Gary wrote:
>> I am lost as you now... I understand that this has to work.
>>> I noticed you have no content_filter in main.cf Let me see your
>>> master.cf. If this is not working maybe it's related to how
>>> amavis is called.
>> Sorry, It was disabled because of some testing at the time I ran
Andres wrote:
> On 12/18/06, Gary V <[EMAIL PROTECTED]> wrote:
>> Well, this shows that this message was scanned and some rules hit. The
>> question is, is this sent from a SASL AUTH user? If mail is sent from
>> a SASL AUTH user, and you have the rule in local.cf:
>>
>> Also, if this mail is from
On 12/18/06, Gary V <[EMAIL PROTECTED]> wrote:
> Well, this shows that this message was scanned and some rules hit. The
> question is, is this sent from a SASL AUTH user? If mail is sent from
> a SASL AUTH user, and you have the rule in local.cf:
>
> Also, if this mail is from a client using SASL A
Andres wrote:
> I did what you told me, and it seems that the emails are ok now, how
> can I confirm this is not temporary working well?
> This is a header from an email now:
> X-Virus-Scanned: Debian amavisd-new at domain.com.ar
> X-Spam-Status: No, score=3.157 tagged_above=2 required=6.31 tests
On 12/14/06, Gary V <[EMAIL PROTECTED]> wrote:
> I would get rid of this:
>
> smtpd_client_restrictions =
> reject_rbl_client sbl.spamhaus.org,
> reject_rbl_client relays.ordb.org,
> reject_rbl_client blackholes.easynet.nl
>
> and move these to after reject_unauth_destination
>
> smtpd_recipient
Andres wrote:
> On 12/13/06, Gary V <[EMAIL PROTECTED]> wrote:
>>
>> If you do have whitespace where the directive continues on to the next
>> line, maybe you need to show 'postconf -n'. Are you sure the client in
>> question was authenticated?
>>
>> Gary V
> Gary, I do have pcre support, I insta
On 12/13/06, Gary V <[EMAIL PROTECTED]> wrote:
>
> If you do have whitespace where the directive continues on to the next
> line, maybe you need to show 'postconf -n'. Are you sure the client in
> question was authenticated?
>
> Gary V
Gary, I do have pcre support, I installed postfix-pcre package
Gary wrote:
> smtpd_data_restrictions = reject_unauth_pipelining,
>permit_sasl_authenticated,
>check_client_access pcre:/etc/postfix/add_auth_header.pcre
>> The only difference with yours is that I am using a comma separating values.
>> The other is identical...
>> SMTP Auth is
Andres wrote:
> On 12/13/06, Gary V <[EMAIL PROTECTED]> wrote:
>> >> etc/postfix/main.cf:
>> >> smtpd_data_restrictions =
>> >> reject_unauth_pipelining
>> >> permit_sasl_authenticated
>> >> check_client_access pcre:/etc/postfix/add_auth_header.pcre
>> >>
>> >> /etc/postfix/add_auth_he
On 12/13/06, Gary V <[EMAIL PROTECTED]> wrote:
> >> etc/postfix/main.cf:
> >> smtpd_data_restrictions =
> >> reject_unauth_pipelining
> >> permit_sasl_authenticated
> >> check_client_access pcre:/etc/postfix/add_auth_header.pcre
> >>
> >> /etc/postfix/add_auth_header.pcre
> >> /^/ PREPE
Andres wrote:
> On 11/30/06, Gary V <[EMAIL PROTECTED]> wrote:
>> Here is another idea on a way possible to do this (if you don't have
>> Postfix 2.3.x). This should add and 'X-SMTP-Auth: no' header to all
>> messages except authenticated. The spamassassin rule then adds -15
>> points if this head
On 11/30/06, Gary V <[EMAIL PROTECTED]> wrote:
> Here is another idea on a way possible to do this (if you don't have
> Postfix 2.3.x). This should add and 'X-SMTP-Auth: no' header to all
> messages except authenticated. The spamassassin rule then adds -15
> points if this header is missing. Requir
> > # Internal
> > clear_internal_networks
> > internal_networks 127/8 IP_of_first_mail_relay IP_of_second_mail_relay
> > # Trusted
> > clear_trusted_networks
> > trusted_networks 127/8 IP_of_first_mail_relay IP_of_second_mail_relay
> If you properly list your
> internal network (127/8 is in your
Leon Kolchinsky
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Gary V
Sent: Saturday, December 02, 2006 9:20 PM
To: amavis-user@lists.sourceforge.net
Subject: Re: [AMaViS-user] SA whitelist usage
Leon wrote:
> So, if I got you right
> If I want to whitelist_
Leon wrote:
> So, if I got you right
> If I want to whitelist_from_rcvd to work for users of my own server I should
> delist it from trusted_networks and internal_networks (i.e. 127/8 should
> never be included)?
