of the subtle difference between 'exe' and 'exe-ms'.
Maybe this deserves an additional hint in the config files.
Thanks again for solving this.
Regards,
Robert
--
The ultimate all-in-one performance toolkit: Intel(R) Parallel
permit any file without a name. Perhaps a combination of sender
*.blackberry.net and file name UNKNOWN.001.
Regards,
Robert
--
Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)!
Finally, a world-class log
the last part of the original post.
Anyway, this is not the answer to my question.
Regards,
Robert
--
Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)!
Finally, a world-class log management solution
e-mails go through either server for both domains.
That way, the e-mails can get in if either server is down :)
Robert Pelletier
Technicien informatique dans l'équipe d'infrastructure
Service des technologies de l'information
Commission Scolaire des Hautes-Rivières
Téléphone : (450) 359-6411 poste
I believe the file must be called eicar.com to be seen as the virus
-Message d'origine-
De : Sharma, Ashish [mailto:ashish.shar...@hp.com]
Envoyé : 29 avril 2010 10:00
À : amavis-user@lists.sourceforge.net
Objet : [AMaViS-user] Asking again : about amavis anti virus scanning
Hi,
Asking
.
Robert.
--
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis
;
$final_bad_header_destiny = D_PASS;
$sa_spam_subject_tag = '***SPAM*** ';
$sa_tag_level_deflt = undef;
$sa_tag2_level_deflt = 5;
$sa_kill_level_deflt = 20;
$sa_dsn_cutoff_level = 10;
# Do not modify anything below this line -
1; # ensure a defined return
/snip
Cheers,
Robert
[1] https
sendmail. It's like the scales fell from my
eyes. After removing these lines it worked as expected. Whew!
Thank you very, very much, Noel!
Robert
--
Come build with us! The BlackBerryreg; Developer Conference in SF, CA
I believe /var is a link to /private/var in MacOS X, maybe it's because of that?
-Message d'origine-
De : Mark Martinec [mailto:mark.martinec+ama...@ijs.si]
Envoyé : 6 avril 2009 10:40
À : amavis-user@lists.sourceforge.net
Objet : Re: [AMaViS-user] TempDir and 2 subdirectories
Matthias,
This is not a amavis problem but a postfix configuration issue.. still, here's
the solution :)
In /etc/postfix/main.cf, in your smtpd_client_restrictions section, add this
as the first entry:
check_client_access hash:/etc/postfix/whitelist_clients
create /etc/postfix/whitelist_clients and add
://www.amavis.org/howto/
i see no relationship to amavis here, why not looking
to technet or ask m$, you ve paid a lot of money for their products so
they should support you
--
Best Regards
MfG Robert Schetterer
Germany/Munich/Bavaria
Mark,
I'd previously been stripping internal received headers from my emails
prior to sending out (a bit anal I know). This breaks dkim signatures,
any way of asking amavis not to sign received headers?
Regards,
Rob
-
MrC wrote:
Robert Brooks wrote:
Mark,
any views on this?
Regards,
Rob
Rob,
I have not seen the :unknown port in my logs nor had others report
this, so I suppose it is the less common pre-queue setup that is the
difference.
I always was the wierdo :)
I'm about to update postfix
in the
README.ldap specifically for mynetworks. I am currently using
amavisd-maia based on amavisd-new 2.2 and @lookup_sql_dsn for SQL
lookups.
--
Robert
-
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R
On Sat, 2008-01-26 at 01:53 +0100, mouss wrote:
Robert Fitzpatrick wrote:
I see a message get sent through and labeled 'WARNING: contains banned
part' like it should according to our banned policies as it scores zero
in SA. I am assuming zero means that SA didn't even scan the content
enough to kill.
My question, is there a way for amavis to filter with SA and only send
through according to banned policies if CLEAN?
--
Robert
-
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R
Bartłomiej Rutkowski wrote:
On Tue, 20 Nov 2007 14:45:59 +0100
Mark Martinec [EMAIL PROTECTED] wrote:
Bartek,
I am building new mail infrastructure in my company, and I have
came to place where it seems that os fingerprinting technique
cannot be used.
This is how the situation looks
Mark Martinec wrote:
I used dkim-milter until recently, but switched to a pure- amavisd solution
for dkim signing and verification last week. I never tried the dkimproxy,
what is this solution?
-
This SF.net email is
Hi, I want to run amavisd-new on low ports (ports 1024), however when I set
$inet_socket_port to values lower than 1024 it won't start up
am I missing something obvious or is this by design ?
brgds, robert
-
This SF.net
Scheidell [EMAIL PROTECTED] wrote:
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf
Of Robert Gomezi
Sent: Wednesday, October 31, 2007 6:34 AM
To: AMaViS-user@lists.sourceforge.net
Subject: [AMaViS-user] amavisd-new not binding
I'm using ClamAV. It's a perfect match with Amavis, it's fast and get's high in
the reviews.
