[AMaViS-user] Temporary dir
Hello, I have problem with the directory tmp inside the home directory of the user running amavisd-new (which use spamassassin). That directory is configured as temporary dir for Amavisd-new. I mounted on it a tmpfs file system. The size of the partition is the one suggested for this job (to do the temporary directory for amavisd-new). But Often it filled up. I saw the other files (directory) is contained inside that directory.. drwx-- 2 amavis amavis 180 May 21 13:01 .spamassassin5530r7wcrVtmp drwx-- 2 amavis amavis 180 May 21 12:06 .spamassassin7237wyAuoBtmp drwx-- 2 amavis amavis 180 May 21 12:06 .spamassassin7288uoiiXPtmp drwx-- 2 amavis amavis 180 May 21 12:06 .spamassassin7289MYWBOwtmp drwx-- 2 amavis amavis 180 May 21 12:06 .spamassassin7289QcqPY2tmp drwx-- 2 amavis amavis 180 May 21 12:06 .spamassassin7289sijshHtmp drwx-- 2 amavis amavis 180 May 21 12:06 .spamassassin7297BbAzmltmp drwx-- 2 amavis amavis 180 May 21 12:06 .spamassassin7418uqGnv3tmp and I can't figure out why they are there! Have someone an idea? thanks rocsca - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Amavisd-new and syslog
Paul, I just installed amavisd-new-2.5.0 on my Mac OS X system (version 10.4.9). It seems to work fine, except when the daily log roll happens. When this occurs, logging from amavisd stops for a while, and then starts up again. Yes, MacOSX uses postfix. I grep'd for this message and I didn't see it. I don't think that postfix is getting delayed because I see log messages from postfix showing connections and delivery, and even postfix/lmtp. My point is that mail still seems to flow, and I'm still getting log messages (i.e. from postfix and imapd). Everything seems to be working, except for the logging from amavisd (I even get new quarantined messages). Other ideas? I really think this is a perl/syslog issue, and I hope there is a better solution than what I'm trying. It is quite possible this is a syslog issue (client side). The problem is that neither the Unix::Syslog nor the syslog(3) man page tells anything about status returned or its use of ERRNO, so my sub write_log intentionally ignores status and errno of a Unix::Syslog::syslog call. This is quite ugly, and could well explain the problem you are seeing. Perhaps this is just a documentation omission in Unix::Syslog and syslog(3) and a meaningful status _is_ returned - but since it is not documented, the behaviour may vary from one Unix to another. I'm not sure what would be the best solution. I'd be interested if you come up with a reliable solution. Don't forget to set: $! = 0; before calling Unix::Syslog::syslog, if the intention is to check the $! after the call. Note that even if $! is nonzero, there is no guarantee that some intermediate step within some system routine would set it to nonzero, but still complete successfully. This is why system routines return their status as a function result - with an unfortunate exception of syslog. Mark - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] (no subject)
I get these warning.. WARNING: bad headers - Improper use of control character (char 0D hex): Subject: Richiesta di Invio Schede Prodotto\r \n I saw the amavisd.conf: # for defanging bad headers only turn on certain minor contents categories: $defang_by_ccat{+CC_BADH.,3} = 1; # NUL or CR character in header Should I comment it or what I have to do to disable this check? What is it implies? rocsca - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] workround for bad headers
I get these warning.. WARNING: bad headers - Improper use of control character (char 0D hex): Subject: Richiesta di Invio Schede Prodotto\r \n I saw the amavisd.conf: # for defanging bad headers only turn on certain minor contents categories: $defang_by_ccat{+CC_BADH.,3} = 1; # NUL or CR character in header Should I comment it or what I have to do to disable this check? What is it implies? rocsca - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Amavisd-new and syslog
