[AMaViS-user] under which circumstances RelayedOpenRelay?
Hi
I've just switched from amavisd-new 2.5.4 to 2.7.0-pre14 and I've
noticed {RelayedOpenRelay}.
Feb 10 21:27:10 mail.notice host amavis[29895]: (29895-01) Passed CLEAN
{RelayedOpenRelay}, [62.236.108.70]:57631 [83.103.80.66]
dovecot-bounces+mailinglists=belfin...@dovecot.org -
mailingli...@belfin.ch, Message-ID: 201102102126.35184.x...@xx.xx,
mail_id: gbm51t1dgDsf, Hits: -, size: 3947, queued_as: BA49818E002, 187 ms
My gateways are no open relays. What are circumstances that amavisd-new
will log RelayedOpenRelay?
Thanks,
John
--
The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE:
Pinpoint memory and threading errors before they happen.
Find and fix more than 250 security defects in the development cycle.
Locate bottlenecks in serial and parallel code that limit performance.
http://p.sf.net/sfu/intel-dev2devfeb
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
Please visit http://www.ijs.si/software/amavisd/ regularly
For administrativa requests please send email to rainer at openantivirus dot
org
Re: [AMaViS-user] p0f: is it interesting to use?
Mark, checking the p0f website last developments date back to 2006. No visible activity ever since. Yes. That's a pitty. Does it make sense today to use p0f to find out about the clients that connect to port 25? Or are p0f signatures completely outdated? Depends what you use them for. I mostly agree with Giampaolo. The idea is to make statistics what OS'es connect to my servers and display this information graphically. There is no intend to use this information to fight spam. John -- Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)! Finally, a world-class log management solution at an even better price-free! Download using promo code Free_Logger_4_Dev2Dev. Offer expires February 28th, so secure your free ArcSight Logger TODAY! http://p.sf.net/sfu/arcsight-sfd2d ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user Please visit http://www.ijs.si/software/amavisd/ regularly For administrativa requests please send email to rainer at openantivirus dot org
[AMaViS-user] p0f: is it interesting to use?
Hi checking the p0f website last developments date back to 2006. No visible activity ever since. Does it make sense today to use p0f to find out about the clients that connect to port 25? Or are p0f signatures completely outdated? thanks, John -- Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)! Finally, a world-class log management solution at an even better price-free! Download using promo code Free_Logger_4_Dev2Dev. Offer expires February 28th, so secure your free ArcSight Logger TODAY! http://p.sf.net/sfu/arcsight-sfd2d ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user Please visit http://www.ijs.si/software/amavisd/ regularly For administrativa requests please send email to rainer at openantivirus dot org
Re: [AMaViS-user] p0f: is it interesting to use?
Am 02.02.2011 18:00, schrieb Giampaolo Tomassoni: Hi checking the p0f website last developments date back to 2006. No visible activity ever since. Does it make sense today to use p0f to find out about the clients that connect to port 25? Or are p0f signatures completely outdated? In my own experience, I got the felling it is almost useless. This is not because its signatures may be outdated nowadays, but rather because its best capability (detecting the client's os) doesn't make any difference anymore in the mailing market: a lot of companies use MS Exchange as their MX and a lot of both legit and spam messages are injected in internet via a MS Windows system as well as a Unix one. It would be still interesting if it could reliably detect when a client is running behind a nat: spam is often sent from virused systems, which are often connected to Internet via a NAT router. Instead, a legit MX is seldom run this way. Unfortunately, p0f seems to often fail in detecting this... Actually I still use p0f in my SA setups, configuring SA in such a way to feed the p0f results to Bayes and CRM114. I do this in the hope that its results may help these modules to correctly discriminate the incoming message. But I'm absolutely not trusting this. I don't want to fight spam with p0f. My primary concern is to find out what sort of clients connect to my MX'es and use this information for statistical reasons. Is the detection good enough for that? John Giampaolo thanks, John -- Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)! Finally, a world-class log management solution at an even better price-free! Download using promo code Free_Logger_4_Dev2Dev. Offer expires February 28th, so secure your free ArcSight Logger TODAY! http://p.sf.net/sfu/arcsight-sfd2d ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user Please visit http://www.ijs.si/software/amavisd/ regularly For administrativa requests please send email to rainer at openantivirus dot org -- Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)! Finally, a world-class log management solution at an even better price-free! Download using promo code Free_Logger_4_Dev2Dev. Offer expires February 28th, so secure your free ArcSight Logger TODAY! http://p.sf.net/sfu/arcsight-sfd2d ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user Please visit http://www.ijs.si/software/amavisd/ regularly For administrativa requests please send email to rainer at openantivirus dot org -- Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)! Finally, a world-class log management solution at an even better price-free! Download using promo code Free_Logger_4_Dev2Dev. Offer expires February 28th, so secure your free ArcSight Logger TODAY! http://p.sf.net/sfu/arcsight-sfd2d ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user Please visit http://www.ijs.si/software/amavisd/ regularly For administrativa requests please send email to rainer at openantivirus dot org
Re: [AMaViS-user] p0f: is it interesting to use?
Am 02.02.2011 20:56, schrieb Giampaolo Tomassoni: I don't want to fight spam with p0f. My primary concern is to find out what sort of clients connect to my MX'es and use this information for statistical reasons. Is the detection good enough for that? I believe it is quite good in discriminating Win from Unices. But then, this is about a recent MacOS version: Linux 2.6 (newer, 2) [tos Bredband Scandinavia] (up: -1845493760 hrs), (link: pppoe (DSL)), [xxx.xxx.xxx.xxx:] Well, this time it is exact this is from a PPPoE DSL link. But also this data is not reliably exact. This is another MacOS. Probably an older release. FreeBSD 6.x (1) [tos Bredband Scandinavia] (up: -16777216 hrs), (link: GPRS, T1, FreeS/WAN), [xxx.xxx.xxx.xxx:] Well, here p0f may have spotted a MacOS (some kind of BSD Unix), but the link isn't right. Results are somehow fuzzy. Which is why I prefer to not rely on them. I think that are not really the results I'm looking for. Thanks John -- Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)! Finally, a world-class log management solution at an even better price-free! Download using promo code Free_Logger_4_Dev2Dev. Offer expires February 28th, so secure your free ArcSight Logger TODAY! http://p.sf.net/sfu/arcsight-sfd2d ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user Please visit http://www.ijs.si/software/amavisd/ regularly For administrativa requests please send email to rainer at openantivirus dot org
[AMaViS-user] drweb configuration
Installing amavisd-new on a FreeBSD 8.1 box. I've installed drweb from
ports but I can't seem to get the configuration to work correctly in
amavisd.conf. I'm not exactly sure which lines I need to uncomment and
if there are any changes need to make. Does anybody have a
configuration that works?
I have the daemon running so port 3000 is open.
Here's the section I'm looking at:
# ### http://www.sald.com/, http://www.dials.ru/english/, http://www.drweb.ru/
# ['DrWebD', \ask_daemon, # DrWebD 4.31 or later
# [pack('N',1). # DRWEBD_SCAN_CMD
#pack('N',0x00280001). # DONT_CHANGEMAIL, IS_MAIL, RETURN_VIRUSES
#pack('N', # path length
# length($TEMPBASE/amavis-mmddTHHMMSS-x/parts/pxxx)).
#'{}/*'. # path
#pack('N',0). # content size
#pack('N',0),
#'/var/drweb/run/drwebd.sock',
# # '/var/amavis/var/run/drwebd.sock', # suitable for chroot
# # '/usr/local/drweb/run/drwebd.sock', # FreeBSD drweb ports default
# # '127.0.0.1:3000',# or over an inet socket
# ],
# qr/\A\x00[\x10\x11][\x00\x10]\x00/sm,# IS_CLEAN,EVAL_KEY; SKIPPED
# qr/\A\x00[\x00\x01][\x00\x10][\x20\x40\x80]/sm,# KNOWN_V,UNKNOWN_V,V._MODIF
# qr/\A.{12}(?:infected with )?([^\x00]+)\x00/sm,
# ],
Thanks in advance for any help you can provide.
--
Against logic there is no armor like ignorance
- Lawrence J. Peter
http://www.linuxgeek.ca
--
Beautiful is writing same markup. Internet Explorer 9 supports
standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 L3.
Spend less time writing and rewriting code and more time creating great
experiences on the web. Be a part of the beta today
http://p.sf.net/sfu/msIE9-sfdev2dev
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
Please visit http://www.ijs.si/software/amavisd/ regularly
For administrativa requests please send email to rainer at openantivirus dot
org
Re: [AMaViS-user] amavis causing mail to queue on server ???
On Thu, 06 May 2010 00:26:36 -0500, Noel Jones njo...@megan.vbhcs.org wrote: On 5/5/2010 10:00 PM, John Robinson wrote: Hello all, As this is my first post to this list, please bear with me if my description or supplied info is not all that is required. I have 2 mail gateways running on Debian Lenny. I have installed and configured the following according to this guide : http://www200.pair.com/mecham/spam/spamfilter20090215.html#notes Debian - 5.0.4 (kernel 2.6.26-2-amd64) Postfix - 2.5.5-1.1 amavis - 2.6.4 clamav - 0.95.3+dfsg-1 spamassassin - 3.2.5-2+Lenny2 postgrey - 1.31-3.2 My problem is that about once a week the servers (at different times and not consistently) will start queuing mail and will not route it out. They still accept inbound smtp connections to port 25 but will not pass them on to amavis ?!? In the log files I find entries such as the one below : May 5 06:46:27 mailgateway00 postfix/smtp[1525]: DC2C114C68B: to=u...@domain.com, relay=127.0.0.1[127.0.0.1]:10024, delay=300, delays=0.13/0.01/300/0, dsn=4.4.2, status=deferred (conversation with 127.0.0.1[127.0.0.1] timed out while receiving the initial server greeting) executing mailq on the server reveals a similar message in the mail queue (delivery temporarily suspended: conversation with 127.0.0.1[127.0.0.1] timed out while receiving the initial server greeting) u...@domain.com The only way I have been able to fix the problem so far is to restart the whole server. Mail will then route until the next time this happens. Just to clarify, I'm assuming you're referring to amavisd-new and not some other variant of amavis, because all the others are dead projects and should be avoided. (continue, assuming all references are for amavisd-new) General debug strategy: - do you have plenty of RAM? Spamassassin and clam can really chew up some megs. - any errors in the log from about the time mail stops? Look before the deferred messages start showing up. - what's the last thing amavis logs? - can you telnet to the amavis port? - does the amavisd-nanny program tell you anything interesting? (run it a few times when things are normal so you know what it should look like). - does restarting amavisd get mail flowing within a few minutes? May require a postfix flush or waiting several minutes for postfix to realize that the destination is no longer dead. Note: frequent postfix flush with a full queue is very bad for performance, so use sparingly. I find it useful to run one extra amavis server process so that there will always be one free for testing. If amavisd appears unresponsive, increasing the amavisd log level may help you pinpoint where the trouble is. HTH. -- Noel Jones -- ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/ Thanks for the prompt response Noel. You are correct, I am referring to amavis-new. The systems I am running have 4Gb of RAM and usage seems to sit at around 1.5gig, I have never seen any swap usage. I have had a look at the log files on both servers just before the error started occurring and the only thing slightly out of the ordinary I can see is an entry like the below : timeout after END-OF-MESSAGE from localhost[127.0.0.1] Searching online for this indicates that it is to do with connection caching and likely not relevant to this issue. Is this correct ? The last thing amavis seems to log looks like normal message processing. Let me know if you would like to see a log snippet of around the time the error starts. I can telnet to the amavis port (10025) when the error is occurring. I have now got amavisd-nanny running and will run it again when the error reoccurs to see if it reveals anything. Restarting amavis does not seem to alleviate the problem. Only restarting the whole server seems to work for me at the moment. Also I have now increase the number of amavis processes that run by one. I'll let you know how I got at the next reoccurrence of this error. Thanks for your help. Regards John -- ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] amavis causing mail to queue on server ???
Hello all, As this is my first post to this list, please bear with me if my description or supplied info is not all that is required. I have 2 mail gateways running on Debian Lenny. I have installed and configured the following according to this guide : http://www200.pair.com/mecham/spam/spamfilter20090215.html#notes Debian - 5.0.4 (kernel 2.6.26-2-amd64) Postfix - 2.5.5-1.1 amavis - 2.6.4 clamav - 0.95.3+dfsg-1 spamassassin - 3.2.5-2+Lenny2 postgrey - 1.31-3.2 My problem is that about once a week the servers (at different times and not consistently) will start queuing mail and will not route it out. They still accept inbound smtp connections to port 25 but will not pass them on to amavis ?!? In the log files I find entries such as the one below : May 5 06:46:27 mailgateway00 postfix/smtp[1525]: DC2C114C68B: to=u...@domain.com, relay=127.0.0.1[127.0.0.1]:10024, delay=300, delays=0.13/0.01/300/0, dsn=4.4.2, status=deferred (conversation with 127.0.0.1[127.0.0.1] timed out while receiving the initial server greeting) executing mailq on the server reveals a similar message in the mail queue (delivery temporarily suspended: conversation with 127.0.0.1[127.0.0.1] timed out while receiving the initial server greeting) u...@domain.com The only way I have been able to fix the problem so far is to restart the whole server. Mail will then route until the next time this happens. Searching online I have found several references to the possibility that running more postfix processes than amavis processes will cause this problem but I have configured both to use the same number of processes as per the config lines below : /etc/postfix/master.cf smtp-amavis unix - - n - 5 smtp /etc/amavis/amavis.conf $max_servers = 5; As mentioned, being my first post, if there is any other info I can provide that would be useful please let me know and I will post up. Any help you can provide to assist me resolve this problem is greatly appreciated. Thanks in advance. Regards John -- ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Backscatterer.org, how to deal with?
I refuse to turn it off altogether, because I do not want to have my phone ring everytime someone thinks a mail did not arrive, because someone misspelt an emailaddress. I am not sure of the technical names, but I reject everything while connected to the sending server (recipients must exist and be deliverable), so there is no need to send backscatter. Post receipt spam is filtered to folders. I find backscatter offensive and use Postfix header_checks to try to reject these. I may look at using backscatterer.org for scoring in Spamassassin. BTW, you hijacked a thread, which is another no-no. -- Sincerely, John Thomas -- Download Intel#174; Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] NOD32 V4
Just wondering if anybody has updated their configuration to support the latest release of NOD32? Would you be willing to share your changes or will the 3.0 config work fine? -- Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] amavisd-new 2.6.1
troxlinux xserverli...@gmail.com schreef in bericht
news:a2c6daca0903271121m6c44ca12g8e2fefb37630f...@mail.gmail.com...
2009/3/25 John jknappers-argen...@hotmail.com:
Hi, Troxlinux,
The problem is that you mix packages from different repositories or
origin.
You use clamav-0.94.2-1.el5.rf from Rpmforge (did you also install
clamd-0.94.2-1.el5.rf? ), but rebuild amavisd-new from FC9.
Amavisd-new from FC9 expects a /etc/clamd.d directory (And possible other
dependicies)
Be carefull, mixing repositories can lead to dependacy hell! You don't
want
to be there
ok..
So have a few possibilities to solve this.
1 Simply create a clamd.d directory to keep FC9's amavisd-new happy
already attempt it
2 rebuild also the clamav packages form FC9
where I can discharge it?
Sorry, I do not understand what you'r asking.
3 Use amavisd-new from Rpmforge. But keep in mind, that last time I
checked,
the Rpmforge spec file do not include p0f and several other utilities
added
in the last few major releases.
