Re: [Cooker] Mandrake mail server - Postfix, Spamassassin & Razor
Luca Berra ha scritto: Giuseppe Ghibò wrote: $viruses_that_fake_sender_re = new_RE( qr'nimda|hybris|klez|bugbear|yaha|braid|sobig|palyh|inor|fizzer'i ); . this is used also to alter virus report, the user gets a report stating she received a virus from an unknown source, vs. a real mail address. which user are you talking about: internal (i.e. local) or external? Local recipient only. The problem is that warnvirusender doesn't take care of the warn_offsite status, i.e. if $warnvirussender = 1 the warn mail is sent to sender (with the exception of the viri above), either to local or non local sender. Bye. Giuseppe.
Re: [Cooker] Mandrake mail server - Postfix, Spamassassin & Razor
Luca Berra ha scritto: Giuseppe Ghibò wrote: Luca Berra ha scritto: i'd also like for the rpm to provide a modified master.cf with all goodies described in README.postfix (the part below the ascii art diagram i mean) You are right, but indeed, I was thiking to something different. Instead of a awkward %post script which with some perl/sed/grep would add the lines to master.cf and main.cf, rather only a line to /etc/sysconfig/amavis, containing some variable (e.g. AMAVISD)to "yes" or "no". Then a stand-alone script (e.g. postfix-amavisconf) which would configure or un-configure the master.cf/main.cf according to this value. yes, i like the idea. L. P.S. you don't need perl/sed/grep for main.cf (postconf -e rocks), but you would for master.cf. yes for main.cf is not needed because only content_filter is needed to modify. Bye. Giuseppe.
Re: [Cooker] Mandrake mail server - Postfix, Spamassassin & Razor
Giuseppe Ghibò wrote: > Luca Berra ha scritto: >> i'd also like for the rpm to provide a modified master.cf with all >> goodies described in README.postfix (the part below the ascii art >> diagram i mean) > > > You are right, but indeed, I was thiking to something different. Instead > of a > awkward %post script which with some perl/sed/grep would add the lines > to master.cf and main.cf, > rather only a line to /etc/sysconfig/amavis, containing some variable > (e.g. AMAVISD)to "yes" or "no". Then a stand-alone script (e.g. > postfix-amavisconf) which would configure or un-configure the > master.cf/main.cf according to this value. > yes, i like the idea. L. P.S. you don't need perl/sed/grep for main.cf (postconf -e rocks), but you would for master.cf. L. -- Luca Berra -- [EMAIL PROTECTED] /"\ \ / ASCII RIBBON CAMPAIGN XAGAINST HTML MAIL / \
Re: [Cooker] Mandrake mail server - Postfix, Spamassassin & Razor
Giuseppe Ghibò wrote: $viruses_that_fake_sender_re = new_RE( qr'nimda|hybris|klez|bugbear|yaha|braid|sobig|palyh|inor|fizzer'i ); >>> . >> >> this is used also to alter virus report, the user gets a report >> stating she received a virus from an unknown source, vs. a real mail >> address. > > > which user are you talking about: internal (i.e. local) or external? > Local recipient only. -- Luca Berra -- [EMAIL PROTECTED] /"\ \ / ASCII RIBBON CAMPAIGN XAGAINST HTML MAIL / \
Re: [Cooker] Mandrake mail server - Postfix, Spamassassin & Razor
Levi Ramsey ha scritto: On Thu Jul 03 13:39 +0200, Giuseppe Ghibò wrote: - let spam pass to users (but with X-Spam-Status) and at the same time collect all the recognized spam to a repository for further bayes learning. Collecting SA mails to a bayesian system is beyond stupid, as far as I can tell. You go through all the computational expense of bayesian to essentially duplicate the SpamAssassin rules.. AFAIK the sa-learn is only performed once, that it can be useful for training a 2nd server, maybe testing different thresholds, IMHO. BTW, has anyone tried the crm114 filter? Bye. Giuseppe.