Paul, could you please try with the following replacement subroutine write_log: # Log either to syslog or to a file sub write_log($$$;@) { my($level,$am_id,$errmsg,@args) = @_; $am_id = !defined $am_id ? '' : ($am_id) ; # treat $errmsg as sprintf format string if additional arguments provided if (@args index($errmsg,'%') = 0) { $errmsg = sprintf($errmsg,@args) } $errmsg = Amavis::Util::sanitize_str($errmsg); # my($old_locale) = POSIX::setlocale(LC_TIME,C); # English dates required! # if (length($errmsg) 2000) { # crop at some arbitrary limit ( LINE_MAX) # $errmsg = substr($errmsg,0,2000) . ...; # } my($alert_mark) = $level = 0 ? '' : $level = -1 ? '(!)' : '(!!)'; if ($do_syslog !$log_to_stderr) { # never go below this priority level my($prio) = $syslog_prio_name_to_num{uc(c('syslog_priority'))}; if($level2) { $prio = LOG_DEBUG if $prio LOG_DEBUG } elsif ($level = 1) { $prio = LOG_INFOif $prio LOG_INFO} elsif ($level = 0) { $prio = LOG_NOTICE if $prio LOG_NOTICE } elsif ($level = -1) { $prio = LOG_WARNING if $prio LOG_WARNING } elsif ($level = -2) { $prio = LOG_ERR if $prio LOG_ERR } else { $prio = LOG_CRITif $prio LOG_CRIT} my($firstlogerr,$lastlogerr); my($retries) = 0; for (;;) { # retry a couple of times in case of syslog errors if (c('syslog_ident')ne $current_syslog_ident || c('syslog_facility') ne $current_syslog_facility) { close_log() if !defined($current_syslog_ident) !defined($current_syslog_facility); open_log(); } undef $lastlogerr; my($pre) = $alert_mark; my($logline_size) = 980; # less than (1023 - prefix) while (length($am_id)+length($pre)+length($errmsg) $logline_size) { my($avail) = $logline_size - length($am_id . $pre . ...); $! = 0; syslog($prio, %s, $am_id . $pre . substr($errmsg,0,$avail) . ...); $lastlogerr = $! if $! != 0 !defined($lastlogerr); $pre = $alert_mark . ...; $errmsg = substr($errmsg, $avail); } $! = 0; syslog($prio, %s, $am_id . $pre . $errmsg); $lastlogerr = $! if $! != 0 !defined($lastlogerr); last if !defined($lastlogerr) || $retries = 10; $firstlogerr = $lastlogerr if defined($lastlogerr) !defined($firstlogerr); sleep(1); $retries++; } if (!defined($lastlogerr) $retries == 0) { # logged successfully on the first attempt } elsif (!defined($lastlogerr)) { # logged on a subsequent attempt syslog(LOG_INFO, %s, sprintf(%sSuccessfully logged after %d retries: %s, $am_id,$retries,$firstlogerr)); } else { # logging failure, desperately try one more time my($msg) = sprintf(%s(!!)Syslog failure, %d retries: %s, $am_id,$retries,$firstlogerr); print STDERR ($msg, \n); sleep(10); syslog(LOG_ERR, %s, $msg); } } else { my($prefix) = sprintf(%s %s %s[%s]: , # prepare syslog-like prefix strftime(%b %e %H:%M:%S,localtime), c('myhostname'), $myname, $$); if (defined $loghandle !$log_to_stderr) { lock($loghandle); seek($loghandle,0,2) or die Can't position log file to its tail: $!; $loghandle-print($prefix, $am_id, $alert_mark, $errmsg, \n) or die Error writing to log file: $!; unlock($loghandle); } else { print STDERR ($prefix, $am_id, $alert_mark, $errmsg, \n) or die Error writing to STDERR: $!; } } # POSIX::setlocale(LC_TIME, $old_locale); } -- Mark - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] workround for bad headers
Rocco, I get these warning.. WARNING: bad headers - Improper use of control character (char 0D hex): Subject: Richiesta di Invio Schede Prodotto\r \n If this is coming from your clients, these really need to be fixed, using a bare CR within a header is an ugly offense. Allowing such headers may lead careless mail clients to think a header field ends there. I saw the amavisd.conf: # for defanging bad headers only turn on certain minor contents categories: $defang_by_ccat{+CC_BADH.,3} = 1; # NUL or CR character in header Should I comment it or what I have to do to disable this check? Removing this line prevents defanging (pushing original mail contents into an attachment), but does not disable a check or a warning it creates. You probably want: $allowed_header_tests{'control'} = 0; Search for '%allowed_header_tests' in RELEASE_NOTES. Mark - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Temporary dir
