[AMaViS-user] Razor2 and amavisd-new

2005-08-10 Thread Gary V
Razor2 for use with amavisd-new. Mini HOWTO These are ad-hoc observations, and may not be 100% accurate. Configuring Razor2 used to baffle me. I had no idea what the program wanted to run successfully, and how to integrate it into amavisd-new properly. The experiences I relay in this post I belie

Re: [AMaViS-user] spamassassin

2005-08-10 Thread Gary V
boricua wrote: > in /etc/mail/spamassassin/local.cf i have several rules including this one > ok_languages en es > ok_locales en > score DRUGS_ERECTILE 4.00 > score NIGERIAN_SUBJECT1 5.00 > score BIZ_TLD 4.70 > score PENIS_ENLARGE 5.00 > score

Re: [AMaViS-user] spamassassin

2005-08-10 Thread boricua
On Wed, 10 Aug 2005 10:57:01 +0100 Tom Brown <[EMAIL PROTECTED]> wrote: > > > thanks mine is in /etc/mail/spamassasin > > spamassasin --lint when done to recompile the rules > in /etc/mail/spamassassin/local.cf i have several rules including this one ok_languages en es ok_locales en sco

Re: [AMaViS-user] Turn off the annoying razor log?

2005-08-10 Thread Mark Martinec
Matt, > > The only bad part is stopping and starting amavisd-new on a busy > > server. So maybe you could set it up, then save the stop and start for > > when you have other changes to make. > > We have two relays though :) Take one down and the other one is used. > > So I kill postfix first, and

Re: [AMaViS-user] /var/amavis/tmp ... youch! My mistake...

2005-08-10 Thread Mark Martinec
> > /var/amavis/tmp does get a crap load of traffic :) > > I'll look into putting this into memory. > > here's what i do on an older red hat, put something like this in > /etc/fstab: > > none /var/amavis/tmp tmpfs size=512m,uid=106,gid=201 0 0 For the archive: see also parallel thread

Re: [AMaViS-user] Wow! CPU "high load"... [was Wow! CPU overload...]

2005-08-10 Thread Mark Martinec
> I do not have /var/amavis/tmp in a RAM drive, ... > Am I missing something? > Would moving that dir to memory really help improve I/O? >> You have to be very careful, if tmpfs fills up, amavisd-new processes >> croak. I'm not sure it's worth it primarily due to this fact. Do your >> homework if

Re: [AMaViS-user] Turn off the annoying razor log?

2005-08-10 Thread Matt Juszczak
The only bad part is stopping and starting amavisd-new on a busy server. So maybe you could set it up, then save the stop and start for when you have other changes to make. We have two relays though :) Take one down and the other one is used. So I kill postfix first, and then work with amavis,

Re: [AMaViS-user] Turn off the annoying razor log?

2005-08-10 Thread Gary V
Gary wrote: > But really, configuring razor as I mentioned is quite simple. The only bad part is stopping and starting amavisd-new on a busy server. So maybe you could set it up, then save the stop and start for when you have other changes to make. Gary V --

Re: [AMaViS-user] Turn off the annoying razor log?

2005-08-10 Thread Gary V
Matt wrote: >> Then I'm not sure where razor is set up for you. If your amavis user >> is named 'vscan': >> >> su vscan -c 'razor-admin -create' >> >> should create /var/amavis/.razor >> >> with these files in it: >> -rw-r--r-- 1 vscan vscan 698 Aug 10 10:45 razor-agent.conf >> -rw-r--r-- 1 vs

Re: [AMaViS-user] Turn off the annoying razor log?

2005-08-10 Thread Matt Juszczak
Then I'm not sure where razor is set up for you. If your amavis user is named 'vscan': su vscan -c 'razor-admin -create' should create /var/amavis/.razor with these files in it: -rw-r--r-- 1 vscan vscan 698 Aug 10 10:45 razor-agent.conf -rw-r--r-- 1 vscan vscan 484 Aug 10 10:45 server.fol

Re: [AMaViS-user] why got banned

2005-08-10 Thread Gary V
Gary wrote: > boricua wrote: >> agree but where is it getting that instruction to do so? >> i first put a rule in local.cf to do that but i would ii expected >> to be treated as spam not banned then i remove the rule and still was banned, >> so where is that config >>> > X-Amavis-Alert: BANNED

Re: [AMaViS-user] why got banned

2005-08-10 Thread Gary V
boricua wrote: > agree but where is it getting that instruction to do so? > i first put a rule in local.cf to do that but i would ii expected > to be treated as spam not banned then i remove the rule and still was banned, > so where is that config >> > X-Amavis-Alert: BANNED, message contains p

Re: [AMaViS-user] why got banned

2005-08-10 Thread boricua
> The amavis config is usually at /etc/amavisd.conf. > > Search for "$banned_filename_re". That is what defines the banned filenames > in Amavis. It has nothing to do with SpamAssassin. > > Bowie > thanks i kind thought it was there --- SF.

