On Thursday 03 July 2003 9:47 am, Giuseppe Ghib� wrote: > Martin Fahrendorf ha scritto: > > Am Donnerstag, 3. Juli 2003 13:39 schrieb Giuseppe Ghib�: > >>Martin Fahrendorf ha scritto: > >>>Am Donnerstag, 3. Juli 2003 08:18 schrieb Michael Scherer: > >>>>>So you have to start a process for every single massage. That is wat > >>>>>I want to avoid. It is no problem while you are receiving only few > >>>>>messages per hour. But else, the overhead is to much. A daemon > >>>>>talking smtp is prefered (and that is waht amavisd-new does). > >>>> > >>>>But, IIRC, amavis forks a new spamassasin in the backgroung for each > >>>>message, so, this is almost the same ? > >>> > >>>No, amavisd-new runs as a daemon and is written in perl. It loads the > >>>Mail::Spamassassin perl module at starttime. No external process is > >>>started (besides the virus scanner not speaking smtp). > >>> > >>>Martin > >> > >>I've currently packaged that here: > >> > >>http://peoples.mandrakesoft.com/~ghibo/amavisd-new-0.20030616-1mdk.src.rp > >>m > > > > looks nice. I will it test tomorrow. > > > >>But, before posting to contrib, I'm currently trying to find how to > >> modify amavisd.conf so that: > >> > >>- local "recipient" users is warned about receiving virus mail (with > >> virus ID) - sender is warned about sending a mail with virus, but only > >> if sender is relaying from LAN (it's a nonsense to warn non-local sender > >> because 99.9% in case of virus, the sender is fake). > > > > There is a flag called warnvirusrecip. But this will warn all recipients > > That's bad, because remote user shouldn't be warned because > generally address are FAKE, so you'll send the mail > to the wrong person, or you'll have the queue full > of non deliverable mails. Plain amavis-0.3.12 (in contrib) > can do this, simply placing the localdomain into > /etc/amavis-localdomains.conf. >
The above information was not correct, from the amavisd.conf: # Here is an overall picture (sequence of events) of how pieces fit together # (only virus controls are shown, spam controls work the same way): # # bypass_virus_checks? ==> PASS # no viruses? ==> PASS # log virus if $log_templ is nonempty # quarantine if $virus_quarantine_to is nonempty # notify admin if $virus_admin (lookup) nonempty # notify recips if $warnvirusrecip and (recipient is local or $warn_offsite) # add address extensions if adding extensions is enabled and virus will pass # send non-delivery notifications # to sender if DSN needed (BOUNCE) or ($warn_virus_sender and D_PASS) # virus_lovers or final_destiny==D_PASS ==> PASS # DISCARD (2xx) or REJECT (5xx) (depending on final_*_destiny) It will only send to non-local if $warn_offsite is set to on. > > regardless of local user or not. So the easyest way is to use different > > mailserver for sending out and receiving in. > > Why a different mail server? One needs that the mail Sent containing > a virus should be blocked, but the LAN sender should be warned that > he was sending a virus...; Indeed this should be done in a > more powerful way because generally if the Sender takes a virus > (like SoBig,BugBear, etc.), generally it would fake addresses > even if coming from LAN. So an effective way for doing this would > a double checking: For the spoofed viruses a map can be set up to not warn at all: # Treat envelope sender address as unreliable and don't send sender # notification / bounces if name(s) of detected virus(es) match the list. # Note that virus names are supplied by external virus scanner(s) and are # not standardized, so virus names may need to be adjusted. # See README.lookups for syntax. # $viruses_that_fake_sender_re = new_RE( qr'nimda|hybris|klez|bugbear|yaha|braid|sobig|palyh|inor|fizzer'i ); > > a) Send Warning Mail to Sender address only if the address is in the > local domain (at most this will warn wrong user but not to wrong domain) > > b) Have a MAP between client IP addresses and client mail, so to > warn the right user. > > Maybe this could be a feature request for Amavis-new authors... > Already way ahead of ya. :-) > >>- let spam pass to users (but with X-Spam-Status) and at the same time > >>collect all the recognized spam to a repository for further bayes > >> learning. > > > > Tis is done by default if you configure final_spam_destiny as D_PASS. > > every spam mail over the sa_kill_level_deflt value will be copied to > > /var/spool/amavisd/viruses > > Yes, but for viruses the Warning messages doesn't contain the > ID of the file, like it happens in amavis-0.3.12. I am not entirely sure what you mean, this is a virus message from amavisd-new: ------ A virus (PE_Magistr.B.Dam) was found. Scanner detecting a virus: Trophie The mail originated from: <[EMAIL PROTECTED]> According to the 'Received:' trace, the message originated at: pppdslh205.mpls.uswest.net (HELO Bed) (216.160.26.205) The message WILL NOT BE delivered to: <[EMAIL PROTECTED]>: 550 5.7.1 Message content rejected, id=20707-06 - VIRUS: PE_Magistr.B.Dam Virus scanner output: 1:PE_Magistr.B.Dam The message has been quarantined as: /var/lib/amavis/virusmails/virus-20030703-093755-20707-06 ------ > > Bye. > Giuseppe. -- Bret Baptist Systems and Technical Support Specialist [EMAIL PROTECTED] Internet Exposure, Inc. http://www.iexposure.com (612)676-1946 x17 Web Development-Web Marketing-ISP Services ------------------------------------------ Today is the tomorrow you worried about yesterday.
