Re: [AMaViS-user] BitDefender bdc and the --all option in amavisd.conf

2006-01-27 Thread Henrik Krohns 
On Thu, Jan 26, 2006 at 10:18:09AM -0800, Bill Landry wrote:
 - Original Message - 
 From: Max Matslofva [EMAIL PROTECTED]
 
 Hi
 I just installed BitDefender bdc from FreeBSD ports.
 
 BDC/FreeBSD 5.x-Console (v7.0-2545) (i386) (Dec 22 2004 19:56:57)
 Copyright (C) 1996-2004 SOFTWIN SRL. All rights reserved.
 
 amavisd-new is version 2.3.3
 
 I got an error from bdc, and the --all option in the logfile.
 Warning: unknown parameter: --all
 
 amavis[91989]: (91989-01) run_av: /usr/local/bin/bdc exit 0, BDC/FreeBSD 
 5.x-Console (v7.0-2545) (i386) (Dec 22 2004
 19:56:57)\nCopyright (C) 1996-2004 SOFTWIN SRL. All rights 
 reserved.\nWarning: unknown parameter: --all\n\n\n\nResults:\nFolders
 ...:1\nFiles ...:1\nPacked ...:0\nArchives ...:0\nInfected files 
 :0\nSuspect files ...:0\nWarnings ...:0\nI/O errors ...:0\n
 
 The default options for bdc in amavisd.conf is --all --arc --mail
 Can I change it to --arc --mail ?
 
 Should work fine with the --all switch.  Here what we have been using for 
 over a year:
 
 ['BitDefender', 'bdc',
  '--all --arc --mail --nowarn --alev=15 --flev=15 {}', qr/^Infected files 
 *:0+(?!\d)/,
  qr/^(?:Infected files|Identified viruses|Suspect files) *:0*[1-9]/,
  qr/(?:suspected|infected): (.*)(?:\033|$)/ ],
 
 and bdc --help outputs the following:
 
 BDC/Linux-Console v7.0 (build 2490) (i386) (Dec 10 2003 16:11:35)
 Copyright (C) 1996-2003 SOFTWIN SRL. All rights reserved.

Obviously wouldn't hurt upgrading your bdc with a few years. ;)
No --all here..

BDC/Linux-Console v7.1 (build 2559) (i386) (Jul  6 2005 16:28:53)
Copyright (C) 1996-2004 SOFTWIN SRL. All rights reserved.

Usage: bdc path [parameters]
Parameters:
  --files  - scan files *
  --arc- scan archives
  --mail   - scan mail databases
  --nopack - don't scan packed programs
  --ext=ext1;ext2; - scan only this extensions
  --log[=file] - create log file
  --list   - display all files
  --prog   - scan only program files
  --append - append to log file
  --disinfect  - disinfect files
  --delete - delete infected files
  --copy   - copy infected files in quarantine zone
  --copys  - move suspected files in quarantine zone
  --move   - move infected files in quarantine zone
  --moves  - move suspected files in quarantine zone
  --info   - information
  --nowarn - do not display warnings
  --vlist  - display virus list
  --debug  - display debug information
  --nor- do not recurse into subdirs
  --alev[=n]   - set maximum archive depth level
  --flev[=n]   - set maximum folder depth level
  --update - update virus definitions
  --help,--?   - this help
   * = default option


Cheers,
Henrik


---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnkkid=103432bid=230486dat=121642
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

[AMaViS-user] SA_TIMED_OUT

2006-01-27 Thread Clovis Tristao 

Hi,

The Amavis is generated this error in /var/log/maillog:

Jan 27 04:03:40 jacaranda amavis[26216]: (26216-01) SA TIMED OUT, 
backtrace: at 
/usr/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/BayesStore/DBM.pm line 
1846\n\teval {...} called at 
/usr/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/BayesStore/DBM.pm line 
1846\n\tMail::SpamAssassin::BayesStore::DBM::tok_unpack('Mail::SpamAssassin::BayesStore::DBM=HASH(0xb3b792c)', 
'undef') called at 
/usr/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/BayesStore/DBM.pm line 
851\n\tMail::SpamAssassin::BayesStore::DBM::tok_get('Mail::SpamAssassin::BayesStore::DBM=HASH(0xb3b792c)', 
'-\\x{ce}\\x{f3}7\\x{cb}') called at 
/usr/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/BayesStore/DBM.pm line 
1333\n\tMail::SpamAssassin::BayesStore::DBM::tok_sync_counters('Mail::SpamAssassin::BayesStore::DBM=HASH(0xb3b792c)', 
0, 1, 1138341789, '-\\x{ce}\\x{f3}7\\x{cb}') called at 
/usr/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/BayesStore/DBM.pm line 
1044\n\tMail::SpamAssassin::BayesStore::DBM::mult...


Any idea? What's happening?
How to fix?
Tks a lot,

Clóvis

--
Clovis Tristao - UNICAMP/Faculdade de Engenharia Agricola
Administrador de Redes - Secao de Informatica (SINFO)
E-mail: mailto:[EMAIL PROTECTED] http://www.agr.unicamp.br
Fone(0xx19) 37881031-37881038 ou FAX(55xx19) 37881005/37881010



---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnkkid3432bid#0486dat1642
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

Re: [AMaViS-user] While on the BitDefender subject

2006-01-27 Thread lst_hoe01 

Zitat von Vernon A. Fort [EMAIL PROTECTED]:

While on the bitdefender topic, I've had to disable this scanner on 
several server due system load.  I use gentoo on most servers, 
standard setup...


   postfix+amavisd-new+clamav+spamassassin

I tipically use 2-3 scanners on each server but the CPU load with 
bitdefender appears very high - usually around 40-60 cpu usage per 
instance.  The main reason I'm asking is I just had to disable this 
scanner on a dual Xeon 3.0 with 2G of memory because I was getting 
out-of-memory kernel panic.  This server does process 50k messages 
per day with around 15k email accounts.  I even dropped the amavis to 
3 clients (as well as master.cf) which did not help.


Has anyone else experienced this or have any tips on limiting its cpu usage?

Vernon


The command line version is solw and a memory hoog but it is free to 
use and have a good heuristic.

If you want something fast use antivir or nod32 for mailserver (daemon mode).

Regards

Andreas




---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnkkid=103432bid=230486dat=121642
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

Re: [AMaViS-user] BitDefender bdc and the --all option in amavisd.conf

2006-01-27 Thread Max Matslofva 


Mark Martinec skrev:
Actually looks like a version change.  The newer versions of BDC do not use 
the --all switch, so looks like you can safely remove it.


