[AMaViS-user] Russion SPAM
Hi, I am running postfix 2.2.4 on Solaris 8 with amavisd-new.2.3.2, SpamAssassin 3.1.0 and Clamav 0.8.7.1 as an AV/AS gateway to my main email system. Twice in last week our Spamassassin didn't detected sort of Russion SPAM where most of the addresses were starting from ann... and most of the domains were .ru Any idea to block this SPAM. MJ --- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnkkid=110944bid=241720dat=121642 ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] Want to allow *.* in .zip format
Hi, I am running postfix 2.2.4 on Solaris 8 with amavisd-new.2.3.2, SpamAssassin 3.1.0 and Clamav 0.8.7.1 as an AV/AS gateway to my main email system. Few weeks ago I uncommented following line of my amavisd.conf to allow .exe files in zip format. I have tested simply by compressing single exe file and sending it thourgh my mail server and it was successfully deliver. [ qr'^\.(zip|rar|arc|arj|zoo)$'= 0 ], # allow any within such archives Today, one our users tried send a zip files containing bunch of files (some of them were .exe and .zip also), but the sender received a bounced message with following error. Diagnostic-Code: smtp; 550 5.7.1 Message content rejected, id=04518-07 - BANNED: multipart/mixed | application/x-zip-compressed,.zip,RouterSim.zip | .exe,.exe-ms,RouterSim2 Can some one tell me why this double standard? Why it works with my tests but not with users sending .exe files in zip format. Thanks, MJ --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnkkid=103432bid=230486dat=121642 ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] Want to allow *.* in .zip format
Hi, I am running postfix 2.2.4 on Solaris 8 with amavisd-new.2.3.2, SpamAssassin 3.1.0 and Clamav 0.8.7.1 as an AV/AS gateway to my main email system. Few weeks ago I uncommented following line of my amavisd.conf to allow .exe files in zip format. I have tested simply by compressing single exe file and sending it thourgh my mail server and it was successfully deliver. [ qr'^\.(zip|rar|arc|arj|zoo)$'= 0 ], # allow any within such archives Today, one our users tried send a zip files containing bunch of files (some of them were .exe and .zip also), but the sender received a bounced message with following error. Diagnostic-Code: smtp; 550 5.7.1 Message content rejected, id=04518-07 - BANNED: multipart/mixed | application/x-zip-compressed,.zip,RouterSim.zip | .exe,.exe-ms,RouterSim2 Can some one tell me why this double standard? Why it works with my tests but not with users sending .exe files in zip format. Thanks, MJ --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnkkid=103432bid=230486dat=121642 ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] How to automatically report SPAM to spamcop
Hi, I am running postfix 2.2.4 on Solaris 8 with amavisd-new.2.3.2, SpamAssassin 3.1.0 and Clamav 0.8.7.1 as an AV/AS gateway to my main email system. Since we are any ISP and we received thousands of SPAM messages I want to report these messages to spamcop. I have gone through the faq's on spamcop site and some docs on spamassassin site but still I didn't get a clear idea how to configure this. Can any one guide me on this. Second question is that am using postfix to check the rbls, is it OK or I need to check this in amavisd? Thanks, MJ --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] Allowing exe files in zip format
Hi, I am running postfix 2.2.4 on Solaris 8 with amavisd-new.2.3.2, SpamAssassin 3.1.0 and Clamav 0.8.7.1 as an AV/AS gateway to my main email system. We want our users to be able to send exe files in compress form (.zip) how can I configure amavisd not to bann exe files in zip format. Thanks, MJ --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
RE: [AMaViS-user] Allowing exe files in zip format
This one would interest me too ... Which var did you passed this option? May you pass the paragraph here? In my debian amavisd.conf is no such uncommentable line. I am using amavisd-new.2.3.2 and by default it has commented line under $banned_filename_re paragraph, I just uncommented. Here is the paragraph MJ -- $banned_filename_re = new_RE( # qr'^UNDECIPHERABLE$', # is or contains any undecipherable components # block certain double extensions anywhere in the base name qr'\.[^./]*[A-Za-z][^./]*\.(exe|vbs|pif|scr|bat|cmd|com|cpl|dll)\.?$'i, # qr'\{[0-9a-z]{4,}(-[0-9a-z]{4,}){0,7}\}?'i, # Class ID extensions - CLSID qr'^application/x-msdownload$'i, # block these MIME types qr'^application/x-msdos-program$'i, qr'^application/hta$'i, # qr'^message/partial$'i, # rfc2046 MIME type # qr'^message/external-body$'i, # rfc2046 MIME type # [ qr'^\.(Z|gz|bz2)$' = 0 ], # allow any in Unix-compressed [ qr'^\.(rpm|cpio|tar)$' = 0 ], # allow any in Unix-type archives [ qr'^\.(zip|rar|arc|arj|zoo)$'= 0 ], # allow any within such archives qr'.\.(exe|vbs|pif|scr|bat|cmd|com|cpl)$'i, # banned extension - basic # qr'.\.(ade|adp|app|bas|bat|chm|cmd|com|cpl|crt|emf|exe|fxp|grp|hlp|hta| #inf|ins|isp|js|jse|lnk|mda|mdb|mde|mdw|mdt|mdz|msc|msi|msp|mst| #ops|pcd|pif|prg|reg|scr|sct|shb|shs|vb|vbe|vbs| #wmf|wsc|wsf|wsh)$'ix, # banned ext - long # qr'.\.(mim|b64|bhx|hqx|xxe|uu|uue)$'i, # banned extension - WinZip vulnerab. qr'^\.(exe-ms)$', # banned file(1) types # qr'^\.(exe|lha|tnef|cab|dll)$', # banned file(1) types ); -- --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] RATWARE_ZERO_TZ
Hi, I am running postfix 2.2.4 on Solaris 8 with amavisd-new.2.3.2, SpamAssassin 3.1.0 and Clamav 0.8.7.1 as an AV/AS gateway to my main email system. Some messages specially from hotmail.com are getting very high scores, specially RATWARE_ZERO_TZ, can some one tell me what is RATWARE_ZERO_TZ and do I need to reduce the score for this? Below is one example header. X-Spam-Status: Yes, hits=8.216 tag=2 tag2=6.31 kill=6.31 tests=[AWL=0.614, BAYES_50=0.001, DNS_FROM_RFC_ABUSE=0.2, DNS_FROM_RFC_POST=1.708, HTML_MESSAGE=0.001, INVALID_TZ_GMT=1.042, MIME_HTML_ONLY=0.001, MSGID_FROM_MTA_HEADER=0, RATWARE_ZERO_TZ=3.196, RCVD_IN_SORBS_WEB=1.456, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] X-Spam-Score: 8.216 Thanks, MJ --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
RE: [AMaViS-user] RATWARE_ZERO_TZ