I want to use the version 2.6.1, for the new features
But if interested, I can provide the specfile I use to build Amavisd-new
4 There are of course more solutions...
ok I wait for it
Included my fixed spec file, based on rpmforge version. It includes the
missing packages. I the past I submitted a patch to the rpmforge
maintainers, but sadly, it was ignored.
Keep in mind that there are a lot dependencies in the declared in the
specfile, which can be resolved by adding rpmforge repository to the Yum
configuration.
The specfile works ok in the recommended build setup.
This is not using the RPMBUILD tree at /usr/src/ as root ,
create a new build tree as a regular user
For the people not familiar with this:
eg: /home/builduser/rpmbuild . Put de RPMS SRPMS SOURCES BUILD and SPECS
directories in there
For your convenience I also include a .rpmrc and a .rpmmacros file to get
started easily. Those needs to be stored at /home/builduser/ and can be
adapted to suit your needs
build the .rpm and .src.rpm packages with: rpmbuild -ba
amavisd-new-2.6.2.el.spec
Sucess!
John
begin 666 .rpmrc
M:6YC;'5D93H@( @( @(]UW(O;EB+W)P;2]RUR8PIM86-R;V9I;5S
M.B O=7-R+VQI8B]RTO;6%CF]S.B]UW(O;EB+W)P;2\EU]T87)G971]
M+VUA8W)OSHO971C+W)P;2]M86-R;W,NW!E8W-P;SHO971C+W)P;2]M86-R
K;W,Z+V5T8R]RTO)7M?=%R9V5T?2]M86-R;W,Z?B\NG!M;6%CF]S@``
`
end
begin 666 .rpmmacros
M(R!#=7-T;v...@4e!-(UA8W)OR!C;VYF:6=UF%T:6]N(9I;4...@9f]r()U
M:6QD:6YG(%)032!P86-K86=EPHC(%S($@;F]N+7)O;w...@=7-eBX*(PHC
M($%U=AOCH@($UI:v...@02x@2%RFES(#QM:%RFES0')E9AA=YC;VT^
MB,*(R!4:ES(ES($...@8v]p2!O9B!M2!O=VX@5Rv]n...@4e!-(-O
M;F9I9W5R871I;v...@=vai8v@@22!UV4*(R!O;B!M2!W;W)KW1A=EO;B!F
M;W(@8G5I;1I;F@86YD('1EW1I;F@%C:V%G97,@9F]R(%)E9!(870@
M3e...@nB,@5AEf...@87)E(UA;g...@9EF9F5R96YT('!OW-I8FEL:71I
M97,@;VX@:]W('1O(-O;F9I9W5R92!24$TL('-OB,@9F5E;!FF5E('1O
M('1W96%K(AO=V5V97(@6]U(1EVER92X@($UA:V4@W5R92!T;R!CF5A
M=4...@86yyB,@9ER96-T;W)I97,@=AA=!AF4@F5F97)E;F-E9!PFEO
MB!T;R!UVEN9RX@(%)032!W:6QL(%U=]M871I8V%L;'D*(R!CF5A=4@
MV]M92!O9B!T:5M(EF(UIW-I;FL()U=!N;w...@86ql(]F('1H96TN
M(!7:EC:!O;F5S(ETB,@875T;RUCF5A=5S(ES(]N;'D@:VYO=VX@
m...@=AE(5X=')A=5RF5S=')i...@86qi96ys('1H870@:%V90HC(-R
m96%t...@4e!-+@HCB,@1F]R($%.62!H96QP('=I=@@86YY=AI;F@F5L
M871E9!T;r!2...@95V96QOUE;G0L('!A8VMA9VEN9RP*(R!OB!C=7-T
M;VUIF%T:6]N+!P;5AV4@:F]I;B!T:4...@4f5d($AA=!24$T@;6%I;EN
M9R!L:7-T()Y('-E;F1I;F*(R!A;B!E;6%I;!M97-S86=E('1O.B @G!M
M+6QIW0MF5Q=65S=$!R961H870N8V]M(!W:71H('1H92!W;W)DB,@(G-U
M8G-CFEB92(@:6...@=AE(%-U8FIE8W0Z(QI;F4NB,*(R!!;GD@W5G9V5S
M=EO;G,O8V]M;65N=',O(9OB!I;7!R;W9E;65N=',@=\...@=AIR!S971U
M!A'!R96-I871E9X*B,@)5]T;W!D:7(@95F:6YER!T:4...@=]P(1I
MF5C=]R2!T;R!B92!UV5D(9Ob!2...@8g5i;1I;F@'5R]S97,*
M(R!2!D969A=6QT4D]/5!O9B!T:4...@8g5i;1S7-T96T*)5]T;W!D:7()
M)2AE8VAO(1(3TU%*2]RUB=6EL9 H*(R E7W-O=7)C961IB!IR!W:5R
M92!T:4@V]UF-E(-O94...@=%R8F%L;',L('!A=-H97,L(5t...@=vel
M;!B90HC('!L86-E9!A9G1EB!Y;w...@9\...@86x@(G)P;2 M:79H('-O;65P
M86-K86=E+C$N,TQ+G-R8RYRTBB,E7W-O=7)C961IB @( @)7M?=]P
M9ER?2]33U520T53+R5[;F%M97TM)7MV97)S:6]N?0HC(%-W:6-H960@;V9F
M+!BF5A:W,@('-J;75D9!M86ME+7!OW1F:7...@nW!E8R!S:!S8W)I'0N
MB5?V]UF-E9ER( @( EU]T;W!D:7)]+U-/55)#15,*B,@)5]S5C
M9ER(ES('=H97)E('1H92!S5C9FEL92!G971S('!L86-E9!W:5N(EN
MW1A;QI;F@82!SF,NG!M+B!)B,@')E9F5R('1H92!S5C9FEL92!T
M;R!B92!I;B!T:4@V%M92!D:7)E8W1Og...@87,@=AE('-O=7)C92!T87)B
M86QLr...@971c+@HC)5]S5C9ER( @( @(5[7W-O=7)C961IGT*)5]S
M5C9ER( @( EU]T;W!D:7)]+U-014-3@HC(5?=UP%T:!IR!W
M:5R92!T96UP;W)AGD@V-R:7!TR!AF4@QA8V5D(1UFEN9R!T:4@
M4E!-()U:6QDB,@')O8V5SR!AR!W96QL(%S('1H92 E7V)U:6QDF]O
M=!W:5R92 E:6YS=%L;!N;W)M86QL2!D=6UPR!F:6QEPHC('!R:6]R
M('1O('!A8VMA9VEN9R!U!T:4...@9fen86p@8FEN87)Y(%)032...@he7w1m
M'!A=@))7M?=]P9ER?2]T;7 *B,@)5]B=6EL91IB!IR!W:5R92!S
M;w5r...@8v]d92!t87)B86QLR!Af...@95C;VUPF5SV5D+!A;F0@%T
M8VAER!T:5NB,@87!P;EE9!W:5N()U:6QD:6YG(%N(%)032!P86-K
M86=EB5?8G5I;1D:7())7M?=]P9ER?2]54E,1 H*(R E7V)U:6QDF]O
M=!IR!W:5R92!F:6QER!G970@QA8V5D(1UFEN9R!T:4@)6ENW1A
M;P@V5C=EO;B!O9B!S5CB,@9FEL92!PF]C97-S:6YG('!R:6]R('1O
M(9I;F%L
Re: [AMaViS-user] amavisd-new 2.6.1
troxlinux xserverli...@gmail.com schreef in bericht news:a2c6daca0903181149p76484adbgfdcf4c9eeaa1f...@mail.gmail.com... Hi list , I am trying to install amavisd-new 2.6.1 in a centos 5.2, but it shows me this error: error: Failed dependencies: /etc/clamd.d is needed by amavisd-new-2.6.1-1.noarch I have installed clamav-0.94.2-1.el5.rf some idea? -- rickygm http://gnuforever.homelinux.com Hi, Troxlinux, The problem is that you mix packages from different repositories or origin. You use clamav-0.94.2-1.el5.rf from Rpmforge (did you also install clamd-0.94.2-1.el5.rf? ), but rebuild amavisd-new from FC9. Amavisd-new from FC9 expects a /etc/clamd.d directory (And possible other dependicies) Be carefull, mixing repositories can lead to dependacy hell! You don't want to be there So have a few possibilities to solve this. 1 Simply create a clamd.d directory to keep FC9's amavisd-new happy 2 rebuild also the clamav packages form FC9 3 Use amavisd-new from Rpmforge. But keep in mind, that last time I checked, the Rpmforge spec file do not include p0f and several other utilities added in the last few major releases. But if interested, I can provide the specfile I use to build Amavisd-new 4 There are of course more solutions... Success. John -- Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are powering Web 2.0 with engaging, cross-platform capabilities. Quickly and easily build your RIAs with Flex Builder, the Eclipse(TM)based development software that enables intelligent coding and step-through debugging. Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Help configuring amavisd-new to use AVG7
Mark Martinec wrote:
Try adding a /m regexp flag, which changes how ^ matches in a
perl regular expressions, letting it match at any line beginning,
not only at the first line:
['AVG Anti-Virus',
\ask_daemon, [SCAN {}\n, '127.0.0.1:5'],
qr/^200/m, qr/^403/m, qr/^403 .*?: ([^\r\n]+)/m ],
Let me know if it helps.
Thanks that did the job, and it's successfully spotted an Eicar message,
excellent!
John.
--
John Beranek To generalise is to be an idiot.
http://redux.org.uk/ -- William Blake
-
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100url=/
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] Help configuring amavisd-new to use AVG7
I've installed the free Linux AVG7, and I would like to make amavisd-new
use it. My amavisd.conf has got configuration for an AVG daemon, and I
have one running on the same port, but it doesn't quite work and I don't
know enough about configuring virus scanners in Amavis to fix it.
I've got amavisd-new 2.5.1 from an openSUSE package, and my conf file has:
# ### http://www.grisoft.com/
['AVG Anti-Virus',
\ask_daemon, [SCAN {}\n, '127.0.0.1:5'],
qr/^200/, qr/^403/, qr/^403 .*?: ([^\r\n]+)/ ],
The error in the log file when Amavis tries to use it is:
Nov 10 21:36:48 linda amavis[5746]: (05746-14) (!!)ask_av (AVG
Anti-Virus) FAILED - unexpected result: 220-AVG7 Anti-Virus daemon mode
scanner\r\n220-Program version 7.5.51, engine 442\r\n220-Virus Database:
Version 270.9.0/1779 2008-11-10
\r\n220 Ready\r\n200 OK\r\n
This I imagine is because the daemon outputs 3 informational lines that
the rule doesn't understand. I don't know how to update the rule to make
it ignore these. For completeness, a trace of an example daemon
conversation:
220-AVG7 Anti-Virus daemon mode scanner
220-Program version 7.5.51, engine 442
220-Virus Database: Version 270.9.0/1779 2008-11-10
220 Ready
SCAN /tmp/xorg.conf.16465
200 OK
QUIT
221 Connection closed
Thanks in advance,
John.
--
John Beranek To generalise is to be an idiot.
http://redux.org.uk/ -- William Blake
-
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100url=/
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] whitelisted? By who?
Jo Rhett wrote: The following spam status report claims to be whitelisted. However this simply isn't true. I have no global whitelist entries, and only a single personal whitelist entry -- and it's certainly not me. I also sent a test message to myself and confirmed that it doesn't show whitelisted. What happened here? X-Spam-Status:No, score=-1.045 tagged_above=-999 required=3.8 tests=[ALL_TRUSTED=-1.44, AWL=0.395] Begin forwarded message: From: [EMAIL PROTECTED] Date: October 30, 2008 6:11:28 AM PDT To: [EMAIL PROTECTED] Subject: RE: Message 08662 Return-Path: [EMAIL PROTECTED] Received: from mail.netconsonance.com ([unix socket]) by triceratops.netconsonance.com (Cyrus v2.3.9) with LMTPA; Thu, 30 Oct 2008 06:11:30 -0700 Received: from casa-0ow2n4gcyh (189105133024.user.veloxzone.com.br [189.105.133.24] (may be forged)) by mail.netconsonance.com (8.14.1/8.14.1) with SMTP id m9UDBSHV034617 for [EMAIL PROTECTED] ; Thu, 30 Oct 2008 06:11:29 -0700 (PDT) (envelope-from [EMAIL PROTECTED] ) X-Sieve: CMU Sieve 2.3 X-Quarantine-Id: Y3KS4uAxv1Xz X-Virus-Scanned: amavisd-new at netconsonance.com X-Amavis-Alert: BAD HEADER, Missing required header field: Date X-Spam-Flag: NO X-Spam-Score: 0 X-Spam-Status: No, score=x tagged_above=-999 required=3.8 WHITELISTED tests=[] Content-Return: allowed X-Mailer: CME-V6.5.4.3; MSN Message-Id: [EMAIL PROTECTED] Mime-Version: 1.0 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Antivirus: avast! (VPS 081029-0, 29/10/2008), Outbound message X-Antivirus-Status: Clean This is a spamassassin issue, not a Amavis issue. I suspect you have something wrong with your trusted network setting but I would ask this on the Spamassassin list. It doesn't say its White listed. - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] amavisd uses lots of memory
On Sat, Oct 25, 2008 at 8:01 AM, Wojtek Bogusz [EMAIL PROTECTED] wrote: i am not sure what can i do to help it. Add memory. A properly configured server will never fill swap. The processor is a little lightweight admittedly, but if you don't run X on it it should do ok. How long did it take to acquire 3800 mails? -- --JSA- Someone stole my tag line, so now I have this rental. - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Amavisd-new reloading
Rocco Scappatura wrote: Hello. I have scheduled a cronjob to update rulesets of spamassassin: sa-update --gpgkey 6C6191E3 --channel sought.rules.yerp.org --channel updates.spamassassin.org /usr/sbin/rcamavisd reload I do this same thing, except instead of doing a reload I do: /usr/sbin/rcamavisd restart I have not encountered the problems you mention. - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] bypass only outgoing queue
Tomáš Macek wrote: What do I want: I want to check all the emails including the ones being send between computers inside @mynetwork. Only when mail goes outside of @mynetwork, it shouldn't be checked. Unless your network sends tons of spam, the outbound mail is the smallest segment of mail. Why skip this mail? You will save very little and you run the risk of becoming a bad internet citizen if your machines get a virus or a spambot. - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Suppress recipient delimiters on outgoing mail?
On Sun, Oct 12, 2008 at 2:12 AM, mouss [EMAIL PROTECTED] wrote: John Andersen a écrit : We scan mail inbound and outbound via Amavisd-New. (2.4.3 via Opensuse). Occasionally someone will send something outbound that might get flagged as spammy. Amavis then attaches our recipient delimiter +spam on the outbound mail, all of which bounce. amavisd-new will only do that if the recipient is local. so it looks like you defined remote domains as local. Is it so? No, of course not. The users send mail thru our server whether locally attached or roaming via authenticated (ssl) connections. Mail to some foreign address, say a gmail account or a ISP somewhere is being scanned, and if found spammy (over our rather tight threshold) is getting recipient delimiters appended. This is in spite of your assertion this can not happen. I can see it in the logs. whatever you do, you can have amavisd-new listen on two ports, say 10024 for inbound mail and 10586 for outbound mail. then use policy banks to have different configs for these ports. and have your MTA pass inbound to 10024 and outbound to 10586. with postfix, you can use the FILTER statement to do this (if your port 25 receives both inbound and outbound), or you could simply force outbound mail to use the standard submission port (587) instead of 25. This seems a rather long way to go to avoid a bug. And by the way, clients connect on port 465. -- --JSA- Someone stole my tag line, so now I have this rental. - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Suppress recipient delimiters on outgoing mail?