Robert Pelletier
Technicien informatique dans les écoles
Service des technologies de l'information
-Message d'origine-
De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] De la part de Anders
MrC wrote:
Robert Brooks wrote:
[..]
Oct 5 09:01:06 mailhost amavis[25870]: (25870-17) Blocked SPAM,
[84.79.70.165] [84.79.70.165] [EMAIL PROTECTED] -
[EMAIL PROTECTED], mail_id: HFW3sN8D+u30, Hits: 20.862, size: 719,
11887 ms
[..]
Without data in the log that supports
MrC wrote:
Robert Brooks wrote:
[..] (discussing postfix-logwatch log analyser)
whilst I'm being a pain the Postfix reject figures don't show
rejections from before-queue amavis. Unfortunately Postfix doesn't
seem to log this well :(
I don't use a before-queue setup, and don't know what
by counts of messages falling into
each bucket, then at the end convert absolute counts to percents.
Exactly.
Robert Brooks wrote:
that would work too :)
I'll implement over the next couple of days - I'm currently swamped
right now. Thanks for the continued feedback.
whilst I'm being
MrC wrote:
Robert Brooks wrote:
MrC wrote:
I see. Its easy enough to implement. I had originally not seen much
value in those numbers, but will be happy to add the feature if it is
useful.
seeing the overall performance of amavis is useful to me, especially
as I use amavis before
Mark Martinec wrote:
I mean something like this...
Spam Score -5 0 3 5 10 15
Percentile5.89% 12.59% 19.43% 24.81% 35.02% 50.37%
Seems like you want a frequency distribution: divide a score range
into arbitrary buckets, fill them by counts of
this has been bugging me for a while...
a single amavis process looks like this (in top):
PID USER PR NI VIRT RES SHR S %CPU %MEMTIME+ COMMAND
13249 amavis16 0 94740 76m 3624 S 0.0 7.6 0:08.68
amavisd
it appears the usage is not the sum of the resident
MrC wrote:
I see. Its easy enough to implement. I had originally not seen much
value in those numbers, but will be happy to add the feature if it is
useful.
seeing the overall performance of amavis is useful to me, especially as
I use amavis before-queue.
also, spam score percentiles. It
MrC wrote:
Hi Rob,
Is your request different from the timings percentiles report that
currently exists ? Example at the end of:
http://www.mikecappella.com/logwatch/example-amavis-detail10
It is obtained with detail level = 5.
this is what I'm thinking about, but as well as the
and data files. We could go further and
create 53 partitions, and be shure to have only 1 week of data in it (but
having 48/49 empty partitions). We'd get more than a week of data if we were to
keep more than 1 year or messages.
One way or the other, I'm just glad I could help ;)
Robert
to this.
Is there a way to make the header something different for clean
messages?
$clean_quarantine_method = 'local:clean-%m.gz';
$clean_quarantine_to = 'clean-quarantine';
--
Robert
-
This SF.net email is sponsored by: Splunk Inc.
Still
Wouldn't the simplest way to handle that kind of load to use the partitionning
fonctionnality of MySQL 5.1?
I've got a 81GB / 0.5G rows log database set up like that giving me good speed
and stability. MySQL does the whole job for you, nothing to change in the
application.
Robert Pelletier
On Thu, Aug 23, 2007 at 05:52:33PM +0200, Robert Felber wrote:
## mime types/filenames of banned e-mail:
Content-Type: Multipart/Mixed; boundary=BlatBoundary-zmBuidg8ZdrJ3VdIGIbkv
--BlatBoundary-zmBuidg8ZdrJ3VdIGIbkv
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding
On Thu, Aug 23, 2007 at 07:41:29PM +0200, Mark Martinec wrote:
Robert,
X-Amavis-Alert: BANNED, message contains part: multipart/mixed |
application/octet-stream,.asc,EBNA0006 | .exe,UNKNOWN.001
Don't ask me where it gets that .exe information from it doesn't appear
in the mime parts
Mark Martinec wrote:
Jordi,
My amavisd-new+spamasssassin runs well. At present, when SPAM mail is
detected by SA, it is sended to my $MYHOME/$QUARANTINEDIR
(/var/amavis/quarantine in my system). Currenly I use Postix with
virtuals domains/users (with MySQL backend) and Dovecot as POP/IMAP
Bartłomiej Rutkowski wrote:
So, the time has passed, and still there is no answer... Is there no way,
that users
can make their improvements way to amavisd-new official builds? Or is the
project
not interested in such participation?
