Eduardo ,
Eduardo Júnior wrote:
> On Thu, Aug 21, 2008 at 7:25 PM, Mark Martinec
> <[EMAIL PROTECTED]<[EMAIL PROTECTED]>
>> wrote:
>>
>>> Ok, but what I want is that mail from the Internet to be discarded when a
>>> certain score is achieved, defined by *$sa_kill_level_deflt = 15.0*;
>> It should be according to your settings, unless you have some
>> other higher-cannon settings telling otherwise (*spam_lovers*,
>> @spam_kill_level_maps, %final_destiny_by_ccat, %lovers_maps_by_ccat).
>
> I don´t have this configured.
>
>>> There is a kind of debug to recipients?
>>> Something like [EMAIL PROTECTED]
>> No, there isn't. But as about every 8 or 9 messages out of 10
>> are spam nowadays, just rise log level to 5 and leave amavisd
>> running for a minute or two, and you should have enough evidence.
>> Pick a representative case from the log and grep the log
>> for the log_id, collecting all log entries belonging to the
>> same task, e.g.:
>> $ fgrep '(58163-09)' /var/log/amavisd.log
>
>
>
> Here, when I putted the policy @debug_sender_maps =
> (["[EMAIL PROTECTED]"]);
>
> any messages from this address not generated logs more detailed.
> I putted this in the end of file /etc/amavis/amavisd.conf
With all the attempts you have made, and nothing seeming to stick, one
might believe that your amavisd.conf file being edited is not the file
being used. What does your amavisd startup script look like (in
/etc/init.d or /etc/rc.d I presume, but this is distro-dependant, or how
you actually start amavisd may be custom)
Do any of the settings below work, or have you had luck when changing
other values from the below config file?
I also notice
$sa_local_tests_only = 1; # (default: false)
Is this what you really want?
> I read [1], like recommended by MrC, ajusting the configs, but not worked.
> I don´t know if I was clear but i want discard messages with score/hits >
> "x"
A score of x (score=x) means SA was not called. This will occur when
messages are larger than $sa_mail_body_size_limit, for example. So you
want to discard all messages for which SA has not been called?!
MrC
> Version of the amavis: 2.4.2-5
>
> my amavisd.conf:
>
> use strict;
>
> $MYHOME = '/var/lib/amavis'; # (default is '/var/amavis')
> $mydomain = 'conset.com.br'; # (no useful default)
> $daemon_user = 'amavis'; # (no default (undef))
> $daemon_group = 'amavis'; # (no default (undef))
> $TEMPBASE = $MYHOME; # (must be set if other config vars use is)
> $pid_file = "/var/run/amavis/amavisd.pid"; # (default:
> "$MYHOME/amavisd.pid")
> $lock_file = "/var/run/amavis/amavisd.lock"; # (default:
> "$MYHOME/amavisd.lock")
> $ENV{TMPDIR} = $TEMPBASE; # wise to set TMPDIR, but not obligatory
> $forward_method = 'smtp:127.0.0.1:10025';
> $notify_method = $forward_method;
> $max_servers = 4; # number of pre-forked children (default 2)
> $max_requests = 10; # retire a child after that many accepts (default 10)
> $child_timeout=10*60; # abort child if it does not complete each task in n
> sec
> # (default: 8*60 seconds)
> @local_domains_acl = ( ".$mydomain" );
> $relayhost_is_client = 0;
> $insert_received_line = 1;
> $unix_socketname = undef;
> $inet_socket_port = 10024;
> $inet_socket_bind = '127.0.0.1';
> @inet_acl = qw( 127.0.0.1 );
> $DO_SYSLOG = 1;
> $LOGFILE = "/var/log/amavis.log";
> $log_level = 4;
>
> $log_templ = '[? %#V |[? %#F |[?%#D|Not-Delivered|Passed]|BANNED name/type
> (%F)]|INFECTED (%V)], #
> [?%o|(?)|<%o>] -> [<%R>|,][? %i ||, quarantine %i], Message-ID: %m, Hits:
> %c';
>
> read_l10n_templates('en_US', '/etc/amavis');
>
> $final_virus_destiny = D_DISCARD; # (defaults to D_BOUNCE)
> $final_banned_destiny = D_DISCARD; # (defaults to D_BOUNCE)
> $final_spam_destiny = D_DISCARD; # (defaults to D_REJECT)
> $final_bad_header_destiny = D_PASS; # (defaults to D_PASS), D_BOUNCE
> suggested
>
> $viruses_that_fake_sender_re = new_RE(
> qr'nimda|hybris|klez|bugbear|yaha|braid|sobig|fizzer|palyh|peido|holar'i,
> qr'tanatos|lentin|bridex|mimail|trojan\.dropper|dumaru|parite|spaces'i,
> qr'dloader|galil|gibe|swen|netwatch|bics|sbrowse|sober|rox|val(hal)?la'i,
>
> qr'frethem|sircam|be?agle|tanx|mydoom|novarg|shimg|netsky|somefool|moodown'i,
> qr'@mm|@MM', # mass mailing viruses as labeled by f-prot and uvscan
> qr'Worm'i, # worms as labeled by ClamAV, Kaspersky, etc