Thanks to all.  I'll put in the following then for 2.4.0:

  ### http://www.bitdefender.com/
  ['BitDefender', 'bdc',
'--arc --mail {}', qr/^Infected files *:0+(?!\d)/,
qr/^(?:Infected files|Identified viruses|Suspect files) *:0*[1-9]/,
qr/(?:suspected|infected): (.*)(?:\033|$)/ ],
  # consider also: --all --nowarn --alev=15 --flev=15.  The --all argument may
  # not apply to your version of bdc, check documentation and see 'bdc --help'



Thanks for all answers


/Max


---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnkkid=103432bid=230486dat=121642
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

Re: [AMaViS-user] Amavisd-new Massive SWAP Usage

2006-01-27 Thread BJ Dierkes 

Matthias Keller wrote:



Hi

Maybe you should tell us what rules you are running?
If you're for whatever reason still running bigevil then this is 
pretty much normal...

So what SARE or other rulesets are activated?

Matt



You know...  I didn't even think about the rules!  Makes obvious sense 
to check that, but didn't even think about it.  The following is from my 
rulesdujour config:


TRUSTED_RULESETS=
   TRIPWIRE
   ANTIDRUG
   SARE_EVILNUMBERS0
   BLACKLIST
   RANDOMVAL
   SARE_ADULT
   SARE_FRAUD
   SARE_BML
   SARE_SPOOF
   SARE_BAYES_POISON_NXM
   SARE_OEM
   SARE_RANDOM
   SARE_OBFU0
   SARE_REDIRECT_POST300
   SARE_SPAMCOP_TOP200
   SARE_WHITELIST
   


To be 100% honest, SA Rules are a bit of a weak spot as I couldn't tell 
you much when it comes to the arena.  Any suggestions would be highly 
recommended.


Thank you so much.

BJ
5dollarwhitebox.org




---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log 
files

for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnkkid=103432bid=230486dat=121642
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/





---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnkkid=103432bid=230486dat=121642
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

Re: [AMaViS-user] Amavisd-new Massive SWAP Usage

2006-01-27 Thread BJ Dierkes 

Matthias Keller wrote:



Hi

Maybe you should tell us what rules you are running?
If you're for whatever reason still running bigevil then this is 
pretty much normal...

So what SARE or other rulesets are activated?

Matt



Sorry, just for further clarity the following are the active SA Rules:

# ls /etc/spamassassin/*.cf
/etc/spamassassin/70_sare_adult.cf
/etc/spamassassin/70_sare_bayes_poison_nxm.cf
/etc/spamassassin/70_sare_evilnum0.cf
/etc/spamassassin/70_sare_obfu0.cf
/etc/spamassassin/70_sare_oem.cf
/etc/spamassassin/70_sare_random.cf
/etc/spamassassin/70_sare_spoof.cf
/etc/spamassassin/70_sare_whitelist.cf
/etc/spamassassin/70_sc_top200.cf
/etc/spamassassin/72_sare_bml_post25x.cf
/etc/spamassassin/72_sare_redirect_post3.0.0.cf
/etc/spamassassin/99_sare_fraud_post25x.cf
/etc/spamassassin/antidrug.cf
/etc/spamassassin/blacklist.cf
/etc/spamassassin/local.cf
/etc/spamassassin/random.cf
/etc/spamassassin/tripwire.cf


Thanks again.

BJ
5dollarwhitebox.org




---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log 
files

for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnkkid=103432bid=230486dat=121642
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/





---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnkkid=103432bid=230486dat=121642
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

[AMaViS-user] Connection refused (port 10024)

2006-01-27 Thread Al Bogner 
With a Debian Etch/Sid-system I use the versions below. With a similar 
configuration on another machine it works. I think I have a wrong 
configuration of the master.cf or/and the main.cf of postfix.


apt-cache policy amavisd-new
amavisd-new:
  Installiert:1:2.3.3-2
  Mögliche Pakete:1:2.3.3-2
  Versions-Tabelle:
 1:2.3.3-4 0
500 ftp://ftp.at.debian.org sid/main Packages
500 ftp://ftp.freenet.de sid/main Packages
 *** 1:2.3.3-2 0
900 ftp://ftp.at.debian.org etch/main Packages
900 ftp://ftp.freenet.de etch/main Packages


apt-cache policy postfix
postfix:
  Installiert:2.2.4-1.0.1
  Mögliche Pakete:2.2.4-1.0.1
  Versions-Tabelle:
 2.2.8-7 0
500 ftp://ftp.at.debian.org sid/main Packages
500 ftp://ftp.freenet.de sid/main Packages
 *** 2.2.4-1.0.1 0
900 ftp://ftp.at.debian.org etch/main Packages
900 ftp://ftp.freenet.de etch/main Packages


apt-cache policy spamassassin
spamassassin:
  Installiert:3.1.0a-2
  Mögliche Pakete:3.1.0a-2
  Versions-Tabelle:
 *** 3.1.0a-2 0
900 ftp://ftp.at.debian.org etch/main Packages
500 ftp://ftp.at.debian.org sid/main Packages
900 ftp://ftp.freenet.de etch/main Packages
500 ftp://ftp.freenet.de sid/main Packages



Jan 27 15:23:50 client2 postfix/pickup[4571]: D00D84A035E: uid=0 from=root
Jan 27 15:23:50 client2 postfix/cleanup[4819]: D00D84A035E: 
message-id=[EMAIL PROTECTED]
Jan 27 15:23:50 client2 postfix/qmgr[4572]: D00D84A035E: 
from=[EMAIL PROTECTED], size=460, nrcpt=1 (queue active)
Jan 27 15:23:50 client2 postfix/smtp[4821]: connect to 127.0.0.1[127.0.0.1]: 
Connection refused (port 10024)
Jan 27 15:23:50 client2 postfix/smtp[4821]: D00D84A035E: 
to=[EMAIL PROTECTED], orig_to=ab, relay=none, delay=0, 
status=deferred (connect to 127.0.0.1[127.0.0.1]: Connection refused)


/etc/amavis/conf.d/50-user
use strict;
$mydomain = 'client2.local.FQDN';
@local_domains_maps = ( [.$mydomain] );
$sa_tag_level_deflt  = -22.0;  # add spam info headers if at, or above that 
level
$max_servers  =  2;   # number of pre-forked children  (default 2)
$max_requests = 20;   # retire a child after that many accepts (default 10)
$child_timeout=5*60;  # abort child if it does not complete each task in
1;  # insure a defined return



postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
inet_interfaces = all
mailbox_command = procmail -a $EXTENSION
mailbox_size_limit = 0
mydestination = client2.local.FQDN, localhost.local.FQDN, localhost
myhostname = client2.local.FQDN
mynetworks = 127.0.0.0/8
myorigin = /etc/mailname
recipient_delimiter = +
relayhost = smtp.local.FQDN
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)


