Yes - I've seen it and their tech support said "Courier doesn't support Discard" so they have no choice to reject. And if you're using a rule that still delivers (say that alters the subject, etc) this is what happens.
I had to disable the antispam module, which is what is creating the issue. I'll paste the whole of the thread in here just in case you want to see, but we're very displeased with the results at this point. They never responded to that last reply I put in there. Evidently offended them or confused them. Josh ------------------------------------- My last reply: ----------------- But then there's no way the user can tell that it's been flagged as spam, correct? I'm looking for the best choice, but since AntiSpam software (no matter how good it is) still can pick up some legitimate email, simply rejecting doesn't work. And since I cannot modify the header/subject to flag the user that way, I'm a little confused as to the module's usefulness in this case. And just on the user guide/man page side - the only reference to what we're discussing is in the "Embedded Messages" section, and is certainly discussed no place else. Since I'm not embedding messages in that way, I never did look there. However, since courier is listed as a fully supported platform, and there doesn't seem to be a larger reference to rav&courier not being able to support some of the options, I think it's rather clear why I was confused. It certainly isn't mentioned in the AntiSpam section (that I could find, I just did a search for courier), nor is it mentioned in conjunction with add_header, add_subject, etc. Is there a way to tag spam with courier then? I appreciate your help so far, hopefully I'll be able to get this all figured out! Josh -----Original Message----- From: Ovidiu Bivolaru [mailto:[EMAIL PROTECTED] Sent: Monday, March 03, 2003 9:26 AM To: [EMAIL PROTECTED] Subject: Re: [rav-courier] AntiSpam giving 550 errors? Hi Josh, In the User Guide and also in the ravmd.conf man page there is explained that discard action doesn't work with Courier and DMail. An e-mail tagged as spamed is discarded only if you have actions which are modifying the mail (i.e. add_header, add_subject, embed), but if you'll use actions forward, save, deliver the mail shouldn't be discarded and then reinjected. Regards, Ovidiu On Mon, Mar 03, 2003 at 08:58:38AM -0500, Josh Remus wrote: > But this just causes these spam houses to resend the email! We had 5 users > get 12 or more email from Expedia in one 20-minute session. Obviously this > isn't behavior I want. I've had to turn off the anti-spam module all > together for the moment. > > However, I don't want to get rid of the spam before the user has a look at > it. > > Was there some documentation I missed that said that RAV acted differently > under Courier than the User Guide specified? > > Thanks for any help. > > --- > Josh Remus > Network Manager > Printek, Inc. > (269) 925-3200x572 > [EMAIL PROTECTED] > > -----Original Message----- > From: Eduard Coman [mailto:[EMAIL PROTECTED] > Sent: Monday, March 03, 2003 3:24 AM > To: [EMAIL PROTECTED] > Subject: Re: [rav-courier] AntiSpam giving 550 errors? > > > Dear Sir, > In order to add a header or a subject RAV must discard the original > email, modify it accordingly, then reinject it. The Courier MTA do not > have this option (discard) and the reject action is taken. The modified > email (the one with extra header and subject) will reach its > recipient(s) but also the sender of the email will receive an email from > the mailer daemon. > > Best regards, > Eduard Coman. > > Josh Remus wrote: > > > The anti-spam module (which I have set on bulk_detection_medium) seems > > to be doing a 550 Reject on the courier end when someone sends one > > in. I have it set to the default parameters for bulk_medium (add > > subject, add header, deliver). > > > > Problem is this: These companies get the 550 and continue to retry > > the message. Each time it delivers it to the applicable local user > > with the Possible Spam header, but (for example) one user got the same > > Expedia.com ad 15 times yesterday. This has happened to multiple > > users from multiple sources. The subject/body/attachment filters do > > not match the email in question. > > > > I don't see anything in my config or documentation that makes me think > > that the antispam should treat this in this way. Can anyone help me? > > I'll try and attach some of the applicable config files: > > > > ------------------------ > > from /etc/opt/rav/antispam: > > @bulk_detection_medium@ > > accuracy_medium > > embedded_msg = bulk_embedded_med > > actions = bulk_medium > > extra_subject = bulk_subject_med > > extra_header = bulk_header_med > > from /etc/opt/rav/actions: > > bulk_medium = add_subject, add_header, deliver > > from the global group file: > > antispam_configuration = bulk_detection_medium > > from global log: > > Feb 28 04:25:21 [16028] scanning with global configuration > > Feb 28 04:25:21 [16028] mail from <[EMAIL PROTECTED] > > <mailto:[EMAIL PROTECTED]>> to <[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> > > rintek.com> > > Feb 28 04:25:21 [16028] not found in the white/black list. > > Feb 28 04:25:21 [16028] file </var/spool/courier/tmp/104642/D567912> > > Feb 28 04:25:21 [16028] file_ok > > Feb 28 04:25:21 [16028] mime part > </var/spool/courier/tmp/104642/D567912->(part0 > > 000:)> > > Feb 28 04:25:21 [16028] part_ok > > Feb 28 04:25:21 [16028] mime part </var/spool/courier/tmp/104642/D567912> > > Feb 28 04:25:21 [16028] bulk mail detected (accuracy_high). > > Feb 28 04:25:21 [16031] scanning with global configuration > > Feb 28 04:25:21 [16031] mail from <[EMAIL PROTECTED] > > <mailto:[EMAIL PROTECTED]>> to <[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> > > rintek.com> > > From /var/log/maillog: > > > > Feb 27 07:31:17 mailserver courieresmtpd: > > error,relay=::ffff:207.46.182.229,from > > =<[EMAIL PROTECTED] > <mailto:[EMAIL PROTECTED]>>: 500 REJECT - RAV AntiVirus plugin > for the Co > > urier MTA has found a virus in the e-mail you are about to send. Your > > message is > > not... > > Feb 27 07:31:18 mailserver courierd: > > started,id=000BE2B7.3E5E0515.000037BA,from= > > > <[EMAIL PROTECTED]>,module=local,[EMAIL PROTECTED] > /usr > > > <mailto:[EMAIL PROTECTED],module=local,[EMAIL PROTECTED] > com%21%212%212%21/usr> > > /lib/courier/mail/mborah!!,addr=<mborah> > > Feb 27 07:31:18 mailserver courierlocal: > > id=000BE2B7.3E5E0515.000037BA,from=<usm > > [EMAIL PROTECTED]>,addr=<[EMAIL PROTECTED]>,size=38947,success > > > <mailto:[EMAIL PROTECTED],[EMAIL PROTECTED],size=3 > 8947,success>: > > Mess > > age delivered. > > Feb 27 07:31:36 mailserver courieresmtpd: > > error,relay=::ffff:207.46.182.229,from > > =<[EMAIL PROTECTED] > <mailto:[EMAIL PROTECTED]>>: 500 REJECT - RAV AntiVirus plugin > for the Co > > urier MTA has found a virus in the e-mail you are about to send. Your > > message is > > not... > > > > --- > > Josh Remus > > Network Manager > > > > > -- > Eduard Coman > Senior Technical Support Engineer - RAV Division > Tel./Fax: +40-21-321.78.03 Hotline: +40-21-321.78.59; > Please visit http://www.ravantivirus.com > Worry less! RAV is watching. > > Meet us at CeBIT Hannover - Hall 6, Stand H26 > http://www.ravantivirus.com/cebit/ > > > > > > > This mail was scanned by RAV AntiVirus > on behalf of GeCAD Software. -- Ovidiu Bivolaru Senior Technical Support Engineer - RAV Division Tel./Fax: +40-21-321.78.03 Hotline: +40-21-321.78.59; Please visit http://www.ravantivirus.com Worry less! RAV is watching. Meet us at CeBIT Hannover - Hall 6, Stand H26 http://www.ravantivirus.com/cebit/ ---------------------------------------------------------------------------- ------------------ -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Andrew Gray Sent: Friday, March 14, 2003 4:32 PM To: [EMAIL PROTECTED] Subject: [courier-users] Courier and RAV Antivirus I'm using RAV Antivirus with Courier, and while I've been trying to resolve this issue with the RAV antivirus people, they aren't quite grasping the problem. When RAV is active, occasionally (on what we think is triggering RAV's spam filters), the following shows up in the log: Mar 13 15:56:33 mail courieresmtpd: [ID 702911 mail.error] error,relay=207.46.182.229,ident=MAILER-DAEMON,from=<[EMAIL PROTECTED] edia.com>: 500 REJECT - RAV AntiVirus plugin for the Courier MTA has found a virus in the e-mail you are about to send. Your message is not... However, what happens is RAV continues to deliver the message via it's reinjection (as it is instructed to do - we do NOT tell RAV to reject anything). The remote side (which is broken) retries to send the message a few minutes later. This results in the person getting hundreds of the same message. This is obviously a RAV Antivirus issue, and I am trying to work with their tech support as well, but I'm wondering if anyone on this list seen this behavior before and can shed some light on it. The core issue, as we see it, is the issuing of that 500 REJECT message. Our actions file for RAV is completely devoid of any reject commands. -- Andrew Gray Systems Administrator College of Engineering University of Nevada, Las Vegas ------------------------------------------------------- This SF.net email is sponsored by:Crypto Challenge is now open! Get cracking and register here for some mind boggling fun and the chance of winning an Apple iPod: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0031en _______________________________________________ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users ------------------------------------------------------- This SF.net email is sponsored by:Crypto Challenge is now open! Get cracking and register here for some mind boggling fun and the chance of winning an Apple iPod: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0031en _______________________________________________ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