> [qr'^(EICAR|Joke\.|Junk\.)'i => 0],
> [qr'^(WM97|OF97|W95/CIH-|JS/Fort)'i => 0],
> [qr/.*/ => 1], # true by default (remove or comment-out if undesired)
> );
>
>
> $virus_admin = "[EMAIL PROTECTED]";
> $mailfrom_to_quarantine = ''; # override sender address with null return
> path
> $QUARANTINEDIR = '/var/lib/amavis/virusmails';
> $virus_quarantine_to = undef;
> $spam_quarantine_to = undef;
> $banned_quarantine_to = undef;
> $bad_header_quarantine_to = undef;
>
>
> $X_HEADER_TAG = 'X-Virus-Scanned'; # (default: undef)
> $X_HEADER_LINE = "by $myversion (Debian) at $mydomain";
>
> $undecipherable_subject_tag = '***UNCHECKED*** ';
> $remove_existing_x_scanned_headers = 0;
> $remove_existing_spam_headers = 1;
> $keep_decoded_original_re = new_RE(
> qr'^MAIL-UNDECIPHERABLE$', # retain full mail if it contains
> undecipherables
> qr'^(ASCII(?! cpio)|text|uuencoded|xxencoded|binhex)'i,
> );
>
>
> $banned_filename_re = new_RE(
> qr'\.[^.]*\.(exe|vbs|pif|scr|bat|cmd|com|dll)$'i, # some double
> extensions
> qr'[{}]', # curly braces in names (serve as Class ID extensions -
> CLSID)
> qr'^message/partial$'i, # rfc2046. this one is deadly for Outcrook
> );
>
>
> $sql_select_white_black_list = undef; # undef disables SQL
> white/blacklisting
> $sql_select_white_black_list = undef; # undef disables SQL
> white/blacklisting
> $recipient_delimiter = '+'; # (default is '+')
> $replace_existing_extension = 1; # (default is false)
> $localpart_is_case_sensitive = 0; # (default is false)
>
> $blacklist_sender_re = new_RE(
> qr'^(bulkmail|offers|cheapbenefits|earnmoney|foryou|greatcasino)@'i,
>
> qr'^(investments|lose_weight_today|market\.alert|money2you|MyGreenCard)@'i,
> qr'^(new\.tld\.registry|opt-out|opt-in|optin|saveonl|smoking2002k)@'i,
> qr'^(specialoffer|specialoffers|stockalert|stopsnoring|wantsome)@'i,
> qr'^(workathome|yesitsfree|your_friend|greatoffers)@'i,
> qr'^(inkjetplanet|marketopt|MakeMoney)\d*@'i,
> );
>
>
>
> map { $whitelist_sender{lc($_)}=1 } (qw(
> [EMAIL PROTECTED]
> [EMAIL PROTECTED]
> [EMAIL PROTECTED]
> [EMAIL PROTECTED]
> [EMAIL PROTECTED]
> [EMAIL PROTECTED]
> [EMAIL PROTECTED]
> [EMAIL PROTECTED]
> [EMAIL PROTECTED]
> [EMAIL PROTECTED]
> [EMAIL PROTECTED]
> [EMAIL PROTECTED]
> [EMAIL PROTECTED]
> [EMAIL PROTECTED]
> [EMAIL PROTECTED]
> [EMAIL PROTECTED] <[EMAIL PROTECTED]>
> [EMAIL PROTECTED]
> [EMAIL PROTECTED]
> [EMAIL PROTECTED]
> [EMAIL PROTECTED]
> [EMAIL PROTECTED]
> [EMAIL PROTECTED]
> [EMAIL PROTECTED]
> [EMAIL PROTECTED]
> [EMAIL PROTECTED]
> [EMAIL PROTECTED]
> [EMAIL PROTECTED]
> [EMAIL PROTECTED]
> [EMAIL PROTECTED]
> ));
>
> $MAXLEVELS = 14; # (default is undef, no limit)
> $MAXFILES = 1500; # (default is undef, no limit)
> $MIN_EXPANSION_QUOTA = 100*1024; # bytes (default undef, not
> enforced)
> $MAX_EXPANSION_QUOTA = 300*1024*1024; # bytes (default undef, not
> enforced)
> $MIN_EXPANSION_FACTOR = 5; # times original mail size (must be
> specified)
> $MAX_EXPANSION_FACTOR = 500; # times original mail size (must be
> specified)
>
> $path = '/usr/local/sbin:/usr/local/bin:/usr/sbin:/sbin:/usr/bin:/bin';
>
> $file = 'file'; # file(1) utility; use 3.41 or later to avoid
> vulnerability
>
> $gzip = 'gzip';
> $bzip2 = 'bzip2';
> $lzop = 'lzop';
> $uncompress = ['uncompress', 'gzip -d', 'zcat'];
> $unfreeze = ['unfreeze', 'freeze -d', 'melt', 'fcat'];
> $arc = ['nomarch', 'arc'];
> $unarj = ['arj', 'unarj']; # both can extract, arj is recommended
> $unrar = ['rar', 'unrar']; # both can extract, same options
> $zoo = 'zoo';
> $lha = 'lha';
> $cpio = 'cpio'; # comment out if cpio does not support GNU options
>
>
> $sa_local_tests_only = 1; # (default: false)
> $sa_timeout = 30;
> $sa_mail_body_size_limit = 150*1024;
> $sa_tag_level_deflt = 6.3;
> $sa_tag2_level_deflt = 6.3;
> $sa_kill_level_deflt = 15.0;
> $sa_dsn_cutoff_level = 15.0;
>
> $first_infected_stops_scan = 1;
>
> @av_scanners = (
>
> ....
>
> @av_scanners_backup = (
>
> ....
>
>
> @debug_sender_maps = (["[EMAIL PROTECTED]"]);
>
>
> 1; # insure a defined return
>
>
>
> The order of lines is significant?
>
>
> [1] - http://www200.pair.com/mecham/spam/amavisd-settings.html
>
>
> []´s
>
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
AMaViS-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