Rocco, I have problem with the directory tmp inside the home directory of the user running amavisd-new (which use spamassassin). That directory is configured as temporary dir for Amavisd-new. I mounted on it a tmpfs file system. The size of the partition is the one suggested for this job (to do the temporary directory for amavisd-new). I never suggested using a tmpfs for temporary files. Under a decent journalling or UFS file system I don't think any (small) savings are worth the risk of having a file system too small, or wasting unnecessary memory. But Often it filled up. I saw the other files (directory) is contained inside that directory.. drwx-- 2 amavis amavis 180 May 21 13:01 .spamassassin5530r7wcrVtmp drwx-- 2 amavis amavis 180 May 21 12:06 .spamassassin7237wyAuoBtmp and I can't figure out why they are there! If we are referring to: http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5444 these files should eventually get deleted automatically. Nevertheless, according to SA documentation the current calling method (since SA 3.0.0) lacks a call to $mail_obj-finish. The following patch should fix it: --- amavisd.origMon Apr 23 05:25:30 2007 +++ amavisd Mon May 21 18:22:45 2007 @@ -17542,5 +17542,5 @@ sub call_spamassassin($$$) { my($self,$msginfo,$lines) = @_; - my($which_section); my($per_msg_status); + my($which_section); my($mail_obj,$per_msg_status); my($saved_umask) = umask; my($saved_pid) = $$; my($spamassassin_obj) = $self-{'spamassassin_obj'}; @@ -17567,7 +17567,8 @@ do_log(5,calling SA parse, SA version %s, %.6f, $sa_version, $sa_version_num); -my($mail_obj) = $sa_version_num = 3 ? $spamassassin_obj-parse($lines) +$mail_obj = $sa_version_num = 3 ? $spamassassin_obj-parse($lines) : Mail::SpamAssassin::NoMailAudit-new(data = $lines, add_From_line = 0); +undef $lines; # release storage, SA made its own copy section_time($which_section); @@ -17607,4 +17608,6 @@ if (defined $per_msg_status) { $per_msg_status-finish; undef $per_msg_status } + if (defined $mail_obj $sa_version_num = 3) +{ $mail_obj-finish; undef $mail_obj } umask($saved_umask); # SA changes umask to 0077 if ($$ != $saved_pid) { -- Mark - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] workround for bad headers
I get these warning.. WARNING: bad headers - Improper use of control character (char 0D hex): Subject: Richiesta di Invio Schede Prodotto\r \n If this is coming from your clients, these really need to be fixed, using a bare CR within a header is an ugly offense. Allowing such headers may lead careless mail clients to think a header field ends there. I saw the amavisd.conf: # for defanging bad headers only turn on certain minor contents categories: $defang_by_ccat{+CC_BADH.,3} = 1; # NUL or CR character in header Should I comment it or what I have to do to disable this check? Removing this line prevents defanging (pushing original mail contents into an attachment), but does not disable a check or a warning it creates. You probably want: $allowed_header_tests{'control'} = 0; Search for '%allowed_header_tests' in RELEASE_NOTES. Thanks a lot Mark.. Could I disable the check only for incoming mail? rocsca - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] workround for bad headers
