Re: [AMaViS-user] Brand-new viruses, banned content and spamassassin
On Wed, Jan 31, 2007 at 10:38:35PM +0100, Mark Martinec wrote: It looks like what you are looking for is for a CC_BANNED to have a lower priority than CC_SPAM. The ranking of contents categories is currently hard-wired and not configurable. It could be dangerous to place CC_BANNED below CC_SPAM, as this would trigger a spam response instead of a banned response (for a message that is both), and a spam response is normally less severe and less informative than banned (or a virus) response. Ok, seems I understood it wrong then. :) It would be nice to have some option to control it. So if both CC_SPAM and CC_BANNED are hit, the one with D_DISCARD would be used. I guess covering all the possible situations could get complex, but I can't imagine this problem being very rare. Cheers, Henrik - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier. Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] maRBL on Debian
On Sun, Jan 07, 2007 at 07:28:00PM +1100, grant maxwell wrote: I wrote: What's the use for that? It would either greylist everything or just greylist instead of directly rejecting. I made the patch: http://hege.li/policyd-weight/greylist-p0f.diff Henrik I'm not sure how your patch works. It seems to me that if any email which has a score higher than $rate will be greylisted. It does not seem to do any lookup to see if this is their 2nd attempt. Now I'm not a perl programmer (but it looks a bit like C) and so I might be misreading it. Can you expand on your patch a bit please ? Yes, there is no cache for greylist decisions. And this is not really the list to discuss it, I have sent more info in policyd-weight mailing-list. I left any enchantments up to the policyd developer, as it's his program anyway. He can integrate it better. Cheers, Henrik - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] maRBL on Debian
On Thu, Jan 04, 2007 at 01:43:27AM +0100, mouss wrote: grant maxwell wrote: It would be very simple to add greylist command support to policyd- weight. Used when you match only one RBL or get over some specific score. And p0f support contributing to the score? Heck, I'll make some patches myself, it would be much more useful than maRBL. Henrik I agree. I would love to see the outcome of those patches :) just tell policyd-weight to return greylist and configure this a restriction class in postfix. What's the use for that? It would either greylist everything or just greylist instead of directly rejecting. I made the patch: http://hege.li/policyd-weight/greylist-p0f.diff Cheers, Henrik - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] maRBL on Debian
On Tue, Jan 02, 2007 at 04:03:18PM -0700, Gary V wrote: I am going to let it go for a while by itself but will probably add (a somewhat permissive) policyd-weight back into the mix (ahead of selective greylisting). It would be very simple to add greylist command support to policyd-weight. Used when you match only one RBL or get over some specific score. And p0f support contributing to the score? Heck, I'll make some patches myself, it would be much more useful than maRBL. Cheers, Henrik - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] advice on black lists use
On Sat, Dec 23, 2006 at 06:10:12PM +0200, Leon Kolchinsky wrote: Hello All, Below is a list ob black lists I'm using with main.cf config. smtpd_recipient_restrictions = reject_rbl_client zombie.dnsbl.sorbs.net, reject_rbl_client relays.ordb.org, reject_rbl_client safe.dnsbl.sorbs.net, reject_rbl_client list.dsbl.org, reject_rbl_client sbl.spamhaus.org, In the weekly logs I can see that the safe.dnsbl.sorbs.net is the hitter of the week (or may be it's just logically right cause it's before 2 latter): blocked using safe.dnsbl.sorbs.net (total: 9051) blocked using list.dsbl.org (total: 131) blocked using sbl.spamhaus.org (total: 18) No entries for zombie.dnsbl.sorbs.net and relays.ordb.org at all. I need an advice from powerusers on what bl's are better to use and in what order. As usual, I would recommend using policyd-weight. You don't depend on some single lists decision then. Cheers, Henrik - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
[AMaViS-user] Unchecked bug?
