Hi,
On Thu, Aug 21, 2008 at 7:25 PM, Mark Martinec
<[EMAIL PROTECTED]<[EMAIL PROTECTED]>
> wrote:
> Eduardo,
>
> > Ok, but what I want is that mail from the Internet to be discarded when a
> > certain score is achieved, defined by *$sa_kill_level_deflt = 15.0*;
>
> It should be according to your settings, unless you have some
> other higher-cannon settings telling otherwise (*spam_lovers*,
> @spam_kill_level_maps, %final_destiny_by_ccat, %lovers_maps_by_ccat).
I don´t have this configured.
>
>
> > There is a kind of debug to recipients?
> > Something like [EMAIL PROTECTED]
>
> No, there isn't. But as about every 8 or 9 messages out of 10
> are spam nowadays, just rise log level to 5 and leave amavisd
> running for a minute or two, and you should have enough evidence.
> Pick a representative case from the log and grep the log
> for the log_id, collecting all log entries belonging to the
> same task, e.g.:
> $ fgrep '(58163-09)' /var/log/amavisd.log
Here, when I putted the policy @debug_sender_maps =
(["[EMAIL PROTECTED]"]);
any messages from this address not generated logs more detailed.
I putted this in the end of file /etc/amavis/amavisd.conf
I read [1], like recommended by MrC, ajusting the configs, but not worked.
I don´t know if I was clear but i want discard messages with score/hits >
"x"
Version of the amavis: 2.4.2-5
my amavisd.conf:
use strict;
$MYHOME = '/var/lib/amavis'; # (default is '/var/amavis')
$mydomain = 'conset.com.br'; # (no useful default)
$daemon_user = 'amavis'; # (no default (undef))
$daemon_group = 'amavis'; # (no default (undef))
$TEMPBASE = $MYHOME; # (must be set if other config vars use is)
$pid_file = "/var/run/amavis/amavisd.pid"; # (default:
"$MYHOME/amavisd.pid")
$lock_file = "/var/run/amavis/amavisd.lock"; # (default:
"$MYHOME/amavisd.lock")
$ENV{TMPDIR} = $TEMPBASE; # wise to set TMPDIR, but not obligatory
$forward_method = 'smtp:127.0.0.1:10025';
$notify_method = $forward_method;
$max_servers = 4; # number of pre-forked children (default 2)
$max_requests = 10; # retire a child after that many accepts (default 10)
$child_timeout=10*60; # abort child if it does not complete each task in n
sec
# (default: 8*60 seconds)
@local_domains_acl = ( ".$mydomain" );
$relayhost_is_client = 0;
$insert_received_line = 1;
$unix_socketname = undef;
$inet_socket_port = 10024;
$inet_socket_bind = '127.0.0.1';
@inet_acl = qw( 127.0.0.1 );
$DO_SYSLOG = 1;
$LOGFILE = "/var/log/amavis.log";
$log_level = 4;
$log_templ = '[? %#V |[? %#F |[?%#D|Not-Delivered|Passed]|BANNED name/type
(%F)]|INFECTED (%V)], #
[?%o|(?)|<%o>] -> [<%R>|,][? %i ||, quarantine %i], Message-ID: %m, Hits:
%c';
read_l10n_templates('en_US', '/etc/amavis');
$final_virus_destiny = D_DISCARD; # (defaults to D_BOUNCE)
$final_banned_destiny = D_DISCARD; # (defaults to D_BOUNCE)
$final_spam_destiny = D_DISCARD; # (defaults to D_REJECT)
$final_bad_header_destiny = D_PASS; # (defaults to D_PASS), D_BOUNCE
suggested
$viruses_that_fake_sender_re = new_RE(
qr'nimda|hybris|klez|bugbear|yaha|braid|sobig|fizzer|palyh|peido|holar'i,
qr'tanatos|lentin|bridex|mimail|trojan\.dropper|dumaru|parite|spaces'i,
qr'dloader|galil|gibe|swen|netwatch|bics|sbrowse|sober|rox|val(hal)?la'i,
qr'frethem|sircam|be?agle|tanx|mydoom|novarg|shimg|netsky|somefool|moodown'i,
qr'@mm|@MM', # mass mailing viruses as labeled by f-prot and uvscan
qr'Worm'i, # worms as labeled by ClamAV, Kaspersky, etc
[qr'^(EICAR|Joke\.|Junk\.)'i => 0],
[qr'^(WM97|OF97|W95/CIH-|JS/Fort)'i => 0],