Re: [AMaViS-user] why got banned

2005-08-10 Thread boricua
On Wed, Aug 10, 2005 at 04:14:52PM -0400, [EMAIL PROTECTED] wrote: > > agree but where is it getting that instruction to do so? > i first put a rule in local.cf to do that but i would ii expected to be > treated as spam not banned then i remove the rule and still was banned, > > > so where is t

RE: [AMaViS-user] why got banned

2005-08-10 Thread Bowie Bailey
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > > On Wed, Aug 10, 2005 at 04:10:57PM -0400, Bowie Bailey wrote: > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > > > > > > itrying to understand why this mail got banned without > > > reason AND > > > > > [snip] > > > > > > X-Amavis-

Re: [AMaViS-user] Turn off the annoying razor log?

2005-08-10 Thread Gary V
mess-mate wrote: > Gary V <[EMAIL PROTECTED]> wrote: > | Matt wrote: > | | >> Hi all, | >> Is there a way to turn off the annoying razor log in /var/amavis/tmp ? | >> Thanks, | >> Matt > | > | Try this > | > | set: > | debuglevel = 0 > | in: > | vi /path/to/amavis/.razor/razor-agent

Re: [AMaViS-user] why got banned

2005-08-10 Thread boricua
agree but where is it getting that instruction to do so? i first put a rule in local.cf to do that but i would ii expected to be treated as spam not banned then i remove the rule and still was banned, so where is that config On Wed, Aug 10, 2005 at 04:10:57PM -0400, Bowie Bailey wrote: > Fro

RE: [AMaViS-user] why got banned

2005-08-10 Thread Bowie Bailey
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > > itrying to understand why this mail got banned without reason AND > [snip] > > X-Amavis-Alert: BANNED, message contains part: > P=p004,L=1,M=multipart/mixed | > P=p003,L=1/2,M=application/octet-stream,T=exe,T=exe-ms,N=wtr.exe It looks li

Re: [AMaViS-user] Turn off the annoying razor log?

2005-08-10 Thread mess-mate
Gary V <[EMAIL PROTECTED]> wrote: | Matt wrote: | | > Hi all, | > Is there a way to turn off the annoying razor log in /var/amavis/tmp ? | > Thanks, | > Matt | | Try this | | set: | debuglevel = 0 | in: | vi /path/to/amavis/.razor/razor-agent.conf | | Gary V | Strange... I've a raz

Re: [AMaViS-user] Turn off the annoying razor log?

2005-08-10 Thread Gary V
Matt wrote: >> Try this >> >> set: >> debuglevel = 0 >> in: >> vi /path/to/amavis/.razor/razor-agent.conf >> > Which path to amavis? My config is in /usr/local/etc/amavisd.conf and my > amavis dir is /var/amavis but there's no .razor there. I need to create > it? ls -al /var/amav

Re: [AMaViS-user] /var/amavis/tmp ... youch! My mistake...

2005-08-10 Thread Dan Pritts
On Wed, Aug 10, 2005 at 02:28:55PM -0400, Matt Juszczak wrote: > Wow, I was wrong. > > /var/amavis/tmp does get a crap load of traffic :) > > I'll look into putting this into memory. here's what i do on an older red hat, put something like this in /etc/fstab: none /var/amavis/tmp tmpfs s

[AMaViS-user] why got banned

2005-08-10 Thread boricua
itrying to understand why this mail got banned without reason AND Return-Path: <> Delivered-To: banned-quarantine X-Envelope-From: < X-Envelope-To: <[EMAIL PROTECTED]> X-Quarantine-Id: Received: from by pepino.is-a-geek.org (Postfix) with ESMTP id 34D6B10ABC for <[EMAIL PROTECT

Re: [AMaViS-user] Wow! CPU "high load"... [was Wow! CPU overload...]

2005-08-10 Thread Gary V
Matt wrote: >> Then you may need a crap load of memory! >> How many amavis* directories are there? A large number may indicate a >> problem. > About 20? The directory never gets above 2 or 3 megs though, as long as > the razor-agent.log is wiped. Thats why I want to know how to turn it off >

Re: [AMaViS-user] Turn off the annoying razor log?

2005-08-10 Thread Matt Juszczak
Try this set: debuglevel = 0 in: vi /path/to/amavis/.razor/razor-agent.conf Which path to amavis? My config is in /usr/local/etc/amavisd.conf and my amavis dir is /var/amavis but there's no .razor there. I need to create it? --

Re: [AMaViS-user] Turn off the annoying razor log?

