Re: [AMaViS-user] zero length pid file caused amavisd not to start
Michael Scheidell a écrit : don't know why, I can't find any log entries to tell me, and it never happened before, not on this one, or any of the others. but, amavisd stopped, (no log entries). amavisd start Missing process ID in file /var/amavis/amavisd.pid at /usr/local/sbin/amavisd line 13932. ls -l /var/amavis/amavisd.pid -rw-r- 1 vscan vscan 0 May 9 08:36 /var/amavis/amavisd.pid (its 10:27 now). Looks like it happened right after a crash and reboot. for amavisd, I would suggest that it ignore a zero length pid file. more generally: if the file does not contain a valid pid. so a file containing junk shouldn't stop amavisd-new from starting. (after all, it's not a real problem since if amavisd starts again, it wouldn't be able to bind()...). for freebsd, I can set a check in rc.d to delete it if its zero length. -- ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Bypassing eXE files
Noel Jones a écrit : On 3/13/2010 2:26 AM, Luis Daniel Lucio Quiroz wrote: What param do I have to set to avoid when user change its extension of exe files? I wonder to block if possible better by file recogition rather than a extension LD look in your amavisd.conf for the $banned_filename_re section. Under that, there should be a line something like qr'^\.(exe-ms|dll)$', # banned file(1) types, rudimentary The line may be commented out with a # at the beginning; remove the # to activate that rule. I think OP means the other way. He fears that users could escape the ban just by renaming the file. if so, then for OP: amavisd-new does check the file type too. -- Download Intel#174; Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Greeting amavis-postfix
Eduardo Júnior a écrit : Hi, I have set my Amavis in a independent machine, separate of postfix. But when my Amavis is reinjecting the message to postfix, it does a tcp connection to port 10025 (my config) And, i'm using smtpd_helo_required = yes, and then my Amavis must provide its HELO/EHLO But per default, i think, Amavis does helo with localhost and this is going on. What I need modify in my config to change greeting of the Amavis? That because my Postfix reject messages of clients with HELO/EHLO localhost or its addresss IP. you should disable spam checks after the filter. there is no point rechecking mail. 127.0.0.1:10025 . smtpd ... -o mynetworks=127.0.0.1 -o smtpd_client_restrictions= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_reipient_restrictions=permit_mynetworks,reject ... -- Are you an open source citizen? Join us for the Open Source Bridge conference! Portland, OR, June 17-19. Two days of sessions, one day of unconference: $250. Need another reason to go? 24-hour hacker lounge. Register today! http://ad.doubleclick.net/clk;215844324;13503038;v?http://opensourcebridge.org ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] If some one can help me understand somesthing from my logs
Ilo Lorusso a écrit :
Hi,
ive run postifx-logwatch and amavis-logwatch and have the results below,
something i dont understand is shouldnt the amount of Accepted message
in postfix
(79975 Accepted ) match the amount of Total scanned messages in
amavisd-new (47106 Total messages scanned) ?
linear calculus doesn't work in non linear algebra :)
mail that is scanned by amavisd-new and not blocked will be processed by
postfix twice (once before amavis and then after amavis).
also, multi-recipient mail may be counted in many ways (a message may be
passed as multiple ones, depending on how you configure postfix...).
This can get even more complicated depending when you expand aliases.
I've abandoned attempts to do such calculations years ago, because I
could find no reasonable way to explain why I was trying to count how
many potatoes became tomatoes, and among these which were also apples
and which became oranges in a later step ;-p
now, I only count in each step:
- at smtp time: how much transactions were blocked by which rule.
- after that, the blocked transactions are no more counted.
- at the filter level: how much is blocked/passed because of viruses or
spam (with additional numbers for SA rules that I am watching)
- for the latter, I differentiate between mail that was received
directly and mail that I fetched/received from a forwarder. This is
because FN/FP numbers have different consequences (I have no control of
the filtering setup at ISPs/forwarders, and even when I do, I prefer not
to rely on).
Any feedback would be great..
Thanks
==
79975 Accepted17.69%
372109 Rejected82.31%
--
452084 Total 100.00%
==
128 5xx Reject relay denied 0.03%
163 5xx Reject HELO/EHLO 0.04%
62021 5xx Reject unknown user 16.67%
21549 5xx Reject recipient address 5.79%
3 5xx Reject sender address0.00%
288149 5xx Reject RBL 77.44%
4 5xx Reject header0.00%
92 5xx Reject message size 0.02%
--
372109 Total 5xx Rejects 100.00%
==
42 4xx Reject recipient address 4.27%
941 4xx Reject sender address 95.73%
--
983 Total 4xx Rejects 100.00%
==
** Summary
*
47106 Total messages scanned -- 100.00%
==
10480 Blocked - 22.25%
184 Banned name blocked0.39%
16737 Spam discarded (no quarantine)35.53%
5 Spammy blocked 0.01%
1610 Bad header blocked 3.42%
2 Tempfail blocked 0.00%
36626 Passed -- 77.75%
337 Spammy passed 0.72%
36289 Clean passed 77.04%
==
--
Crystal Reports - New Free Runtime and 30 Day Trial
Check out the new simplified licensing option that enables unlimited
royalty-free distribution of the report engine for externally facing
server and web deployment.
http://p.sf.net/sfu/businessobjects
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
--
Crystal Reports - New Free Runtime and 30 Day Trial
Check out the new simplified licensing option that enables unlimited
royalty-free distribution of the report engine for externally facing
server and web deployment.
http://p.sf.net/sfu/businessobjects
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
Re: [AMaViS-user] Receiving double the email for each message
LDB a écrit : Thank you Eric ... yes, the email message have the exact same times and headers. My MTA is postfix. I am using POP. My mail client is Thunderbird. Dovecot is POP/IMAP server. did you disable address rewrite before the content filter. check amavisd-new docs (README.postfix) and postfix FILTER README. -- Crystal Reports - New Free Runtime and 30 Day Trial Check out the new simplified licensing option that enables unlimited royalty-free distribution of the report engine for externally facing server and web deployment. http://p.sf.net/sfu/businessobjects ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] No subject with spam
troxlinux a écrit : I solved my problem , the problema was this line @local_domains_maps = ( [.$mydomain .domain.net.ni .domain.org.ni] ) you were quoting the whole list, which makes it a single string. y changed this form @local_domains_maps = ( [.$mydomain] ) if you need to add domains, use a ',' to separate domains and do not quote the whole list. for example: @local_domains_maps = ( [localhost, .example.com, .$mydomain, .joe.example ] ); -- Crystal Reports - New Free Runtime and 30 Day Trial Check out the new simplified licensing option that enables unlimited royalty-free distribution of the report engine for externally facing server and web deployment. http://p.sf.net/sfu/businessobjects ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] No subject with spam
troxlinux a écrit : Hi list, I am trying to configure amavisd-new 2.6.2-3.1 with spamassassin 3.2.5 + dcc +razor2+dkim , and for some reason, which is not able to identify some mail like spam, doesn't mark them , for example the test of GTUBE it doesn't put in the subject SPAM. is the recipient domain listed as a local domain in amavisd-new? (This is a FAQ). I have in the local.cf this it lines rewrite_header Subject SPAM and amavis.conf $sa_spam_subject_tag = 'SPAM '; log spam test s1 amavis[4573]: (04573-10) local delivery: - spam-quarantine, mbx=/var/spool/amavis/virusmails/spam-5-jxcJEeRSFU.gz May 9 21:07:58 ns1 amavis[4573]: (04573-10) SPAM, gutierre...@netscape.net - sopo...@domain.org.ni, Yes, score=1000.965 tag=-999 tag2=5 kill=5 tests=[AWL=-0.321, GTUBE=1000, HTML_MESSAGE=0.001, MISSING_SUBJECT=1.285] autolearn=no, quarantine 5-jxcJEeRSFU (spam-quarantine) May 9 21:07:58 ns1 postfix/smtpd[4907]: connect from localhost[127.0.0.1] May 9 21:07:58 ns1 dovecot: auth(default): new auth connection: pid=4908 May 9 21:07:58 ns1 postfix/smtpd[4894]: disconnect from imr-d03.mx.aol.com[205.188.157.41] May 9 21:07:58 ns1 postfix/smtpd[4907]: CADAE3AE1A2: client=localhost[127.0.0.1] May 9 21:07:58 ns1 postfix/cleanup[4899]: CADAE3AE1A2: message-id=8cb9f3391262b4b-17f0-3...@webmail-dd18.sysops.aol.com May 9 21:07:58 ns1 postfix/qmgr[3969]: CADAE3AE1A2: from=gutierre...@netscape.net, size=2828, nrcpt=1 (queue active) May 9 21:07:58 ns1 amavis[4573]: (04573-10) FWD via SMTP: gutierre...@netscape.net - sopo...@domain.org.ni,BODY=7BIT 250 2.0.0 Ok, id=04573-10, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as CADAE3AE1A2 May 9 21:07:58 ns1 amavis[4573]: (04573-10) Passed SPAM, [205.188.157.41] [205.188.104.18] gutierre...@netscape.net - sopo...@domain.org.ni, quarantine: spam-5-jxcJEeRSFU.gz, Message-ID: 8cb9f3391262b4b-17f0-3...@webmail-dd18.sysops.aol.com, mail_id: 5-jxcJEeRSFU, Hits: 1000.965, size: 2390, queued_as: CADAE3AE1A2, 1250 ms May 9 21:07:58 ns1 postfix/lmtp[4901]: 69D2D3AE19E: to=sopo...@domain.org.ni, relay=127.0.0.1[127.0.0.1]:10024, delay=2.3, delays=1/0.01/0/1.3, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=04573-10, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as CADAE3AE1A2) May 9 21:07:58 ns1 postfix/qmgr[3969]: 69D2D3AE19E: removed May 9 21:07:58 ns1 amavis[4573]: (04573-10) TIMING [total 1256 ms] - SMTP greeting: 2 (0%)0, SMTP LHLO: 1 (0%)0, SMTP pre-MAIL: 1 (0%)0, SMTP pre-DATA-flush: 2 (0%)0, SMTP DATA: 36 (3%)3, check_init: 1 (0%)3, digest_hdr: 2 (0%)4, digest_body_dkim: 0 (0%)4, gen_mail_id: 2 (0%)4, mime_decode: 17 (1%)5, get-file-type2: 13 (1%)6, decompose_part: 1 (0%)6, decompose_part: 0 (0%)6, parts_decode: 0 (0%)6, check_header: 2 (0%)6, AV-scan-1: 28 (2%)9, spam-wb-list: 1 (0%)9, SA parse: 4 (0%)9, SA check: 806 (64%)73, update_cache: 8 (1%)74, decide_mail_destiny: 1 (0%)74, notif-quar: 2 (0%)74, stat-mbx: 61 (5%)79, open-mbx: 4 (0%)79, write-header: 2 (0%)79, save-to-local-mailbox: 1 (0%)79, fwd-connect: 24 (2%)81, fwd-mail-pip: 135 (11%)92, fwd-rcpt-pip: 0 (0%)92, fwd-data-chkpnt: 0 (0%)92, write-header: 1 (0%)92, fwd-data-contents: 0 (0%)92, fwd-end-chkpnt: 81 (6%)99, prepare-dsn: 1 (0%)99, main_log_entry: 11 (1%)100, update_snmp: 2 (0%)100, SMTP pre-response: 0 (0%)100, SMTP response: 1 (0%)100, unlink-2-fil... May 9 21:07:58 ns1 amavis[4573]: (04573-10) ...es: 0 (0%)100, rundown: 1 (0%)100 May 9 21:07:58 ns1 postfix/smtpd[4907]: disconnect from localhost[127.0.0.1] May 9 21:07:58 ns1 postfix/virtual[4910]: CADAE3AE1A2: to=sopo...@domain.org.ni, relay=virtual, delay=0.28, delays=0.2/0.01/0/0.07, dsn=2.0.0, status=sent (delivered to maildir) May 9 21:07:58 ns1 postfix/qmgr[3969]: CADAE3AE1A2: removed heander of mail Return-Path: gutierre...@netscape.net X-Original-To: sopo...@domain.org.ni Delivered-To: sopo...@domain.org.ni Received: from localhost (localhost [127.0.0.1]) by ns1.domain.org.ni (Postfix) with ESMTP id CADAE3AE1A2 for sopo...@domain.org.ni; Sat, 9 May 2009 21:07:58 -0600 (CST) X-Virus-Scanned: amavisd-new at domain.org.ni Received: from ns1.domain.org.ni ([127.0.0.1]) by localhost (ns1.domain.org.ni [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 5-jxcJEeRSFU for sopo...@domain.org.ni; Sat, 9 May 2009 21:07:57 -0600 (CST) Received: from imr-d03.mx.aol.com (imr-d03.mx.aol.com [205.188.157.41]) by ns1.domain.org.ni (Postfix) with ESMTP id 69D2D3AE19E for sopo...@domain.org.ni; Sat, 9 May 2009 21:07:56 -0600 (CST) Received: from imo-ma04.mx.aol.com (imo-ma04.mx.aol.com [64.12.78.139]) by imr-d03.mx.aol.com (v107.10) with ESMTP id RELAYIN1-24a0644f7202; Sat, 09 May 2009 23:07:35 -0400 Received: from gutierre...@netscape.net by imo-ma04.mx.aol.com (mail_out_v40_r1.5.) id 7.c59.497f521c (37043) for sopo...@domain.org.ni; Sat, 9 May 2009 23:07:33 -0400 (EDT)
Re: [AMaViS-user] Adding Header
Jeff Grossman a écrit : I have just started using Postfix along with Amavis and everything appears to be running pretty well. I do have one question, and I am not sure if it relates to Amavis or to Postfix. I was running Sendmail with MIMEDefang. I had my filter in MIMEDefang configured so any e-mail that was received for user1 it would add an e-mail header called X-Forward: Yes and I send the e-mail to user1 and user2. User2 has a Sieve script configured that any e-mail with that header would automatically save to a particular folder. Now, with Postfix, I have it set using recipient_bcc to automatically copy any e-mail from user1 to user2. But, there is no longer that header added and I don't know how to automatically filter those messages into a particular folder. Can I add an e-mail header with Amavis so I can filter the message? Or is there something I can do in Postfix that will allow me to automatically copy the message and file in a particular folder. I am using Dovecot's Deliver as the LDA. do that in postfix. the simplest way is to use tagged addresses: you can use address extensions and bcc user2+...@example.com. your LDA can then look for +...@example.com. if you don't want extensions, you can create a domain, say bcc.example.com, and send copies to us...@bcc.example.com. followup on postfix-users list. -- Stay on top of everything new and different, both inside and around Java (TM) technology - register by April 22, and save $200 on the JavaOne (SM) conference, June 2-5, 2009, San Francisco. 300 plus technical and hands-on sessions. Register today. Use priority code J9JMT32. http://p.sf.net/sfu/p ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] What functionality does amavisd add?