Hi, when you receive mail with encrypted zip.. On HAM: Passed UNCHECKED. SPAM-TAG line is logged. Everything fine. On SPAM: Blocked UNCHECKED. SPAM(-TAG) line is not logged, bug? Also wouldn't it be more clear to report Blocked SPAM in this case? Or is this some configuration issue I overlooked? Cheers, Henrik - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] d-ot: sa tags meanings
On Tue, Nov 14, 2006 at 10:11:29PM +1100, Voytek Eymont wrote: dumb Q: where do I find meaning of various SA tags ? I managed to find some on the http://spamassassin.apache.org/tests_3_1_x.html, but, can't find reference to TVD_FW_GRAPHIC That comes from sa-update updates, I don't think all have reference. Find the updates from /var/lib/spamassassin where they normally go. If you can't understand what the rules do, then you are out of luck probably.. Cheers, Henrik - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] d-ot: sa tags meanings
On Tue, Nov 14, 2006 at 11:17:19PM +1100, Voytek Eymont wrote: On Tue, November 14, 2006 11:05 pm, Henrik Krohns wrote: On Tue, Nov 14, 2006 at 10:11:29PM +1100, Voytek Eymont wrote: That comes from sa-update updates, I don't think all have reference. Find the updates from /var/lib/spamassassin where they normally go. If you can't understand what the rules do, then you are out of luck probably.. Henrik, many thanks, found it I guess I'm out of luck... They are not that complicated though.. If you grep TVD, you can find that they check mime headers for specific 'Content-Id' etc. See some tutorial for regular expressions. :) Cheers, Henrik - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] postfix issue/questions regarding relay_recipients
On Mon, Nov 06, 2006 at 12:17:01PM +0100, Bärtl, Martin wrote: Event though this is the amavisd list, i hope to get an answer for my postfix problem/questions. We are using postfix/amavisd-new as a mail gateway for our exchange server. As we are getting very much spam and infected mails for non existent recipients, i just installed a (perl)script to update our relay_recipients from AD frequently. Now all mails to non existent mail addresses are not accepted and we get much less spam/infected mails (around 2500 less a day). BUT for each mail that isn't accepted by postfix the postmaster gets an error mail from Mail Delivery System (postfix). Is there a way to stop postfix from sending those error mails for non existent users but keep sending the normal errors like lost connection etc.? Like this we just changed 2500 spam mails to 2500 error mails a day. The normal errors are only about 10 a day. Most likely you have bounce set in notify_classes. They are not really that interesting errors. 2nd question: after updating the relay_recipients (and doing a postmap relay_recipients) do i have to reload postfix each time? If yes, i better update less frequent. Please, http://www.postfix.org/DATABASE_README.html 'If you change a local file based database such as DBM or Berkeley DB, there is no need to execute postfix reload.' Cheers, Henrik - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] another sa-update question
On Thu, Nov 02, 2006 at 03:32:27PM -0800, Jo Rhett wrote: MrC wrote: The is a short-circuting AND; it will only perform the next command *iff* the previous command succeeds. Since 1 is a failure, the amavisd reload does not occur. yeah, but it doesn't do anything intelligent in the case that the update fails either, which is why you shouldn't do it that way. Why would you want to do something everytime the update doesn't succeed? Either it succeeds or it doesn't, sa-update errors aren't fatal in nature. Cheers, Henrik - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] skipped check of .gif.exe attachment
On Wed, Nov 01, 2006 at 08:50:48AM +0100, Jakob Curdes wrote: Patrick T. Tsang schrieb: The .exe is banned in amavis but it still penetrates to the mailboxes. in /etc/amavisd.conf: ... # block certain double extensions anywhere in the base name qr'\.[^./]*\.(vbs|pif|scr|bat|cmd|com|cpl|dll|exe)\.?$'i, The comment text claims too much, the expression blocks any occurrence of .exe in the name, not any occurence of exe. The latter would be dangerous because it might well be part of a legitimate file name aka executive summary. Please have a look at the new blocking syntax in the sample config provided with amavisd-new; by combination of rules you will be able to block this case. Such attachment can not be executed because it's not .exe (is there some silly client that removes the spaces?), but it's easy to block. Just add check for optional whitespace (\s*): qr'\.[^./]*\.\s*(vbs|pif|scr|bat|cmd|com|cpl|dll|exe)\.?$'i, Cheers, Henrik - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Spam with embedded gif...
On Fri, Oct 20, 2006 at 06:49:52PM +0200, Mark Martinec wrote: Ricardo, fuzzyocr spamassassin plugin into the mix and I really like it. What's the performance hit ? It is quite hefty, somewhat instable, but worth it if you can afford it. Though you need to remember that it is only run, when there is images to scan. Yesterday, from 14989 messages scanned, 134 were checked by FuzzyOCR. Each of those takes maybe 5-20 seconds, depending on how many ocr runs you like. Or maybe we are a statistical anomality? :) Cheers, Henrik - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] SA suddenly takes AGES...
On Tue, Oct 17, 2006 at 03:30:16PM +0200, Ralf Hildebrandt wrote: * Hanne Moa [EMAIL PROTECTED]: Maybe setting up a dns-cache/dns-proxy woulds be the way to go? You do know who am I, don't you? I do have a cache, of course. So why do you ask why the lists are slow? Obviously you are capable of testing and figuring out your own network/dns problems. ;) Cheers, Henrik - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] howto integrate dspam into amavisd-new?