/etc/postfix/master.cf
smtp  inet  n   -   -   -   -   smtpd
pickupfifo  n   -   -   60  1   pickup
cleanup   unix  n   -   -   -   0   cleanup
qmgr  fifo  n   -   -   300 1   qmgr
rewrite   unix  -   -   -   -   -   trivial-rewrite
bounceunix  -   -   -   -   0   bounce
defer unix  -   -   -   -   0   bounce
trace unix  -   -   -   -   0   bounce
verifyunix  -   -   -   -   1   verify
flush unix  n   -   -   1000?   0   flush
proxymap  unix  -   -   n   -   -   proxymap
smtp  unix  -   -   -   -   -   smtp
relay unix  -   -   -   -   -   smtp
showq unix  n   -   -   -   -   showq
error unix  -   -   -   -   -   error
local unix  -   n   n   -   -   local
virtual   unix  -   n   n   -   -   virtual
lmtp  unix  -   -   n   -   -   lmtp
anvil unix  -   -   n   -   1   anvil
maildrop  unix  -   n   n   -   -   pipe
  flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
uucp  unix  -   n   n   -   -   pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail 
($recipient)
ifmailunix  -   n   n   -   -   pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix  -   n   n   -   -   pipe
  flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -d -t$nexthop -f$sender 
$recipient
scalemail-backend unix  -   n   n   -   2   pipe
  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store 
${nexthop} ${user} ${extension}
tlsmgrunix  -   -   -   1000?   1   tlsmgr
scacheunix  -   -   -   -   1   scache
discard   unix  -   -   -   -   -   discard
smtp-amavis unix -  -

Re: [AMaViS-user] Connection refused (port 10024)

2006-01-27 Thread Gary V 
Al wrote:

 With a Debian Etch/Sid-system I use the versions below. With a similar
 configuration on another machine it works. I think I have a wrong
 configuration of the master.cf or/and the main.cf of postfix.

 Jan 27 15:23:50 client2 postfix/pickup[4571]: D00D84A035E: uid=0 from=root
 Jan 27 15:23:50 client2 postfix/cleanup[4819]: D00D84A035E: 
 message-id=[EMAIL PROTECTED]
 Jan 27 15:23:50 client2 postfix/qmgr[4572]: D00D84A035E: 
 from=[EMAIL PROTECTED], size=460, nrcpt=1 (queue active)
 Jan 27 15:23:50 client2 postfix/smtp[4821]: connect to 127.0.0.1[127.0.0.1]: 
 Connection refused (port 10024)
 Jan 27 15:23:50 client2 postfix/smtp[4821]: D00D84A035E: 
 to=[EMAIL PROTECTED], orig_to=ab, relay=none, delay=0, 
 status=deferred (connect to 127.0.0.1[127.0.0.1]: Connection refused)


 /etc/amavis/conf.d/50-user
 use strict;
 $mydomain = 'client2.local.FQDN';
 @local_domains_maps = ( [.$mydomain] );
 $sa_tag_level_deflt  = -22.0;  # add spam info headers if at, or above that 
 level
 $max_servers  =  2;   # number of pre-forked children  (default 2)
 $max_requests = 20;   # retire a child after that many accepts (default 10)
 $child_timeout=5*60;  # abort child if it does not complete each task in
 1;  # insure a defined return



 postconf -n
 alias_database = hash:/etc/aliases
 alias_maps = hash:/etc/aliases
 append_dot_mydomain = no
 biff = no
 config_directory = /etc/postfix
 content_filter = smtp-amavis:[127.0.0.1]:10024
 inet_interfaces = all
 mailbox_command = procmail -a $EXTENSION
 mailbox_size_limit = 0
 mydestination = client2.local.FQDN, localhost.local.FQDN, localhost
 myhostname = client2.local.FQDN
 mynetworks = 127.0.0.0/8
 myorigin = /etc/mailname
 recipient_delimiter = +
 relayhost = smtp.local.FQDN
 smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)


 /etc/postfix/master.cf
 smtp  inet  n   -   -   -   -   smtpd
 pickupfifo  n   -   -   60  1   pickup
 cleanup   unix  n   -   -   -   0   cleanup
 qmgr  fifo  n   -   -   300 1   qmgr
 rewrite   unix  -   -   -   -   -   trivial-rewrite
 bounceunix  -   -   -   -   0   bounce
 defer unix  -   -   -   -   0   bounce
 trace unix  -   -   -   -   0   bounce
 verifyunix  -   -   -   -   1   verify
 flush unix  n   -   -   1000?   0   flush
 proxymap  unix  -   -   n   -   -   proxymap
 smtp  unix  -   -   -   -   -   smtp
 relay unix  -   -   -   -   -   smtp
 showq unix  n   -   -   -   -   showq
 error unix  -   -   -   -   -   error
 local unix  -   n   n   -   -   local
 virtual   unix  -   n   n   -   -   virtual
 lmtp  unix  -   -   n   -   -   lmtp
 anvil unix  -   -   n   -   1   anvil
 maildrop  unix  -   n   n   -   -   pipe
   flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
 uucp  unix  -   n   n   -   -   pipe
   flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail 
 ($recipient)
 ifmailunix  -   n   n   -   -   pipe
   flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
 bsmtp unix  -   n   n   -   -   pipe
   flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -d -t$nexthop -f$sender 
 $recipient
 scalemail-backend unix  -   n   n   -   2   pipe
   flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store 
 ${nexthop} ${user} ${extension}
 tlsmgrunix  -   -   -   1000?   1   tlsmgr
 scacheunix  -   -   -   -   1   scache
 discard   unix  -   -   -   -   -   discard
 smtp-amavis unix -  -   -   -   2  smtp
 -o smtp_data_done_timeout=1200
 -o smtp_send_xforward_command=yes
 -o disable_dns_lookups=yes
 -o max_use=20
 127.0.0.1:10025 inet n  -   -   -   -  smtpd
 -o content_filter=
 -o local_recipient_maps=
 -o relay_recipient_maps=
 -o smtpd_restriction_classes=
 -o smtpd_delay_reject=no
 -o smtpd_client_restrictions=permit_mynetworks,reject
 -o smtpd_helo_restrictions=
 -o smtpd_sender_restrictions=
 -o smtpd_recipient_restrictions=permit_mynetworks,reject
 -o smtpd_data_restrictions=reject_unauth_pipelining
 -o smtpd_end_of_data_restrictions=
 -o mynetworks=127.0.0.0/8
 -o strict_rfc821_envelopes=yes
 -o smtpd_error_sleep_time=0
 -o smtpd_soft_error_limit=1001
 -o smtpd_hard_error_limit=1000
 -o smtpd_client_connection_count_limit=0
 -o smtpd_client_connection_rate_limit=0
 -o

Re: [AMaViS-user] Connection refused (port 10024)

2006-01-27 Thread Al Bogner 
Am Freitag, 27. Januar 2006 16:39 schrieb Gary V:

Hi Gary

  With a Debian Etch/Sid-system I use the versions below. With a similar
  configuration on another machine it works. I think I have a wrong
  configuration of the master.cf or/and the main.cf of postfix.
 
