Mark Martinec wrote:
Chris,
Also, your hints about debugging info from amavisd-new got
me reading about the auto whitelist. Used the following config
commands:
/etc/mail/spamassassin/local.cf:
use_auto_whitelist 0
/usr/local/sbin/amavisd.conf:
$sa_auto_whitelist = 0;
Chris,
Also, your hints about debugging info from amavisd-new got
me reading about the auto whitelist. Used the following config
commands:
/etc/mail/spamassassin/local.cf:
use_auto_whitelist 0
/usr/local/sbin/amavisd.conf:
$sa_auto_whitelist = 0;
$sa_auto_whitelist has no
Amavis Users:
Thank you very much for the help in getting this sorted.
One of your questions got me thinking, so I reconfigured
postfix for global filtering in main.cf, instead of in master.cf.
I had not remembered that I was not filtering email sent to the
submission port.
Also, your hints
It appears the cuprit is the auto whitelist (AWL):
Feb 19 01:37:04 linux postfix/smtpd[567]: connect from
anna.int.kiev.ua[194.242.60.75]
Feb 19 01:37:05 linux postfix/smtpd[567]: 516D1404B4:
client=anna.int.kiev.ua[194.242.60.75]
Feb 19 01:37:06 linux postfix/cleanup[667]: 516D1404B4:
Hi Christopher,
I've still got the mystery of how his email gets in without
being scored by Amavis.
When I run spamassassin on it, it gets a very high score.
Other spam gets filtered just fine. Somehow, this one spammer
avoids it.
Message larger than sa_mail_body_size_limit?
HTH,
Christopher J Shaker wrote:
Clifton:
I am pretty sure amavisd-new does *not* work this way. It has an
implicit list of checks to run on each incoming mail, starting with
virus scanning, and works its way through them. If it's working this
way for you, it may be the result of something
Here is the /var/log/mail entry from the email that leaked past Amavis-new:
Feb 18 15:07:11 linux postfix/smtpd[19386]: connect from
unknown[121.27.33.247]
Feb 18 15:07:12 linux postfix/smtpd[19386]: 3BFD9404B1:
client=unknown[121.27.33.247]
Feb 18 15:07:13 linux postfix/cleanup[19387]:
[Sending again as ASCII]
Here is the /var/log/mail entry from the email that leaked past Amavis-new:
Feb 18 15:07:11 linux postfix/smtpd[19386]: connect from
unknown[121.27.33.247]
Feb 18 15:07:12 linux postfix/smtpd[19386]: 3BFD9404B1:
client=unknown[121.27.33.247]
Feb 18 15:07:13 linux
Christopher J Shaker wrote:
Feb 18 15:07:33 linux amavis[17984]: (17984-09) Passed CLEAN,
[121.27.33.247] [EMAIL PROTECTED] - [EMAIL PROTECTED],
Message-ID: [EMAIL PROTECTED], mail_id:
If831cHwmATq, Hits: -222.952, size: 3510, queued_as: 7C4FA404B4, 20009 ms
Looks to me like it is
You're correct. I did not test my 'discovery' properly before jumping to
this conclusion.
I appreciate the pointer to the IGNORE behavior. I'll endeavor to ignore
any virus
or spam filtering headers from incoming email.
I've still got the mystery of how his email gets in without being scored
Clifton:
I am pretty sure amavisd-new does *not* work this way. It has an
implicit list of checks to run on each incoming mail, starting with
virus scanning, and works its way through them. If it's working this
way for you, it may be the result of something funky in your Postfix
Chris,
I've still got the mystery of how his email gets in without being scored
by Amavis. When I run spamassassin on it, it gets a very high score.
Other spam gets filtered just fine. Somehow, this one spammer avoids it.
Perhaps it was larger than $sa_mail_body_size_limit, or the recipient
You may all know about this, but it was new to me.
Found a persistent spammer was sending email to my domain without
any score information from amavis-new.
After trying several possibilities, I finally realized that he was sending
the email with a hand crafted 'X-Virus-Scanned' header that was
On 2/16/08, Christopher J Shaker wrote:
You may all know about this, but it was new to me.
Found a persistent spammer was sending email to my domain without
any score information from amavis-new.
After trying several possibilities, I finally realized that he was sending
the email with a
On Sat, Feb 16, 2008 at 11:31:05AM -0800, Christopher J Shaker wrote:
You may all know about this, but it was new to me.
Found a persistent spammer was sending email to my domain without
any score information from amavis-new.
After trying several possibilities, I finally realized that he
Chris,
Found a persistent spammer was sending email to my domain without
any score information from amavis-new.
After trying several possibilities, I finally realized that he was sending
the email with a hand crafted 'X-Virus-Scanned' header that was identical
to what my Amavis-new would
16 matches
Mail list logo
