Razor2 for use with amavisd-new. Mini HOWTO
These are ad-hoc observations, and may not be 100% accurate.
Configuring Razor2 used to baffle me. I had no idea what the program
wanted to run successfully, and how to integrate it into amavisd-new
properly. The experiences I relay in this post I belie
boricua wrote:
> in /etc/mail/spamassassin/local.cf i have several rules including this one
> ok_languages en es
> ok_locales en
> score DRUGS_ERECTILE 4.00
> score NIGERIAN_SUBJECT1 5.00
> score BIZ_TLD 4.70
> score PENIS_ENLARGE 5.00
> score
On Wed, 10 Aug 2005 10:57:01 +0100
Tom Brown <[EMAIL PROTECTED]> wrote:
>
> > thanks mine is in /etc/mail/spamassasin
>
> spamassasin --lint when done to recompile the rules
>
in /etc/mail/spamassassin/local.cf i have several rules including this one
ok_languages en es
ok_locales en
sco
Matt,
> > The only bad part is stopping and starting amavisd-new on a busy
> > server. So maybe you could set it up, then save the stop and start for
> > when you have other changes to make.
>
> We have two relays though :) Take one down and the other one is used.
>
> So I kill postfix first, and
> > /var/amavis/tmp does get a crap load of traffic :)
> > I'll look into putting this into memory.
>
> here's what i do on an older red hat, put something like this in
> /etc/fstab:
>
> none /var/amavis/tmp tmpfs size=512m,uid=106,gid=201 0 0
For the archive: see also parallel thread
> I do not have /var/amavis/tmp in a RAM drive, ...
> Am I missing something?
> Would moving that dir to memory really help improve I/O?
>> You have to be very careful, if tmpfs fills up, amavisd-new processes
>> croak. I'm not sure it's worth it primarily due to this fact. Do your
>> homework if
The only bad part is stopping and starting amavisd-new on a busy
server. So maybe you could set it up, then save the stop and start for
when you have other changes to make.
We have two relays though :) Take one down and the other one is used.
So I kill postfix first, and then work with amavis,
Gary wrote:
> But really, configuring razor as I mentioned is quite simple.
The only bad part is stopping and starting amavisd-new on a busy
server. So maybe you could set it up, then save the stop and start for
when you have other changes to make.
Gary V
--
Matt wrote:
>> Then I'm not sure where razor is set up for you. If your amavis user
>> is named 'vscan':
>>
>> su vscan -c 'razor-admin -create'
>>
>> should create /var/amavis/.razor
>>
>> with these files in it:
>> -rw-r--r-- 1 vscan vscan 698 Aug 10 10:45 razor-agent.conf
>> -rw-r--r-- 1 vs
Then I'm not sure where razor is set up for you. If your amavis user
is named 'vscan':
su vscan -c 'razor-admin -create'
should create /var/amavis/.razor
with these files in it:
-rw-r--r-- 1 vscan vscan 698 Aug 10 10:45 razor-agent.conf
-rw-r--r-- 1 vscan vscan 484 Aug 10 10:45 server.fol
Gary wrote:
> boricua wrote:
>> agree but where is it getting that instruction to do so?
>> i first put a rule in local.cf to do that but i would ii expected
>> to be treated as spam not banned then i remove the rule and still was banned,
>> so where is that config
>>> > X-Amavis-Alert: BANNED
boricua wrote:
> agree but where is it getting that instruction to do so?
> i first put a rule in local.cf to do that but i would ii expected
> to be treated as spam not banned then i remove the rule and still was banned,
> so where is that config
>> > X-Amavis-Alert: BANNED, message contains p
> The amavis config is usually at /etc/amavisd.conf.
>
> Search for "$banned_filename_re". That is what defines the banned filenames
> in Amavis. It has nothing to do with SpamAssassin.
>
> Bowie
>
thanks
i kind thought it was there
---
SF.
On Wed, Aug 10, 2005 at 04:14:52PM -0400, [EMAIL PROTECTED] wrote:
>
> agree but where is it getting that instruction to do so?
> i first put a rule in local.cf to do that but i would ii expected to be
> treated as spam not banned then i remove the rule and still was banned,
>
>
> so where is t
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
>
> On Wed, Aug 10, 2005 at 04:10:57PM -0400, Bowie Bailey wrote:
> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> > >
> > > itrying to understand why this mail got banned without
> > > reason AND
> > >
> > [snip]
> > >
> > > X-Amavis-
mess-mate wrote:
> Gary V <[EMAIL PROTECTED]> wrote:
> | Matt wrote:
> |
| >> Hi all,
| >> Is there a way to turn off the annoying razor log in /var/amavis/tmp ?
| >> Thanks,
| >> Matt
> |
> | Try this
> |
> | set:
> | debuglevel = 0
> | in:
> | vi /path/to/amavis/.razor/razor-agent
agree but where is it getting that instruction to do so?