2005-08-10 Thread Gary V
Matt wrote: > Hi all, > Is there a way to turn off the annoying razor log in /var/amavis/tmp ? > Thanks, > Matt Try this set: debuglevel = 0 in: vi /path/to/amavis/.razor/razor-agent.conf Gary V --- SF.Net email is Sponsored by

Re: [AMaViS-user] Wow! CPU "high load"... [was Wow! CPU overload...]

2005-08-10 Thread Matt Juszczak
Then you may need a crap load of memory! How many amavis* directories are there? A large number may indicate a problem. About 20? The directory never gets above 2 or 3 megs though, as long as the razor-agent.log is wiped. Thats why I want to know how to turn it off :) lookup_ldap: 3861 (5

Re: [AMaViS-user] Wow! CPU "high load"... [was Wow! CPU overload...]

2005-08-10 Thread Gary V
Matt wrote: >>> Any other ideas? >> >> One thought is to thwart the common practice of spammers that target >> only the secondary MX. > That's actually a good idea :) I'll consider that! But all of our MX > records are the same priority anyway, but adding a fake secondary might > actually be p

[AMaViS-user] Turn off the annoying razor log?

2005-08-10 Thread Matt Juszczak
Hi all, Is there a way to turn off the annoying razor log in /var/amavis/tmp ? Thanks, Matt --- SF.Net email is Sponsored by the Better Software Conference & EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Ag

Re: [AMaViS-user] /var/amavis/tmp ... youch! My mistake...

2005-08-10 Thread Stephen Carter
>>>Matt Juszczak <[EMAIL PROTECTED]> 08/10/05 7:28 pm >>> >Wow, I was wrong. > >/var/amavis/tmp does get a crap load of traffic :) > >I'll look into putting this into memory. > >-Matt Dumb Q... how do you monitor a particular directory for activity as opposed to simply total disk throughp

Re: [AMaViS-user] Setting to discard spam

2005-08-10 Thread Gary V
Matt wrote: >> What would work for you is to globally change $final_spam_destiny to >> D_DISCARD, set amavisSpamQuarantineTo to undef for all users (I'm not >> sure if LDAP differs in the actual setting, but you simply need to not have >> quarantines), then set amavisSpamKillLevel to .9 for ev

Re: [AMaViS-user] Spam-handling email only for selected users

2005-08-10 Thread Gary V
Gary wrote: > Mark wrote: >> Richard, >>> If I wanted to only perform spam-handling for specific user email >>> addresses and allow all other email to the domain to avoid >>> spam-handling, would the following work: >>> >>> @spam_lovers_maps = ( read_hash("$MYHOME/spam_lovers") ); >>> @local_dom

[AMaViS-user] /var/amavis/tmp ... youch! My mistake...

2005-08-10 Thread Matt Juszczak
Wow, I was wrong. /var/amavis/tmp does get a crap load of traffic :) I'll look into putting this into memory. -Matt --- SF.Net email is Sponsored by the Better Software Conference & EXPO September 19-22, 2005 * San Francisco, CA * Developmen

[AMaViS-user] some mail making it through

2005-08-10 Thread Chris Larsen
pam-b206d856c34609a66406f52137c33f72-20050810-131939-28031-10 Spam detection software, running on the system "sk2.int.daeda.net", has identified this incoming email as possible spam. The original message has been attached to this so you can view it (if it isn't spam) or label similar future e

Re: [AMaViS-user] Setting to discard spam

2005-08-10 Thread Matt Juszczak
What would work for you is to globally change $final_spam_destiny to D_DISCARD, set amavisSpamQuarantineTo to undef for all users (I'm not sure if LDAP differs in the actual setting, but you simply need to not have quarantines), then set amavisSpamKillLevel to .9 for everyone (this MUST be the

Re: [AMaViS-user] Setting to discard spam

2005-08-10 Thread Matt Juszczak
To use spam_quarantine_cutoff_level, first you need a quarantine. So you would have to define a separate quarantine_to for each user who desires this. You would also have to set spam_kill_level for each user. spam_kill_level is the trigger to quarantine something. I believe you would also globally

Re: [AMaViS-user] Setting to discard spam

2005-08-10 Thread Matt Juszczak
I know you have said you are 100% LDAP. Looking at the amavisd executable, and README.ldap, spam_quarantine_cutoff_level is not to be found, so you would have to start customizing at any rate. So maybe using procmail to /dev/null scoring messages greater than 20 or 30 would be good, IF a user r

RE: [AMaViS-user] Setting to discard spam

2005-08-10 Thread Matt Juszczak
1.2 is an increadibly low level. I personally would not allow users to set levels below some "reasonable" level, as this just introduces the "where's my lost email". Once its gone, its gone. Be sure to enable more detailed log messages so you can see the results of various actions. Agreed.