I think you're jumping to conclusions there, I suspect
Is it possible to use an ldap address book as a whitelist?
I've been doing a bit of googling, but apart from a brief comment here:
http://www.afp548.com/article.php?story=20041114233708682
I can't find much evidence that it's possible and README.ldap makes it
look unlikely.
It seems to be a
Hello,
how to avoid that amavisd sends Passed Messages with mail.notice to syslog?
My config lists:
$syslog_ident = 'amavis';
$syslog_facility = 'mail';
$syslog_priority = 'info';
$log_level = 0;
--
Robert Felber (PGP: 896CF30B)
Munich, Germany
. My biggest concern is changing
any amavisd settings/rules without my realizing it and customers
complaining come Monday morning. Looks like a great program. Thanks for
the help! Any suggestions or things to look out for are appreciated.
--
Robert
$sa_mail_body_size_limit = 64*1024; # don't waste time on SA if mail is
larger
$sa_local_tests_only = 0;# only tests which do not require internet
access?
$sa_auto_whitelist = 1;
--
Robert
-
This SF.net email
On Thu, 2007-04-19 at 11:33 -0600, Gary V wrote:
Robert wrote:
I am trying to let through spam for one domain as Gary had kindly
suggested on how to do below. Spam messages are making it through for
that domain, but no ***SPAM*** tag on the subject line of those
messages. I have
for mail_prefs?
http://www.ijs.si/software/amavisd/README.sql-pg.txt
--
Robert
-
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just
On Tue, 2007-04-17 at 19:56 +0200, Mark Martinec wrote:
Robert,
I am trying to setup storage in our PgSQL database using the following
doc, but I am not sure which schemas are to be loaded in which
databases. I assume I am to cut/paste the necessary CREATE TABLE
sections as the schema
with the header, nor anything in log.
How do I determine whether and when amavis uses the passive OS fingerprinting?
How do I enforce it?
--
Robert Felber (PGP: 896CF30B)
Munich, Germany
-
Take Surveys. Earn Cash. Influence
On Thu, Mar 29, 2007 at 04:42:56PM +0200, Mark Martinec wrote:
Robert,
today I started to look a bit deeper into p0f(1) and p0f-analyzer.pl.
Now I expected amavisd to output either some logging or some
X-Amavis-OS-Fingerprint header. But - nothing.
[...]
Yet, only that the code
___
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
--
Robert Brooks
Hi,
from the release notes...
- phishing fraud as returned by ClamAV is now treated as spam, no
longer as a virus;
great, this was my biggest annoyance with clam's phishing detection,
does the email make it to bayes though?
Regards,
Rob
great, this was my biggest annoyance with clam's phishing detection,
does the email make it to bayes though?
Yes it does. SA checks are invoked normally, and virus flag is turned off.
ah, does SA get any indication that clamav thinks the email is a phish?
Otherwise I guess turning off
traffic than file based
--
Mit freundlichen Gruessen
Best Regards
Robert Schetterer
https://www.schetterer.org
Munich/Bavaria/Germany
-
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay
folders, i use sieve or maildrop, procmail for doing that,
so the solution is to integrate such filter to your mail server
--
Mit freundlichen Gruessen
Best Regards
Robert Schetterer
https://www.schetterer.org
Munich/Bavaria/Germany
://www.amavis.org/howto/
Hi Dino,
have you trained spamassasin with the user which you use to run amavis?
--
Mit freundlichen Gruessen
Best Regards
Robert Schetterer
https://www.schetterer.org
Munich/Bavaria/Germany
-
Take Surveys
Mark Martinec wrote:
What is missing is your semantics code: check what information
came in, and prepare a suitable response.
ok, we shall begin. I do code a little perl, I shall pass it back with a
brown bag :)
You may disable whole code sections in amavisd
which you won't be needing:
Hi,
I noticed there's bits of code in amavis to allow it to act as a
tcp_access map for postfix, but I'm not sure if this is complete.
I was wondering if there's any chance that this might be developed to
allow amavis to act as a policy server for postfix.
In particular, I'd like to be able
Mark Martinec wrote:
The Postfix policy protocol support is complete, but there is almost
no semantics in-there. Similarly the support for Postfix tcp lookup
maps is there. I did both mostly as a proof-of-concept, because
most of the code is common with AM.PDP protocol support and was
not
Hello,
A user complained of a message being bounced that shouldn't have been. He
normally doesn't have any trouble receiving email from the sender.I can not
determine why this happened, or what would be the next step to look at in
order to resolve why it happened.
Any suggestions to point me in
work for spam or is it just for viruses?
thanx in advance,
robert
--
_
/ A language that doesn't have everything \
| is actually easier to program in than |
| some that do
?