On Sun, Oct 01, 2006 at 01:25:57PM +0200, Heinz Ulrich Stille wrote: (..message trimmed..) 4). Discover that it only works well if you constantly manually feed it. Well, yes, but in my experience any filter needs constant training. 5). Stop using dspam because it's not worth the hassle. For me dspam works quite well. OTOH SA's bayes filter, which gets the same training, doesn't work at all. Most messages get a score of 50%, with quite many false positives. Any system that requires feedback from the users is flaved IMO. I'm sure our workers have better things to do than train bayes. We just use a global autolearning database, and in our case it works even better as we don't communicate in english. The main point is that SpamAssassin bayes has very small part in scoring (atleast in our setup). Probably 90% of spam is catched with DNSBLs and other rules (gotta love FuzzyOcr!), only few messages are helped with the extra bayes score. Our hit/kill level is as high as 10, and vast majority of the spam has score of 20+. Cheers, Henrik - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] howto integrate dspam into amavisd-new?
On Sun, Oct 01, 2006 at 02:26:51PM +0200, Felix Schwarz wrote: Maybe its just me, but SpamAssassin only works for me. If I would use SpamAssassin, I would still get ~5-10 spam messages per day. Hard to say without knowing your configuration or experience.. With DSPAM, I only get 1-3 per week (currently, I get ~2500 spam messages per week). The only thing I would like to see implemented in DSPAM is a some kind of OCR. For me, SpamAssassin is much more flexible tool as you can have plugins like OCR and do whatever custom filtering you like. What I would like to see is SA bayes replaced with DSPAM one, having best of both worlds.. Cheers, Henrik - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Re-queueing of mails
On Sun, Oct 01, 2006 at 03:52:34PM +0100, Werner Schalk wrote: Hi, find /var/amavis/quarantine/spam* -type f | xargs . this doesn't work either for some reason (8000 files might be too many?): # find /var/amavis/quarantine/spam* -type f | xargs zgrep '^X-Envelope-To: $i' | grep 'mydomain.com' | cut -c 24-43 list -bash: /usr/bin/find: Argument list too long Any other ideas? My fault, normal shells expand that wildcard so you have to quote it. find '/var/amavis/quarantine/spam*' -type f | xargs Cheers, Henrik - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Re-queueing of mails
On Sun, Oct 01, 2006 at 05:49:30PM +0100, Werner Schalk wrote: Hi, hhhmm, this is strange. In a bash shell I get: # find /var/amavis/quarantine/spam-* -type f | xargs zgrep '^X-Envelope-To: $i' | grep 'mydomain.com' | cut -c 24-43 list find: /var/amavis/quarantine/spam-*: No such file or directory # find '/var/amavis/quarantine/spam-*' -type f | xargs zgrep '^X-Envelope-To: $i' | grep 'mydomain.com' | cut -c 24-43 list find: /var/amavis/quarantine/spam-*: No such file or directory This is not correct, the directory /var/amavis/quarantine is full of messages like spam-XXX.gz. So how do I have to quote it to get this to work? Argh.. seems I'm very tired today. This is the correct one, honestly. ;) find /var/amavis/quarantine -name 'spam*' -type f | xargs Cheers, Henrik - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Re-queueing of mails
On Sat, Sep 30, 2006 at 07:59:42AM -0600, Gary V wrote: zgrep '^X-Envelope-To: ' /var/amavis/quarantine/spam-a* | grep 'mydomain.com' | cut -c 24-43 list zgrep '^X-Envelope-To: ' /var/amavis/quarantine/spam-b* | grep 'mydomain.com' | cut -c 24-43 list If I'm not mistaken, the first letter of the file name (after 'spam-') could be lower case a-z, upper case A-Z or 0-9, so you could run this 62 times (modified each time), but gathering from mail log may be more desirable for reasons stated earlier. You may even want to split it up into different files so you could control it a little better. Better way would naturally be: find /var/amavis/quarantine/spam* -type f | xargs ... Cheers, Henrik - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] syslog-ng config and problems
On Sat, Aug 26, 2006 at 12:32:58PM +0200, Anders Norrbring wrote: I've tried to set up a looging av messages from amavis-new into a separate file, but that fle doesn't get created at all. Can someone please advice? syslog-ng.conf: filter f_mailscan { level(scan) and facility(mail); }; destination mailscan { file(/var/log/mail.scan); }; log { source(src); filter(f_mailscan); destination(mailscan); }; amavis.conf: $log_level = 6; $LOGFILE= undef; $DO_SYSLOG = 1; $SYSLOG_LEVEL = 'mail.scan'; Obviously scan is not a valid syslog level. See man syslog(3). Cheers, Henrik - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] sa-update (sa v 3.1.4)
