exim virus scanning and spam scanning
whats the difference between amavis-ng and milter and amavisd-new? are some going away? which one do you use for what? or clamscan directly? how can virus scanning be added? clamscan and spam Spam assassin seem to be the norms from googling. the configuration files to integrate with exim are befuddling. the plan is too hook a virus scanner into exim4 from sarge. any thoughts are appreciated. A copy of someone's working exim4 config would be great! how does one integrate the following with exim? And which do you folks recommend for what reasons? SPAM Spamassassin bogofilter VIRUS amavis amavisd-new clamscans thanks! -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: exim virus scanning and spam scanning
On Sun, Dec 21, 2003 at 09:09:38AM -0600, hanasaki wrote: whats the difference between amavis-ng and milter and amavisd-new? are some going away? which one do you use for what? or clamscan directly? how can virus scanning be added? clamscan and spam Spam assassin seem to be the norms from googling. the configuration files to integrate with exim are befuddling. the plan is too hook a virus scanner into exim4 from sarge. any thoughts are appreciated. A copy of someone's working exim4 config would be great! how does one integrate the following with exim? And which do you folks recommend for what reasons? SPAM Spamassassin bogofilter VIRUS amavis amavisd-new clamscans Exiscan-ACL (included in exim4-daemon-heavy) + SpamAssassin + clamav See the exiscan-acl documentation and the exim list for configuration details. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: exim virus scanning and spam scanning
On Sun, 21 Dec 2003 at 10:09:38AM -0500, hanasaki wrote: whats the difference between amavis-ng and milter and amavisd-new? are some going away? which one do you use for what? or clamscan directly? how can virus scanning be added? clamscan and spam Spam assassin seem to be the norms from googling. the configuration files to integrate with exim are befuddling. ##Transport section #ADDED FOR MAVIS AV Scan# amavis: driver = pipe command = /usr/bin/amavis -f ${sender_address} -d ${pipe_addresses} prefix = suffix = check_string = escape_string = return_output = false return_path_add = false user = amavis group = amavis path = /bin:/sbin:/usr/bin:/usr/sbin current_directory = /var/spool/amavis-ng ##Directors Section #Put this first, ORDER MATTERS! ###ADDED FOR MAVIS AV SCANNER amavis_director: condition = ${if eq {$received_protocol}{scanned-ok} {0}{1}} driver = smartuser transport = amavis the plan is too hook a virus scanner into exim4 from sarge. any thoughts are appreciated. A copy of someone's working exim4 config would be great! how does one integrate the following with exim? And which do you folks recommend for what reasons? SPAM Spamassassin bogofilter Defiantly bogofilter. Bogofilter has the ability to learn and adjust to new spam. I would suggest you set up a set of bogofilter dbs for each user since what each user considers spam is different. Then you have your users use IMAP and create a few mailboxes for them: MisMarkedAsGood (runs bogofilter -Ns) MisMarkedAsBad (runs bogofilter -Sn) MarkGood (bogofilter -n) MarkBad (bogofilter -s) The last two mbox files are only used if you use tristate filtering (Good, Bad, Unsure). Then you run cron jobs like this in the user's crontab... 4 4 * * * stripdaemonmail.pl ~/Mail/MisMarkedAsBad | bogofilter -Sn ; stripdaemonmail.pl ~/Mail/MisMarkedAsBad /var/mail/username ; rm ~/Mail/MisMarkedAsBad ; touch ~/Mail/MisMarkedAsBad 5 4 * * * stripdaemonmail.pl ~/Mail/MisMarkedAsGood | bogofilter -Ns ; rm ~/Mail/MisMarkedAsGood ; touch ~/Mail/MisMarkedAsGood 6 4 * * * stripdaemonmail.pl ~/Mail/MarkBad | bogofilter -s ; rm ~/Mail/MarkBad ; touch ~/Mail/MarkBad 7 4 * * * stripdaemonmail.pl ~/Mail/MarkGood | bogofilter -n ; stripdaemonmail.pl ~/Mail/MarkGood /var/mail/username ; rm ~/Mail/MarkGood ; touch ~/Mail/MarkGood stripmail.pl (attached) is a simple perl script that removes mbox emails that are left by the imap daemon. If you find a bug in the perl script I would definitely appreciate it if you would let me know. Even though it is not formally documented the script should be considered GPL. The user's .procmailrc (you are using procmail, yes?) can be configured like so: -start procmailrc :0 f | bogofilter -p -u -3 -l :0: * ^X-Bogosity: Yes Mail/Junk :0: * ^X-Bogosity: Unsure Mail/Unsure end procmailrc-- After this users move items in Junk to MisMarkedAsBad if it is a good email that ended up in the Junk folder. Likewise they move mails that are spam that ended up in the Inbox to MisMarkedAsGood. MarkGood/MarkBad are for emails that end up in the Unsure folder. Hope this helps! VIRUS amavis amavisd-new No comment about amavis/amavisd-new. clamscans This is not related to amavis. Amavis is responsible for parsing the MIME and saving them to files in /tmp. Clamscan is then used to scan the files placed in /tmp by amavis. Clamscan has come a long way. They now have over 10,000 definitions. However, you can use commercial av's (like Sophis) with amavis if you wish. Last I checked several months ago Sophis has over 80,000 definitions. Hope this helps. -- Phillip Hofmeister PGP/GPG Key: http://www.zionlth.org/~plhofmei/ wget -O - http://www.zionlth.org/~plhofmei/key.asc | gpg --import -- Excuse #137: Broadcast packets on wrong frequency stripdaemonmail.pl Description: Perl program
Re: exim virus scanning and spam scanning
On Sun, Dec 21, 2003 at 05:02:19PM -0500, Phillip Hofmeister wrote: Defiantly bogofilter. Bogofilter has the ability to learn and adjust to new spam. So does spamassassin, for some time now. Mike Stone -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
GnuPG mutt on Woody 3.0r2.