Thanks Michael, here is another example with full header Received: from hotmail.com (bay20-f13.bay20.hotmail.com [64.4.54.102]) by mailgate2.cyberia.net.sa (Postfix) with ESMTP id A33A71F07EF for [EMAIL PROTECTED]; Tue, 20 Dec 2005 17:44:05 +0300 (GMT) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Tue, 20 Dec 2005 06:44:01 -0800 Message-ID: [EMAIL PROTECTED] Received: from 212.138.113.13 by by20fd.bay20.hotmail.msn.com with HTTP; Tue, 20 Dec 2005 14:44:01 GMT X-Originating-IP: [212.138.x.x] X-Originating-Email: [EMAIL PROTECTED] X-Sender: [EMAIL PROTECTED] From: MJ [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Cyberia Date: Tue, 20 Dec 2005 14:44:01 + Mime-Version: 1.0 Content-Type: text/html; format=flowed X-OriginalArrivalTime: 20 Dec 2005 14:44:01.0705 (UTC) FILETIME=[D1462190:01C60573] X-Spam-Status: Yes, hits=7.111 tag=2 tag2=6.31 kill=6.31 tests=[AWL=1.372, BAYES_50=0.001, DNS_FROM_RFC_ABUSE=0.2, DNS_FROM_RFC_POST=1.708, HTML_50_60=0.134, HTML_MESSAGE=0.001, INVALID_TZ_GMT=0.5, MIME_HTML_ONLY=0.001, MSGID_FROM_MTA_HEADER=0, RATWARE_ZERO_TZ=3.196, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] X-Spam-Score: 7.111 X-Spam-Level: *** X-Spam-Flag: YES --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] SA is blocking messages from hotmail
Hi I am running postfix 2.2.4 on Solaris 8 with amavisd-new.2.3.2, SpamAssassin 3.1.0 and Clamav 0.8.7.1 as an AV/AS gateway to my main email system. I have recently upgraded the old SA 3.0.4 to 3.1.0. Since the upgrade I am facing a problem that all the messages coming from hotmail.com are getting unneccary high scores and most of them are getting blocked. I am running all default config with no local rules. I have only following lines in /etc/mail/spamassassin/local.cf as most of the config is in /etc/amavisd.conf. Please help. lock_method flock use_razor2 0 use_dcc 0 use_pyzor 0 - Following are few examples of messages coming from hotmail and getting high scores. I tried sames messages by yahoo and they are not getting such high score. -A message with just Test in subject and nothing in the body.-- X-Spam-Status: Yes, hits=8.216 tag=2 tag2=6.31 kill=6.31 tests=[AWL=0.614, BAYES_50=0.001, DNS_FROM_RFC_ABUSE=0.2, DNS_FROM_RFC_POST=1.708, HTML_MESSAGE=0.001, INVALID_TZ_GMT=1.042, MIME_HTML_ONLY=0.001, MSGID_FROM_MTA_HEADER=0, RATWARE_ZERO_TZ=3.196, RCVD_IN_SORBS_WEB=1.456, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] X-Spam-Score: 8.216 -A legitimate message in Arabic with subject line also in Arabic- X-Spam-Status: Yes, hits=7.053 tag=2 tag2=6.31 kill=6.31 tests=[AWL=-2.563, BAYES_50=0.001, DNS_FROM_RFC_ABUSE=0.2, DNS_FROM_RFC_POST=1.708, HTML_MESSAGE=0.001, INVALID_TZ_GMT=1.042, MIME_BASE64_NO_NAME=0.224, MIME_BASE64_TEXT=1.885, MIME_BOUND_NEXTPART=0.278, MSGID_FROM_MTA_HEADER=0, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, SUBJ_ILLEGAL_CHARS=4.279] X-Spam-Score: 7.053 X-Spam-Level: *** -A legitimate messages with lots of text in subject and body-- X-Spam-Status: Yes, hits=8.251 tag=2 tag2=6.31 kill=6.31 tests=[AWL=0.273, BAYES_50=0.001, DNS_FROM_RFC_ABUSE=0.2, DNS_FROM_RFC_POST=1.708, HTML_30_40=0.374, HTML_MESSAGE=0.001, INVALID_TZ_GMT=1.042, MIME_HTML_ONLY=0.001, MSGID_FROM_MTA_HEADER=0, RATWARE_ZERO_TZ=3.196, RCVD_IN_SORBS_WEB=1.456, SPF_PASS=-0.001] X-Spam-Score: 8.251 -A legitimate messages with lots of text in subject and body-- X-Spam-Status: No, hits=4.176 tagged_above=2 required=6.31 tests=[AWL=-0.229, BAYES_50=0.001, DNS_FROM_RFC_ABUSE=0.2, DNS_FROM_RFC_POST=1.708, INVALID_TZ_GMT=1.042, MSGID_FROM_MTA_HEADER=0, RCVD_IN_SORBS_WEB=1.456, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] X-Spam-Level: Thanks, MJ --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] Error in processing
Hi I am running postfix 2.2.4 on Solaris 8 with amavisd-new.2.3.2, SpamAssassin 3.1.0 and Clamav 0.8.7.1 as an AV/AS gateway to my main email system. Today I saw following errors when I executed postqueue -p command to get the queue. Any idea? (host 127.0.0.1[127.0.0.1] said: 451 4.5.0 Error in processing, id=00129-06-3, parts_decode_ext FAILED: run_command (open pipe): Can't fork at /usr/local/lib/perl5/5.8.5/sun4-solaris/IO/File.pm line 176, GEN5 line 51089. at /usr/local/sbin/amavisd line 1851, GEN5 line 51089. (in reply to end of DATA command)) Thanks, MJ --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
RE: [AMaViS-user] Upgrading from SA 3.0.4 to SA 3.1.0
Hi Mark, I did the upgrade and all went OK. In the syslog now I can see the version is 3.001000. Will this new version block more SPAM than the previous version? My understanding is that each new version of SA has a new set of rules to encounter the current Spammers and their techniques, right? Junaid -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mark Martinec Sent: Tuesday, November 29, 2005 2:31 PM To: amavis-user@lists.sourceforge.net Subject: Re: [AMaViS-user] Upgrading from SA 3.0.4 to SA 3.1.0 MJ, Thanks for your reply. Do I need to perform following tasks to upgrade Bayesian database? As suggested in the UPGRADE file? - run sa-learn --rebuild, this will sync your journal - upgrade SA to 3.0.0 - run sa-learn --sync, which will cause the db format to be upgraded Yes, it is needed. As far as amavisd-new is concerned: just follow the usual SA upgrade instructions. Wherever it mentions spamd, think amavisd. Secondly, how crucial is to upgrade amavisd-new from 2.3.2 to 2.3.3? See its release notes and decide for yourself if any of these fixes apply to your setup. It is probably not that crucial, but 2.3.3 is the best we have so far, so why not benefit. Mark --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/ --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] Upgrading from SA 3.0.4 to SA 3.1.0
Hi, I am running postfix 2.2.4 on Solaris 8 with amavisd-new.2.3.2, SpamAssassin 3.0.4 and Clamav 0.8.7.1 as an AV/AS gateway to my main email system. Now I want to upgrade SA from version 3.0.4 to 3.1.0. I have read the UPGRADE file and the release notes but still I have doubts. Can I simply run install Mail::SpamAssassin ? Or I need some configuration changes. My system is in production so I want to be on the safe side. I have only following lines in /etc/mail/spamassassin/local.cf as most of the config is in /etc/amavisd.conf. lock_method flock use_razor2 0 use_dcc 0 use_pyzor 0 - Thanks, MJ --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
RE: [AMaViS-user] Upgrading from SA 3.0.4 to SA 3.1.0