Dmitri Snytkine a écrit : Hello! I am just wondering what are the advantages of using Amavisd over just using Spamassassin in daemon mode (spamd) I mean spamd has support for dcc, razor, pyzor, dnsrbl, SPF, DKIM You can also configure your own regex rules to check headers What does the Amavisd add that Spamassassin does not already have? I am only interested in spam prevention, not a virus scanning. Thank you for a reply. Just want to know why should I use Amavis. By the way I already installed and and using it, but then I realized than what Amavisd does I could have done with Spamassassin. The first question is how would you make your MTA (postfix or other) talk to spamd. there are a couple of ways: - call spamc at delivery time. This doesn't work for relay gateways, where no delivery is performed. - exec a script that calls spamc. This is not robust, has a few problems (resubmitting mail must be done in a way to avoid loops, ... etc) and is not efficient (fork/exec...) - use a proxy. This proxy can either integrate spamassassin via library calls, which is what amavisd-new does. or it could implement spamc functionality to talk to spamd. amavisd-new can also take decisions: block, quarantine, redirect, ... (spamassassin doesn't care about delivery: it is here to classify the message). See http://www.ijs.si/software/amavisd/#features for more infos. -- ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] RCVD_ILLEGAL_IP
Luigi Rosa a écrit : Hi, a big Italian ISP is using 1.x.x.x for its internal network. This annoying behaviour is triggering a lot of false positive spam reports because of RCVD_ILLEGAL_IP is worth 3.196 spam points. Assuming that complaining with the folks of above-mentioned ISP is more than worthless, how can I adjust the spam point of RCVD_ILLEGAL_IP within Amavisd-new? within amavisd-new? no. but you can change it spamassassin configuration. for example, by adding score RCVD_ILLEGAL_IP 1.2 to your local.cf. or you can disable the rule altogether by setting the score to 0, or by using meta score RCVD_ILLEGAL_IP (0) instead. Followup on the spamassassin-users list please. -- This SF.net email is sponsored by: SourcForge Community SourceForge wants to tell your story. http://p.sf.net/sfu/sf-spreadtheword ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] can not get password reminder or unsubscribe
Curtis a écrit : from this list. Something with the mailing list is broken. Please advise. look at the headers. they contain: List-Id: General discussion list about AMaViS amavis-user.lists.sourceforge.net List-Unsubscribe: https://lists.sourceforge.net/lists/listinfo/amavis-user, mailto:amavis-user-requ...@lists.sourceforge.net?subject=unsubscribe List-Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=amavis-user List-Post: mailto:amavis-user@lists.sourceforge.net List-Help: mailto:amavis-user-requ...@lists.sourceforge.net?subject=help List-Subscribe: https://lists.sourceforge.net/lists/listinfo/amavis-user, mailto:amavis-user-requ...@lists.sourceforge.net?subject=subscribe so you can always unsubscribe by sending a mail to amavis-user-requ...@lists.sourceforge.net, with the subject set to unsubscribe. -- This SF.net email is sponsored by: SourcForge Community SourceForge wants to tell your story. http://p.sf.net/sfu/sf-spreadtheword ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Amavis in pre-queue mode
Ralf Heidenreich a écrit : Hello, before i was using amavis in post-queue mode. But due to german law, i must use amavis in pre-queue mode. How can i accelerate amavis, to use it in pre-queue mode? Ralf Alexander Wirt schrieb: Ralf Heidenreich schrieb am Montag, den 29. Dezember 2008: Hello, amavis is working in pre-queue mode. Now i have the following in maillog. amavis[27477]: (27477-10) (!)ESMTP: NOTICE: Connection broken during data transfer if mail scanning takes too long, the client will timeout. only use pre-queue if you can scan fast. if you have too many SA rules or if you have a slow machine, then pre-queue is the wrong approach. # amavis[27477]: (27477-20) load: 7 %, total idle 7483.147 s, busy 541.002 s # amavis needs too long time, to check the mail. See busy 541.002 s. Postfix timeout is smtpd_proxy_timeout = 300 Any ideas?? Yes, don't do it. Using a full bloated amavis in pre-queue mode is a stupid idea just for that reasons. Alex -- ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/ -- ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Amavis in pre-queue mode
Henrik K a écrit : On Mon, Dec 29, 2008 at 12:15:22PM -0500, Michael Scheidell wrote: Hello, before i was using amavis in post-queue mode. But due to german law, i must use amavis in pre-queue mode. How can i accelerate amavis, to use it in pre-queue mode? \ Just curious: What is english translation of german law, something like You must use amabisd-new in pre-queue mode under penalty of law? Since amavisd-new in pre-queue mode is SLOW SLOW ... SLOW What's all the fuss about SLOW SLOW BOOM BOOM it's gonna explode? It's slow if you use smtpd_proxy_filter That's what I understood by pre-queue. vocabulary from the days before milter support in postfix... and gazillion amavisd processes. Probably something like that is the case here.. or huge or slow SA rules. Using amavisd-milter is much better option, you can control concurrent process amount and socket queue. how? if you configure postfix to accept 100 simultaneous connections, then you should be prepared to filter 100 simultaneous messages (I am talking pre-queue here). but even assuming a single message. if the time it takes to scan is long, the client may disconnect. I don't know if caching would help here (so that next time, the message is filtered quickly). Can you explain why -milter would be better than proxy_filter. No limiting then needed for postfix processes, you can do do cheap rejects before amavisd (unknown users, helo/rbl etc). Yes. That should be the first thing to do when setting up an anti-spam server/relay/... etc. Of course you do have to know something about your average traffic and hardware limits. But nothing wrong about running pre-queue scanning. -- ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Amavis in pre-queue mode
Steve a écrit : Original-Nachricht Datum: Mon, 29 Dec 2008 12:15:22 -0500 Von: Michael Scheidell scheid...@secnap.net [snip] Just curious: What is english translation of german law, something like You must use amabisd-new in pre-queue mode under penalty of law? Sie müssen Amavisd-New im pre-queue Modus benützen wegen der deutschen Gesetzgebung. ;-p The point is that German law is saying that IF you take the mail, then you HAVE to deliver it. You can theoretically take the mail into queue and not deliver it but you need to get permission from the mail owner to do so. And if it comes hard on hard, then the original recipient still has the possibility to say that you deleted the mail and then you are lost. That kind of risk no one wants to take. I know, I know. It is stupid but Germany is full of regulations all over the place. Lucky me I am from Switzerland :) I understand this in the case of an ISP/MSP/..., but does this law apply to corporate mail and the like? -- ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Amavis in pre-queue mode
Michael Scheidell a écrit : The point is that German law is saying that IF you take the mail, then you HAVE to deliver it. You can theoretically take the mail into queue and not deliver it but you need to get permission from the mail owner to do so. And if it comes hard on hard, then the original recipient still has the possibility to say that you deleted the mail and then you are lost. That kind of risk no one wants to take. I know, I know. It is stupid but Germany is full of regulations all over the place. Lucky me I am from Switzerland :) Of course there are some options to get out of this problem. Having a on-site policy signed by every recipient is one option (in my eyes the best) or just not discard mails. All you net lawyers: Third option? Host the PRE-FILTER APPLIANCE in another country :-)? Is that how google/gmail got around it? I cannot imagine gmail deciding to deliver (and TAG) all spam now. This applies to viruses also. User has to be informed if they get a virus. As for 'in the queue' or not in the queue, is there really a legal distinction between blocking a virus a few cpu and hard disk cycles early? Even with 'prequeue' email, amavisd -new already has the email in $HOME/tmp, so, guess what: the email was already delivered to your system, its just in amavisds temp directory and not in postfix's queue. Here's my understanding: if you don't deliver mail to the recipient, then you should reject it during the SMTP transaction. In short, mail shouldn't disappear without the sender or the recipient knowledge and agreement. so a pre-queue should be fully compliant. the facts that the bits are on your HD are no more relevant than they were in some fiber or router... now, what if spam is stored on an old and cheap HD? -- ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Amavis in pre-queue mode
Michael Scheidell a écrit : mouss wrote: now, what if spam is stored on an old and cheap HD? dog ate my HD. as well, I read its illegal to deliver harmful content.. like a virus. I guess we can add all forms of fraud (phishes, 419, scam). The case of falsification (forged From, ...) is unclear because the sender and recipient may have agreed on using fake infos for some reason. Anyone got an (english) sample of a company policy for employees to read? sounds like (other option) would be to just tag everything and deliver it. let the user decide if [SPAM] or [SPAMMY] should go to junk folder or bit bucket. And given how users are good at handling this, it's not necessarily a service... also sounds like same lawmakers that outlawed 'nmap' in germany wrote this law. well, the problem came from those *SPs who decided to discard mail using bad filters. Otherwise, I don't see why anybody would have asked for a law. -- ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] SF lists break more (Was: dkim signing issues ...)
Mark Martinec a écrit : [snip] SourceForge mailing lists unfortunately break signatures. Perhaps it's time to consider moving the mailing list elsewhere. They break more! see this header (will be wrapped by my mua?): They add a X-Spam-Report header but don't encode it. so when the poster has some accented chars (Stephan Forster in the example below), you get a bad header (found in quarantine as the passed version doesn't have this header. one would need to rewrite the header in postfix so as to keep it if you want to see it...). = This is just one header added by SF: X-Spam-Report: Spam detection software, running on the system g2vjzd1.ch3.sourceforge.com, has identified this incoming email as possible spam. The original message has been attached to this so you can view it (if it isn't spam) or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: * Stefan FC3B6rster cite+amavis-us...@incertum.net: #!/bin/bash /etc/init.d/amavisd stop cp -p /usr/sbin/amavisd /usr/sbin/amavisd.old install -o root -g root -m 755 -p amavisd amavisd-agent amavisd-nanny amavisd-release p0f-analyzer.pl /usr/sbin /etc/init.d/amavisd start Don't do that on Debian. The Debian source is modified to read all files in the directory /etc/amavis/conf.d/ [...] Content analysis details: (-8.2 points, 5.0 required) pts rule name description -- -- -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain -8.0 RCVD_IN_DNSWL_HI RBL: Sender listed at http://www.dnswl.org/, high trust [193.175.70.131 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 DKIM_SIGNEDDomain Keys Identified Mail: message has a signature 1.3 AWLAWL: From: address is in the auto white-list so not only they include a silly long header (after all, the score according to their filter is -8.2, so what?), but they don't check the format... [snip] -- ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Amavis in pre-queue mode
Ralf Heidenreich a écrit : Hello mouss, Hi Ralf, my idea was to let amavis decide what to do with the mails. But it is not easy, i think it is impossible. Now I have the same idea as you. I let postfix run on 2 IPs. One IP for reject, and one IP for taganddeliver. Thank you for your informations. If you have any ideas to run postfix and amavis with one IP, let me know, please. The first problem to fix is make sure to never handle mail for recipients in different classes (reject vs taganddeliver). This can be done with a policy service (if the first recipient is in reject, then tempfail any recipient that is in taganddeliver, ... etc). once this is done, you can do it like this: - configure amavisd-new to add a +spam extension if the message is spammy. - configure the after the queue smtpd to reject mail to recipients with +spam extension if they are in a reject at smtp time domain. cheers, -- mouss -- SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada. The future of the web can't happen without you. Join us at MIX09 to help pave the way to the Next Web now. Learn more and register at http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] [Fwd: Re: Amavis in pre-queue mode]
Ralf Heidenreich a écrit : Original-Nachricht Betreff: Re: [AMaViS-user] Amavis in pre-queue mode Datum: Wed, 17 Dec 2008 09:26:09 +0100 Von: Ralf Heidenreich r...@lx-work.de An: Luis Daniel Lucio Quiroz luis.daniel.lu...@gmail.com Referenzen: 4947b648.8040...@lx-work.de 200812161258.54671.luis.daniel.lu...@gmail.com Hello, the law says: if a mail is in the queue, you must deliver it. The problem with laws is that they are written in a language that we (non lawyers) can't read ;-p does this simply means you can't discard mail? or even a quarantine is prohibited? and what about the following scheme: - unwanted mail is delivered to a special mailbox (which user can access if she wants:) - this mailbox has a small quota, and get purged automatically I tend to believe that the law means to protect the recipient against what would be abusive filtering. but as your post shows, smtp is not lmtp. once you have read the message, you can't reject some recipients and accept others. Never mind if it is spam or not. To avoid this, amavis must reject the mail in the smtp-dialogue. While the connection is open, i can reject it. see my other post. you can reject with postfix (port 10026 in your example) based on the +spam extension added by amavisd-new. but this requires solving the problem of multi-recipient mail. the policy service approach should do. AFAIK, Postini do something similar (tempfail if a recipient in another domain is used). If the mail is queued, the connection is closed. And the mail must be delivered. So I must switch amavis to pre-queue mode. What do you mean with: postfix1(smtp)-amavis-postfix2(smpt) (10026/tcp for example)- ??? + www.postfix.org says After-queue-filter: Network or local users - Postfixqueue - Contentfilter - Postfixqueue - Network or local mailbox ++ www.postfix.org says Before-Queue Content Filter Internet - Postfix SMTP server - Before queue filter - Postfix SMTP server - Postfix cleanup server - Postfix queue -smtp,local,virtual -- SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada. The future of the web can't happen without you. Join us at MIX09 to help pave the way to the Next Web now. Learn more and register at http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Amavis in pre-queue mode
Ralf Heidenreich a écrit : Hello, i think i preferr the option with two ipaddresses. and I agree with you! cheers, -- mouss -- SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada. The future of the web can't happen without you. Join us at MIX09 to help pave the way to the Next Web now. Learn more and register at http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] [Fwd: Re: Amavis in pre-queue mode]
Steve a écrit : Hey! I am Swiss and looking what is happening over in Germany in some area just makes me shake my head. But who am I? I don't get it and probably will never get some of those strange laws. we don't yet have such laws in .fr and I don't read german, but as (I may) have said earlier, I think the goal is to protect against these services (anybody said hotmail?) that silently discard legitimate mail. if you configure your service according to the recipient choice (including things like discard if sender user part contains a 'z'), then I don't see how the law can interfere here. Do the German layers and the German law agree on the definition of harmful? I would be surprised if so. if something is known to be harmful, nobody will disagree. so discarding melissa or I love you infected mail should be ok. i.e. just because we can't classify every message into harmful/harmless classes doesn't mean we can't classify some of them. Yes. But if this means that running in such a way that this early dropping of unwanted messages results in more resources used compared to running in the early mode, then I really don't see the point in this early dropping. I don't agree with you that dropping early is equal in less resources used then dropping later. if you reject a lot of mail during the smtp transaction, then you save on disk IO. this is always true if your reject based on the envelope (before DATA). if you check the content, things get more complicated and the gains depend on how much junk you reject and how much resources you have. In particular, pre-queue makes you more vulnerable to DoS (your checks are driven by the foreign client). it also may cause a client timeout, which is bad. but in most cases, performances are not the most critical issue. it is much more important to deal with FPs (minimise as yu can, and when you can't, provide feedback, ... etc) and with the junk that you didn't reject (quarantine? tag and deliver? ... etc). we think that tag and deliver or quarantine are the way to go, but when you look at how users check their mail, quarantine, folders, ... you get to review this (at least, this is my experience. and this is why I moved more toward origin filtering as much as possible). -- SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada. The future of the web can't happen without you. Join us at MIX09 to help pave the way to the Next Web now. Learn more and register at http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Amavis in pre-queue mode
Ralf Heidenreich a écrit : Hello, i have a problem. I have a mailserver (postfix), and amavis is working. I am receiving mail for several domains. Some customers want the spam delivering mode taganddeliver or reject. I have this realized with policy banks. Amavis in post-queue mode works fine. Due to a law, I must use amavis in pre-queue mode. Thats the problem. In the past it was the following: Postfix receives the mail, and depend on a lookup table, the mail is given to amavis on several ports. One port is for taganddeliver, an one port is for reject. If a mail comes to amavis throug the defined port, amavis loads the policy. Will I use amavis in pre-queue mode, all mails must going to amavis. Amavis must load the right policy for taganddeliver or reject. My current config is @local_domains_maps = ( [.$mydomain,localhost], read_hash(/etc/postfix/virtual_domains) ); I need 3 hashes. One for the domains there is reject used One for the domains there is taganddeliver used One for the domains there is nofilter used. Howe can I realize that? If you have multiple IPs, the simplest solution would be to use different MXes. Otherwise, one problem is what to do if a single mail is destined to multiple recipients with different actions: you can't reject and deliver at the same time! A somewhat related discussion: http://marc.info/?l=amavis-userm=104639986104274w=2 -- SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada. The future of the web can't happen without you. Join us at MIX09 to help pave the way to the Next Web now. Learn more and register at http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Error?