Re: [Cooker] Mandrake mail server - Postfix, Spamassassin & Razor
Luca Berra ha scritto: On Thu, Jul 03, 2003 at 01:39:41PM +0200, Giuseppe Ghibò wrote: http://peoples.mandrakesoft.com/~ghibo/amavisd-new-0.20030616-1mdk.src.rpm :!wget ... But, before posting to contrib, I'm currently trying to find how to modify amavisd.conf so that: - local "recipient" users is warned about receiving virus mail (with virus ID) - sender is warned about sending a mail with virus, but only if sender is relaying from LAN (it's a nonsense to warn non-local sender because 99.9% in case of virus, the sender is fake). bret answered those two, i'd like the list of worm that fake sender to be loaded from an external file to make it easy to modify for lusers. - let spam pass to users (but with X-Spam-Status) and at the same time collect all the recognized spam to a repository for further bayes learning. well you get this free with spamassassin see auto_learn, auto_learn_threshold_nonspam, auto_learn_threshold_spam in Mail::SpamAssassin::Conf (it is enabled by default) collecting spamming (at least at beginning) could be useful for spam learning if you have to bayes train a 2nd spamassassin server or for testing purposes. Or for balancing spam and ham, IMHO. Any quick hints welcome... Furthermore I still need to add a %post script so to set $mydomain in /etc/amavisd.conf. i'd also like for the rpm to provide a modified master.cf with all goodies described in README.postfix (the part below the ascii art diagram i mean) You are right, but indeed, I was thiking to something different. Instead of a awkward %post script which with some perl/sed/grep would add the lines to master.cf and main.cf, rather only a line to /etc/sysconfig/amavis, containing some variable (e.g. AMAVISD)to "yes" or "no". Then a stand-alone script (e.g. postfix-amavisconf) which would configure or un-configure the master.cf/main.cf according to this value. Bye. Giuseppe.
Re: [Cooker] Mandrake mail server - Postfix, Spamassassin & Razor
Luca Berra ha scritto: if the virus is a spoofing virus you have no way of identifying the sender mail address, unless you force the sender to authenticate before sending a message. well, smpt auth could be and idea for this purpose, but postfix indeed would knows the real client sender IP. That's the reason why I suggested a map between real (known) IPs and real (known) email addresses. $viruses_that_fake_sender_re = new_RE( qr'nimda|hybris|klez|bugbear|yaha|braid|sobig|palyh|inor|fizzer'i ); I don't understand. IMHO there is no need to warn the sender if external, as the sending address can be always forged (and maybe this also would unveil attacker your kind of virus scanner and maybe whether it's not updated or not able to maybe recognize a certain virus). IMHO the this is used also to alter virus report, the user gets a report stating she received a virus from an unknown source, vs. a real mail address. which user are you talking about: internal (i.e. local) or external? Bye. Giuseppe.
Re: [Cooker] Mandrake mail server - Postfix, Spamassassin & Razor
Giuseppe Ghibò wrote: For the spoofed viruses a map can be set up to not warn at all: Yes, but the sending user of the LAN won't know he has taken a virus... if the virus is a spoofing virus you have no way of identifying the sender mail address, unless you force the sender to authenticate before sending a message. $viruses_that_fake_sender_re = new_RE( qr'nimda|hybris|klez|bugbear|yaha|braid|sobig|palyh|inor|fizzer'i ); I don't understand. IMHO there is no need to warn the sender if external, as the sending address can be always forged (and maybe this also would unveil attacker your kind of virus scanner and maybe whether it's not updated or not able to maybe recognize a certain virus). IMHO the this is used also to alter virus report, the user gets a report stating she received a virus from an unknown source, vs. a real mail address. needing could be to warn the sending user only if it's in the locale address and he is sending trough the MTA. But there is no way to know the REAL address without a MAP of mail<=>IP? suppose there are two users: "foo" and "bar" at mydomain.com: "foo" has virus and send it trough the postfix SMTP of "mydomain.com" as if mail was appearing "From:<[EMAIL PROTECTED]>". Now if I understand right, you are saying that amavis-new understands that <[EMAIL PROTECTED]> is a FAKE address and then doesn't send any bounced "warning" message. What I'm asking here is: "what to do if I want that <[EMAIL PROTECTED]> will receive a mail from the SMTP that he was trying to sending a VIRUS mail with address <[EMAIL PROTECTED]>. see above for smtp auth