Mark, Should work by just installing Mail::SpamAssassin over an older version. Check your local rules by: su vscan -c 'spamassassin --lint', there are few minor differences which might be encountered if local rules are heavily used. Also upgrade SARE rules (if used) after upgrading SA. With 3.1 the Razor and DCC are off by default and need to be enabled if needed, but this is not your concern as you are not using them. You may consider taking the opportunity and moving your Bayes db to SQL, as SA 3.1 brings some performance and reliability improvements when choosing: bayes_store_module Mail::SpamAssassin::BayesStore::MySQL While at it, you can upgrade amavisd-new to 2.3.3. Hi Mark, Thanks for your reply. Do I need to perform following tasks to upgrade Bayesian database? As suggested in the UPGRADE file? == Due to the database format change, you will want to do something like this when upgrading: - stop running spamassassin/spamd (ie: you don't want it to be running during the upgrade) - run sa-learn --rebuild, this will sync your journal. if you skip this step, any data from the journal will be lost when the DB is upgraded. - upgrade SA to 3.0.0 - run sa-learn --sync, which will cause the db format to be upgraded. if you want to see what is going on, you can add the -D option. - test the new database by running some sample mails through SpamAssassin, and/or at least running sa-learn --dump to make sure the data looks valid. - start running spamassassin/spamd again == Secondly, how crucial is to upgrade amavisd-new from 2.3.2 to 2.3.3? Thanks, MJ --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
RE: [AMaViS-user] FW: How to increase the score for specific recipient
Hi Gary, Thanks for your reply. If you don't suggest this method then how we can achieve this objective as there are some address like [EMAIL PROTECTED], [EMAIL PROTECTED] which receive too much junk daily. Thanks, MJ. Here is an excerpt from amavisd.conf: @score_sender_maps = ({ # a by-recipient hash lookup table, # results from all matching recipient tables are summed # ## per-recipient personal tables (NOTE: positive: black, negative: white) # '[EMAIL PROTECTED]' = [{'[EMAIL PROTECTED]' = 10.0}], ... }); I would think you could interpolate this to: '[EMAIL PROTECTED]' = [{'.' = 3.0}], Inflating the score from every sender is an unusual thing to do, but I could see how it might be used for testing. Gary V --- SF.Net email is sponsored by: Tame your development challenges with Apache's Geronimo App Server. Download it for free - -and be entered to win a 42 plasma tv or your very own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php ___ AMaViS-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/ --- SF.Net email is sponsored by: Tame your development challenges with Apache's Geronimo App Server. Download it for free - -and be entered to win a 42 plasma tv or your very own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] FW: How to increase the score for specific recipient
Hi, I want to add some positive score (black list) to all the incoming messages to [EMAIL PROTECTED] to achieve this objective, I tried to add the following line in /etc/amavisd.conf '[EMAIL PROTECTED]' = 3.0, But it give gives the following error Sep 17 10:26:42 mailgate1 postfix/smtp[1370]: [ID 197553 mail.info] 1974445F75: to=[EMAIL PROTECTED], relay=127.0.0.1[127.0.0.1], delay=87, status=deferred (host 127.0.0.1[127.0.0.1] said: 451 4.5.0 Error in processing, id=01521-01-2, spam-wb-list FAILED: Can't use string (3) as an ARRAY ref while strict refs in use at (eval 39) line 178. (in reply to end of DATA command)) Any idea how can I get this result? Thanks, MJ --- SF.Net email is sponsored by: Tame your development challenges with Apache's Geronimo App Server. Download it for free - -and be entered to win a 42 plasma tv or your very own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] Amavisd-new stopped
Hi, This morning I have several entries like following in /var/log/syslog == Sep 6 01:03:20 mailgate1 amavis[363]: [ID 702911 mail.error] (00363-07) TROUBLE in check_mail: parts_decode_ex t FAILED: run_command (open pipe): Can't fork at /usr/local/lib/perl5/5.8.5/sun4-solaris/IO/File.pm line 176, GEN6 line 6001. at /usr/local/sbin/amavisd line 1851, GEN6 line 6001. Sep 6 01:05:03 mailgate1 amavis[398]: [ID 702911 mail.error] (00398-08) TROUBLE in check_mail: parts_decode_ex t FAILED: run_command (open pipe): Can't fork at /usr/local/lib/perl5/5.8.5/sun4-solaris/IO/File.pm line 176. a t /usr/local/sbin/amavisd line 1851. Sep 6 01:05:06 mailgate1 amavis[517]: [ID 702911 mail.error] (00517-04) TROUBLE in check_mail: parts_decode_ex t FAILED: run_command (open pipe): Can't fork at /usr/local/lib/perl5/5.8.5/sun4-solaris/IO/File.pm line 176, GEN6 line 2122. at /usr/local/sbin/amavisd line 1851, GEN6 line 2122. == Also I have following in /var/adm/messages == Sep 6 05:48:01 mailgate1 tmpfs: [ID 518458 kern.warning] WARNING: /tmp: File system full, swap space limit exceeded Sep 6 07:19:16 mailgate1 tmpfs: [ID 518458 kern.warning] WARNING: /tmp: File system full, swap space limit exceeded Sep 6 08:37:03 mailgate1 tmpfs: [ID 518458 kern.warning] WARNING: /tmp: File system full, swap space limit exceeded Sep 6 09:05:37 mailgate1 tmpfs: [ID 518458 kern.warning] WARNING: /tmp: File system full, swap space limit exc eeded == Finally amaisd-new (2.3.2) stopped responding and I need to restart the server (Solaris 8). Can any one highlight what causes this swap FS problem? I have two GB of Swap and the server is running fine since more than one month. MJ --- SF.Net email is Sponsored by the Better Software Conference EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile Plan-Driven Development * Managing Projects Teams * Testing QA Security * Process Improvement Measurement * http://www.sqe.com/bsce5sf ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
RE: [AMaViS-user] Amavisd-new stopped
