Hi,
I am trying to find a solution to a setup, where I want to make sure that
infected machines on the inner side (MYNETWORKS) is'nt able to push
out big amounts of SPAM.
I have full control on SPAM coming from outside but want to have a mechanism
that can detect this situation primarily to
Contact email and msg in the forum are not being answered.
thanks
Len
--
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
-- Original Message --
From: Len Conrad lcon...@go2france.com
Reply-To: lcon...@go2france.com
Date: Wed, 26 May 2010 18:54:07 +0200
Contact email and msg in the forum are not being answered.
===
that's http://postvisadmin.sourceforge.net
Len
Freebsd 4.9 (don't ask)
amavisd-new-2.6.2
perl 5.10.0
Berkeley db-4.1.25
all amavis's .pm's are installed
I did:
cp -R /usr/local/src/db-4.1.25.NC/perl/BerkeleyDB/*
/usr/local/lib/perl5/site_perl/5.10.0/BerkeleyDB
but something is still not happy
amavisd -c /usr/local/etc/amavisd.conf
I was seeing the effects of dcc/razor/pyzor in/out by editing local.cf and
v310.pre.
Put stuff in and out a few times, no problem, then one time amavis wouldn't
start with:
Sep 23 09:59:25 mx1 amavis[25348]: SpamControl: initializing Mail::SpamAssassin
Sep 23 09:59:28 mx1 amavis[25348]:
I was seeing the effects of dcc/razor/pyzor in/out by editing local.cf and
v310.pre.
Put stuff in and out a few times, no problem, then one time amavis wouldn't
start with:
Sep 23 09:59:25 mx1 amavis[25348]: SpamControl: initializing
Mail::SpamAssassin
Sep 23 09:59:28 mx1 amavis[25348]:
I've opened up amavis to 10 processes, not getting much help on the throughput.
This one-liner prints time, postfix-to-amavis delivery delay this msg, avg
delay all msgs
egrep 'relay=127.*:10024' /var/log/maillog | egrep -iv conn_ | awk '{c++;
a=substr($9,7); t+=a ; print $3, a,t/c}'
I'm
Hello there Len, it's been a long time!
Hello Eric,
I am running a 55W Quad Core Opteron with 4Gb of RAM with only 4 amavisd
processes and it runs like the wind
I think you should install more memory, I realize you put 1MB but really you
have 1GB yes? =)
As I said, when the machine was
But I still feel there's something throttling amavis with the current
hardware. This machine groans on passing 900 - 1100 msgs/hour? I
think it can do a lot better.
You are definitely right; it seems to me there is still something
very wrong with your setup. Your messages should be taking
FreeBSD 6.2
amavisd-new-2.4.3_1,1
p5-Mail-SpamAssassin-3.2.5
clamav-0.93.3
quad cpu 2 GHz
1 GB RAM , about 700 MB inactive or free
spamd about 5% weighted CPU
clamav about 10% wcpu
vscan (amavis), 2 instances taking 75% wcpu
cpu 0% idle
amavis max msg 1000*1024
postfix active queue (sending
vscan (amavis), 2 instances taking 75% wcpu
What is the iowait time on this process(es)?
sorry, forgot to show that. iostat shows burtsy i/o with several seconds of no
i/o, so it's not disk congestion
iostat -c 30
tty ad0 cpu
tin tout KB/t tps MB/s us ni sy
Suggestions?
Yes, you should be running much more than 2 instances of amavisd.
was running 6, upped that to 10 about 1/2 ago. no change.
sockstat -4 | egrep vscan
vscanperl 36980 5 tcp4 127.0.0.1:10024 *:*
vscanperl 36979 5 tcp4 127.0.0.1:10024 *:*
so now I've got 10 vscan's democratically eating 100% CPU with avg cpu load of
10, 100+ MB RAM available.
spamd and clamav worker bees still doing nearly 0% wcpu.
Still doesn't seem right that amavis as an interface should be eating the
entire machine while the content-scanners basically are
example:
Sep 16 01:18:22 mx1 amavis[11483]: (11483-01-31) Passed CLEAN, [12.xx.40.141]
[12.xx.40.141] [EMAIL PROTECTED] - [EMAIL PROTECTED], Message-ID: [EMAIL
PROTECTED], mail_id: 2M64mzvIA3wf, Hits: -, queued_as: 2CC9D1AF49B, 407 ms
is - the same as 0.0, or something else?
Len
mx1# ll /var/amavis/amavisd.sock
srwxr-x--- 1 vscan vscan 0 Aug 5 13:41 /var/amavis/amavisd.sock
mx1# ll /var/virusmails/9/badh-9pq-u0AL1q27
-rw-r- 1 vscan vscan 3533 Aug 3 13:14
/var/virusmails/9/badh-9pq-u0AL1q27
mx1# amavisd-release /var/virusmails/9/badh-9pq-u0AL1q27
Invalid
mx1# ll /var/amavis/amavisd.sock
srwxr-x--- 1 vscan vscan 0 Aug 5 13:41 /var/amavis/amavisd.sock
mx1# ll /var/virusmails/9/badh-9pq-u0AL1q27
-rw-r- 1 vscan vscan 3533 Aug 3 13:14
/var/virusmails/9/badh-9pq-u0AL1q27
mx1# amavisd-release /var/virusmails/9/badh-9pq-u0AL1q27
Invalid
We're trying to replace a Windows anti-spam on the mailbox servers
with amavisd/sa/clam on the front-end mx.
We are running in tandem both now in the amavis/sa/clam testing phase.
The backend mail content-scanner is still catching too many true
spams that get past amavis.
We uploaded the
We're trying to replace a Windows anti-spam on the mailbox servers
with amavisd/sa/clam on the front-end mx.
We are running in tandem both now in the amavis/sa/clam testing phase.
The backend mail content-scanner is still catching too many true
spams that get past amavis.
We uploaded the spams
On Tue, Jul 29, 2008 at 02:36:36PM -0500, Len Conrad wrote:
We're trying to replace a Windows anti-spam on the mailbox servers
with amavisd/sa/clam on the front-end mx.
We are running in tandem both now in the amavis/sa/clam testing phase.
The backend mail content-scanner is still
FreeBSD 6.3R
amavisd-new-2.5.2,1 installed as fbsd package.
it's working great, but:
our amavisd.conf has
$policy_bank{'AM.PDP-SOCK'} = {
protocol = 'AM.PDP',
auth_required_release = 0, # do not require secret_id for amavisd-release
};
but we still can't release:
#
We're trying to replace a Windows anti-spam on the mailbox servers
with amavisd/sa/clam on the front-end mx.
We are running both now. the backend mail scanner is still catching
too many true spams.
We uploaded the backend spams to the mx and run them through spamc,
with these results:
We run a separate MX before the amavis box.
We'd like to harvest on the amavis box the IPs of MTAs that send msgs
that get spam-tag-ged, in the same way spammy log lines log [MX IP}
and [IP that sent to the MX].
Is there some amavis/spamassassin param that does this?
thanks
Len
thanks, we'll take a look at those possibilities
This modification is likely to trip up any log processing software.
We don't have but one or two reports for amavis log lines, so it
would be easy to modify the reports, if at all.
If it's not obvious, we are trying to feed forward from the
23 matches
Mail list logo