEN > 2680/master > > tcp0 0 *:22 *:* LISTEN > 2886/sshd > > tcp0 0 localhost:10025 *:* LISTEN > 2680/master > > > > I try to restart amavis: > > > > hastys-fl:/ /etc/init.d/amavis restart > > Shutting down virus-scanner (amavisd-new): > done > > Starting virus-scanner (amavisd-new): The value of variable $myhostname is > "host-name", but should have been > >a fully qualified domain name; perhaps uname(3) did not provide such. > >You must explicitly assign a FQDN of this host to variable $myhostname > >in amavisd.conf, or fix what uname(3) provides as a host's network name! > > > failed > > > > > > The fqdn IS specified in /etc/ amavisd.conf -BUT amavis seems to ignore it. > > $myhostname=host-name.com > > > > THANKS for any help!! > > -don Seems to work for me. Aug 9 12:33:12 mgate3 amavis[97831]: starting. /usr/local/sbin/amavisd at mail-gate.example.org amavisd-new-2.6.4 (20090625), Unicode aware # grep myhostname amavisd.conf # $myhostname = 'host.example.com'; # must be a fully-qualified domain name! $myhostname = 'mail-gate.example.org'; Maybe you got the format wrong? -- Noel Jones -- This SF.net email is sponsored by Make an app they can't live without Enter the BlackBerry Developer Challenge http://p.sf.net/sfu/RIM-dev2dev ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user Please visit http://www.ijs.si/software/amavisd/ regularly For administrativa requests please send email to rainer at openantivirus dot org
Re: [AMaViS-user] AMaViS as before-queue content filter to Postfix?
On 6/29/2010 10:38 PM, Michael Orlitzky wrote: > On 06/29/2010 02:50 AM, Patrick Ben Koetter wrote: >> * Rich Wales: >>> I'm using Postfix 2.6.5, with AMaViSd-new 2.6.4 as an after-queue >>> content filter. Messages scoring above 5 are being quarantined for >>> later examination using MailZu. >>> >>> I would like to reconfigure my setup to use AMaViS as a before-queue >>> content filter -- rejecting messages scoring above 25 (or maybe 30), >>> accepting (and quarantining) messages scoring between 5 and 25 (or >>> 30), and delivering mail scoring below 5. >>> >>> How do I do this? >>> >>> I understand the "cons" about increased load on my mail server if I >>> adopt before-queue filter mode, and I'm prepared to deal with this. >> >> Change $final_spam_destiny in amavisd confguration to: >> >> $final_spam_destiny = D_REJECT; > > > # D_REJECT mail will not be delivered to its recipients, sender should > # preferably get a reject, e.g. SMTP permanent reject response > # (e.g. with milter), or non-delivery notification from MTA > # (e.g. Postfix). If this is not possible (e.g. different recipients > # have different tolerances to bad mail contents and not using LMTP) > # amavisd-new sends a bounce by itself (same as D_BOUNCE). > # Not to be used with Postfix or dual-MTA setups! > > Is that last line just outdated, or intended to be frightening to > potential pre-queuers? Not to be used with postfix after queue content_filter, which is the config amavisd-new docs assume. OK to use (and actually preferred) with postfix before queue smtpd_proxy_filter. -- Noel Jones -- This SF.net email is sponsored by Sprint What will you do first with EVO, the first 4G phone? Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user Please visit http://www.ijs.si/software/amavisd/ regularly For administrativa requests please send email to rainer at openantivirus dot org
Re: [AMaViS-user] AMaViS as before-queue content filter to Postfix?
On 6/29/2010 2:05 AM, Kiss Gabor (Bitman) wrote: >> I would like to reconfigure my setup to use AMaViS as a before-queue >> content filter -- rejecting messages scoring above 25 (or maybe 30), >> accepting (and quarantining) messages scoring between 5 and 25 (or >> 30), and delivering mail scoring below 5. > > I guess before queue filtering and quarantine are mutually exclusive. > Is this true? You can have both before-queue filtering and quarantine. You can even reject detected spam and viruses and keep a copy in the quarantine. This is possible because the reject doesn't happen until end-of-data; the client has already transmitted the entire message. -- Noel Jones -- This SF.net email is sponsored by Sprint What will you do first with EVO, the first 4G phone? Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user Please visit http://www.ijs.si/software/amavisd/ regularly For administrativa requests please send email to rainer at openantivirus dot org
Re: [AMaViS-user] enabling archiving of email messages for tuning spam scores
On 6/17/2010 6:56 AM, Sharma, Ashish wrote:
> Hi,
>
> I want to enable plain(no gzip) archiving of all the email messages that are
> received on my postfix with amavis(spamassassin , clamAV) setup.
>
> This is to generate a sample email data that I can use to tune my spam
> assassin.
>
> I am thinking of following changes in my amavisd.conf file:
>
> $QUARANTINEDIR = "/var/virusmails";
>
> $sa_tag_level_deflt = -999; # add spam info headers if at, or above that
> level
> $sa_tag2_level_deflt = -999; # add 'spam detected' headers at that level
> $sa_kill_level_deflt = -999; # triggers spam evasive actions (e.g. blocks
> mail)
> $sa_dsn_cutoff_level = 10; # spam level beyond which a DSN is not sent
> $sa_crediblefrom_dsn_cutoff_level = 18; # likewise, but for a likely valid
> From
> # $sa_quarantine_cutoff_level = 25; # spam level beyond which quarantine is
> off
> $penpals_bonus_score = 8;# (no effect without a @storage_sql_dsn database)
> $penpals_threshold_high = $sa_kill_level_deflt; # don't waste time on hi spam
> $bounce_killer_score = 100; # spam score points to add for joe-jobbed bounces
>
> # $final_banned_destiny = D_BOUNCE;
> # $final_bad_header_destiny = D_PASS;
> # $bad_header_quarantine_method = undef;
> # $virus_quarantine_method = undef;
> # $spam_quarantine_method = undef;
> # $banned_files_quarantine_method = undef;
>
> $final_virus_destiny = D_PASS;
> $final_spam_destiny = D_PASS;
>
> Please verify is this the correct way of doing things for what I intend to do?
>
> Correct me if I am doing things the wrong way.
>
> Thanks in advance
> Ashish Sharma
Look for the $clean_quarantine_method settings in
amavisd.conf-sample. To store clean mail in the
$QUARANTINEDIR/clean directory, use something like:
$clean_quarantine_method = 'local:clean/%m';
("clean" directory must exist; amavisd won't create the directory)
-- Noel Jones
--
ThinkGeek and WIRED's GeekDad team up for the Ultimate
GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the
lucky parental unit. See the prize list and enter to win:
http://p.sf.net/sfu/thinkgeek-promo
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
Please visit http://www.ijs.si/software/amavisd/ regularly
For administrativa requests please send email to rainer at openantivirus dot
org
Re: [AMaViS-user] $TEMPBASE directory Cleanup
On 6/16/2010 12:14 PM, Clayton Keller wrote: > I am using a tmpfs using RAM for $TEMPBASE. > > I would like to cleanup this mount from time to time. I have > files/directories on occasion sit stale and take up space. > > Will there be an issue if I remove a file/directory from $TEMPBASE > without stopping amavisd prior to doing so? > > As a safety measure I will not remove anything that isn't older than the > current maximum queue life of a message + a small buffer as added on as > well. Typically anything more than ~24 hours old can be safely removed from the amavisd-new $TEMPBASE. If you're getting lots of stuff left over in $TEMPBASE, you should investigate why. Search the log files for 'PRESERVING EVIDENCE' to find errors that cause amavisd-new to leave the tmp files for analysis. -- Noel Jones -- ThinkGeek and WIRED's GeekDad team up for the Ultimate GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the lucky parental unit. See the prize list and enter to win: http://p.sf.net/sfu/thinkgeek-promo ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user Please visit http://www.ijs.si/software/amavisd/ regularly For administrativa requests please send email to rainer at openantivirus dot org
Re: [AMaViS-user] amavisd-new : delivery notifications
On 5/25/2010 8:29 AM, Mark Martinec wrote: > Vianney, > >> I can't figure out how to tell amavis / spamassasin to not handle >> delivery notification as SPAM thoses notifications are always treated >> as spam with : >> "Yes, score=x+100 tag=2 tag2=6.2 kill=6.9 tests=[AM:BOOST=100]" > >> Noel Jones writes: >>> So it looks as if you've enabled the penpals and bounce killer >>> features; > >> $penpals_bonus_score = undef; >> $bounce_killer_score = 0; >> did the trick. there were enabled (default setting). >> Going to have a look at the documentation to see the effects. > > The score value 100 is typical for a $bounce_killer_score, so it looks > like it was the bounce killer feature which concluded that the > received bounce could not be in response to a previous outbound > message, so was probably a response to a faked sender address > sent by a third party, and should be ditched. > > I suggest to examine the (quarantined?) bounce message and see > if it was a genuine response to some message from your site. > If it was not, then the bounce killer did the right thing. > If it was genuine, the original message was not found in > SQL table msgs (Pen pals) for some reason. Perhaps you trimmed > the table to less than five days recently. > > Examining the attached message header section in a bounce > and comparing it to your log of outbound message at the > indicated date/time may reveal why it could not be associated > with a previous outbound message. > > Mark The OP previously stated this is an inbound-only server; outgoing mail uses a different path. That's why I suggested disabling those features. -- Noel Jones -- ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user Please visit http://www.ijs.si/software/amavisd/ regularly For administrativa requests please send email to rainer at openantivirus dot org
Re: [AMaViS-user] amavisd-new : delivery notifications
On 5/21/2010 10:21 AM, Vianney Foucault wrote: > It might be a good information that the orignial email requesting > notification did not passed trough the amavis gateway, which handles only the > incomming emails. > Can it be something like missing mail id ? > > fedora 11 / amavisd-new-2.6.2-3.fc11.noarch > > tia. Please don't top post. From the amavisd-new release notes: - insert "AM:BOOST=boost_scores_list" into a list of triggered spam tests to make visible the internally generated per-recipient spam score boosts (like from: pen pals, soft white/black-listing, bounce killer) in the log and in the X-Spam-Status header field. The 'tests' list in X-Spam-Status or in the log (macro %T) can now look like: tests=[AM:BOOST=+1.3+0.51-1.1, BAYES_99=3.6, ...] So it looks as if you've enabled the penpals and bounce killer features; I don't believe these features are enabled by default. If this is an incoming-only server you should make sure those features are turned off. I think this will do it: $penpals_bonus_score = undef; $bounce_killer_score = 0; -- Noel Jones -- ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user Please visit http://www.ijs.si/software/amavisd/ regularly For administrativa requests please send email to rainer at openantivirus dot org
Re: [AMaViS-user] amavisd-new : delivery notifications
On 5/21/2010 9:51 AM, Vianney Foucault wrote: > Hello, > > I can't figure out how to tell amavis / spamassasin to not handle delivery > notification as SPAM > thoses notifications are always treated as spam with : > "Yes, score=x+100 tag=2 tag2=6.2 kill=6.9 tests=[AM:BOOST=100] > autolearn=unavailable" > Does anyone can help ? > > regards. > Vianney. > === > X-Envelope-From:<> > X-Envelope-To:<-...@---.fr> > X-Envelope-To-Blocked:<-...@---.fr> > X-Quarantine-ID: > X-Spam-Flag: YES > X-Spam-Score: 100 > X-Spam-Level: > X-Spam-Status: Yes, score=x+100 tag=2 tag2=6.2 kill=6.9 tests=[AM:BOOST=100] > autolearn=unavailable > = Looks as if you've added the null sender "<>" to the amavisd-new soft whitelist/blacklist with a score of 100. This is not a default setting. Look in your amavisd.conf under @score_sender_maps -- Noel Jones -- ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user Please visit http://www.ijs.si/software/amavisd/ regularly For administrativa requests please send email to rainer at openantivirus dot org
Re: [AMaViS-user] Amavis sometimes looses e-mails
1 (0%)100, prepare-dsn: 1 (0%)100, main_log_entry: 8 > (0%)100, update_snmp: 3 (0%)100, SMTP pre-response: 1 (0%)100, SMTP response: > 2 (0%)100, unlink-12-files: 2 (0%)100, rundown: 1 (0%)100 > May 4 18:28:27 amavis[54714]: (54714-08-2) loaded policy bank "INTERNET" > > Every failed delivery has got a log entry "Negative SMTP resp. > to DATA: 250 2.1.5 Ok" I tried to google what it means, but > could not find anything useful. That looks as if the SMTP conversation has gotten out of sync. While that /shouldn't/ lead to data loss, I guess it's possible. Maybe disabling connection caching in both amavisd-new and postfix will help? I would suggest upgrading your amavisd-new and your postfix to the latest versions, and then examine the configuration carefully to make sure it isn't borked somewhere. -- Noel Jones -- ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] amavis causing mail to queue on server ???