On Sun, Oct 12, 2008 at 12:56 PM, Sahil Tandon [EMAIL PROTECTED] wrote: John Andersen [EMAIL PROTECTED] wrote: I can see it in the logs. I use 2.6.1; just sent a SPAMMY test email to [EMAIL PROTECTED] as well as [EMAIL PROTECTED] The former was sent without an address extension while +spam was added to the local part of the latter. This is consistent with what mouss said and the following comment in the code: # If decided to pass viruses (or spam) to certain recipients using # %lovers_maps_by_ccat, or by %final_destiny_by_ccat resulting in D_PASS, # one may set the corresponding %addr_extension_maps_by_ccat to some string, # and the recipient address will have this string appended as an address # extension to a local-part (mailbox part) of the address. This extension # can be used by a final local delivery agent for example to place such mail # in different folder. Leaving these variable undefined or empty string # prevents appending address extension. Recipients which do not match access # lists in @local_domains_maps are not affected (i.e. non-local recipients # do not get address extension appended). Well perhaps I did unwittingly set everything local. 2.4.3 is pretty old. I followed the docs in setting up the @local_domains_maps but I think those docs were wrong at that time, according to stuff I've read. I found this page helpful: http://www.engardelinux.com/modules/index/list_archives.cgi?list=amavispage=0175.htmlmonth=2008-07 I now have to wait till my user sends out her somewhat spammy newsletter again. -- --JSA- Someone stole my tag line, so now I have this rental. - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] Amavis/spamassassin can't count?
I'm using amavisd-new 2.5.1 and spamassassin 3.2.5 from openSUSE 11 packages, plus the standard set of recommended SARE rules. I got a false positive today, and what's odd about is that is seems that amavis/spamassassin can't add up somehow: X-Spam-Score: 8.412 X-Spam-Level: X-Spam-Status: Yes, score=8.412 tagged_above=- required=5 tests=[AWL=-0.330, BANG_GUAR=0.939, BAYES_40=-0.185, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=1.396, SARE_OEM_S_PRICE=1, SARE_UNI=0.591] Adding up those tests the score comes up to 3.412, not 8.412. Clearly this is important, because I set the threshold at 5. I've not seen a lot of this so I'm not too worried, but then I don't scan my spam folder for false positives very often, so maybe I'm missing more email... John. -- John Beranek To generalise is to be an idiot. http://redux.org.uk/ -- William Blake - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Amavis/spamassassin can't count?
Sahil Tandon wrote: Soft blacklisting within your amavisd.conf perhaps? For example, the email you sent to the list arrived with the following SA headers: Erk, you're right! The email was from [EMAIL PROTECTED] and @score_sender_maps contains: [qr'^(bulkmail|offers|cheapbenefits|earnmoney|foryou)@'i = 5.0], Now I know the existence of these soft-blacklist items, I think I'll turn them _all_ off! John. -- John Beranek To generalise is to be an idiot. http://redux.org.uk/ -- William Blake - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] Suppress recipient delimiters on outgoing mail?
We scan mail inbound and outbound via Amavisd-New. (2.4.3 via Opensuse). Occasionally someone will send something outbound that might get flagged as spammy. Amavis then attaches our recipient delimiter +spam on the outbound mail, all of which bounce. Is there anyway to prevent Plus addressing from being added by amavisd on outbound mail. I can't think of a single good reason to apply local extensions to outgoing mail. -- --JSA- Someone stole my tag line, so now I have this rental. - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Backscatter
On Wed, 9 Apr 2008, [EMAIL PROTECTED] wrote: Ok, I'm not sure what has happened, but my own email address along with many of my users is being used as a forged sender address for a lot of spam, and I'm getting pummeled by backscatter (as in I just came back from lunch after having cleared them out and had 27 more delivery failure messages waiting on me - many users on my system are experiencing similar volumes). A great document on helping with this problem is: http://www.postfix.org/BACKSCATTER_README.html I work in the email defense industry, and this has become an exploding issue since the Google CAPTCHA was hacked, and also since most Google email services (googlepages and others) will receive an email regardless of if it's a valid user and then backscatter it out if it hits a nonexistent address. I'm not trying to blame it all on Google since this problem predates their email-based services, but they seem to be a heavy cause of the recent rash of complaints that I've seen on many other mailing lists that I monitor. -- John Evans Administrator of kilnar.com - This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] can not restart with zlib error
On Thu, 13 Mar 2008, Voytek Eymont wrote: # service amavisd restart Shutting down Mail Virus Scanner (amavisd):[ OK ] Starting Mail Virus Scanner (amavisd): ERROR: MISSING REQUIRED BASIC MODULES: Compress::Zlib BEGIN failed--compilation aborted at /usr/sbin/amavisd line 171. I'd use cpan as root and do this once in cpan: install Compress::Zlib If it asks for prerequesites to Compress::Zlib, allow cpan to install it. -- John Evans Administrator of kilnar.com - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Out Of Control amavisd-new Procs
On Thu, 6 Mar 2008, Mark Martinec wrote: It basically waits for X seconds (in this case 180) and if the program is still running after X seconds, it kills it. This allows me to run amavisd-nanny for 3 minutes without direct user intervention. Btw, the amavisd-new-2.6.0 will provide an option -c count to amavisd-nanny and amavisd-agent to limit the repeat count of a display, so '-c 1' will avoid a need for the 'limit' trick. Thanks for pointing out a usage deficiency. Mark, Great addition to the program! Thanks for adding this. -- John Evans Administrator of kilnar.com - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] Out Of Control amavisd-new Procs
Greetings,
I sent the following email a week ago, and I have not seen any
responses to it. I'm going to assume the message never hit the list
(even though I received it back from the list.)
Does anyone have any information on this?
Original Email Below
All,
Since migrating to Postfix+Amavisd-new+SpamAssassin+ClamAV a few months
back, I've had some issues with amavisd-new going out of control and
consuming a massive amount of CPU time. The load on my box is normally
less than 0.8, but when amavisd-new goes crazy, the load will climb to
over 7 and will sometimes get to over 10.
The work-around that I've patched together is a total hack, but it
works. Here's the script that I run every 5 minutes from cron.
#!/bin/sh
### Get the current load in integer form. (using truncate, not round)
LOAD=`/usr/bin/uptime | \
/usr/bin/awk '{print $11}' | \
/usr/bin/cut -f1 -d.`
if [ ${LOAD} -gt 1 ]; then
echo Mail IDs Put On Hold:
echo
### Find IDs in the queue:wq
IDS=`/usr/bin/mailq | \
/usr/bin/tail -n +2 | \
/bin/grep -v '^[-( ]' | \
/usr/bin/awk '{print $1}' | \
/bin/grep -v '!$' | \
/usr/bin/tr -d '*!'`
for id in ${IDS}; do
echo $id
/usr/sbin/postsuper -h $id
done
echo Running amavisd-nanny for 3 minutes to clean up stuck processes.
/usr/local/bin/limit 180 /usr/sbin/amavisd-nanny 1/dev/null 2/dev/null
fi
The limit program is from chapter 13 of Unix for Programmers and Users
(3rd ed.) and the code is available here:
ftp://ftp.prenhall.com/pub/esm/the_apt_series.s-042/glass_ables_unix-3e/expanded/ch13/
It basically waits for X seconds (in this case 180) and if the program
is still running after X seconds, it kills it. This allows me to run
amavisd-nanny for 3 minutes without direct user intervention.
This script will find all messages in the non-hold queue, and get thier
postfix IDs. Then it will put the messages on hold, so that I can check
them out at a later date.
I have a few examples of emails that are causing problems, and then only
common identifier that I can find is that there seems to be some form of
double-byte characters in them.. I think. In places where I expect '=',
I see '=3D' in the postcat output. There are also several '=20'
scattered about the postcat output as well.
I feel that this is a major bug in amavisd-new since a process will lock
up until amavisd-nanny comes along to kill it off (or you manually 'kill
-9' the process.)
Does anyone know of a work-around for this issue, or better yet, a
solution to keep it from happening in the first place?
Version numbers for all software:
Base OS: Ubuntu Server 7.10
postfix: 2.4.7-1
amavisd-new: 2.4.2-6.2
clamav: 0.91.2-3
spamassassin: 3.2.4-0
Thanks!
--
John Evans
Administrator of kilnar.com
-
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] backscatter ==? final_spam_destiny = D_BOUNCE, # so the sender knows they are a spammer
I recently saw the following recommended configuration show up on the list: final_spam_destiny = D_BOUNCE, # so the sender knows they are a spammer Does this cause backscatter if Amavis is not set up as a milter and if so shouldn't that be discouraged as it causes spam? Link regarding backscatter: http://spamlinks.net/prevent-secure-backscatter.htm -- Sincerely, John Thomas - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] Out Of Control amavisd-new Procs
All,
Since migrating to Postfix+Amavisd-new+SpamAssassin+ClamAV a few months
back, I've had some issues with amavisd-new going out of control and
consuming a massive amount of CPU time. The load on my box is normally
less than 0.8, but when amavisd-new goes crazy, the load will climb to
over 7 and will sometimes get to over 10.
The work-around that I've patched together is a total hack, but it
works. Here's the script that I run every 5 minutes from cron.
#!/bin/sh
### Get the current load in integer form. (using truncate, not round)
LOAD=`/usr/bin/uptime | \
/usr/bin/awk '{print $11}' | \
/usr/bin/cut -f1 -d.`
if [ ${LOAD} -gt 1 ]; then
echo Mail IDs Put On Hold:
echo
### Find IDs in the queue:wq
IDS=`/usr/bin/mailq | \
/usr/bin/tail -n +2 | \
/bin/grep -v '^[-( ]' | \
/usr/bin/awk '{print $1}' | \
/bin/grep -v '!$' | \
/usr/bin/tr -d '*!'`
for id in ${IDS}; do
echo $id
/usr/sbin/postsuper -h $id
done
echo Running amavisd-nanny for 3 minutes to clean up stuck processes.
/usr/local/bin/limit 180 /usr/sbin/amavisd-nanny 1/dev/null 2/dev/null
fi
The limit program is from chapter 13 of Unix for Programmers and Users
(3rd ed.) and the code is available here:
ftp://ftp.prenhall.com/pub/esm/the_apt_series.s-042/glass_ables_unix-3e/expanded/ch13/
It basically waits for X seconds (in this case 180) and if the program
is still running after X seconds, it kills it. This allows me to run
amavisd-nanny for 3 minutes without direct user intervention.
This script will find all messages in the non-hold queue, and get thier
postfix IDs. Then it will put the messages on hold, so that I can check
them out at a later date.
I have a few examples of emails that are causing problems, and then only
common identifier that I can find is that there seems to be some form of
double-byte characters in them.. I think. In places where I expect '=',
I see '=3D' in the postcat output. There are also several '=20'
scattered about the postcat output as well.
I feel that this is a major bug in amavisd-new since a process will lock
up until amavisd-nanny comes along to kill it off (or you manually 'kill
-9' the process.)
Does anyone know of a work-around for this issue, or better yet, a
solution to keep it from happening in the first place?
Version numbers for all software:
Base OS: Ubuntu Server 7.10
postfix: 2.4.7-1
amavisd-new: 2.4.2-6.2
clamav: 0.91.2-3
spamassassin: 3.2.4-0
Thanks!
--
John Evans
Administrator of kilnar.com
-
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] amavis[xx]: (!)DENIED ACCESS from IP x.x.x.43, policy bank ''
Hi there! I'm running Qmail, and on the same system I run postfix as a smart host or spam firewall. Qmail listens on x.x.x.42 and postfix listens on x.x.x.43 From what I read, this setup might be causing the error in question. My question is: would anyone know specifically why this is happening and what I can do to add amavis to this set up? It is postfix that connects to amavis from source IP x.x.x.43. I've obviously googled the error and found pretty much nothing that applies to me, except for one thread where someone disabled smtp_bind_address to solve this: http://www.howtoforge.com/forums/archive/index.php/t-1217.html I can't do that in my set up. main.cf: === inet_interfaces = x.x.x.43 mynetworks = x.x.x.40/29, 192.168.0.0/16, 10.0.0.0/8, 127.0.0.0/8 content_filter=amavisfeed:[127.0.0.1]:10024 master.cf: amavisfeed unix- -n - 2 lmtp -o lmtp_data_done_timeout=1200 -o lmtp_send_xforward_command=yes -o disable_dns_lookups=yes -o max_use=20 amavisfeed unix- -n-2 smtp -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes -o max_use=20 127.0.0.1:10025 inet n-n-- smtpd -o content_filter= -o smtpd_delay_reject=no -o smtpd_client_restrictions=permit_mynetworks,reject -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_data_restrictions=reject_unauth_pipelining -o smtpd_end_of_data_restrictions= -o smtpd_restriction_classes= -o mynetworks=127.0.0.0/8 -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 -o smtpd_client_connection_count_limit=0 -o smtpd_client_connection_rate_limit=0 -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters -o local_header_rewrite_clients= amavis.conf: === @local_domains_maps = ( [.$mydomain] ); # list of all local domains @mynetworks = qw( 127.0.0.0/8 [::1] [FE80::]/10 [FEC0::]/10 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 x.x.x.40/29 ); Connecting using telnet on localhost works fine. # telnet localhost 10024 Trying 127.0.0.1... Connected to localhost.localdomain (127.0.0.1). Escape character is '^]'. 220 [127.0.0.1] ESMTP amavisd-new service ready mail from:[EMAIL PROTECTED] 250 2.1.0 Sender [EMAIL PROTECTED] OK rcpt to:[EMAIL PROTECTED] 250 2.1.5 Recipient [EMAIL PROTECTED] OK data 354 End data with CRLF.CRLF Subject: asdads asd .. 250 2.0.0 Ok: queued as 77015A40013 Thanks for reading all this :P Never miss a thing. Make Yahoo your home page. http://www.yahoo.com/r/hs - SF.Net email is sponsored by: Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Whitelisting mynetworks
On Mon, 10 Dec 2007, Sahil Tandon wrote: * John Evans [EMAIL PROTECTED] [2007-12-10 14:48:03 -0700]: Am I missing something here? Is there a web page that documents how to do this? I've searched the web and mailing list archives, and this is the config that I came up with, but it's not working properly. http://www200.pair.com/mecham/spam/bypassing.html Sahil, Thanks for the link! That answered my question (Example #1 was it), and it turns out I was missing a mynetworks config portion in the postfix config. Everything else was there. It's been added to my Postfix related bookmarks. -- John Evans Administrator of kilnar.com - SF.Net email is sponsored by: Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] Whitelisting mynetworks
the scanning of items forwarded to [EMAIL PROTECTED]) -- John Evans - SF.Net email is sponsored by: Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] amavisd debug-sa hangs on CentOS5
Matthias Weigel [EMAIL PROTECTED] schreef in bericht
news:[EMAIL PROTECTED]
Hello John,
i compared your trace against my working system.
At the end of your trace i see lines like
select(0, NULL, NULL, NULL, {10, 0}) = 0 (Timeout)
this is where amavisd waits for input on the configured tcp port
($inet_socket_port in amavisd.conf).
There is no further output of amavisd debug-sa at that point, until a
mail is received.