On Thu, Aug 03, 2006 at 01:44:54PM -0600, Gary V wrote: I would guess the only people this may have an adverse effect on would be those who place custom rule sets in the default rules dir and also use 'sa-update'. They shouldn't be doing that at any rate, I believe custom rules go in the site rules dir. My extra sare rules get loaded just fine from the default rules dir, when using sa-update. Only thing you have to remember is copy them back when upgrading SpamAssassin module.. Cheers, Henrik - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] sa-update (sa v 3.1.4)
On Fri, Aug 04, 2006 at 08:18:01AM -0600, Gary V wrote: Henrik wrote: On Thu, Aug 03, 2006 at 01:44:54PM -0600, Gary V wrote: I would guess the only people this may have an adverse effect on would be those who place custom rule sets in the default rules dir and also use 'sa-update'. They shouldn't be doing that at any rate, I believe custom rules go in the site rules dir. My extra sare rules get loaded just fine from the default rules dir, when using sa-update. Only thing you have to remember is copy them back when upgrading SpamAssassin module.. Cheers, Henrik But have you set LOCAL_STATE_DIR = '/var/lib', which will read the sa-update rules from /var/lib/spamassassin/version or did you run 'sa-update --updatedir default_rules_dir' so the sa-update rules are placed in a subdirectory in /usr/local/share/spamassassin (or whatever your default rules dir is) along with your custom rules in that same directory? What I'm saying is that if LOCAL_STATE_DIR = '/var/lib', is used, none of the rule sets in the default rules dir will be read. Gary V Oops you are right. I accidently set /var/lib, my SpamAssassin is installed in another prefix. So yes it seems default dir is not read then at all. Cheers, Henrik - Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.phpp=sourceforgeCID=DEVDEV ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] perl Digest::MD5 version requirement
On Mon, Mar 20, 2006 at 03:16:36PM -0500, Adam Gibson wrote: I noticed in dag's amavisd-new 2.3.3 spec for amavisd the info below which goes against everything I have found in the archives for the amavisd-new list: ### No longer required with new amavisd-new #Requires: perl(Digest::MD5) = 2.22, perl-HTML-Parser = 3.24 But the INSTALL file for amavisd-new 2.3.3 says: Digest::MD5(Digest-MD5-x.xx) (2.22 or later) RedHat 9's perl 5.8.0 packages Digest::MD5 with the main perl rpm which is at version 2.20. Anyone know which is correct? I would hope dag would not drop the requirement when it would break amavisd-new. Trying to upgrade Digest::MD5 on RH9 will be tricky so I have my fingers crossed that 2.20 is ok. NOTE: I will not be using DAG's rpm regardless BTW... I am mainly using the spec to find out how he got around the newer MD5 requirement in amavisd-new. Maybe this is a bit offtopic, but why does everyone insist on using RPM/DEB whatever packages for everything? In my humble opinion, amavisd-new/spamassassin is much easier to handle when you compile own perl instance to /usr/local/perl. You can update it or your system as much as you want, and you know they wont break each other. I've never had any problems this way. Cheers, Henrik --- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnkkid=110944bid=241720dat=121642 ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Re: perl Digest::MD5 version requirement
On Tue, Mar 21, 2006 at 11:33:47AM +0100, Felix Schwarz wrote: Henrik Krohns wrote: Maybe this is a bit offtopic, but why does everyone insist on using RPM/DEB whatever packages for everything? In my humble opinion, amavisd-new/spamassassin is much easier to handle when you compile own perl instance to /usr/local/perl. You can update it or your system as much as you want, and you know they wont break each other. I've never had any problems this way. For me it is /way/ faster using yum install (including dependency resolution!) than installing everything by hand. Good for you, for many it doesn't seem to be that easy. Second, upgrading is easier (yum update) if the packager did his/her job well. And since most packagers know the software much better than I do (which is the case for 99,9% of all programs), they will prevent me from doing anything bad. Thats a bit of a stretch. You need to know the software to do your job properly. I could never trust packagers decisions on essential packages, there might be configs or compile options I do not want. I don't have to monitor all the lists to be notified when a security hole appears, I just do regular yum updates. I think I would not hire anyone for security position, who didn't want to know about current security issues.. Third, when using CentOS/RHEL I get security updates for several years (RHEL: 7 years). Just being able to update my system in order to be secure saves so much time! Of course this is point is not valid for software from repositories such as DAG, Dries etc. as they don't have the resources to backport all fixes and do thorough quality assurance but I can stay with my version of Perl for example. Using RPMs as much as possible means that I only have to care about five custom software packages for