Re: [AMaViS-user] Wow! CPU "high load"... [was Wow! CPU overload...]

2005-08-10 Thread Matt Juszczak
What is the parallelism set to now? This sounds like too few concurrent channels. In a similar hardware config, I'm seeing typical end-to-end delays of under 2 sec through amavisd. -- Clifton I hae 15 processes running by default, if that's what you're asking. -

Re: [AMaViS-user] Wow! CPU "high load"... [was Wow! CPU overload...]

2005-08-10 Thread Matt Juszczak
Any other ideas? One thought is to thwart the common practice of spammers that target only the secondary MX. That's actually a good idea :) I'll consider that! But all of our MX records are the same priority anyway, but adding a fake secondary might actually be pretty neat (since spammers m

Re: [AMaViS-user] Wow! CPU "high load"... [was Wow! CPU overload...]

2005-08-10 Thread Gary V
Matt wrote: > Hi all, > > We've got two relay servers setup (relay1 and relay2) and its working > fine, but the mail coming in is amazing. I'm glad we went with the two > relay server solution instead of everything on one box. > > Each of these relay servers is a 3 GIG processor with 1 GB ram. >

Re: [AMaViS-user] Spam-handling email only for selected users

2005-08-10 Thread Gary V
Mark wrote: > Richard, >> If I wanted to only perform spam-handling for specific user email >> addresses and allow all other email to the domain to avoid >> spam-handling, would the following work: >> >> @spam_lovers_maps = ( read_hash("$MYHOME/spam_lovers") ); >> @local_domains_maps = ( [".xyz.c

RE: [AMaViS-user] Setting to discard spam

2005-08-10 Thread Mike Cappella
> > Whats the difference between sa_kill_level and > sa_quarantine_cutoff_level? Just for the record, there is no "sa_kill_level"; the two levels you'll care about are: $sa_kill_level_deflt As mentioned, this triggers evasive action. Where the message actual goes depends upon the set

Re: [AMaViS-user] adding our own filter

2005-08-10 Thread Mark Martinec
Gustavo, > We want to create our own filter to implement a user and domain disk quota. > How do we plug our own filter into amavis? Currently there is no plugins mechanism for additional checks in amavisd-new, you will have to hack the code, probably somewhere in sub check_mail. I'm not sure a c

Re: [AMaViS-user] Spam-handling email only for selected users

2005-08-10 Thread Mark Martinec
Richard, > If I wanted to only perform spam-handling for specific user email > addresses and allow all other email to the domain to avoid > spam-handling, would the following work: > > @spam_lovers_maps = ( read_hash("$MYHOME/spam_lovers") ); > @local_domains_maps = ( [".xyz.com"] ); > > where $MY

Re: [AMaViS-user] banned files exceptions?

2005-08-10 Thread Mark Martinec
David, > I’m having trouble getting my head around some of the setting in amavisd > and was hoping someone could assist me. I want to block all .exe and > .dll files (in and out) except for our helpdesk which must be able to > send .exe to clients. > > The blocking of .exe and .dll is ok but I’m

Re: [AMaViS-user] Problem with unwanted banned file match

2005-08-10 Thread Mark Martinec
Daniel, > i´ve got a problem with Banned File Rules on amavisd 2.3.2. ... > # block certain double extensions in filenames > qr'(?# BLOCK DOUBLE-EXTENSIONS ) > ^ (.*\t)? N= [^\t\n]* \. [^./\t\n]* [A-Za-z] [^./\t\n]* \. > (exe|vbs|pif|scr|bat|cmd|com|cpl|dll) \.? (\t.*)?

Re: [AMaViS-user] Spamlovers from a file (SOLVED)

2005-08-10 Thread Mark Martinec
Johan, > I found out what caused the problem; > This does not work on the enveloppe recipient but on the system email > adres. No, this is not true (if by 'system address' you mean the one in mail header). Amavisd-new lookups work on envelope addresses, always. > e.g. i do have an email adress [

Re: [AMaViS-user] spamassassin

2005-08-10 Thread Tom Brown
thanks mine is in /etc/mail/spamassasin spamassasin --lint when done to recompile the rules --- SF.Net email is Sponsored by the Better Software Conference & EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices

[AMaViS-user] Problem with unwanted banned file match

2005-08-10 Thread Siegers, Daniel
Hi list, i´ve got a problem with Banned File Rules on amavisd 2.3.2. Here are the rules: @banned_filename_maps = (); # to disable old-style # new-style of banned lookup table $banned_namepath_re = new_RE( # block these MIME types qr'(?#NO X-MSDOWNLOAD) ^(.*\t)? M=application/x-msdownlo