Hi, The swap space is 2 GB, exactly double of the RAM, which recommended. Thanks, MJ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gary V Sent: Wednesday, September 07, 2005 4:48 PM To: amavis-user@lists.sourceforge.net Subject: Re: [AMaViS-user] Amavisd-new stopped MJ wrote: Hi, This morning I have several entries like following in /var/log/syslog == Sep 6 01:03:20 mailgate1 amavis[363]: [ID 702911 mail.error] (00363-07) TROUBLE in check_mail: parts_decode_ex t FAILED: run_command (open pipe): Can't fork at /usr/local/lib/perl5/5.8.5/sun4-solaris/IO/File.pm line 176, GEN6 line 6001. at /usr/local/sbin/amavisd line 1851, GEN6 line GEN6 6001. Sep 6 01:05:03 mailgate1 amavis[398]: [ID 702911 mail.error] (00398-08) TROUBLE in check_mail: parts_decode_ex t FAILED: run_command (open pipe): Can't fork at /usr/local/lib/perl5/5.8.5/sun4-solaris/IO/File.pm line 176. a t /usr/local/sbin/amavisd line 1851. Sep 6 01:05:06 mailgate1 amavis[517]: [ID 702911 mail.error] (00517-04) TROUBLE in check_mail: parts_decode_ex t FAILED: run_command (open pipe): Can't fork at /usr/local/lib/perl5/5.8.5/sun4-solaris/IO/File.pm line 176, GEN6 line 2122. at /usr/local/sbin/amavisd line 1851, GEN6 line GEN6 2122. == Also I have following in /var/adm/messages == Sep 6 05:48:01 mailgate1 tmpfs: [ID 518458 kern.warning] WARNING: /tmp: File system full, swap space limit exceeded Sep 6 07:19:16 mailgate1 tmpfs: [ID 518458 kern.warning] WARNING: /tmp: File system full, swap space limit exceeded Sep 6 08:37:03 mailgate1 tmpfs: [ID 518458 kern.warning] WARNING: /tmp: File system full, swap space limit exceeded Sep 6 09:05:37 mailgate1 tmpfs: [ID 518458 kern.warning] WARNING: /tmp: File system full, swap space limit exc eeded == Finally amaisd-new (2.3.2) stopped responding and I need to restart the server (Solaris 8). Can any one highlight what causes this swap FS problem? I have two GB of Swap and the server is running fine since more than one month. MJ I would guess these are both a result of your tmpfs size being too small. Gary V --- SF.Net email is Sponsored by the Better Software Conference EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile Plan-Driven Development * Managing Projects Teams * Testing QA Security * Process Improvement Measurement * http://www.sqe.com/bsce5sf ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/ --- SF.Net email is Sponsored by the Better Software Conference EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile Plan-Driven Development * Managing Projects Teams * Testing QA Security * Process Improvement Measurement * http://www.sqe.com/bsce5sf ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] TROUBLE in check_mail
Hi, This morning I have several enteries like following in /var/log/syslog == Sep 6 01:03:20 mailgate1 amavis[363]: [ID 702911 mail.error] (00363-07) TROUBLE in check_mail: parts_decode_ex t FAILED: run_command (open pipe): Can't fork at /usr/local/lib/perl5/5.8.5/sun4-solaris/IO/File.pm line 176, GEN6 line 6001. at /usr/local/sbin/amavisd line 1851, GEN6 line 6001. Sep 6 01:05:03 mailgate1 amavis[398]: [ID 702911 mail.error] (00398-08) TROUBLE in check_mail: parts_decode_ex t FAILED: run_command (open pipe): Can't fork at /usr/local/lib/perl5/5.8.5/sun4-solaris/IO/File.pm line 176. a t /usr/local/sbin/amavisd line 1851. Sep 6 01:05:06 mailgate1 amavis[517]: [ID 702911 mail.error] (00517-04) TROUBLE in check_mail: parts_decode_ex t FAILED: run_command (open pipe): Can't fork at /usr/local/lib/perl5/5.8.5/sun4-solaris/IO/File.pm line 176, GEN6 line 2122. at /usr/local/sbin/amavisd line 1851, GEN6 line 2122. == Also I have following in /var/adm/messages == Sep 6 05:48:01 mailgate1 tmpfs: [ID 518458 kern.warning] WARNING: /tmp: File system full, swap space limit exc eeded Sep 6 07:19:16 mailgate1 tmpfs: [ID 518458 kern.warning] WARNING: /tmp: File system full, swap space limit exc eeded Sep 6 07:19:55 mailgate1 last message repeated 1 time Sep 6 08:37:03 mailgate1 tmpfs: [ID 518458 kern.warning] WARNING: /tmp: File system full, swap space limit exc eeded Sep 6 09:05:37 mailgate1 tmpfs: [ID 518458 kern.warning] WARNING: /tmp: File system full, swap space limit exc eeded == Finally amaisd-new (2.3.2) stopped responding and I need to restart the server (Solaris 8). Can any one hight what causes this swap FS problem? I have two GB of Swap and the server is running fine since more than one month. MJ --- SF.Net email is Sponsored by the Better Software Conference EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile Plan-Driven Development * Managing Projects Teams * Testing QA Security * Process Improvement Measurement * http://www.sqe.com/bsce5sf ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
RE: [AMaViS-user] sa_kill_level_deft=5.0 for an ISP
No, we are not using any custom rule, please suggest few to me. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Cami Sent: Sunday, August 21, 2005 4:47 PM To: [EMAIL PROTECTED] Subject: Re: [AMaViS-user] sa_kill_level_deft=5.0 for an ISP MJ wrote: We are an ISP and quite satisfied with our AV/AS gateway based on postfix, amavisd-new, clamav and SA. At the moment the value for sa_kill_level_deft is default i.e. 6.31. I am thinking to make it 5.0. Did any one (specially ISP) has experience how it will behave with 5.0? I mean it is too much and will reject legitimate emails? 5.0 is a bit low for an ISP, especially if you are using all the additional rules provided by http://www.rulesemporium.com. That being said, i recommend that you collect statistics on the amount of mail that score between 5.0 - 6.3 so you can see the type of impact the change will have, and try to guestimate the amount of false positives doing so will cause. Cami --- SF.Net email is Sponsored by the Better Software Conference EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile Plan-Driven Development * Managing Projects Teams * Testing QA Security * Process Improvement Measurement * http://www.sqe.com/bsce5sf ___ AMaViS-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/ --- SF.Net email is Sponsored by the Better Software Conference EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile Plan-Driven Development * Managing Projects Teams * Testing QA Security * Process Improvement Measurement * http://www.sqe.com/bsce5sf ___ AMaViS-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
RE: [AMaViS-user] Negative SA Score