Luis Daniel Lucio Quiroz a écrit : Using CAT (language pluging) I got this: Dec 8 20:07:04 soekris amavis[24051]: (24051-06) (!!)TROUBLE in check_mail: parts_decode_ext FAILED: file(1) utility (/usr/bin/file) error: run_command (open pipe): Can't fork at /usr/lib/perl5/5.10.0/i386-linux-thread- multi/IO/File.pm line 188. at /usr/sbin/amavisd line 2873. Under Mandriva 2009.0 Amavis 2.6.2 Spamassassin 3.2.5 is it a bug? there was an old problem related to Net:Server. maybe it's the same? what version of Net:Server do you use? -- SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada. The future of the web can't happen without you. Join us at MIX09 to help pave the way to the Next Web now. Learn more and register at http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] debian package
Ralf Hildebrandt a écrit : * Stefan Förster [EMAIL PROTECTED]: #!/bin/bash /etc/init.d/amavisd stop cp -p /usr/sbin/amavisd /usr/sbin/amavisd.old install -o root -g root -m 755 -p amavisd amavisd-agent amavisd-nanny amavisd-release p0f-analyzer.pl /usr/sbin /etc/init.d/amavisd start Don't do that on Debian. The Debian source is modified to read all files in the directory /etc/amavis/conf.d/ Which I don't use :) bad boy:) if you resist this way, what tells us you're not gonna install a BSD next? hein? - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] bizaare log entry ... any know what this is ?
John Andersen wrote: Ok, someone please take that programmer out behind the wood shed. grin Return the installation CDROM and you'll get your money back ;-p /grin Gawd I hate cryptic useless error messages. Programmers should lose a knuckle for each one written. Then don't ask if all they print is Hello world!. More seriously, you can always stick to: $log_level = 0; but if you are a good writer, be constructive and suggest better messages. This is open source and contributions are welcome. - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Suppress recipient delimiters on outgoing mail?
John Andersen a écrit : We scan mail inbound and outbound via Amavisd-New. (2.4.3 via Opensuse). Occasionally someone will send something outbound that might get flagged as spammy. Amavis then attaches our recipient delimiter +spam on the outbound mail, all of which bounce. amavisd-new will only do that if the recipient is local. so it looks like you defined remote domains as local. Is it so? Is there anyway to prevent Plus addressing from being added by amavisd on outbound mail. I can't think of a single good reason to apply local extensions to outgoing mail. whatever you do, you can have amavisd-new listen on two ports, say 10024 for inbound mail and 10586 for outbound mail. then use policy banks to have different configs for these ports. and have your MTA pass inbound to 10024 and outbound to 10586. with postfix, you can use the FILTER statement to do this (if your port 25 receives both inbound and outbound), or you could simply force outbound mail to use the standard submission port (587) instead of 25. - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Suppress recipient delimiters on outgoing mail?
sorry for the dups. there's a problem somewhere... lost connection with mx.sourceforge.net[216.34.181.68] while sending end of data -- message may be sent more than once - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Suppress recipient delimiters on outgoing mail?
Sahil Tandon a écrit :
John Andersen [EMAIL PROTECTED] wrote:
On Sun, Oct 12, 2008 at 2:12 AM, mouss [EMAIL PROTECTED] wrote:
John Andersen a écrit :
We scan mail inbound and outbound via Amavisd-New. (2.4.3 via Opensuse).
Occasionally someone will send something outbound that might get flagged
as spammy. Amavis then attaches our recipient delimiter +spam on the
outbound mail, all of which bounce.
amavisd-new will only do that if the recipient is local. so it looks
like you defined remote domains as local. Is it so?
No, of course not.
The users send mail thru our server whether locally attached or roaming
via authenticated (ssl) connections.
Mail to some foreign address, say a gmail account or a ISP somewhere
is being scanned, and if found spammy (over our rather tight threshold)
is getting recipient delimiters appended.
This is in spite of your assertion this can not happen.
I can see it in the logs.
I use 2.6.1; just sent a SPAMMY test email to [EMAIL PROTECTED]
as well as [EMAIL PROTECTED] The former was sent
without an address extension while +spam was added to the local
part of the latter. This is consistent with what mouss said and the
following comment in the code:
# If decided to pass viruses (or spam) to certain recipients using
# %lovers_maps_by_ccat, or by %final_destiny_by_ccat resulting in D_PASS,
# one may set the corresponding %addr_extension_maps_by_ccat to some string,
# and the recipient address will have this string appended as an address
# extension to a local-part (mailbox part) of the address. This extension
# can be used by a final local delivery agent for example to place such mail
# in different folder. Leaving these variable undefined or empty string
# prevents appending address extension. Recipients which do not match access
# lists in @local_domains_maps are not affected (i.e. non-local recipients
# do not get address extension appended).
and the code (2.6.1) has
if ($is_local $delim ne '') {
# append address extensions to mailbox names if desired
my($ext_map) = $r-setting_by_contents_category(
cr('addr_extension_maps_by_ccat'));
...
so it's subject to $is_local.
and I've used extensions a long time ago and it worke
-
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100url=/
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] relaying the mail after removing the infected attachment
Michael Scheidell a écrit : Well what i want to do is not to quarantinize a mail which includes a virus, but to relay it as it is after removing the attachment and adding a little notification, that the infected attachment was errased. Amavisd does not want to 'edit/modify/muck with' email content, so there will probably be no direct support to 'hack' the email like you want. he could defang but would this be safe? The third party programs would be required, but you are going to be on your own. - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] RBL checks when amavisd-new runs on a separate server?
Tomasz Chmielewski a écrit : mouss schrieb: Tomasz Chmielewski wrote: As I'm not sure if it's Spamassassin's or amavisd-new's configuration problem, I sent a similar mail to spamassasin list. [snip] just to close the issue for those who don't read spamassassin-users (as well as for the archives). Tomasz had rbl checks disabled in amavisd.conf. Not in amavisd.conf ;) I got confused... RBL checks are done by spamassassin. Main spamassassin configuration is kept in /etc/mail/spamassassin/local.cf. It can be overridden by a user file. This was my case, I had rbl checks disabled in /var/lib/amavis/.spamassassin/user_prefs, but it took me some time before I learnt that this file exists... Thanks for the clarification. - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Using RelayCountry with amavis?
Per olof Ljungmark wrote: mouss wrote: Per olof Ljungmark wrote: OK, thanks. I've gotten so far now that amavisd reports the header but it is not inserted into the actual message headers. I tested the snippet I sent you and it worked. amavis[1968]: (01968-01) header: X-Relay-Countries: VN\n The X-Relay-Countries header is present in ham mail but not in messages marked as spam. What is the additional parameter then for including it with spams as well? same reply: I tested the snippet I sent you and it worked, for both ham and spam. so please provide more information. In particular: - show the headers of a message where the relay info isn't added - show what you actually did to add the header (did you use the snippet as I sent it or did you modify it? if you modified it, show the result) PS. the header won't appear if the recipient is not local (same as for X-Spam-* headers). - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Using RelayCountry with amavis?
Per olof Ljungmark wrote: Yes, I suspect the recipient is not regarded as local in this case. I use the unmodified snippet you provided (thanks). All spams end up in [EMAIL PROTECTED] which I presumed was a local recipient because inter-sonic.com is in the local domain list and inter-sonic.com is $MYDOMAIN. The sample you show has X-Spam headers, so the domain is local. I will turn on debug and see what that gives. Here are the headers from a spam: it should have an FR ES. run the message through spamassassin -t and see if it gets these. if it doesn't, this is an SA issue, so re-run it with -D. For example (assuming Bourne shell, not C shell): spamassassin -D -t 21 sample.eml | tee /tmp/sa.out - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] List Posting issue? (Was: Using RelayCountry with amavis?)
Per olof Ljungmark wrote: mouss wrote: Per olof Ljungmark wrote: Yes, I suspect the recipient is not regarded as local in this case. I use the unmodified snippet you provided (thanks). All spams end up in [EMAIL PROTECTED] which I presumed was a local recipient because inter-sonic.com is in the local domain list and inter-sonic.com is $MYDOMAIN. The sample you show has X-Spam headers, so the domain is local. I will turn on debug and see what that gives. Here are the headers from a spam: it should have an FR ES. run the message through spamassassin -t and see if it gets these. if it doesn't, this is an SA issue, so re-run it with -D. For example (assuming Bourne shell, not C shell): spamassassin -D -t 21 sample.eml | tee /tmp/sa.out SA returns proper headings... X-Spam-Relay-Countries: FR ES what string should I look for in the amavisd debug output? I've dug through quite a lote but cannot see anything relevant, sorry. For some reason, your messages don't appear on the list. This happened to me not long ago (Thread please remove CR moron:From:..., my post stayed in the sourceforce queue from 27 Sept to 4 Oct. anyway, you can add log statements in before_send() and see which part of the flow is missed, if any. Maybe someone else has better ideas. - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Using RelayCountry with amavis?