What reaction do you get, if you feed amavisd a mail via SMTP at this
point?
My working installation is from CPAN only, with the following versions
(on Centos5-x86_64):
Oct 4 20:24:52 gate amavis[2814]: starting. /usr/sbin/amavisd at
gate.maweos.de amavisd-new-2.5.2 (20070627), Unicode aware, LANG=C
Oct 4 20:24:52 gate amavis[2814]: Perl version 5.008008
Oct 4 20:24:53 gate
amavis[2814]: Module Amavis::Conf2.091
Oct 4 20:24:53 gate amavis[2814]: Module Archive::Zip1.18
Oct 4 20:24:53 gate
amavis[2814]: Module BerkeleyDB 0.31
Oct 4 20:24:53 gate amavis[2814]: Module Compress::Zlib 2.004
Oct 4 20:24:53 gate
amavis[2814]: Module Convert::TNEF 0.17
Oct 4 20:24:53 gate amavis[2814]: Module Convert::UUlib 1.08
Oct 4 20:24:53 gate
amavis[2814]: Module DBD::mysql 4.004
Oct 4 20:24:53 gate amavis[2814]: Module DBI 1.56
Oct 4 20:24:53 gate
amavis[2814]: Module DB_File 1.815
Oct 4 20:24:53 gate amavis[2814]: Module Digest::MD5 2.36
Oct 4 20:24:53 gate
amavis[2814]: Module Digest::SHA 5.44
Oct 4 20:24:53 gate amavis[2814]: Module Digest::SHA12.11
Oct 4 20:24:53 gate
amavis[2814]: Module MIME::Entity5.420
Oct 4 20:24:53 gate amavis[2814]: Module MIME::Parser5.420
Oct 4 20:24:53 gate
amavis[2814]: Module MIME::Tools 5.420
Oct 4 20:24:53 gate amavis[2814]: Module Mail::DKIM 0.25
Oct 4 20:24:53 gate
amavis[2814]: Module Mail::Header1.77
Oct 4 20:24:53 gate amavis[2814]: Module Mail::Internet 1.77
Oct 4 20:24:53 gate
amavis[2814]: Module Mail::SPF v2.004
Oct 4 20:24:53 gate amavis[2814]: Module Mail::SPF::Query1.999001
Oct 4 20:24:53 gate
amavis[2814]: Module Mail::SpamAssassin 3.002000
Oct 4 20:24:53 gate amavis[2814]: Module Net::DNS0.59
Oct 4 20:24:53 gate
amavis[2814]: Module Net::Server 0.96
Oct 4 20:24:53 gate amavis[2814]: Module NetAddr::IP 4.004
Oct 4 20:24:53 gate
amavis[2814]: Module Razor2::Client::Version 2.84
Oct 4 20:24:53 gate amavis[2814]: Module Time::HiRes 1.9707
Oct 4 20:24:53 gate
amavis[2814]: Module URI 1.35
Oct 4 20:24:53 gate amavis[2814]: Module Unix::Syslog0.99
Oct 4 20:24:53 gate
amavis[2814]: Amavis::DB code loaded
Best Regards
Matthias
Dear Matthias,
Sending a message through Amavisd worked and got after scanning nicely
forwarded to our internal mailserver.
I start to get the idea that I misunderstood the amavisd debug-sa command. I
expected an exit status, like spmassassin -D --lint does, or at least an
confirmation the test process ended.
So it looks like amavisd debug-sa starts amavisd with debugging on
foreground, without an defined exit. On my old SuSEbox amavisd debug-sa ends
with dbg: bayes: untie-ing db_seen, which gave the impression that the
process was finished and starts waiting for a new message to process,
causing confusion by me.
27062] dbg: check:
subtests=__HAS_MSGID,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__NONEMPTY_BODY,__SANE_MSGID,__SARE_WHITELIST_FLAG,__TVD_BODY,__UNUSABLE_MSGID
[27062] dbg: bayes: untie-ing
[27062] dbg: bayes: untie-ing db_toks
[27062] dbg: bayes: untie-ing db_seen
So it looks solved and no problem at all. I would like to thank Matthias for
time and effort to help me.
Regards,
John
John schrieb:
David Filion [EMAIL PROTECTED] schreef in bericht
news:[EMAIL PROTECTED]
John wrote:
Matthias Weigel [EMAIL PROTECTED] schreef in bericht
news:[EMAIL PROTECTED]
Hello John,
the interesting thing is normally at the end: where amavisd hangs. So
just send the last 100 lines.
Also have a look at the file. Maybe you see failing systemcalls or
interesting error messages.
Matthias
The strace.txt is posted, but showed on other place in this tread.
Some more things I tried without luck
Re: [AMaViS-user] amavisd debug-sa hangs on CentOS5
John [EMAIL PROTECTED] schreef in bericht news:...
Matthias Weigel [EMAIL PROTECTED] schreef in bericht
news:[EMAIL PROTECTED]
Hello John,
the interesting thing is normally at the end: where amavisd hangs. So
just send the last 100 lines.
Also have a look at the file. Maybe you see failing systemcalls or
interesting error messages.
Matthias
Mathias,
I looked at the file, and first thing I mentioned, a lot of perl modules
were not found. At the end I mentioned a lot off kill's in timeouts. But I
don't how to interpreted that.
I also did a strace on Amavis on my old I(and still working SuSE91 box,
but
running a recent Amavisd-new and spamassassin). The start of the file
looked
much different. I include the start of that trace to.
Post has failed, I post the strace-suse in a separate post
Last thingg I tried, I disabled the use of BerkelyDB in amavisd.conf,
($enable_db = 0;and $enable_global_cache = 0; to test if that reveils
the problem, but no success
John
John schrieb:
Matthias Weigel [EMAIL PROTECTED] schreef in bericht
news:[EMAIL PROTECTED]
Hello John,
i think you just traced the su command, not amavisd.
try adding -f option to strace or better do it step by step:
first
su - amavis
then
strace -f -o /tmp/amavisstrace /usr/sbin/amavisd debug-sa
This created a 5 mb large strace logfile, with even compressed got
rejected
in the mailinglist
What a else can I do?
make sure, the su command does not prompt you for anything!
Matthias
-
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now http://get.splunk.com/
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
begin 666 amavis-strace-cut.txt
M(RTM/B!3=%R=!B96=I;@HQ,3(Q,R!E5C=F4H(B]UW(OV)I;B]A;6%V
M:7-D([EMAIL PROTECTED](O=7-R+W-B:6XO86UA=FES9(L()D96)U9RUS82)=+!;+RH@
M,C @=F%RR J+UTI(#T@, HQ,3(Q,R!BFLH,D@( @( @( @( @( @
M( @( @( @( @/2 P$P-(P,# *,3$R,3,@;6UA#(H3E5,3[EMAIL PROTECTED] Y
[EMAIL PROTECTED])/5%]214%$?%!23U1?5U))5$4L($U!4%]04DE6051%?$U!4%]!3D].
M64U/55,L(TQ+ P*2 ](#!X8C=F,#$P,# *,3$R,3,@86-C97-S*(O971C
M+VQD+G-O+G!R96QO860B+!27T]+*2 ](TQ($5.3T5.5 H3F\@W5C:!F
M:6QE(]R(1IF5C=]R2D*,3$R,3,@;W!E;[EMAIL PROTECTED]B]L:6(O5R;#4O
[EMAIL PROTECTED]:3,X-BUL:6YUUT:')E860M;75L=DO0T]212]T;',O:38X-B]S
MV4R+VQI8G!EFPNV\B+!/7U)$3TY,62D@/2 M,[EMAIL PROTECTED]('-U
M8V@@9FEL92!OB!D:7)E8W1OGDIC$Q,C$S('-T870V-@B+W5SB]L:6(O
M5R;[EMAIL PROTECTED]:3,X-BUL:6YUUT:')E860M;75L=DO0T]212]T;',O
M:38X-B]SV4R(BP@,'AB9F8T.#DS.D@/2 M,[EMAIL PROTECTED]('-U8V@@
M9FEL92!OB!D:7)E8W1OGDIC$Q,C$S(]P96XH(B]UW(O;EB+W!EFPU
M+S4N.XX+VDS.#8M;[EMAIL PROTECTED]AR96%D+6UU;'1I+T-/4D4O=QS+VDV.#8O
M;EB5R;YS;R(L($]?4D1/3DQ9*2 ](TQ($5.3T5.5 H3F\@W5C:!F
M:6QE(]R(1IF5C=]R2D*,3$R,3,@W1A=#8T*(O=7-R+VQI8B]P97)L
[EMAIL PROTECTED]]I,[EMAIL PROTECTED];G5X+71HF5A9UM=6QT:2]#3U)%+W1L[EMAIL
PROTECTED]
M(BP@,'AB9F8T.#DS.D@/2 M,[EMAIL PROTECTED]('-U8V@@9FEL92!OB!D
M:7)E8W1OGDIC$Q,C$S(]P96XH(B]UW(O;EB+W!EFPU+S4N.XX+VDS
M.#8M;[EMAIL PROTECTED]AR96%D+6UU;'1I+T-/4D4O=QS+W-S93(O;EB5R;YS
M;R(L($]?4D1/3DQ9*2 ](TQ($5.3T5.5 H3F\@W5C:!F:6QE(]R(1I
MF5C=]R2D*,3$R,3,@W1A=#8T*(O=7-R+VQI8B]P97)[EMAIL PROTECTED]]I
M,[EMAIL PROTECTED];G5X+71HF5A9UM=6QT:2]#3U)%+W1LR]SV4R(BP@,'AB9F8T
M.#DS.D@/2 M,[EMAIL PROTECTED]('-U8V@@9FEL92!OB!D:7)E8W1OGDI
MC$Q,C$S(]P96XH(B]UW(O;EB+W!EFPU+S4N.XX+VDS.#8M;[EMAIL PROTECTED]
M=AR96%D+6UU;'1I+T-/4D4O=QS+VQI8G!EFPNV\B+!/7U)$3TY,62D@
M/2 M,[EMAIL PROTECTED]('-U8V@@9FEL92!OB!D:7)E8W1OGDIC$Q,C$S
M('-T870V-@B+W5SB]L:6(O5R;[EMAIL PROTECTED]:3,X-BUL:6YUUT:')E
M860M;75L=DO0T]212]T;',B+ P)F9C0X.3,X*2 ](TQ($5.3T5.5 H
M3F\@W5C:!F:6QE(]R(1IF5C=]R2D*,3$R,3,@;W!E;[EMAIL PROTECTED]B]L
M:6(O5R;[EMAIL PROTECTED]:3,X-BUL:6YUUT:')E860M;75L=DO0T]212]I
[EMAIL PROTECTED](O;EB5R;YS;R(L($]?4D1/3DQ9*2 ](TQ($5.3T5.5 H
M3F\@W5C:!F:6QE(]R(1IF5C=]R2D*,3$R,3,@W1A=#8T*(O=7-R
M+VQI8B]P97)[EMAIL PROTECTED]]I,[EMAIL PROTECTED];G5X+71HF5A9UM=6QT:2]#3U)%
M+VDV.#8OW-E,B(L([EMAIL PROTECTED],[EMAIL PROTECTED]([EMAIL
PROTECTED]@14Y/14Y4(A.;R!S=6-H
M(9I;4@;W(@9ER96-T;W)Y*0HQ,3(Q,R!O5N*(O=7-R+VQI8B]P97)L
[EMAIL PROTECTED]]I,[EMAIL PROTECTED];G5X+71HF5A9UM=6QT:2]#3U)%+VDV.#8O;EB
M5R;YS;R(L($]?4D1/3DQ9*2 ](TQ($5.3T5.5 H3F\@W5C:!F:6QE
M(]R(1IF5C=]R2D*,3$R,3,@W1A=#8T*(O=7-R+VQI8B]P97)L-2\U
[EMAIL PROTECTED]]I,[EMAIL PROTECTED];G5X+71HF5A9UM=6QT:2]#3U)%+VDV.#8B+
P)F
M9C0X.3,X*2 ](TQ($5.3T5.5 H3F\@W5C:!F:6QE(]R(1IF5C=]R
M2D*,3$R,3,@;W!E;[EMAIL PROTECTED]B]L:6(O5R;[EMAIL PROTECTED]:3,X-BUL:6YU
MUT:')E860M;75L=DO0T]212]SV4R+VQI8G!EFPNV\B+!/7U)$3TY,
M62D@/2 M,[EMAIL PROTECTED]('-U8V@@9FEL92!OB!D:7)E8W1OGDIC$Q
M,C$S('-T870V-@B+W5SB]L
Re: [AMaViS-user] amavisd debug-sa hangs on CentOS5
Matthias Weigel [EMAIL PROTECTED] schreef in bericht news:[EMAIL PROTECTED] Hello John, the interesting thing is normally at the end: where amavisd hangs. So just send the last 100 lines. Also have a look at the file. Maybe you see failing systemcalls or interesting error messages. Matthias Mathias, I post failed. I had to repost, but the repost did apear on an other place in the tread. John John schrieb: Matthias Weigel [EMAIL PROTECTED] schreef in bericht news:[EMAIL PROTECTED] Hello John, i think you just traced the su command, not amavisd. try adding -f option to strace or better do it step by step: first su - amavis then strace -f -o /tmp/amavisstrace /usr/sbin/amavisd debug-sa This created a 5 mb large strace logfile, with even compressed got rejected in the mailinglist What a else can I do? make sure, the su command does not prompt you for anything! Matthias - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/ - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] amavisd debug-sa hangs on CentOS5
John [EMAIL PROTECTED] schreef in bericht news:...
Matthias Weigel [EMAIL PROTECTED] schreef in bericht
news:[EMAIL PROTECTED]
Hello John,
the interesting thing is normally at the end: where amavisd hangs. So
just send the last 100 lines.
Also have a look at the file. Maybe you see failing systemcalls or
interesting error messages.
Matthias
Mathias,
I looked at the file, and first thing I mentioned, a lot of perl modules
were not found. At the end I mentioned a lot off kill's in timeouts. But
I
don't how to interpreted that.
I also did a strace on Amavis on my old I(and still working SuSE91 box,
but
running a recent Amavisd-new and spamassassin). The start of the file
looked
much different. I include the start of that trace to.
Post has failed, I post the strace-suse in a separate post
And now the strace -suse.txt
Last thingg I tried, I disabled the use of BerkelyDB in amavisd.conf,
($enable_db = 0;and $enable_global_cache = 0; to test if that
reveils
the problem, but no success
John
John schrieb:
Matthias Weigel [EMAIL PROTECTED] schreef in bericht
news:[EMAIL PROTECTED]
Hello John,
i think you just traced the su command, not amavisd.
try adding -f option to strace or better do it step by step:
first
su - amavis
then
strace -f -o /tmp/amavisstrace /usr/sbin/amavisd debug-sa
This created a 5 mb large strace logfile, with even compressed got
rejected
in the mailinglist
What a else can I do?
make sure, the su command does not prompt you for anything!
