Mailserver behind Source-NAT
Hi all! I've two questions: 1) I'm using Docker with Kubernetes as management to run my mail system with postfix, amavis and cyrus imap. This implies that all connections from the outside to postfix and also all connections between postfix and amavis are source natted to one and the same ip address. Thus ALL_TRUSTED is one of the most mentioned tests in the incoming mail headers, which is making a lot of spam passing through! :-/ Today I set "clear_trusted_networks" and "clear_internal_networks" in local.cf for spamassassin to see if this helps - but nevertheless this does not "feel right"(TM) ;-) Any suggestions how to handle this "postfix behind SNAT" scenario best? 2) Before setting "clear_trusted_networks" and "clear_internal_networks" I received a mail with the following headers: Return-Path:Received: from unforgotten.de ([10.244.91.1]) by imap-p299l (Cyrus v2.4.17-caldav-beta10-Debian-2.4.17+caldav~beta10-18) with LMTPA; Tue, 22 Mar 2016 02:04:01 +0100 X-Sieve: CMU Sieve 2.4 Received: from localhost (unknown [10.244.91.1]) by unforgotten.de (Postfix) with ESMTP id 0ED57118BB2 for ; Tue, 22 Mar 2016 02:04:00 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at unforgotten.de X-Spam-Flag: YES X-Spam-Score: 8.015 X-Spam-Level: X-Spam-Status: Yes, score=8.015 required=5 tests=[ALL_TRUSTED=-1, DIGEST_MULTIPLE=0.001, FREEMAIL_FORGED_REPLYTO=2.503, HTML_MESSAGE=0.001, PYZOR_CHECK=1.985, RAZOR2_CF_RANGE_51_100=0.365, RAZOR2_CF_RANGE_E8_51_100=2.43, RAZOR2_CHECK=1.729, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no Received: from unforgotten.de ([10.244.91.1]) by localhost (unforgotten.de [10.244.91.14]) (amavisd-new, port 10024) with LMTP id 90ZE38lLT2an for ; Tue, 22 Mar 2016 02:03:57 +0100 (CET) Received: from intensiver.biz.ua (unknown [10.244.91.1]) by unforgotten.de (Postfix) with ESMTP id 86885118BAB for ; Tue, 22 Mar 2016 01:03:57 + (UTC) Received: from intensiver.biz.ua (46037.vs.webtropia.com [62.141.46.37]) by intensiver.biz.ua (Postfix) with ESMTPA id 8A7B86525BF2; Tue, 22 Mar 2016 02:18:28 +0200 (EET) Message-ID: Reply-To: dzu...@mail.ru From: "Buns" To: Subject: Unser Angebot ist der schnellste Weg zur Finanzierung Ihres Unternehmens I'm wondering why ALL_TRUSTED is in the list, although there is an untrusted address: intensiver.biz.ua (unknown [10.244.91.1]) Can someone please explain this? :-) Best regards, Frank
Re: Anti-virus for FreeBSD
Hi, anyone using eset? -- rickygm http://gnuforever.homelinux.com
Re: ANNOUNCE: amavisd-new-2.11.0-rc1 release candidate is available
On Monday, March 21, 2016 09:08:24 AM Thomas Jarosch wrote: > Hi Mark, > > On Friday, 18. March 2016 01:38:59 Mark Martinec wrote: > > - updated a default $map_full_type_to_short_type_re to recognize > > > >a Microsoft Word document as type doc; thanks to Jörg Backschues; > > thanks for the new release candidate! > > In the previous amavisd version, all Office files types > were mapped to 'doc' since file(1) reported just "Office document". > > Office 2007+ documents get properly distinguished by file(1). > > We could either do this (I run that locally): > > [qr/^Microsoft Office Document\b/i => 'doc'], # OLE2: doc, ppt, xls, > ... +[qr/^Microsoft (Word|Excel|PowerPoint)\b/i => 'doc'], # Office > 2007+: docx, docm, pptx, xlsx, ... > > > for the sake of "compatibility" > > *or* > > recognize each file type on it's own to give > the users a better control about the content type. > > What do you think? > > > btw: We've just contributed example Office documents > to the file-tests test suite: > https://github.com/christian-intra2net/file-tests/tree/office-types > > Those files are good samples for toying with this stuff. > > Cheers, > Thomas I packaged it for Mageia with the usual distro patches and upgraded the existing install. I don't see any errors. This what # systemctl -l status amavisd provides. Mar 22 04:30:16 cauldron.btspuhler.com systemd[1]: Reloaded AMAVIS interface between MTA and content checkers. Mar 22 04:30:16 cauldron.btspuhler.com amavis[28786]: (!)Net::Server: 2016/03/22-04:30:16 Re-exec server during HUP Mar 22 04:30:17 cauldron.btspuhler.com amavis[28786]: starting. (warm) /usr/sbin/amavisd at cauldron.btspuhler.com amavisd-new-2.11.0-rc1 (2 Mar 22 04:30:18 cauldron.btspuhler.com amavis[28786]: Net::Server: Group Not Defined. Defaulting to EGID '957 957' Mar 22 04:30:18 cauldron.btspuhler.com amavis[28786]: Net::Server: User Not Defined. Defaulting to EUID '958' Mar 22 04:30:18 cauldron.btspuhler.com amavis[28786]: No $altermime, not using it Mar 22 04:30:18 cauldron.btspuhler.com amavis[28786]: No ext program for .lz4, tried: lz4c -d Mar 22 04:30:18 cauldron.btspuhler.com amavis[28786]: No decoder for .lz4 Mar 22 04:30:18 cauldron.btspuhler.com amavis[28786]: Using primary internal av scanner code for ClamAV-clamd Mar 22 04:30:18 cauldron.btspuhler.com amavis[28786]: Found secondary av scanner ClamAV-clamscan at /usr/bin/clamscan Seems like I need to provide a group and user ID for Net::Server -- Best regards Thomas Spuhler All of my e-mails have a valid digital signature ID 60114E63 signature.asc Description: This is a digitally signed message part.