i first put a rule in local.cf to do that but i would ii expected to be treated
as spam not banned then i remove the rule and still was banned,
so where is that config
On Wed, Aug 10, 2005 at 04:10:57PM -0400, Bowie Bailey wrote:
> Fro
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
>
> itrying to understand why this mail got banned without reason AND
>
[snip]
>
> X-Amavis-Alert: BANNED, message contains part:
> P=p004,L=1,M=multipart/mixed |
> P=p003,L=1/2,M=application/octet-stream,T=exe,T=exe-ms,N=wtr.exe
It looks li
Gary V <[EMAIL PROTECTED]> wrote:
| Matt wrote:
|
| > Hi all,
| > Is there a way to turn off the annoying razor log in /var/amavis/tmp ?
| > Thanks,
| > Matt
|
| Try this
|
| set:
| debuglevel = 0
| in:
| vi /path/to/amavis/.razor/razor-agent.conf
|
| Gary V
|
Strange... I've a raz
Matt wrote:
>> Try this
>>
>> set:
>> debuglevel = 0
>> in:
>> vi /path/to/amavis/.razor/razor-agent.conf
>>
> Which path to amavis? My config is in /usr/local/etc/amavisd.conf and my
> amavis dir is /var/amavis but there's no .razor there. I need to create
> it?
ls -al /var/amav
On Wed, Aug 10, 2005 at 02:28:55PM -0400, Matt Juszczak wrote:
> Wow, I was wrong.
>
> /var/amavis/tmp does get a crap load of traffic :)
>
> I'll look into putting this into memory.
here's what i do on an older red hat, put something like this in /etc/fstab:
none /var/amavis/tmp tmpfs s
itrying to understand why this mail got banned without reason AND
Return-Path: <>
Delivered-To: banned-quarantine
X-Envelope-From: <
X-Envelope-To: <[EMAIL PROTECTED]>
X-Quarantine-Id:
Received: from
by pepino.is-a-geek.org (Postfix) with ESMTP id 34D6B10ABC
for <[EMAIL PROTECT
Matt wrote:
>> Then you may need a crap load of memory!
>> How many amavis* directories are there? A large number may indicate a
>> problem.
> About 20? The directory never gets above 2 or 3 megs though, as long as
> the razor-agent.log is wiped. Thats why I want to know how to turn it off
>
Try this
set:
debuglevel = 0
in:
vi /path/to/amavis/.razor/razor-agent.conf
Which path to amavis? My config is in /usr/local/etc/amavisd.conf and my
amavis dir is /var/amavis but there's no .razor there. I need to create
it?
--
Matt wrote:
> Hi all,
> Is there a way to turn off the annoying razor log in /var/amavis/tmp ?
> Thanks,
> Matt
Try this
set:
debuglevel = 0
in:
vi /path/to/amavis/.razor/razor-agent.conf
Gary V
---
SF.Net email is Sponsored by
Then you may need a crap load of memory!
How many amavis* directories are there? A large number may indicate a problem.
About 20? The directory never gets above 2 or 3 megs though, as long as
the razor-agent.log is wiped. Thats why I want to know how to turn it off
:)
lookup_ldap: 3861 (5
Matt wrote:
>>> Any other ideas?
>>
>> One thought is to thwart the common practice of spammers that target
>> only the secondary MX.
> That's actually a good idea :) I'll consider that! But all of our MX
> records are the same priority anyway, but adding a fake secondary might
> actually be p
Hi all,
Is there a way to turn off the annoying razor log in /var/amavis/tmp ?
Thanks,
Matt
---
SF.Net email is Sponsored by the Better Software Conference & EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Ag
>>>Matt Juszczak <[EMAIL PROTECTED]> 08/10/05 7:28 pm >>>
>Wow, I was wrong.
>
>/var/amavis/tmp does get a crap load of traffic :)
>
>I'll look into putting this into memory.
>
>-Matt
Dumb Q... how do you monitor a particular directory for activity as opposed to
simply total disk throughp
Matt wrote:
>> What would work for you is to globally change $final_spam_destiny to
>> D_DISCARD, set amavisSpamQuarantineTo to undef for all users (I'm not
>> sure if LDAP differs in the actual setting, but you simply need to not have
>> quarantines), then set amavisSpamKillLevel to .9 for ev
Gary wrote:
> Mark wrote:
>> Richard,
>>> If I wanted to only perform spam-handling for specific user email
>>> addresses and allow all other email to the domain to avoid
>>> spam-handling, would the following work:
>>>
>>> @spam_lovers_maps = ( read_hash("$MYHOME/spam_lovers") );
>>> @local_dom
Wow, I was wrong.
/var/amavis/tmp does get a crap load of traffic :)
I'll look into putting this into memory.