Matthias
-
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now http://get.splunk.com/
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
begin 666 amavis-strace-suse.txt
M,3(S,[EMAIL PROTECTED](O=7-R+W-B:6XO86UA=FES9(L(%LB+W5SB]S8FEN
M+V%M879IV0B+ B95B=6M[EMAIL PROTECTED](#4Q('9AG,@*B]=*2 ](# *
M,3(S,[EMAIL PROTECTED];64HW-YSTB3[EMAIL PROTECTED]!N;V1E/2)G=RTP,#
Q([EMAIL PROTECTED]
M?2D@/2 PC$R,S(Y()R:[EMAIL PROTECTED] @( @( @( @( @( @( @( @( @
M( ](#!X.#$T9C P, HQ,C,R.2!O;1?;6UAA.54Q,+ T,#DV+!04D]4
M7U)%041\4%)/[EMAIL PROTECTED]@
M+3$L(# I(#T@,'@T,# Q-S P, HQ,C,R.2!O5N*(O971C+VQD+G-O+G!R
M96QO860B+!/7U)$3TY,62D@/2 M,[EMAIL PROTECTED]('-U8V@@9FEL92!O
MB!D:7)E8W1OGDIC$R,S(Y(]P96XH(B]E=,O;0NV\N8V%C:4B+!/
M7U)$3TY,62D@/2 SC$R,S(Y(9S=%T-C0H,RP@W-T7VUO94]4U])1E)%
M1WPP-C0T+!S=%]S:7IE/3R-#$P+ N+BY]*2 ](# *,3(S,CD@;VQD7VUM
M87 H3E5,3[EMAIL PROTECTED](T,3 L(%!23U1?4D5!1[EMAIL PROTECTED](#,L(# I
M(#T@,'@T,# Q.# P, HQ,C,R.2!C;[EMAIL PROTECTED] @( @( @( @( @( @
M( @( @( @/2 PC$R,S(Y(]P96XH(B]L:6(O;EB;G-L+G-O+C$B+!/
M7U)$3TY,62D@/2 SC$R,S(Y(')E860H,RP@(EPQ-S=%3$9,5PQ7#%,%PP
M7#!,%PP7#!,%PP7#!,UPP7#-,%PQ7#!,%PP7#(T,#Q,(N+BXL(#4Q
M,BD@/2 U,3(*,3(S,[EMAIL PROTECTED]@S+![W1?;6]D93U37TE4D5'?# W
M-34L('-T7W-I[EMAIL PROTECTED],S8L(XN+GTI(#T@, HQ,C,R.2!O;1?;6UAA.
M54Q,+ X-3$U,[EMAIL PROTECTED])/[EMAIL PROTECTED]
M(#,L(# I(#T@,'@T,# R83 P, HQ,C,R.2!M861V:7-E*#!X-# P,F$P,# L
M([EMAIL PROTECTED],34R+!-04167U-%455%3E1)04Q\,'@Q*2 ](# *,3(S,CD@;VQD7VUM
M87 H,'@T,# S8S P,[EMAIL PROTECTED] [EMAIL
PROTECTED])/5%]214%$?%!23U1?5U))5$4L($U!
M4%]04DE6051%?$U!4%]25A%1P@,RP@,'@Q,3 P,D@/2 P#0P,#-C,# P
MC$R,S(Y(]L9%]M;6%P*#!X-# P,V0P,# L(#S,[EMAIL PROTECTED](%!23U1?4D5!1'Q0
M4D]47U=2251%+!-05!?4%))5D%417Q-05!?1DE8141\34%07T%.3TY934]5
[EMAIL PROTECTED](# I(#T@,'@T,# S9# P, HQ,C,R.2!C;[EMAIL PROTECTED] @( @( @
M( @( @( @( @( @( @/2 PC$R,S(Y(]P96XH(B]L:6(O;EB9PN
MV\N,B(L($]?4D1/3DQ9*2 ](#,*,3(S,CD@F5A9@S+ B7#$W-T5,1EPQ
M7#%,5PP7#!,%PP7#!,%PP7#!,%PS7#!,UPP7#%,[EMAIL PROTECTED],S7#!
M,# P([EMAIL PROTECTED] ](#4Q,@HQ,C,R.2!FW1A=#8T*#,L('MS=%]M;V1E
M/5-?249214=\,#U-2P@W1?VEZ93TQ,[EMAIL PROTECTED]@/2 PC$R,S(Y
M(]L9%]M;6%P*$Y53$PL([EMAIL PROTECTED],[EMAIL
PROTECTED](%!23U1?4D5!1'Q04D]47T5814,L($U!
M4%]04DE6051%+ S+ P*2 ](#!X-# P,V8P,# *,3(S,CD@;[EMAIL PROTECTED]
M#0P,#-F,# P+ X-C(X+!-04167U-%455%3E1)04Q\,'@Q*2 ](# *,3(S
M,CD@;VQD7VUM87 H,'@T,# T,3 P,[EMAIL PROTECTED] [EMAIL
PROTECTED])/5%]214%$?%!23U1?
M5U))5$4L($U!4%]04DE6051%?$U!4%]25A%1P@,RP@,'@R,# P*2 ](#!X
M-# P-#$P,# *,3(S,[EMAIL PROTECTED]V4H,RD@( @( @( @( @( @( @( @
M( @(#T@, HQ,C,R.2!O5N*(O;EB+W1LR]L:6)M+G-O+C8B+!/7U)$
M3TY,62D@/2 SC$R,S(Y(')E860H,RP@(EPQ-S=%3$9,5PQ7#%,%PP7#!
M,%PP7#!,%PP7#!,UPP7#-,%PQ7#!,%PP#5,%PP,# B+BXN+ U,3(I
M([EMAIL PROTECTED]C$R,S(Y(9S=%T-C0H,RP@W-T7VUO94]4U])1E)%1WPP-S4U
M+!S=%]S:7IE/3$W,#4V,[EMAIL PROTECTED]@/2 PC$R,S(Y(]L9%]M;6%P*$Y5
M3$PL(#$S-SQ,[EMAIL PROTECTED])/[EMAIL PROTECTED]
M(#,L(# I(#T@,'@T,# T,C P, HQ,C,R.2!M861V:7-E*#!X-# P-#(P,# L
M(#$S-SQ,[EMAIL PROTECTED],?#!X,2D@/2 PC$R,S(Y
Re: [AMaViS-user] amavisd debug-sa hangs on CentOS5
Matthias Weigel [EMAIL PROTECTED] schreef in bericht news:[EMAIL PROTECTED] Hello John, the interesting thing is normally at the end: where amavisd hangs. So just send the last 100 lines. Also have a look at the file. Maybe you see failing systemcalls or interesting error messages. Matthias The strace.txt is posted, but showed on other place in this tread. Some more things I tried without luck Removed spamassassin-3.1.9.rf and installed the 3.1.9.EL5 instead.- No luck Downgraded perl-BerkelyDB from 0.31 to 0.30, removed all db's in /var/amavis and tried again. - No luck I also tried a second system (CentOS5 /X64), and that system suffers from the same problem. So I can't imagine I'm the first one with this problem. on CentOS5. Does anyone has a clue? John schrieb: Matthias Weigel [EMAIL PROTECTED] schreef in bericht news:[EMAIL PROTECTED] Hello John, i think you just traced the su command, not amavisd. try adding -f option to strace or better do it step by step: first su - amavis then strace -f -o /tmp/amavisstrace /usr/sbin/amavisd debug-sa This created a 5 mb large strace logfile, with even compressed got rejected in the mailinglist What a else can I do? make sure, the su command does not prompt you for anything! Matthias - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/ - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] amavisd debug-sa hangs on CentOS5
David Filion [EMAIL PROTECTED] schreef in bericht news:[EMAIL PROTECTED] John wrote: Matthias Weigel [EMAIL PROTECTED] schreef in bericht news:[EMAIL PROTECTED] Hello John, the interesting thing is normally at the end: where amavisd hangs. So just send the last 100 lines. Also have a look at the file. Maybe you see failing systemcalls or interesting error messages. Matthias The strace.txt is posted, but showed on other place in this tread. Some more things I tried without luck Removed spamassassin-3.1.9.rf and installed the 3.1.9.EL5 instead.- No luck Downgraded perl-BerkelyDB from 0.31 to 0.30, removed all db's in /var/amavis and tried again. - No luck I also tried a second system (CentOS5 /X64), and that system suffers from the same problem. So I can't imagine I'm the first one with this problem. on CentOS5. Does anyone has a clue? John schrieb: Matthias Weigel [EMAIL PROTECTED] schreef in bericht news:[EMAIL PROTECTED] Hello John, i think you just traced the su command, not amavisd. try adding -f option to strace or better do it step by step: first su - amavis then strace -f -o /tmp/amavisstrace /usr/sbin/amavisd debug-sa This created a 5 mb large strace logfile, with even compressed got rejected in the mailinglist What a else can I do? make sure, the su command does not prompt you for anything! Matthias Sorry if you tried this and I missed it, but have you tried installing the BerkelyDB module from source instead of using a precompiled version? Same with amavisd, grab the latest version from the homepage and install it on top of the RPM versions. At least this way you'll know you have clean versions that have not been patched by a third party. /david f. David, I build my own amavisd-new.rpm 's for a long time now using 2.5.2 and installed the rpmforge perl-berkelyDB0.31. and build perl-BerkelyDB-0.30 myself based on rpmforge specfile I using now . perl-Net-Server-0.97-1.el5.rf, I''m going to build a 0.94.rpm for it, that known to work on my Old Suse install I received a report that amavisd debug-sa hangs at same point wiith up te date Debian Etch installs, but the guy also told hat besides that amavisd-new fuctions normally. Can Mark comment on this? John - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/ - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] amavisd debug-sa hangs on CentOS5
Hello list, I'm currently in the process replacing my Obsoleted SuSE91 Postfix / Amavisd-new / Spamassassin installation with a new one. But I ran into problems I cannot resolve. I'm running (my self compiled, on rpmforge based specfile, but with added missing files), Amavisd-new 2.5.2 version with Spamassassin-3.2.3 (also tested with 3.1.9) self compiled, also based on rpmforge specfile on a CentOS 5 32 bit installation. But su - c /usr/sbin/amavisd debug-sa amavisd hangs at: [16907] dbg: check: is spam? score=1.866 required=5 [16907] dbg: check: tests=MISSING_SUBJECT,NO_RECEIVED,NO_RELAYS,TO_CC_NONE [16907] dbg: check: subtests=__HAS_MSGID,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__NONEMPTY_BODY,__SANE_MSGID,__UNUSABLE_MSGID su - c spamassassin -D --lint amavis runs without errors and or hangs. I tested this with Spamassassin 3.2.3 and 3.1.9. But both hang at the Spamassassin subtests. I disabled all custom cf files, disabled DCC / Razor2 / Pyzor, disabled dns tests in /etc/amavisd.conf and also removed all databases in /var/amavis to start over. All my efforts failed to solve the problem and provided no pointers were to look. Does anybody has an idea to solve this problem? Regards John - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] amavisd debug-sa hangs on CentOS5
Matthias Weigel [EMAIL PROTECTED] schreef in bericht news:[EMAIL PROTECTED] Hello John, just some wild guesses: Have you disabled selinux? If not, do so in /etc/sysconfig/selinux. Yes, selinux is disabled If this doesn't help, maybe running the blocking command under strace gives you some hints. strace is new for me. I will do the RTFM of it, before asking how it works Best Regards Matthias John schrieb: Hello list, I'm currently in the process replacing my Obsoleted SuSE91 Postfix / Amavisd-new / Spamassassin installation with a new one. But I ran into problems I cannot resolve. I'm running (my self compiled, on rpmforge based specfile, but with added missing files), Amavisd-new 2.5.2 version with Spamassassin-3.2.3 (also tested with 3.1.9) self compiled, also based on rpmforge specfile on a CentOS 5 32 bit installation. But su - c /usr/sbin/amavisd debug-sa amavisd hangs at: [16907] dbg: check: is spam? score=1.866 required=5 [16907] dbg: check: tests=MISSING_SUBJECT,NO_RECEIVED,NO_RELAYS,TO_CC_NONE [16907] dbg: check: subtests=__HAS_MSGID,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__NONEMPTY_BODY,__SANE_MSGID,__UNUSABLE_MSGID su - c spamassassin -D --lint amavis runs without errors and or hangs. I tested this with Spamassassin 3.2.3 and 3.1.9. But both hang at the Spamassassin subtests. I disabled all custom cf files, disabled DCC / Razor2 / Pyzor, disabled dns tests in /etc/amavisd.conf and also removed all databases in /var/amavis to start over. All my efforts failed to solve the problem and provided no pointers were to look. Does anybody has an idea to solve this problem? Regards John - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/ - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/ - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] amavisd debug-sa hangs on CentOS5
Matthias Weigel [EMAIL PROTECTED] schreef in bericht news:[EMAIL PROTECTED] Hello John, also remove the following line form /etc/sudoers: Defaultsrequiretty sa-compile seems to use sudo. This does not work in scripts, when the requiretty entry is in /etc/sudoers. But this entry is default in Centos5 and RHEL5. I disabled the Defaultsrequiretty, but no success. :-( regards, John Best Regards Matthias John schrieb: Hello list, I'm currently in the process replacing my Obsoleted SuSE91 Postfix / Amavisd-new / Spamassassin installation with a new one. But I ran into problems I cannot resolve. I'm running (my self compiled, on rpmforge based specfile, but with added missing files), Amavisd-new 2.5.2 version with Spamassassin-3.2.3 (also tested with 3.1.9) self compiled, also based on rpmforge specfile on a CentOS 5 32 bit installation. But su - c /usr/sbin/amavisd debug-sa amavisd hangs at: [16907] dbg: check: is spam? score=1.866 required=5 [16907] dbg: check: tests=MISSING_SUBJECT,NO_RECEIVED,NO_RELAYS,TO_CC_NONE [16907] dbg: check: subtests=__HAS_MSGID,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__NONEMPTY_BODY,__SANE_MSGID,__UNUSABLE_MSGID su - c spamassassin -D --lint amavis runs without errors and or hangs. I tested this with Spamassassin 3.2.3 and 3.1.9. But both hang at the Spamassassin subtests. I disabled all custom cf files, disabled DCC / Razor2 / Pyzor, disabled dns tests in /etc/amavisd.conf and also removed all databases in /var/amavis to start over. All my efforts failed to solve the problem and provided no pointers were to look. Does anybody has an idea to solve this problem? Regards John - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/ - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/ - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] amavisd debug-sa hangs on CentOS5
Hello,
Matthias Weigel [EMAIL PROTECTED] schreef in bericht
news:[EMAIL PROTECTED]
Hello John,
just some wild guesses:
Have you disabled selinux? If not, do so in /etc/sysconfig/selinux.
If this doesn't help, maybe running the blocking command under strace
gives you some hints.
strace -o /tmp/amavisd su - c /usr/sbin/amavisd debug-sa
writes a file with all system call's called by the monitored amavisd
debug-sa command, but I don't have a clue how to read it. A simple RTFM
won't do I'm affraid...
I attache the strace file in the hope anyone can read it.
regards,
John
Best Regards
Matthias
John schrieb:
Hello list,
I'm currently in the process replacing my Obsoleted SuSE91 Postfix /
Amavisd-new / Spamassassin installation with a new one. But I ran into
problems I cannot resolve.
I'm running (my self compiled, on rpmforge based specfile, but with added
missing files), Amavisd-new 2.5.2 version with Spamassassin-3.2.3 (also
tested with 3.1.9) self compiled, also based on rpmforge specfile on a
CentOS 5 32 bit installation.
But su - c /usr/sbin/amavisd debug-sa amavisd hangs at:
[16907] dbg: check: is spam? score=1.866 required=5
[16907] dbg: check:
tests=MISSING_SUBJECT,NO_RECEIVED,NO_RELAYS,TO_CC_NONE
[16907] dbg: check:
subtests=__HAS_MSGID,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__NONEMPTY_BODY,__SANE_MSGID,__UNUSABLE_MSGID
su - c spamassassin -D --lint amavis runs without errors and or hangs.