  Jan 27 15:23:50 client2 postfix/pickup[4571]: D00D84A035E: uid=0
  from=root Jan 27 15:23:50 client2 postfix/cleanup[4819]: D00D84A035E:
  message-id=[EMAIL PROTECTED]
  Jan 27 15:23:50 client2 postfix/qmgr[4572]: D00D84A035E:
  from=[EMAIL PROTECTED], size=460, nrcpt=1 (queue active)
  Jan 27 15:23:50 client2 postfix/smtp[4821]: connect to
  127.0.0.1[127.0.0.1]: Connection refused (port 10024)
  Jan 27 15:23:50 client2 postfix/smtp[4821]: D00D84A035E:
  to=[EMAIL PROTECTED], orig_to=ab, relay=none, delay=0,
  status=deferred (connect to 127.0.0.1[127.0.0.1]: Connection refused)

 This could simply be amavisd-new is not running. Is it?

You are right and now I know why.

/etc/init.d/amavis restart
Stopping amavisd: (not running).
Starting amavisd: Found old config file /etc/amavis/amavisd.conf,
amavisd-new will NOT be started for safety reasons.
Please update the amavisd-new configuration, as the
old configuration is not automatically converted.
Remove the /etc/amavis/amavisd.conf to re-enable amavisd-new.

 also check:
 # grep -r inet_socket_port /etc/amavis/conf.d/

client2:~# grep -r inet_socket_port /etc/amavis/conf.d/
/etc/amavis/conf.d/20-debian_defaults:$inet_socket_port = 10024;   # default 
listenting socket


 it should show:
 /etc/amavis/conf.d/20-debian_defaults:$inet_socket_port = 10024;   #
 default listenting socket

 and:
 # lsof -i | grep amavis

shows nothing.


I will do some checks and go on later.

Al


---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnkkid=103432bid=230486dat=121642
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

Re: [AMaViS-user] Connection refused (port 10024)

2006-01-27 Thread Gary V 
Al wrote:

 Am Freitag, 27. Januar 2006 16:39 schrieb Gary V:

 Hi Gary

  With a Debian Etch/Sid-system I use the versions below. With a similar
  configuration on another machine it works. I think I have a wrong
  configuration of the master.cf or/and the main.cf of postfix.
 
  Jan 27 15:23:50 client2 postfix/pickup[4571]: D00D84A035E: uid=0
  from=root Jan 27 15:23:50 client2 postfix/cleanup[4819]: D00D84A035E:
  message-id=[EMAIL PROTECTED]
  Jan 27 15:23:50 client2 postfix/qmgr[4572]: D00D84A035E:
  from=[EMAIL PROTECTED], size=460, nrcpt=1 (queue active)
  Jan 27 15:23:50 client2 postfix/smtp[4821]: connect to
  127.0.0.1[127.0.0.1]: Connection refused (port 10024)
  Jan 27 15:23:50 client2 postfix/smtp[4821]: D00D84A035E:
  to=[EMAIL PROTECTED], orig_to=ab, relay=none, delay=0,
  status=deferred (connect to 127.0.0.1[127.0.0.1]: Connection refused)

 This could simply be amavisd-new is not running. Is it?

 You are right and now I know why.

 /etc/init.d/amavis restart
 Stopping amavisd: (not running).
 Starting amavisd: Found old config file /etc/amavis/amavisd.conf,
 amavisd-new will NOT be started for safety reasons.
 Please update the amavisd-new configuration, as the
 old configuration is not automatically converted.
 Remove the /etc/amavis/amavisd.conf to re-enable amavisd-new.

 also check:
 # grep -r inet_socket_port /etc/amavis/conf.d/

 client2:~# grep -r inet_socket_port /etc/amavis/conf.d/
 /etc/amavis/conf.d/20-debian_defaults:$inet_socket_port = 10024;   # default 
 listenting socket


 it should show:
 /etc/amavis/conf.d/20-debian_defaults:$inet_socket_port = 10024;   #
 default listenting socket

 and:
 # lsof -i | grep amavis

 shows nothing.

 I will do some checks and go on later.

 Al

The script actually checks for the existence of amavisd.conf.disabled
so if you rename that, it should let you start it up.

mv /etc/amavis/amavisd.conf.disabled /etc/amavis/amavisd.conf-backup
/etc/init.d/amavis start

Gary V



---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnkkid=103432bid=230486dat=121642
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

Re: [AMaViS-user] Connection refused (port 10024)

2006-01-27 Thread Gary V 
Gary wrote:

 Al wrote:

 You are right and now I know why.

 /etc/init.d/amavis restart
 Stopping amavisd: (not running).
 Starting amavisd: Found old config file /etc/amavis/amavisd.conf,
 amavisd-new will NOT be started for safety reasons.
 Please update the amavisd-new configuration, as the
 old configuration is not automatically converted.
 Remove the /etc/amavis/amavisd.conf to re-enable amavisd-new.

 The script actually checks for the existence of amavisd.conf.disabled
 so if you rename that, it should let you start it up.
 mv /etc/amavis/amavisd.conf.disabled /etc/amavis/amavisd.conf-backup
 /etc/init.d/amavis start
 Gary V

With this new Debian setup, spam and virus checking is disabled by
default so you may also need to enable spam and virus
checking if you have not already done so, the settings are in:
/usr/share/amavis/conf.d/20-package

I hate this thing!
I can understand the package maintainers philosophy, but I still hate
it. IMHO it will cause no end of confusion to users (new and old alike).

http://www200.pair.com/mecham/spam/debian-amavisd-new_2.3.3.html

They didn't even include @local_domains_maps or $max_servers in any of
the config files, leaving it up to users to figure out they need
those settings. They leave us no indication of $*_quarantine_to
settings either.