Re: [Cooker] Mandrake mail server - Postfix, Spamassassin & Razor
Bret Baptist ha scritto: The above information was not correct, from the amavisd.conf: # Here is an overall picture (sequence of events) of how pieces fit together # (only virus controls are shown, spam controls work the same way): # # bypass_virus_checks? ==> PASS # no viruses? ==> PASS # log virus if $log_templ is nonempty # quarantineif $virus_quarantine_to is nonempty # notify admin if $virus_admin (lookup) nonempty # notify recips if $warnvirusrecip and (recipient is local or $warn_offsite) # add address extensions if adding extensions is enabled and virus will pass # send non-delivery notifications # to sender if DSN needed (BOUNCE) or ($warn_virus_sender and D_PASS) # virus_lovers or final_destiny==D_PASS ==> PASS # DISCARD (2xx) or REJECT (5xx) (depending on final_*_destiny) It will only send to non-local if $warn_offsite is set to on. So $warn_offsite=undef; ? regardless of local user or not. So the easyest way is to use different mailserver for sending out and receiving in. Why a different mail server? One needs that the mail Sent containing a virus should be blocked, but the LAN sender should be warned that he was sending a virus...; Indeed this should be done in a more powerful way because generally if the Sender takes a virus (like SoBig,BugBear, etc.), generally it would fake addresses even if coming from LAN. So an effective way for doing this would a double checking: For the spoofed viruses a map can be set up to not warn at all: Yes, but the sending user of the LAN won't know he has taken a virus... # Treat envelope sender address as unreliable and don't send sender # notification / bounces if name(s) of detected virus(es) match the list. # Note that virus names are supplied by external virus scanner(s) and are # not standardized, so virus names may need to be adjusted. # See README.lookups for syntax. # That's suppose there is a list of virus faking address, but is "$warn_offsite" applying also to this? $viruses_that_fake_sender_re = new_RE( qr'nimda|hybris|klez|bugbear|yaha|braid|sobig|palyh|inor|fizzer'i ); I don't understand. IMHO there is no need to warn the sender if external, as the sending address can be always forged (and maybe this also would unveil attacker your kind of virus scanner and maybe whether it's not updated or not able to maybe recognize a certain virus). IMHO the needing could be to warn the sending user only if it's in the locale address and he is sending trough the MTA. But there is no way to know the REAL address without a MAP of mail<=>IP? suppose there are two users: "foo" and "bar" at mydomain.com: "foo" has virus and send it trough the postfix SMTP of "mydomain.com" as if mail was appearing "From:<[EMAIL PROTECTED]>". Now if I understand right, you are saying that amavis-new understands that <[EMAIL PROTECTED]> is a FAKE address and then doesn't send any bounced "warning" message. What I'm asking here is: "what to do if I want that <[EMAIL PROTECTED]> will receive a mail from the SMTP that he was trying to sending a VIRUS mail with address <[EMAIL PROTECTED]>. - let spam pass to users (but with X-Spam-Status) and at the same time collect all the recognized spam to a repository for further bayes learning. Tis is done by default if you configure final_spam_destiny as D_PASS. every spam mail over the sa_kill_level_deflt value will be copied to /var/spool/amavisd/viruses Yes, but for viruses the Warning messages doesn't contain the ID of the file, like it happens in amavis-0.3.12. I am not entirely sure what you mean, this is a virus message from amavisd-new: -- A virus (PE_Magistr.B.Dam) was found. Scanner detecting a virus: Trophie The mail originated from: <[EMAIL PROTECTED]> According to the 'Received:' trace, the message originated at: pppdslh205.mpls.uswest.net (HELO Bed) (216.160.26.205) The message WILL NOT BE delivered to: <[EMAIL PROTECTED]>: 550 5.7.1 Message content rejected, id=20707-06 - VIRUS: PE_Magistr.B.Dam Virus scanner output: 1:PE_Magistr.B.Dam The message has been quarantined as: /var/lib/amavis/virusmails/virus-20030703-093755-20707-06 Good. What I wasn't obtaining was this last line..., I got, trying the EICAR test: = VIRUS ALERT Our content checker found virus: EICAR_Test_File in your email to the following recipient: -> [EMAIL PROTECTED] Please check your system for viruses, or ask your system administrator to do so. Delivery of the email was stopped! --- For your reference, here are headers from your email: == Bye. Giuseppe.