I tested this with Spamassassin 3.2.3 and 3.1.9. But both hang at the
Spamassassin subtests.
I disabled all custom cf files, disabled DCC / Razor2 / Pyzor, disabled
dns
tests in /etc/amavisd.conf and also removed all databases in /var/amavis
to
start over.
All my efforts failed to solve the problem and provided no pointers were
to
look.
Does anybody has an idea to solve this problem?
Regards
John
-
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
-
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
begin 666 strace-amavisd.txt
M97AE8W9E*(O8FEN+W-U([EMAIL PROTECTED])S=2(L((M8R(L((O=7-R+W-B:6XO86UA
M=FES9!D96)U9RUS82(L()A;6%V:7,[EMAIL PROTECTED](#(Q('9AG,@*B]=*2 ]
M(# *8G)K*# I( @( @( @( @( @( @( @( @( @( @( @(#T@
M,'@Y93 V,# PFUM87 R*$Y53$PL(#0P.38L(%!23U1?4D5!1'Q04D]47U=2
M251%+!-05!?4%))5D%417Q-05!?04Y/3EE-3U53+ M,2P@,D@/2 P(W
M9F9A,# PF%C8V5S[EMAIL PROTECTED]YS;RYPF5L;V%D([EMAIL PROTECTED]/2RD@( @
M( ](TQ($5.3T5.5 H3F\@W5C:!F:6QE(]R(1IF5C=]R2D*;W!E
M;[EMAIL PROTECTED]YS;RYC86-H92(L($]?4D1/3DQ9*2 @( @(#T@,PIFW1A
M=#8T*#,L('MS=%]M;V1E/5-?249214=\,#8T-P@W1?VEZ93TU-#0P-RP@
M+BXN?2D@/2 PFUM87 R*$Y53$PL(#4T-# W+!04D]47U)%040L($U!4%]0
M4DE6051%+ S+ P*2 ](#!X8C=F96,P,# *8VQOV4H,RD@( @( @( @
M( @( @( @( @( @( @( @(#T@, IO5N*(O;EB+VQI8G!A;2YS
M;RXP([EMAIL PROTECTED]( @( @/2 SG)E860H,RP@(EPQ-S=%3$9,5PQ
M7#%,%PP7#!,%PP7#!,%PP7#!,UPP7#-,%PQ7#!,%PP7#,T,%PS,3$B
M+BXN+ U,3(I([EMAIL PROTECTED]F9S=%T-C0H,RP@W-T7VUO94]4U])1E)%1WPP
M-S4U+!S=%]S:7IE/30S-3DR+ N+BY]*2 ](# *;6UA#(H3E5,3[EMAIL PROTECTED]
M,C0L(%!23U1?4D5!1'Q04D]47T5814,L($U!4%]04DE6051%?$U!4%]$14Y9
M5U))5$4L(#,L(# I(#T@,'@Y8F0P,# *;6UA#(H,'@Y8SP,# L(#0P.38L
M(%!23U1?4D5!1'Q04D]47U=2251%+!-05!?4%))5D%417Q-05!?1DE8141\
M34%07T1%3EE74DE412P@,RP@,'@Y*2 ](#!X.6,W,# PF-L;W-E*#,I( @
M( @( @( @( @( @( @( @( @( @( ](# *;W!E;[EMAIL PROTECTED]
M:6)P86U?;6ES8RYS;RXP([EMAIL PROTECTED](#T@,PIR96%D*#,L(),3W
M14Q7#%,5PQ7#!,%PP7#!,%PP7#!,%PP7#-,%PS7#!,5PP7#!,%PS
M,#!Z7#(Q,R(N+BXL(#4Q,BD@/2 U,3(*9G-T870V-@S+![W1?;6]D93U3
M7TE4D5'?# W-34L('-T7W-IF4],3 Q-38L(XN+GTI(#T@, IM;6%P,BA.
M54Q,+ Q,3,U,[EMAIL PROTECTED])/[EMAIL PROTECTED]
M34%07T1%3EE74DE412P@,RP@,D@/2 P#EC9# P, IM;6%P,[EMAIL PROTECTED]#EC9C P
M,[EMAIL PROTECTED] [EMAIL
PROTECTED])/5%]214%$?%!23U1?5U))5$4L($U!4%]04DE6051%?$U!
M4%]25A%1'Q-05!?1$5.65=2251%+ S+ P#$I(#T@,'@Y8V8P,# *8VQO
MV4H,RD@( @( @( @( @( @( @( @( @( @( @(#T@, IO5N
M*(O;EB+VQI8F-R7!T+G-O+C$B+!/7U)$3TY,62D@( @/2 SG)E860H
M,RP@(EPQ-S=%3$9,5PQ7#%,%PP7#!,%PP7#!,%PP7#!,UPP7#-,%PQ
M7#!,%PP7#(P,#9,S U([EMAIL PROTECTED] ](#4Q,@IFW1A=#8T*#,L('MS
M=%]M;V1E/5-?249214=\,#U-2P@W1?[EMAIL PROTECTED][EMAIL PROTECTED]@/2 P
MFUM87 R*$Y53$PL([EMAIL
Re: [AMaViS-user] amavisd debug-sa hangs on CentOS5
Matthias Weigel [EMAIL PROTECTED] schreef in bericht news:[EMAIL PROTECTED] Hello John, i think you just traced the su command, not amavisd. try adding -f option to strace or better do it step by step: first su - amavis then strace -f -o /tmp/amavisstrace /usr/sbin/amavisd debug-sa This created a 5 mb large strace logfile, with even compressed got rejected in the mailinglist What a else can I do? make sure, the su command does not prompt you for anything! Matthias John schrieb: Hello, Matthias Weigel [EMAIL PROTECTED] schreef in bericht news:[EMAIL PROTECTED] Hello John, just some wild guesses: Have you disabled selinux? If not, do so in /etc/sysconfig/selinux. If this doesn't help, maybe running the blocking command under strace gives you some hints. strace -o /tmp/amavisd su - c /usr/sbin/amavisd debug-sa writes a file with all system call's called by the monitored amavisd debug-sa command, but I don't have a clue how to read it. A simple RTFM won't do I'm affraid... I attache the strace file in the hope anyone can read it. regards, John Best Regards - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/ - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] Modified scoring of ClamAV spam hits
I'm still getting a few ZIPs, PDF, etc. getting though. I just noticed this scoring in one of the headers. Note the score for the sanesecurity=0.1: Res, score=5.819 tagged_above=2 required=4 tests=[AV:Email.Stk.Gen592.Sanesecurity.07071801.pdf=0.1,BAYES_99=3.5, DKIM_POLICY_SIGNSOME=0, TVD_SPACE_RATIO=2.219] I am using amavisd-new with clamav 91.1. Where can I adjust this scoring? john beaver - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now http://get.splunk.com/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Modified scoring of ClamAV spam hits
Mark Martinec wrote:
John,
I'm still getting a few ZIPs, PDF, etc. getting though. I just noticed
this scoring in one of the headers. Note the score for the
sanesecurity=0.1:
Res, score=5.819 tagged_above=2 required=4
tests=[AV:Email.Stk.Gen592.Sanesecurity.07071801.pdf=0.1,BAYES_99=3.5,
DKIM_POLICY_SIGNSOME=0, TVD_SPACE_RATIO=2.219]
I am using amavisd-new with clamav 91.1. Where can I adjust this
scoring?
Bill Landry writes:
That depends on whether you are using a spamassassin .cf file for scoring
the header entries or if your scoring them in amavisd.conf. I would guess
amavisd.conf since you would probably know if you setup a .cf file for
scoring these.
In amavisd.conf, look for the section starting with:
@virus_name_to_spam_score_maps =
You can then adjust the individual SaneSecurity and/or MSRBL scores there.
Right. Or better yet, add rules to a SpamAssassin config file (e.g. local.cf),
as suggested in release notes. This is also a reason why scores assigned
by amavisd itself are near-zero.
Figures, I missed reading the release notes...
I am using amavisd-new to call SA, so is SA called AFTER clamav (using
SA local.cf)? Just making sure which method will work best.
john
amavisd-new-2.5.0 release notes
Here is one example of such SA rules (some long lines are wrapped,
these should be unwrapped before placing them into local.cf):
header L_AV_Phish X-Amavis-AV-Status =~
m{\b(Email|HTML)\.Phishing\.}i
header L_AV_SS_Phish X-Amavis-AV-Status =~
m{\b(Email|Html)\.Phishing(\.[^., ]*)*\.Sanesecurity\.}
header L_AV_SS_ScamX-Amavis-AV-Status =~
m{\b(Email|Html)\.(Scam[A-Za-z0-9]?)(\.[^., ]*)*\.Sanesecurity\.}
header L_AV_SS_SpamX-Amavis-AV-Status =~
m{\b(Email|Html)\.(Spam|Bou|Stk|Loan|Cred|Job|Dipl|Doc)
(\.[^., ]*)*\.Sanesecurity\.}
header L_AV_SS_Hdr X-Amavis-AV-Status =~
m{\b(Email|Html)\.Hdr(\.[^., ]*)*\.Sanesecurity\.}
header L_AV_SS_Img X-Amavis-AV-Status =~
m{\b(Email|Html)\.(Img|ImgO)(\.[^., ]*)*\.Sanesecurity\.}
header L_AV_MSRBL_Img X-Amavis-AV-Status =~ m{\bMSRBL-Images/}
header L_AV_MSRBL_Spam X-Amavis-AV-Status =~ m{\bMSRBL-SPAM\.}
score L_AV_Phish 14
score L_AV_SS_Phish -3
score L_AV_SS_Scam8
score L_AV_SS_Spam8
score L_AV_SS_Hdr 6
score L_AV_SS_Img 3.5
score L_AV_MSRBL_Img 3.5
score L_AV_MSRBL_Spam 6
Mark
-
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now http://get.splunk.com/
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
-
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now http://get.splunk.com/
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] amavisd-new and altermime
Hello list,
I'm trying to use Altermime to add a disclaimer to a mail. There are several
ways to do this:
1: Use a shell script calling Altermime with Postfix as described on
http://www.paw.za.org/docs/howtos/postfix-altermime/postfix-altermime-howto-2.html#ss2.3
2: Use Amavisd-new 2.5.0 and Altermime
When using the first method, Line breaks are present as = signs in several
Webmail providers (like Hotmail). This doesn't look nice
When using Amavisd-new to add a disclaimer with Altermime using example in
readme.txt:
Amavisd.comf snippet
-- start
$altermime = '/usr/local/bin/altermime';
@altermime_args_disclaimer =
qw(--verbose --disclaimer=/etc/altermime-disclaimer.txt);
$defang_maps_by_ccat{+CC_CATCHALL} = [ 'disclaimer' ];
@mynetworks = qw( ... );
$policy_bank{'MYNETS'} = { # mail originating from our networks
allow_disclaimers = 1,
}
$interface_policy{'10026'} = 'OUTGOING_FILTER';
$policy_bank{'OUTGOING_FILTER'} = { # mail originating from the Internal
network
bypass_spam_checks_maps = [1], # don't spam-check outgoing mail
bypass_banned_checks_maps = [0], # don't banned-check outgoing mail
smtpd_discard_ehlo_keywords = ['8BITMIME'],
allow_disclaimers = 1, # enables disclaimer insertion if available
virus_admin_maps = [[EMAIL PROTECTED]],
spam_admin_maps = [[EMAIL PROTECTED]],
warnbadhsender = 1,
forward_method = 'smtp:[127.0.0.1]:10025', # forward to 10027
};
-- end amavisd.conf snipped
Only text mail get mangled this way,
By replacing qw(--verbose --disclaimer=/etc/altermime-disclaimer.txt';
with
qw(--verbose --disclaimer-html=/etc/postfix/filter/disclaimer.html
--disclaimer=/etc/postfix/filter/disclaimer.txt);
both text mail and html mail get mangled, but
The in html mail added disclaimer is in text format and special formatting
is lost.
The problem is reproduced with several distributions and Altermime versions
SuSE 9.1 /9.2 and CentOS 5 Altermime V0.3.7 / V0.3.dev June 2007
Does anybody has an idea how add the disclaimer, with no line break problems
and with html formatting?
Please note:
I'm aware of controversy about added a disclaimer, but if Company management
wants this policy, IT has to implement it.
So I'm not trying to invoke a discussion or flame about to add or not to add
a disclaimer
Regards,
John
-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] Amavisd and clamd
Hello, Could you please tell me how to change the calling of clamd from /var/run/clamav/clamd.sock to 127.0.0.1:3310 in amavisd.conf. Many thanks. John Fox - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Amavisd and clamd
Thank you you help is gratefully appreciated.
John Fox
- Original Message -
From: Mark Martinec [EMAIL PROTECTED]
To: amavis-user@lists.sourceforge.net
Sent: Thursday, June 28, 2007 10:07 AM
Subject: Re: [AMaViS-user] Amavisd and clamd
John,
Could you please tell me how to change the calling of clamd from
/var/run/clamav/clamd.sock to 127.0.0.1:3310 in amavisd.conf.
['ClamAV-clamd',
\ask_daemon, [CONTSCAN {}\n, 127.0.0.1:3310],
qr/\bOK$/, qr/\bFOUND$/,
qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
Mark
-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
--
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.5.476 / Virus Database: 269.9.8/869 - Release Date: 25/06/2007
17:32
-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] SOLVED - Re: Message bodies seem to be re-encoded from ISO-8859-1 to UTF-8
Ralph Seichter wrote: Noel Jones wrote: Sounds as if libnet-1.20 is your problem. Please see: http://tinyurl.com/2su6nf Thanks a lot, Noel. I applied the Net::Cmd patch which Mark quoted from http://rt.cpan.org/Ticket/Display.html?id=24835#txn-289410, et voilà, message bodies are no longer unnecessarily UTF-8 encoded. My thanks also to Jim Knuth for pointing this out aswell. Man, this mailing list really rocks! :-) [Reawakening an old thread, because I just solved the problem myself...] It should be noted that libnet-1.21 is now out, which also fixes the problem. John. -- John Beranek To generalise is to be an idiot. http://redux.org.uk/ -- William Blake - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] Is it possible to delete spam using the amavisd-new.schema
on a user level? I don't see any attribute in the schema that would allow the deletion of spam. I see final_destination_spam in the config file that I can use, but I would like to override it in a user level so that one user can delete spam, the other user can mark and send spam. Thank you. amavisBypassSpamChecks amavisBadHeaderAdmin amavisBadHeaderLover amavisBadHeaderQuarantineTo amavisBannedAdmin amavisBannedFilesLover amavisBannedQuarantineTo amavisBannedRuleNames amavisBlacklistSender amavisBypassBannedChecks amavisBypassHeaderChecks amavisBypassVirusChecks amavisLocal amavisMessageSizeLimit amavisNewVirusAdmin amavisSpamAdmin amavisSpamDsnCutoffLevel amavisSpamKillLevel amavisSpamLover amavisSpamModifiesSubj amavisSpamQuarantineTo amavisSpamSubjectTag amavisSpamSubjectTag2 amavisSpamTag2Level amavisSpamTagLevel amavisVirusAdmin amavisVirusLover amavisVirusQuarantineTo amavisWarnBadHeaderRecip amavisWarnBannedRecip amavisWarnVirusRecip amavisWhitelistSender __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] amavisWhitelistSender and amavisBlacklistSender help
Hi. These two attributes are used in the amavisd ldap schema. Are they for spam or ban? We would like to create a basic mailing list that bans all mail not coming from any member of the mailing. We thought we can add the members to the whitelist and block everything else with the blacklist. Can this be done with these two attributes? And if so, what is the blacklist value? Is it just @? Thank you. __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] Amavis 421 4.3.2 Service shutting down and LDAP
When we enable LDAP in the amavisd conf file, we get
this error message. But if we don't enable ldap,
everything works fine.