my servers (custom Exim, DSPAM, Bacula with special options, my own web application and soon amavisd-new because I need DSPAM-integration). Come on, like you would have to compile perl every week to be secure. :) Naturally it is easy to update BASE system with packaging, I do it too. Problem here was perl/amavisd-new and module dependencies. How many times people have complained here when some system update broke them? And even this software is packaged with RPM as this eases quality assurance for me (the version/configuration installed on the servers is the same as I had on my test system - less possibilities to forgot one or two commands which may cause errors later). So build RPM from your custom build perl/amavisd-new.. Cheers, Henrik --- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnkkid=110944bid=241720dat=121642 ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Decoding of p002 (RAR archive data, v1d, os: Win32) failed, leaving it unpacked: timed out
On Wed, Mar 01, 2006 at 02:13:01AM +0100, Nicklas Bondesson wrote: Ran into some strange things today: Seems like the RAR decoder (unrar) doesn't cope very well with large .rar files (~15MB). First of all I got this message in the log: Decoding of p002 (RAR archive data, v1d, os: Win32) failed, leaving it unpacked: timed out Maybe you have ancient unrar version? You could get the newest (http://www.rarlab.com/rar/unrarsrc-3.5.4.tar.gz) and compile it, if your distro doesn't have better version. You could also try 'rar' package which might be newer. Amavisd tries 'rar' before 'unrar'.. Cheers, Henrik --- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnkkid=110944bid=241720dat=121642 ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] OT: Is this a virusmail?
On Wed, Feb 01, 2006 at 08:55:42PM +0100, Al Bogner wrote: I got this mail today, which was not recognized by 4 virus-scanners: http://members.inode.at/pinguin/possiblevirus.txt Can anyone confirm, that this is a virus? Al Use these.. http://virusscan.jotti.org/ http://www.virustotal.com/ Cheers, Henrik --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnkkid=103432bid=230486dat=121642 ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] BitDefender bdc and the --all option in amavisd.conf
On Thu, Jan 26, 2006 at 10:18:09AM -0800, Bill Landry wrote: - Original Message - From: Max Matslofva [EMAIL PROTECTED] Hi I just installed BitDefender bdc from FreeBSD ports. BDC/FreeBSD 5.x-Console (v7.0-2545) (i386) (Dec 22 2004 19:56:57) Copyright (C) 1996-2004 SOFTWIN SRL. All rights reserved. amavisd-new is version 2.3.3 I got an error from bdc, and the --all option in the logfile. Warning: unknown parameter: --all amavis[91989]: (91989-01) run_av: /usr/local/bin/bdc exit 0, BDC/FreeBSD 5.x-Console (v7.0-2545) (i386) (Dec 22 2004 19:56:57)\nCopyright (C) 1996-2004 SOFTWIN SRL. All rights reserved.\nWarning: unknown parameter: --all\n\n\n\nResults:\nFolders ...:1\nFiles ...:1\nPacked ...:0\nArchives ...:0\nInfected files :0\nSuspect files ...:0\nWarnings ...:0\nI/O errors ...:0\n The default options for bdc in amavisd.conf is --all --arc --mail Can I change it to --arc --mail ? Should work fine with the --all switch. Here what we have been using for over a year: ['BitDefender', 'bdc', '--all --arc --mail --nowarn --alev=15 --flev=15 {}', qr/^Infected files *:0+(?!\d)/, qr/^(?:Infected files|Identified viruses|Suspect files) *:0*[1-9]/, qr/(?:suspected|infected): (.*)(?:\033|$)/ ], and bdc --help outputs the following: BDC/Linux-Console v7.0 (build 2490) (i386) (Dec 10 2003 16:11:35) Copyright (C) 1996-2003 SOFTWIN SRL. All rights reserved. Obviously wouldn't hurt upgrading your bdc with a few years. ;) No --all here.. BDC/Linux-Console v7.1 (build 2559) (i386) (Jul 6 2005 16:28:53) Copyright (C) 1996-2004 SOFTWIN SRL. All rights reserved. Usage: bdc path [parameters] Parameters: --files - scan files * --arc- scan archives --mail - scan mail databases --nopack - don't scan packed programs --ext=ext1;ext2; - scan only this extensions --log[=file] - create log file --list - display all files --prog - scan only program files --append - append to log file --disinfect - disinfect files --delete - delete infected files --copy - copy infected files in quarantine zone --copys - move suspected files in quarantine zone --move - move infected files in quarantine zone --moves - move suspected files in quarantine zone --info - information --nowarn - do not display warnings --vlist - display virus list --debug - display debug information --nor- do not recurse into subdirs --alev[=n] - set maximum archive depth level --flev[=n] - set maximum folder depth level --update - update virus definitions --help,--? - this help * = default option Cheers, Henrik --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnkkid=103432bid=230486dat=121642 ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Best specs for server;