I agree that changing log level will give me more details but I want to investigate this particular case, so where to look for negative scores, I didn't put under any negative score list. Thanks, MJ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Stephen Carter Sent: Monday, August 08, 2005 11:20 AM To: [EMAIL PROTECTED]; amavis-user@lists.sourceforge.net Subject: Re: [AMaViS-user] Negative SA Score MJ [EMAIL PROTECTED] 08/08/05 7:38 AM Hi, I am unable to understand why this user is getting negative score, he is sending relaying huge number of messages but amavis is not stoping and insteady assigning a negative score. Any help would be appreciated. MJ In /etc/amavisd.conf, increase the log level setting to 2 or more (5 is good for short term troubleshooting and you'll get a LOT of info) which will show you exactly what rules were triggered and their associated score, which will help you find why the e-mail was scored that way. Additionally there are many options for MTA's that let you test some basic info and stop many spam from even entering the gateway in the first place such as verifying the sender's domain. These options vary depending on the MTA you are using, and are very well documented on the homepage of whatever MTA you are using. SteveC --- SF.Net email is Sponsored by the Better Software Conference EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile Plan-Driven Development * Managing Projects Teams * Testing QA Security * Process Improvement Measurement * http://www.sqe.com/bsce5sf ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/ --- SF.Net email is Sponsored by the Better Software Conference EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile Plan-Driven Development * Managing Projects Teams * Testing QA Security * Process Improvement Measurement * http://www.sqe.com/bsce5sf ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
RE: [AMaViS-user] Negative SA Score
#grep [EMAIL PROTECTED] temp_file -2.2 (-42154.7/19583) -- [EMAIL PROTECTED]|ip=212.107 Please comment. Thanks MJ -Original Message- From: Gary V [mailto:[EMAIL PROTECTED] Sent: Monday, August 08, 2005 5:35 PM To: MJ Cc: amavis-user@lists.sourceforge.net Subject: Re: [AMaViS-user] Negative SA Score MJ wrote: I agree that changing log level will give me more details but I want to investigate this particular case, so where to look for negative scores, I didn't put under any negative score list. Thanks, MJ This assumes you do not use SQL for your whitelist. I don't know if the problem is in your auto-whitelist, but you can investigate: You can use the tool called check_whitelist to both clean and view auto-whitelist entries. I comes with the source code in the tools directory. Copy it to your .spamassassin directory and 'chmod +x' it. Read the file for usage. ./check_whitelist auto-whitelist temp.file grep sender temp.file Then read: Why does the AWL sometimes assign scores the wrong way? http://wiki.apache.org/spamassassin/AwlWrongWay If you do use SQL, I'm sure you could simply run a statement to find the same or similar data. Gary V --- SF.Net email is Sponsored by the Better Software Conference EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile Plan-Driven Development * Managing Projects Teams * Testing QA Security * Process Improvement Measurement * http://www.sqe.com/bsce5sf ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] Decoding Problem
Hi, Can someone help me why I have this error in my logs? amavis[23470]: [ID 702911 mail.warning] (23470-01) Decoding of p002 (Zip archive data , at least v1.0 to extract) failed, leaving it unpacked: IO error: reading data : MJ --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477alloc_id=16492op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
RE: [AMaViS-user] Decoding Problem
Hi, Following is the output of perl -MArchive::Zip -e'print $Archive::Zip::VERSION\n;' 1.16 Please advice. MJ --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477alloc_id=16492op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
RE: [AMaViS-user] Decoding Problem
We are using Clamav. It seems this error occurs occasionally. Following are the logs of last 18 hours and this message appears 6 times during this period. Thanks, MJ grep Decoding /var/log/syslog === Jul 31 00:01:10 mailgate1 amavis[21254]: [ID 702911 mail.warning] (21254-07) Decoding of p002 (Zip archive data, at least v1.0 to extract) failed, leaving it unpacked: IO error: reading data : Jul 31 01:52:40 mailgate1 amavis[23470]: [ID 702911 mail.warning] (23470-01) Decoding of p002 (Zip archive data, at least v1.0 to extract) failed, leaving it unpacked: IO error: reading data : Jul 31 01:57:30 mailgate1 amavis[23490]: [ID 702911 mail.warning] (23490-03) Decoding of p002 (Zip archive data, at least v1.0 to extract) failed, leaving it unpacked: IO error: reading data : Jul 31 01:57:45 mailgate1 amavis[23487]: [ID 702911 mail.warning] (23487-03) Decoding of p002 (Zip archive data, at least v1.0 to extract) failed, leaving it unpacked: IO error: reading data : Jul 31 06:48:30 mailgate1 amavis[9114]: [ID 702911 mail.warning] (09114-05) Decoding of p002 (Zip archive data, at least v1.0 to extract) failed, leaving it unpacked: IO error: reading data : Jul 31 07:47:50 mailgate1 amavis[10291]: [ID 702911 mail.warning] (10291-09) Decoding of p002 (Zip archive data, at least v1.0 to extract) failed, leaving it unpacked: IO error: reading data : = End === -Original Message- From: Gary V [mailto:[EMAIL PROTECTED] Sent: Sunday, July 31, 2005 6:14 PM To: MJ Cc: amavis-user@lists.sourceforge.net Subject: Re: [AMaViS-user] Decoding Problem MJ wrote: Hi, Can someone help me why I have this error in my logs? amavis[23470]: [ID 702911 mail.warning] (23470-01) Decoding of p002 (Zip archive data , at least v1.0 to extract) failed, leaving it unpacked: IO error: reading data : Hi, Following is the output of perl -MArchive::Zip -e'print $Archive::Zip::VERSION\n;' 1.16 Please advice. MJ I would want to know what virus scanner (if any) you are using. Does this happen every time you send a zip through? Can you find this particular message and send it back through to see if it happens every time. If it does not, then I wonder if the IO error: reading data : message may be referring to a physical disk problem. Gary V --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477alloc_id=16492op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
RE: [AMaViS-user] DCC and UDP Ports
Hi Michael, Got it. From where I can get IPs of public DCC Server? Thanks, MJ --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477alloc_id=16492op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
RE: [AMaViS-user] DCC and UDP Ports
