[AMaViS-user] mynetworks from file/ldap
My ldap lookups in Postfix are single IP because I haven't figured out a way to do CIDR lookups. So, my I use cidr:/path/to/access/list also in postfix for complete subnets... mx1# cat relay_clients x.x.x.x/29 OK snip From main.cf: smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, check_client_access cidr:/usr/local/etc/postfix/relay_clients, check_client_access ldap:/usr/local/etc/postfix/ldap/relay_clients.cf, snip mx1# cat ldap/relay_clients.cf bind = no server_host = ldapi:/// version = 3 search_base = ou=Servers,dc=webtent,dc=net query_filter = ((ipHostNumber=%s)(objectClass=ipHost)) result_attribute = ipHostNumber result_format = OK This works great for allowing ldap entries as shown and CIDR networks from file to relay, but can I use either or both of these same files in amavisd.conf to set mynetworks for MYNETS policy? Do I just add this to my amavisd.conf file? @mynetworks_maps = (read_hash('/usr/local/etc/postfix/relay_clients'), [EMAIL PROTECTED]); Will my postfix file with the 'OK' parameter work or I have to create a second file with only the CIDR notations? As far as LDAP lookups for policies, I don't see an example in the README.ldap specifically for mynetworks. I am currently using amavisd-maia based on amavisd-new 2.2 and @lookup_sql_dsn for SQL lookups. -- Robert - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Filtering before banned attachments
On Sat, 2008-01-26 at 01:53 +0100, mouss wrote: Robert Fitzpatrick wrote: I see a message get sent through and labeled 'WARNING: contains banned part' like it should according to our banned policies as it scores zero in SA. I am assuming zero means that SA didn't even scan the content? If I take the source of the message without the attachment, it scores plenty high enough to kill. if the attachment is large, it will be skipped. The size is configurable, but spending cycles on huge messages is generally not worth the trouble. Up so far, spam rarely comes in large messages. The whole message is less than 30K and contains usually video.zip and is a virus. We use ClamAV with SaneSecurity, the first one we got with Trojan.Pandex Virus was not found in the ClamAV db, anyone else picking these up? We're starting to get more and more of these. -- Robert - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] Filtering before banned attachments
I see a message get sent through and labeled 'WARNING: contains banned part' like it should according to our banned policies as it scores zero in SA. I am assuming zero means that SA didn't even scan the content? If I take the source of the message without the attachment, it scores plenty high enough to kill. My question, is there a way for amavis to filter with SA and only send through according to banned policies if CLEAN? -- Robert - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] Quarantined header clean message
We quarantine all messages for a few days with the following setup in our amavisd.conf file. However, the X-Quarantine-ID header seems to get the message blocked at the final destination sometimes if the receiving mail server chooses. And we're finding some that do block due to this. Is there a way to make the header something different for clean messages? $clean_quarantine_method = 'local:clean-%m.gz'; $clean_quarantine_to = 'clean-quarantine'; -- Robert - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] Maia mailguard
I have maia installed and ready to go, just need to finish setting up amavisd.conf and start the amavisd-maia. I have some questions for anyone out there that has setup maia. When comparing my running amavisd.conf 2.4.5 to the suggested one from maia, I see a list of supporting programs such as gzip, bzip2, file, etc. I don't have these specified in my running conf, it seems amavis loads those present on startup. I do see decoders in my current conf file. Doing a quick whereis on each of these I only see dspam missing from my system, is this required or needed? On our FreeBSD system, the port wants MySQL 5 to install. Also, like I mentioned, now running 2.4.5 and the install doc mentions using their amavisd-maia in place of amavisd 2.2, I assume this still needs to be done for our version. Will this amavisd-maia support my 2.4.5 settings. I went through the current conf file and do not see anything that would be effected. My other questions were about whether I should have maia system default user catch mail for non-local domains. Our servers are transport gateways for the most part using Postfix transport to destination off-server and off-network mail servers. I