On Fri, Jan 13, 2006 at 12:40:02PM -1000, Clifton Royston wrote: On Fri, Jan 13, 2006 at 12:36:39PM -0800, Rich Marriner wrote: This might be a little bit off topic, but a new computer recently came into my hands and am wondering if I should retire(or reassign) my existing server and use my new computer as my postfix/amavis/mysql/web server. Now I am sure that the amount of traffic I get that either of these machines will handle it just fine (infact the Dual 600 handles perfect now), but incase I grow beyond my expectations in the near future... Anyway, would you rather have a Dual P3 600mhz or a Single P4 1.6ghz? Given the IPC (instructions-per-clock) difference between the P3 and P4, and the fact that an amavisd/postfix setup is highly multitasking, the dual P3 might have a *slight* edge over the P4; it'll be pretty near to a wash though. Anyway, this is the kind of answer that a little testing on your side can resolve very concretely. Probably any time advantage gained will be already lost on the process of thinking, testing and changing the server. ;) Cheers, Henrik --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] RE: How to clean /var/spool/amavis directory automatically
On Mon, Dec 26, 2005 at 01:37:41PM +0200, [EMAIL PROTECTED] wrote: Is there any script to clean it automatically (or maybe there is some built-in amavis option) so it won???t eat my disk spaceoe http://www.postfix-buch.com/download/remove_amavisd-new_stale_files.sh.gz Thanks :) But in this case I have to stop amavisd for a period of time, and this could be very bad, users would remain without antivirus protection. I would also recommend rm -rdf option. Any comments? You obviously have something wrong with your setup, if amavisd leaves all the tempfiles on disk. See if there are preserving evidence messages in your log. Anyway, forget that silly script. There's absolutely no need to restart amavisd. Just cron a find command, like one that was posted here already. Cheers, Henrik --- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637alloc_id=16865op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Avoiding spam scan on message originating from my network/s
On Mon, Oct 24, 2005 at 11:05:14AM +0200, Rocco Scappatura wrote: Hello, Gary this morning the CPU of my servers was overloaded... So I hace removed the blacklist.cf ruleset list... So the CPU has returned to work normally... Is a problem? How can I replace thiat list? As already said, using such lists are ancient and NOT recommended way. SpamAssassin uses DNS-based RBL lists, which are constantly updated. http://wiki.apache.org/spamassassin/DnsBlocklists Cheers, Henrik --- This SF.Net email is sponsored by the JBoss Inc. Get Certified Today * Register for a JBoss Training Course Free Certification Exam for All Training Attendees Through End of 2005 Visit http://www.jboss.com/services/certification for more information ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Mail from localhost is not local
On Mon, Oct 24, 2005 at 11:06:43AM +0200, Thomas Bange wrote: Hi, I'm running postfix with amavis as a relay for our exchange server. I setup the MYNETS policy bank to skip spam checks for mail from internal to external. For mail which originates from exchange to external recipients this is working perfectly. However, mail which is beeing generated local is not recognised as local mail and is still fully checked (i.e. just doing a 'mail -s Test root /dev/null). In amavisd.conf mynetworks is configured as followed: @mynetworks = qw( 127.0.0.0/8 ::1 192.168.x.x/24 + some other local networks ); I don't understand, why mail from localhost is not recognised as local by amavis. Any hints? I had the same problem.. If it happens that setting content_filter for pickup daemon doesn't work, you could try my way: http://marc.theaimsgroup.com/?l=amavis-userm=112673242318594w=2 Cheers, Henrik --- This SF.Net email is sponsored by the JBoss Inc. Get Certified Today * Register for a JBoss Training Course Free Certification Exam for All Training Attendees Through End of 2005 Visit http://www.jboss.com/services/certification for more information ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Amavisd-new vs appliance
On Mon, Oct 10, 2005 at 09:55:36AM +0200, Rocco Scappatura wrote: - Can be a such black box more efficient then spam assassin (SA) - How to you use SA so that it can works fine? Depends entirely on the admin. SA has many little things to tweak and understand. Reading all the manuals and understanding the system is essential. Just an example. It is not very wise to use a million rulesemporium rules blindly. Understanding the system would tell one immediately that using huge rules will slow down considerably. The rules have good descriptions when to use them. If you read these, you will see what SA version they are compatible with and how accurate they might be. Nothing personal, everyone have to start from somewhere. :) Cheers, Henrik --- This SF.Net email is sponsored by: Power Architecture Resource Center: Free content, downloads, discussions, and more. http://solutions.newsforge.com/ibmarch.tmpl ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Amavisd-new vs appliance