(host 127.0.0.1[127.0.0.1] said: 421 4.3.2 Service
shutting down, closing channel (in reply to RCPT TO
command))
LDAP amavis settings.
$enable_ldap = 1;
$default_ldap = {
hostname = '127.0.0.1',
timout = 5,
tls = 0,
bind_dn = 'cn=Manager,dc=doecoem,dc=com',
query_filter = '(([EMAIL PROTECTED])(accountStatus=Yes))'
};
Do you Yahoo!?
Everyone is raving about the all-new Yahoo! Mail beta.
http://new.mail.yahoo.com
-
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Amavis 421 4.3.2 Service shutting down and LDAP
Oh. We are using .94 version of Net::Server if that helps or hurts? Cheap talk? Check out Yahoo! Messenger's low PC-to-Phone call rates. http://voice.yahoo.com - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Amavis 421 4.3.2 Service shutting down and LDAP
After running debug, I found it. Just some change in LDAP from the development to the test system that was changed by one of the other engineers. Thanks. Do you Yahoo!? Everyone is raving about the all-new Yahoo! Mail beta. http://new.mail.yahoo.com - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] Amavis / SA-Learn / Debian
Hi, I am using amavis with spamassassin 3.0.3-2 for a Postfix/Cyrus IMAP system on Debian sarge. I have inherited this system from another administrator. I would like to ensure that Bayes filtering is working. When I go to /var/lib/amavis/.spamassassin/ the bayes_seen database is being regularly updated, but the bayes_toks database is not. Do I need to turn a setting on, or is this how this setup should be functioning? I would also like to use sa-learn to teach the bayes filter about spam and ham in certain mail folders. If I run sa-learn as root I of course update the bayes_toks and bayes_seen database in /root/.spamassassin, but I assume that Amavis/SA can not access it there. I have made symbolic links to the bayes databases in /var/lib/amavis/.spamassassin although sa-learn seems to work, It doesn't appear to have updated bayes_toks or bayes_seen. What is the best way to use/configure sa-learn with my setup? I hope I've given enough details, any help will be gratefully received. Kind regards, John - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] Amavisd-new Spamassassin sa-updata interaction
Hello list, I'm confused on how Amavisd-new and Spamassassin sa-update interact. There are several previous posts that didn't clear things by me. Versions: SA 3.1.7 Amavisd-new 2.3.3 Should I include the updated rules in /etc/spamassasin/local.cf as mentioned in the SA website? include /var/lib/spamassassin/3.001007/updates.spamassassin.org.pre include /var/lib/spamassassin/3.001007/updates.spamassassin.org.cf Is this enough? I also read on previous posts that there should be a LOCAL_STATE_DIR = /var/lib specified in amavisd.conf but that's only necessary in SA 3.1.4. I also read on previous posts that amavisd could be patched. And what about amavisd-new-2.4.3? (I'm still running Amavisd-new2.3.3 but I'm building a specfile to build amavisd-new2.4.3 on SuSE 9.1 / 9.2 / 9.3. But it's not finished yet.) So I will upgrade in the near future. Can anybody clarify how to let Amavisd-new / SA use the with sa-update retrieved new rules with the different versions of Amavisd-new / SA? Thanx in advance. John - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Amavisd-new Spamassassin sa-updata interaction
Peter Huetmannsberger [EMAIL PROTECTED] schreef in bericht news:[EMAIL PROTECTED] On Mon, 23 Oct 2006, John wrote: Hello list, I'm confused on how Amavisd-new and Spamassassin sa-update interact. There are several previous posts that didn't clear things by me. Versions: SA 3.1.7 Amavisd-new 2.3.3 Should I include the updated rules in /etc/spamassasin/local.cf as mentioned in the SA website? include /var/lib/spamassassin/3.001007/updates.spamassassin.org.pre include /var/lib/spamassassin/3.001007/updates.spamassassin.org.cf I am not sure, taht what I do is correct, but then who cares if it works. I run a daily cronjob as user amavis with the following command line: /usr/bin/sa-update --updatedir /usr/share/spamassassin/ --gpghomedir \ /var/amavis/ The SA website advises not to do it the way you describe. I hope for a better solution. But thanx for your quick response You have to make sure that amvais can write in /usr/share/spamassassin, so every time you upgrade SA you have to change the permissions manually, but that is the least of the problems when upgrading SA. Hope this helps, .peter - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/ - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Amavisd-new Spamassassin sa-updata interaction
Mark Martinec [EMAIL PROTECTED] schreef in bericht news:[EMAIL PROTECTED] John, Mark, Thanx for the quick response I'm confused on how Amavisd-new and Spamassassin sa-update interact. There are several previous posts that didn't clear things by me. Versions: SA 3.1.7, Amavisd-new 2.3.3 These versions are fine, sa-update should work out of the box, no special options or actions are needed, just let it create its stuff under /var/lib or wherever it chooses. After amavisd reload new directories with rules would be seed by SA running aunder amavisd. [JOHN] So after sa-update I should also execute an /etc/init.d/amavisd restart and I'm fine? Should I include the updated rules in /etc/spamassasin/local.cf as mentioned in the SA website? include /var/lib/spamassassin/3.001007/updates.spamassassin.org.pre include /var/lib/spamassassin/3.001007/updates.spamassassin.org.cf No, SA should notice /var/lib/spamassassin by itself. I also read on previous posts that there should be a LOCAL_STATE_DIR = /var/lib specified in amavisd.conf but that's only necessary in SA 3.1.4. I also read on previous posts that amavisd could be patched. Right, but your versions need no patches. Either SA 3.1.5 or later suffices regardless of version of amavisd, or amavisd-new-2.4.3 suffices, regardless of version of SA. Mark - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/ - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] Perl::Net::Server requirements for Amavisd-new-2.4.3
Hello list, I'm preparing a specfile for amavisd-new 2.4.3 on SuSE and I not sure what the minimal requirement of Perl::Net::Server is for use with Amavisd-new-2.4.3. My current 2.3.3 setup is running happely with perl::Net::Server 0.88. Is this suffient for Amavisd-new 2.4.3 (Postfix / non milter setup)? Or do I need to upgrade to version 0.94? I also red that there are some Perl bug issues with older Perl versions. Does anybody has experience on Perl 5.8.1 (SuSE 9.0) Perl 5.8.3 (SuSE 9.1 / SLES 9) Perl 5.8.5 (SuSE 9.2) Thanx in advance John - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] Amavis - Spam Notification
Hello all, I am using Amavisd with Postfix. I am hosting a system that is responsible for multiple domains. Right now, when a spam is caught, a notification will go out to the person who sent the message. The FROM address will not change to match the domain that the original email was sent to. Example: Content-filter at staticdomain.com [EMAIL PROTECTED] The staticdomain will be the value in the config file. I have played around with the $hdrfrom_notify_sender pram as well as the template-spam-sender.txt but I cannot seem to get what I want out of the system. Any ideas? Thanks, John - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] How do you keep a copy of all messages using amavisd-new?
That works. Thank you. It uses local though, which is set to the quarantine directory. Is there anyway to specify the full path to a different directory? _ On the road to retirement? Check out MSN Life Events for advice on how to get there! http://lifeevents.msn.com/category.aspx?cid=Retirement - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] How do you keep a copy of all messages using amavisd-new?
Greetings. We would like to keep a copy of all messages that are filtered for backup purposes. We tried postfix always_bcc, but it does not write to directories. It only writes to email addresses. All we want is to backup all the mail sent/received to a directory. Thanks for any help. _ Express yourself instantly with MSN Messenger! Download today - it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] How do you keep a copy of all messages using amavisd-new?
$which_section = aux_quarantine doesn't appear in the amavisd.conf file. Does it require recompiling Amavisd with special options to get this option in the conf file? _ Express yourself instantly with MSN Messenger! Download today - it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] Is there an example that shows amavisd-new + openldap?
I have not been able to find any help on how to connect amavisd-new + openldap? Where is that in the documentation? Such as (for postfix) server_host = query_filter = result_attribute = result_format = scope = version = But what is amavisd-new's format? And what variable %, @, ? do you use to hold the results of a search? _ Dont just search. Find. Check out the new MSN Search! http://search.msn.click-url.com/go/onm00200636ave/direct/01/ - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Is there an example that shows amavisd-new + openldap?
Sorry. I found it in the downloads. I emerged from gentoo and it's not there in the emerged packages. But if you manually download the zip, the documentation is there. _ Dont just search. Find. Check out the new MSN Search! http://search.msn.click-url.com/go/onm00200636ave/direct/01/ - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Multi-instance postfix - return to correct instance
Mark Martinec wrote: I have just setup a multi-instance postfix setup. Submission only (outgoing) Incoming mail I want all email to be run through amavis and returned to the postfix instance that sent it there. I added a second port to amavisd.conf $inet_socket_port = [10024,10026]; This works fine, I verified it's listening on both ports. What do I need to do to get the return path set correctly for each instance? The ports specified in master.cf is 10025 and 10027 in each respective master.cf. amavisd.conf-sample: # To make it possible for several hosts to share one content checking daemon, # the IP address and/or the port number in $forward_method and $notify_method # may be spacified as an asterisk. An asterisk in the colon-separated # second field (host) will be replaced by the SMTP client peer address, # An asterisk in the third field (tcp port) will be replaced by the incoming # SMTP/LMTP session port number plus one. This obsoletes the previously used # less flexible configuration parameter $relayhost_is_client. An example: # $forward_method = 'smtp:*:*'; $notify_method = 'smtp:*:10587'; So you probably want: $forward_method = 'smtp:*:*'; $notify_method = $forward_method; This worked for me. I just had to experiment until I found this section. Thanks john --- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnkkid=110944bid=241720dat=121642 ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] Multi-instance postfix - return to correct instance
I have just setup a multi-instance postfix setup. Submission only (outgoing) Incoming mail I want all email to be run through amavis and returned to the postfix instance that sent it there. I added a second port to amavisd.conf $inet_socket_port = [10024,10026]; This works fine, I verified it's listening on both ports. What do I need to do to get the return path set correctly for each instance? The ports specified in master.cf is 10025 and 10027 in each respective master.cf. john --- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnkkid=110944bid=241720dat=121642 ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
RE: [AMaViS-user] Amavisd - BlackList acts like Spam rejection
Mark,
Thank you for your reply!
I am using postfix for an MTA. I have a template that is sent whenever a
spam message has been detected via the statement below. Do you think it may
be possible even to edit the code so that when a person who has been black
listed does not see that message?
$notify_spam_sender_templ =
read_text('/home/amavis/template-spam-sender.txt');
-Original Message-
Subject: Re: [AMaViS-user] Amavisd - BlackList acts like Spam rejection
John,
Depending on a setup and choice of MTA. With Postfix and a post-queue filter
setup (which is the most common and recommended setup for
Postfix+amavisd-new)
this is not possible: even if you let amavisd do D_REJECT, your MTA will
still need to do a bounce, which is worse that letting amavisd use D_BOUNCE.
Mark
---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems? Stop! Download the new AJAX search engine that makes
searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnkkid=103432bid=230486dat=121642
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
RE: [AMaViS-user] Amavisd - BlackListing - Multiple Recpts still allowing blocked emails.
Hi Mark,
Thank you for the reply.
I'll work on obtaining a log sample for you later on tonight.
Here are the settings that I have at the moment:
$final_virus_destiny = D_DISCARD; # (defaults to D_BOUNCE)
$final_banned_destiny = D_DISCARD; # (defaults to D_BOUNCE)
$final_spam_destiny = D_BOUNCE; # (defaults to D_REJECT)
$final_bad_header_destiny = D_PASS; # (defaults to D_PASS),
$sql_select_white_black_list = 'SELECT wb FROM wblist'.
' WHERE (rid=?) AND (wblist.email IN (%k))'.
' ORDER BY wblist.priority DESC';
I have been with the Amavisd program for a while so it is entirely possible
that I may be forgetting a setting in the config file.
Below is what I have for the maps. They are just junk. I bet that this may
be my issue? I use the W/B list from mysql so I would think that these
would be ignored?
$blacklist_sender_re = new_RE(
qr'^(bulkmail|offers|cheapbenefits|earnmoney|foryou|greatcasino)@'i,
qr'^(investments|lose_weight_today|market.alert|money2you|MyGreenCard)@'i,
qr'^(new\.tld\.registry|opt-out|opt-in|optin|saveonlsmoking2002k)@'i,
qr'^(specialoffer|specialoffers|stockalert|stopsnoring|wantsome)@'i,
qr'^(workathome|yesitsfree|your_friend|greatoffers)@'i,
qr'^(inkjetplanet|marketopt|MakeMoney)\d*@'i,
);
map { $whitelist_sender{lc($_)}=1 } (qw(
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
bugtraq@securityfocus.com
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
returns.groups.yahoo.com
));
-Original Message-
That shouldn't be happening.
Are you using global or per-recipient sender blacklisting?
Show the relevant (blacklisting) part of your config
and a level 5 log, preferably with 2.3.3, which has
somewhat more informative log messages in the lookups area.
Mark
---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems? Stop! Download the new AJAX search engine that makes
searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnkkid=103432bid=230486dat=121642
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] Amavisd - BlackListing - Multiple Recpts still allowing blocked emails.