Per olof Ljungmark wrote: OK, thanks. I've gotten so far now that amavisd reports the header but it is not inserted into the actual message headers. I tested the snippet I sent you and it worked. amavis[1968]: (01968-01) header: X-Relay-Countries: VN\n --per - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] please remove CR moron:From: [EMAIL PROTECTED]
Michael Scheidell wrote: we really don't need amavisd-new mailing list cluttered up by idiots and their backscanner/chalange response crap. how stupid can you get? subscribe to a mailing list and point to a CR system? how about a postfix header_checks: /^X-Delivery-Agent: TMDA/ REJECT blah blah or an equivalent SA rule? PLEASE DELETE THIS MORON AND PREVENT HIM FROM EVER SUBSCRIBING AGAIN. From: [EMAIL PROTECTED] Received: from QMTA07.westchester.pa.mail.comcast.net (qmta07.westchester.pa.mail.comcast.net [76.96.62.64]) by fl.us.spammertrap.net (Postfix) with ESMTP id 7223DE6070 for [EMAIL PROTECTED]; Thu, 25 Sep 2008 21:46:43 -0400 (EDT) Received: from OMTA14.westchester.pa.mail.comcast.net ([76.96.62.60]) by QMTA07.westchester.pa.mail.comcast.net with comcast id K7q71a0021HzFnQ57Dmiwu; Fri, 26 Sep 2008 01:46:42 + Received: from puterserver.putercom.org ([67.189.3.131]) by OMTA14.westchester.pa.mail.comcast.net with comcast id KDmg1a00R2pcCKF3aDmhRj; Fri, 26 Sep 2008 01:46:41 + X-Authority-Analysis: v=1.0 c=1 a=KwajhhJn:8 a=g92yCCW4JmFRaj9ZiawA:9 a=Y-lODBbp9gv5xD1WbLEA:7 a=v4sliRxrWPmwfQefiJHpWLQKnzMA:4 a=wxohBDkX_gYA:10 a=cvPg7u-AHrgA:10 a=3zT0AC3GIWgA:10 a=gIkGxxPDoV4A:10 a=xybUbHyFDlMA:10 a=SkBy5zu-_KIA:10 a=kduAqn1zG1QA:10 a=Tx_18QxaQF0A:10 a=XF7b4UCPwd8A:10 a=Zc8-U7J0VmV6SIdK6kcA:9 a=M4lp-4l9tFlMddA0JcsA:7 a=_VwYS6j-mSfmCz_9mWkCq8cyGNMA:4 a=eZLSmJVMEtUA:10 Received: (qmail 12213 invoked by uid 514); 26 Sep 2008 01:46:40 - Content-Type: multipart/mixed; boundary0297848222== MIME-Version: 1.0 Content-Disposition: inline From: [EMAIL PROTECTED] Subject: Please confirm your message Reply-To: [EMAIL PROTECTED] Date: Thu, 25 Sep 2008 18:46:40 -0700 (PDT) Message-ID: [EMAIL PROTECTED] References: [EMAIL PROTECTED] In-Reply-To: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Precedence: bulk Auto-Submitted: auto-replied X-Delivery-Agent: TMDA/0.91 (Lucky Debonair) Return-Path: [EMAIL PROTECTED] X-OriginalArrivalTime: 26 Sep 2008 01:46:46.0132 (UTC) FILETIME=[BBEFAB40:01C91F79] --===0297848222== MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Content-Description: Confirmation Request Content-Disposition: inline This message was created automatically by mail delivery software (TMDA). Your message attached below is being held because the address [EMAIL PROTECTED] has not been verified. To release your message for delivery, please send an empty message to the following address, or use your mailer's Reply feature. [EMAIL PROTECTED] This confirmation verifies that your message is legitimate and not junk-mail. --- Enclosed is a copy of your message. Return-Path: [EMAIL PROTECTED] Delivered-To: [EMAIL PROTECTED] Received: (qmail 12196 invoked by uid 0); 26 Sep 2008 01:46:30 - Received: from [EMAIL PROTECTED] by PuterServer by uid 514 with qmail-scanner-1.22 (spamassassin: 3.2.0. Clear:RC:0(204.89.241.173):SA:0(?/?):. Processed in 9.397527 secs); 26 Sep 2008 01:46:30 - X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on PuterServer.putercom.org X-Spam-Level: X-Spam-Status: No, score=-6.5 required=4.0 tests=BAYES_00,RCVD_IN_DNSWL_MED, RDNS_NONE,SPF_HELO_PASS autolearn=ham version=3.2.5 Received: from unknown (HELO fl.us.spammertrap.net) (204.89.241.173) by 0 with AES256-SHA encrypted SMTP; 26 Sep 2008 01:46:20 - Received: from localhost (localhost [127.0.0.1]) by fl.us.spammertrap.net (Postfix) with ESMTP id B0EA0E606F for [EMAIL PROTECTED]; Thu, 25 Sep 2008 21:46:19 -0400 (EDT) X-Quarantine-ID: 09Qn3VFCD7vl X-Virus-Scanned: SpammerTrap(r) SME-150 1.84 at secnap.com X-Amavis-Modified: Mail body modified (using disclaimer) by fl.us.spammertrap.net Received: from secnap3.secnap.com (secnap3.secnap.com [204.89.241.130]) by fl.us.spammertrap.net (Postfix) with ESMTP id 5D89EE606C for [EMAIL PROTECTED]; Thu, 25 Sep 2008 21:46:19 -0400 (EDT) User-Agent: Microsoft-Entourage/12.12.0.080729 Date: Thu, 25 Sep 2008 21:46:24 -0400 Subject: Re: [AMaViS-user] amavis-new custom warning messages From: Michael Scheidell [EMAIL PROTECTED] To: Wayne Catterton [EMAIL PROTECTED], Amavis Users amavis-user@lists.sourceforge.net Message-ID: [EMAIL PROTECTED] Thread-Topic: [AMaViS-user] amavis-new custom warning messages Thread-Index: Ackfea6+jQI+3rgonEereLoZOtlfhQ== In-Reply-To: [EMAIL PROTECTED] Mime-version: 1.0 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7bit Hi, I have amavis-new setup with postfix. When I try to set a custom message for the warnings, IE: $notify_virus_recips_tmpl = var/amavis/messages/virus-recipient.txt I end up getting a blank email for the notification. I imagine it's not able to open the file, but I'm not sure as to why, I checked all permissions on the files and
Re: [AMaViS-user] Using RelayCountry with amavis?
Per olof Ljungmark wrote:
[snip]
Also, the docs say Also for 3.1.0, you can apply a patch [WWW]
http://bugzilla.spamassassin.org/show_bug.cgi?id=3815 which will allow
you to add a separate MIME header that shows all the message's relay
countries, independent of the rules.
add_header all Relay-Country _RELAYCOUNTRY_
this again I don't see, is there amavisd-tweaking involved here?
there's an example in amavisd-custom.conf.
for example, you could add this at the end of your amavisd.conf:
###
package Amavis::Custom;
BEGIN {
import Amavis::Conf qw(:platform :confvars c cr ca $myhostname);
import Amavis::Util qw(do_log untaint safe_encode safe_decode);
import Amavis::rfc2821_2822_Tools;
import Amavis::Notify qw(build_mime_entity);
}
sub new {
my($class,$conn,$msginfo) = @_;
my($self) = bless {}, $class;
$self; # returning an object activates further callbacks,
# returning undef disables them
}
sub before_send {
my($self,$conn,$msginfo) = @_;
my($all_local) = !grep { !$_-recip_is_local }
@{$msginfo-per_recip_data};
if ($all_local) {
my($hdr_edits) = $msginfo-header_edits;
my ($rly_country) =
$msginfo-supplementary_info('RELAYCOUNTRY');
$hdr_edits-add_header('X-Relay-Countries', $rly_country)
if defined $rly_country $rly_country ne '';
my($languages) = $msginfo-supplementary_info('LANGUAGES');
$hdr_edits-add_header('X-Spam-Languages', $languages)
if defined $languages $languages ne '';
}
}
#
1; # insure a defined return
-
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100url=/
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] sender callouts from mx.sourceforge.net?
Sahil Tandon wrote: Anyone else seeing this every time you send an email to this list? It looks like mx.sourceforge.net initiates the check right after the RCPT TO: stage in the SMTP session (mind the wrapping): yes, been like that since a long time. here is a recent log. Sep 19 01:48:07 imlil postmx/smtpd[96230]: NOQUEUE: warn: RCPT from lists.sourceforge.net[66.35.250.206]: Transaction logged: PTR=lists.sourceforge.net; from= to=[EMAIL PROTECTED] proto=SMTP helo=mail.sourceforge.net they are listed on backscatter.org since 2007/06/20 23:27. If you do backscatter checks, do that at data stage and not at rcpt stage. Sep 21 13:13:11 aegis postfix/smtpd[89195]: connect from mx.sourceforge.net[216.34.181.68] Sep 21 13:13:12 aegis postfwd[655]: [RULES] rule=0, id=OK_DNSWL, client=mx.sourceforge.net[216.34.181.68], sender=, recipient=[EMAIL PROTECTED], helo=mx.sourceforge.net, proto=SMTP, state=RCPT, delay=0s, hits=OK_DNSWL, action=DUNNO Sep 21 13:13:12 aegis postfix/smtpd[89195]: BF4565C74: client=mx.sourceforge.net[216.34.181.68] Sep 21 13:13:12 aegis postfix/smtpd[89195]: disconnect from mx.sourceforge.net[216.34.181.68] - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Attachment filtering question
Jake Vickers wrote: Does Amavisd-new have the capability of blocking zip files that contain EXE files? I'd like to allow zip files, but only if they do not contain EXE files within them. That's the default behaviour. amavisd-new will see the banned file inside the zip. - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] mail recognized as spam doesnt fall into user spam folder
Patrick Domack wrote:
Quoting mouss [EMAIL PROTECTED]:
Halil A??n wrote:
so it's a question for the maildrop mailing list. see below however.
[snip]
# Drop anything listed as Spam into .Spam
#
if (/^X-Spam-Flag: *YES/)
{
to $DEFAULT/spam/
Shouldn't that be:
if (/^X-Spam-Flag: *Yes/:h)
dunno if it matters, I always use :h to match headers, it might work
without, by searching the whole email message, I dunno what the
default is, or if it just fails.
the default in maildrop is to match headers, so you don't need to
specify the h flag.
In fact, OP had the FAQ problem: mail not tagged because domain was
not listed as local.
-
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100url=/
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] mail recognized as spam doesnt fall into user spam folder
Halil Ağın wrote:
Hello List;
I have a mailing system with
postfix+ldap+courier+amavisd-new+clamav+maildrop.
The os is debian etch.
There is no problem receiving and sending mail either it is spam or not.
I am trying to enable spam folder for each user on my system.
I want to configure postfix-amavis to put spam mail into user spam folder.
But i could not succeed.
[snip]
Sep 5 17:09:24 mailserver postfix/pipe[3009]: C217F32BF0: to=[EMAIL
PROTECTED],
relay=maildrop, delay=0.09, delays=0.06/0.01/0/0.03, dsn=2.0.0, status=sent
(delivered via maildrop service)
so amavisd-new correctly tagged the message and postfix successfully
passed it to maildrop.
so it's a question for the maildrop mailing list. see below however.
[snip]
# Drop anything listed as Spam into .Spam
#
if (/^X-Spam-Flag: *YES/)
{
to $DEFAULT/spam/
try
to $DEFAULT/.spam/
instead.
[snip]
$final_spam_destiny = D_PASS; the spam mail is put into inbox not spam
folder.
nothing proves that maildrop is reading your maildroprc. you seem to
have funny paths (/usr/local/mailser/...), so it is possible that
maildrop is looking for maildroprc in some funny place too.
you can debug maildrop manually:
$ maildrop -V6 -d user message.eml
but this is off topic here. Followups on the maildrop mailing list
please ([EMAIL PROTECTED]).
[snip]
-
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100url=/
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] feature request [ different subject line tagging based on score ]
Juan Miscaro wrote: Is it possible to have 2 levels of subject-line tagging based on score? So that for all forwarded mail: A score = B gets tagged with SPAM1 B score gets tagged with SPAM2 That way, spam 1 can be filtered to a folder normal_spam and spam 2 can be filtered to dripping_spam. Users will thus have a priority for which folder to peruse. why not do this filtering based on the X-SPam headers? most MUAs support this now. If this is not already possible I would like to make such a feature request! - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Allow access from remote hosts
Patrick Baer wrote: Hi all, I feel a bit dumb asking this question, but... I have a pretty buggy spamassassin issue here and need to use an external amavis-server while debugging, otherwise the whole company will be after me soon :) The problem is, I cannot connect to 10024 of the machine. I have searched over the net, and found tons of advice to LIMIT the access to localhost, but not a single word how to ALLOW from everywhere. Could you help me? - first amavisd-new must be configured to listen on a reachable IP. $ grep inet_socket amavisd.conf-sample ... #$inet_socket_bind = undef; # bind to all IP interfaces if undef ... $ grep inet_acl amavisd.conf-sample @inet_acl = qw(127.0.0.1 [::1]); # allow SMTP access only from localhost IP [EMAIL PROTECTED] = qw(127.0.0.0/8 [::1] 10.1.0.1 10.1.0.2); # adjust list as needed ... make sure to configure your firewall to allow the connection. - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Bad Header in Quarantine
Sebastian Deiszner wrote: Hello, some of my Mails are moved to quarantine with header: what do you mean by moved? they are copied. but the recipient gets the message since the corresponding action is D_PASS. X-Amavis-Alert: BAD HEADER Non-encoded 8-bit data (char E4 hex): Date: ...8 13:21:43 +0200 (Westeurop\344ische Normalzeit)\n let me guess... the X-Mailer: is Incredimail, no? # fsck -y /dev/crap # ifconfig rat0 down : I don't want to move only virus-mails into the quarantine. do you really mean what you wrote? How do i do it? $final_virus_destiny = D_DISCARD; # (data not lost, see virus quarantine) $final_banned_destiny = D_BOUNCE; # D_REJECT when front-end MTA avoid bouncing mail. if you don't want it, discard it or reject it at smtp time. bouncing causes backscatter if the sender is forged. $final_spam_destiny = D_PASS; $final_bad_header_destiny = D_PASS; # False-positive prone (for spam) [snip] $final_spam_destiny = D_PASS; # (defaults to D_BOUNCE) $final_bad_header_destiny = D_PASS;# (defaults to D_PASS) these are repeated. $spam_quarantine_to = undef; $bad_header_quarantine_to = undef; [snip] - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Getting Amavisd-new To Use Clamav
Carlos Williams wrote: On Tue, Aug 19, 2008 at 3:35 PM, Alexander Wirt [EMAIL PROTECTED] wrote: If you use clamav-daemon, make sure that it is configured to init supplementary groups when it drops priviledges, and that you add the clamav user to the amavis group: add AllowSupplementaryGroups to /etc/clamav/clamd.conf if it is not there yet, and run adduser clamav amavis as root. I am using clamav-daemon. I don't know how to check if it is configured to init supplementary groups when it drops privileges. Actually, I don't even understand what that means. I did add clamav to the amavis group, I am 100% sure! I also checked that AllowSupplementaryGroups is true in clamd.conf. I don't understand running adduser clamav amavis as root. add the clamav user to the amavis group. # grep clamav /etc/group ... vscan:*:123:clamav (here, vscan is the amavis group) Those two users already exist and were created when I installed Amavis and Clamav. Look at the logs of amavisd-new when it starts. it should say something like this: ... Using primary internal av scanner code for ClamAV-clamd ... Found secondary av scanner ClamAV-clamscan at ... - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] how to fix this passed clean but with score above kill?