Gary V



---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnkkid=103432bid=230486dat=121642
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

[AMaViS-user] amavis-new, spamassassin an bayes db errors

2006-01-27 Thread Florian Mahlecke 

Hello,

Ive installed OpenBSD 3.8 with amavisd-new-2.3.2 and 
p5-Mail-SpamAssassin-3.0.4 (no update from 2.6.x), I tried to start 
amavisd-new but I get everytime the errormessage:


bayes: bayes db version 2 is not able to be used, aborting! at 
/usr/local/libdata/perl5/site_perl/Mail/SpamAssassin/BayesStore/DBM.pm 
line 160.


After that I read that I should try to install the Berkeley DB (version 
4) and the suitable CPAN modul but it helps nothing ?



Can anyone help ?

Regards
Florian







---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnkkid=103432bid=230486dat=121642
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

Re: [AMaViS-user] While on the BitDefender subject

2006-01-27 Thread amavis-user 

-- [EMAIL PROTECTED] said the following on 1/27/06 5:56 AM:
The command line version is solw and a memory hoog but it is free to use 
and have a good heuristic.
If you want something fast use antivir or nod32 for mailserver (daemon 
mode).


How does antivir compare to McAfee uvscan in terms of detections? (I'm 
sure the daemon mode is a hell of a lot faster)


Overall we have been very pleased with ClamAV which seems to be rapidly 
improving all the time. However, there is the odd occasion that uvscan 
catches something missed by ClamAV. Alas, uvscan isn't terribly fast


(If it matters our scanning host is currently running Solaris 10.)

Amos



---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnkkid=103432bid=230486dat=121642
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

Re: [AMaViS-user] Connection refused (port 10024)

2006-01-27 Thread Gary V 
Al wrote:

 Am Freitag, 27. Januar 2006 17:53 schrieb Gary V:

  The script actually checks for the existence of amavisd.conf.disabled
  so if you rename that, it should let you start it up.

 I wonder why it was renamed on other machines automatically. To be sure, to 
 start from a default-configuration I purged amavis with aptitude.

I wonder if it left your old amavisd.conf file intact.

 With this new Debian setup, spam and virus checking is disabled by
 default so you may also need to enable spam and virus
 checking if you have not already done so, the settings are in:
 /usr/share/amavis/conf.d/20-package

 I don't have  /usr/share/amavis/conf.d/20-package

 /etc/amavis# ls -lLRh *

 Do you mean that the entries below have to be enabled?

No. If you are missing /usr/share/amavis/conf.d/20-package then that
would be the same as allowing virus and spam checks (because the
settings to disable them would not be present).

 /etc/amavis/conf.d/15-content_filter_mode
 use strict;
 @bypass_virus_checks_maps = (
\%bypass_virus_checks, [EMAIL PROTECTED], 
 \$bypass_virus_checks_re);
 @bypass_spam_checks_maps = (
\%bypass_spam_checks, [EMAIL PROTECTED], \$bypass_spam_checks_re);
 1;  # insure a defined return

 Al

I wonder if your install is incomplete. I have:

# ls -l /usr/share/amavis/conf.d/
-rw-r--r--1 root root  855 Dec 27 08:56 10-debian_scripts
-rw-r--r--1 root root  648 Dec 27 08:56 20-package

AFAIK the init script will not start amavisd-new if this directory
does not exist. Maybe it does but you are missing the 20-package file
which would be fine if you are. You would not be fine if the
10-debian_scripts file was missing however. Here are the contents of
the files I have:

###

spamfilter:~# cat /usr/share/amavis/conf.d/10-debian_scripts

use strict;

# ADMINSTRATORS: DO NOT CHANGE THIS FILE
# Change the files in /etc/amavis/conf.d instead

# This file contains Debian system settings that are not to be changed
# unless you really know better.

# Changing or overriding the settings in this file requires changing scripts
# such as the initscript and maybe the cron scripts, and even the amavis user
# home directory.
#
# You have been warned.  Don't change these settings.

$daemon_user  = 'amavis';
$daemon_group = 'amavis';

$MYHOME   = '/var/lib/amavis'; # a convenient default for other settings
$TEMPBASE = $MYHOME/tmp; # working directory, needs to be created manually
$ENV{TMPDIR} = $TEMPBASE;  # environment variable TMPDIR
$db_home   = $MYHOME/db;

$pid_file  = /var/run/amavis/amavisd.pid;
$lock_file = /var/run/amavis/amavisd.lock;

1;  # insure a defined return
##

spamfilter:~# cat /usr/share/amavis/conf.d/20-package

use strict;

# These settings are here just to enable a Debian package that does not
# depend on clamav.  The local admin is expected to override them
# in /etc/amavis/conf.d/15-content_filter_mode, if any sort of antivirus
# support is wanted

@bypass_virus_checks_maps  = (1);  # DISABLE anti-virus code by default

# These settings are here just to enable a Debian package that does not
# depend on spamassassin.  The local admin is expected to override them
# in /etc/amavis/conf.d/15-content_filter_mode, if spamassassin support
# is wanted

@bypass_spam_checks_maps  = (1);  # DISABLE anti-spam code by default

1;  # insure a defined return
#

Gary V



---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnkkid=103432bid=230486dat=121642
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

Re: [AMaViS-user] Connection refused (port 10024)

2006-01-27 Thread Al Bogner 
Am Freitag, 27. Januar 2006 15:30 schrieb Al Bogner:
 With a Debian Etch/Sid-system I use the versions below. With a similar
 configuration on another machine it works. I think I have a wrong
 configuration of the master.cf or/and the main.cf of postfix.

master.cf and main.cf were ok.

I recommend to _purge_ amavis and use something like this for a _1st_ test. 
Dont't forget to correct the line breaks!

/etc/amavis/conf.d/50-user
use strict;
$mydomain = 'client2.local.FQDN';
@local_domains_maps = ( [.$mydomain] );
$sa_tag_level_deflt  = -22.0;  # add spam info headers if at, or above that 
level
$max_servers  =  2;   # number of pre-forked children  (default 2)
$max_requests = 20;   # retire a child after that many accepts (default 10)
$child_timeout=5*60;  # abort child if it does not complete each task in
1;  # insure a defined return

After this everything seems to work for me except clamav:
Jan 27 20:53:07 client2 amavis[4248]: (04248-02) ClamAV-clamd av-scanner 
FAILED: Too many retries to talk to /var/run/clamav/clamd.ctl (Can't connect 
to UNIX socket /var/run/clamav/clamd.ctl: No such file or directory) at (eval 
42) line 266.

For more details see thread ClamAV-clamd: Can't connect to UNIX socket, but 
antivir or bdc put the virus in quarantine without further configuration.