On 5/5/2010 10:00 PM, John Robinson wrote: > Hello all, > > As this is my first post to this list, please bear with me if my > description or supplied info is not all that is required. > > I have 2 mail gateways running on Debian Lenny. I have installed and > configured the following according to this guide : > http://www200.pair.com/mecham/spam/spamfilter20090215.html#notes > > Debian - 5.0.4 (kernel 2.6.26-2-amd64) > Postfix - 2.5.5-1.1 > amavis - 2.6.4 > clamav - 0.95.3+dfsg-1 > spamassassin - 3.2.5-2+Lenny2 > postgrey - 1.31-3.2 > > My problem is that about once a week the servers (at different times and > not consistently) will start queuing mail > and will not route it out. They still accept inbound smtp connections to > port 25 but will not pass them on to amavis ?!? > > In the log files I find entries such as the one below : > > May 5 06:46:27 mailgateway00 postfix/smtp[1525]: DC2C114C68B: > to=, relay=127.0.0.1[127.0.0.1]:10024, delay=300, > delays=0.13/0.01/300/0, dsn=4.4.2, status=deferred (conversation with > 127.0.0.1[127.0.0.1] timed out while receiving the initial server > greeting) > > executing "mailq" on the server reveals a similar message in the mail > queue > > (delivery temporarily suspended: conversation with 127.0.0.1[127.0.0.1] > timed out while receiving the initial server greeting) > u...@domain.com > > The only way I have been able to fix the problem so far is to restart the > whole server. Mail will then route until the next time this happens. Just to clarify, I'm assuming you're referring to amavisd-new and not some other variant of amavis, because all the others are dead projects and should be avoided. (continue, assuming all references are for amavisd-new) General debug strategy: - do you have plenty of RAM? Spamassassin and clam can really chew up some megs. - any errors in the log from about the time mail stops? Look before the "deferred" messages start showing up. - what's the last thing amavis logs? - can you telnet to the amavis port? - does the amavisd-nanny program tell you anything interesting? (run it a few times when things are normal so you know what it should look like). - does restarting amavisd get mail flowing within a few minutes? May require a "postfix flush" or waiting several minutes for postfix to realize that the destination is no longer dead. Note: frequent "postfix flush" with a full queue is very bad for performance, so use sparingly. I find it useful to run one "extra" amavis server process so that there will always be one free for testing. If amavisd appears unresponsive, increasing the amavisd log level may help you pinpoint where the trouble is. HTH. -- Noel Jones -- ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] virus_check_*_ttl
On 5/5/2010 1:32 PM, Ralf Hildebrandt wrote: > * Noel Jones: > >> Seconds. > > I guessed that, but I thought it would be better to ask :) > >> from amavisd.conf-sample: >> # expiration time of cached results: time to live in seconds >> # (how long the result of a virus/spam test remains valid) >> $virus_check_negative_ttl= 3*60; # time to remember that mail was not >> infected >> $virus_check_positive_ttl= 30*60; # time to remember that mail was infected > > I know. Note the lack of time units. I was going by the "time to live in seconds" part. > >> I suppose you could set it to zero and test. >> >> Nuclear option would be to disable caching >> $enable_global_cache = 0; > > WHat does this affect? virus scanning, spam scanning, and ...? > AFAIK only spam/virus scanning results. -- Noel Jones -- ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] virus_check_*_ttl
On 5/5/2010 12:56 PM, Ralf Hildebrandt wrote: > # $virus_check_negative_ttl= 3*60; # time to cache contents as not infected > # $virus_check_positive_ttl= 30*60; # time to cache contents as infected > > Are these seconds or minutes? Seconds. from amavisd.conf-sample: # expiration time of cached results: time to live in seconds # (how long the result of a virus/spam test remains valid) $virus_check_negative_ttl= 3*60; # time to remember that mail was not infected $virus_check_positive_ttl= 30*60; # time to remember that mail was infected > > How can I disable caching entirely (EVERY mail should go trough the > virus scanner, no matter how well known it is)? > I suppose you could set it to zero and test. Nuclear option would be to disable caching $enable_global_cache = 0; -- Noel Jones -- ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] amavisd-new-2.7.0-pre4 prerelease available
On 5/4/2010 5:30 PM, Jo Rhett wrote: > On Apr 25, 2010, at 5:32 PM, Noel Jones wrote: >> I kind of like ignoring deprecated options with the new >> behavior noted in RELEASE_NOTES. That way existing >> installations don't break after upgrade. >> >> Too many people update their whole system with yum or such >> without ever looking at what gets upgraded or what may need >> changing. > > > Your second paragraph makes an argument against the first. People who need > to update their config files should be broken on purpose. > The software we're discussing and the OS's it runs on, for better or worse, is reliable enough and simple enough to configure that part-time non-technical absentee administrators are now a fact of life. Intentionally screwing them might be fun, but it doesn't advance the software any. Keep in mind we're trying to get more people to join the club. Beating them and throwing them out in the street when they mispronounce the secret word is bad for business. -- Noel Jones -- ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Amavis sometimes looses e-mails
On 5/4/2010 1:57 AM, d h wrote: > > >> Check your config. Properly configured amavisd-new will not >> lose mail. > > > The problem is, I don't know what to look for! I never worked with > Postfix/Amavis until now. I have taken over someone else's job, he is not > working here anymore. But he did tell me that he has been using this > configuration for about a year, without any problem. Maybe Postfix/Amavis > isn't the best solution for me, because the lack of my knowledge, but I have > to do something because the company is missing important e-mails. Compare your config with the suggested config from the documentation links. If there is a problem, that's the only way to fix it. If you want to turn off amavisd-new (hopefully temporarily), comment out any content_filter statements in the postfix main.cf. You haven't yet shown us any evidence that anything is broken. > >> Postfix logs all deliveries. Check your postfix logs to see >> where mail ends up. Are you sure amavisd-new is really >> feeding back to postfix? > > > > The mail ends in postfix, these are the last entries I can find: > > > > May 3 12:08:43 postfix/lmtp[17299]: 4F2284AEBB: to=, > relay=127.0.0.1[127.0.0.1]:10024, conn_use=2, delay=2324, > delays=14/2164/0/146, dsn=2.1.0, status=sent (250 2.1.0 Ok, id=19799-01-2, > from MTA([127.0.0.1]:10025): 250 2.1.0 Ok) > > May 3 12:08:43 postfix/qmgr[11636]: 4F2284AEBB: removed This shows postfix passing the mail to amavisd-new after a ~35 minute wait in the queue. Other than the long delay before the mail gets to amavisd-new, this looks fairly normal. Track down the amavisd-new ID 19799-01-2 to see what it did with the message. > > It should look like this: > > May 3 10:02:25 postfix/smtp[17938]: B0E6A4AEC6: to=, > relay=ExchangeServer[10.10.10.10]:25, delay=0.3, delays=0.04/0.02/0/0.23, > dsn=2.6.0, status=sent (250 > 2.6.0<6e052cce3fa0fe4bbba020ff0fbc26eb8eb...@black.ad.amstelveen.nl> Queued > mail for delivery) > May 3 10:02:25 postfix/qmgr[11636]: B0E6A4AEC6: removed This is postfix delivering mail to your Exchange server, presumably after amavisd-new has processed it. You can't directly compare one with the other; they do different things. -- Noel Jones -- ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Amavis sometimes looses e-mails
On 5/3/2010 8:22 AM, d h wrote: > > Hi , > > I am having a very strange problem that I can’t figure out. The last couple > of weeks, several users are starting to complain that they are missing > e-mails. If I review one mail address, I can see that mail is being send from > the same sender(outside), to the same recipient(inside). But on e-mail one, > the mail arrives, e-mail two does not arrive and e-mail three arrives again. > If the mail does not arrive, several things are happening > > 1: Postfix sends the e-mail to Amavis > 2: Amavis checks the message, but does not(!) give the mail a queue name. > 3: Amavis sends it back to postfix, but postfix does not know what to do with > it. (it should relay it to Exchange) > Check your config. Properly configured amavisd-new will not lose mail. Postfix logs all deliveries. Check your postfix logs to see where mail ends up. Are you sure amavisd-new is really feeding back to postfix? http://www.ijs.si/software/amavisd/README.postfix.html http://www.ijs.si/software/amavisd/amavisd-new-docs.html http://www.ijs.si/software/amavisd/#doc > Here are some log files.. > > May 3 11:30:13 postfix/qmgr[11636]: 4F2284AEBB: from=< > OutsideMailAddress>, size=3206634, nrcpt=1 (queue active) > > May 3 12:08:43 amavis[19799]: (19799-01-2) FWD via SMTP:< > OutsideMailAddress> -> , 250 2.1.0 Ok, id=19799-01-2, > from MTA([127.0.0.1]:10025): 250 2.1.0 Ok This doesn't look like a postfix response. Where's the matching postfix entries? > > May 3 12:08:43 amavis[19799]: (19799-01-2) Passed CLEAN, INTERNET > [193.172.235.144] [193.172.235.144]< OutsideMailAddress> -> > , > Message-ID:<6e052cce3fa0fe4bbba020ff0fbc26eb8eb...@black.ad.amstelveen.nl>, > mail_id: IOWpcYMDVYkt, Hits: -, size: 3206634, queued_as: 250 2.1.0 Ok, > 146190 ms > > May 3 12:08:43 amavis[19799]: (19799-01-2) TIMING [total 146200 ms] - SMTP > pre-DATA-flush: 4 (0%)0, SMTP DATA: 940 (1%)1, check_init: 1 (0%)1, > digest_hdr: 2 (0%)1, digest_body_dkim: 51 (0%)1, gen_mail_id: 5 (0%)1, > mime_decode: 294 (0%)1, get-file-type4: 49 (0%)1, decompose_part: 5 (0%)1, > parts_decode: 0 (0%)1, check_header: 4 (0%)1, AV-scan-1: 144786 (99%)100, > spam-wb-list: 6 (0%)100, update_cache: 6 (0%)100, decide_mail_destiny: 2 > (0%)100, fwd-connect: 12 (0%)100, fwd-mail-from: 1 (0%)100, fwd-rcpt-to: 5 > (0%)100, fwd-data-cmd: 6 (0%)100, fwd-end-chkpnt: 1 (0%)100, prepare-dsn: 1 > (0%)100, main_log_entry: 11 (0%)100, update_snmp: 3 (0%)100, SMTP > pre-response: 2 (0%)100, SMTP response: 0 (0%)100, unlink-4-files: 1 (0%)100, > rundown: 3 (0%)100 > > May 3 12:08:43 postfix/lmtp[17299]: 4F2284AEBB: to=, > relay=127.0.0.1[127.0.0.1]:10024, conn_use=2, delay=2324, > delays=14/2164/0/146, dsn=2.1.0, status=sent (250 2.1.0 Ok, id=19799-01-2, > from MTA([127.0.0.1]:10025): 250 2.1.0 Ok) Most folks use smtp rather than lmtp these days. Although this shouldn't cause any problems, you might consider switching to smtp. -- Noel Jones -- ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Asking again : about amavis anti virus scanning
On 4/29/2010 9:00 AM, Sharma, Ashish wrote: > Hi, > > Asking the following question again, as I didn't got any reply yet. > > I have an amavisd(clamav and spamassassin) setup with postfix(referred > deployment notes from: http://wiki.centos.org/HowTos/Amavisd) > > Now whenever I send an eicar string in mail body (via my gmail account) the > mail is quarantined and infection is caught, > > but if the eicar signature is put in a txt file or any other file and mail is > sent , then nothing happens and I could see the attachment as it is in the > mailbox, shouldn't it too be caught as infection and put in quarantine. > > Is there something that I am missing? > > Thanks in advance > > Ashish Sharma > The rules for when the eicar string should be detected are pretty well defined. You can read up on this yourself at http://eicar.org/anti_virus_test_file.htm I expect your test doesn't trigger because the file presented doesn't meet the established standard. -- Noel Jones -- ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] amavisd-new-2.7.0-pre4 prerelease available
On 4/25/2010 6:50 PM, Mark Martinec wrote: > Stefan, > >>> The variable is still declared for compatibility with old config files, >>> but its value is ignored >> >> To be honest, I'm not very happy with the way you handled some of the >> "retired" settings, like e.g. $sa_timeout or $notify_xmailer_header: >> Declaring and completely ignoring those is not the "nice" way to go >> about this, IMHO. It'd like it much more if the amavisd process would >> abort with a warning on startup if these are set, like with >> $warnvirussender, for example. > > I can remove the declaration and let perl abort on seeing such variable > in a config file, or add a warning if a value of such phased-out variable > is different from its old default value. The first choice is easiest > to implement and probably most effective. I'm open to persuasion if > this is a common feeling. > >Mark > I kind of like ignoring deprecated options with the new behavior noted in RELEASE_NOTES. That way existing installations don't break after upgrade. Too many people update their whole system with yum or such without ever looking at what gets upgraded or what may need changing. -- Noel Jones -- ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] feature request: don't virus scan decoded parts when full message is scanned
On 4/25/2010 6:54 PM, Mark Martinec wrote: > Noel, > >> With clamav (and likely other virus scanners), it's necessary >> for the scanner to see the whole message for some signatures >> to match. Normally one would just set $bypass_decode_parts = >> 1 for this. >> >> But banned attachment blocking, bounce killer, and maybe other >> features require decoding, so that means setting >> $bypass_decode_parts = 0; and adding '^MAIL$' to >> @keep_decoded_original_maps. >> >> This results in the virus scanner processing the message >> twice; once for the full mail, and then again each of the >> decoded parts. >> >> It would be nice if there were a switch, "bypass_parts_scan" >> or such, that turns off virus scanning of the decoded parts. > > I agree that such option would be nice to have, despite > the possibility of using a trick as pointed out by Michael. > > Right now I don't see a quick way of implementing it, > so it will probably not come with 2.7.0, but the suggestion > has been noted, thanks! > >Mark > I would be very satisfied with a note in the config file or in RELEASE_NOTES documenting the /../email.txt workaround as an interim solution. I tried looking in those places and the list archives before posting, but apparently my google-foo is weak. Maybe making it easier to find will help out the next guy. Thanks. -- Noel Jones -- ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] feature request: don't virus scan decoded parts when full message is scanned
On 4/24/2010 1:29 PM, Stefan Foerster wrote:
> * Michael Scheidell:
>> On 4/22/10 5:03 PM, Noel Jones wrote:
>>> With clamav (and likely other virus scanners), it's necessary
>>> for the scanner to see the whole message for some signatures
>>> to match. Normally one would just set $bypass_decode_parts =
>>> 1 for this.
>>>
>> actually, there is a way to do this.
>>
>> I use this, don't remember what else I did, but all the 'sanesecurity'
>> tests pass. and banned attachment blocking, bouncekiller, all work.
>>
>>
>> $bypass_decode_parts = 0;
>> and change av scanners to this: (gets the whole email)
>> @av_scanners = (
>> ['ClamAV-clamd',
>> \&ask_daemon, ["CONTSCAN {}/../email.txt\n", "/var/run/clamav/clamd"],
>> qr/\bOK$/, qr/\bFOUND$/,
>> qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
>> );
>
> So, "{}" expands to the temporary directory, not a specific file?
In this context, "{}" expands the directory where all the
decoded parts from a message are placed. As you can see in
your own amavisd.conf, the default is "CONTSCAN {}\n" which
basically tells clam to "scan everything here". Michael's
trick is to point clam specifically at the original email only.
This should work (and in fact does work) just fine, but is not
an "obvious" solution. So I still think a config option or a
note in amavisd.config file is appropriate.
-- Noel Jones
--
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] feature request: don't virus scan decoded parts when full message is scanned
On 4/22/2010 4:10 PM, Michael Scheidell wrote:
> On 4/22/10 5:03 PM, Noel Jones wrote:
>> With clamav (and likely other virus scanners), it's necessary
>> for the scanner to see the whole message for some signatures
>> to match. Normally one would just set $bypass_decode_parts =
>> 1 for this.
>>
> actually, there is a way to do this.
>
> I use this, don't remember what else I did, but all the 'sanesecurity'
> tests pass. and banned attachment blocking, bouncekiller, all work.
>
>
> $bypass_decode_parts = 0;
> and change av scanners to this: (gets the whole email)
> @av_scanners = (
> ['ClamAV-clamd',
> \&ask_daemon, ["CONTSCAN {}/../email.txt\n", "/var/run/clamav/clamd"],
> qr/\bOK$/, qr/\bFOUND$/,
> qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
> );
>
Thanks, cool trick. I didn't think of doing it that way.
I still wonder if config switch might be useful, or maybe this
could be documented somewhere for the next guy.
-- Noel Jones
--
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] feature request: don't virus scan decoded parts when full message is scanned
With clamav (and likely other virus scanners), it's necessary for the scanner to see the whole message for some signatures to match. Normally one would just set $bypass_decode_parts = 1 for this. But banned attachment blocking, bounce killer, and maybe other features require decoding, so that means setting $bypass_decode_parts = 0; and adding '^MAIL$' to @keep_decoded_original_maps. This results in the virus scanner processing the message twice; once for the full mail, and then again each of the decoded parts. It would be nice if there were a switch, "bypass_parts_scan" or such, that turns off virus scanning of the decoded parts. Is this possible and does this sound generally useful? -- Noel Jones -- ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] emf in docx
On 4/21/2010 4:32 AM, Vytautas Kasparavicius wrote: > Hello, > How to configure amavisd-new to accept emf files in docx? > Now mail is banned with following error: > > X-Amavis-Alert: BANNED, message contains BLOCK MORE NAME > EXTENSIONS:.dat,word/media/image1.emf > > Thanks. These are not blocked by default, you changed something in either the $banned_filename_re or $banned_namepath_re to cause these to be blocked. Your logs should contain more details about why something was blocked. Check the logs and then edit your amavisd.conf. -- ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] FYI, bad headers (according to amavisd-new), was Re: IP4 Space
On 3/31/2010 11:17 AM, Dale Carstensen wrote: > Lamar, > > [ I'm cc'ing amavis-user in case somebody sees the light and decides to > end the pickiness. Or let me know if it has already been done. My > amavisd version is 2.4.5, it appears, vintage 1/30/2007. Or let me know > what conf options will selectively end its pickiness about the messages > I get repeatedly. I appreciate if it can find a real mess about > attachments, etc., but quarantining two From: lines or three References: > lines just seems overboard to me. I'd test 2.6.4 on single messages, but > it's not clear to me how to do that. Note that a google search: > > "bad header" site:marc.theaimsgroup.com/?l=amavis-user > > gets exactly 1 hit, which is about IP Filter and SSH, not even about > amavis. The howto (http://www.amavis.org/howto/) link gets 403 forbidden. > The FAQ (http://www.amavis.org/amavis-faq.php3) link yields a page of > HTML, hard to read but fairly short. All found by a google seach for amavis.org is not associated with amavisd-new. amavisd-new is well documented on its home site: http://www.ijs.si/software/amavisd/ Default amavisd-new settings as shipped does not block nor quarantine mail due to bad headers. If you don't want to block mail with bad headers, see the comments in your amavisd.conf file. Probably the easiest way to turn off header checking is by setting @bypass_header_checks_maps = (1); # don't check headers Other interesting settings include $final_bad_header_destiny = D_PASS; # deliver anyway $bad_header_quarantine_to = undef; # don't quarantine If your system packager turned on bad header blocking without asking you, complain to them. -- Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] bad header and foreign charcter sets
On 3/15/2010 7:14 AM, Voytek Eymont wrote: > I see some email tagged as 'bad heade'r where the user has say Polish > ogonki charcters or Thai characters > > both of these are valid emails, what's the best way to avoid such > charcters triggering bad header ? (or should I simply not test for bad > headers?) If you frequently receive legit mail with bad headers, turn off header checking. -- Noel Jones > > > X-Amavis-Alert: BAD HEADER SECTION Non-encoded 8-bit data (char A6 hex): Cc: > "Andrzej \246liwi\361ski" > X-Amavis-Alert: BAD HEADER SECTION Non-encoded 8-bit data (char A1 hex): > Subject: > \241\322\303\307\ > > -- Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Bypassing eXE files
On 3/13/2010 2:26 AM, Luis Daniel Lucio Quiroz wrote: > What param do I have to set > > to avoid when user change its extension of exe files? > > I wonder to block if possible better by file recogition rather than a > extension > > LD look in your amavisd.conf for the $banned_filename_re section. Under that, there should be a line something like qr'^\.(exe-ms|dll)$', # banned file(1) types, rudimentary The line may be commented out with a "#" at the beginning; remove the "#" to activate that rule. -- Noel Jones -- Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Banned attachments with brackets in the name
On 3/9/2010 9:26 AM, Johan Barelds wrote:
>
> Hi All,
>
> It seems that attachments with brackets in the name are beeing blocked by
> amavis.