[qr/.*/ => 1], # true by default (remove or comment-out if undesired)
);
$virus_admin = "[EMAIL PROTECTED]";
$mailfrom_to_quarantine = ''; # override sender address with null return
path
$QUARANTINEDIR = '/var/lib/amavis/virusmails';
$virus_quarantine_to = undef;
$spam_quarantine_to = undef;
$banned_quarantine_to = undef;
$bad_header_quarantine_to = undef;
$X_HEADER_TAG = 'X-Virus-Scanned'; # (default: undef)
$X_HEADER_LINE = "by $myversion (Debian) at $mydomain";
$undecipherable_subject_tag = '***UNCHECKED*** ';
$remove_existing_x_scanned_headers = 0;
$remove_existing_spam_headers = 1;
$keep_decoded_original_re = new_RE(
qr'^MAIL-UNDECIPHERABLE$', # retain full mail if it contains
undecipherables
qr'^(ASCII(?! cpio)|text|uuencoded|xxencoded|binhex)'i,
);
$banned_filename_re = new_RE(
qr'\.[^.]*\.(exe|vbs|pif|scr|bat|cmd|com|dll)$'i, # some double
extensions
qr'[{}]', # curly braces in names (serve as Class ID extensions -
CLSID)
qr'^message/partial$'i, # rfc2046. this one is deadly for Outcrook
);
$sql_select_white_black_list = undef; # undef disables SQL
white/blacklisting
$sql_select_white_black_list = undef; # undef disables SQL
white/blacklisting
$recipient_delimiter = '+'; # (default is '+')
$replace_existing_extension = 1; # (default is false)
$localpart_is_case_sensitive = 0; # (default is false)
$blacklist_sender_re = new_RE(
qr'^(bulkmail|offers|cheapbenefits|earnmoney|foryou|greatcasino)@'i,
qr'^(investments|lose_weight_today|market\.alert|money2you|MyGreenCard)@'i,
qr'^(new\.tld\.registry|opt-out|opt-in|optin|saveonl|smoking2002k)@'i,
qr'^(specialoffer|specialoffers|stockalert|stopsnoring|wantsome)@'i,
qr'^(workathome|yesitsfree|your_friend|greatoffers)@'i,
qr'^(inkjetplanet|marketopt|MakeMoney)\d*@'i,
);
map { $whitelist_sender{lc($_)}=1 } (qw(
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED] <[EMAIL PROTECTED]>
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
));
$MAXLEVELS = 14; # (default is undef, no limit)
$MAXFILES = 1500; # (default is undef, no limit)
$MIN_EXPANSION_QUOTA = 100*1024; # bytes (default undef, not
enforced)
$MAX_EXPANSION_QUOTA = 300*1024*1024; # bytes (default undef, not
enforced)
$MIN_EXPANSION_FACTOR = 5; # times original mail size (must be
specified)
$MAX_EXPANSION_FACTOR = 500; # times original mail size (must be
specified)
$path = '/usr/local/sbin:/usr/local/bin:/usr/sbin:/sbin:/usr/bin:/bin';
$file = 'file'; # file(1) utility; use 3.41 or later to avoid
vulnerability
$gzip = 'gzip';
$bzip2 = 'bzip2';
$lzop = 'lzop';
$uncompress = ['uncompress', 'gzip -d', 'zcat'];
$unfreeze = ['unfreeze', 'freeze -d', 'melt', 'fcat'];
$arc = ['nomarch', 'arc'];
$unarj = ['arj', 'unarj']; # both can extract, arj is recommended
$unrar = ['rar', 'unrar']; # both can extract, same options
$zoo = 'zoo';
$lha = 'lha';
$cpio = 'cpio'; # comment out if cpio does not support GNU options
$sa_local_tests_only = 1; # (default: false)
$sa_timeout = 30;
$sa_mail_body_size_limit = 150*1024;
$sa_tag_level_deflt = 6.3;
$sa_tag2_level_deflt = 6.3;
$sa_kill_level_deflt = 15.0;
$sa_dsn_cutoff_level = 15.0;
$first_infected_stops_scan = 1;
@av_scanners = (
....
@av_scanners_backup = (
....
@debug_sender_maps = (["[EMAIL PROTECTED]"]);
1; # insure a defined return
The order of lines is significant?
[1] - http://www200.pair.com/mecham/spam/amavisd-settings.html
[]´s
--
Eduardo Júnior
GNU/Linux user #423272
:wq
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
AMaViS-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