do have some local users setup for testing and may decide to put some local domains on the servers in the future. If I don't allow the system default for non-local users, then where would the mail end up for users at domains in the transports? Or do I need to put all these domains in local_domain_maps? Finally, I see directly in the Pgsql db we setup for maia that things like enable_virus_filtering and enable_spam_filtering with 'Y' as their value. But if I go into Maia via the web and click on the System Default User, these settings are disabled. Are that not one and the same? I guess not, what does the db settings control? Sorry for the long post, I just wanted to post as many of my question about config at once, so I tried to cover the entire config where I have questions. Like I mentioned, this is a running amavisd switch to maia, I want it to be as seamless as possible. My biggest concern is changing any amavisd settings/rules without my realizing it and customers complaining come Monday morning. Looks like a great program. Thanks for the help! Any suggestions or things to look out for are appreciated. -- Robert - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] Spam tag subject line
Still haven't been able to get multiple select domains to tag the subject line. Here is all my related settings, can someone suggest why I cannot get subject line tagging for example.com and example2.com? Do I have my arrays setup correctly? @local_domains_maps = ( [.$mydomain, .example.com, .example2.com] ); @spam_kill_level_maps = ( { '.example.com' = , '.example2.com' = , }, \$sa_kill_level_deflt, ); $sa_tag_level_deflt = -999; $sa_tag2_level_deflt = 5.0; $sa_kill_level_deflt = $sa_tag2_level_deflt; $sa_dsn_cutoff_level = 9;# spam level beyond which a DSN is not sent $sa_mail_body_size_limit = 64*1024; # don't waste time on SA if mail is larger $sa_local_tests_only = 0;# only tests which do not require internet access? $sa_auto_whitelist = 1; -- Robert - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Tagging spam
On Thu, 2007-04-19 at 11:33 -0600, Gary V wrote: Robert wrote: I am trying to let through spam for one domain as Gary had kindly suggested on how to do below. Spam messages are making it through for that domain, but no ***SPAM*** tag on the subject line of those messages. I have the $sa_spam_subject_tag set as shown below. What am I doing wrong? @spam_kill_level_maps = ( { '.example.com' = , }, \$sa_kill_level_deflt, ); $sa_spam_subject_tag = '***SPAM*** '; The recipient domain must be considered local (in @local_domains_maps or other similar mechanism). Subject line should be rewritten at $sa_tag2_level_deflt. What is that set to? Also: Ah yes, I read right over that in your first response, thanks. The server is a Postfix+Amavisd+SA transport gateway that passes on to the destination mail server. If I include this domain in local_domain_maps, will it interfere with normal delivery? -- Robert - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] PgSQL storage doc clarification
I am trying to setup storage in our PgSQL database using the following doc, but I am not sure which schemas are to be loaded in which databases. I assume I am to cut/paste the necessary CREATE TABLE sections as the schema to use? But which tables should be created in mail_logs and which for mail_prefs? http://www.ijs.si/software/amavisd/README.sql-pg.txt -- Robert - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] PgSQL storage doc clarification
On Tue, 2007-04-17 at 19:56 +0200, Mark Martinec wrote: Robert, I am trying to setup storage in our PgSQL database using the following doc, but I am not sure which schemas are to be loaded in which databases. I assume I am to cut/paste the necessary CREATE TABLE sections as the schema to use? But which tables should be created in mail_logs and which for mail_prefs? http://www.ijs.si/software/amavisd/README.sql-pg.txt Yes, you can cut/paste the schemas as-is from this readme file. The database in @lookup_sql_dsn needs the read-only tables, i.e. the users, mailaddr, wblist, policy. The database in @storage_sql_dsn needs the read/write tables, i.e. the maddr, msgs, msgrcpt, quarantine. Both the @lookup_sql_dsn and the @storage_sql_dsn may point to the same database, so in this case you would place all tables in the same database. Name it whatever you want. Thanks, that clarified a lot, and WORKS! I had one other question. I see it logs the from address and client ip, but is there any way to get it to log recipient server and e-mail address? -- Robert - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] BDB issue?