> Is this a know feature? It there a workaround perhaps?
> I have a client who can't change the names of the attached files and who is
> quit unhappy atm..
>
> Thanks for any help!
>
> Gr. Johan Barelds
Settings for what are blocked are your amavisd.conf file.
Search for $banned_filename_re or $banned_namepath_re
(probably only one of these is used). Edit these settings as
you see fit, see the RELEASE_NOTES and the amavisd.conf-sample
for instructions and hints.
Brackets "[ ]" are not blocked.
Maybe the file has a Microsoft Class ID extension -- something
like "{755410F0-3C4C-485D-8A90-B248BE8C39CA}" -- such files
can be used to force a particular program to open an
attachment and it's dangerous to give an outsider such control
over your system. However, the braces themselves are not
blocked, only when they appear in a string that looks like a
CLSID. If you need to allow these unsafe files, change your
$banned_filename_re or $banned_namepath_re.
-- Noel Jones
--
Download Intel® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] BAD HEADER SECTION Improper folded header
On 2/26/2010 1:03 AM, Eric Magutu wrote: > Date: Tue, 02 Feb 2010 10:05:15 -0600 > From: Noel Jones > Subject: Re: [AMaViS-user] BAD HEADER SECTION Improper folded header > field made up entirely of whitespace: Thread-Index: \n \n \n > To: amavis-user@lists.sourceforge.net > Message-ID:<4b684d3b.9030...@megan.vbhcs.org> > Content-Type: text/plain; charset=ISO-8859-1; format=flowed > > On 2/2/2010 7:45 AM, Eric Magutu wrote: >> Dear all, >> I have mail destined to one of our clients being blocked because of >> the above error. Does anyone know how to fix the problem? What can be >> causing the Exchange server to insert the blank lines? Is there a >> workaround I can do on my end or must it be solved by the sender ? >> >> >> Return-Path:<> >> Delivered-To: bad-header-quarantine > > I'm pretty sure quarantine and blocking of bad headers is > turned off by default, so you must have turned it on at some > point. > > To turn off blocking of bad header mail, edit your > amavisd.conf file and look for > $final_bad_header_destiny > Change it to > $final_bad_header_destiny = D_PASS; > > To turn off bad header quarantine, use > $bad_header_quarantine_to = undef; > > To turn off checking headers completely, use > @bypass_header_checks_maps = (1); > > See the comments in amavisd.conf and amavisd.conf-sample, and > the release notes for more information. > >-- Noel Jones > > Hi Noel, > Is it possible to assign a score to mails with bad headers ? > > I'm not aware of any bad_header => spam score feature in amavisd-new. I think SpamAssassin includes some low-scoring header tests already, you could find those and bump up their scores. -- Noel Jones -- Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] bogus HELO name used
On 2/25/2010 2:44 PM, Oscar Mauricio Cruz Lazo wrote: > Hi all > > I runnig a postfix server but now i notice Emails from my server is being > blocked by some ISPs because they claim it has a bogus helo, > I just checked the list and my IP is not listed as a spammer, > > this only happens to certain email addresses, 97% of mail still goes through > fine, just the odd one. > > my dns is working good > > not sure what is causing this ? They don't like your HELO name, that's all we can tell from what you've told us. For a better answer, you need to tell us more. If you care to show details, such as unmodified logs and the IP you're sending from, please follow up on the postfix-users list since this is off-topic for amavis-users. -- Noel Jones -- Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] ot: date issue with sa
On 2/10/2010 3:06 PM, Voytek Eymont wrote: > several of my users had recently quite a few 'inter-office' emails wrongly > diverted to 'spam user' mailbox: > > us...@thisdom us...@thisdom > 'thisdom' is hosted on the server, but, the users are remote to the > server, mail sent via several diferent isps > > I've looked at the spam headers, quite a few had several common issues > amongst them with spam scores 6 to 10 > > the first common tag I looked was: > > FH_DATE_PAST_20XX > > according to sa pages, that is a known false pos with previous version of sa > > http://wiki.apache.org/spamassassin/Rules/FH_DATE_PAST_20XX > > it says to run 'sa-update' > > as far as I can tell, I've updated actual spamassasin (from cpan prompt), > then did sa-update > > but, this morning, user's header still has date tag > --- > X-Spam-Flag: NO > X-Spam-Score: 1.855 > X-Spam-Level: * > X-Spam-Status: No, score=1.855 tagged_above=0.5 required=5.2 > tests=[AWL=-4.148, BAYES_00=-2.599, FH_DATE_PAST_20XX=3.188, > MISSING_SUBJECT=1.762, RCVD_IN_SORBS_WEB=0.619, RCVD_IN_XBL=3.033] > autolearn=no > === > > until I can figure this, what's the best way to exclude all users at > 'thisdom' from spam checking: > add to your spamassassin/local.cf score FH_DATE_PAST_20XX 0 Wild guess is the new SA version installed to a different location, and amavisd is still using the old version of SA. -- Noel Jones -- SOLARIS 10 is the OS for Data Centers - provides features such as DTrace, Predictive Self Healing and Award Winning ZFS. Get Solaris 10 NOW http://p.sf.net/sfu/solaris-dev2dev ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] BAD HEADER SECTION Improper folded header field made up entirely of whitespace: Thread-Index: \n \n \n
On 2/2/2010 7:45 AM, Eric Magutu wrote: > Dear all, > I have mail destined to one of our clients being blocked because of > the above error. Does anyone know how to fix the problem? What can be > causing the Exchange server to insert the blank lines? Is there a > workaround I can do on my end or must it be solved by the sender ? > > > Return-Path:<> > Delivered-To: bad-header-quarantine I'm pretty sure quarantine and blocking of bad headers is turned off by default, so you must have turned it on at some point. To turn off blocking of bad header mail, edit your amavisd.conf file and look for $final_bad_header_destiny Change it to $final_bad_header_destiny = D_PASS; To turn off bad header quarantine, use $bad_header_quarantine_to = undef; To turn off checking headers completely, use @bypass_header_checks_maps = (1); See the comments in amavisd.conf and amavisd.conf-sample, and the release notes for more information. -- Noel Jones -- The Planet: dedicated and managed hosting, cloud storage, colocation Stay online with enterprise data centers and the best network in the business Choose flexible plans and management services without long-term contracts Personal 24x7 support from experience hosting pros just a phone call away. http://p.sf.net/sfu/theplanet-com ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Amavisd-new on Arch Mail Server
On 12/11/2009 6:29 PM, Carlos Williams wrote: > > Does anyone know if Amavisd-new uses significantly less RAM than > 'spamd' service running? I have never ran them individually to see the > difference in resources but it would be interesting. About the same overall. > I am only > 'assuming' Amavisd developers decided to utilize spamd libraries to > allow the system to not require both daemons running, correct? amavisd-new pre-loads necessary perl modules (including SA) to save start-up time. spamd pre-loads the SA perl modules to save start-up time. Amavisd-new doesn't use spamd because there's no need to pre-load modules twice. -- Noel Jones -- Return on Information: Google Enterprise Search pays you back Get the facts. http://p.sf.net/sfu/google-dev2dev ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] virus detachment from virus infected mails
On 10/30/2009 12:21 AM, swathi hk wrote: > Thank u in advance. > > I would like to know whether its possible to remove virus attachments from > virus infected mails and deliver only the body and header of that message.If > yes please tell what changes must be done in amavisd.conf file. Virtually all email viruses these days are sent from zombies. The disinfected email is nothing anyone would want, and not sent from a real person. No, not possible or desirable. -- Noel Jones -- Come build with us! The BlackBerry(R) Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9 - 12, 2009. Register now! http://p.sf.net/sfu/devconference ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] How to skip the chekicng of the password protected zip files
On 10/5/2009 3:47 PM, Jevos, Peter wrote: > > >>> Hi >>> >>> I'd like to ask how to kip the chekicng of the password protected zip >>> files >>> >>> Now it's UNDECIPHERABLE so it is banned ( blocked ) >>> >>> What should I change in the config file? >>> >>> I'm using amavisd 2.2.1 >>> >> >> Under the "$banned_filename_re " section of your amavisd.conf, >> comment out the line that looks something like >> qr'^UNDECIPHERABLE$', # is or contains any undecipherable >> components >> >> > > > Looks like you snipped out the part of the log that shows why > the mail was blocked. > > -- Noel Jones > > So here is the log once again: > > Oct 5 22:33:43 mailgate amavis[4342]: (04342-02) p003 1 Content-Type: > multipart/mixed > Oct 5 22:33:43 mailgate amavis[4342]: (04342-02) p001 1/1 Content-Type: > text/plain, size: 565 B, name: > Oct 5 22:33:43 mailgate amavis[4342]: (04342-02) p002 1/2 Content-Type: > application/force-download, size: 748191 B, name: test.zip > Oct 5 22:33:43 mailgate amavis[4342]: (04342-02) do_unzip: p002, 1 members > are encrypted, none extracted, archive retained > Oct 5 22:33:43 mailgate amavis[4342]: (04342-02) spam_scan: not wasting time > on SA, message longer than 262144 bytes: 1552+1011605 > > ... > Oct 5 22:33:44 mailgate postfix/cleanup[4608]: A3C63A2465: reject: header > Subject: ***UNCHECKED*** [Fwd: test] from localhost[127.0.0.1]; from= > to= proto=ESMTP helo=: 5.7.1 Amavis checked The mail is blocked by a postfix header_checks rule when amavis tries to reinject it. Don't do that. > Oct 5 22:33:45 mailgate amavis[4342]: (04342-02) mail_via_smtp: 550 5.6.0 > Failed, id=04342-02, from MTA: 550 5.7.1 Amavis checked > Oct 5 22:33:45 mailgate amavis[4342]: (04342-02) Blocked CLEAN, [xx] > [xx] -> , > Message-ID:<4705.85.160.37.107.1254774812.squir...@mail.oriflame.biz>, Hits: > -, 1959 ms > Oct 5 22:33:45 mailgate postfix/smtpd[4259]: disconnect from > localhost[127.0.0.1] > > -- Noel Jones -- Come build with us! The BlackBerry® Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9-12, 2009. Register now! http://p.sf.net/sfu/devconf ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] How to skip the chekicng of the password protected zip files
On 10/5/2009 2:46 PM, Jevos, Peter wrote: > > On 10/5/2009 10:23 AM, Jevos, Peter wrote: >> Hi >> >> I'd like to ask how to kip the chekicng of the password protected zip >> files >> >> Now it's UNDECIPHERABLE so it is banned ( blocked ) >> >> What should I change in the config file? >> >> I'm using amavisd 2.2.1 >> > > Under the "$banned_filename_re " section of your amavisd.conf, > comment out the line that looks something like > qr'^UNDECIPHERABLE$', # is or contains any undecipherable > components > > > Dear Noel > > thaks for your answer > I did it before already but it doesn't work > > here is my conf: > > $banned_filename_re = new_RE( > # qr'^UNDECIPHERABLE$', # is or contains any undecipherable components > ># block certain double extensions anywhere in the base name >qr'\.[^./]*\.(exe|vbs|pif|scr|bat|cmd|com|cpl|dll)\.?$'i, > > > And the log is: > > > Oct 5 21:37:16 mailgate amavis[32461]: (32461-03) p003 1 Content-Type: > multipart/mixed > Oct 5 21:37:16 mailgate amavis[32461]: (32461-03) p001 1/1 Content-Type: > text/plain, size: 284 B, name: > Oct 5 21:37:16 mailgate amavis[32461]: (32461-03) p002 1/2 Content-Type: > application/force-download, size: 748191 B, name: test.zip > Oct 5 21:37:16 mailgate amavis[32461]: (32461-03) do_unzip: p002, 1 members > are encrypted, none extracted, archive retained > Oct 5 21:37:17 mailgate amavis[32461]: (32461-03) spam_scan: not wasting > time on SA, message longer than 262144 bytes: 1552+1011324 > ... > > > Oct 5 21:37:17 mailgate amavis[32461]: (32461-03) Blocked CLEAN, [xxx] > [x] -> , Message-ID:<4616.85.160.14.123.1254771424.s>, > Hits: -, 2245 ms > > Looks like you snipped out the part of the log that shows why the mail was blocked. -- Noel Jones -- Come build with us! The BlackBerry® Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9-12, 2009. Register now! http://p.sf.net/sfu/devconf ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Mails not passed to amavisd-new
On 10/5/2009 12:37 PM, Robert Markula wrote: > Hello, > I'm not sure if I should send this to the Postfix or to this mailing > list, as I don't know where the error is. If mail is never passed to amavisd-new, it's a postfix configuration problem. > > I've got the following setup: Postfix (2.5.5), Dovecot (1.1.11), > Amavisd-new (2.6.2) on Ubuntu 9.04 Server. Amavis is set up according to > the official Ubuntu Server guide [1], however, no mails seem to arrive > at Amavis. Check your postfix configuration. Specifically, check if "postconf content_filter" returns what you think you've set. After that, check the mail log to see what postfix does with the mail. Also, the setup guide configures postfix to only filter mail that arrives via SMTP; mail sent via the sendmail command (logged as "pickup" by postfix) is intentionally not filtered. If you need more help, see http://www.postfix.org/DEBUG_README.html#mail -- Noel Jones -- Come build with us! The BlackBerry® Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9-12, 2009. Register now! http://p.sf.net/sfu/devconf ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] How to skip the chekicng of the password protected zip files
On 10/5/2009 10:23 AM, Jevos, Peter wrote: > Hi > > I'd like to ask how to kip the chekicng of the password protected zip > files > > Now it's UNDECIPHERABLE so it is banned ( blocked ) > > What should I change in the config file? > > I'm using amavisd 2.2.1 > Under the "$banned_filename_re " section of your amavisd.conf, comment out the line that looks something like qr'^UNDECIPHERABLE$', # is or contains any undecipherable components -- Noel Jones -- Come build with us! The BlackBerry® Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9-12, 2009. Register now! http://p.sf.net/sfu/devconf ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Amavis refuses connections
On 9/15/2009 11:21 AM, Clayton Keller wrote: > Clayton Keller wrote: >> Noel Jones wrote: >>> On 9/7/2009 1:55 PM, Mark Martinec wrote: >>>> Clayton, >>>> >>>>>>>>> I'm running amavisd-new 2.3.3 and it now refuses connections. It is up >>>>>>>>> and running according to ps but postfix cannot talk to it. The >>>>>>>>> postgres-db it uses is also up and running. Any ideas where to start >>>>>>>>> looking? >>>>>>>> Start with the basics... what's in the log, can you connect to the >>>>>>>> amavisd port with telnet, etc. >>>>>>> It's reachable by telnet. The only things that get logged by amavis is >>>>>>> when it is restarted. Postfix says connection is refused. >>>> Postfix keeps a memory of next-hops which appear to be down, failing >>>> several attempts to connect. This information is cleared after a while, >>>> but until it does clear, postfix can claim in the log the mailer is >>>> unreachable, even though it came up by now. >>>> >>>> This usually happens when amavisd is restarted while Postfix is busily >>>> feeding mail to it. It seems the longer amavisd restart takes and the more >>>> sessions are open, the higher the chances of Postfix treating the amavis >>>> feeds as being down. >>>> >>>> Eventually postfix would notice the service is up again, but to rush >>>> the recovery, a quick and ugly solution is to restart postfix, >>>> so that it forgets the condition. A 'postfix flush' may help too. >>>> >>>> When activity is low and a restart doesn't take long, the above drastic >>>> action is unnecessary. So it is best to avoid restarting amavisd during >>>> busy hours. So far I haven't come across a better solution - the question >>>> perhaps better belongs to the postfix-user mailing list. >>>> >>>> Mark >>>> >>> Running "postfix reload" on a busy postfix system can make >>> things worse. All mail - both deferred and active - must be >>> moved to the incoming queue, then moved back to the active >>> queue for a fresh delivery attempt. This can cause a huge >>> spike in disk activity bringing the system to a near-halt >>> while the files are moved around. Also, any truly >>> undeliverable deferred mail will be retried, adding to the >>> load. This isn't much of an issue on a lightly loaded system, >>> but becomes more of a problem the more mail waiting in the queue. >>> >>> Suggested settings for tuning high-volume destinations for >>> fault tolerance can be found under >>> http://www.postfix.org/QSHAPE_README.html#backlog >>> >>> Assuming postfix 2.5 or newer, and the amavisd-new master.cf >>> transport is named "amavisd", setting should look something like: >>> # main.cf >>> amavisd_destination_concurrency_failed_cohort_limit = 100 >>> amavisd_destination_concurrency_limit = 20 >>> Note: the values suggested above are rather arbitrary, some >>> sites may need to adjust them. See postfix docs for details. >>> >>> With postfix 2.4 and earlier, you can use: >>> # main.cf >>> amavisd_initial_destination_concurrency = 2000 >>> amvaisd_destination_concurrency_limit = 2000 >>> Note: the "2000" is a rather arbitrary number, large sites may >>> need a higher value. See postfix docs for details. >>> >>> -- Noel Jones >>> >> >> Mark/Noel >> >> Thank you both for the added information. >> >> I had not seen the xxx_destination_concurrency_failed_cohort_limit and >> xxx_destination_concurrency_limit related configuration options in the >> documentation. This may be the avenue I need to approach this from. I >> will see what I can find and continue my own troubleshooting on my issue. >> > > Noel, > > I'm not seeing those options in the 2.3.x versions. Could I be > overlooking them. > Yes, this will work on postfix 2.3 using the "2.4 and earlier" settings mentioned above. The settings won't show up in "postconf" output. See postfix docs or there are several threads about this in the postfix-users archive. -- Noel Jones -- Come build with us! The BlackBerry® Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9-12, 2009. Register now! http://p.sf.net/sfu/devconf ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Amavis refuses connections