Whats the lookup time by using dig for several host?
--
Robert Felber (PGP: 896CF30B)
Munich, Germany
-
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Gary V schrieb:
Robert wrote:
[EMAIL PROTECTED],
are there any examples online with having
amavis-new not configured on localhost
working with postfix
for exmaple ,if i want share the amavis service on a special host between
multiple
Regards
Robert Schetterer
robert_at_schetterer_dot_org
Munich / Bavaria / Germany
https://www.schetterer.org
https://www.schetterer.com/public-gpg-robert-schetterer.key
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.3 (MingW32)
iD8DBQFFIaPINxddAhXBw7QRAvVYAJ9ueLK34cKXBG4LYXWMumCA1lIcugCgopnb
Ronnie Tartar wrote:
Is anybody using the Squirrel mail plugin for configuration?
I'm getting the following error:
Unknown column 'users.username' in 'where clause']' called from
ReadPolicyList on line 1067
I assume this is a problem with SquirrelMail just want to run it by you
guys
I've been trying to find the answer to this question, but I must not
be looking in the right places. I'm not even sure if this is a
Postfix or amavisd configuration issue.
We are running Postfix 2.2.1 with MySQL, SpamAssassin, ClamAV and
amavisd-new 2.3.3. Courier-IMAP is the delivery system.
'. The problem goes away by upgrading libdb to 4.x.
I am running FreeBSD 5.4 and my libdb version is 4.2, any ideas what is
causing the issue or where I should look? I am running with Postfix
2.2.8 and SA 3.0.1.
--
Robert
---
This SF.net email
and bayes, things worked, but still the dups were
processing. I removed the dups and whala! Once I got that done, it runs
fine with dns and bayes enabled. I even took amavis back up to
max_server of 10. But I will change to MySQL. Thanks for the help!
--
Robert
, clamav, sa and postfix?
Even if I need to grep several times to see all steps, I can't seem to
find every step pertaining to a message. I have amavis log set to 2.
--
Robert
---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log
-285) seen at 1134576953
amavis-stats: New id (#14, Worm.Mytob.JM) seen at 1134595688
amavis-stats: New id (#15, Worm.SomeFool.I) seen at 1134605655
amavis-stats: New id (#16, HTML.Phishing.Bank-49) seen at 1134608860
--
Robert
---
This SF.net
by the port package
system. The new default does not even have ClamAV setup for uncommenting
like the old. Is this contributing to my problem? And where can I find a
doc to set this up properly with Postfix, SpamAssassin and ClamAV?
--
Robert
On Fri, Dec 02, 2005 at 09:32:54AM +0100, mouss wrote:
Robert Felber a écrit :
On Fri, Dec 02, 2005 at 02:23:00AM +0100, mouss wrote:
if you block at IP level, and if sender client is an MTA, it will retry.
Uh? Only on DEFER (4xx), on REJECTs (5xx) the MTA is not supposed to retry
by the attacker.
All in all, it is unsafe to do it automatically of any sort or requires too
much administrative and programming overhead.
--
Robert Felber (PGP: 896CF30B)
Munich, Germany
---
This SF.net email is sponsored by: Splunk Inc. Do
://www.postfix.org/addon.html#policy
However, an automatic blacklisting out of logs is a very call for trouble.
Especially when it comes to forwarders and real MTAs (like ISPs).
--
Robert Felber (PGP: 896CF30B)
Munich, Germany
was rather plaintext, of course I meant
$sa_kill_level_deflt, or even a new level,
$sa_(report|script|administrativa)_level_deflt; I'm not sure which is most
convenient and reasonable.
--
Robert Felber (PGP: 896CF30B)
Munich, Germany
On Fri, Oct 21, 2005 at 07:02:31AM +0200, Robert Felber wrote:
I'm not sure which ones causes more overhead, creating a UNIX TCP Socket, or
calling a script.
In terms of speed and time, I myself would go for the Socket too, because
I could make amavis talk directly to the cache, however, it's
On Thu, Oct 20, 2005 at 01:41:16AM +0200, Mark Martinec wrote:
Robert,
How do I call an external script upon INFECTED or Spam-Score 10
This is not available without hacking the code, there is no mechanism
to specify plugins (except when their function is similar to a virus scanner).
Hm
Hi, Is there a way to log specific headers of mails marked as spam in
amavisd-new
Thanks in advance, Robert
---
This SF.Net email is sponsored by:
Power Architecture Resource Center: Free content, downloads, discussions,
and more. http
format has changed, what should I look for?
If you look at the month chart, you'll notice the big difference after
week 33 - http://esmtp.webtent.net/amavis-stats/
--
Robert
---
SF.Net email is Sponsored by the Better Software Conference
74 matches
Mail list logo