Hello, Any help would be great. I have been using the Amavisd software for quite some time and have always had this issue as far as I can remember... Say I have decided to blacklist an email such as [EMAIL PROTECTED] for email [EMAIL PROTECTED] If the nobody sends testone a message, it is rejected, and rightfully so. However, if nobody sends [EMAIL PROTECTED] AND [EMAIL PROTECTED], both messages make it through. How can I fix this so that [EMAIL PROTECTED] does have the message rejected? I did find this in the documentation. Does this apply to what I am seeing here? I am currently using version: $myversion_id = '2.3.2'; $myversion_date = '20050629'; Thank you, John --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnkkid=103432bid=230486dat=121642 ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] Amavisd - BlackList acts like Spam rejection
Hello all, I currently have my SPAM rejects to Bounce. The BlackList option, when an email is blacklisted, also uses the Bounce method. I would like to change this method to Reject if at all possible.Any ideas on how to do this? Thank you, John $myversion_id = '2.3.2'; $myversion_date = '20050629'; --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnkkid=103432bid=230486dat=121642 ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] logging spam, but not adding headers below sa_kill_level_deflt
Mark Martinec wrote: John, I'm not sure I understand your setup - are these mailers processing mail one after another? There is only one 'Received' header field in your sample. amavisd-new removes all previous X-Spam-* headers from a message if it is doing spam checking by itself. This is to protect recipients from acting on such header fields inserted by untrustworthy foreign mailers. If you have two amavisd-s in a chain, the second one will remove X-Spam-* headers fields inserted by previous ones. Gary, The $sa_tag_level_deflt only affects the X-Spam type headers. You can safely include these headers in every mail, spam or not by setting: $sa_tag_level_deflt = undef; which for this particular setting means 'lower than any possible score'. This is only true for amavisd-new-2.0 or later; from 2.0 release notes: - if tag level turns out to be undef, it will not be shown in X-Spam-* header fields, and will be interpreted as having a value lower than any spam score when deciding whether to insert X-Spam-* header fields or not; with 20030616 or older undefined tag_level is treated as 0. Mark The sample was not a full message; it's an excerpt that shows only one header and was marked as (snipped) in the paragraph above. I mentioned the following about the setup in my initial post. I have two mail filtering servers ahead of my mailbox server, running postfix-2.1.5-9, amavisd-new-20030616p10-5 and apamassassin-3.0.3 on stock Debian Sarge. Mail comes into the network through one of the two MX hosts, is filtered for spam and viruses, and is delivered to the mailbox server. The mailbox server runs amavis, but only as a virus scanner. There are X-Virus-Scanned: by amavis at headers for both the filter and the mailbox server on delivered messages. The filtering servers began to differ in their behavior at some time in the last few weeks that completely slipped under my radar. Mail from filtering server #2 still has X-Spam-Level: 1.2 style headers added for scores between my tag_level and my kill_level. Mail from filtering server #1 now completely lacks X-Spam-* headers. I've run sdiff against their config files. I've turned on debug logging to a separate log file. I can't find the problem. I'm open to this being an issue with amavisd-new, spamassassin, or possibly postfix. I just can't find it. -- John Beamon Systems Administrator Franklin American Mortgage Co. em: [EMAIL PROTECTED] --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] logging spam, but not adding headers below sa_kill_level_deflt
Gary V wrote: John wrote: This is an example of the symptom. Starting amavis on filtering server1 with the following log definitions: $DO_SYSLOG = 0; $LOGFILE = /var/log/amavis.log; $log_level = 4 I get this in the log for a given message. Dec 16 15:43:22 server1.franklinamerican.com amavisd-new[13045]: (13045-06) SPAM-TAG, [EMAIL PROTECTED] - [EMAIL PROTECTED], Yes, hits=5.3 tagged_above=1.0 required=3.5 tests=AWL, BAYES_99, HTML_90_100, HTML_IMAGE_RATIO_02, HTML_MESSAGE, HTML_MIME_NO_HTML_TAG, MIME_HTML_ONLY I find this in the headers of the delivered message on the mailbox server. (snipped) Return-Path: [EMAIL PROTECTED] Received: from server1.franklinamerican.com ([127.0.0.1]) by localhost (server1.franklinamerican.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 13045-06 for [EMAIL PROTECTED]; Fri, 16 Dec 2005 15:43:21 -0600 (CST) Date: Fri, 16 Dec 2005 15:43:16 -0600 (CST) From: More Coupons [EMAIL PROTECTED] Reply-To: E-Family Values [EMAIL PROTECTED] To: Fake User [EMAIL PROTECTED] Subject: Jamie, Here's more free coupons for your baby Mime-Version: 1.0 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable X-MRX: miinquufqwlxlwlvulvkuvll sswnilkiilkvwnnxik lllquiqusk X-Virus-Scanned: by amavis at mx1.franklinamerican.com X-Virus-Scanned: by amavis at imap.franklinamerican.com Are you certain the quarantined messages that do have X-Spam headers are addressed to franklinamerican.com? Are you certain franklinamerican.com is listed in your @local_domains_maps? Is there any reason you could not lower $sa_tag_level_deflt? I admit it should not necessary to do that, but try it and see what happens. Gary V Gary, our mail server does recipient checks during SMTP. We don't even accept mail not addressed to us, let alone put headers on it and deliver it to our users. I could lower the default tag level, but I'm already configured to add SA headers above 1.0. Even the basic X-Spam-Score: 1.2 headers aren't being added. -- John Beamon Systems Administrator Franklin American Mortgage Co. em: [EMAIL PROTECTED] --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] logging spam, but not adding headers below sa_kill_level_deflt
Gary V wrote: Gary wrote: Dec 16 15:43:22 server1.franklinamerican.com amavisd-new[13045]: (13045-06) SPAM-TAG, [EMAIL PROTECTED] - [EMAIL PROTECTED], Yes, hits=5.3 tagged_above=1.0 required=3.5 tests=AWL, BAYES_99, HTML_90_100, HTML_IMAGE_RATIO_02, HTML_MESSAGE, HTML_MIME_NO_HTML_TAG, MIME_HTML_ONLY I find this in the headers of the delivered message on the mailbox server. (snipped) Return-Path: [EMAIL PROTECTED] Received: from server1.franklinamerican.com ([127.0.0.1]) by localhost (server1.franklinamerican.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 13045-06 for [EMAIL PROTECTED]; Fri, 16 Dec 2005 15:43:21 -0600 (CST) Date: Fri, 16 Dec 2005 15:43:16 -0600 (CST) From: More Coupons [EMAIL PROTECTED] Reply-To: E-Family Values [EMAIL PROTECTED] To: Fake User [EMAIL PROTECTED] Subject: Jamie, Here's more free coupons for your baby Mime-Version: 1.0 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable X-MRX: miinquufqwlxlwlvulvkuvll sswnilkiilkvwnnxik lllquiqusk X-Virus-Scanned: by amavis at mx1.franklinamerican.com X-Virus-Scanned: by amavis at imap.franklinamerican.com Are you certain the quarantined messages that do have X-Spam headers are addressed to franklinamerican.com? Are you certain franklinamerican.com is listed in your @local_domains_maps? Is there any reason you could not lower $sa_tag_level_deflt? I admit it should not necessary to do that, but try it and see what happens. Gary V Gary, our mail server does recipient checks during SMTP. We don't even accept mail not addressed to us, let alone put headers on it and deliver it to our users. I could lower the default tag level, but I'm already configured to add SA headers above 1.0. Even the basic X-Spam-Score: 1.2 headers aren't being added. The $sa_tag_level_deflt only affects the X-Spam type headers. You can safely include these headers in every mail, spam or not by setting: $sa_tag_level_deflt = undef; which for this particular setting means 'lower than any possible score'. It is assumed you only accept mail addressed to you. I could not assume however that you receive mail for only one single domain. The point is every domain you accept mail for must be listed in @local_domains_maps if you want the X-Spam headers inserted for those domains. If you do any address rewriting, it is a good idea to include those domains also (e.g. 'localhost'). The score must also fall at or above $sa_tag_level_deflt. The only case I can think of where mail addressed to a particular domain would see the X-Spam headers in the spam that is quarantined, but not in spam that is passed to a recipient is when the score of the mail passed to the recipient falls below $sa_tag_level_deflt. I think the mx1 server is working, and am I correct in saying that is where the quarantine is kept? If so, then that would explain why items in the quarantine have the X-Spam headers inserted. If so, the problem is the second server is not configured correctly. It removes the headers from the previous server, but does not insert its own, possibly because the recipient domain is not in @local_domains_maps. Do you rewrite the address between the servers? Maybe to something like [EMAIL PROTECTED] If so, make sure 'imap.franklinamerican.com' (or '.franklinamerican.com') is listed in @local_domains_maps on the imap server. Gary V As mentioned in the original message, there is no address rewriting configured in the system. There's one thing you mentioned that caught my attention, @local_domains_maps. The server having the problem was set up to run mailman at a domain of lists.franklinamerican.com some six months ago. Amavis has '@local_domains_acl = ( .$mydomain );', $mydomain being 'franklinamerican.com'. Amavis scans mail directed to mailman at lists.franklinamerican.com and to users at franklinamerican.com. We do have messages regularly blocked from the listserv by Amavis' virus scanner, so it's checking mail for both domains. I will give the mailbox server a close look. There would have to be some obvious statement somewhere that says skip mail from THIS_SERVER, but I haven't seen one. -- John Beamon Systems Administrator Franklin American Mortgage Co. em: [EMAIL PROTECTED] --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] logging spam, but not adding headers below sa_kill_level_deflt
I have two mail filtering servers ahead of my mailbox server, running postfix-2.1.5-9, amavisd-new-20030616p10-5 and apamassassin-3.0.3 on stock Debian Sarge. I have noticed recently that server1 is identifying spammish mail in its logs, but it is not adding headers to mail below the quarantine score. I have a second, AFAIK identical, filtering server that is adding headers above 1.0 and flagging above 3.5 as expected. That server's messages still bear headers when they reach the mailbox server. This is an example of the symptom. Starting amavis on filtering server1 with the following log definitions: $DO_SYSLOG = 0; $LOGFILE = /var/log/amavis.log; $log_level = 4 I get this in the log for a given message. Dec 16 15:43:22 server1.franklinamerican.com amavisd-new[13045]: (13045-06) SPAM-TAG, [EMAIL PROTECTED] - [EMAIL PROTECTED], Yes, hits=5.3 tagged_above=1.0 required=3.5 tests=AWL, BAYES_99, HTML_90_100, HTML_IMAGE_RATIO_02, HTML_MESSAGE, HTML_MIME_NO_HTML_TAG, MIME_HTML_ONLY I find this in the headers of the delivered message on the mailbox server. (snipped) Return-Path: [EMAIL PROTECTED] Received: from server1.franklinamerican.com ([127.0.0.1]) by localhost (server1.franklinamerican.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 13045-06 for [EMAIL PROTECTED]; Fri, 16 Dec 2005 15:43:21 -0600 (CST) Date: Fri, 16 Dec 2005 15:43:16 -0600 (CST) From: More Coupons [EMAIL PROTECTED] Reply-To: E-Family Values [EMAIL PROTECTED] To: Fake User [EMAIL PROTECTED] Subject: Jamie, Here's more free coupons for your baby Mime-Version: 1.0 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable X-MRX: miinquufqwlxlwlvulvkuvll sswnilkiilkvwnnxik lllquiqusk X-Virus-Scanned: by amavis at mx1.franklinamerican.com X-Virus-Scanned: by amavis at imap.franklinamerican.com ... followed by the message body. There are no X-Spam-Level: headers, as there are from the other incoming server for any score above 1.0. For the record, messages quarantined for scoring above the kill level DO have X-Spam-Level: headers. I'm not sure whether to post the amavisd.conf from the filtering servers or the Postfix conf from the mailbox server. I have an 'sdiff -s' comparison of the two filtering servers' amavis.conf and spamassassin local.cf files. The mailbox server's Postfix config is a fairly common smtpd -o content_filter=smtp-amavis:[127.0.0.1]:10024 that returns via :10025. There is no header-rewriting configured into Postfix. I welcome any suggestions as to what would cause this and any specific requests for relevant info to help the cause. Thanks. -- John Beamon Systems Administrator Franklin American Mortgage Co. em: [EMAIL PROTECTED] --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] amavisd-release troubles
Mark Martinec wrote:
I'm using INET as the connection method.
I'm entering the file name exactly as in the log message.
I get the following in my log file.
Dec 13 20:32:10 mg-p1 amavis[48786]: (48786-01) SMTP: 500 5.5.2 Error:
bad syntax; PENALIZE: request=release\r\n
The protocol on a socket that accepts release requests must be
set to AM.PDP. On inet sockets it defaults to SMTP, which is why
you see protocol syntax errors.
The socket for SMTP (port 10024) and a socket for release requests
must be separate, as there is no way to auto-detect the protocol.
In amavisd.conf use something like:
$inet_socket_port = [10024, 9998];
$interface_policy{'9998'} = 'AM.PDP';
$policy_bank{'AM.PDP'} = {protocol='AM.PDP'};
and in file amavisd-release change socket to:
$socketname = '127.0.0.1:9998';
OK, now I understand. I saw the use of the separate port but didn't
understand why it was needed. Your explanation makes that clear. I
didn't want to open an extra port without understanding why.
Thanks for the help.
john
---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems? Stop! Download the new AJAX search engine that makes
searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] amavisd-release troubles
Replying to my own post. I still do not have the inet method working. It still gives the errors below. I got amavisd-release to work by switching to the unixsocket method. Still interested in the inet method. john john wrote: I'm running amavisd-new 2.3.3 on FreeBSD 5.4 I'm trying to release a quarantined file. I'm trying to use amavisd-release. I added this entry to not require a auth_id. $auth_required_release = 0; I'm using INET as the connection method. I'm entering the file name exactly as in the log message. Dec 13 11:25:23 mg-p1 amavis[45356]: (45356-07) Blocked SPAM, [24.248.74.254] [24.248.74.254] [EMAIL PROTECTED] - [EMAIL PROTECTED], quarantine: spam-1pID0wOJvRSl.gz, Message-ID: [EMAIL PROTECTED], mail_id: 1pID0wOJvRSl, Hits: 20.596, 11736 ms Commands I've used: amavisd-release spam-1pID0wOJvRSl.gz amavisd-release /var/virusmails/spam-1pID0wOJvRSl.gz amavisd-release - spam-1pID0wOJvRSl.gz I get the following in my log file. Dec 13 20:32:10 mg-p1 amavis[48786]: (48786-01) SMTP: 500 5.5.2 Error: bad syntax; PENALIZE: request=release\r\n Dec 13 20:32:15 mg-p1 amavis[48786]: (48786-01) SMTP: 500 5.5.2 Error: bad syntax; PENALIZE: quar_type=Z\r\n Dec 13 20:32:20 mg-p1 amavis[48786]: (48786-01) SMTP: 500 5.5.2 Error: bad syntax; PENALIZE: mail_id=1pID0wOJvRSl\r\n Dec 13 20:32:25 mg-p1 amavis[48786]: (48786-01) SMTP: 500 5.5.2 Error: bad syntax; PENALIZE: mail_file=spam-1pID0wOJvRSl.gz\r\n Dec 13 20:32:30 mg-p1 amavis[48786]: (48786-01) SMTP: 500 5.5.2 Error: bad syntax; PENALIZE: \r\n Any help with this? The release script is v1.1 John --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/ --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] newbie questions
I'm trying to configure a new amavis installation (amavis-new 2.3.1). I plan on using this with amavisd-milter. I have some questions: 1) in the included amavisd.conf that gets copied into /etc, I see a ton of virus definitions. Do I need to comment out or delete the ones I wont be using? How do I tell it that I want to use Clamav and SpamAssassin? And that I don't want it to use the old sophos sweep I still have laying around on my system? 2) I don't see any kind of information about how to define what headers I want added to the messages, and what I want those headers called, or what I want their format to look like. Does it just add the normal spam assassin headers? 3) where do I define various pieces of the spam assassin environment? (like the location of the rules files, etc.) Mine are in a non-standard place. 4) it would be nice to see something that even remotely resembled a man page, especially for amavis.conf 5) it would also be nice to see things like those virus definitions moved to a library type file, with the conf file being somewhat more human readable. Mailscanner's conf-file format seems pretty ideal to me. --- SF.Net email is Sponsored by the Better Software Conference EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile Plan-Driven Development * Managing Projects Teams * Testing QA Security * Process Improvement Measurement * http://www.sqe.com/bsce5sf ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] Calyx Point pcf files
There is a mortgage/realty software called Point, produced by Calyx, that has a .PCF file format for its data output. These are simple reports, not executables or macros or whatnot. amavisd-new-20030616p10-5 from Debian Sarge sees these .PCF files incorrectly as Windows executables. Is there a way to exempt certain files, extensions, etc from being banned? -- John Beamon Systems Administrator Franklin American Mortgage Co. em: [EMAIL PROTECTED] --- This SF.Net email is sponsored by: NEC IT Guy Games. How far can you shotput a projector? How fast can you ride your desk chair down the office luge track? If you want to score the big prize, get to know the little guy. Play to win an NEC 61 plasma display: http://www.necitguy.com/?r=20 ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