On 9/7/2009 1:55 PM, Mark Martinec wrote: > Clayton, > >>>>>> I'm running amavisd-new 2.3.3 and it now refuses connections. It is up >>>>>> and running according to ps but postfix cannot talk to it. The >>>>>> postgres-db it uses is also up and running. Any ideas where to start >>>>>> looking? >>>>> >>>>> Start with the basics... what's in the log, can you connect to the >>>>> amavisd port with telnet, etc. >>>> >>>> It's reachable by telnet. The only things that get logged by amavis is >>>> when it is restarted. Postfix says connection is refused. > > Postfix keeps a memory of next-hops which appear to be down, failing > several attempts to connect. This information is cleared after a while, > but until it does clear, postfix can claim in the log the mailer is > unreachable, even though it came up by now. > > This usually happens when amavisd is restarted while Postfix is busily > feeding mail to it. It seems the longer amavisd restart takes and the more > sessions are open, the higher the chances of Postfix treating the amavis > feeds as being down. > > Eventually postfix would notice the service is up again, but to rush > the recovery, a quick and ugly solution is to restart postfix, > so that it forgets the condition. A 'postfix flush' may help too. > > When activity is low and a restart doesn't take long, the above drastic > action is unnecessary. So it is best to avoid restarting amavisd during > busy hours. So far I haven't come across a better solution - the question > perhaps better belongs to the postfix-user mailing list. > >Mark > Running "postfix reload" on a busy postfix system can make things worse. All mail - both deferred and active - must be moved to the incoming queue, then moved back to the active queue for a fresh delivery attempt. This can cause a huge spike in disk activity bringing the system to a near-halt while the files are moved around. Also, any truly undeliverable deferred mail will be retried, adding to the load. This isn't much of an issue on a lightly loaded system, but becomes more of a problem the more mail waiting in the queue. Suggested settings for tuning high-volume destinations for fault tolerance can be found under http://www.postfix.org/QSHAPE_README.html#backlog Assuming postfix 2.5 or newer, and the amavisd-new master.cf transport is named "amavisd", setting should look something like: # main.cf amavisd_destination_concurrency_failed_cohort_limit = 100 amavisd_destination_concurrency_limit = 20 Note: the values suggested above are rather arbitrary, some sites may need to adjust them. See postfix docs for details. With postfix 2.4 and earlier, you can use: # main.cf amavisd_initial_destination_concurrency = 2000 amvaisd_destination_concurrency_limit = 2000 Note: the "2000" is a rather arbitrary number, large sites may need a higher value. See postfix docs for details. -- Noel Jones -- Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Amavis refuses connections
On 9/4/2009 3:15 PM, Hanne Moa wrote: > On Fri, Sep 4, 2009 at 22:12, Noel Jones wrote: >> On 9/4/2009 2:29 PM, Hanne Moa wrote: >>> >>> I'm running amavisd-new 2.3.3 and it now refuses connections. It is up >>> and running according to ps but postfix cannot talk to it. The >>> postgres-db it uses is also up and running. Any ideas where to start >>> looking? >> >> Start with the basics... what's in the log, can you connect to the amavisd >> port with telnet, etc. > > It's reachable by telnet. The only things that get logged by amavis is > when it is restarted. Postfix says connection is refused. > > > HM Then it sounds as if postfix is trying the wrong IP:port. -- Noel Jones -- Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Amavis refuses connections
On 9/4/2009 2:29 PM, Hanne Moa wrote: > I'm running amavisd-new 2.3.3 and it now refuses connections. It is up > and running according to ps but postfix cannot talk to it. The > postgres-db it uses is also up and running. Any ideas where to start > looking? Start with the basics... what's in the log, can you connect to the amavisd port with telnet, etc. -- Noel Jones -- Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Bad Character Filter
gw1500se wrote: > > > Noel Jones-2 wrote: >> gw1500se wrote: >>> We are getting email that contains a bad character (possibly a linefeed >>> without the return) on a regular basis. I was told that there is a filter >>> for this type thing but the user could not recall what it was called and >>> we >>> are not coming up with the right key words to search for it. Does any one >>> recognize what I am talking about and where I might find it? TIA. >> If you're using postfix: >> http://www.postfix.org/postconf.5.html#message_reject_characters >> http://www.postfix.org/postconf.5.html#message_strip_characters >> >>-- Noel Jones >> > Thanks for the reply but I don't see how this helps. The problem seems to be > "unescorted" line feeds outside of headers. By that I mean a line feed with > no accompanying return. These Postfix parameters don't appear to give me > sufficient flexibility to reject them. Yes, it does. message_strip_characters = \015 or whatever character you want to strip. -- Noel Jones -- Enter the BlackBerry Developer Challenge This is your chance to win up to $100,000 in prizes! For a limited time, vendors submitting new applications to BlackBerry App World(TM) will have the opportunity to enter the BlackBerry Developer Challenge. See full prize details at: http://p.sf.net/sfu/Challenge ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Bad Character Filter
gw1500se wrote: > We are getting email that contains a bad character (possibly a linefeed > without the return) on a regular basis. I was told that there is a filter > for this type thing but the user could not recall what it was called and we > are not coming up with the right key words to search for it. Does any one > recognize what I am talking about and where I might find it? TIA. If you're using postfix: http://www.postfix.org/postconf.5.html#message_reject_characters http://www.postfix.org/postconf.5.html#message_strip_characters -- Noel Jones -- Enter the BlackBerry Developer Challenge This is your chance to win up to $100,000 in prizes! For a limited time, vendors submitting new applications to BlackBerry App World(TM) will have the opportunity to enter the BlackBerry Developer Challenge. See full prize details at: http://p.sf.net/sfu/Challenge ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] domainkeys vs dkim & how to get sender domain
AMP Admin wrote: > Two questions please. > > > > 1. Are domainkeys dead? I can't find any new information on them. I > have dkim working great but should I have dkim and domainkeys both working? Seems most "new" installations are DKIM only. There's no particular reason to implement both. I currently have both DKIM and domainkeys enabled, I'll probably disable domainkeys when I get around to it. DKIM is a now a full net citizen with an RFC all its own. Domainkeys was never much more than an idea promoted by a few big companies. > > 2. How would I programmatically pull the sender domain via something > like $msginfoo->senderdomain? Do you mean the envelope sender or the from: header? Why do you need the domain? -- Noel Jones -- ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] SaneSecurity Signature Test #2 Failure
Michael Orlitzky wrote: > Mark Martinec wrote: >> See what ended up in the .../parts directory by turning on >> per-recipient debugging, e.g.: >> >> @debug_sender_maps = ( ['yours...@example.com'] ); >> >> Apart from turning on full logging for a message to the specified >> recipient address, it will also retain the contents of a temporary >> directory, so you will be able to check what exactly is there. >> The directory location will be logged, e.g.: >> >> PRESERVING EVIDENCE in /var/amavis/amavis-20090624T233048-45480 >> >> Mark > > Ah, thanks. This is what I needed. Amavis is presenting the full message > to ClamAV as expected. > > This particular message begins with a "Received-SPF:" header. For some > reason, this causes ClamAV to miss the signature. Removal of the header > results in the expected behavior. > > The second test signature (the one that's failing) is defined for file > type 4, or "Mail file," according to [2]. If I had to guess, it would be > that the "Received-SPF" header is throwing off ClamAV's mail file detection. > > I'll take it to the ClamAV list. Thanks again. > Hrm, I thought the .ftm included with sanesecurity included most of the common headers not in the "official" ftm, but it looks as if they mostly address headers added by mailscanner. So create your own local.ftm file containing that header so clam knows it's a mail file. Contents of your local.ftm would look like: 0:0:52656365697665642d5350463a:RecSPF:CL_TYPE_ANY:CL_TYPE_MAIL The hex part is created with # echo -n "Received-SPF:" |sigtool --hex-dump Or your favorite hex converter. -- Noel Jones -- ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] SaneSecurity Signature Test #2 Failure
Michael Orlitzky wrote: > I finally caved and decided to install the SaneSecurity signatures for > ClamAV on my incoming mail host. However, I can't get the second > signature test[1] to pass. I was hoping somebody here could point me in > the right direction. > > I have already installed the SaneSecurity signatures. Mail comes in > through Postfix, and is filtered through amavisd-new (v2.6.3), which > then feeds the message through ClamAV (v0.95.1). It appears as if the > signatures are installed correctly, because Test #3 on [1] passes. > Everything else works as expected. > > According to the SaneSecurity docs, Amavis needs to pass the entire > message body, unmodified, to ClamAV. This is accomplished via > >$bypass_decode_parts = 1; > > which is set, and not re-defined further down in amavisd.conf. It > appears to work: > >[amavis] (17916-02) presenting full original message to scanners as >/var/amavis/tmp/amavis-20090624T145243-17916/parts/p001 > > However, ClamAV doesn't catch the subject header, which contains the > string from Test #2: > >[amavis] (17916-02) ClamAV-clamd: Sending CONTSCAN >/var/amavis/tmp/amavis-20090624T145243-17916/parts\n to UNIX socket >/var/run/clamav/clamd.sock > >[amavis] (17916-02) ask_av (ClamAV-clamd) result: >/var/amavis/tmp/amavis-20090624T145243-17916/parts: OK\n > > Now, at this point, I figured the message must have been mangled, or > that I was pasting the signature incorrectly. But, since I receive the > test message in my inbox, I was able to copy both the source and the > final messages to the mail host in question. Running clamdscan directly > *does* find the signature: > ># clamdscan test.msg >/test.msg: Sanesecurity.TestSig_Type4_Hdr.UNOFFICIAL FOUND > >--- SCAN SUMMARY --- >Infected files: 1 >Time: 0.013 sec (0 m 0 s) > > So, my conclusion is that.. something is wonky, but I'm not sure where. > Anyone have an idea? > Try copying the sanesecurity.ftm to your clamav database directory. Your update script might have settings to do this for you. -- Noel Jones -- ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] amavisd hangs when processing certain mails
Alexander 'Leo' Bergolth wrote: > On 06/01/2009 09:02 PM, Noel Jones wrote: >> Alexander 'Leo' Bergolth wrote: >>> I am experiencing problems with some spam-mail that causes amavisd to >>> hang forever. Maybe it has some problems when running spamassassin, at >>> least in many cases the last debug-output is from spamassassin. However, >>> when manually feeding the mail to spamassassin, everything works fine. >>> >>> Additionally, the following error is output: >>> >>> *** glibc detected *** amavisd (ch1-30412-01): free(): invalid next size >>> (normal): 0x0def2e28 *** >>> >>> The corresponding process never recovers and has to be killed with -9. > [...] >> Clam has been catching these here as Trojan.Downloader-71014. >> >> Here's a postfix mime_header_checks rule to reject mail with >> an attachment by this name. >> >> Caution: this is for temporary use only. It will reject any >> mail with an attachment named "ecard.zip" without regard to >> whether it's a virus or not. >> >> # postfix main.cf >> mime_header_checks = pcre:/etc/postfix/mime_header_checks >> >> # /etc/postfix/mime_header_checks >> # note: this is all one line, beware line wrapping >> ~^Content-(Disposition|Type):\s+.*?(file)?name="?ecard\.zip(\?=)?"?\s*(;|$)~ >> REJECT possible Trojan.Downloader-71014 worm > > Unfortunately this doesn't seem to work, most likely because I'm using > amavis as a smtpd_proxy_filter (pre-queue). Right. That's an important detail. Maybe removing zip from @decoders AND adding ecard.zip to your banned files list will work as a temporary solution. -- Noel Jones -- OpenSolaris 2009.06 is a cutting edge operating system for enterprises looking to deploy the next generation of Solaris that includes the latest innovations from Sun and the OpenSource community. Download a copy and enjoy capabilities such as Networking, Storage and Virtualization. Go to: http://p.sf.net/sfu/opensolaris-get ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] amavisd hangs when processing certain mails
Alexander 'Leo' Bergolth wrote: > Hi! > > I am experiencing problems with some spam-mail that causes amavisd to > hang forever. Maybe it has some problems when running spamassassin, at > least in many cases the last debug-output is from spamassassin. However, > when manually feeding the mail to spamassassin, everything works fine. > > Additionally, the following error is output: > > *** glibc detected *** amavisd (ch1-30412-01): free(): invalid next size > (normal): 0x0def2e28 *** > > The corresponding process never recovers and has to be killed with -9. > > The emails that cause the trouble contain a zip file as attachment. > I have saved one of those mails, together with the debug-output of > amavis at the following address: > > http://leo.kloburg.at/tmp/amavis-hang/ > > Since mail delivery stops once all configured amavisd children are in > such a hanging state, I am desperately looking for an advice how to > further track down the bug. > > Additionally I'd appreciate any hints on how to reject those mails in an > early state, so that amavisd won't crash. (Maybe based on the > attachment-name?) > > Thanks, > --leo Clam has been catching these here as Trojan.Downloader-71014. Here's a postfix mime_header_checks rule to reject mail with an attachment by this name. Caution: this is for temporary use only. It will reject any mail with an attachment named "ecard.zip" without regard to whether it's a virus or not. # postfix main.cf mime_header_checks = pcre:/etc/postfix/mime_header_checks # /etc/postfix/mime_header_checks # note: this is all one line, beware line wrapping ~^Content-(Disposition|Type):\s+.*?(file)?name="?ecard\.zip(\?=)?"?\s*(;|$)~ REJECT possible Trojan.Downloader-71014 worm I can't yet answer why it hangs your (and apparently a few other's) amavisd-new. Details of your OS and software versions may help. -- Noel Jones -- OpenSolaris 2009.06 is a cutting edge operating system for enterprises looking to deploy the next generation of Solaris that includes the latest innovations from Sun and the OpenSource community. Download a copy and enjoy capabilities such as Networking, Storage and Virtualization. Go to: http://p.sf.net/sfu/opensolaris-get ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Amavis "dies" on specific file..
