Re: failed to pipe to program sa-learn-spam.sh
Hi @lbutlr, - Nachricht von "@lbutlr via dovecot" - Datum: Thu, 6 Jun 2019 15:27:47 -0600 Von: "@lbutlr via dovecot" Antwort an: "@lbutlr" Betreff: Re: failed to pipe to program sa-learn-spam.sh An: "@lbutlr via dovecot" On Jun 6, 2019, at 1:18 PM, @lbutlr via dovecot wrote: Hang on. I think this might be sa-learn that is crashing. Fixing sa-learn eliminated the error dovecot was reporting. -- When the stars threw down their spears And watered heaven with their tears, Did He smile his work to see? Did He who made the Lamb make thee? - Ende der Nachricht von "@lbutlr via dovecot" - (not only) just for the records: could you please tell us, how fixed you sa-learn? Thanks Christoph. -- Christoph Haas
Re: Virus scan + removal on a mdbox mail storage
Hello David, - Nachricht von David Pottage via dovecot - Datum: Thu, 21 Feb 2019 13:58:14 + Von: David Pottage via dovecot Antwort an: David Pottage Betreff: Re: Virus scan + removal on a mdbox mail storage An: dovecot@dovecot.org [...] NO! My mail storage is mdbox. And at the moment I have no intention to convert it to Maildir! Could I ask why? maildir is a better storage format is almost every respect. well, I have a mailbox with about 50k emails ..., so one reason seems to me better backup performance with mdbox, since there are much less files to save. Another reason - you can beat me for this - it's more freaky ;-) - no, just kidding ... There was some years ago an interesting lecture from Peer Heinlein about the mdbox mail storage, I afterwards bought his "Dovecot Buch" of OpenSource Press and sticked to mdbox. But I'll test backup of my mail storage converted to Maildir (which can easily be done thanks dsync) - If there are no significant time difference, I might then change to Maildir. [...] The thing is that users will usually open emails shortly after they arrive. Most emails are not opened again later, especially the attachments. you're right about this. And if a user has suspicions abaout a possibly infected attachment, one can delete the whole email without hassle. [...] For my day job I work for Sophos (A cyber security vendor), so all this is familiar to me. If you have the budget for a commercial product, then Sophos PureMessage does have postfix support. Technical details here: https://docs.sophos.com/msg/pmx/help/en-us/msg/pmx/tasks/GSGConfigExtPostfixConfig.html Other AV vendors probably have similar support, but I don't know any details. -- David Pottage I know about Sophos. Since my infrastructure is only for me and my family, I'll use the SAV9-free package ... and will try to integrate this with Postfix or AmaVisd. - Ende der Nachricht von David Pottage via dovecot - Christoph. -- Christoph Haas bin_ijLLkhTCE.bin Description: Öffentlicher PGP-Schlüssel pgploURl1Izxg.pgp Description: Digitale PGP-Signatur
Re: Virus scan + removal on a mdbox mail storage
Hello David, - Nachricht von David Pottage via dovecot - Datum: Wed, 20 Feb 2019 14:56:51 + Von: David Pottage via dovecot Antwort an: David Pottage Betreff: Re: Virus scan + removal on a mdbox mail storage An: dovecot@dovecot.org On 2019-02-20 01:46, Christoph Haas via dovecot wrote: I need advice on how virus scan and removal can be done on a _mdbox_ mail storage? On a maildir storage the virus scanner (e.g. clamav etc.) can detect and remove a email that is infected, since every email and attachment are stored in separate files. But in mdbox the emails and attachments are compressed together in one ore more mdbox-files ... I am anxious to convert my mail storage for virus scanning into maildir format, since I don't know if a virus or crypto trojan con be activated with this converting action =:-o To clarify: You want to convert your mail storage from mdbox to maildir, but you want to scan for viruses first? NO! My mail storage is mdbox. And at the moment I have no intention to convert it to Maildir! But I know, that virus detection and deletion is much easier with Maildir, since every mail is represented by a file. So if there is one mail infected, the file can easily deleted - also by external antivirus tools. Also there are no indices with Maildir. On the opposite in the mdbox mail storage several mails are represented by one mdbox-file, so I'm looking for a way to detect and if necessary remove infected mails without damaging my mdbox storage or the indices. One idea was to convert the mdbox storage for virus scanning on the fly to Maildir do the antivirus stuff and then vice versa. But this produces quite a lot of overhead ... --> so I need a better way You are doing things in the wrong order. Firstly converting mail storage format is very unlikely to trigger a virus. For that to happen the virus author would need to find and write an exploit for dovecot that will trick it into treating email as executable code. While not impossible that is quite unlikely because there is no normal situation where dovecot will execute email as code. Also it is unlikely that a virus writer will target dovecot when Microsoft exchange is much more common and would be a higher value target. Secondly, as a rule you want to scan email for viruses as it arrives and leaves, not when it is at rest in user mailboxes, again it is possible that a new virus will be discovered some time after the email arrives so a retrospective scan would find it, but that won't help you much because most users read their email and open attachments soon after the email arrives. I'm completely with you! I have of course configured my postfix with Amavisd-new and all that stuff. But viruses evolve quite faster than detection patterns of e.g. Clam-AV. So it is likely, that Clam-AV didn't detect a virus when scanning the mail-traffic on arrival and the malware now