Re: ClamAV and Sophos
On Tuesday 22 March 2016 10:00:23 Dino Edwards wrote: > I'm trying to figure out how to integrate Sophos with amavis in addition to > clamav in Ubuntu. I'm also using this scenario but with Centos. So it should be somewhat the same. > I'm a little confused on how to go about integrating it. > As I understand, I need to download and install the following: > > Sophos Antivirus for Linux 9.1 > > Then I need to enter an entry like below in my amavis config? > > ### http://www.sophos.com/ > ['Sophos Anti Virus (savscan)', # formerly known as 'sweep' > ['/opt/sophos-av/bin/savscan', 'savscan'], # 'sweep' > '-nb -f -all -rec -ss -sc -archive -cab -mime -oe -tnef '. > '--no-reset-atime {}', > [0,2], qr/Virus .*? found/m, > qr/^>>> Virus(?: fragment)? '?(.*?)'? found/m, > ], With this configuration you will be calling the antivirus at each mail. It will load all the virus definitions, scan the file and then exit. It will be slow. I use the daemon version where a daemon starts, loads the virus database and then listen for incoming scan request. You can do that with either: - Sophos-SSSP daemon - it's a daemon that comes with the sophos install files - Sophie - an opensource daemon I tested the first one and had a few problems and then reverted back to sophie: Here is my conf: ['Sophie', \_daemon, ["{}/\n", '/tmp/sophie.sock'], # was: sophie:/var/run/sophie #\_daemon, ["{}/\n", '/var/spool/qmailscan/run/sophie'], # was: sophie:/var/run/sophie qr/(?x)^ 0+ ( : | [\000\r\n]* $)/, qr/(?x)^ 1 ( : | [\000\r\n]* $)/, qr/(?x)^ [-+]? \d+ : (.*?) [\000\r\n]* $/m ], #no /m on old cfg > Do I also need to install SAV Dynamic interface 2.2 from Sophos? Don't know for sure. > Does anyone have a definitive guide on how to get this going? I've create our own internal RPMs for centos for sophos and savi. So for us is just a matter of installing the rpms, register the sophos and changing the amavisd.conf. >From sophos the only file that we require is sav-linux-9-i386.tgz (don't know why it is named i386). Hope it helps. Best regards, Nuno Fernandes
Re: Anti-virus for FreeBSD
* Olivier Nicole: > Patrick > >> What anti-virus are you using with FreeBSD? beside ClamAV that is. > >> > >> I had been using Kaspersky for years, but they are withdrawing their > >> support for FreeBSD, so i will not renew my license in October. > > > > Avira's Antivirus program SAVAPI runs on BSDs. They require per user > > licenses. > > You can't buy SAVAPI directly from Avira. You could buy it from us. > > Avira just told me that their Unix offer is EOL June 2016, can you > concure? As I wrote: You can't buy SAVAPI directly from Avira. It's OEM technology they don't sell directly. Systemintegrators, such as us, build a product around SAVAPI and sell it. HTH p@rick -- [*] sys4 AG https://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
Re: Anti-virus for FreeBSD
Patrick >> What anti-virus are you using with FreeBSD? beside ClamAV that is. >> >> I had been using Kaspersky for years, but they are withdrawing their >> support for FreeBSD, so i will not renew my license in October. > > Avira's Antivirus program SAVAPI runs on BSDs. They require per user licenses. > You can't buy SAVAPI directly from Avira. You could buy it from us. Avira just told me that their Unix offer is EOL June 2016, can you concure? best regards, Olivier --
ClamAV and Sophos
I'm trying to figure out how to integrate Sophos with amavis in addition to clamav in Ubuntu. I'm a little confused on how to go about integrating it. As I understand, I need to download and install the following: Sophos Antivirus for Linux 9.1 Then I need to enter an entry like below in my amavis config? ### http://www.sophos.com/ ['Sophos Anti Virus (savscan)', # formerly known as 'sweep' ['/opt/sophos-av/bin/savscan', 'savscan'], # 'sweep' '-nb -f -all -rec -ss -sc -archive -cab -mime -oe -tnef '. '--no-reset-atime {}', [0,2], qr/Virus .*? found/m, qr/^>>> Virus(?: fragment)? '?(.*?)'? found/m, ], Do I also need to install SAV Dynamic interface 2.2 from Sophos? Does anyone have a definitive guide on how to get this going? Thanks Dino