> This way the first untrusted server would be my own, right?
> # Internal
> clear_i
:12 PM
To: amavis-user@lists.sourceforge.net
Subject: Re: [AMaViS-user] SA whitelist usage
Gary wrote:
> In this particular header, the sender and the rDNS of the relay host
> must (at least partially) match the the sender and host in
> whitelist_from_rcvd.
Actually I think the sender
Gary wrote:
> In this particular header, the sender and the rDNS of the relay host
> must (at least partially) match the the sender and host in
> whitelist_from_rcvd.
Actually I think the sender would be retrieved from a different
header. The thing is, whitelist_from_rcvd might be useful in a
sit
Leon wrote:
> Hello,
> I think that Anders has a point here.
> whitelist_from_rcvd should add -100 points to any scanned e-mail, so
> theoretically it should pass at any condition.
No, if I am not mistaken there is one specific received header that is
looked at to determine whether there is a ma
On 12/2/06, Leon Kolchinsky <[EMAIL PROTECTED]> wrote:
> Hello,
>
> I think that Anders has a point here.
> whitelist_from_rcvd should add -100 points to any scanned e-mail, so
> theoretically it should pass at any condition.
>
> Why is this not happening is a mystery to me.
> He isn't blaming SA p
wrong.
Best Regards,
Leon Kolchinsky
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Gary V
Sent: Thursday, November 30, 2006 7:12 PM
To: amavis-user@lists.sourceforge.net
Subject: Re: [AMaViS-user] SA whitelist usage
Gary wrote:
> Andres wrote:
>
Andres,
> RCVD_IN_DSBL=2.6, RCVD_IN_SORBS_DUL=2.046,
> The user is sending email OUTSIDE my network, because he works at
> other location. And uses SASL Auth. He uses an automatic IP given by
> his ISP ( Could it be that IP being blacklisted because of the
> "public" condition?)
Mail is being ch
Gary wrote:
> Andres wrote:
>> On 11/29/06, Gary V <[EMAIL PROTECTED]> wrote:
>>> > The user could send emails before with no problem...
>>> > Thanks!
>>>
>>> This may give you some ideas:
>>> http://www200.pair.com/mecham/spam/bypassing.html#10
>>>
>>> Gary V
>> Hey Gary, what is the objetive o
Andres wrote:
> On 11/29/06, Gary V <[EMAIL PROTECTED]> wrote:
>> > The user could send emails before with no problem...
>> > Thanks!
>>
>> This may give you some ideas:
>> http://www200.pair.com/mecham/spam/bypassing.html#10
>>
>> Gary V
> Hey Gary, what is the objetive of setting whitelist and
On 11/29/06, Gary V <[EMAIL PROTECTED]> wrote:
> > The user could send emails before with no problem...
> > Thanks!
>
> This may give you some ideas:
> http://www200.pair.com/mecham/spam/bypassing.html#10
>
> Gary V
Hey Gary, what is the objetive of setting whitelist and
trusted_networks if them w
Andres wrote:
> On 11/29/06, Clifton Royston <[EMAIL PROTECTED]> wrote:
>> If these scores are correct, and you did indeed receive it from an
>> employee machine on your network, your employee has a really-truly
>> badly compromised machine on your network which is being actively used
>> to send
On 11/29/06, Clifton Royston <[EMAIL PROTECTED]> wrote:
> If these scores are correct, and you did indeed receive it from an
> employee machine on your network, your employee has a really-truly
> badly compromised machine on your network which is being actively used
> to send spam.
> -- Clifton
On Wed, Nov 29, 2006 at 05:58:19PM -0300, Andres wrote:
> I know that this is more a spamassassin-related question but I found
> here smart guys who also work with it, and maybe experienced this,
>
> I added this to local.cf at /etc/spamassassin
>
> whitelist_from_rcvd [EMAIL PROTECTED] domain.co
Andres wrote:
> Hi !
> I know that this is more a spamassassin-related question but I found
> here smart guys who also work with it, and maybe experienced this,
> I added this to local.cf at /etc/spamassassin
> whitelist_from_rcvd [EMAIL PROTECTED] domain.com
> (domain.com is my domain)
> an
Hi !
I know that this is more a spamassassin-related question but I found
here smart guys who also work with it, and maybe experienced this,
I added this to local.cf at /etc/spamassassin
whitelist_from_rcvd [EMAIL PROTECTED] domain.com
(domain.com is my domain)
and:
trusted_networks 127.0.0.
29 matches
Mail list logo