Len Conrad wrote: [snip] I changed the file to vscan:vscan, su'd to vscan and command line spamassassin returned: Content analysis details: (6.8 points, 5.0 required) what tests where hit? also, what results do you see if you reinject the message into amavisd-new? it is possible that this now yields the same score (scores change over time because new IPs and URIs get listed in various DNS based lists, the message may be now be caught by Razor and the like, ... etc). spamc -c running as vscan returns: $ spamc -c /home/harry/declude/20080729/70537530.eml 10.2/5.0 As Clifton said, this is different from spamassassin command result. BTW, why are you running spamd if you're already having amavisd? if it's for testing, it's ok. otherwise, [snip] we have local.cf with bayes_auto_learn 1, but I can' see we have auto-whitelisting configged anywhere. v310.pre contains: loadplugin Mail::SpamAssassin::Plugin::AWL comment it out until you feel more confortable. AWL is hard to get right. - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] How to prevent amavisd-new being called for outgoing email
James Brown wrote: I have amavisd-new recently installed on my mail server (postfix running on Mac OS X 10.4.11). How can I stop it scanning outgoing email? This is more or less a FAQ here and on the postfix list. http://www200.pair.com/mecham/spam/bypassing.html - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Blacklisting IP
Marcelo Diniz wrote:
No, it's not opensource for now. Maybe in the future =]
if you want to manage amavisd-new options, understand the available
options and manage them. do not take it the other way around.
2008/7/15 Murilo Opsfelder Araújo [EMAIL PROTECTED]:
On Tue, Jul 15, 2008 at 5:10 PM, Marcelo Diniz
[EMAIL PROTECTED] wrote:
I'm writing a web app thats configures AMaViS and i would like to let all
the blacklisting on it.
Is this web app open source? I'd like to know an open source project
to manage all amavis options.
Thanks in advance.
--
Murilo Opsfelder Araújo
sysadmin and perl programmer
{Free,Open}BSD researcher
-
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100url=/
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Blacklisting IP
Marcelo Diniz wrote: Well, i think this discussion it's getting to another way. All i want to know if it is possible to blacklist ip's in AMaViS because AMaViS is already doing the work for domains and emails. Is it possible? AFAIK, not without changing the code. - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Blacklisting IP
Marcelo Diniz wrote: Hi, I searched at the AMaViS documentation and didn't found this information. Can the AMaViS black list IP's? why don't you do that in your MTA? - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] yahoo.com adds new domains.
Michael Scheidell wrote: [snip] sharpen up your SA rules, justin: time to watch those rules, including the 'forged from yahoo' rules. no spf records. wonder if they will dkim sign them: $ host -t txt ymail.com ymail.com has no TXT record $ host -t txt rocketmail.com rocketmail.com has no TXT record just tested the first (ymail.com), and they sign it. I guess they do the same for the other domain. X-Spam-Status: No, score=-0.288 required=5 tests=[ DKIM_VERIFIED=-0.3, DK_POLICY_TESTING=0.001, DK_SIGNED=0.001, DK_VERIFIED=-0.001, HTML_MESSAGE=0.001] ... DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=ymail.com; h=Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type:Message-ID; ... - Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] blackholes.wirehub.net error ?
Tom Brown wrote: Usually that's an indication that the BL has shut down or moved long ago and has finally given up on getting people to respect it and remove the config. Googling, I find a message from 2003 (!) indicating that blackholes.wirehub.net had changed its name. http://news.spamcop.net/pipermail/spamcop-help/2003-May/032553.html I suspect you have been bombarding their nameserver to no avail for roughly 5 years. quite possibly yes - although it was only yesterday when it broke, dead DNSBLs wait for some time (grace period) and if they still get a lot of queries, they have no choice to get the admin's attention but respond positively to every query. noted It is recommended to keep an eye on all DNSBLs you use. you can write a script to query the DNSBL daily/weekly: 127.0.0.1 should never be listed. if listed, then the DNSBL lists the universe (or you have a DNS problem). 127.0.0.2 is generally listed. if not, the list may be dead (or you have a DNS problem). you can also try to lookup few IPs you know should not be listed (or you don't want to use a DNSBL that lists them). - Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] FW: [Clamav-announce] Sourcefi re¹s rejection of unsolicited bid
Michael Scheidell wrote: I am confused, this press release says barracuda networks tried to buy sourcefire, not that sourcefire tried to buy clamav. Anyone know what is going on? Did sourcefire buy clamav or not? http://investor.sourcefire.com/phoenix.zhtml?c=204582p=irol-newsArticleID=1041607 cite COLUMBIA, Md.--(BUSINESS WIRE)--Aug. 17, 2007--Open source innovator and SNORT (R) creator, Sourcefire, Inc. (Nasdaq:FIRE), today announced that it has acquired ClamAV(TM), a leading open source gateway anti-virus and anti-malware project. Sourcefire's first acquisition since its Initial Public Offering in March 2007, ClamAV will broaden the company's open source footprint while providing the technology foundation for new products and services that will extend the company's Enterprise Threat Management network security portfolio. /cite - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] OT: Score on Subject Line
[EMAIL PROTECTED] wrote:
Is there a way to do this? i.e. if a subject line matches a certain string
and possibly the same recipient to add a score in order to make it a
spam mail?
Use SpamAssassin rules for this, no need to duplicate its functionality
in amavisd. Something like the following can go into your local.cf:
header L_MYRULE Subject =~ m{^The End is Nigh$}m
scoreL_MYRULE 20
Mark
Thanks Mark,
I really appreciate your help, and most of all your
amavisd-new, which has helped tremendously on quite a few servers. I just
looked in the wrong place it seems. Should have thought of it myself.
Alternatively, if the robot IP is constant, you can block it in your MTA.
-
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] amavislogsumm
Stefan Jakobs wrote: Hello list, I tried to verify the results of Mike Capella's amavis-logwatch scripts and had to notice that the amavislogsumm.pl scripts had some faults. I fixed them and put the new script online: https://po2.uni-stuttgart.de/~rusjako/amavislogsumm I recommend to use amavis-logwatch (I use it too), but if someone needs a lightwight log analyzer this script may help. Is amavislogsumm maintained still? - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] how to check an email from the command line?
Tomasz Chmielewski wrote: Wazir Shpoon schrieb: Try: sendmail -i [EMAIL PROTECTED] virusmail.eml Did I forget to mention that I don't have any MTA running on the machine where amavisd-new sits? # sendmail -i [EMAIL PROTECTED] spam-3+qujZLjJ2Sg postdrop: warning: unable to look up public/pickup: No such file or directory where does amavisd-new get mail from? that's probably the place to submit your mail. Otherwise, you can use telnet. # telnet 127.0.0.1 10024 EHLO localhost MAIL FROM: RCPT TO:[EMAIL PROTECTED] DATA (paste your message here) . QUIT (or better yet, write a perl script to that...). And sending it from somewhere else gets me the message delivered - still with no clue if it was SPAM, SPAMMY etc. probably because mail doesn't go through amavsid-new? - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] reject but still deliver mail to lovers?
Sahil Tandon wrote: * Oskar Liljeblad [EMAIL PROTECTED] [05-16-2008]: if you are running amavisd-new after the queue, then it is too late to reject spam: this will only cause backscatter. That's why I only use amavis before queue! IMHO after-queue is not acceptable nowadays unless you have very big mail volumes and very poor hardware... FUD. You can use amavisd-new after-queue and just configure it not to send backscatter. That is entirely acceptable. and after the queue has some benefits (whether they are important or not is not debated here). [I am not saying that either mode is the Right Thing. Just that after-the-queue is more than acceptable nowadays:-] - you decide when to scan. in a pre-queue, it is the attacker who decides. - less delay for legitimate mail. In a setup (like mine, as I am not a quarantine-fan;-p) where most spam is rejected by postfix restrictions, amavisd-new gets mostly ham, so pre-queue would harm more legitimate senders than spammers... - also, there is no risk to cause a client timeout. so one can do any checks he wants (with a pre-queue, one cannot run checks that take a long time. and this is not only hardware specific. when you query remote services, your hardware is only part of the equation) - still in the same spirit, it is possible to delay checking of certain messages and to (re)check them later. I'll give two examples: *) some spam reaches both a valid recipient and a spam trap. by delaying the check for valid recipients, there are some chances that the same (or similar) spam hits the trap. *) it may take time for DNSBLs and URIBLs to list an ip/host/uri. - with a pre-queue, you need as many listeners as your smtpd listeners. with an after the queue setup, you don't need to run that many listeners. Admittedly, this may not be an issue if you have enough resources, but some may consider this a waste of these resources. The standard argument for pre-queue is to reject the messages caught by your filter so as to leave FP handling to the sender. but this is debatable. To sum this up, one size doesn't fit all sites... - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] HELO name / myheloname
Thomas Gelf wrote:
Amavisd-new seems to use localhost_name for it's own EHLO,
but is using $myheloname for it's own SMTP greeting banner
(and 250 reply to HELO). I'm curious to find out why this
variable is defined as follows:
my($myheloname);
# $myheloname = c('myhostname');
# $myheloname = 'localhost';
# $myheloname = '[127.0.0.1]';
$myheloname = '[' . $conn-socket_ip . ']';
IMO c('myhostname') would be the better choice, isn't it?
if it helos with myhostname and this happens to be the hostname of the
MTA, then the MTA will reject the connection. localhost is safer.
note that as a proxy, amavisd-new has two sides: an smtp server and an
smtp client. the hostname is for the server, and helo is only for the
client side. there is no reason to make these sides match.
-
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] reject but still deliver mail to lovers?
Oskar Liljeblad wrote: Would it be possible to set up/hack amavis to return a reject response (554 - D_REJECT) for spam but still deliver it to addresses in the spam lovers list? With the current behaviour you would get an OK result (250 - D_PASS) from amavis and the mail would be sent to the spam lover. Some may think it would be wrong to tell someone you rejected the e-mail but still deliver it, but it forces the sender to act in case of false positive spam that the receiver (the spam lover) missed. if you are running amavisd-new after the queue, then it is too late to reject spam: this will only cause backscatter. - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] SECOND RELEASE CANDIDATE amavisd-new-2.6.0-rc2 is available
Martin Orr wrote: On 21/04/08 00:32, Gary V wrote: msa:~# apt-get -t testing install libmail-dkim-perl Reading package lists... Done Building dependency tree... Done The following extra packages will be installed: binutils libc6 libc6-dev libc6-i686 libcrypt-openssl-bignum-perl libcrypt-openssl-rsa-perl libdb4.6 libssl0.9.8 linux-libc-dev locales perl perl-base perl-modules Suggested packages: binutils-doc glibc-doc manpages-dev libterm-readline-gnu-perl libterm-readline-perl-perl Recommended packages: perl-doc The following packages will be REMOVED: linux-kernel-headers The following NEW packages will be installed: libcrypt-openssl-bignum-perl libdb4.6 linux-libc-dev The following packages will be upgraded: binutils libc6 libc6-dev libc6-i686 libcrypt-openssl-rsa-perl libmail-dkim-perl libssl0.9.8 locales perl perl-base perl-modules 11 upgraded, 3 newly installed, 1 to remove and 327 not upgraded. Note: linux-kernel-headers has been replaced by virtual package linux-libc-dev I don't know what you mean by virtual package: linux-libc-dev is a perfectly normal package; this is just a renaming and nothing to be worried about. I guess the problem is that the installation came at the same time as other updates. It is surprising to see that you are about to update perl when you only wanted to add a minor package. in short, it's a psychological problem :) After this, I downloaded Mail::DKIM and installed from source. If eventually 0.31 is supplied in the packaged version, I will install it and then perform surgury to remove the source code version. Essentially, this system has taken a footstep toward migrating to lenny (the future stable version of Debian). AFAIK, they are starting to freeze packages, but I can't know if 0.31 will make it to lenny stable or not. Mail::DKIM was uploaded to unstable yesterday, so as only a few packages are frozen so far it would be very surprising if it doesn't reach lenny. Best wishes, - This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] local sendmail command.
mouss wrote: Andrew Nady wrote: Hi, I am having some difficulties with programs that use postfix's or other MTA's sendmail command to send out email as oppose to SMTP connection. The sendmail triggered email gets marked as SPAM, and I have no idea as to how to trick amavis to not check the emails originating with a sendmail command on the localhost. with postfix, # cat master.cf ... pickupfifo n - n 60 1 pickup -o content_filter= ... will skip the filter for mail submitted using the (postfix) sendmail command a word of caution: only use this if you fully trust mail submitted via sendmail. if you have a web application or users using the sendmail command, then you should not skip filtering. - This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Register now and save $200. Hurry, offer ends at 11:59 p.m., Monday, April 7! Use priority code J8TLD2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] local sendmail command.
Andrew Nady wrote: Hi, I am having some difficulties with programs that use postfix's or other MTA's sendmail command to send out email as oppose to SMTP connection. The sendmail triggered email gets marked as SPAM, and I have no idea as to how to trick amavis to not check the emails originating with a sendmail command on the localhost. with postfix, # cat master.cf ... pickupfifo n - n 60 1 pickup -o content_filter= ... will skip the filter for mail submitted using the (postfix) sendmail command - This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Register now and save $200. Hurry, offer ends at 11:59 p.m., Monday, April 7! Use priority code J8TLD2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Net::DNS .060 allows remote attackers to cause DOS
Michael Scheidell wrote: From: http://search.cpan.org/src/OLAF/Net-DNS-0.63/Changes Fix rt.cpan.org #30316 Security issue with Net::DNS Resolver. Net/DNS/RR/A.pm in Net::DNS 0.60 build 654 allows remote attackers to cause a denial of service (program croak) via a crafted DNS response (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6341). Packet parsing routines are now enclosed in eval blocks to trap exception and avoid premature termination of user program. Fix: Update to 0.63. Note: to Freebsd Ports SpamAssassin users: A minor update to SA will include dependency on 0.63. pt-Net-DNS was updated on ports tree 10 days ago: http://www.freebsd.org/cgi/query-pr.cgi?pr=120702 An official update to SA ports version 3.4.2_3 will be send to ports shortly. you mean 3.4.2_3 I guess. PS. shouldn't the audit db be updated? - Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] MTA-BLOCKED?