Anders Norrbring wrote: > I've noticed the last 2 days that my Amavis goes into a complete halt when > running into 'ecard.zip' > Is there any way to have e-mails with that file name to be deleted > immediately, without having to unpack and scan them? > > Here's pull from the log of the latest posts before it got stuck: > > Jun 1 15:36:55 siri.the-server.net /usr/sbin/amavisd[25663]: (25663-20) > LMTP:[127.0.0.1]:10024 /var/spool/amavis/tmp/amavis-20090601T152822-25663: > -> SIZE=39249 Received: > from mail.the-server.net ([127.0.0.1]) by amavis.the-server.net > (siri.the-server.net [127.0.0.1]) (amavisd-new, port 10024) with LMTP for > ; Mon, 1 Jun 2009 15:36:55 +0200 (CEST) > Jun 1 15:36:55 siri.the-server.net /usr/sbin/amavisd[25663]: (25663-20) > Checking: Xq+AKoH3Yql9 [66.65.60.137] -> > > Jun 1 15:36:55 siri.the-server.net /usr/sbin/amavisd[25663]: (25663-20) > p003 1 Content-Type: multipart/mixed > Jun 1 15:36:55 siri.the-server.net /usr/sbin/amavisd[25663]: (25663-20) > p001 1/1 Content-Type: text/plain, size: 461 B, name: > Jun 1 15:36:55 siri.the-server.net /usr/sbin/amavisd[25663]: (25663-20) > p002 1/2 Content-Type: application/zip, size: 27154 B, name: ecard.zip > > Grateful for any ideas on this.. > Anders. You can reject the mail with postfix's mime_header_checks feature. Something like this (obviously untested): # main.cf mime_header_checks = pcre:/etc/postfix/mime_header_checks # /etc/postfix/mime_header_checks /^Content-(Disposition|Type):\s+.*?(file)?name="?ecard\.zip(\?=)?"?\s*(;|$)/ REJECT bad attachment name You might need to tweak the above expression to match what's actually in the file, but this should be a good starting point. -- Noel Jones -- Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT is a gathering of tech-side developers & brand creativity professionals. Meet the minds behind Google Creative Lab, Visual Complexity, Processing, & iPhoneDevCamp as they present alongside digital heavyweights like Barbarian Group, R/GA, & Big Spaceship. http://p.sf.net/sfu/creativitycat-com ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] un-defang?
Michael Monnerie wrote: > But: Is there an option in amavisd to say: "if the message is spam, > defang and send to user PLUS feed original format to an e-mail account"? The quarantine and final_spam_destiny are separate settings. You can save a copy in quarantine while still passing the defanged mail to the recipient. The quarantine can be a directory, a unix-style mailbox, an email address, an SQL database, or a pipe to a script. See amavisd.conf-sample and the release notes for details and examples. -- Noel Jones -- Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT is a gathering of tech-side developers & brand creativity professionals. Meet the minds behind Google Creative Lab, Visual Complexity, Processing, & iPhoneDevCamp asthey present alongside digital heavyweights like Barbarian Group, R/GA, & Big Spaceship. http://www.creativitycat.com ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] ripmime
Michael Monnerie wrote: > On Montag 25 Mai 2009 Noel Jones wrote: >> use the "ripmime" command to extract the original message from a >> defanged mail, then feed it to sa-learn. > > Can you give a hint how you do that? I just use: cd /tmp/sandbox ripmime -i /path/to/file The original mail, including headers, is contained in the file named "message". > I guess first you have postfix -> amavis -> spamassassin, then you > deliver the mail. Afterwards you extract it, possibly by sending the > mail via SMTP delivery into an e-mail adress which calls ripmime, but > with which parameters? Yes, you could feed the "defanged" mail to an address that pipes to "ripmime -i - -d /path/to/directory" where directory is where the extracted files will go. > Sometimes I feed spam which is not defanged, > would I need to process that differently or does ripmime recognise this? No, ripmime is a general purpose tool for extracting mime segments from a mail. In the case of a non-defanged spam, you don't need ripmime. But once the mail has gone through someone's mailbox, it's likely the message will be altered, perhaps in a non-reversible way, so you will have other issues to address. -- Noel Jones -- Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT is a gathering of tech-side developers & brand creativity professionals. Meet the minds behind Google Creative Lab, Visual Complexity, Processing, & iPhoneDevCamp asthey present alongside digital heavyweights like Barbarian Group, R/GA, & Big Spaceship. http://www.creativitycat.com ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] un-defang?
Michael Monnerie wrote: > On Mittwoch 20 Mai 2009 Michael Monnerie wrote: >> On Mittwoch 20 Mai 2009 Michael Monnerie wrote: >>> Hi, I use defang to mark mails for users. But for spam learning >>> purposes, I need to un-defang some spam going to honeypots or >>> reported by users via IMAP. >>> >>> So basically, I need a way to feed a defanged mail to a program >>> which restores the original mail, similar to what "spamassassin -d" >>> does. Is that easily possible? >> Any ideas for this one? I'd need to extract that original part for >> better spam learning. > > Being unable to automatically recover the original mail makes the > feature of defanging prevent keeping spam in a file/mbox/IMAP and later > resubmit to SpamAssassin for learning. Is nobody concerned of that? Or > is nobody using the defang feature at all? How do you use defang plus > keep a collection of spam for re-learning? > > I currently do: > 1) check for spam, if yes, defang > 2) send to users inbox > > Some users use IMAP to move spams to a spam folder which is used for re- > learning. But obviously that doesn't help, we'd need the original mail > to learn spam. > > mfg zmi I use the "ripmime" command to extract the original message from a defanged mail, then feed it to sa-learn. You can also release a mail from quarantine to a specific email address that pipes to sa-learn using the amavisd-release command, see the man page and release notes for details. -- Noel Jones -- Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT is a gathering of tech-side developers & brand creativity professionals. Meet the minds behind Google Creative Lab, Visual Complexity, Processing, & iPhoneDevCamp asthey present alongside digital heavyweights like Barbarian Group, R/GA, & Big Spaceship. http://www.creativitycat.com ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Amavis DKIM Signing with Postfix check_client_access ?
mRyOuNg wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Hi there, > > I'm trying to setup a DKIM signing through Amavis with a multipath > amavis configuration as explained in the documentation ... > > Every mail sent to 127.0.0.1:10024 are foreign and not signed ... > Every mail sent to 127.0.0.1:10026 are originnating and are signed ... > > This works pretty nicely if i do some tests directly via telnet ... > > But i can't make it works from postfix ... Indeed, Postfix is always > sending mail as foreign (10024) even when they are supposed to be > originnating (for example, when i send a mail from localhost which is in > the $mynetworks configuration parameters)... > > My configuration looks like the following: > > - -- from main.cf > content_filter = amavisfeed:[127.0.0.1]:10024 > > smtpd_client_restrictions = >check_client_access regexp:/etc/postfix/tag_as_originating.re, >permit_mynetworks, >permit_sasl_authenticated, >check_client_access regexp:/etc/postfix/tag_as_foreign.re, >reject_unknown_reverse_client_hostname > > smtpd_recipient_restrictions = permit_mynetworks, >reject_unauth_destination, >check_policy_service inet:127.0.0.1:10030 > > - -- from tag_as_originating.re > /^/ FILTER amavisfeed:[127.0.0.1]:10026 > > - -- from tag_as_foreign.re > /^/ FILTER amavisfeed:[127.0.0.1]:10024 > > I know this seems to be more a "postfix" problem, than an amavis problem > ... But i first thought to come here, as i found all this information > from the amavis Website ... > > Anyone having any idea about it ? > > Thanks in advance for your answer ... > You don't provide much evidence, so I'll make some general observations... Local mail sent with the sendmail(1) command-line interface will use the main.cf content_filter setting, not the custom FILTER settings. You probably want the main.cf content_filter setting to point to your signing filter. Performing the FILTER overrides in smtpd_client_restrictions requires the default postfix setting smtpd_delay_reject = yes If you must change this setting (NOT recommended), move your FILTER overrides to smtpd_sender_restrictions. -- Noel Jones -- Stay on top of everything new and different, both inside and around Java (TM) technology - register by April 22, and save $200 on the JavaOne (SM) conference, June 2-5, 2009, San Francisco. 300 plus technical and hands-on sessions. Register today. Use priority code J9JMT32. http://p.sf.net/sfu/p ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] timeout after END-OF-MESSAGE from host[x.x.x.x]
Justin Piszcz wrote: > All, > > http://marc.info/?l=amavis-user&m=121141422203195&w=2 Unrelated... > > I have been using the following: > $smtp_connection_cache_on_demand = 0; > $smtp_connection_cache_enable = 0; This controls amavisd-new. > > Yet, I still get these errors on occasion: > Apr 3 18:01:05 host postfix/smtpd[10851]: timeout after END-OF-MESSAGE from > remote-server[208.12.2.1] > > Sometimes, the (service) in question sends e-mails to the secondary address on > file saying they could not reach me via my primary e-mail addresss. > > Are there any other things that could be contributing to the problem here? > > Here is the full log: > > Apr 3 17:56:04 host postfix/smtpd[10851]: connect from > remote-server.com[208.12.2.1] smtpd[10851] gets a connection from a remote site. (note this isn't from amavisd-new). > Apr 3 17:56:04 host postfix/smtpd[10851]: F1607160144E2: > client=remote-server.com[208.12.2.1] > Apr 3 17:56:05 host postfix/cleanup[10789]: F1607160144E2: > message-id=<9289090.1238699168472.javamail@produtil4s> > Apr 3 17:56:05 host postfix/qmgr[9240]: F1607160144E2: > from=, size=8743, nrcpt=1 (queue active) > Apr 3 17:56:06 host postfix/smtpd[10857]: connect from localhost[127.0.0.1] > Apr 3 17:56:06 host postfix/smtpd[10857]: 52F961600F335: > client=localhost[127.0.0.1] > Apr 3 17:56:06 host postfix/cleanup[10789]: 52F961600F335: > message-id=<9289090.1238699168472.javamail@produtil4s> > Apr 3 17:56:06 host postfix/smtpd[10857]: disconnect from > localhost[127.0.0.1] > Apr 3 17:56:06 host postfix/qmgr[9240]: 52F961600F335: > from=, size=9417, nrcpt=1 (queue active) > Apr 3 17:56:06 host postfix/local[10794]: 52F961600F335: > to=, relay=local, delay=0.01, delays=0/0/0/0, dsn=2.0.0, > status=sent (delivered to command: procmail -a "$EXTENSION") > Apr 3 17:56:06 host postfix/qmgr[9240]: 52F961600F335: removed > Apr 3 17:56:06 host amavis[30962]: (30962-12) Passed CLEAN, [208.12.2.1] > [208.12.2.1] -> , > Message-ID: <9289090.1238699168472.javamail@produtil4s>, mail_id: > VO8QfK+m6R67, Hits: -10.219, size: 8726, queued_as: 52F961600F335, 1051 ms > Apr 3 17:56:06 host postfix/lmtp[10854]: F1607160144E2: > to=, relay=127.0.0.1[127.0.0.1]:10024, delay=1.4, > delays=0.36/0/0/1.1, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=30962-12, from > MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 52F961600F335) > Apr 3 17:56:06 host postfix/qmgr[9240]: F1607160144E2: removed The original mail is processed completely by postfix and removed from the queue. > Apr 3 18:01:05 host postfix/smtpd[10851]: timeout after END-OF-MESSAGE from > remote-server.com[208.12.2.1] > Apr 3 18:01:05 host postfix/smtpd[10851]: disconnect from > remote-server.com[208.12.2.1] The REMOTE CLIENT has held on to the connection for an extra ~300 seconds, possibly due to a broken implementation of connection caching on THEIR end. You can force them to disconnect sooner by adjusting your postfix smtpd_timeout, but other than that there's nothing you can do here. maybe complain to their postmaster. No mail is lost, the only effect is an open connection that isn't doing anything. If you're short of smtpd processes that can be a problem, otherwise no big deal. -- Noel Jones -- This SF.net email is sponsored by: High Quality Requirements in a Collaborative Environment. Download a free trial of Rational Requirements Composer Now! http://p.sf.net/sfu/www-ibm-com ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] max_servers and clam max threads
> --- Original Message --- > From: lartc > To: amavis-user > Sent: 24-Feb-09, 1:26:41 > Subject: [AMaViS-user] max_servers and clam max threads > > hi all, > > i'm noticing that clam is using large amounts of memory, so i poked Yes, it tends to do that. > around in my cfg files and noticed that > > amavisd.conf contains > $max_servers = 4; > > and clamd.conf contains > MaxThreads 20 OK > > > as amavis calls clam, shouldn't these two numbers be equal? No, the clamd MaxThreads is a limit, not how many to run. Adjusting this won't reduce memory usage. -- Noel Jones -- Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA -OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise -Strategies to boost innovation and cut costs with open source participation -Receive a $600 discount off the registration fee with the source code: SFAD http://p.sf.net/sfu/XcvMzF8H ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Spam in links to images
Brian Jameson wrote: > Where an e-mail refers to a link to an image containing spam is it possible > to detect this and score it as appropriate. I have tried FuzzyOcr but it > only looks at images embedded in the e-mail and not links. I have drawn a > blank with Google. Any suggestions? > regards > Brian. > Some of the domains linked to are listed in the various URIBLs, that helps some of them. If you're using clamav, the Sanesecurity addon signatures catch a lot of these. http://www.clamav.net http://www.sanesecurity.com/usage.htm -- Noel Jones -- Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA -OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise -Strategies to boost innovation and cut costs with open source participation -Receive a $600 discount off the registration fee with the source code: SFAD http://p.sf.net/sfu/XcvMzF8H ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] amavisd-learning
Patrick Ben Koetter wrote: > * bharathan kailath : >> Hi >> >> X-Virus-Scanned: amavisd-new at .XX >> X-Spam-Score: 1.914 >> X-Spam-Level: * >> X-Spam-Status: No, score=1.914 required=5 tests=[ADVANCE_FEE_2=1.234, >> ADVANCE_FEE_3=1.432, ADVANCE_FEE_4=0.639, AWL=-0.320, BAYES_00=-2.599, >> MILLION_USD=1.528] >> >> the above is a header detail of a nigerian spam; how can set amavis to >> consider this as spam > > You need to train/improve SpamAssassin, not amavisd. > Feeding missed spam through sa-learn is a very important step. Your bayes thinks the message is ham. If you're already using clamav with amavisd-new, I would highly recommend the Sanesecurity add-on signatures. They do a great job catching phish and scam mail. Here's instructions on how to get and use them: http://sanesecurity.com/usage.htm -- Noel Jones -- Create and Deploy Rich Internet Apps outside the browser with Adobe(R)AIR(TM) software. With Adobe AIR, Ajax developers can use existing skills and code to build responsive, highly engaging applications that combine the power of local resources and data with the reach of the web. Download the Adobe AIR SDK and Ajax docs to start building applications today-http://p.sf.net/sfu/adobe-com ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] DKIM
Seba Mueld wrote: > Hi, > > I've tried to sign outgoing emails with DKIM and amavisd-new but outgoing > mails are not signed. > > Two problems: > > 1.) I want to use DKIm for three domains. I've genrated the keyfiles and > published in DNS but only one domain passes the test with "amavisd testkeys". > > For the other two domains I get this error: > > invalid (public key: not available) Looks as if the public key is not available in DNS. Check your DNS records, or maybe your changes haven't propagated yet. -- Noel Jones -- This SF.net email is sponsored by: SourcForge Community SourceForge wants to tell your story. http://p.sf.net/sfu/sf-spreadtheword ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] R: Amavisd-new reloading
Michael Scheidell wrote:
>
>> How do you justfy the fact that from time to time I have:
>>
>> status=deferred (delivery temporarily suspended: connect to
>> 127.0.0.1[127.0.0.1]: Connection refused)
>>
>> in maillog after restarting Amavisd-new?