On Mon, Oct 10, 2005 at 09:55:36AM +0200, Rocco Scappatura wrote: - Can be a such black box more efficient then spam assassin (SA) - How to you use SA so that it can works fine? Depends entirely on the admin. SA has many little things to tweak and understand. Reading all the manuals and understanding the system is essential. Just an example. It is not very wise to use a million rulesemporium rules blindly. Understanding the system would tell one immediately that using huge rules will slow down considerably. The rules have good descriptions when to use them. If you read these, you will see what SA version they are compatible with and how accurate they might be. Nothing personal, everyone have to start from somewhere. :) Cheers, Henrik --- This SF.Net email is sponsored by: Power Architecture Resource Center: Free content, downloads, discussions, and more. http://solutions.newsforge.com/ibmarch.tmpl ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Bypass spam checks on local dsn/bounce
On Wed, Sep 14, 2005 at 06:41:18AM -1000, Clifton Royston wrote: On Wed, Sep 14, 2005 at 08:18:55AM -0600, Gary V wrote: Henrik wrote: Hi, I have postfix-amavisd-new-postfix setup. I'm trying to disable spam checks on dsn/bounce messages ( sender) generated by the first postfix. I already have checks disabled from mynetworks to local_domains, but amavisd doesn't seem to think that message generated by the first postfix is local (ip doesn't show in log.. no xforward?). Also postfix doesn't seem to have anything like bounce_transport. Any ideas? Cheers, Henrik This is admittedly a shot in the dark for me, but might be worth a try. Locally generated mail will use the pickup service to send mail. If bounce notices also apply to this case (not sure if they do), I am fairly sure that bounces do *not* go through pickup, they are processed entirely internally to postfix. I've never noticed this problem, but I suspect it depends on exactly where you have the content_filter setting. The easiest way around it is simple - take the content_filter setting out of the postfix main.cf and put it into the master.cf setting for the postfix smtp listener. This could work.. except we are redirecting different domains to different amavisd ports with transport table. No content_filter settings anywhere. I think I'll look into the sources why amavisd doesn't consider mail from localhost postfix being local. Cheers, Henrik --- SF.Net email is sponsored by: Tame your development challenges with Apache's Geronimo App Server. Download it for free - -and be entered to win a 42 plasma tv or your very own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Bypass spam checks on local dsn/bounce
On Wed, Sep 14, 2005 at 11:55:01AM -0600, Gary V wrote: Henrik wrote: I already have checks disabled from mynetworks to local_domains, Additional details on how you accomplish this would help. This could work.. except we are redirecting different domains to different amavisd ports with transport table. No content_filter settings anywhere. So you have policy banks set up for these ports? It would help if we could see the flow of a message that does work as expected, and an example of logs showing a message that fails to work as expected. And a sample of the policy bank. Just want to understand your setup a little better, if you care to spend the time. Well.. I spent some debugging and came to the conclusion that when sending a dsn, the first postfix doesn't send XFORWARD and that is the only thing amavisd checks from mynetworks. I probably need to hack amavisd to think that if there is no XFORWARD, then the sender addr is 127.0.0.1. I think there isn't any other case that XFORWARD isn't sent, so it should be safe? Cheers, Henrik --- SF.Net email is sponsored by: Tame your development challenges with Apache's Geronimo App Server. Download it for free - -and be entered to win a 42 plasma tv or your very own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Bypass spam checks on local dsn/bounce
On Wed, Sep 14, 2005 at 09:57:48PM +0300, Henrik Krohns wrote: Well.. I spent some debugging and came to the conclusion that when sending a dsn, the first postfix doesn't send XFORWARD and that is the only thing amavisd checks from mynetworks. I probably need to hack amavisd to think that if there is no XFORWARD, then the sender addr is 127.0.0.1. I think there isn't any other case that XFORWARD isn't sent, so it should be safe? So the hack is done. Now it works logically, message is seen coming from mynetworks and MYNETS policy is loaded. --- amavisd-2.3.3.origMon Aug 22 02:46:15 2005 +++ amavisd Thu Sep 15 00:02:17 2005 @@ -11804,6 +11804,14 @@ $initial_am_id = 0; Amavis::check_mail_begin_task(); $self-prepare_tempdir; + +# if no XFORWARD is set, then local postfix submitted it directly +if ($xforward_args{'ADDR'} eq '') { + $xforward_args{'ADDR'} = 127.0.0.1; + $xforward_args{'NAME'} = localhost; + $xforward_args{'PROTO'} = ESMTP; + $xforward_args{'HELO'} = localpfix; +} my($cl_ip) = $xforward_args{'ADDR'}; if ($cl_ip ne '' defined $policy_bank{'MYNETS'} lookup_ip_acl($cl_ip,@{ca('mynetworks_maps')}) ) { Cheers, Henrik --- SF.Net email is sponsored by: Tame your development challenges with Apache's Geronimo App Server. Download it for free - -and be entered to win a 42 plasma tv or your very own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] Bypass spam checks on local dsn/bounce