Re: [Cooker] Mandrake mail server - Postfix, Spamassassin & Razor
On Thu Jul 03 13:39 +0200, Giuseppe Ghibò wrote: > - let spam pass to users (but with X-Spam-Status) and at the same time > collect > all the recognized spam to a repository for further bayes learning. Collecting SA mails to a bayesian system is beyond stupid, as far as I can tell. You go through all the computational expense of bayesian to essentially duplicate the SpamAssassin rules.. -- Levi Ramsey [EMAIL PROTECTED] [EMAIL PROTECTED] Take due notice and govern yourselves accordingly. Currently playing: Megadeth - Risk - Breadline Linux 2.4.21-0.15mdk 21:19:00 up 3 days, 12:31, 12 users, load average: 0.14, 0.23, 0.19
Re: [Cooker] Mandrake mail server - Postfix, Spamassassin & Razor
On Thu, Jul 03, 2003 at 01:39:41PM +0200, Giuseppe Ghibò wrote: http://peoples.mandrakesoft.com/~ghibo/amavisd-new-0.20030616-1mdk.src.rpm :!wget ... But, before posting to contrib, I'm currently trying to find how to modify amavisd.conf so that: - local "recipient" users is warned about receiving virus mail (with virus ID) - sender is warned about sending a mail with virus, but only if sender is relaying from LAN (it's a nonsense to warn non-local sender because 99.9% in case of virus, the sender is fake). bret answered those two, i'd like the list of worm that fake sender to be loaded from an external file to make it easy to modify for lusers. - let spam pass to users (but with X-Spam-Status) and at the same time collect all the recognized spam to a repository for further bayes learning. well you get this free with spamassassin see auto_learn, auto_learn_threshold_nonspam, auto_learn_threshold_spam in Mail::SpamAssassin::Conf (it is enabled by default) Any quick hints welcome... Furthermore I still need to add a %post script so to set $mydomain in /etc/amavisd.conf. i'd also like for the rpm to provide a modified master.cf with all goodies described in README.postfix (the part below the ascii art diagram i mean) regards, L. -- Luca Berra -- [EMAIL PROTECTED] Communication Media & Services S.r.l. /"\ \ / ASCII RIBBON CAMPAIGN XAGAINST HTML MAIL / \
Re: [Cooker] Mandrake mail server - Postfix, Spamassassin & Razor
On Thu, Jul 03, 2003 at 09:25:25AM +0200, Martin Fahrendorf wrote: Content-Description: signed data Am Donnerstag, 3. Juli 2003 08:18 schrieb Michael Scherer: > So you have to start a process for every single massage. That is wat > I want to avoid. It is no problem while you are receiving only few > messages per hour. But else, the overhead is to much. A daemon > talking smtp is prefered (and that is waht amavisd-new does). But, IIRC, amavis forks a new spamassasin in the backgroung for each message, so, this is almost the same ? No, amavisd-new runs as a daemon and is written in perl. It loads the Mail::Spamassassin perl module at starttime. No external process is started (besides the virus scanner not speaking smtp). well, this is not actually true if $bypass_decode_parts is not defined it does run external programs to extract the mime content and pass it to the antivirus. I believe the heavier thing is that it runs file(1) on each part to determine the filetype, but i believe this can be easily replaced by File::MMagic perl module (if i am able to test it successfully will forward a patch upstream) Regards, L. -- Luca Berra -- [EMAIL PROTECTED] Communication Media & Services S.r.l. /"\ \ / ASCII RIBBON CAMPAIGN XAGAINST HTML MAIL / \
Re: [Cooker] Mandrake mail server - Postfix, Spamassassin & Razor
On Thursday 03 July 2003 9:47 am, Giuseppe Ghibò wrote: > Martin Fahrendorf ha scritto: > > Am Donnerstag, 3. Juli 2003 13:39 schrieb Giuseppe Ghibò: > >>Martin Fahrendorf ha scritto: > >>>Am Donnerstag, 3. Juli 2003 08:18 schrieb Michael Scherer: > >So you have to start a process for every single massage. That is wat > >I want to avoid. It is no problem while you are receiving only few > >messages per hour. But else, the overhead is to much. A daemon > >talking smtp is prefered (and that is waht amavisd-new does). > > But, IIRC, amavis forks a new spamassasin in the backgroung for each > message, so, this is almost the same ? > >>> > >>>No, amavisd-new runs as a daemon and is written in perl. It loads the > >>>Mail::Spamassassin perl module at starttime. No external process is > >>>started (besides the virus scanner not speaking smtp). > >>> > >>>Martin > >> > >>I've currently packaged that here: > >> > >>http://peoples.mandrakesoft.com/~ghibo/amavisd-new-0.20030616-1mdk.src.rp > >>m > > > > looks nice. I will it test tomorrow. > > > >>But, before posting to contrib, I'm currently trying to find how to > >> modify amavisd.conf so that: > >> > >>- local "recipient" users is warned about receiving virus mail (with > >> virus ID) - sender is warned about sending a mail with virus, but only > >> if sender is relaying from LAN (it's a nonsense to warn non-local sender > >> because 99.9% in case of virus, the sender is fake). > > > > There is a flag called warnvirusrecip. But this will warn all recipients > > That's bad, because remote user shouldn't be warned because > generally address are FAKE, so you'll send the mail > to the wrong person, or you'll have the queue full > of non deliverable mails. Plain amavis-0.3.12 (in contrib) > can do this, simply placing the localdomain into > /etc/amavis-localdomains.conf. > The above information was not correct, from the amavisd.conf: # Here is an overall