How can I find out which virus-scanner caught the virus? The message below 
doens't help very much:
Scanners detecting a virus: H+BEDV AntiVir or CentralCommand Vexira Antivirus, 
BitDefender

Al


---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnkkid=103432bid=230486dat=121642
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

[AMaViS-user] ClamAV-clamd: Can't connect to UNIX socket

2006-01-27 Thread Al Bogner 
Can anyone help me with this error message please?


Jan 27 20:36:19 client2 amavis[4181]: Using internal av scanner code for 
(primary) ClamAV-clamd

Jan 27 20:53:00 client2 postfix/pickup[4584]: 23A98634D8A: uid=1000 from=ab
Jan 27 20:53:00 client2 postfix/cleanup[5804]: 23A98634D8A: 
message-id=[EMAIL PROTECTED]
Jan 27 20:53:00 client2 postfix/qmgr[4585]: 23A98634D8A: 
from=[EMAIL PROTECTED], size=83487, nrcpt=1 (queue active)
Jan 27 20:53:01 client2 amavis[4248]: (04248-02) ClamAV-clamd: Can't connect 
to UNIX socket /var/run/clamav/clamd.ctl: No such file or directory, retrying 
(2)
Jan 27 20:53:07 client2 amavis[4248]: (04248-02) ClamAV-clamd av-scanner 
FAILED: Too many retries to talk to /var/run/clamav/clamd.ctl (Can't connect 
to UNIX socket /var/run/clamav/clamd.ctl: No such file or directory) at (eval 
42) line 266.
Jan 27 20:53:09 client2 postfix/smtpd[5813]: connect from 
localhost.localdomain[127.0.0.1]
Jan 27 20:53:09 client2 postfix/smtpd[5813]: A720A634D90: 
client=localhost.localdomain[127.0.0.1]
Jan 27 20:53:09 client2 postfix/cleanup[5804]: A720A634D90: 
message-id=[EMAIL PROTECTED]
Jan 27 20:53:09 client2 postfix/qmgr[4585]: A720A634D90: from=, size=2474, 
nrcpt=1 (queue active)
Jan 27 20:53:09 client2 postfix/cleanup[5804]: B5C7B634D91: 
message-id=[EMAIL PROTECTED]
Jan 27 20:53:09 client2 postfix/qmgr[4585]: B5C7B634D91: from=, size=2624, 
nrcpt=1 (queue active)
Jan 27 20:53:09 client2 amavis[4248]: (04248-02) Blocked INFECTED 
(Worm/Sober.Y),  - [EMAIL PROTECTED], 
quarantine: /var/lib/amavis/quarantine, Message-ID: 
[EMAIL PROTECTED], mail_id: YG8zA8G2meOA, Hits: 
-, 9587 ms
Jan 27 20:53:09 client2 postfix/smtp[5806]: 23A98634D8A: 
to=[EMAIL PROTECTED], orig_to=ab, relay=127.0.0.1[127.0.0.1], 
delay=9, status=sent (250 2.7.1 Ok, discarded, id=04248-02 - VIRUS: 
Worm/Sober.Y, Worm/Sober.Y)
Jan 27 20:53:09 client2 postfix/qmgr[4585]: 23A98634D8A: removed
Jan 27 20:53:09 client2 postfix/smtpd[5813]: disconnect from 
localhost.localdomain[127.0.0.1]
Jan 27 20:53:09 client2 postfix/local[5814]: A720A634D90: 
to=[EMAIL PROTECTED], relay=local, delay=0, status=sent 
(forwarded as B5C7B634D91)
Jan 27 20:53:09 client2 postfix/qmgr[4585]: A720A634D90: removed
Jan 27 20:53:09 client2 postfix/smtp[5815]: B5C7B634D91: to=[EMAIL 
PROTECTED], 
orig_to=[EMAIL PROTECTED], relay=gw.local.FQDN[192.168.1.99], 
delay=0, status=sent (250 Ok: queued as C974557E800)
Jan 27 20:53:09 client2 postfix/qmgr[4585]: B5C7B634D91: removed


ls /var/run/clamav/
freshclam.pid

Al


---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnkkid=103432bid=230486dat=121642
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

Re: [AMaViS-user] ClamAV-clamd: Can't connect to UNIX socket

2006-01-27 Thread Gary V 
Al wrote:

 Can anyone help me with this error message please?

 Jan 27 20:53:01 client2 amavis[4248]: (04248-02) ClamAV-clamd: Can't connect
 to UNIX socket /var/run/clamav/clamd.ctl: No such file or directory, retrying 
 (2)
 Jan 27 20:53:07 client2 amavis[4248]: (04248-02) ClamAV-clamd av-scanner 
 FAILED: Too many retries to talk to /var/run/clamav/clamd.ctl (Can't connect 
 to UNIX socket /var/run/clamav/clamd.ctl: No such file or directory) at (eval


First off, have you installed clamav-daemon? If not, do so.
Either way, you need to add the clamav user to the amavis group and
then restart both programs:

gpasswd -a clamav amavis
/etc/init.d/amavis stop
/etc/init.d/clamav-daemon stop
/etc/init.d/clamav-daemon start
/etc/init.d/amavis start

http://www200.pair.com/mecham/spam/clamav-amavisd-new.html

Gary V



---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnkkid=103432bid=230486dat=121642
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

Re: [AMaViS-user] Connection refused (port 10024)

2006-01-27 Thread Al Bogner 
Am Freitag, 27. Januar 2006 20:54 schrieb Gary V:

  I don't have  /usr/share/amavis/conf.d/20-package

 I wonder if your install is incomplete. I have:

 # ls -l /usr/share/amavis/conf.d/
 -rw-r--r--1 root root  855 Dec 27 08:56 10-debian_scripts
 -rw-r--r--1 root root  648 Dec 27 08:56 20-package

 AFAIK the init script will not start amavisd-new if this directory
 does not exist. Maybe it does but you are missing the 20-package file
 which would be fine if you are. You would not be fine if the
 10-debian_scripts file was missing however