No, we are opening UDP reply from any host to our mailhost. When we open specific UDP port 6277 it doesn't work, but when we open all UDP ports gt 1023 it works. Thanks, MJ --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477alloc_id=16492op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] Statistics report with log_level=0
Hi, Is there any statistics script for reporting SPAM and Virus statistics which can work with log_level=0 of amavis. I have tried the one available at http://flakshack.com/anti-spam/wiki/index.php it works fine only if the log_level = to 2. Thanks, MJ --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477alloc_id=16492op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] White listing specific recipients
Hi, I am running postfix 2.2.4 on Solaris 8 with amavisd-new.2.3.2, SpamAssassin 3.04 and Clamav 0.86 as an AV/AS gateway to my main email system. We are an ISP and we use to receive abuse/spam complaints on [EMAIL PROTECTED] and [EMAIL PROTECTED] . Since these complaints contain the original SPAM message, amavis is catching them as SPAM. How I can exclude these two addresses not to be scanned for incoming messages. I know about adding negating score for some sender but don't have any idea how to while list specific recipient address. Thanks, MJ --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477alloc_id=16492op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] Limiting Incomming SMTP Sessions
Hi, I have question more related to postfix but it is integrated with amavis, therefore I am posting on this list to get help from expert of both amavis and postfix. I am running postfix 2.2.4 on Solaris 8 with amavisd-new.2.3.2, SpamAssassin 3.04 and Clamav 0.86 as an AV/AS gateway to my main email system. I want to limit the number of incoming SMTP sessions to avoid any abuse. After reading the docs I found that default_process_limit parameter is overall responsible for controlling processes however we can override the process limit for specific daemon by editing the master.cf file of postfix. In the end of this mail I have included partial /etc/postfix/master.cf apart from other lines not related to this discussion. I have two questions. 1- Max number of incoming smtp session my server will accept is 20, right? 2- I want to limit incoming smtp session from single client using smtpd_client_connection_count_limit. Do I need to add this in main.cf or I just need to replace below mentioned line -o smtpd_client_connection_count_limit = 0 from master.cf with -o smtpd_client_connection_count_limit = 10. The confusion is that which one will be effective? The one below in master.cf or it should be in main.cf Partial master.cf smtp-amavis unix - - n - 20 smtp -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes -o max_use=20 127.0.0.1:10025 inet n - n - - smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_delay_reject=no -o smtpd_client_restrictions=permit_mynetworks,reject -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks_style=host -o mynetworks=127.0.0.0/8 -o strict_rfc821_envelopes=yes -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 -o smtpd_client_connection_count_limit=0 -o smtpd_client_connection_rate_limit=0 -o receive_override_options=no_header_body_checks,no_unknown_recipient_chec ks === Thanks MJ --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477alloc_id=16492op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] what to do with Quarantined messages
Hi, Can some one suggest what is the best policy to deal with quarantined messages which are storing in /var/amavis/virusmais. Is there any built-function to remove very old messages from this directory? Or we have to write a cron script for this? Thanks, MJ --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477alloc_id=16492op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
RE: [AMaViS-user] Can't connect to UNIX socket /var/run/clamav/clamd
The issue has already been resolved. Thanks, MJ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mohammad Junaid Sent: Wednesday, June 08, 2005 7:37 PM To: amavis-user@lists.sourceforge.net Subject: [AMaViS-user] Can't connect to UNIX socket /var/run/clamav/clamd Hi, Can someone help with following error? amavis[556]: [ID 702911 mail.error] (00556-05) ClamAV-clamd av-scanner FAILED: Too many retries to talk to /var /run/clamav/clamd (Can't connect to UNIX socket /var/run/clamav/clamd: No such file or directory) at (eval 39) line 264. Jun 8 17:11:53 sune amavis[556]: [ID 702911 mail.error] (00556-05) WARN: all primary virus scanners failed, considering backups earun 8 17:11:53 sune amavis[556]: [ID 702911 mail.debug] (00556-05) Using (ClamAV-clamscan): /usr/local/bin/clamscan --stdout --di sable-summary -r --tempdir=/var/amavis/tmp /var/amavis/tmp/amavis-20050608T165159-00556/parts --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477alloc_id=16492op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/ --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477alloc_id=16492op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
RE: [AMaViS-user] 3 questions regarding SpamAssassin
These assing the score to a message, $sa_kill_level_deflt does the killing if the sum of the scores for that particular message exceeds $sa_kill_level_deflt How SA calculates the sum of the scores? Sorry for repetitive questions. Thanks, MJ --- This SF.Net email is sponsored by: NEC IT Guy Games. How far can you shotput a projector? How fast can you ride your desk chair down the office luge track? If you want to score the big prize, get to know the little guy. Play to win an NEC 61 plasma display: http://www.necitguy.com/?r=20 ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
RE: [AMaViS-user] 3 questions regarding SpamAssassin