picture (sequence of events) of how pieces fit together # (only virus controls are shown, spam controls work the same way): # # bypass_virus_checks? ==> PASS # no viruses? ==> PASS # log virus if $log_templ is nonempty # quarantineif $virus_quarantine_to is nonempty # notify admin if $virus_admin (lookup) nonempty # notify recips if $warnvirusrecip and (recipient is local or $warn_offsite) # add address extensions if adding extensions is enabled and virus will pass # send non-delivery notifications # to sender if DSN needed (BOUNCE) or ($warn_virus_sender and D_PASS) # virus_lovers or final_destiny==D_PASS ==> PASS # DISCARD (2xx) or REJECT (5xx) (depending on final_*_destiny) It will only send to non-local if $warn_offsite is set to on. > > regardless of local user or not. So the easyest way is to use different > > mailserver for sending out and receiving in. > > Why a different mail server? One needs that the mail Sent containing > a virus should be blocked, but the LAN sender should be warned that > he was sending a virus...; Indeed this should be done in a > more powerful way because generally if the Sender takes a virus > (like SoBig,BugBear, etc.), generally it would fake addresses > even if coming from LAN. So an effective way for doing this would > a double checking: For the spoofed viruses a map can be set up to not warn at all: # Treat envelope sender address as unreliable and don't send sender # notification / bounces if name(s) of detected virus(es) match the list. # Note that virus names are supplied by external virus scanner(s) and are # not standardized, so virus names may need to be adjusted. # See README.lookups for syntax. # $viruses_that_fake_sender_re = new_RE( qr'nimda|hybris|klez|bugbear|yaha|braid|sobig|palyh|inor|fizzer'i ); > > a) Send Warning Mail to Sender address only if the address is in the > local domain (at most this will warn wrong user but not to wrong domain) > > b) Have a MAP between client IP addresses and client mail, so to > warn the right user. > > Maybe this could be a feature request for Amavis-new authors... > Already way ahead of ya. :-) > >>- let spam pass to users (but with X-Spam-Status) and at the same time > >>collect all the recognized spam to a repository for further bayes > >> learning. > > > > Tis is done by default if you configure final_spam_destiny as D_PASS. > > every spam mail over the sa_kill_level_deflt value will be copied to > > /var/spool/amavisd/viruses > > Yes, but for viruses the Warning messages doesn't contain the > ID of the file, like it happens in amavis-0.3.12. I am not entirely sure what you mean, this is a virus message from amavisd-new: -- A virus (PE_Magistr.B.Dam) was found. Scanner detecting a virus: Trophie The mail originated from: <[EMAIL PROTECTED]> According to the 'Received:' trace, the message originated at: pppdslh205.mpls.uswest.net (HELO Bed) (216.160.26.205) The message WILL NOT BE delivered to: <[EMAIL PROTECTED]>: 550 5.7.1 Message
Re: [Cooker] Mandrake mail server - Postfix, Spamassassin & Razor
On Thursday 03 July 2003 9:47 am, Giuseppe Ghibò wrote: > Martin Fahrendorf ha scritto: > > Am Donnerstag, 3. Juli 2003 13:39 schrieb Giuseppe Ghibò: > >>Martin Fahrendorf ha scritto: > >>>Am Donnerstag, 3. Juli 2003 08:18 schrieb Michael Scherer: > >So you have to start a process for every single massage. That is wat > >I want to avoid. It is no problem while you are receiving only few > >messages per hour. But else, the overhead is to much. A daemon > >talking smtp is prefered (and that is waht amavisd-new does). > > But, IIRC, amavis forks a new spamassasin in the backgroung for each > message, so, this is almost the same ? > >>> > >>>No, amavisd-new runs as a daemon and is written in perl. It loads the > >>>Mail::Spamassassin perl module at starttime. No external process is > >>>started (besides the virus scanner not speaking smtp). > >>> > >>>Martin > >> > >>I've currently packaged that here: > >> > >>http://peoples.mandrakesoft.com/~ghibo/amavisd-new-0.20030616-1mdk.src.rp > >>m > > > > looks nice. I will it test tomorrow. > > > >>But, before posting to contrib, I'm currently trying to find how to > >> modify amavisd.conf so that: > >> > >>- local "recipient" users is warned about receiving virus mail (with > >> virus ID) - sender is warned about sending a mail with virus, but only > >> if sender is relaying from LAN (it's a nonsense to warn non-local sender > >> because 99.9% in case of virus, the sender is fake). > > > > There is a flag called warnvirusrecip. But this will warn all recipients > > That's bad, because remote user shouldn't be warned because > generally address are FAKE, so you'll send the mail > to the wrong person, or you'll have the queue full > of non deliverable mails. Plain amavis-0.3.12 (in contrib) > can do this, simply placing the localdomain into > /etc/amavis-localdomains.conf. > The above information was not correct, from the amavisd.conf: # Here is an overall picture (sequence of events) of how pieces fit together # (only virus controls are shown, spam controls work the same way): # # bypass_virus_checks? ==> PASS # no viruses? ==> PASS # log virus if $log_templ is nonempty # quarantineif $virus_quarantine_to is nonempty # notify admin if $virus_admin (lookup) nonempty # notify recips if $warnvirusrecip and (recipient is local or $warn_offsite) # add address extensions if adding extensions is enabled and virus will pass # send