Mark Martinec wrote: Luis Daniel, I was debugging amavisd and I found this: brandmauer amavis[6320]: (06320-02-3) TIMING [total 45329 ms] - SMTP pre-DATA-flush: 403 (1%)1, SMTP DATA: 62 (0%)1, check_init: 126 (0%)1, digest_hdr: 2 (0%)1, digest_body: 9 (0%)1, gen_mail_id: 8 (0%)1, mime_decode: 205 (0%)2, get-file-type1: 363 (1%)3, decompose_part: 107 (0%)3, parts_decode: 0 (0%)3, check_header: 91 (0%)3, AV-scan-1: 1290 (3%)6, spam-wb-list: 2435 (5%)11, SA parse: 26 (0%)11, SA check: 4243 (9%)21, update_cache: 32 (0%)21, decide_mail_destiny: 35 (0%)21, fwd-connect: 362 (1%)22, fwd-xforward: 69 (0%)22, fwd-mail-pip: 179 (0%)22, fwd-rcpt-pip: 32 (0%)22, fwd-data-chkpnt: 46 (0%)22, write-header: 11 (0%)22, fwd-data-contents: 0 (0%)22, fwd-end-chkpnt: 34549 (76%)99, prepare-dsn: 91 (0%)99, main_log_entry: 86 (0%)99, update_snmp: 280 (1%)100, SMTP pre-response: 22 (0%)100, SMTP response: 69 (0%)100, unlink-1-files: 94 (0%) 100, rundown: 1 (0%)100 lok at this: fwd-end-chkpnt: 34549 (76%)99 to high value, what should I do then? Yes, it is pretty high, Postfix is taking 34 seconds to respond to end-of-message. Perhaps you have not disabled header of body checks in MTA on the re-entry path (port 10025) and you have complex or poorly written regexp-based header/body checks there. Or it could be some disk I/O problem. note that his amavisd-new is listening on 10025 (see his telnet transcript). not sure where he forwards mail (10026?) and what is done there... - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] MTA-BLOCKED?
Luis Daniel Lucio Quiroz wrote: I also got: Mar 13 11:54:00 brandmauer amavis[24026]: (24026-01) (!!)TROUBLE in process_request: Error writing a SMTP response to the socket: Broken pipe at (eval 41) line 874, GEN3 line 4. at my /var/log/mail/error.log Port 10025 is open: [EMAIL PROTECTED] dieu]# telnet localhost 10025 Trying 127.0.0.1... Connected to brandmauer.insys-corp.com.mx (127.0.0.1). Escape character is '^]'. 220 [127.0.0.1] ESMTP amavisd-new service ready This is amavisd-new. now try to connect to port 10026 instead. EHLO elmo.yahoo.com 250-[127.0.0.1] 250-VRFY 250-PIPELINING 250-SIZE 250-ENHANCEDSTATUSCODES 250-8BITMIME 250-DSN 250 XFORWARD NAME ADDR PROTO HELO RCPT dlucio500 5.5.2 Error: bad syntax @okay.com.mx QUIT ^] telnet q Connection closed. - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Postfix and Amavisd-new on different servers, where point MX record to?
Daniel Mayer [COUGA.net] wrote: Hi, we are working on evolving our amavisd-new setup from one to two machines. Box 1 providing the final delivery to the mailbox and box 2 performing spam and virus filtering guided by amavisd-new. The question is where to point the MX's of the domains to? Box 1 could accept the mail and forward it to amavis and then get it reinjected for final delivery. Another option would be to install postfix also on box 2, accept mail there in the first place, scan it and then forward it to box 1 for delivery. Do you have any recommendations? Which is the best-practice for this? I prefer the second approach: - box2 is a mail gateway (mx and filtering) - box 1 is mail store (pop/imap/...) This role separation is more natural. you can add/replace the gateway box without having to deal with user access (imap/pop), and conversely, you can add/replace mail stores without disturbing the mx and filters. this also saves one trip. - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Forged 'X-Virus-Scanned' header bypasses Amavis-new scanning
Christopher J Shaker wrote: Clifton: I am pretty sure amavisd-new does *not* work this way. It has an implicit list of checks to run on each incoming mail, starting with virus scanning, and works its way through them. If it's working this way for you, it may be the result of something funky in your Postfix configuration which is bypassing the routing through amavisd if it sees that header. How are you selecting the Postfix routing to content filtering? In main.cf, in master.cf, or otherwise? In /etc/postfix/master.cf: smtp inet n - y - 2 smtpd -o content_filter=smtp:[127.0.0.1]:10024 smtps inet n - y - 2 smtpd -o content_filter=smtp:[127.0.0.1]:10024 so only mail received via smtp is filtered. The Received headers should tell what route the message took. you can also search for the Message-Id in postfix logs. I've temporarily added a filter to my postfix header_checks file to reject messages coming into my server that already have the X-Virus-Scanned header added to them. This is not a good solution, because it also blocks my outgoing email. A much better interim measure would be to strip the incoming headers, by simply replacing that REJECT with IGNORE in the same header_checks line. It's not a bad idea anyway to strip spam scan headers which could be mistaken for your own. -- Clifton I've checked, and there are no FILTER directives in my header_checks file. I'm still looking for anything I might have screwed up. The emails that leak through are forged to look as though they came from me. Normally, email that I send out *is* filtered by Amavis. I've had several emails get mistakenly spam filtered when I tried to send them. Thank you also to Gary for: $remove_existing_x_scanned_headers = 1; # default is to leave these alone. Chris Shaker - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/ - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Why does amavis have a very low spam score (compared to spamassassin)?
Jef Driesen wrote: I have a small postfix/amavis/dovecot mailserver for my home network. Mails are retrieved with fetchmail and delivered to postfix with amavis as a after-queue content filter. It works great, except that after the upgrade from Ubuntu 7.04 (Feisty Fawn) to 7.10 (Gutsy Gibbon), amavis assigns very low spamcores. An example from amavis: X-Spam-Score: 2.644 X-Spam-Level: ** X-Spam-Status: No, score=2.644 tagged_above=-999 required=5 tests=[BAYES_50=0.001, HTML_MESSAGE=0.001, MIME_HTML_ONLY=1.457, SARE_SUB_CASINO=0.555, US_DOLLARS_3=0.63] When I remove all headers generated by my mailserver, and pass the message through spamassassin (with spamassassin -t spam.eml), I get a much higher score: X-Spam-Flag: YES X-Spam-Checker-Version: SpamAssassin 3.2.3 (2007-08-08) on manta.localdomain.local X-Spam-Level: * X-Spam-Status: Yes, score=17.7 required=5.0 tests=DNS_FROM_RFC_DSN, HTML_MESSAGE,MIME_HTML_ONLY,RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_NJABL_PROXY, SARE_SUB_CASINO,URIBL_BLACK,URIBL_JP_SURBL,URIBL_OB_SURBL,URIBL_RHS_DOB, US_DOLLARS_3 autolearn=spam version=3.2.3 pts rule name -- 0.6 SARE_SUB_CASINO 1.7 RCVD_IN_NJABL_PROXY 2.2 RCVD_IN_BL_SPAMCOP_NET 2.5 DNS_FROM_RFC_DSN 1.2 US_DOLLARS_3 0.0 HTML_MESSAGE 1.7 MIME_HTML_ONLY 2.9 URIBL_JP_SURBL 2.1 URIBL_OB_SURBL 2.0 URIBL_BLACK 0.9 URIBL_RHS_DOB If I restart amavis, the spamscore is already much higher for the same message (send with sendmail user spam.eml), especially if the high negative AWL score is ignored: X-Quarantine-ID: qQEc9Gutw-4P X-Spam-Flag: YES X-Spam-Score: 8.12 X-Spam-Level: X-Spam-Status: Yes, score=8.12 tagged_above=-999 required=5 tests=[AWL=-5.476, BAYES_40=-0.185, DNS_FROM_RFC_DSN=1.495, HTML_MESSAGE=0.001, MIME_HTML_ONLY=1.457, RCVD_IN_BL_SPAMCOP_NET=1.96, RCVD_IN_NJABL_PROXY=1.643, SARE_SUB_CASINO=0.555, URIBL_BLACK=1.955, URIBL_JP_SURBL=1.501, URIBL_OB_SURBL=1.5, URIBL_RHS_DOB=1.083, US_DOLLARS_3=0.63] I understand that there might be some differences between amavis and my spamassassin test, because they did run with a different user, but I think something else is wrong here. It seems that network test are only performed if amavis is restarted in the second try. Since all settings are unchanged, what could be causing this and how do I fix this? I can provide additional information, but didn't know what to provide already. Since IPs and domains are dynamically added to DNSBLs and URIBLs, the example you show is normal: some IPs and URIs have been listed since the first run. This happens all the time. That said, make sure amavisd is started with the right config file. (if the init scripts use a different config, ... etc). - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Why does amavis have a very low spam score (compared to spamassassin)?
Jef Driesen wrote: mouss wrote: [snip] Since IPs and domains are dynamically added to DNSBLs and URIBLs, the example you show is normal: some IPs and URIs have been listed since the first run. This happens all the time. That said, make sure amavisd is started with the right config file. (if the init scripts use a different config, ... etc). I understand those lists are dynamic, but it seems that amavis never performs those network test when after booting my server. Only when I restart amavis manually, I start seeing points from the network tests in the email headers. when you say restart amavis manually, how do you restart it? do you use the init script or do you use the amavisd command directly? if the latter, try using the init script and see if you get the same behaviour (just to make sure that the init script is not using a different configuration). also, make sure that amavisd is not using the wrong resolver when started at boot time. is amavisd chrooted when started at boot but not chrooted when you start it manually? ... etc. - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Spam folder daily summary?
Mike Cisar wrote:
Hi all,
Running Sendmail/Amavis/Spamassassin/Dovecot on a couple of servers. About
50% of the users prefer to be spoon-fed their SPAM in their inbox, for the
other 50% or so we've set up to sort their SPAM into an IMAP spam folder
using plussed addressing.
A number of users still use POP to access their mail and as such require a
reminder to log in to their webmail once in a while to clean up their spam
folder.
What I'm looking for is a way (script that I can run in a daily cron) to
scan each of these user's spam folder and produce a quick summary of the
mail therein (from, to, subject) and email them the result. If it matters,
we will be migrating to likely a maildir format when we migrate to a new
server in the spring, but for now the IMAP folders are UW-mbox format (or is
that mbx, I can never remember which is which :-)
Can anyone recommend a script that could accomplish what I'm looking to do?
you could start with
formail -l -ds mboxfile
this will print things like this:
From [EMAIL PROTECTED] Wed Jan 30 16:45:12 2008
Subject: =?utf-8?B?TW9iaWxlIFdvcmxkIENvbmdyZXNz?= =?utf-8?B?IDogV2
Folder: 7052
if you want to chose the headers, you can try something like
formail -cX -ds mboxfile | \
egrep ^(From|To|Cc|Subject|Date) | \
sed s/^From .*//
Note that headers may be mime encoded (subject shown above), in which
case they are not readable. you will need to decode them (if they are
to be sent via email, then don't forget to encode the body!).
or you could try something like this if the mbox is not too large:
#!/usr/bin/perl
use Mail::MboxParser;
use strict;
my $mbox_file = $ARGV[0];
#headers to print
my @print_headers = (From, Date, Subject, Content-Length,
X-Spam-Score);
my $parseropts = {
enable_cache= 1,
enable_grep = 1,
cache_file_name = '/tmp/mbox_cache',
};
my $mb = Mail::MboxParser-new($mbox_file,
decode = 'HEADER',
parseropts = $parseropts);
while (my $msg = $mb-next_message) {
print \n;
foreach my $header (@print_headers) {
print $header: . $msg-header-{\L$header} . \n;
}
}
-
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] score
MrC wrote: Andrea Bencini wrote: Andrea Bencini wrote: I installed postfix-2.4.5-2.fc8, amavisd-new-2.5.2-2.fc8 and spamassassin-3.2.3-2.fc8. They are running. I would like to test spam changing score in local.cf. My local.cf is: score FREE_PORN 1000 score LIVE_PORN 1100 Now I send an e-mail where there are the words porno and sex in the message body. Why there aren't FREE_PORN and LIVE_PORN scores? Did you restart amavis ? Yes I did. Andrea So two things come to mind: a) the FREE_PORN pattern hits only when porn is preceded by free /\bfree (?:porn|xxx|adult)/i The LIVE_PORN likewise requires live followed by 0 or 9 characters, followed by sex (or other). See the patterns in 20_porn.cf, wherever that may reside on your system. People ought to know that simplistic keyword matching is wrong: - SusSEX, EsSEX, - cuCUMbers, - Charles DICKens - babCOCK State Park, ... - www.apluSEXam.com - www.surpluSEXchange.org - oTITS media - Sweet sixTEEN (and double score if you mispelle the 'i' :) - St MarTEEN - vaPOR NOble gas ... - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Subject line oddities...