It looks like Debian goes its own way. I don't see a 20-package, neither in 
etch nor in sarge

apt-cache policy amavisd-new
amavisd-new:
  Installiert:1:2.3.3-2
  Mögliche Pakete:1:2.3.3-2
  Versions-Tabelle:
 1:2.3.3-4 0
500 ftp://ftp.at.debian.org sid/main Packages
500 ftp://ftp.freenet.de sid/main Packages
 *** 1:2.3.3-2 0
900 ftp://ftp.at.debian.org etch/main Packages
900 ftp://ftp.freenet.de etch/main Packages


dpkg -c /var/cache/apt/archives/amavisd-new_1%3a2.3.3-2_all.deb | cut -c21-200 
| grep /etc/amavis/
 0 2005-12-27 16:56:48 ./etc/amavis/
 0 2005-12-27 16:56:48 ./etc/amavis/conf.d/
  1455 2005-12-27 16:56:47 ./etc/amavis/conf.d/01-debian
   473 2005-12-27 16:56:47 ./etc/amavis/conf.d/05-node_id
 13115 2005-12-27 16:56:47 ./etc/amavis/conf.d/15-av_scanners
   554 2005-12-27 16:56:47 ./etc/amavis/conf.d/15-content_filter_mode
  8867 2005-12-27 16:56:47 ./etc/amavis/conf.d/20-debian_defaults
  2130 2005-12-27 16:56:47 ./etc/amavis/conf.d/30-template_localization
   318 2005-12-27 16:56:47 ./etc/amavis/conf.d/50-user
 0 2005-12-27 16:56:48 ./etc/amavis/en_US/
   170 2005-12-27 16:56:47 ./etc/amavis/en_US/charset
  2129 2005-12-27 16:56:47 ./etc/amavis/en_US/template-dsn.txt
  1089 2005-12-27 16:56:47 ./etc/amavis/en_US/template-spam-admin.txt
   796 2005-12-27 16:56:47 ./etc/amavis/en_US/template-spam-sender.txt
  1522 2005-12-27 16:56:47 ./etc/amavis/en_US/template-virus-admin.txt
  1090 2005-12-27 16:56:47 ./etc/amavis/en_US/template-virus-recipient.txt
  2828 2005-12-27 16:56:47 ./etc/amavis/en_US/template-virus-sender.txt
   983 2005-12-27 16:56:47 ./etc/amavis/README.l10n


Sarge-Backport:

apt-cache policy amavisd-new
amavisd-new:
  Installiert:1:2.3.3-3bpo1
  Mögliche Pakete:1:2.3.3-3bpo1
  Versions-Tabelle:
 *** 1:2.3.3-3bpo1 0
500 http://www.backports.org sarge-backports/main Packages
100 /var/lib/dpkg/status
 20030616p10-5 0
400 ftp://ftp.at.debian.org sarge/main Packages
400 ftp://debian.inode.at sarge/main Packages



dpkg -c /var/cache/apt/archives/amavisd-new_1%3a2.3.3-3bpo1_all.deb | cut 
-c21-200 | grep /etc/amavis/
 0 2006-01-21 19:32:31 ./etc/amavis/
   983 2006-01-21 19:32:31 ./etc/amavis/README.l10n
 0 2006-01-21 19:32:31 ./etc/amavis/conf.d/
  1455 2006-01-21 19:32:31 ./etc/amavis/conf.d/01-debian
   692 2006-01-21 19:32:31 ./etc/amavis/conf.d/05-domain_id
   235 2006-01-21 19:32:31 ./etc/amavis/conf.d/05-node_id
 13115 2006-01-21 19:32:31 ./etc/amavis/conf.d/15-av_scanners
   554 2006-01-21 19:32:31 ./etc/amavis/conf.d/15-content_filter_mode
  8982 2006-01-21 19:32:31 ./etc/amavis/conf.d/20-debian_defaults
  2130 2006-01-21 19:32:31 ./etc/amavis/conf.d/30-template_localization
   318 2006-01-21 19:32:31 ./etc/amavis/conf.d/50-user
 0 2006-01-21 19:32:31 ./etc/amavis/en_US/
   170 2006-01-21 19:32:31 ./etc/amavis/en_US/charset
  2129 2006-01-21 19:32:31 ./etc/amavis/en_US/template-dsn.txt
  1089 2006-01-21 19:32:31 ./etc/amavis/en_US/template-spam-admin.txt
   796 2006-01-21 19:32:31 ./etc/amavis/en_US/template-spam-sender.txt
  1522 2006-01-21 19:32:31 ./etc/amavis/en_US/template-virus-admin.txt
  1090 2006-01-21 19:32:31 ./etc/amavis/en_US/template-virus-recipient.txt
  2828 2006-01-21 19:32:31 ./etc/amavis/en_US/template-virus-sender.txt

Al


---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnkkid3432bid#0486dat1642
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

Re: [AMaViS-user] Connection refused (port 10024)

2006-01-27 Thread Gary V 
Al wrote:

 Am Freitag, 27. Januar 2006 20:54 schrieb Gary V:

  I don't have  /usr/share/amavis/conf.d/20-package

 I wonder if your install is incomplete. I have:

 It looks like Debian goes its own way. I don't see a 20-package, neither in 
 etch nor in sarge

Display it without grepping stuff out.

 dpkg -c /var/cache/apt/archives/amavisd-new_1%3a2.3.3-2_all.deb | cut 
 -c21-200 
 | grep /etc/amavis/

Here is mine:
http://www200.pair.com/mecham/spam/package.txt

Gary V



---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnkkid=103432bid=230486dat=121642
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

Re: [AMaViS-user] Connection refused (port 10024)

2006-01-27 Thread Al Bogner 
Am Freitag, 27. Januar 2006 22:19 schrieb Gary V:

 Here is mine:
 http://www200.pair.com/mecham/spam/package.txt

Now I found it, it is in /usr/share/amavis/conf.d/20-package
I always thought it has to be in /etc/amavis/conf.d/

My version without comments:
/usr/share/amavis/conf.d/20-package
use strict;
@bypass_virus_checks_maps  = (1);  # DISABLE anti-virus code by default
@bypass_spam_checks_maps  = (1);  # DISABLE anti-spam code by default
1;  # insure a defined return

But these variables are here too:

with comments:


cat /etc/amavis/conf.d/15-content_filter_mode
use strict;

# You can modify this file to re-enable SPAM checking through spamassassin
# and to re-enable antivirus checking.

#
# Default antivirus checking mode
# Uncomment the two lines below to enable it back
#

@bypass_virus_checks_maps = (
   \%bypass_virus_checks, [EMAIL PROTECTED], 
\$bypass_virus_checks_re);


#
# Default SPAM checking mode
# Uncomment the two lines below to enable it back
#

@bypass_spam_checks_maps = (
   \%bypass_spam_checks, [EMAIL PROTECTED], \$bypass_spam_checks_re);

1;  # insure a defined return



Al


---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnkkid=103432bid=230486dat=121642
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

Re: [AMaViS-user] ClamAV-clamd: Can't connect to UNIX socket

2006-01-27 Thread Al Bogner 
Am Freitag, 27. Januar 2006 21:19 schrieb Gary V:

 First off, have you installed clamav-daemon? If not, do so.
 Either way, you need to add the clamav user to the amavis group and
 then restart both programs:

 gpasswd -a clamav amavis

Thanks Gary,

you are great. Since I am testing amavisd-new (old and new version) I forgot 
to modify the group. But there is still a problem.