Been having issues with amavisd-new 2.3.3 shutting down on us mainly in the middle of the night, I restart amavis and all is well until the next night. We are not doing anyting on the server (backups, etc.) at night than we have since before the issue arose. I found the following error in the logs just prior to amavis shutting itself down. Feb 8 23:04:26 esmtp amavis[53810]: (53810-03) TROUBLE in check_mail: update_cache FAILED: BDB C db_cursor: Locker does not exist, Interrupted system call. at (eval 52) line 122. Feb 8 23:04:26 esmtp amavis[53810]: (53810-03) TROUBLE in process_request: register_proc: BDB N db_cursor: Locker does not exist, Interrupted system call. at (eval 51) line 174. I have disabled bayes in SA last week sometime and I don't believe I have DCC or razor enabled. Although I have score RAZOR2_CHECK 2.500 in the local.cf and both of these installed, I don't see them enabled or can find any reference to them in the logs. I ask this because I found this: From http://www.ijs.si/software/amavisd/: * OpenBSD and NetBSD have a pretty low default setting for max open files. To increase it for the default login group edit the /etc/login.conf, or add the user vscan to the daemon login group which has higher settings. Exceeding the limit can lead to spinning amavisd child processes or Berkeley db 'running out of lockers', often associated with Razor2, Bayes or DCC checks. With debug logging the problem possibly reported as: CALLING NoMailAudit::check Cannot open bayes databases /var/spool/spamassassin/bayes_* R/O: tie failed: Too many open files razor2 check skipped: Too many open files IO::Socket::INET: Bad protocol 'udp' at .../perl5/.../Mail/SpamAssassin/Dns.pm line 409 * With earlier version of Berkeley db library (libdb) (e.g. V3.3) the following or similar error is sometimes reported: TROUBLE in check_mail: virus_scan FAILED: BDB db_cursor: Successful return: 0, . at ...amavisd line 5162. * Namely, a bdb operation fails, but the reported error is 'success'. The problem goes away by upgrading libdb to 4.x. I am running FreeBSD 5.4 and my libdb version is 4.2, any ideas what is causing the issue or where I should look? I am running with Postfix 2.2.8 and SA 3.0.1. -- Robert --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnkkid=103432bid=230486dat=121642 ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] slow processing after upgrade to 2.3.3
On Thu, 2005-12-15 at 02:27 +0100, Mark Martinec wrote: I will note that a number of amavisd users including me saw their average message processing times go up from (e.g.) 2 seconds to 10-12 seconds on upgrading from amavisd 2.2.x and SpamAssassin 3.0.x to amavisd 2.3.3 and SpamAssassin 3.1.0. ... I mention it so that if you see this you will recognize it as now relatively normal; Mark's systems apparently did not experience this. Indeed I haven't noticed such an increase. If the set of SA checks on upgrading SA 3.0.x to 3.1 did not change much, the time for a check should be about the same. But there are lots of knobs in SA, and the default list of RBL, DNS, SPF, ... To my previous post I should add that I've switched bayes to SQL long time ago. Bayes on a non-SQL database may well be the culprit after upgrade to SA 3.1 (as just being discussed on the SA list). My issue finally resolved last night down to duplicate .cf files in my spamassassin config folder. I run RulesDuJour and it puts the files in a sub folder, but there were duplicates in the config folder. Thing is, why did this not cause an issue using SA 3.0? Once I disabled dns and bayes, things worked, but still the dups were processing. I removed the dups and whala! Once I got that done, it runs fine with dns and bayes enabled. I even took amavis back up to max_server of 10. But I will change to MySQL. Thanks for the help! -- Robert --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] slow processing after upgrade to 2.3.3