Hi, I am sorry, in an effort to limit the length of email during posting the amavisd.conf, I was using grep -v '#' amavisd.conf not to get commented lines, due to this reason I got incomplete amavisd.conf and sent to you. My apologies for inconvenience. Below is the complete amavisd.conf for review (Sorry again for full length file). Now as you suggested that I should use /etc/mail/spamassassin/local.cf as the Spamassassin config file. I have created one similar to one which I found on the net.(it is also included below) almost all the parameters are set to default. If every thing is set to default value, is there any real need to define these parameters? I didn't notice any change after creating this file. Please look at both cfg files and suggest what to do next. I know I am asking for too much but believe me I have spent several days to read about on the net but still I have confusion. Many Thanks, MJ - /etc/mail/spamassassin/local.cf-- use_bays1 bayes_auto_learn1 report_safe 1 skip_rbl_checks 0 use_razor2 1 use_dcc 0 use_pyzor 0 ok_languagesall ok_locales all --End-- ---/etc/amavisd.conf use strict; # a minimalistic configuration file for amavisd-new with all necessary settings # # see amavisd.conf-default for a list of all variables with their defaults; # see amavisd.conf-sample for a traditional-style commented file; # for more details see documentation in INSTALL, README_FILES/* # and at http://www.ijs.si/software/amavisd/amavisd-new-docs.html # COMMONLY ADJUSTED SETTINGS: # @bypass_virus_checks_maps = (1); # uncomment to DISABLE anti-virus code # @bypass_spam_checks_maps = (1); # uncomment to DISABLE anti-spam code $max_servers = 2;# number of pre-forked children (2..15 is common) $daemon_user = 'clamav'; # (no default; customary: vscan or amavis) $daemon_group = 'clamav'; # (no default; customary: vscan or amavis) $mydomain = '***mydomain.com'; # a convenient default for other settings $MYHOME = '/var/amavis'; # a convenient default for other settings $TEMPBASE = $MYHOME/tmp; # working directory, needs to be created manually $ENV{TMPDIR} = $TEMPBASE;# environment variable TMPDIR $QUARANTINEDIR = $MYHOME/virusmails; # $quarantine_subdir_levels = 1; # add level of subdirs to disperse quarantine # $daemon_chroot_dir = $MYHOME; # chroot directory or undef # $db_home = $MYHOME/db; # $helpers_home = $MYHOME/var; # prefer $MYHOME clean and owned by root? # $pid_file = $MYHOME/var/amavisd.pid; # $lock_file = $MYHOME/var/amavisd.lock; #NOTE: create directories $MYHOME/tmp, $MYHOME/var, $MYHOME/db manually @local_domains_maps = ( [.$mydomain] ); # @mynetworks = qw( 127.0.0.0/8 [::1] [FE80::]/10 [FEC0::]/10 # 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 ); $log_level = 3; # verbosity 0..5 $log_recip_templ = undef;# disable by-recipient level-0 log entries $DO_SYSLOG = 1; # log via syslogd (preferred) $SYSLOG_LEVEL = 'mail.debug'; $enable_db = 1; # enable use of BerkeleyDB/libdb (SNMP and nanny) $enable_global_cache = 1;# enable use of libdb-based cache if $enable_db=1 $inet_socket_port = 10024; # listen on this local TCP port(s) (see $protocol) # $unix_socketname = $MYHOME/amavisd.sock; # when using sendmail milter $sa_tag_level_deflt = 2.0; # add spam info headers if at, or above that level $sa_tag2_level_deflt = 6.31; # add 'spam detected' headers at that level $sa_kill_level_deflt = 6.31; # triggers spam evasive actions $sa_dsn_cutoff_level = 9;# spam level beyond which a DSN is not sent $sa_quarantine_cutoff_level = 20; # spam level beyond which quarantine is off $sa_mail_body_size_limit = 200*1024; # don't waste time on SA if mail is larger $sa_local_tests_only = 0;# only tests which do not require internet access? $sa_auto_whitelist = 1; # turn on AWL in SA 2.63 or older (irrelevant # for SA 3.0, cf option is 'use_auto_whitelist') $X_HEADER_TAG = 'X-Virus-Scanned'; $X_HEADER_LINE = by amavisd-new at $mydomain; $remove_existing_x_scanned_headers = 0; # @lookup_sql_dsn = # ( ['DBI:mysql:database=mail;host=127.0.0.1;port=3306', 'user1', 'passwd1'], # ['DBI:mysql:database=mail;host=host2', 'username2', 'password2'], # [DBI:SQLite:dbname=$MYHOME/sql/mail_prefs.sqlite, '', ''] ); # @storage_sql_dsn = @lookup_sql_dsn; # none, same, or separate database $virus_admin = [EMAIL PROTECTED]; # notifications recip. $mailfrom_notify_admin = [EMAIL PROTECTED]; # notifications sender $mailfrom_notify_recip = [EMAIL PROTECTED]; # notifications sender $mailfrom_notify_spamadmin = [EMAIL PROTECTED]; # notifications sender $mailfrom_to_quarantine = ''; # null return path; uses original
RE: [AMaViS-user] What will happen during failure of amavisd
For testing, I stopped amavisd and sent one message from yahoo. It generates following error in my syslog postfix/smtp[338]: [ID 197553 mail.info] connect to 127.0.0.1[127.0.0.1]: Connection refused I then started amavisd but it didn't deliver the pending message. After that I ran postqueue -f to force the delivery of messages in the queue and I receive that message along with several other 2 3 day old messages. Why amavisd didn't deliver those messages which were arrived while amavisd was not running, can any one help on this? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sven Riedel Sent: Tuesday, June 14, 2005 5:55 PM To: amavis-user@lists.sourceforge.net Subject: RE: [AMaViS-user] What will happen during failure of amavisd Hi, My question is that in case amavisd daemon stop running due to some reason, the Server will not be able receive new emails? Or postfix will keep receiving emails but with no scanning? It depends on your setup. If you're using a pre-queueing content filter you won't be able to receive mail until amavis is up and running again. If you're using amavis as a post-queing content filter, you won't lose any mail. It will all remain in the queue until amavis is running again, or the queue lifetime runs out (in which case a bounce is sent back to the sender). The usual postfix queue lifetime is 5 days, so you're on the safe side there. If you've set up amavis according to the amavis postfix README, you'll have a post-queueing content filter, which I'd recommend to use anyway. Regs, Sven --- This SF.Net email is sponsored by: NEC IT Guy Games. How far can you shotput a projector? How fast can you ride your desk chair down the office luge track? If you want to score the big prize, get to know the little guy. Play to win an NEC 61 plasma display: http://www.necitguy.com/?r ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/ --- This SF.Net email is sponsored by: NEC IT Guy Games. How far can you shotput a projector? How fast can you ride your desk chair down the office luge track? If you want to score the big prize, get to know the little guy. Play to win an NEC 61 plasma display: http://www.necitguy.com/?r=20 ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
RE: [AMaViS-user] What will happen during failure of amavisd