rocsca, You probably want: $allowed_header_tests{'control'} = 0; Search for '%allowed_header_tests' in RELEASE_NOTES. Could I disable the check only for incoming mail? Yes, you can disable the setting globally, and re-enable it for locally originating mail with a help of a policy bank, e.g.: $allowed_header_tests{'control'} = 0; $policy_bank{'MYNETS'} = { allowed_header_tests = {'control' = 1}, }; Mark - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] final_*_destiny DISCARD uses SMTP code 254
Leo, I've encountered problems concerning mails DISCARDed by amavis. Some mailers (e.g. SurfControl RiskFilter) will interpret the SMTP status code 254 used by amavis as a temporary error. This is direct violation of a MUST in rfc2822, complain to the vendor. rfc2822, section 4.2: Consequently, a sender-SMTP MUST be prepared to handle codes not specified in this document and MUST do so by interpreting the first digit only. I suppose that the reason for this is that status code 254 is not defined by RFC2821. While 2yz states a Positive Completion reply and x5z correctly corresponds to the category Mail system, the actually used code of 254 is not mentioned explicitly. [1] Concerning new status codes, the RFC suggests: 8 On the other hand, the reply codes must strictly follow the specifications in this section. Receiver implementations should not invent new codes for slightly different situations from the ones described here, but rather adapt codes already defined. 8 Although section 4.2.5 suggests that any 2yz code in reply to a DATA command transfers responsibility for mail-delivery to the receiver, maybe using the existing code 250 and thus sending 250 2.7.0 Ok, discarded ... whould be a safer way of signalling that the mail will be accepted but discarded. You are quite right, turning: 554 5.7.0 Ok, discarded, id=... - VIRUS: ... into: 254 2.7.0 Ok, discarded, id=... - VIRUS: ... is not good practice (violates a SHOULD), it should be: 250 2.7.0 Ok, discarded, id=... - VIRUS: ... The following patch fixes it: --- amavisd~Mon Apr 23 05:25:30 2007 +++ amavisd Mon May 21 19:10:15 2007 @@ -9017,5 +9017,6 @@ if ($final_destiny == D_DISCARD) { local($1,$2); - $status =~ s{^5(\d\d) 5(\.\d\.\d)\z}{2$1 2$2}; # 5xx - 2xx +# $status =~ s{^5(\d\d) 5(\.\d\.\d)\z}{2$1 2$2}; # 5xx - 2xx + $status =~ s{^5(\d\d) 5(\.\d\.\d)\z}{250 2$2}; # 5xx - 250 } my($response) = $status . ' ' . Thanks for pointing it out. Mark - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] final_*_destiny DISCARD uses SMTP code 254
On 05/21/2007 07:24 PM, Mark Martinec wrote: I've encountered problems concerning mails DISCARDed by amavis. Some mailers (e.g. SurfControl RiskFilter) will interpret the SMTP status code 254 used by amavis as a temporary error. This is direct violation of a MUST in rfc2822, complain to the vendor. Yes, I'll do. [...] Although section 4.2.5 suggests that any 2yz code in reply to a DATA command transfers responsibility for mail-delivery to the receiver, maybe using the existing code 250 and thus sending 250 2.7.0 Ok, discarded ... whould be a safer way of signalling that the mail will be accepted but discarded. You are quite right, turning: 554 5.7.0 Ok, discarded, id=... - VIRUS: ... into: 254 2.7.0 Ok, discarded, id=... - VIRUS: ... is not good practice (violates a SHOULD), it should be: 250 2.7.0 Ok, discarded, id=... - VIRUS: ... The following patch fixes it: --- amavisd~ Mon Apr 23 05:25:30 2007 +++ amavisd Mon May 21 19:10:15 2007 @@ -9017,5 +9017,6 @@ if ($final_destiny == D_DISCARD) { local($1,$2); - $status =~ s{^5(\d\d) 5(\.\d\.\d)\z}{2$1 2$2}; # 5xx - 2xx +# $status =~ s{^5(\d\d) 5(\.\d\.\d)\z}{2$1 2$2}; # 5xx - 2xx + $status =~ s{^5(\d\d) 5(\.\d\.\d)\z}{250 2$2}; # 5xx - 250 } my($response) = $status . ' ' . Thanks, I did already apply exactly that fix. (Including the comment. ;)) Cheers, --leo -- e-mail ::: Alexander.Bergolth (at) wu-wien.ac.at fax ::: +43-1-31336-906050 location ::: Computer Center | Vienna University of Economics | Austria - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] getting regular expressions into local_domains_maps?
