exim virus scanning and spam scanning

2003-12-21 Thread hanasaki 
whats the difference between amavis-ng and milter and amavisd-new?   are 
some going away?  which one do you use for what? or clamscan directly? 
how can virus scanning be added?  clamscan and spam Spam assassin seem 
to be the norms from googling.  the configuration files to integrate 
with exim are befuddling.

the plan is too hook a virus scanner into exim4 from sarge.  any 
thoughts are appreciated.  A copy of someone's working exim4 config 
would be great!

how does one integrate the following with exim?  And which do you folks 
recommend for what reasons?
		SPAM
	Spamassassin
	bogofilter

VIRUS
amavis
amavisd-new
clamscans
thanks!

--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Re: exim virus scanning and spam scanning

2003-12-21 Thread Christian G. Warden 
On Sun, Dec 21, 2003 at 09:09:38AM -0600, hanasaki wrote:
 whats the difference between amavis-ng and milter and amavisd-new?   are 
 some going away?  which one do you use for what? or clamscan directly? 
 how can virus scanning be added?  clamscan and spam Spam assassin seem 
 to be the norms from googling.  the configuration files to integrate 
 with exim are befuddling.
 
 the plan is too hook a virus scanner into exim4 from sarge.  any 
 thoughts are appreciated.  A copy of someone's working exim4 config 
 would be great!
 
 how does one integrate the following with exim?  And which do you folks 
 recommend for what reasons?
   SPAM
   Spamassassin
   bogofilter
 
   VIRUS
   amavis
   amavisd-new
   clamscans

Exiscan-ACL (included in exim4-daemon-heavy) + SpamAssassin + clamav

See the exiscan-acl documentation and the exim list for configuration
details.


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Re: exim virus scanning and spam scanning

2003-12-21 Thread Phillip Hofmeister 
On Sun, 21 Dec 2003 at 10:09:38AM -0500, hanasaki wrote:
 whats the difference between amavis-ng and milter and amavisd-new?   are 
 some going away?  which one do you use for what? or clamscan directly? 
 how can virus scanning be added?  clamscan and spam Spam assassin seem 
 to be the norms from googling.  the configuration files to integrate 
 with exim are befuddling.
##Transport section
#ADDED FOR MAVIS AV Scan#


amavis:
  driver = pipe
  command = /usr/bin/amavis -f ${sender_address} -d
${pipe_addresses}
  prefix =
  suffix =
  check_string =
  escape_string =
  return_output = false
  return_path_add = false
  user = amavis
  group = amavis
  path = /bin:/sbin:/usr/bin:/usr/sbin
  current_directory = /var/spool/amavis-ng


##Directors Section
#Put this first, ORDER MATTERS!
###ADDED FOR MAVIS AV SCANNER

amavis_director:
  condition = ${if eq {$received_protocol}{scanned-ok} {0}{1}}
  driver = smartuser
  transport = amavis


 the plan is too hook a virus scanner into exim4 from sarge.  any 
 thoughts are appreciated.  A copy of someone's working exim4 config 
 would be great!
 
 how does one integrate the following with exim?  And which do you folks 
 recommend for what reasons?
   SPAM
   Spamassassin
   bogofilter

Defiantly bogofilter.  Bogofilter has the ability to learn and adjust to
new spam.  I would suggest you set up a set of bogofilter dbs for each
user since what each user considers spam is different.  Then you have
your users use IMAP and create a few mailboxes for them:

MisMarkedAsGood (runs bogofilter -Ns)
MisMarkedAsBad (runs bogofilter -Sn)
MarkGood (bogofilter -n)
MarkBad (bogofilter -s)

The last two mbox files are only used if you use tristate filtering
(Good, Bad, Unsure).

Then you run cron jobs like this in the user's crontab...

4  4  *  *  *   stripdaemonmail.pl ~/Mail/MisMarkedAsBad | bogofilter -Sn ; 
stripdaemonmail.pl ~/Mail/MisMarkedAsBad  /var/mail/username ; rm 
~/Mail/MisMarkedAsBad ; touch ~/Mail/MisMarkedAsBad
5  4  *  *  *   stripdaemonmail.pl ~/Mail/MisMarkedAsGood | bogofilter -Ns ; rm 
~/Mail/MisMarkedAsGood ; touch ~/Mail/MisMarkedAsGood
6  4  *  *  *   stripdaemonmail.pl ~/Mail/MarkBad | bogofilter -s ; rm ~/Mail/MarkBad 
; touch ~/Mail/MarkBad
7  4  *  *  *   stripdaemonmail.pl ~/Mail/MarkGood | bogofilter -n ; 
stripdaemonmail.pl ~/Mail/MarkGood  /var/mail/username ; rm ~/Mail/MarkGood ; touch 
~/Mail/MarkGood

stripmail.pl (attached) is a simple perl script that removes mbox emails that
are left by the imap daemon.  If you find a bug in the perl script I
would definitely appreciate it if you would let me know.  Even though it
is not formally documented the script should be considered GPL.

The user's .procmailrc (you are using procmail, yes?) can be configured like
so:


-start procmailrc
:0 f
| bogofilter -p -u -3 -l

:0:
* ^X-Bogosity: Yes
Mail/Junk

:0:
* ^X-Bogosity: Unsure
Mail/Unsure
end procmailrc--


After this users move items in Junk to MisMarkedAsBad if it is a good
email that ended up in the Junk folder.  Likewise they move mails that
are spam that ended up in the Inbox to MisMarkedAsGood.
MarkGood/MarkBad are for emails that end up in the Unsure folder.