Mike Cisar wrote: Have had a few messages getting through lately that should have been tagged as spam but appear not to have the subject line tagged. I check the headers and see (some headers removed)... X-Spam-Flag: YES X-Spam-Score: 9.498 X-Spam-Level: * X-Spam-Status: Yes, score=9.498 tagged_above=2 required=5 tests=[BAYES_99=3.5, GOOG_PAGES=5, NO_RECEIVED=-0.001, NO_RELAYS=-0.001, URIBL_GREY=1] Subject: :: 86% Cheaper than Original Price: aRolex, Cartier, Omega, Chanel, Tag Heuer, Breitling ... qfbvvqgron Subject: [SPAM - 9.498] The message probably has two headers. amavisd-new tags one, but your client shows the other. nasty trick... I personally prefer not to tag the subject. Real(TM) MUAs have no problems parsing the X-Spam-Flag header... PS. I am in favour of rejecting any message with duplicate unique headers (subject, from, to, cc, message-id, date, ...). So when the email is viewed in Outlook (only reader I've tried so far) the original subject line is shown without spam tag. S... what's the trick that's making Amavisd create a new subject line instead of adding it to theirs? Is there a way to fix so the tagging happens properly? Running amavisd-new 2.4.4 - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Filtering before banned attachments
Robert Fitzpatrick wrote: I see a message get sent through and labeled 'WARNING: contains banned part' like it should according to our banned policies as it scores zero in SA. I am assuming zero means that SA didn't even scan the content? If I take the source of the message without the attachment, it scores plenty high enough to kill. if the attachment is large, it will be skipped. The size is configurable, but spending cycles on huge messages is generally not worth the trouble. Up so far, spam rarely comes in large messages. My question, is there a way for amavis to filter with SA and only send through according to banned policies if CLEAN? - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] amavis cuts the domainname in emails to virtuall domain
rupert wrote:
Hi,
i have a cyrus murder cluster with postfix and started integrating amavis
for content filtering.
When I send an email to a user of a virtuall domain that isnt the local
domain the postfix host is in everthing is fine.
When i send an email to a user that is in the same domain than the server
the @test.local gets lost.
As mydomain in postfix I have test.local:
Jan 24 03:07:53 frontend postfix/qmgr[6449]: 0FA1E1200BC: from=
[EMAIL PROTECTED], size=987, nrcpt=1 (queue active)
Jan 24 03:07:53 frontend postfix/local[6655]: 0FA1E1200BC: to=
[EMAIL PROTECTED], relay=local, delay=438, delays=438/0.04/0/0.02, dsn=4.1.1,
status=SOFTBOUNCE (unknown user: jones)
relay=local indicates that this has nothing to do with amavisd-new, but
with local delivery. does jones exist in /etc/passwd? if you want
virtual delivery, you'll need to use virtual delivery. seethe VIRTUAL
README (in postfix docs).
where can i set this?
In the master,cf i had to set ${recipient} instead of ${user} for cyrus, do
I have to do the same for amavis? and where, if?
thx
rupert
-
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
-
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] male enhancement spam with google link inside -- filter??
lartc wrote: hi all, i've been getting tons of male-enhancement spam mails that are making it through amavis ... they look like: Women DO luv it bigger. http://google.co.uk//search?hl=enq=inurl:rhtawy.com%2BVPXL%2BMade% 2BEasybtnI=markov I don't want to filter on a google link (resulting in too many false positives) ... and I'm using real-time blacklists ... Anyone got a working filter for these? you should subscribe to spamassassin list. See its archives for a discussion and suggested rules. I personally wait for google to fix this. - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] ibm.comspf record? what does blank one do?
Michael Scheidell wrote: host -t txt ibm.com ibm.com descriptive text v=spf1 -all What does that mean? with -all, does that mean that since there are NO records at all that all email should hardfail? or all should pass? ibm: what were you thinking? Why bother? That's a correct choice if they never send mail as @ibm.com. #host -t txt fr.ibm.com fr.ibm.com text v=spf1 ip4:195.212.29.128/26 ~all #host -t txt us.ibm.com us.ibm.com text v=spf1 ip4:32.97.182.0/24 ip4:32.97.110.0/24 a:d25xlcore010.ca.ibm.com a:isource.boulder.ibm.com ~all #host -t txt zurich.ibm.com zurich.ibm.com text v=spf1 +mx +ip4:195.176.20.0/24 include:de.ibm.com include:uk.ibm.com include:us.ibm.com include:br.ibm.com include:au.ibm.com ~all ... etc - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] amavisd-new accepting e-mails from a remote machine
Jordi Moles wrote: hi, i've got 2 debian servers, one with postfix and the other one with amavisd-new running. I've read a lot of examples about how to set up amavisd-new to filter emails that come from postfix. The thing is that in amavisd.conf i have to put something like this: $forward_method = 'smtp:[*]:10025'; i mean... if i write: $forward_method = 'smtp:[192.168.1.10]:10025'; where 192.168.1.10 is the postfix's ip address... it works fine. But the idea is to have an amavis server that filters from many different servers. How can i tell amavis to send the filtered mail to the ip address it came from? look at the amavisd.conf-sample: $forward_method = 'smtp:*:*'; should do if all postfixers listen on $port+1 (in your case, $port=10024 and $port+1=10025). - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] amavis[xx]: (!)DENIED ACCESS from IP x.x.x.43, policy bank ''
john bender wrote: Thanks mouss, I'll try that. Regarding the other notes, the smtp/lmtp are there because I was following the amavis install guide. but you only need one. and if you configure both, chose different names. Regarding the mynetworks, etc, that's all from me trying different things trying to resolve this error. beware the shake it and you'll get juice approach. always remember what you change. this way, you can cancel the changes if they don't help. good luck. - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] amavis[xx]: (!)DENIED ACCESS from IP x.x.x.43, policy bank ''
john bender wrote: Hi there! I'm running Qmail, and on the same system I run postfix as a smart host or spam firewall. Qmail listens on x.x.x.42 and postfix listens on x.x.x.43 From what I read, this setup might be causing the error in question. My question is: would anyone know specifically why this is happening and what I can do to add amavis to this set up? It is postfix that connects to amavis from source IP x.x.x.43. I've obviously googled the error and found pretty much nothing that applies to me, except for one thread where someone disabled smtp_bind_address to solve this: http://www.howtoforge.com/forums/archive/index.php/t-1217.html I can't do that in my set up. main.cf: === inet_interfaces = x.x.x.43 remove this and try again. if you want postfix to listen on a given IP, use master.cf instead: replace smtp smtpd with x.x.x.45:25 smtp mynetworks = x.x.x.40/29, 192.168.0.0/16, 10.0.0.0/8, 127.0.0.0/8 content_filter=amavisfeed:[127.0.0.1]:10024 this is a bit convoluted. you set inet_interfaces to x.x.x.43 but you want postfix to talk to 127.0.0.1. while it will, this is not very logical. master.cf: amavisfeed unix- -n - 2 lmtp -o lmtp_data_done_timeout=1200 -o lmtp_send_xforward_command=yes -o disable_dns_lookups=yes -o max_use=20 amavisfeed unix- -n-2 smtp -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes -o max_use=20 you need to make your mind: use lmtp or smtp? use different names for different transports. 127.0.0.1:10025 inet n-n-- smtpd -o content_filter= -o smtpd_delay_reject=no -o smtpd_client_restrictions=permit_mynetworks,reject -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_data_restrictions=reject_unauth_pipelining -o smtpd_end_of_data_restrictions= -o smtpd_restriction_classes= -o mynetworks=127.0.0.0/8 -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 -o smtpd_client_connection_count_limit=0 -o smtpd_client_connection_rate_limit=0 -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters -o local_header_rewrite_clients= amavis.conf: === @local_domains_maps = ( [.$mydomain] ); # list of all local domains @mynetworks = qw( 127.0.0.0/8 [::1] [FE80::]/10 [FEC0::]/10 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 x.x.x.40/29 ); Connecting using telnet on localhost works fine. # telnet localhost 10024 This will use 127.0.0.1 as the source IP. This isn't the same as what you're asking postfix to do: you're asking postfix to use x.x.x.43 as a source IP but connect to 127.0.0.1. you'll need more than telnet to test this (you need a client that binds before it connects). Trying 127.0.0.1... Connected to localhost.localdomain (127.0.0.1). Escape character is '^]'. 220 [127.0.0.1] ESMTP amavisd-new service ready mail from:[EMAIL PROTECTED] 250 2.1.0 Sender [EMAIL PROTECTED] OK rcpt to:[EMAIL PROTECTED] 250 2.1.5 Recipient [EMAIL PROTECTED] OK data 354 End data with CRLF.CRLF Subject: asdads asd .. 250 2.0.0 Ok: queued as 77015A40013 Thanks for reading all this :P Never miss a thing. Make Yahoo your home page. http://www.yahoo.com/r/hs - SF.Net email is sponsored by: Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/ - SF.Net email is sponsored by: Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Suggestion: Modify Amavis to optionally retain a virgin copy of each message processed...
Ken Morley wrote:
I'm using Postfix 2.4.6, Amavisd-new 2.5.2, ClamAV 0.91.2 and
Mail-SpamAssassin 3.2.3 in a Linux mail filter. I'm having problems
conveniently getting enough ham and spam for Bayes training. I'm aware
that Bayes is more closely related to SA than Amavisd, but please humor
me before sending me off to the SA forums :)
I am currently using the Postfix always_bcc function to copy each email
coming through the system to postmaster. From postmaster's mailbox, I
manually classify and copy each email into seperate spam- or
ham- files. The problem is that this alters the recipient and adds
a number of X-Amavis headers that could affect Bayes accuracy.
It seems to me that it would be better if Amavisd could just make an
un-altered copy of every e-mail it processes and place them in seperate
disk files. From that point, it should be fairly easy to write a script
that would allow postmaster to rquickly eview and classify the files.
Then, the script would assign the files an appropriate spam or ham
filename. That would take a lot of effort out of building a corpus.
Any thoughts on that suggestion?
Besides Mark sugggestion, you can use recipient_bcc_maps instead of
always_bcc. The idea is to use a regular expression to keep the
original recipient. this looks like:
/^(.*)@(example\.com)$/ [EMAIL PROTECTED]
('+' being configured as the extension delimiter).
This way, you can easily retrieve the original recipient.
-
SF.Net email is sponsored by:
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services
for just about anything Open Source.
http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Local Spam
Rocco Scappatura wrote: Hello, from my amavid-new log I saw that a significant protion of spam is generated inside my network. Here the command: # cat /var/log/amavis | grep -i Blocked SPAM, LOCAL I have configured Postfix so that it lookups an IP for client access to my SMTP gataway. If lookup is succesfull, that IP can relay trough my server. Otherwise, the client is discarded, rejected or rejected with a 550 customized code. I'ld like to trigger an insert of an IP inside the lookup table as soon as the IP is flashed out of sending spam, with action REJECT. It is possible to do so? Or is a matter of Postfix? you can parse logs. look for fail2ban and the like. Use with caution... - SF.Net email is sponsored by: Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Local Spam
Rocco Scappatura wrote:
from my amavid-new log I saw that a significant protion of spam is
generated inside my network. Here the command:
# cat /var/log/amavis | grep -i Blocked SPAM, LOCAL
I have configured Postfix so that it lookups an IP for
client access
to my SMTP gataway. If lookup is succesfull, that IP can
relay trough
my server. Otherwise, the client is discarded, rejected or rejected
with a 550 customized code.
I'ld like to trigger an insert of an IP inside the lookup table as
soon as the IP is flashed out of sending spam, with action REJECT.
It is possible to do so? Or is a matter of Postfix?
you can parse logs. look for fail2ban and the like.
What is 'fail2ban'?
Make Google your friend.
http://www.fail2ban.org/wiki/index.php/Main_Page
I would like to know if there is something of ready to use..
Otherwise, I'm thinking to use awk to get IP and an header of a guilty
email to send to the responsible of that IP.
#!/bin/sh
cat /var/log/amavis | grep -i Blocked SPAM, LOCAL | gawk '{ print
substr(substr($10,1,length($10)-1),2,length($10)) substr($16, 1,
length($16)-1) }' | awk ' BEGIN {
}
{
ip[$1] = $2;
}
END{
for (i in ip) {
print echo i gunzip -c /var/virusmails/ ip[i]
| head -20;
}
}' | sh
And run it as a cron job every night.
At the moment I lack two things:
1) get only the headers of the emails (and not only the 20 starting
lines)
This requires a parser. perl/python/php/C can do that more easily. but I
am not sure what you are exactly trying to do? (I see the log parsing
part, but not what you want to do with /var/virusmails).
2) determine who I have to send the email
what do you want to send? ask for a contact list at every client, and
when there is a problem, post to this contact address.
-
SF.Net email is sponsored by:
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services
for just about anything Open Source.
http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] amavis on lotus?
Javier wrote: thank you all for your kind answers... i understand the solution is a non-lotus smtp server to process the mail routing... but i have another question regarding your sugestions... can i perhaps have a smtp (postfix) in front of my lotus smtp? something like this.. Internet smtp (postfix) -- smtp (lotus) --lotus domino im sorry but i have to include lotus in my mail solution (both) you can. now you need to find a way so that postfix rejects invalid recipients: - if the list of users is available in mysql/postgres/ldap, or if it can be dumped (perdiocally?) to a flat file, then this is good. - otherwise, your lotus must be configured to reject invalid recipients. in this case, you can use reject_unverified_recipients (triggered by a check_recipient_access so that it is only done for mail to the domains managed by the lotus server). - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] amavis OK, but amavislogsumm not giving any results
MrC wrote: Voytek Eymont wrote: On Mon, October 15, 2007 5:55 pm, Jordi Espasa Clofent wrote: I didn't know amavislogsumm, but I can see in the changelog that the last version is dated on feb-2004. It seems an old and out-of-date project. ¿Do you know amavis-logwatch [1]? It's devepelod by Mike Capella, an active member of the present list; the project is active and Mike is very receptive to any feedback. I use it daily and I'm very happy with it. Thanks Jordi. Jordi, thanks yes, as I was searching for answers I came across Mike's announcement post, and, installed both of his utilities already, Great, let me know how they work for you. I just posted the pre-releases for evaluation to those interested (see Changes for a change list). I also created a mailing list for announcements and feedback, etc. See the site. dumb Q: amavis-logwatch /var/log/maillog snip 536 Spam passed -- 138 [EMAIL PROTECTED] snip All numbers on the left column are counts of that row's hits. So, 138 is the number of times that email address was passed and considered spam. And there were a total of 536 spam's passed to recipients. does above mean... 138 identified SPAMs passed to mb@ as mb is in spam_lover ? and, 536 identified SPAMS in total were passed as in recipient is spam_lover? You'll have to examine your configuration to know the exact reason for why they were passed. It could be spam lovers, it could be a policy bank (such as MYNETS), or other reasons. or just because this is the configured action. I pass all spam (to Junk folder or +spam address). - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Antivirus programs?