>>
> You might try something like this when starting amavisd-new. A compromise
> between postfix flush, and just waiting: looks for deferred email with regex
> pattern 127.0.0.1. Should help.
>
> find /var/spool/postfix/deferred -type f \
> -exec grep -H '127.0.0.1.:10024' {} \; | cut -f 3 -d "/" \
> | cut -f 1 -d ' ' | postsuper -r -
>
The above is not good general advice since its effect depends
on the local configuration.
When you requeue a message with "postsuper -r" the
content_filter setting of the postfix "pickup" service is used.
Many people disable the content_filter on the pickup service
to avoid filtering locally submitted mail, in which case
requeueing effectively tells that message to bypass the
content_filter.
--
Noel Jones
--
SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada.
The future of the web can't happen without you. Join us at MIX09 to help
pave the way to the Next Web now. Learn more and register at
http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] R: Amavisd-new reloading
Rocco Scappatura wrote:
>>> It was probably filling up gradually and you didn't notice.
>>> Or there was a repeated failure, and you weren't monitoring the log.
>>>
>>>> 2) Is there a safe way to reloading amavisd-new?
>>> One way to do it is to:
>>> amavisd stop
>>> rm -rf /var/amavis/scan
>>> mkdir /var/amavis/scan
>>> chown vscan:vscan /var/amavis/scan
>>> amavisd start
>>>
>> I still have some trouble with reloading/restarting amavisd-new.
>> Basically, I have a cronjob to update amavisd-new:
>>
>> sa-update --gpgkey 6C6191E3 --channel sought.rules.yerp.org
>> --channel updates.spamassassin.org && /usr/sbin/rcamavisd reload
>>
>> where on reloading my startup script behaves as follow:
>>
>> reload)
>> echo -n "Reloading amavisd-new: "
>> ${prog} -c ${prog_config_file} reload
>> rc_status -v
>> ;;
>>
>> Doing so I have the problem that temporary RAM filesystem fills up
> from
>> time to time, and Postfix+Amavisd-new stops to work.
>>
>> On the contrary I could define cronjob as follow:
>>
>> sa-update --gpgkey 6C6191E3 --channel sought.rules.yerp.org
>> --channel updates.spamassassin.org && /usr/sbin/rcamavisd restart
>>
>> where on restarting my startup script behaves as follow:
>>
>> restart)
>> $0 stop
>> sleep 2
>> /usr/local/bin/delete_amavis_tmp.sh
>> rm -rf /var/amavis/scan/*
>> $0 start
>> ;;
>>
>> But doing so I have the problem of defferrals in postfix because it
>> could not connect to the amavisd socket:
>>
>> status=deferred (delivery temporarily suspended: connect to
>> 127.0.0.1[127.0.0.1]: Connection refused)
>>
>> So it is necessary that I reload postifix so that it could connect to
>> the new amavisd-new socket so that all continues to work.
>>
>> My question is: should I use reload or restart or is there a better
> way
>> to manage this situation? Moreover, could I avoid to reload postfix?
>> The
>> aim is clearly to make relaible the automatic job so that I could stay
>> quit wherever I'm out of office.
>
> Any news? Have someone experienced with similar issue?
>
> rocsca
>
You have a few choices for this...
- insure that your ram drive is big enough that it's unlikely
to fill up, else don't use a ram drive.
- do nothing. Postfix will start sending mail to amavis again
after a few minutes. It may be useful to adjust the
queue_run_delay, minimal_backoff_time and maximal_backoff_time
values, especially if you have postfix 2.3 or earlier.
# main.cf
queue_run_delay = 300s
minimal_backoff_time = 240s
maximal_backoff_time = 1000s
http://www.postfix.org/postconf.5.html#queue_run_delay
http://www.postfix.org/postconf.5.html#minimal_backoff_time
http://www.postfix.org/postconf.5.html#maximal_backoff_time
- For *occasional* use, run "postfix flush" to restart
delivery to all destinations. Flushing postfix is bad for
performance (but not as bad as "postfix reload") so shouldn't
be done on a regular basis.
- see the mitigation recipes at
http://www.postfix.org/QSHAPE_README.html#backlog
This works best with postfix 2.5 and newer.
--
Noel Jones
-
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] [newbie] Running amavisd-new on different machine than postfix server
Bernard T. Higonnet wrote: > I have been running a FreeBSD 7.0 system with Postfix 2.4.6 which is > very happy. > > I want to add AMaViS, and just for the hell of it, want it to run on a > machine other than that hosting the Postfix server. > > AMaViS runs at startup from /etc/rc.conf and looks OK to a newbie. > > netstat -a produces > > tcp4 0 0 localhost.10024 *.* LISTEN > > > My first problem, which has very little to do with AMaViS, and a lot to > do with ignorance of basic unix, is that I can only reach this port > using "telnet localhost 10024" from the machine itself. All attempts to > telnet into AMaViS from the Postfix machine produces > > telnet: connect to address 192.168.3.108: Connection refused > Looks as if your amavisd is only listening on localhost. To tell amavisd to listen on all interfaces, add to your /usr/local/etc/amavisd.conf: $inet_socket_bind = undef; # bind to all IP interfaces also see comments in amavisd.conf-sample -- Noel Jones - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] low scoring mens health -- anyone else seeing these?
lartc wrote: > hi all, > > i've been getting quite a few mens health spams from yahoo.com and > aol.com and aol.co.uk -- there going to various addresses and my > client's address is being bcc'd > > this appears to be abuse, as scores are coming in very low on these > messages (less than 1.0) > > i've increased the following scores by 0.5 (from what's in the file) > > score DRUGS_ERECTILE 2.872 1.146 0.825 0.782 > > any other suggestions? > If you're already using clamav, consider using the Sanesecurity add-on signatures. They catch a lot of these pill spams plus 419 scams and phishing. I find them very effective and reliable, and I highly recommend them. http://www.sanesecurity.com/clamav/usage.htm -- Noel Jones - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Black- Whitelists
Silvio Siefke wrote:
> Hey,
>
> Nevertheless, Amavisd-new works with Black/Whitelisten? How I must not put
> this, from the FAQ ready I really clever. Till present I had the following
> beginning.
>
> Maps:
> @whitelist_sender_maps = read_hash("$MYHOME/home/white");
> @blacklist_sender_maps = read_hash("$MYHOME/home/black");
>
> Restart:
> Error in config file "/etc/amavisd.conf": Error reading from
> /var/amavis/home/black: Ungültiger Dateideskriptor at /usr/sbin/amavisd-new
> line 2609, line 4.
>
> The following entries exist.
> @.domain1.com
> @.domain2.com
>
>
> Can somebody help me?
>
>
I believe the correct entry format should be
.domain1.com
.domain2.com
Also see the examples in amavisd.conf-sample supplied with
amavisd-new.
--
Noel Jones
-
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] amavis eats the machine
Len Conrad wrote: >>> But I still feel there's something throttling amavis with the current >>> hardware. This machine groans on passing 900 - 1100 msgs/hour? I >>> think it can do a lot better. You need to find out where the bottleneck is. Most "average" email messages should go through amavisd-new in a few seconds with ~95% of the time spent in SA. Running amavisd-nanny for a couple minutes will show if you are really using all your amavis workers. Running amavisd-new at loglevel 2 or above will log timing details. I expect this to tell you that amavisd-new is spending all its time running spamassassin, but best to confirm this before barking up the wrong tree. Then you can run amavisd with sa-debug or run some standalone spamassassin -D scans from the command line to see where SA is spending its time. The usual suspects are RBL or other network tests. Maybe temporarily disable those tests (or set their timeouts really low) in SA. Other things that commonly take a long time are a slow file system or using a non-deamonized virus scanner, such as using "clamscan" rather than "clamdscan". Remember - measure twice, cut once. -- Noel Jones - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] amavis eats the machine
Len Conrad wrote: >>> But I still feel there's something throttling amavis with the current >>> hardware. This machine groans on passing 900 - 1100 msgs/hour? I >>> think it can do a lot better. You need to find out where the bottleneck is. Most "average" email messages should go through amavisd-new in a few seconds with ~95% of the time spent in SA. Running amavisd-nanny for a couple minutes will show if you are really using all your amavis workers. Running amavisd-new at loglevel 2 or above will log timing details. I expect this to tell you that amavisd-new is spending all its time running spamassassin, but best to confirm this before barking up the wrong tree. Then you can run amavisd with sa-debug or run some standalone spamassassin -D scans from the command line to see where SA is spending its time. The usual suspects are RBL or other network tests. Maybe temporarily disable those tests (or set their timeouts really low) in SA. Other things that commonly take a long time are a slow file system or using a non-deamonized virus scanner, such as using "clamscan" rather than "clamdscan". Remember - measure twice, cut once. -- Noel Jones - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Mail seems to time out
-heiligenstadt.de[194.95.224.127] > Sep 17 20:17:42 mail amavis[9852]: (09852-01) ESMTP::10025 > /var/amavis/amavis-20080917T201737-09852: <[EMAIL PROTECTED]> -> > <[EMAIL PROTECTED]> Received: from mail.charite.de ([127.0.0.1]) by localhost > (mail.charite.de [127.0.0.1]) (amavisd-new, > port 10025) with ESMTP for <[EMAIL PROTECTED]>; Wed, 17 Sep 2008 20:17:37 > +0200 (CEST) > Sep 17 20:26:05 mail postfix/smtpd[9774]: timeout after DATA (approximately > 9369 bytes) from mail.iba-heiligenstadt.de[194.95.224.127] > Sep 17 20:26:05 mail postfix/smtpd[9774]: disconnect from > mail.iba-heiligenstadt.de[194.95.224.127] > > Sep 17 21:03:02 mail postfix/smtpd[18317]: connect from > mail.iba-heiligenstadt.de[194.95.224.127] > Sep 17 21:03:17 mail postfix/smtpd[18317]: NOQUEUE: > client=mail.iba-heiligenstadt.de[194.95.224.127] > Sep 17 21:03:22 mail amavis[17315]: (17315-12) ESMTP::10025 > /var/amavis/amavis-20080917T205644-17315: > <[EMAIL PROTECTED]> -> <[EMAIL PROTECTED]> Received: from mail.charite.de > ([127.0.0.1]) by localhost (mail.charite.de [127.0.0.1]) (amavisd-new, port > 10025) with ESMTP for <[EMAIL PROTECTED]>; Wed, 17 Sep > 2008 21:03:17 +0200 (CEST) > Sep 17 21:29:04 mail postfix/smtpd[18317]: lost connection after DATA > (approximately 106365 bytes) from mail.iba-heiligenstadt.de[194.95.224.127] > Sep 17 21:29:04 mail postfix/smtpd[18317]: disconnect from > mail.iba-heiligenstadt.de[194.95.224.127] > > I don't get this. In the middle of the night it stops at > "approximately 106365 bytes", but in the afternoon "approximately > 464619 bytes" (I was just about to ask for the postfix logs. HA!) So it chokes after anywhere from ~10k to ~500k transfer. My gut thinks this is a client problem - nothing to do with amavisd-new or postfix. I don't think amavisd-new starts any scanning (or adds delays) until after end-of-data. Maybe use an iptables rule to direct this client to some alternate port with a postfix HOLD rule for analysis? Maybe someone else has a clue... -- Noel Jones - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] debug-sa not giving much output?
Durk Strooisma wrote: > Hi everyone, > > I have a Debian lenny system running with the amavisd-new > 1:2.6.1.dfsg-1 and spamassassin 3.2.5-1 packages. It is set up with > a fairly default configuration, but with spam-checking enabled in > Amavisd-new. > > If I start amavisd-new with debug-sa (/etc/init.d/amavis debug-sa) I > expect to see a lot of debugging output from SpamAssassin, but when > an e-mail is processed I only see a line like: > > Sep 11 17:58:50.175 machine.example.com /usr/sbin/amavisd-new[13580]: > (13580-01) Passed CLEAN, LOCAL [172.16.0.1] [172.16.0.1] > <[EMAIL PROTECTED]> -> <[EMAIL PROTECTED]>, Message-ID: > <[EMAIL PROTECTED]>, mail_id: > LuI9YsVEr8ej, Hits: 0.29, size: 382, queued_as: 1B3C681BFA9, 599 ms > > Is this intented behaviour? Do I need to set some other debugging/logging > settings in Amavisd-new or SpamAssassim? > That command is intended to be run from the command line in the foreground, not as an argument to the daemon startup script. # /usr/local/sbin/amavisd debug-sa (lots of output on your screen) ^C to quit. To increase logging of the daemon, adjust the $log_level parameter in amavisd.conf. -- Noel Jones - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Blocking files by magic number (fingerprint) [Virus checked]
[EMAIL PROTECTED] wrote: > Hi, > > is there a way to block files by its magic number? In amavis-new I've > found the possibility to block files by its extension, which is very easy > to bypass. > Not the magic number directly, but you can block by the file type returned by file(1), which should be just as good. See amavisd.conf-sample and the banned-filename section. Especially pay attention to: # * file content type as guessed by 'file(1)' utility, mapped #(by @map_full_type_to_short_type_maps) into short type names such as #.asc, .txt, .html, .doc, .jpg, .pdf, .zip, .exe-ms, ..., which always #starts with a dot. These short types are available unless #$bypass_decode_parts is true. -- Noel Jones - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] dkim not signing locally submitted mail
Eray Aslan wrote:
> DKIM signing with amavisd-new works when mail comes in to the mail
> server with smtp:
>
> # grep "dkim: signing" /var/log/mail.log|tail -n1
> Sep 4 13:45:15 sunny amavis[27450]: (27450-01) dkim: signing, From:
> <[EMAIL PROTECTED]>, KEY.g=>*, KEY.h=>sha256, KEY.k=>rsa, KEY.t=>s:y,
> a=>rsa-sha256, c=>relaxed/simple, d=>caf.com.tr, s=>originating
>
> but locally submitted mail does not get signed:
>
> Sep 4 13:01:15 sunny postfix/pickup[26671]: 4DAB739E36D: uid=1000
> from=<[EMAIL PROTECTED]>
> [...]
> Sep 4 13:01:19 sunny amavis[26882]: (26882-01) FWD via SMTP:
> <[EMAIL PROTECTED]> -> <[EMAIL PROTECTED]>,BODY=7BIT 250 2.0.0 Ok,
> id=26882-01, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as
> 7B2D839E348
> Sep 4 13:01:19 sunny amavis[26882]: (26882-01) Passed CLEAN,
> <[EMAIL PROTECTED]> -> <[EMAIL PROTECTED]>, Message-ID:
> <[EMAIL PROTECTED]>, mail_id: sS+CRhH0HEgk, Hits:
> 2.218, size: 421, queued_as: 7B2D839E348, 4190 ms
> [...]
>
> Notice the lack of MYNETS/MYUSERS in the amavis log above and can also
> be seen from a log level 5 amavis log:
>
> Sep 4 14:39:23 sunny amavis[28248]: (28248-01) lookup_ip_acl
> (mynetworks): key="0.0.0.0", no match
>
> So I guess the reason for not signing is that the email is not
> considered originating for locally submitted mail. Why? What am I missing?