I've finally (!) got myself to the point of getting GnuPG working, having spent about a decade watching PGP's progress from the sidelines. Now, I have keys, I've added a keyserver line to ~/.gnupg/options, I can sign messages and (apparently) encrypt them. GPA is a nice little GUI for managing keys, and it shows everything appears to be well (as does gpg --list-keys). My trouble right now is verifying keys. If I send myself mail, it's correctly compared to my local copy (in my keyring?) and gpg says it's good. Other mail coming in triggers a lookup at pgp.mit.edu for keys, leading to strange results: --- gpg: Signature made Sun Dec 21 17:37:47 2003 MST using DSA key ID AC94E4B7 gpg: BAD signature from s. keeling (21Dec2003) [EMAIL PROTECTED] gpg: Signature made Sun Dec 21 17:14:28 2003 MST using DSA key ID 946886AE gpg: Good signature from Trey Sizemore [EMAIL PROTECTED] gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. gpg: Fingerprint: 683F FFE2 AA2D D341 6002 A973 8443 F068 9468 86AE gpg: Signature made Sun Dec 21 17:50:12 2003 MST using DSA key ID 946886AE gpg: BAD signature from Trey Sizemore [EMAIL PROTECTED] gpg: Signature made Sun Dec 21 18:55:57 2003 MST using DSA key ID AC94E4B7 gpg: Good signature from s. keeling (21Dec2003) [EMAIL PROTECTED] gpg: Signature made Sun Dec 21 20:32:36 2003 MST using DSA key ID 16D0B8EF gpg: BAD signature from Joey Hess (email key) [EMAIL PROTECTED] --- The commands driving gpg in mutt were clipped right out of /etc/Muttrc (Woody 3.0r2): --- set pgp_autosign=no set pgp_sign_as=AC94E4B7 set pgp_replyencrypt=yes set pgp_timeout=1800 set pgp_decode_command=/usr/bin/gpg --status-fd=2 %?p?--passphrase-fd 0? --no-verbose --quiet --batch --output - %f set pgp_verify_command=/usr/bin/gpg --status-fd=2 --no-verbose --quiet --batch --output - --verify %s %f set pgp_decrypt_command=/usr/bin/gpg --status-fd=2 --passphrase-fd 0 --no-verbose --quiet --batch --output - %f set pgp_sign_command=/usr/bin/gpg--no-verbose --batch --quiet --output - --passphrase-fd 0 --armor --detach-sign --textmode %?a?-u %a? %f set pgp_clearsign_command=/usr/bin/gpg --no-verbose --batch --quiet --output - --passphrase-fd 0 --armor --textmode --clearsign %?a?-u %a? %f set pgp_encrypt_only_command=/usr/lib/mutt/pgpewrap /usr/bin/gpg--batch --quiet --no-verbose --output - --encrypt --textmode --armor --always-trust -- -r %r -- %f set pgp_encrypt_sign_command=/usr/lib/mutt/pgpewrap /usr/bin/gpg --passphrase-fd 0 --batch --quiet --no-verbose --textmode --output - --encrypt --sign %?a?-u %a? --armor --always-trust -- -r %r -- %f set pgp_import_command=/usr/bin/gpg --no-verbose --import -v %f set pgp_export_command=/usr/bin/gpg --no-verbose --export --armor %r set pgp_verify_key_command=/usr/bin/gpg --verbose --batch --fingerprint --check-sigs %r set pgp_list_pubring_command=/usr/bin/gpg --no-verbose --batch --quiet --with-colons --list-keys %r set pgp_list_secring_command=/usr/bin/gpg --no-verbose --batch --quiet --with-colons --list-secret-keys %r set pgp_good_sign=^\\[GNUPG:\\] VALIDSIG --- Ideas anyone? I feel like I'm within spitting distance of the goal line, and I'm not getting any closer no matter what I do. -- Any technology distinguishable from magic is insufficiently advanced. (*) http://www.spots.ab.ca/~keeling - - pgp0.pgp Description: PGP signature