Adam65535 wrote: On 10/9/07, Pelletier, Robert [EMAIL PROTECTED] wrote: I'm using ClamAV. It's a perfect match with Amavis, it's fast and get's high in the reviews. In my experiences clamav/clamd is much slower than other mail scanners (even when up against command line scanners like uvscan). It is still a very useful virus scanner but not fast by any means. For an example... the command line scanner uvscan takes .15 seconds while clamav takes 2.6 seconds for the same email. This trend is throughout the logs. Faster at short distances aren't the fastest at long ones ;-p clam has a daemonized version, which helps avoid fork/exec/initialize (load sig db, ...) for every message. - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Antivirus programs?
Adam65535 wrote: On 10/10/07, mouss [EMAIL PROTECTED] wrote: Adam65535 wrote: On 10/9/07, Pelletier, Robert [EMAIL PROTECTED] wrote: I'm using ClamAV. It's a perfect match with Amavis, it's fast and get's high in the reviews. In my experiences clamav/clamd is much slower than other mail scanners (even when up against command line scanners like uvscan). It is still a very useful virus scanner but not fast by any means. For an example... the command line scanner uvscan takes .15 seconds while clamav takes 2.6seconds for the same email. This trend is throughout the logs. Faster at short distances aren't the fastest at long ones ;-p clam has a daemonized version, which helps avoid fork/exec/initialize (load sig db, ...) for every message. Read my message again. The timings are with using clamd. sure, but it says clamav, which I understood as the command line version. can you clarify this please? - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] local.cf being ignored
Ricardo Stella wrote: We are currently testing (not my choice) a hosted anti-spam server, primarily to get rid of the bulk of spam. So our domain MX records point to their servers, and they deliver lower level junk to us. Trying to gray and whitelist some senders, it seems that my local.cf is being ignored. Amavisd config is pretty standard and I'm still using a dual-sendmail setup. A particular sender does not have an envelope sender, so I've been trying to use whitelist_from_received in local.cf But the messages are not being 'whitelisted' and get a standard score. Testing the message with spamassasin -D test.msg gives correctly adds -100 to the score, but if I test the message via amavis, it doesn't. The 'apparent' difference is that in the addresses I have listed in trusted_networks and internal_networks correctly show as such in the debug when done via sa command line, but does not (trusted? no internal? no) when I run amavisd debug-sa. on local.cf I have clear_trusted_networks trusted_networks 127.0.0.1 trusted_networks xx.xx.xx.xx clear_internal_networks internal_networks xx.xx.xx.xx # this is the hosted solution's ip address that sends us mail whitelist_from_rcvd [EMAIL PROTECTED] ourdomain.edu Do I need to add this address(es) to mynetworks in amavisd ? did you restart/reload amavisd-new after modifying your local.cf? - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] When is it safe to bounce (Was: use SPF to prevent backscatter?)
Michael Scheidell wrote: Ah, ok, I had not seen enough additional value using p0f (I turned it off, too much cpu usage for a very small point percentage) and the fact that it really can't figure out the difference between a windows 2000 server and an XP workstation. So, if there a regex that it uses to know when not to bounce? (and I still think if DNS admin bothers to publish spf, dkim, or sender id records we should take the time to not bounce) depends on whether you want a solution now or in ten years ;-p MAYBE a VERY HIGH score on HARD SPF, high enough to be above threshold (and we can increase its priority, and add it to shortcut list also) Other option is to do SPF hard bounce (5xx and disconnect session) in the MTA, that way no 'bounce' is generated, but rather the sending MTA gets the 5xx, zombie or not.) Besides DKIM and SPF, there is still best guess spf. if there is a clear relationship between the sender address and the client (IP or rDNS), then this can be considered as an SPF pass (without the restriction that SPF would have introduced). examples: - client IP is that of an MX of the sender domain. not sure if using a /24 would be safe. - client rDNS is a subdomain of the sender domain. or both are subdomains of a single domain (with 2 or 3 labels, depending on the tld). The rationale is: if they allow spam from a client in their domain, or from a client that is authorized to send on their behalf, then they deserve backscatter and more ;-p - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] rbl in SA or in MTA, which is better
Miguel wrote: I mean, both can do the same tests, where is the best place to do that? regards do both: - use few safe DNSBLs (zen.spamhaus.org for example) in the MTA to reject transaction without having to process data or queue the message - use whatever DNSBLs you want in SA. - you can combine moderately safe DNSBLs in something like policyd-weight, to get scoring at SMTP time. - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Foreign Keys Necessary?
Nate wrote: I've read all the back threads regarding purge performance in the logging database, specifically in mysql. It seems like a still pending issue. In our application where we are increasing the rows in the msgs table by roughly 1million per day, purging the database creates an *extreme* load. In testing, I've attempted purge of the msgs table, and under load I'm getting roughly 25records/second deleted. Regardless the method (individual record deletes, or as a single query). I pull the foreign keys and I can get 3000records/second deleted. Is the only reason for foreign keys to keep the database clean? Can I do away with them and clean it up manually without causing any problems? I'm also curious, what type of stats do the pgsql people see with foreign keys on? you can temporarily disable the foreign keys (FOREIGN_KEY_CHECKS=0) before the purge, and restore them at the end. it may be good to use temporary tables to store results (either those that will be deleted, or those that will be kept). - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] How to manage spam scores?
Justin Kim wrote: Gary wrote: Justin wrote: Hello Everyone, I am using amavis with postfix+mysql setup. Amavis is scanning messages and is reinjecting messages to postfix through smtp. I would like to know how can I manage spam scores so that certain domain like yahoo.com is not getting high score. My user requested that there are false positive when it is sent from specific yahoo.com account. Please help! Justin One way would be to use @score_sender_maps. If you don't have this in amavisd.conf then look for it in amavisd.conf-sample under the heading: # ENVELOPE SENDER SOFT-WHITELISTING / SOFT-BLACKLISTING Look at both the per-recipient and site-wide examples and place your entries in the appropriate position(s). Another possibly method is to determine exactly what particular rule is causing the false positive and then zero out the score of that rule in local.cf. score SOME_YAHOO_RULE 0 What version of SA? Gary V Thanks Gary, My SA version is 3.1.8 on redhat. Amavisd-new version 2.4.5 I couldn't find the yahoo score on /usr/share/spamassassin/50_scores.cf Spam scores are: X-Spam-Flag: YES X-Spam-Score: 6.116 X-Spam-Level: ** X-Spam-Status: Yes, score=6.116 tagged_above=-999 required=5 tests=[BIZ_TLD=1.169, DNS_FROM_RFC_ABUSE=0.479, DNS_FROM_RFC_POST=1.44, DNS_FROM_RFC_WHOIS=0.879, HTML_10_20=0.945, HTML_MESSAGE=0.001, MAILTO_TO_SPAM_ADDR=0.276, MSGID_FROM_MTA_ID=0.927] I do not know if I am on the right track to 0 out yahoo scores. MSGID_FROM_MTA_ID is intriguing. are you sure the mail came from yahoo? consider enabling Bayes and training on errors. You can lower the scores of DNS_FROM_RFC_* just enough so that the score gets below 5. Or you can write meta rules to cancel these if the sending domain is yahoo and the like (maybe too much work though). if you get enough legitimate mail related to .biz domains, you may consider lowering the score of BIZ_TLD. - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Rewrite subject of virus infected mails
Cian Davis wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, I was wondering if there's an easy way of getting amavisd-new to rewrite the subject of virus infected e-mail? I just want to add a INFECTED tag or something. Our users scream if we bounce any mail on them but most aren't clued in enough to check the headers. Do not bounce viruses, nor deliver them in a normal way. either quarantine them or deliver to a special location that may not be accessed directly except by safe mailers or tools. Changing the subject may help to warn the user, but is helpless if the mailer executes the malicious code. Here is an old example: http://news.zdnet.com/2100-9595_22-516586.html - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Rewrite subject of virus infected mails
Tomas Macek wrote: But if the user is virus lover, it's his thing if he want the virus to be delivered into his mailbox and in this case he should be noticed, that the message contains a virus. Will said virus lover pay for the consequences when his machine infects the rest of the world? viruses are different than spam. They are digital massive destruction weapons. If user wants to see what's in the message, use a quarantine area that is not accessible via standard mailers (a web interface that shows plain text only?). you can also deliver a sanitized version of the message, but this is a lot of work. - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Rewrite subject of virus infected mails
Cian Davis wrote: mouss wrote on 22/07/07 18:20: Will said virus lover pay for the consequences when his machine infects the rest of the world? viruses are different than spam. They are digital massive destruction weapons. I understand the argument against delivering viruses to our users, but they expect their mail to come to them untampered, regardless (or at least the bodies). We can add the tools to let them identify virus infected mails but it's up to them to do whatever. I would just like it clearer that the message is virus-infected. but you understand that they can get infected without opening the message, right? As far as I know, the $defang_virus = 1 will change the body so isn't really an option for us. If you use maildrop or procmail then you can alter the subject there (formail or reformail). - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Always - BAD HEADER, Missing required header field: Date
Stefan.G wrote: On Wed, Jul 04, 2007 at 05:27:47PM +0200, mouss wrote: Stefan.G wrote: Sometimes i get not the Date BAD HEADER Error X-Amavis-Alert: BAD HEADER, Non-encoded 8-bit data (char E2 hex): X-eBay-due:\n\t\\342\\25431,76\\n Some webmail and bulkware clients are broken and send 8bit headers without encoding them. There's nothing you can do about it, except disabling the check or living with it. As far as you don't block/quarantine because of bad header, you can live with the warnings. Ok . Can i get Problems witht spamass. when i disable the bad header check - quarantine mode ? no. I have the bad headers check enabled, but no quarantine mode (I don't quarantine anything but viruses. spam gets delivered to special folders. bad headers do not change the disposition, because I see many of them in ham). - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Always - BAD HEADER, Missing required header field: Date
Stefan.G wrote: Sometimes i get not the Date BAD HEADER Error X-Amavis-Alert: BAD HEADER, Non-encoded 8-bit data (char E2 hex): X-eBay-due:\n\t\\342\\25431,76\\n Some webmail and bulkware clients are broken and send 8bit headers without encoding them. There's nothing you can do about it, except disabling the check or living with it. As far as you don't block/quarantine because of bad header, you can live with the warnings. - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] SPAM: Ms outlook test message
Azfar Hashmi wrote: when ever I test ms outlook connection settings amavisd-new consider it spam any idea how to fix it. how can we tell without the full headers? - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] RBL Monitoring.
Azfar Hashmi wrote: thanks guys now where do I get long list of rbl servers to add those in script. Prefer quality over quantity. but if you insist on quantity, take a look at the lists on dnsstuff site or google for check rbl and on the sites that you find, do a lookup of an IP and you'll see many lists. spamlink.net has many lists as well. Note that while it is safe to use any list to lookup your own IP, you should only use safe lists to block mail. you can add 127.0.0.1 and 127.0.0.2 to the list of your IPs. - 127.0.0.1 should never be listed. This may help detect lists gone crazy... - on many lists, 127.0.0.2 should be listed. - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] RBL Monitoring.
Xueron Nee wrote:
Hi Azfar Hashmi,
Here is a simple perl script to do this :)
#!/usr/bin/perl -w
[snip]
a less sofisticated shell version:
#!/bin/sh
ip_list=`grep -v ^# /path/to/ips`
rbl_zones=`grep -v ^# /path/to/rbls`
check_ip()
{
ip=$1
zone=$2
rev_ip=`echo $ip | awk -F. '{print $4 . $3 . $2 . $1}'`
host $rev_ip.$zone | grep -m 1 has address
}
for ip in $ip_list; do
for zone in $rbl_zones; do
check_ip $ip $zone
done
done
-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Give message back from maildrop to amavis
Renato Botelho wrote: Hello, I'm working on a SMTP server project that involves a lot of filters. I'm using postfix, amavisd-new and maildrop. Amavisd-new is quarantining messages on PostgreSQL server. After message is checked by amavisd-new, postfix forward this to maildrop to make some static filters. In some cases, maildrop need to quarantine messages. I need this messages to be quarantined in the same place amavisd-new do, on DB. I've think in 2 solutions: 1) Make maildrop save message on a Maildir, and write an application that reads Maildir and write on amavisd-new database. It'll probably work, but if amavisd-new change table structures, it'll stop working. 2) Configure maildrop to add a mark on message header sayng it needs to be quarantined, and give the message back to amavisd-new, and amavisd-new quarantine this one. I would like to implement the second solution, is it possible? I have no idea how to configure amavisd-new to figure out that message need to be quarantined based on an custom header. sure, add a header like X-THIS-IS-SPAM: yes and add an SA rule that adds 20 points for such a header! Now, I would do the opposite: don't quarantine anything in mavaisd, and let maildrop quarantine all junk. - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] One more reason not to use an autoresponder
Gary V wrote: I am doing some tests on a Debian machine with the Debian 2.4.2 package and the postfixadmin vacation.pl script and I noticed that because the vacation program sends a mail out on the recipient's behalf the sender is now a penpal. If a spammer sends out more than one message using the same sender address the second and subsequent mails get a lower score. Just an observation. This program uses sendmail so I personally will fix this by disabling content_filter for the pickup service. an auto-responder should use as the envelope sender... - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