On Wed, Sep 14, 2005 at 12:04:45PM -1000, Clifton Royston wrote: On Thu, Sep 15, 2005 at 12:01:44AM +0200, mouss wrote: Clifton Royston a écrit : I guess my point was more along the lines of: why is it routed through amavisd in the first place? Why send a self-generated DSN through anyway? because he is using transport to pass mail to different amavisd's depending on the recipient domain. The problem is that transport is global (not restricted to smtpd). so bounces will go to amavisd too. Ah, I see. If you replace transports with a Postfix access map that does: example.com FILTER smtp:localhost:10026 example.net FILTER smtp:localhost:10025 or similar, then you can still route domains (or even specific users) to a specific amavisd port/instance, or even route them around amavisd and into the outbound Postfix instance, but you do not get the problems associated with using the transport mechanism to do it. This is the strategy our Scora system uses. -- Clifton Yes, this would be fine too. But being paranoid, I want everything scanned for viruses. That's including the messages coming from the server itself, DSN, bounces. Using sendmail binary probably doesn't go through access map? Virus scanning doesn't take much resources, but spamassassin does. That's why internal to internal mail isn't checked for spam. Amavisd didn't realize that it was coming from mynetworks, but now it does, and isn't checked. Cheers, Henrik --- SF.Net email is sponsored by: Tame your development challenges with Apache's Geronimo App Server. Download it for free - -and be entered to win a 42 plasma tv or your very own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] $first_infected_stops_scan = 0 ??
On Sun, Jul 17, 2005 at 11:58:58PM +0800, meow wrote: I am wondering if I set $first_infected_stops_scan = 0 And I install 3 anti-virus software(all in @av_scanners not @av_scanners_backup), what will happen if only 2 or 1 of these anti-virus says certain mail contains virus and other anti-virus says this mail is clean? Will amavis judge certain mail as virus as long as 1 anti-virus says it detect virus, or amavis will judge certain mail as virus only if ALL antivirus says it detect virus when I set $first_infected_stops_scan = 0 ? Mail will be considered virus, if any scanner detects one. Doesn't matter if all the other scanners don't find anything. I think the only reason to set $first_infected_stops_scan=0 is to compare scanners on how they perform. At log level 2 you can see which scanners found the virus in a mail. Cheers, Henrik --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477alloc_id=16492op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
Re: [AMaViS-user] amavisd-2.3 version error
On Mon, Jun 27, 2005 at 04:00:36PM +0200, Mark Martinec wrote: After that I got it working, but ended up with this error: Jun 27 01:34:41 xyz amavis[18246]: [ID 702911 mail.warning] (18246-01) WARN save_info_final: Insecure dependency in parameter 1 of DBI::db=HASH(0x1612700)-prepare method call while running with -T switch at /usr/local/perl/lib/site_perl/5.8.6/sun4-solaris/DBD/Pg.pm line 281, GEN8 line 98. Hm, don't know. The parameter 1 in -prepare is a SQL clause, which comes from a hash %sql_clause via the %current_policy_bank (routine cr). In sub execute (line 9412) the prepare is called. The clause string shouldn't be tainted, and MySQL DBD/DBI is not complaining, so I'm not sure how/why the DBD/Pg.pm sees the argument as tainted. At log level 4 you could see a log entry like: sql: preparing and executing: $clause You may try experimenting with the following test log entry: --- amavisd~Sun Jun 26 01:44:02 2005 +++ amavisd Mon Jun 27 15:58:00 2005 @@ -9420,2 +9420,10 @@ do_log(4,sql: preparing and executing: $clause); + +use Scalar::Util (); +do_log(0, HERE1: prepare $clause, . + (Scalar::Util::tainted($clause) ? TAINTED : not tainted)); +do_log(0, HERE2: prepare arg: $_, . + (Scalar::Util::tainted($_) ? TAINTED : not tainted) + ) for (@args); + $sth = $self-dbh-prepare($clause); $self-sth($clause,$sth); Everything was not tainted. I can get stuff working if I change to 'Taint = 0' in amavisd DBI-connect. Is this safe to do? Cheers, Henrik --- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477alloc_id=16492op=click ___ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/