Which parameter is responsible for this retry? My objective is that messages received during temporary unavailability of amavisd, should be delivered once amavisd starts again. How to achieve this objective? Thanks, MJ --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477alloc_id=16492op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] 3 questions regarding SpamAssassin
Hi, I configuring amavisd-new with Postfix SpamAssassin and clamav on Solaris, to act as AV/AS gateway to our main mail system. I have gone through several docs on the web and also perldoc Mail::SpamAssassin::Conf but still I have few basic questions. Any help in this regard will be highly appreciated. 1- How Spam checking is enabled with amavisd even there is no SpamAssassin daemon running. My question is that do I need to run any SpamAssassin daemon? If yes then which one spamd or Spamassasin, also why Spam checking works even if there is no daemon running? 2- How can I know that which score set (0,1,2,3) is applicable? Most of my config is default, so I don't know it is using Bayes and Network Tests or not. 3- I have confusion in score/hits. If one item has score 2 and my kill tag is set to 6 then if 3 messages pass through amavis with same item, it will be blocked as SPAM? MJ --- This SF.Net email is sponsored by: NEC IT Guy Games. How far can you shotput a projector? How fast can you ride your desk chair down the office luge track? If you want to score the big prize, get to know the little guy. Play to win an NEC 61 plasma display: http://www.necitguy.com/?r=20 ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
RE: [AMaViS-user] 3 questions regarding SpamAssassin
Which score set are you talking about? I am talking about the set of four scores defined in /usr/local/share/spamassassin/50_scores.cf The score is per message. If the score of the message exceeds the limit, the action is taken. I mean does each similar message increments the ratio? Thanks, MJ --- This SF.Net email is sponsored by: NEC IT Guy Games. How far can you shotput a projector? How fast can you ride your desk chair down the office luge track? If you want to score the big prize, get to know the little guy. Play to win an NEC 61 plasma display: http://www.necitguy.com/?r=20 ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
RE: [AMaViS-user] 3 questions regarding SpamAssassin
I mean does each similar message increments the ratio? Of course not. Can you please what is the concept of $sa_kill_level_deflt in amavisd.conf and what relationship does it has with /usr/local/share/spamassassin/50_scores.cf. Many thanks, MJ --- This SF.Net email is sponsored by: NEC IT Guy Games. How far can you shotput a projector? How fast can you ride your desk chair down the office luge track? If you want to score the big prize, get to know the little guy. Play to win an NEC 61 plasma display: http://www.necitguy.com/?r=20 ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
RE: [AMaViS-user] Starting amavis at system startup /etc/init.d/functions: not found
Thanks for your help. Now it is working. MJ -Original Message- From: Mike Cappella [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 07, 2005 8:07 PM To: 'MJ' Subject: RE: [AMaViS-user] Starting amavis at system startup /etc/init.d/functions: not found I'm sorry, here's the update. I had changed a function call to echo which both echo its output then ran the program, but that of course would not run the program. This should fix: --- #!/bin/sh # # amavisd This script controls the amavisd-new daemon. # (to be used with version amavisd-new-20020630 or later) # # description: amavisd is an interface between MTA and content checkers # processname: amavisd # pidfile: /var/amavis/amavisd.pid prog=/usr/local/sbin/amavisd prog_base=$(basename ${prog}) prog_config_file=/etc/amavisd.conf RETVAL=0 # See how we were called. case $1 in start) echo $Starting ${prog_base}: ${prog} -c ${prog_config_file} ${prog} -c ${prog_config_file} RETVAL=$? [ $RETVAL -eq 0 ] touch /var/lock/subsys/${prog_base} echo ;; stop) echo $Shutting down ${prog_base}: ${prog} -c ${prog_config_file} stop ${prog} -c ${prog_config_file} stop RETVAL=$? if [ $RETVAL -eq 0 ] ; then echo ${prog_base} stopped rm -f /var/lock/subsys/${prog_base} else echo fi ;; restart) $0 stop $0 start RETVAL=$? ;; reload) echo $Reloading ${prog_base}: ${prog} -c ${prog_config_file} reload RETVAL=$? ;; *) echo Usage: $0 {start|stop|status|restart|reload} exit 1 esac exit $RETVAL -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of MJ Sent: Tuesday, June 07, 2005 9:17 AM To: 'Mike Cappella' Cc: amavis-user@lists.sourceforge.net Subject: RE: [AMaViS-user] Starting amavis at system startup /etc/init.d/functions: not found Initially it was giving error for the directory /var/lock/subsystems, then I created the directory. Now it is not giving any error but still it is not running. MJ --- This SF.Net email is sponsored by: NEC IT Guy Games. How far can you shotput a projector? How fast can you ride your desk chair down the office luge track? If you want to score the big prize, get to know the little guy. Play to win an NEC 61 plasma display: http://www.necitguy.com/?r=20 ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/ --- This SF.Net email is sponsored by: NEC IT Guy Games. How far can you shotput a projector? How fast can you ride your desk chair down the office luge track? If you want to score the big prize, get to know the little guy. Play to win an NEC 61 plasma display: http://www.necitguy.com/?r=20 ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] Starting amavis at system startup /etc/init.d/functions: not found
Hi, I have installed amavisd-new-2.3.1 on Solaris 8. I want to start amavis during system startup, and I have copied amavisd_init.sh as /etc/init.d/amavis, also I have created softlink in rc2. When I run /etc/init.d/amavis start, it gives me following error. /etc/init.d/amavis: /etc/init.d/functions: not found Please help --- This SF.Net email is sponsored by: NEC IT Guy Games. How far can you shotput a projector? How fast can you ride your desk chair down the office luge track? If you want to score the big prize, get to know the little guy. Play to win an NEC 61 plasma display: http://www.necitguy.com/?r=20 ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/