non-delivery notifications # to sender if DSN needed (BOUNCE) or ($warn_virus_sender and D_PASS) # virus_lovers or final_destiny==D_PASS ==> PASS # DISCARD (2xx) or REJECT (5xx) (depending on final_*_destiny) It will only send to non-local if $warn_offsite is set to on. > > regardless of local user or not. So the easyest way is to use different > > mailserver for sending out and receiving in. > > Why a different mail server? One needs that the mail Sent containing > a virus should be blocked, but the LAN sender should be warned that > he was sending a virus...; Indeed this should be done in a > more powerful way because generally if the Sender takes a virus > (like SoBig,BugBear, etc.), generally it would fake addresses > even if coming from LAN. So an effective way for doing this would > a double checking: For the spoofed viruses a map can be set up to not warn at all: # Treat envelope sender address as unreliable and don't send sender # notification / bounces if name(s) of detected virus(es) match the list. # Note that virus names are supplied by external virus scanner(s) and are # not standardized, so virus names may need to be adjusted. # See README.lookups for syntax. # $viruses_that_fake_sender_re = new_RE( qr'nimda|hybris|klez|bugbear|yaha|braid|sobig|palyh|inor|fizzer'i ); > > a) Send Warning Mail to Sender address only if the address is in the > local domain (at most this will warn wrong user but not to wrong domain) > > b) Have a MAP between client IP addresses and client mail, so to > warn the right user. > > Maybe this could be a feature request for Amavis-new authors... > Already way ahead of ya. :-) > >>- let spam pass to users (but with X-Spam-Status) and at the same time > >>collect all the recognized spam to a repository for further bayes > >> learning. > > > > Tis is done by default if you configure final_spam_destiny as D_PASS. > > every spam mail over the sa_kill_level_deflt value will be copied to > > /var/spool/amavisd/viruses > > Yes, but for viruses the Warning messages doesn't contain the > ID of the file, like it happens in amavis-0.3.12. I am not entirely sure what you mean, this is a virus message from amavisd-new: -- A virus (PE_Magistr.B.Dam) was found. Scanner detecting a virus: Trophie The mail originated from: <[EMAIL PROTECTED]> According to the 'Received:' trace, the message originated at: pppdslh205.mpls.uswest.net (HELO Bed) (216.160.26.205) The message WILL NOT BE delivered to: <[EMAIL PROTECTED]>: 550 5.7.1 Message
Re: [Cooker] Mandrake mail server - Postfix, Spamassassin & Razor
Martin Fahrendorf ha scritto: Am Donnerstag, 3. Juli 2003 13:39 schrieb Giuseppe Ghibò: Martin Fahrendorf ha scritto: Am Donnerstag, 3. Juli 2003 08:18 schrieb Michael Scherer: So you have to start a process for every single massage. That is wat I want to avoid. It is no problem while you are receiving only few messages per hour. But else, the overhead is to much. A daemon talking smtp is prefered (and that is waht amavisd-new does). But, IIRC, amavis forks a new spamassasin in the backgroung for each message, so, this is almost the same ? No, amavisd-new runs as a daemon and is written in perl. It loads the Mail::Spamassassin perl module at starttime. No external process is started (besides the virus scanner not speaking smtp). Martin I've currently packaged that here: http://peoples.mandrakesoft.com/~ghibo/amavisd-new-0.20030616-1mdk.src.rpm looks nice. I will it test tomorrow. But, before posting to contrib, I'm currently trying to find how to modify amavisd.conf so that: - local "recipient" users is warned about receiving virus mail (with virus ID) - sender is warned about sending a mail with virus, but only if sender is relaying from LAN (it's a nonsense to warn non-local sender because 99.9% in case of virus, the sender is fake). There is a flag called warnvirusrecip. But this will warn all recipients That's bad, because remote user shouldn't be warned because generally address are FAKE, so you'll send the mail to the wrong person, or you'll have the queue full of non deliverable mails. Plain amavis-0.3.12 (in contrib) can do this, simply placing the localdomain into /etc/amavis-localdomains.conf. regardless of local user or not. So the easyest way is to use different mailserver for sending out and receiving in. Why a different mail server? One needs that the mail Sent containing a virus should be blocked, but the LAN sender should be warned that he was sending a virus...; Indeed this should be done in a more powerful way because generally if the Sender takes a virus (like SoBig,BugBear, etc.), generally it would fake addresses even if coming from LAN. So an effective way for doing this would a double checking: a) Send Warning Mail to Sender address only if the address is in the local domain (at most this will warn wrong user but not to wrong domain) b) Have a MAP between client IP addresses and client mail, so to warn the right user. Maybe this could be a feature request for Amavis-new authors... - let spam pass to users (but with X-Spam-Status) and at the same time collect all the recognized spam to a repository for further bayes learning. Tis is done by default if you configure final_spam_destiny as D_PASS. every spam mail over the sa_kill_level_deflt value will be copied to /var/spool/amavisd/viruses Yes, but for viruses the Warning messages doesn't contain the ID of the file, like it happens in amavis-0.3.12. Bye. Giuseppe.