[EMAIL PROTECTED], I'm trying to use amavis + postfix with virtual users, with an extra twist: a wildcard virtual domain. This is configured in postfix with a regexp file: virtual_mailbox_domains = regexp:/etc/postfix/vhosts/domains which looks like this: /customer1\.com/ virtual: /customer2\.org/ virtual: /.*\.customer3\.org/ virtual: You should anchor regular expressions as appropriate! /@customer1\.com$/ /@customer2\.org$/ /\.customer3\.org$/ There is no need for using regular expressions in above examples, both the Postfix hash and the amavisd-new hash or lists handle cases like the above just fine. See README.lookups. What I want to do is stuff this file into local_domains_maps, so that I can get spam headers added. Looking at the code, I see that the lookup function will call lookup_re for isa('Amavis::Lookup::RE'), but not being a perl person, I have no idea how to create such a beast. I see functions for read_hash and read_array... A read_regexp function that would take the above file and stuff it into local_domains_maps would be just what I'm looking for... There are several examples of regexp use in amavisd.conf-sample. @local_domains_maps = ( new_RE( qr'[EMAIL PROTECTED]'i, qr'@mx\.customers-\d+\.example\.com$'i, qr'@[EMAIL PROTECTED]'i, ), ); but other suggestions (_besides_ don't use wildcards) would be greatly appreciated! Don't use wildcards :) Mark - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] amavisd, postfix and dkfilter?
Charlie, Is anyone using amavisd with postfix and dkfilter? I need to attach domain keys to my outgoing mail and am getting confused. dkfilter wants to be a content_filter and if I'm seeing this correctly, it seems that postfix can only have one content_filter and that needs to be amavisd. Help, pointers to documentation, etc. are appreciated. Like Eray Aslan wrote, start with: http://www.ijs.si/software/amavisd/amavisd-new-docs.html#dkim If the intention is signing, then the signing filter should preferably be positioned after a content filter, not before it, e.g. postfix - amavisd - DKIM Proxy - postfix or: postfix - amavisd - postfix | dkim-milter Note that the use of dkfilter (based on Mail::DomainKays) is not recommended. DomainKeys is now treated as a historical document, all new uses should use DKIM. There are several architectural (and implementational) problem with it, e.g. treating of repeated header fields such as 'Received'. Google has switched by now (earlier this year). http://www.ijs.si/software/amavisd/amavisd-new-docs.html#dkim : On the other hand there exists a dkfilter SMTP-proxy by the same author, which calls a Perl module Mail::DomainKays, which in turn is not recommended because of its design limitation which requires loading the whole message into memory. $ man Mail::DomainKeys NAME Mail::DomainKeys - A perl implementation of DomainKeys CAVEAT THIS MODULE IS OFFICIALLY UNSUPPORTED. Please move on to DKIM like a responsible Internet user. I have. I will leave this module here on CPAN for a while, just in case someone has grown to depend on it. It is apparent that DK will not be the way of the future. Thus, it is time to put this module to ground before it causes any further harm. Thanks for your support, Anthony $ man Mail::SpamAssassin::Plugin::DomainKeys Note that if the Mail::SpamAssassin::Plugin::DKIM plugin is installed with Mail::DKIM version 0.20 or later, that plugin will also perform Domain Key lookups on DomainKey-Signature headers, in which case this plugin is redundant. Here is author's note from module Mail::DomainKeys version 1.0: THIS MODULE IS OFFICIALLY UNSUPPORTED. Please move on to DKIM like a responsible Internet user. I have. Mark - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] SaneSecurity malware signatures are not being detected by amavisd-new