-Matt
---
SF.Net email is Sponsored by the Better Software Conference & EXPO
September 19-22, 2005 * San Francisco, CA * Developmen
pam-b206d856c34609a66406f52137c33f72-20050810-131939-28031-10
Spam detection software, running on the system "sk2.int.daeda.net", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future e
What would work for you is to globally change $final_spam_destiny to
D_DISCARD, set amavisSpamQuarantineTo to undef for all users (I'm not
sure if LDAP differs in the actual setting, but you simply need to not have
quarantines), then set amavisSpamKillLevel to .9 for everyone
(this MUST be the
To use spam_quarantine_cutoff_level, first you need a
quarantine. So you would have to define a separate quarantine_to for each
user who desires this. You would also have to set spam_kill_level for
each user. spam_kill_level is the trigger to quarantine something. I
believe you would also globally
I know you have said you are 100% LDAP.
Looking at the amavisd executable, and README.ldap,
spam_quarantine_cutoff_level is not to be found, so you would have to
start customizing at any rate.
So maybe using procmail to /dev/null scoring messages greater than 20 or
30 would be good, IF a user r
1.2 is an increadibly low level. I personally would not allow users to set
levels below some "reasonable" level, as this just introduces the "where's
my lost email". Once its gone, its gone. Be sure to enable more detailed
log messages so you can see the results of various actions.
Agreed.
What is the parallelism set to now? This sounds like too few
concurrent channels. In a similar hardware config, I'm seeing typical
end-to-end delays of under 2 sec through amavisd.
-- Clifton
I hae 15 processes running by default, if that's what you're asking.
-
Any other ideas?
One thought is to thwart the common practice of spammers that target
only the secondary MX.
That's actually a good idea :) I'll consider that! But all of our MX
records are the same priority anyway, but adding a fake secondary might
actually be pretty neat (since spammers m
Matt wrote:
> Hi all,
>
> We've got two relay servers setup (relay1 and relay2) and its working
> fine, but the mail coming in is amazing. I'm glad we went with the two
> relay server solution instead of everything on one box.
>
> Each of these relay servers is a 3 GIG processor with 1 GB ram.
>
Mark wrote:
> Richard,
>> If I wanted to only perform spam-handling for specific user email
>> addresses and allow all other email to the domain to avoid
>> spam-handling, would the following work:
>>
>> @spam_lovers_maps = ( read_hash("$MYHOME/spam_lovers") );
>> @local_domains_maps = ( [".xyz.c
>
> Whats the difference between sa_kill_level and
> sa_quarantine_cutoff_level?
Just for the record, there is no "sa_kill_level"; the two levels you'll care
about are:
$sa_kill_level_deflt
As mentioned, this triggers evasive action. Where the message actual goes
depends upon the set
Gustavo,
> We want to create our own filter to implement a user and domain disk quota.
> How do we plug our own filter into amavis?
Currently there is no plugins mechanism for additional checks in amavisd-new,
you will have to hack the code, probably somewhere in sub check_mail.
I'm not sure a c
Richard,
> If I wanted to only perform spam-handling for specific user email
> addresses and allow all other email to the domain to avoid
> spam-handling, would the following work:
>
> @spam_lovers_maps = ( read_hash("$MYHOME/spam_lovers") );
> @local_domains_maps = ( [".xyz.com"] );
>
> where $MY
David,
> I’m having trouble getting my head around some of the setting in amavisd
> and was hoping someone could assist me. I want to block all .exe and
> .dll files (in and out) except for our helpdesk which must be able to
> send .exe to clients.
>
> The blocking of .exe and .dll is ok but I’m
Daniel,
> i´ve got a problem with Banned File Rules on amavisd 2.3.2.
...
> # block certain double extensions in filenames
> qr'(?# BLOCK DOUBLE-EXTENSIONS )
> ^ (.*\t)? N= [^\t\n]* \. [^./\t\n]* [A-Za-z] [^./\t\n]* \.
> (exe|vbs|pif|scr|bat|cmd|com|cpl|dll) \.? (\t.*)?
Johan,
> I found out what caused the problem;
> This does not work on the enveloppe recipient but on the system email
> adres.
No, this is not true (if by 'system address' you mean the one in mail header).
Amavisd-new lookups work on envelope addresses, always.
> e.g. i do have an email adress [
thanks mine is in /etc/mail/spamassasin
spamassasin --lint when done to recompile the rules
---
SF.Net email is Sponsored by the Better Software Conference & EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Hi list,
i´ve got a problem with Banned File Rules on amavisd 2.3.2.
Here are the rules:
@banned_filename_maps = (); # to disable old-style
# new-style of banned lookup table
$banned_namepath_re = new_RE(
# block these MIME types
qr'(?#NO X-MSDOWNLOAD) ^(.*\t)? M=application/x-msdownlo
49 matches
Mail list logo