Re: [Cooker] Mandrake mail server - Postfix, Spamassassin & Razor
Am Donnerstag, 3. Juli 2003 13:39 schrieb Giuseppe Ghibò: > Martin Fahrendorf ha scritto: > > Am Donnerstag, 3. Juli 2003 08:18 schrieb Michael Scherer: > >>>So you have to start a process for every single massage. That is wat > >>>I want to avoid. It is no problem while you are receiving only few > >>>messages per hour. But else, the overhead is to much. A daemon > >>>talking smtp is prefered (and that is waht amavisd-new does). > >> > >>But, IIRC, amavis forks a new spamassasin in the backgroung for each > >>message, so, this is almost the same ? > > > > No, amavisd-new runs as a daemon and is written in perl. It loads the > > Mail::Spamassassin perl module at starttime. No external process is > > started (besides the virus scanner not speaking smtp). > > > > Martin > > I've currently packaged that here: > > http://peoples.mandrakesoft.com/~ghibo/amavisd-new-0.20030616-1mdk.src.rpm > looks nice. I will it test tomorrow. > But, before posting to contrib, I'm currently trying to find how to modify > amavisd.conf so that: > > - local "recipient" users is warned about receiving virus mail (with virus > ID) - sender is warned about sending a mail with virus, but only if sender > is relaying from LAN (it's a nonsense to warn non-local sender because > 99.9% in case of virus, the sender is fake). There is a flag called warnvirusrecip. But this will warn all recipients regardless of local user or not. So the easyest way is to use different mailserver for sending out and receiving in. > - let spam pass to users (but with X-Spam-Status) and at the same time > collect all the recognized spam to a repository for further bayes learning. Tis is done by default if you configure final_spam_destiny as D_PASS. every spam mail over the sa_kill_level_deflt value will be copied to /var/spool/amavisd/viruses > > Any quick hints welcome... > > Furthermore I still need to add a %post script so to set $mydomain in > /etc/amavisd.conf. > > Bye. > Giuseppe. Martin -- H E L I X Gesellschaft für Software & Engineering mbH Hanauer Landstrasse 52 Telefon (069) 4789 35-30 D-60314 Frankfurt am Main Telefax (069) 4789 35-44 http://www.helix-gmbh.net[EMAIL PROTECTED] pgp0.pgp Description: signature
Re: [Cooker] Mandrake mail server - Postfix, Spamassassin & Razor
Martin Fahrendorf ha scritto: Am Donnerstag, 3. Juli 2003 08:18 schrieb Michael Scherer: So you have to start a process for every single massage. That is wat I want to avoid. It is no problem while you are receiving only few messages per hour. But else, the overhead is to much. A daemon talking smtp is prefered (and that is waht amavisd-new does). But, IIRC, amavis forks a new spamassasin in the backgroung for each message, so, this is almost the same ? No, amavisd-new runs as a daemon and is written in perl. It loads the Mail::Spamassassin perl module at starttime. No external process is started (besides the virus scanner not speaking smtp). Martin I've currently packaged that here: http://peoples.mandrakesoft.com/~ghibo/amavisd-new-0.20030616-1mdk.src.rpm But, before posting to contrib, I'm currently trying to find how to modify amavisd.conf so that: - local "recipient" users is warned about receiving virus mail (with virus ID) - sender is warned about sending a mail with virus, but only if sender is relaying from LAN (it's a nonsense to warn non-local sender because 99.9% in case of virus, the sender is fake). - let spam pass to users (but with X-Spam-Status) and at the same time collect all the recognized spam to a repository for further bayes learning. Any quick hints welcome... Furthermore I still need to add a %post script so to set $mydomain in /etc/amavisd.conf. Bye. Giuseppe.