On Wed, 2005-12-14 at 18:39 +0100, Mark Martinec wrote: Clifton, I will note that a number of amavisd users including me saw their average message processing times go up from (e.g.) 2 seconds to 10-12 seconds on upgrading from amavisd 2.2.x and SpamAssassin 3.0.x to amavisd 2.3.3 and SpamAssassin 3.1.0. ... I mention it so that if you see this you will recognize it as now relatively normal; Mark's systems apparently did not experience this. Indeed I haven't noticed such an increase. If the set of SA checks on upgrading SA 3.0.x to 3.1 did not change much, the time for a check should be about the same. But there are lots of knobs in SA, and the default list of RBL, DNS, SPF, etc. checks is changing from version to version. Also the SARE rules are evolving all the time. On the amavisd-new side, there shouldn't be much change in speed between 2.2.x and 2.3.3. Actually the 2.3.3 brought several optimizations, so several operations are now faster - see RELEASE_NOTES for 2.2.3 in the OPTIMIZATION section. Most noticeable speedup is probably the 35% percent gain in receiving mail from MTA, and a factor of 4 speedup in forwarding mail header (noticeable on mail with large headers). I took a look at debug-sa and could find any complaints other than not having pyzor installed and sa trying to use and disable usage. But seem to skip right over that with no delay. Can someone share with me how to track a message all the way through with amavis, clamav, sa and postfix? Even if I need to grep several times to see all steps, I can't seem to find every step pertaining to a message. I have amavis log set to 2. -- Robert --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] amavis-stats rrd_graph error
Trying to setup amavis-stats on server running amavisd-new 2.3.3 and getting errors when trying to browse. Can anyone tell me what this means? amavis-stats::error: rrd_graph(): Garbage ':30:00 2005 \r' after command: COMMENT:Wed Dec 14 23:30:00 2005 \r The php scripts seems to work fine, the files build anyways: esmtp# /usr/local/sbin/amavis-stats /var/log/maillog amavis-stats: First Time Run amavis-stats: New id (#1, Passed) seen at 1134536420 amavis-stats: New id (#2, Infected) seen at 1134536774 amavis-stats: New id (#3, Worm.Sober.U) seen at 1134536774 amavis-stats: New id (#4, Exploit.HTML.IFrame) seen at 1134542344 amavis-stats: New id (#5, Worm.SomeFool.P) seen at 1134542344 amavis-stats: New id (#6, Worm.SomeFool.Gen-1) seen at 1134542532 amavis-stats: New id (#7, HTML.Phishing.Bank-60) seen at 1134549279 amavis-stats: New id (#8, HTML.Phishing.Bank-1) seen at 1134552009 amavis-stats: New id (#9, Worm.Mytob.DK) seen at 1134569419 amavis-stats: New id (#10, HTML.Phishing.Pay-51) seen at 1134573619 amavis-stats: New id (#11, HTML.Phishing.Pay-33) seen at 1134573743 amavis-stats: New id (#12, Worm.Bagle.BL) seen at 1134574406 amavis-stats: New id (#13, HTML.Phishing.Bank-285) seen at 1134576953 amavis-stats: New id (#14, Worm.Mytob.JM) seen at 1134595688 amavis-stats: New id (#15, Worm.SomeFool.I) seen at 1134605655 amavis-stats: New id (#16, HTML.Phishing.Bank-49) seen at 1134608860 -- Robert --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] slow processing after upgrade to 2.3.3
On my FreeBSD 5.4 server, I have upgraded to v2.3.3 from 2.2.x and the CPU now has no idle time with less than 400 messages in the queue. Messages are taking several minutes to process. I dug around and realize that my amavisd.conf file is drastically different than the new default file installed by the port package system. The new default does not even have ClamAV setup for uncommenting like the old. Is this contributing to my problem? And where can I find a doc to set this up properly with Postfix, SpamAssassin and ClamAV? -- Robert --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] Amavis-stats low since upgrade
I did a port upgrade on my FreeBSD box from amavisd-new-2.2.? to amavisd-new-2.3.1,1 and ever since the amavis-stats have been showing less virus detection. I checked all logs and everything seems to be processing fine. I am running Postfix 2.2.3 with SpamAssassin 3.0.4. I don't see where the log format has changed, what should I look for? If you look at the month chart, you'll notice the big difference after week 33 - http://esmtp.webtent.net/amavis-stats/ -- Robert --- SF.Net email is Sponsored by the Better Software Conference EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile Plan-Driven Development * Managing Projects Teams * Testing QA Security * Process Improvement Measurement * http://www.sqe.com/bsce5sf ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/