Hope this helps!

   VIRUS
   amavis
   amavisd-new

No comment about amavis/amavisd-new.

   clamscans

This is not related to amavis.  Amavis is responsible for parsing the
MIME and saving them to files in /tmp.  Clamscan is then used to scan
the files placed in /tmp by amavis.  Clamscan has come a long way.  They
now have over 10,000 definitions.  However, you can use commercial av's
(like Sophis) with amavis if you wish.  Last I checked several months
ago Sophis has over 80,000 definitions.

Hope this helps.

--
Phillip Hofmeister

PGP/GPG Key:
http://www.zionlth.org/~plhofmei/
wget -O - http://www.zionlth.org/~plhofmei/key.asc | gpg --import
--
Excuse #137: Broadcast packets on wrong frequency 



stripdaemonmail.pl
Description: Perl program

Re: exim virus scanning and spam scanning

2003-12-21 Thread Michael Stone 
On Sun, Dec 21, 2003 at 05:02:19PM -0500, Phillip Hofmeister wrote:
Defiantly bogofilter.  Bogofilter has the ability to learn and adjust to
new spam.  
So does spamassassin, for some time now.

Mike Stone

--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

GnuPG mutt on Woody 3.0r2.

2003-12-21 Thread s. keeling 
I've finally (!) got myself to the point of getting GnuPG working,
having spent about a decade watching PGP's progress from the
sidelines.  Now, I have keys, I've added a keyserver line to
~/.gnupg/options, I can sign messages and (apparently) encrypt them.
GPA is a nice little GUI for managing keys, and it shows everything
appears to be well (as does gpg --list-keys).

My trouble right now is verifying keys.  If I send myself mail, it's
correctly compared to my local copy (in my keyring?) and gpg says it's
good.  Other mail coming in triggers a lookup at pgp.mit.edu for keys,
leading to strange results:

   ---
gpg: Signature made Sun Dec 21 17:37:47 2003 MST using DSA key ID AC94E4B7
gpg: BAD signature from s. keeling (21Dec2003) [EMAIL PROTECTED]

gpg: Signature made Sun Dec 21 17:14:28 2003 MST using DSA key ID 946886AE
gpg: Good signature from Trey Sizemore [EMAIL PROTECTED]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:  There is no indication that the signature belongs to the owner.
gpg: Fingerprint: 683F FFE2 AA2D D341 6002  A973 8443 F068 9468 86AE

gpg: Signature made Sun Dec 21 17:50:12 2003 MST using DSA key ID 946886AE
gpg: BAD signature from Trey Sizemore [EMAIL PROTECTED]

gpg: Signature made Sun Dec 21 18:55:57 2003 MST using DSA key ID AC94E4B7
gpg: Good signature from s. keeling (21Dec2003) [EMAIL PROTECTED]

gpg: Signature made Sun Dec 21 20:32:36 2003 MST using DSA key ID 16D0B8EF
gpg: BAD signature from Joey Hess (email key) [EMAIL PROTECTED]
   ---

The commands driving gpg in mutt were clipped right out of /etc/Muttrc
(Woody 3.0r2):

   ---
set pgp_autosign=no
set pgp_sign_as=AC94E4B7
set pgp_replyencrypt=yes
set pgp_timeout=1800
set pgp_decode_command=/usr/bin/gpg   --status-fd=2 %?p?--passphrase-fd 0? 
--no-verbose --quiet  --batch  --output - %f
set pgp_verify_command=/usr/bin/gpg   --status-fd=2 --no-verbose --quiet  --batch  
--output - --verify %s %f
set pgp_decrypt_command=/usr/bin/gpg   --status-fd=2 --passphrase-fd 0 --no-verbose 
--quiet  --batch  --output - %f
set pgp_sign_command=/usr/bin/gpg--no-verbose --batch --quiet   --output - 
--passphrase-fd 0 --armor --detach-sign --textmode %?a?-u %a? %f
set pgp_clearsign_command=/usr/bin/gpg   --no-verbose --batch --quiet   --output - 
--passphrase-fd 0 --armor --textmode --clearsign %?a?-u %a? %f
set pgp_encrypt_only_command=/usr/lib/mutt/pgpewrap /usr/bin/gpg--batch  --quiet  
--no-verbose --output - --encrypt --textmode --armor --always-trust -- -r %r -- %f
set pgp_encrypt_sign_command=/usr/lib/mutt/pgpewrap /usr/bin/gpg  --passphrase-fd 0  
--batch --quiet  --no-verbose  --textmode --output - --encrypt --sign %?a?-u %a? 
--armor --always-trust -- -r %r -- %f
set pgp_import_command=/usr/bin/gpg  --no-verbose --import -v %f
set pgp_export_command=/usr/bin/gpg   --no-verbose --export --armor %r
set pgp_verify_key_command=/usr/bin/gpg   --verbose --batch  --fingerprint 
--check-sigs %r
set pgp_list_pubring_command=/usr/bin/gpg   --no-verbose --batch --quiet   
--with-colons --list-keys %r 
set pgp_list_secring_command=/usr/bin/gpg   --no-verbose --batch --quiet   
--with-colons --list-secret-keys %r 
set pgp_good_sign=^\\[GNUPG:\\] VALIDSIG
   ---

Ideas anyone?  I feel like I'm within spitting distance of the goal
line, and I'm not getting any closer no matter what I do.


-- 
Any technology distinguishable from magic is insufficiently advanced.
(*)   http://www.spots.ab.ca/~keeling 
- -


pgp0.pgp
Description: PGP signature