Re: [Cooker] Mandrake mail server - Postfix, Spamassassin & Razor
Am Donnerstag, 3. Juli 2003 08:18 schrieb Michael Scherer: > > So you have to start a process for every single massage. That is wat > > I want to avoid. It is no problem while you are receiving only few > > messages per hour. But else, the overhead is to much. A daemon > > talking smtp is prefered (and that is waht amavisd-new does). > > But, IIRC, amavis forks a new spamassasin in the backgroung for each > message, so, this is almost the same ? No, amavisd-new runs as a daemon and is written in perl. It loads the Mail::Spamassassin perl module at starttime. No external process is started (besides the virus scanner not speaking smtp). Martin -- H E L I X Gesellschaft für Software & Engineering mbH Hanauer Landstrasse 52 Telefon (069) 4789 35-30 D-60314 Frankfurt am Main Telefax (069) 4789 35-44 http://www.helix-gmbh.net[EMAIL PROTECTED] pgp0.pgp Description: signature
Re: [Cooker] Mandrake mail server - Postfix, Spamassassin & Razor
> > So you have to start a process for every single massage. That is wat > I want to avoid. It is no problem while you are receiving only few > messages per hour. But else, the overhead is to much. A daemon > talking smtp is prefered (and that is waht amavisd-new does). But, IIRC, amavis forks a new spamassasin in the backgroung for each message, so, this is almost the same ? -- Mickaël Scherer
Re: [Cooker] Mandrake mail server - Postfix, Spamassassin & Razor
Am Mittwoch, 2. Juli 2003 16:13 schrieb magic:
> Martin Fahrendorf wrote:
> >> Actually, spamassassin as setup runs as a deamon (spamd), and hooks
> >>into Postfix as a filter.
> >
> >So how do you feed the mails from postfix into spamd and how does spamd
> >handles the mail back to postfix?
>
> I am not going to pretend I understand everything, but he's my (over
> simplified) explaination:
>
>Postfix gets an email (inbound)
>Postfix content filter (spamfilter.sh) passes email to spamd, using
> spamc (spamc is a light-weight client for spamd).
>Upon completion, the processed email is reinjected into postfix
> (through another content filter) for delivery.
>
>The content filters are configured in /etc/postfix/master.cf:
>
> # SpamAssassin-start
> spamfilter unix - n n - - pipe
> user=spamfilter argv=/etc/mail/spamfilter.sh -f ${sender} -- ${recipient}
> smtp inet n - y - - smtpd
> -o content_filter=spamfilter:
> smtp unix - - y - - smtp
> -o content_filter=spamfilter:
> # SpamAssassin-end
>
>
>Hope this helps!
>
>S
So you have to start a process for every single massage. That is wat I want to
avoid. It is no problem while you are receiving only few messages per hour.
But else, the overhead is to much. A daemon talking smtp is prefered (and
that is waht amavisd-new does).
Martin
--
H E L I X Gesellschaft für Software & Engineering mbH
Hanauer Landstrasse 52 Telefon (069) 4789 35-30
D-60314 Frankfurt am Main Telefax (069) 4789 35-44
http://www.helix-gmbh.net[EMAIL PROTECTED]
pgp0.pgp
Description: signature
Re: [Cooker] Mandrake mail server - Postfix, Spamassassin & Razor
Martin Fahrendorf wrote:
Actually, spamassassin as setup runs as a deamon (spamd), and hooks
into Postfix as a filter.
So how do you feed the mails from postfix into spamd and how does spamd
handles the mail back to postfix?
I am not going to pretend I understand everything, but he's my (over
simplified) explaination:
Postfix gets an email (inbound)
Postfix content filter (spamfilter.sh) passes email to spamd, using
spamc (spamc is a light-weight client for spamd).
Upon completion, the processed email is reinjected into postfix
(through another content filter) for delivery.
The content filters are configured in /etc/postfix/master.cf:
# SpamAssassin-start
spamfilter unix - n n - - pipe
user=spamfilter argv=/etc/mail/spamfilter.sh -f ${sender} -- ${recipient}
smtp inet n - y - - smtpd
-o content_filter=spamfilter:
smtp unix - - y - - smtp
-o content_filter=spamfilter:
# SpamAssassin-end
Hope this helps!
S