>
> # grep mynetworks /etc/amavisd.conf |grep -v ^#
> @mynetworks = qw( 127.0.0.0/8 10.0.0.0/24 10.0.9.0/24 10.0.2.0/24 );
> $policy_bank{'MYNETS'} = { # mail originating from @mynetworks
> # amavisd testkeys|grep caf.com.tr
> TESTING: originating._domainkey.caf.com.tr => pass
> # grep local_domains_map /etc/amavisd.conf |grep -v ^#
> @local_domains_maps = ( read_hash("$MYHOME/local_domains") ); # using hash
> # grep caf.com.tr /var/amavis/local_domains
> caf.com.tr
>
>
> Thank you
Try adding 0.0.0.0/32 to @mynetworks.
--
Noel Jones
-
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Error strange
Eduardo Júnior wrote: > Hi, > > > >>> The log complete: >>> >>> >>> Aug 27 07:58:29 magneto amavis[21705]: (21705-03-72) Blocked TEMPFAIL, [ >>> 201.65.67.26] <[EMAIL PROTECTED]> -> <[EMAIL PROTECTED]>, Message-ID: >>> <[EMAIL PROTECTED]>, mail_id: ixnb-t4SqEdC, Hits: >>> 3.858, >>> 4335 ms >>> >>> >>> >> There will be a log entry from postfix referring to that recipient around >> the same time. That should explain the reject. > > > > > Aug 27 07:58:31 magneto postfix/smtpd[21997]: connect from > localhost.localdomain[127.0.0.1] > Aug 27 07:58:31 magneto postfix/smtpd[21997]: warning: Connection rate limit > exceeded: 85 from localhost.localdomain[127.0.0.1] for service > 127.0.0.1:10025 > Aug 27 07:58:31 magneto postfix/smtpd[21997]: disconnect from > localhost.localdomain[127.0.0.1] > > Excellent, that explains the problem clearly. In master.cf add to your 10025...smtp reinjection entry: -o smtpd_client_event_limit_exceptions=127.0.0.1 references: http://www.postfix.org/anvil.8.html http://www.postfix.org/postconf.5.html#smtpd_client_event_limit_exceptions -- Noel Jones - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Error strange
Eduardo Júnior wrote: > Hi, > > > > On Mon, Aug 25, 2008 at 11:47 AM, Eduardo Júnior <[EMAIL PROTECTED]>wrote: > >> Hi, >> >> >> On Mon, Aug 25, 2008 at 9:52 AM, Mark Martinec < >> [EMAIL PROTECTED] <[EMAIL PROTECTED]>> wrote: >> >>> Eduardo, >>> >>>> I'm getting this error in some messages that pass through amavis: >>>> amavis[25680]: (25680-09-30) Blocked TEMPFAIL >>>> >>>> what is the reason for this error? >>> A possible reason is that MTA gave a 4xx error when amavisd >>> tried to submit checked mail back to it. There should be >>> more detailed information in the log nearby. >> > > > The log complete: > > > Aug 27 07:58:29 magneto amavis[21705]: (21705-03-72) Blocked TEMPFAIL, [ > 201.65.67.26] <[EMAIL PROTECTED]> -> <[EMAIL PROTECTED]>, Message-ID: > <[EMAIL PROTECTED]>, mail_id: ixnb-t4SqEdC, Hits: 3.858, > 4335 ms > > There will be a log entry from postfix referring to that recipient around the same time. That should explain the reject. -- Noel Jones - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Unable To Connect 127.0.0.1 10025
Carlos Williams wrote: > On Wed, Aug 13, 2008 at 11:49 AM, Noel Jones <[EMAIL PROTECTED]> wrote: > >> Apparently your postfix isn't answering on 10025 despite the proper entries >> in master.cf. This means that either a firewall is blocking it or some >> other error in postfix is preventing it from running. >> >> Have you looked in the mail log for errors logged by postfix? >> What shows up in the mail log when you "telnet 127.0.0.1 10025" ? > > When I attempt to telnet 127.0.0.1 10025 on my email server, the > following pops up in the logs: > > Aug 13 12:07:34 email postfix/smtpd[3501]: warning: > xsasl_cyrus_server_get_mechanism_list: no applicable SASL mechanisms > Aug 13 12:07:34 email postfix/smtpd[3501]: fatal: no SASL > authentication mechanisms > Aug 13 12:07:35 email postfix/master[2610]: warning: process > /usr/lib/postfix/smtpd pid 3501 exit status 1 > Aug 13 12:07:35 email postfix/master[2610]: warning: > /usr/lib/postfix/smtpd: bad command startup -- throttling > Ah, looks like a SASL problem. Amazing what treasure you can find in the log... Try adding -o smtpd_sasl_auth_enable=no to the 10025 master.cf entry. And you also might try setting the "chroot" column in the master.cf entry to "n". If you need more help, continue this on the postfix-users list. This has nothing to do with amavisd-new. http://www.postfix.org/DEBUG_README.html#mail You may find other pointers for that error message in the postfix-users archives. Try google. -- Noel Jones > === > > My main.cf is very simple and straight forward. Here is the output of > postconf -n: > > alias_database = hash:/etc/aliases > alias_maps = hash:/etc/aliases > append_dot_mydomain = no > biff = no > broken_sasl_auth_clients = yes > config_directory = /etc/postfix > content_filter = smtp-amavis:[127.0.0.1]:10024 > inet_interfaces = all > mailbox_size_limit = 0 > mydestination = $myhostname, $mydomain, localhost.$mydomain, localhost > mydomain = example.net > myhostname = email.example.net > mynetworks = 127.0.0.0/8 [:::127.0.0.0]/104 [::1]/128 > myorigin = $mydomain > readme_directory = no > recipient_delimiter = + > relayhost = > smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) > smtpd_recipient_restrictions = > permit_mynetworks,permit_sasl_authenticated, > reject_unauth_destination, reject_non_fqdn_sender, > reject_non_fqdn_recipient, reject_unlisted_recipient, > reject_unlisted_sender, reject_invalid_hostname, > reject_non_fqdn_hostname, reject_rbl_client > zen.spamhaus.org, reject_rbl_client bl.spamcop.net, > reject_rbl_client > safe.dnsbl.sorbs.net,reject_invalid_hostname, reject_non_fqdn_hostname > smtpd_sasl_auth_enable = yes > smtpd_sasl_security_options = noanonymous > > > - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Unable To Connect 127.0.0.1 10025
Carlos Williams wrote: > On Wed, Aug 13, 2008 at 10:47 AM, Noel Jones <[EMAIL PROTECTED]> wrote: > >> Should work as-is, even without the changes I suggest. >> >> Maybe a firewall problem. > > Hmm, this OS is not running SELinux or a software Firewall and the > sending of email from one local mailbox to another local mailbox > should not even have to touch my corp. Firewall, right? > I could understand if I was sending or trying to receive email from > the Internet but right now I am just trying local delivery 1st and > this is where we are. Many linux distributions have iptables enabled by default. > > I don't know if this matters but in my /etc/postfix/main.cf, I have > the following entry: > > content_filter = smtp-amavis:[127.0.0.1]:10024 > > Is this correct? I thought it was 10025... Yes, 10024 is the port that amavisd-new usually listens on, then amavisd-new forwards the mail back to postfix on 10025. Apparently your postfix isn't answering on 10025 despite the proper entries in master.cf. This means that either a firewall is blocking it or some other error in postfix is preventing it from running. Have you looked in the mail log for errors logged by postfix? What shows up in the mail log when you "telnet 127.0.0.1 10025" ? http://www.postfix.org/DEBUG_README.html#logging -- Noel Jones - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Unable To Connect 127.0.0.1 10025
Carlos Williams wrote: > On Wed, Aug 13, 2008 at 10:33 AM, Ralf Hildebrandt > <[EMAIL PROTECTED]> wrote: >> show master.cf > > Sorry - seconds after firing off that email to thr group I realized I > should have checked master.cf. > > > 127.0.0.1:10025 inet n - y - - smtpd > -o content_filter= > -o local_recipient_maps= > -o relay_recipient_maps= OK. > -o smtpd_restriction_classes= Not necessary, but OK > -o header_checks= Ignored, but OK. > -o smtpd_delay_reject=no Should be set to yes, or just remove it. > -o smtpd_client_restrictions=permit_mynetworks,reject Usually left empty on 10025. > -o smtpd_helo_restrictions= > -o smtpd_sender_restrictions= > -o smtpd_recipient_restrictions=permit_mynetworks,reject OK. > -o smtpd_data_restrictions=reject_unauth_pipelining Usually left empty on 10025. > -o smtpd_end_of_data_restrictions= > -o mynetworks=127.0.0.0/8 > -o smtpd_error_sleep_time=0 > -o smtpd_soft_error_limit=1001 > -o smtpd_hard_error_limit=1000 > -o smtpd_client_connection_count_limit=0 > -o smtpd_client_connection_rate_limit=0 > -o > receive_override_options=no_header_body_checks,no_unknown_recipient_checks OK. Should work as-is, even without the changes I suggest. Maybe a firewall problem. -- Noel Jones - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Forward email for scanning and return t sender?
Rob Morin wrote: > I had a request to be able to have a person forward an email to lets say > [EMAIL PROTECTED] this will then be scanned and sent back to the send > that forwarded it. This is so that a person can have the email scanned > and deemed safe and sent back to him is this possible? > > Thanks > If this is an occasional thing, forward the mail to scan virustotal.com with a subject of "SCAN". virustotal will then return a report (but not the original mail) to the sender. http://www.virustotal.com/ If you just want to run it through your amavisd-new again, have them forward the mail to themself (assuming you scan internal mail). -- Noel Jones - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] lmtp_connection_cache_destinations - Google Search
Michael Scheidell wrote: > http://www.postfix.org/CONNECTION_CACHE_README.html > > SMTP Connection caching introduces some overhead: the client needs to > send an RSET command to find out if a connection is still usable, before > it can send the next MAIL FROM command. > > so, should we turn off connection caching for lmtp? > > > The postfix lmtp client has always had connection caching enabled. I believe that was the main reason lmtp used to be the recommended interface between postfix and amavisd-new. Now that smtp has connection caching, the difference between using lmtp and smtp to connect to amavisd-new are minimal. and the added overhead of an LMTP RSET command is far less than doing a TCP handshake + LMTP greeting. -- Noel Jones - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Amavis + clamav in other host
Eduardo Júnior wrote:
>> Clamd can either do unix sockets or tcp ports, there's no reason it
>> couldn't be on another
>
> machine, unless there's something I'm not seeing.
>
>
>
> The idea is to separate the service of anti-virus so that it can be used for
> more than a mail server.
> So the reason to allocate the clamav in another host.
>
> Yes, precisely, clamav allows connections unix sockets and tcp ports.
> Already set in clamav for him to listen a tcp port.
>
> But how do I call the pro amavis clamav that host separate?
> This setup, if possible, does not seem to be trivial and the call of amavis
> in postfix.
>
>
> []´s
>
If you want to run {amavisd-new + clamav} on a separate host
from postfix, this is fairly trivial.
Basically just substitute the IP address of the intended
target host in place of 127.0.0.1 in postfix master.cf and
amavisd.conf.
This is also discussed in the amavisd-new RELEASE_NOTES and
README.postfix.