resides in the mdbox-storage. For this situation an afterward virus scan of the existing mail storage on a regular basis seems to me an appropriate method to get rid of viruses, trojans etc. that were not detected on arrival and reside like a time bomb in my mail storage... Btw.: what virus scanners besides Clam-AV are the people on this list using? And how is the virus scanner implemented: via Amavisd-new or e.g. rspamd or ...? - I hope this question is not too offtopic for the dovecot list! So my advice is to do the conversion to maildir now, then scan all the files as a one off, and going forward you should configure your email transport daemon (postfix, exim etc) to pass incoming (and possibly outgoing) email through clamav. -- David Pottage - Ende der Nachricht von David Pottage via dovecot - Cheers Christoph. P.S.: excuse my English - I'm no native speaker ... -- Christoph Haas binBMlAUlNpd8.bin Description: Öffentlicher PGP-Schlüssel pgpiePGwQChRc.pgp Description: Digitale PGP-Signatur
Virus scan + removal on a mdbox mail storage
Hi, I need advice on how virus scan and removal can be done on a _mdbox_ mail storage? On a maildir storage the virus scanner (e.g. clamav etc.) can detect and remove a email that is infected, since every email and attachment are stored in separate files. But in mdbox the emails and attachments are compressed together in one ore more mdbox-files ... I am anxious to convert my mail storage for virus scanning into maildir format, since I don't know if a virus or crypto trojan con be activated with this converting action =:-o Cheers Christoph. -- Christoph Haas binBVUnA8ZNjK.bin Description: Öffentlicher PGP-Schlüssel pgpqO_sysrWRV.pgp Description: Digitale PGP-Signatur
Re: How to backup maildir
Hello Robert, [... snip ...] of course I'm totally with you: asking other people for help, is often a good - if even not the only way to getting things done. It was not my intention to insult you! I hope this did not come in to your mind ... Personally I would have a look at the mentioned Dovecot-backup-script as a start. It does really a very good job! Cudos to Klaus Tachtler! Another option could be, to sync your mail via mbsync/isync or offlineimap to your Notebook ... but as an alternative backup, it depends on how many users are on your Dovecot-server. In a second cycle, you can then extend or modify this script - as I have been doing. But you should bear in mind, that you should have at least 2-3 replicas of your data on different storage, for having a good backup. Cheers Christoph. -- Christoph Haas bin3GRljaWbc1.bin Description: Öffentlicher PGP-Schlüssel pgpdeZ_qIsYCq.pgp Description: Digitale PGP-Signatur
Re: How to backup maildir
Hello Robert, - Nachricht von Robert Moskowitz via dovecot - Datum: Sat, 9 Feb 2019 22:50:24 -0500 Von: Robert Moskowitz via dovecot Antwort an: Robert Moskowitz , Dovecot Mailing List Betreff: How to backup maildir An: Dovecot Mailing List I have been thinking, and reading, on how to back up my mailserver. I have not found any approach that seems ready to use. I have run years without any backup, but would really like to have something in place. you're a really lucky guy! - I've been struck in the past for such carelessness on the one or other machine with dataloss ;-) I figure I can attach a USB drive and backup to that, then from there rsync to something elsewhere. Further if that USB drive is a full mailserver image, I actually have a 'hot backup' where I only have to put the backup drive into a system and boot up at the last backup. But this means properly copying all of /home/vmail and probably /home/sieve plus the /var/lib/mysql Are you aware of the dovecot command "dsync"? (man dsync or https://wiki.dovecot.org/Tools/Doveadm/Sync) This could be an approach of using dsync: dsync backup -o plugin/quota= -f -u $user backup maildir:/mnt/USB/dovecot-backup/Maildir/$user/mail Are there good tools that nicely does this? Or do I choose a time late at night (only I am sometimes in non-US timezones) to shut down all services and just use rsync? And stopping services itself is thought provoking. What if Dovecot, amavis, mysql, or whatelse is in the middle of writing out a mail file what happens to that file and restart. Just scary stuff and, in part, why I have never tackled this in the past. thanks for all feedback - Ende der Nachricht von Robert Moskowitz via dovecot - It really depends on how important your data is to you ... But you should really think about a general backup-strategy! "Mr. Google" can help you to get some ideas how YOUR backup-strategy could look like... Also there is much input for backing up dovecot with it's different mail storage flavours. - But you have to invest some effort on your own, to search, read, evaluate and finally choose what's fitting into YOUR setup! But as an starting point: I'm using a for _MY setup_ modified and adopted version of Klaus Tachtler's dovecot-backup script: https://github.com/tachtler/dovecot-backup/blob/master/dovecot_backup.sh ... mixed it with Borg Backup: https://www.borgbackup.org/ ... some further encryption, cloud storage and ... and ... and other stuff. But as above mentioned: YOU have to think about the grade of your paranoia level, how importand the data is to you in case of an data loss, time and money you are willing to invest and build upon this YOUR PERSONAL backup strategy. - Sadly there is no one-size-fits-all! Last famous words: I've looked at your vita and was wondering about your post - you were writing RFCs, but have no clue about backing up your mail-data??? Strange ... Nevermind! Just my 2ct - hope this helps Christoph. -- Christoph Haas binxAAP3atXH5.bin Description: Öffentlicher PGP-Schlüssel pgpK9JwJk_0VA.pgp Description: Digitale PGP-Signatur