Jan 27 22:33:28 client2 amavis[4235]: (04235-01) ask_av (ClamAV-clamd) FAILED 
- unexpected result: /var/lib/amavis/tmp/amavis-20060127T223327-04235/parts: 
Access denied. ERROR\n

For more details, please see http://members.inode.at/pinguin/mail.log.txt 
(mail with attachment was forwarded to mod)

I don't understand primary and secondary av scanner.

Found primary av scanner H+BEDV AntiVir or CentralCommand Vexira Antivirus 
at /usr/bin/antivir
Found primary av scanner BitDefender at /usr/bin/bdc
Using internal av scanner code for (primary) check-jpeg
Found secondary av scanner ClamAV-clamscan at /usr/bin/clamscan
Found secondary av scanner FRISK F-Prot Antivirus at /usr/bin/f-prot

I want that the mail is checked with all 4 scanners.


Al


---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnkkid=103432bid=230486dat=121642
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

Re: [AMaViS-user] Applying different banned rules per recipient

2006-01-27 Thread Michael Hall 
On Sat, Jan 14, 2006 at 01:26:18AM +0100, Mark Martinec wrote:
 Brian,
 
  I would like to exclude a recipient from my site-wide banned rules,
  yet be subject to another set of banned rules which is slightly
  different from the site-wide one. Is this possible?
  In my specific case, these users need to receive a certain file type,
  yet everyone else shouldnt be receiving this type.I would like a
  maintainable method of creating such exceptions.
 
 It should be possible to have per-recipient banning rules.
 See release notes of 2.3.0 where it was first introduced.
 
  I use LDAP, and the attribute 'amavisBannedRuleNames' has me believing
  I can create a named set of banned rules and reference them in the
  users lookup table. Much like having different behavior in a policy
  bank. Am I misinterpreting this attribute? If not, how can I go about
  setting this up?
 
 It has indeed been reported before I believe that this does not work with 
 LDAP, but I never got around to locate and fix the problem, mostly because
 I'm not running LDAP myself. The bug should not be that deep, I would 
 appreciate help here from interested parties.

I've submitted and Mark has incorporated a patch to fix this issue.

My initial post of it got stuck in moderation, for the benefit of those
who want to try it below is the patch to 'amavisd'. Its undoubtly mangled
but you should get the idea of what changed, basically the attribute was
change from multi-valued to single-valued and is a comma-seperated list
of rule names (same as with SQL lookups. The full patch also includes,
schema, documentation updates as well.

diff -urN amavisd-new-2.3.3.orig/amavisd amavisd-new-2.3.3/amavisd
--- amavisd-new-2.3.3.orig/amavisd  Wed Jan 25 21:38:12 2006
+++ amavisd-new-2.3.3/amavisd   Wed Jan 25 21:45:22 2006
@@ -6675,7 +6675,7 @@
   unshift(@Amavis::Conf::spam_admin_maps,  $lf-('amavisSpamAdmin',
  'S-'));
   unshift(@Amavis::Conf::banned_admin_maps,$lf-('amavisBannedAdmin
','S-'));
   unshift(@Amavis::Conf::bad_header_admin_maps,$lf-('amavisBadHeaderAd
min', 'S-'));
-  unshift(@Amavis::Conf::banned_filename_maps, $lf-('amavisBannedRuleN
ames','L-'));
+  unshift(@Amavis::Conf::banned_filename_maps, $lf-('amavisBannedRuleN
ames','S-'));
   section_time('ldap-prepare');
 }
 if (defined $sql_policy  !$implicit_maps_inserted) {
@@ -10743,9 +10743,7 @@
 amavisBadHeaderAdmin amavisBannedRuleNames
   );
 
-  @mv_ldap_attrs = qw(amavisBlacklistSender amavisWhitelistSender
-amavisBannedRuleNames
-  );
+  @mv_ldap_attrs = qw(amavisBlacklistSender amavisWhitelistSender);
 }
 
 sub new {

--
Nobody cares if you can't dance well. Just get up and dance.

Mike Hall,
System Admin - Rock Island Communications   [EMAIL PROTECTED]
System Admin - riverside.org, ssdd.org  [EMAIL PROTECTED]


---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnkkid=103432bid=230486dat=121642
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

Re: [AMaViS-user] Connection refused (port 10024)

2006-01-27 Thread Gary V 
Al wrote:

 Am Freitag, 27. Januar 2006 22:19 schrieb Gary V:

 Here is mine:
 http://www200.pair.com/mecham/spam/package.txt

 Now I found it, it is in /usr/share/amavis/conf.d/20-package
 I always thought it has to be in /etc/amavis/conf.d/

 My version without comments:
 /usr/share/amavis/conf.d/20-package
 use strict;
 @bypass_virus_checks_maps  = (1);  # DISABLE anti-virus code by default
 @bypass_spam_checks_maps  = (1);  # DISABLE anti-spam code by default
 1;  # insure a defined return

 But these variables are here too:
 with comments:

 cat /etc/amavis/conf.d/15-content_filter_mode

 use strict;
 # You can modify this file to re-enable SPAM checking through spamassassin
 # and to re-enable antivirus checking.
 # Default antivirus checking mode
 # Uncomment the two lines below to enable it back
 @bypass_virus_checks_maps = (
\%bypass_virus_checks, [EMAIL PROTECTED], 
 \$bypass_virus_checks_re);
 # Default SPAM checking mode
 # Uncomment the two lines below to enable it back
 @bypass_spam_checks_maps = (
\%bypass_spam_checks, [EMAIL PROTECTED], \$bypass_spam_checks_re);
 1;  # insure a defined return

 Al

You need to edit:
/usr/share/amavis/conf.d/20-package
and comment both of those out:
# @bypass_virus_checks_maps  = (1);  # DISABLE anti-virus code by default
# @bypass_spam_checks_maps  = (1);  # DISABLE anti-spam code by default

I don't think you need to change anything in 
/etc/amavis/conf.d/15-content_filter_mode

The thing is, how are you starting amavisd-new? If you start
amavisd-new with:
~# amavisd-new start
it will use the configuration in /etc/amavis/amavisd.conf
and if you start it using the init script supplied with version 2.3.3
'/etc/init.d/amavis start' it will use the all the files in:

/usr/share/amavis/conf.d/
and
/etc/amavis/conf.d/

Other than that, I can't figure out how your system would be doing
virus checks with virus checks globally bypassed. On my test system
commenting out the @bypass settings in /usr/share/amavis/conf.d/20-package
does flip the checks on.

I have filed 3 bug reports with the maintainers today.

Gary V



---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnkkid=103432bid=230486dat=121642
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/