--
Noel Jones
-
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Configure Amavis w/ Clamav
Carlos Williams wrote: > I just stood up my Debian email server running Postfix 2.5. It is a > very vanilla server but functioning regardless. My goal is to get > Clamav installed and scanning messages (both incoming and outgoing) > however I have never done so before & I was told that I need to use > "Amavisd-new" to achieve this? Am I correct in understanding that I am > to use Amavis as a middle man to Clamav and eventually Spamassassin? I > am just trying to understand the relationship and if I do need Amavis > to properly run Clamav on my email server. I will also eventually > tackle Spamassassin but Anti Virus software is more critical right now > than spam. Can anyone please point me in the right direction and clear > the air for me? > > Thanks! > Yes, amavisd-new is a good interface between postfix and clamav. You can alternately use the clamav-milter program instead of amavisd-new, but I like the extra flexibility of amavisd-new. The place to get started is the official amavisd-new documentation, which is excellent. http://www.ijs.si/software/amavisd/README.postfix.html -- Noel Jones - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Log Subject
Luis Daniel Lucio Quiroz wrote: > Hi > > is it possible to log subject with amavis? I konw that it is a werid > question. Amavisd-new doesn't do this by default, but you can hack the code if you really need it logged by amavisd-new. If you're using postfix as your MTA, it's trivial to log the subject from there. Just use a header_checks file with something like /^Subject: / WARN -- Noel Jones - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] sot: postfix: sending mail thru amavis based on domain name
Clifton Royston wrote: > On Sat, Jun 07, 2008 at 11:21:54AM +0200, lartc wrote: >> hi all, >> >> i've got a postfix/amavis/cyrus setup that is working. >> >> certain domains that i handle should not be processed by amavis -- is >> there a directive available in postfix to tell it not to send to a >> content filter based on the recipient domain, but to go ahead and >> process normally (forward, etc, etc) > > The (RHS) right-hand-side of any access map in Postfix can contain a > number of different directives, one of which can be FILTER with an > IP/port specifier, saying which content-filter you want it to go to. > > Two ways to do this are: > > 1) to have no default content-filter set in main.cf or master.cf, and > to use a recipient access map on the domains to turn the filter on for > the domains you want to send through amavisd; > > 2) to have your default send it through amavisd, and to use the access > map to make the domains which you want to bypass amavisd send their > content-filter directly to the Postfix instance which amavisd usually > reinjects into *after* its processing. > > If you've already got a working set-up, you should find it pretty > easy and quick to add this via either of these methods. > -- Clifton > Note that using FILTER in a check_recipient_access table is not robust because there can only be one FILTER action per message and different recipients in a multi-recipient message may require different FILTER settings. Designs that work right "most of the time" should be avoided. It should be sufficient to add domains/recipients you don't want filtered to amavisd-new's bypass_*_checks_maps and *_lovers_maps. The mail will still pass through amavisd-new, but won't actually be checked for anything. This simplifies mail flow and keeps configuration information in one place. If the mail must not pass through amavisd-new at all, then use postfix transport_maps entries to direct the mail. As transport_maps is a global setting, this requires multiple postfix instances rather than master.cf gymnastics. -- Noel Jones - Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Content-filter inside amavis
Renato Botelho wrote: > On Fri, Feb 29, 2008 at 1:35 PM, Noel Jones <[EMAIL PROTECTED]> wrote: >> Renato Botelho wrote: >> > Hello, >> > >> > I'm using postfix + amavis + maildrop scenario on a FreeBSd, and it's >> > working like a charm, but, i had an idea and would like to ask here to >> > measure if it's reasonable. >> > >> > I use maildrop just to filter subject, recipient, body for some >> > strings and have some different acts like quarantine (backing to >> > amavis to a second port), discard, whitelist based on this strings. >> > >> > Would be possible to have these kind of filter made directly inside >> > amavis? Would be really good for me bacause i can stop using maildrop >> > amd mini_sendmail (used to back email to amavis or postfix) >> > >> > Thank you in advance >> >> You can use custom spamassassin rules and postfix >> header_checks to discard, hold, redirect, or send to another >> amavisd port based on the SA rules that hit by using different >> header_checks on the pre-filter and post-filter postfix >> instances. For whitelisting, use SA rules with large negative >> scores. > > But ai cannot filter strings in subject, or in body of email using SA, > can I? I know about whitelist and blacklist options on this, but i ned > a bit more, filtering regular expressions on subject and body trying > to find some texts that are used to decide the email destination. > > You add your own rules to SA and you can filter on just about anything you want using (perl) regular expressions. Google is your friend. http://www.google.com/search?&q=writing+spamassassin+rules -- Noel Jones - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Content-filter inside amavis
Renato Botelho wrote: > Hello, > > I'm using postfix + amavis + maildrop scenario on a FreeBSd, and it's > working like a charm, but, i had an idea and would like to ask here to > measure if it's reasonable. > > I use maildrop just to filter subject, recipient, body for some > strings and have some different acts like quarantine (backing to > amavis to a second port), discard, whitelist based on this strings. > > Would be possible to have these kind of filter made directly inside > amavis? Would be really good for me bacause i can stop using maildrop > amd mini_sendmail (used to back email to amavis or postfix) > > Thank you in advance You can use custom spamassassin rules and postfix header_checks to discard, hold, redirect, or send to another amavisd port based on the SA rules that hit by using different header_checks on the pre-filter and post-filter postfix instances. For whitelisting, use SA rules with large negative scores. -- Noel Jones - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] MYNETS problem
MrC wrote: > > RJ45 wrote: >> >> On Wed, 13 Feb 2008, MrC wrote: >> >>> Setup submission service in postfix, and have its content_filter port >>> 10026 (for example): >>> >>> ... >>> -o content_filter=smtp-amavis:[127.0.0.1]:10026 >>> >>> and in amavisd.conf, create a policy bank and listener port: >>> >> thanks, >> but I meant is there a way to do it with sendmail ? >> > > Sendmail just drops a queue file; it does not use SMTP. So you must > configure the service that handles the queue file, which is pickup. > > I believe OP is stating he uses sendmail(TM), and not referring to the postfix sendmail compatibility program. I'm afraid I don't know the actual solution, but the general procedure is that sendmail must somehow decide which mail to filter and which not, and submit to alternate amavisd listener ports. -- Noel Jones - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Problem To and CC header rewrite
Pablo Garcia Martinez wrote: > Hello,I solve the problem. This postfix directive makes the > mistake:header_size_limit = 256I increase this directive to 998 as RFC 2822 > says:header_size_limit = 998 > > Thank you for all.Regards. > > > No, the header_size_limit is the total length of a header, which may span many wrapped lines. Each physical line can be no longer than 998 characters, but the total header length can be much greater. The correct thing to do is remove the incorrectly set header_size_limit parameter from your configuration and use the built-in defaults. -- Noel Jones - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] amavisd-new accepting e-mails from a remote machine
Jordi Moles wrote: > hi, > > i've got 2 debian servers, one with postfix and the other one with > amavisd-new running. > > I've read a lot of examples about how to set up amavisd-new to filter > emails that come from postfix. > > The thing is that in amavisd.conf i have to put something like this: > > $forward_method = 'smtp:[*]:10025'; > > i mean... > if i write: > > $forward_method = 'smtp:[192.168.1.10]:10025'; > > where 192.168.1.10 is the postfix's ip address... it works fine. > But the idea is to have an amavis server that filters from many > different servers. > > How can i tell amavis to send the filtered mail to the ip address it > came from? > From amavisd.conf-sample: # To make it possible for several hosts to share one content checking daemon, # the IP address and/or the port number in $forward_method and $notify_method # may be spacified as an asterisk. An asterisk in the colon-separated # second field (host) will be replaced by the SMTP client peer address, # An asterisk in the third field (tcp port) will be replaced by the incoming # SMTP/LMTP session port number plus one. This obsoletes the previously used # less flexible configuration parameter $relayhost_is_client. An example: # $forward_method = 'smtp:*:*'; $notify_method = 'smtp:*:10587'; -- Noel Jones - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Amavisd ignoring AV reports from clamav
James Cloos wrote: > I've noticed that amavisd on my MX no longer blocks stuff flagged by > clamav. > > The only difference in the logs for a message which clamav's log shows > as having FOUND something and one which is CLEAN is that in the latter > case amavis logs 'Hits: -' and in the FOUND case it logs 'Hits: 0.1'. > > The logs show that it is sending everthing to clamav, just PASSing mail > which should be DISCARDed and quarantined. > > I can't find any reason why. > > My /etc/amavis/conf.d/50-user just sets: > > @local_domains_acl to a list of my local domains, > $forward_method and $notify_method to the delivery smtpd, > $myhostname to the correct fqdn, and: > > @bypass_virus_checks_maps = (); # to check everthing > $final_virus_destiny = D_DISCARD; > $final_banned_destiny = D_DISCARD; > > The quarantine had a couple of recent badh- files, but no virus- > or banned- files for the last several months. > > An example of the logging: > >>From mail.log: > > Dec 29 18:33:03 mx amavis[8696]: (08696-11) Passed CLEAN, [74.238.54.136] > <[EMAIL PROTECTED]> -> <[EMAIL PROTECTED]>, > Message-ID: <[EMAIL PROTECTED]>, > mail_id: Ainpxge0xIwH, Hits: 0.1, size: 3648, queued_as: 585E494093, 771 > ms > > and the corresponding entry from clamav.log: > > Sat Dec 29 18:33:03 2007 -> > /var/lib/amavis/tmp/amavis-20071229T183012-08696/parts/p001: > HTML.Phishing.Pay-172 FOUND > > -JimC So did you upgrade amavisd-new recently? an excerpt from the amavisd-new RELEASE_NOTES: - make it possible for a virus scanner to derate an infection report to a spam report, contributing to spam score and to spam report/status. A new configuration variable @virus_name_to_spam_score_maps (also member of policy banks) can turn a reported virus name into a spam score. Its default setting is: @virus_name_to_spam_score_maps = (new_RE( [ qr'^(Email|HTML)\.(Phishing|Spam|Scam[a-z0-9]?)\.'i => 0.1 ], [ qr'^(Email|Html)\.Malware\.Sanesecurity\.' => undef ], [ qr'^(Email|Html)(\.[^., ]*)*\.Sanesecurity\.' => 0.1 ], # [ qr'^(Email|Html)\.(Hdr|Img|ImgO|Bou|Stk|Loan|Cred|Job|Dipl|Doc) # (\.[^., ]*)* \.Sanesecurity\.'x => 0.1 ], [ qr'^(MSRBL-Images/|MSRBL-SPAM\.)' => 0.1 ], )); and can be replaced in amavisd.conf. To disable the feature assign an empty list to the configuration variable: @virus_name_to_spam_score_maps = (); When a virus scanner returns names of viruses, and all provided names are matched by the @virus_name_to_spam_score_maps, and no other virus scanner has anything more sinister to report, then a message is _not_ flagged as a virus, but a corresponding spam score is contributed to other spam results as returned by a normal spam scan by SA. All the usual spam rules are then followed. Phishing fraud as indicated by ClamAV is now by default treated as spam, and no longer as a virus. -- Noel Jones - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Passive OS Fingerprinting signatures not recognized...
Clifton Royston wrote: > > My understanding is that a lot of spamware forges MUA signatures for > The Bat! (I don't know why that MUA in particular.) I now remember that older versions (I think 2.something) of SpamAssassin would give various negative points to some seldom-abused mail clients. Since The Bat! was the least abused, it had the biggest negative score. It didn't take long for spammers to figure this out and start forging headers claiming to be from the various white-listed MUAs, frequently The Bat!, but others also. And not long after that, the negative scores were removed from SpamAssassin. But some practices die hard. -- Noel Jones - SF.Net email is sponsored by: Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Passive OS Fingerprinting signatures not recognized...
>> Also, I noticed SPAM slipping by originating from The Bat! and that P0F >> did not recognize the IP stack signatrure. I don't know much about The >> Bat! except that it is frequently used to send mass e-mailings. What OS >> does The Bat! run under? Does it include it's own IP stack? If a P0F >> signature can be developed for Thhe Bat!, I would think that would be >> helpful too. The Bat! is a legit mail client for Windows. It's very nice, and it's not free. Mostly used in corporate environments. http://www.ritlabs.com/ Spam frequently has (likely forged) headers indicating it's sent from The Bat!, but the presence of such headers is not a good indicator of spam. AFAIK TheBat! does not provide an IP stack, your POF "unknown" has some other cause, maybe some NAT device. -- Noel Jones - SF.Net email is sponsored by: Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Spamassassin per user settings
Rajkumar S wrote: > Hi, > > I am configuring amavis-new with postfix, under debian etch. I am > using it in proxy mode, using smtpd_proxy_filter. When using > spamassassin, is it possible to use per recipient bayes database and > rule scores in this mode? > > raj > No, per-user bayes is not possible with amavisd-new. Amavisd-new can use different tag levels for different recipients, but not different rules or rule scores. Amavisd-new has the same features available regardless of whether it's running pre-queue or post-queue. http://www.ijs.si/software/amavisd/#faq-spam and other notes on that page. -- Noel Jones - SF.Net email is sponsored by: Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Real eBay mails get quarantined
koffiejunkie wrote: > Hi guys, > > Pretty much what the subject says. Amavisd-new (through ClamAV) is > identifying legitimate mails from eBay as HTML.Phishing.Auction-113. > The notification I get looks like this (Subject and e-mail address > changed for privacy, of course): > > > A virus was found: HTML.Phishing.Auction-113 > > Scanner detecting a virus: ClamAV-clamd > > Content type: Virus (9,0) > Internal reference code for the message is 29147-19/PLfqqUg3n0u6 > > First upstream SMTP client IP address: [66.135.215.239] >smfcamppool10.emailebay.com > According to a 'Received:' trace, the message originated at: > [66.135.215.239], >dooby3-snat.smf.ebay.com (HELO [10.108.161.72]) ([10.108.160.72]) > > Return-Path: <[EMAIL PROTECTED]> > Message-ID: <[EMAIL PROTECTED]> > X-Mailer: Kana Connect 6 > Subject: ebayuser, knock her Christmas stockings off this year with >eBay > The message has been quarantined as: virus-PLfqqUg3n0u6 > > Notification to sender will not be mailed. > > The message WAS NOT relayed to: > <[EMAIL PROTECTED]>: > 254 2.7.1 Ok, discarded, id=29147-19 - VIRUS: HTML.Phishing.Auction-113 > > Virus scanner output: >p002: HTML.Phishing.Auction-113 FOUND > > > What is triggering this? Any way to prevent it? > > Thanks Submit the mail to the clamav team as a false positive. clamav.net/sendvirus/ Release the mail from your quarantine with amavisd-release. Newer versions of amavisd-new can turn phishing detection into spam points rather than blocking the mail outright. Look in amavisd.conf-sample for @virus_name_to_spam_score_maps. -- Noel Jones - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] ot: too many subsequent spaces in subject check?
Voytek Eymont wrote: > when I 1st setup Postfix, I've grabbed a whole swag of various antiUCE > checks from several Postfix howto sites, and, have used happily ever > since; > > amongst them, I have a Postfix header subject check like: > > # grep subseq header* > header_checks:/^Subject: .*/WARN Your > subject has too many subsequent spaces. Fix the subject and try again. > > in the past, I used to reject emails that failed it, howvwer, that was > ocassionally rejecting legitimate emails (with too many spaces...) > > I've changed it to 'WARN' at this time > > question: is that a worthwhile antiUCE check, does anyone else also > rejects on to many trailing spaces ? > > going by last 4 mail logs, it doesn't seem to get called much > > if this is a worthwile check, where should that be done, spamassasin/amavis ? > I used something similar a couple years ago with a WARN and found it hit nearly equal amounts of ham and spam. So not an accurate predictor of spam at that time at that time, and I quit using it. SpamAssassin would be the right place for something like this if you want to continue using it, but only at a very low point value. -- Noel Jones - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] [RFE] An amavisd-based filter to convert Microsoft attachements to ODF ?
Răzvan Sandu wrote: > Here's why I see this as an amavis filter: > > - to filter messages that *pass* the server, in postfix queue, not when they > arrive at the final recipient. Actually, the server may be *on the way*, not > the > IMAP/POP3 server that holds the final recipient's mailbox... > > - usually, users are defined as *virtual mailboxes* (please see the exact > meaning at http://www.postfix.org/VIRTUAL_README.html). In some cases, it's > pretty difficult to have LDA processing on this messages, especially when > using > Maildir, not a standard mbox and the final recipient does not have a home > directory assigned to him (*virtual* user, as I said)... > > Now, would it be technically feasible ? What other idea/alternative do you > suggest ? Let's asuume the full OpenOffice suite is installed on the mail > server This could probably be implemented as a defang method in amavisd-new. Not sure how difficult it would be, might not be too bad. YOu can dig around amavisd.conf and amavisd looking for defang and altermime for some ideas. -- Noel Jones - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Amavis new rejecting local mail as UCE
At 04:53 PM 11/5/2007, Michael Hallager wrote: > > You need to check your logs to see why the message is marked as > > spam. Running amavisd at log level 2 or higher ($log_level = 2; in > > amavisd.conf) will likely give you enough information to see why the > > message is rejected. Here's some wild guesses you can track down: > >Will try. > > > - SpamAssassin Auto WhiteList "AWL" or bayes features can > > automatically learn mail as spam. > > You can try temporarily disabling AWL and bayes by adding the > > following to your spamassassin /etc/mail/spamassassin/local.cf > > use_bayes 0 > > use_auto_whitelist 0 > > see http://wiki.apache.org/spamassassin/BasicConfiguration > >Where does it store this information? I think if I can delete the state and >start again, this will fix the problem whereas setting it not to use the >above will degrade the performance. If you didn't set SA to use *SQL for these tables, they are stored in the SA global config directory, usually /etc/mail/spamassassin, as auto-whitelist* and bayes*. Stop amavisd-new and anything else that uses SpamAssassin (such as if you configured spamd to run for some reason), and then just remove those files. But if you don't check the logs to see if this is really the problem, you're just shooting in the dark. -- Noel Jones - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] something similar to SpamAssassin's "report_safe 1"?
At 11:59 AM 11/5/2007, Andy Spiegl wrote: >Hi, > >having gladly solved my "score in the subject" issue (see other thread) I >would really like to imitate SpamAssassin's feature of not modifying the >original SPAM-Mail but attaching it as a (message/rfc822) attachment to a >new mail body. > >Advantages: > - the original mail is not touched and can be restored fully and easily > - a customizable explanation can be added (in the body of the new mail) >e.g. explaining what to do with false positives etc. > >Here's the relevant part of SpamAssassin's man page: > >report_safe ( 0 | 1 | 2 ) (default: 1) >if this option is set to 1, if an incoming message is tagged as >spam, instead of modifying the original message, SpamAssassin will >create a new report message and attach the original message as a >message/rfc822 MIME part (ensuring the original message is >completely preserved, not easily opened, and easier to recover). >... >See report_safe_copy_headers if you want to copy headers from the >original mail into tagged messages. > >Thanks, > Andy. Yes, amavisd-new can do this. Look through amavisd.conf-sample and the RELEASE.NOTES for "defang" -- Noel Jones - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Amavis new rejecting local mail as UCE
At 06:06 AM 11/5/2007, Michael Hallager wrote: >I was away overseas for a week and set up mail forwarding (vis my desktop's >email client) from one address to another on the same (my) mail server. > >Unfortunately a mail loop developed which resulted in over 4,000 near >identical messages being sent through the SMTP server, and growing, before I >stopped it. > >The mail server now rejects all mail from the email address which these >forwards came from. > >it isn't the message content because an identical message (with a different >from address) gets through. > >In this case both the sending and receiving address are on the same mail >server. > >I've emptied the Amavis MySQL tables with no success. What can do I do please? You need to check your logs to see why the message is marked as spam. Running amavisd at log level 2 or higher ($log_level = 2; in amavisd.conf) will likely give you enough information to see why the message is rejected. Here's some wild guesses you can track down: - SpamAssassin Auto WhiteList "AWL" or bayes features can automatically learn mail as spam. You can try temporarily disabling AWL and bayes by adding the following to your spamassassin /etc/mail/spamassassin/local.cf use_bayes 0 use_auto_whitelist 0 see http://wiki.apache.org/spamassassin/BasicConfiguration - amavisd-new white/black lists? This isn't an automated feature, but something you set in amavisd.conf or associated SQL tables. White/black list action is noted in the log. > >The notification message is as follows: The notification message isn't particularly helpful in tracking down problems. This is by design; some anonymous sender doesn't need details of your mail policy. You need to search your logs for more complete information. -- Noel Jones - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