Bill, I've noticed that when multiple message parts match different clamav signatures, *all* the signature names must be listed in @virus_name_to_spam_score_maps for it to be considered spam. Yes, as documented in RELEASE_NOTES: [...] When a virus scanner returns names of viruses, and all provided names are matched by the @virus_name_to_spam_score_maps, and no other virus scanner has anything more sinister to report, then a message is _not_ flagged as a virus, but a corresponding spam score is contributed to other spam results [...] This is a key issue here. Your test example after enabling /^MAIL$/ (which requests that a full message is passed to virus scanners, besides each decoded part), clamd starts to report _two_ malware names. As the 'Phishing.Email' was not in your @virus_name_to_spam_score_maps list, such mail did not fulfill the requirement that _all_ reported names must be in the list for the result to be turned into spam, so you ended up with a quarantined 'virus'. So, amavisd-new splits of the headers into a temporary file called email.001 (for example) and the body into a temporary file called email.002 (for example) Not entirely true. There is never a part that would only contain a mail header. Each mail part (i.e. a temporary file to be passed to each virus scanner) contains either a decoded MIME part or an archive component of a mail, or the entire mail (if /^MAIL$/ is in @keep_decoded_original_maps, or if some decoder declares it can not do its job properly, e.g. due to a corrupted or password-protected archive). Steve, thanks for your help in understanding the matter! Mark - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] 2 amavisd instances
Hello fellow listers Hats off to the devs around here for a great piece of software! We are involved in deploying some new servers and we are planning to add a second instance of Postfix/Amavisd-new to our existing instance. My question is this: Do we need to run another full instance of amavisd-new for the new instance of Postfix? Or can I reuse the current instance with some modifications? TiA Dave - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] SaneSecurity malware signatures are not being detected by amavisd-new
Mark Martinec wrote the following on 5/21/2007 5:06 PM -0800: Bill, I've noticed that when multiple message parts match different clamav signatures, *all* the signature names must be listed in @virus_name_to_spam_score_maps for it to be considered spam. Yes, as documented in RELEASE_NOTES: [...] When a virus scanner returns names of viruses, and all provided names are matched by the @virus_name_to_spam_score_maps, and no other virus scanner has anything more sinister to report, then a message is _not_ flagged as a virus, but a corresponding spam score is contributed to other spam results [...] This is a key issue here. Your test example after enabling /^MAIL$/ (which requests that a full message is passed to virus scanners, besides each decoded part), clamd starts to report _two_ malware names. Mark, can you tell me why the Email.Malware are still not detected without enabling /^MAIL$/? I would like to keep virus scan processing to a minimum, but if I disable /^MAIL$/, then Email.Malware messages are not detected. As the 'Phishing.Email' was not in your @virus_name_to_spam_score_maps list, such mail did not fulfill the requirement that _all_ reported names must be in the list for the result to be turned into spam, so you ended up with a quarantined 'virus'. Thanks for the explanation, and thanks to Noel for his assistance in figuring this out off-list over the weekend. Bill - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] SaneSecurity malware signatures are not being detected by amavisd-new
Noel Jones wrote the following on 5/21/2007 9:32 PM -0800: At 09:55 PM 5/21/2007, Bill Landry wrote: Mark, can you tell me why the Email.Malware are still not detected without enabling /^MAIL$/? I would like to keep virus scan processing to a minimum, but if I disable /^MAIL$/, then Email.Malware messages are not detected. Most of the Email.Malware signatures are email type signatures. Clamav must be presented with a file recognizable as an email (Received: headers and other clues) for these signature to even be checked. You must always present clamav with raw email files to use all the published signatures. In addition to the SaneSecurity add-on signatures, most of the official clam Phish signatures are email type, along with several official trojan worm signatures. If you don't set amavisd-new to scan the full email message, you effectively disable all signatures requiring an email message. Okay, then is there any reason to have amavisd-new break e-mail messages up for individual parts scanning? Would it make sense to disable parts scanning and just have amavisd-new only pass the entire raw message to clamd for scanning? Bill - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/