Mailserver behind Source-NAT

2016-03-22 Thread Frank Grötzner 

Hi all!

I've two questions:

1) I'm using Docker with Kubernetes as management to run my mail system 
with postfix, amavis and cyrus imap. This implies that all connections 
from the outside to postfix and also all connections between postfix and 
amavis are source natted to one and the same ip address. Thus 
ALL_TRUSTED is one of the most mentioned tests in the incoming mail 
headers, which is making a lot of spam passing through! :-/


Today I set "clear_trusted_networks" and "clear_internal_networks" in 
local.cf for spamassassin to see if this helps - but nevertheless this 
does not "feel right"(TM) ;-)


Any suggestions how to handle this "postfix behind SNAT" scenario best?


2) Before setting "clear_trusted_networks" and "clear_internal_networks" 
I received a mail with the following headers:



Return-Path: 
Received: from unforgotten.de ([10.244.91.1])
 by imap-p299l (Cyrus 
v2.4.17-caldav-beta10-Debian-2.4.17+caldav~beta10-18) with LMTPA;
 Tue, 22 Mar 2016 02:04:01 +0100
X-Sieve: CMU Sieve 2.4
Received: from localhost (unknown [10.244.91.1])
by unforgotten.de (Postfix) with ESMTP id 0ED57118BB2
for ; Tue, 22 Mar 2016 02:04:00 +0100 (CET)
X-Virus-Scanned: Debian amavisd-new at unforgotten.de
X-Spam-Flag: YES
X-Spam-Score: 8.015
X-Spam-Level: 
X-Spam-Status: Yes, score=8.015 required=5 tests=[ALL_TRUSTED=-1,
DIGEST_MULTIPLE=0.001, FREEMAIL_FORGED_REPLYTO=2.503,
HTML_MESSAGE=0.001, PYZOR_CHECK=1.985, RAZOR2_CF_RANGE_51_100=0.365,
RAZOR2_CF_RANGE_E8_51_100=2.43, RAZOR2_CHECK=1.729,
URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from unforgotten.de ([10.244.91.1])
by localhost (unforgotten.de [10.244.91.14]) (amavisd-new, port 10024)
with LMTP id 90ZE38lLT2an for ;
Tue, 22 Mar 2016 02:03:57 +0100 (CET)
Received: from intensiver.biz.ua (unknown [10.244.91.1])
by unforgotten.de (Postfix) with ESMTP id 86885118BAB
for ; Tue, 22 Mar 2016 01:03:57 + (UTC)
Received: from intensiver.biz.ua (46037.vs.webtropia.com [62.141.46.37])
by intensiver.biz.ua (Postfix) with ESMTPA id 8A7B86525BF2;
Tue, 22 Mar 2016 02:18:28 +0200 (EET)
Message-ID: 
Reply-To: dzu...@mail.ru
From: "Buns" 
To: 
Subject: Unser Angebot ist der schnellste Weg zur Finanzierung Ihres 
Unternehmens


I'm wondering why ALL_TRUSTED is in the list, although there is an 
untrusted address: intensiver.biz.ua (unknown [10.244.91.1])

Can someone please explain this? :-)

Best regards,
Frank

Re: Anti-virus for FreeBSD

2016-03-22 Thread Ricky Gutierrez 
Hi, anyone using eset?


-- 
rickygm

http://gnuforever.homelinux.com

Re: ANNOUNCE: amavisd-new-2.11.0-rc1 release candidate is available

2016-03-22 Thread Thomas Spuhler 
On Monday, March 21, 2016 09:08:24 AM Thomas Jarosch wrote:
> Hi Mark,
> 
> On Friday, 18. March 2016 01:38:59 Mark Martinec wrote:
> > - updated a default $map_full_type_to_short_type_re to recognize
> > 
> >a Microsoft Word document as type doc; thanks to Jörg Backschues;
> 
> thanks for the new release candidate!
> 
> In the previous amavisd version, all Office files types
> were mapped to 'doc' since file(1) reported just "Office document".
> 
> Office 2007+ documents get properly distinguished by file(1).
> 
> We could either do this (I run that locally):
> 
>  [qr/^Microsoft Office Document\b/i  => 'doc'],  # OLE2: doc, ppt, xls,
> ... +[qr/^Microsoft (Word|Excel|PowerPoint)\b/i  => 'doc'],  # Office
> 2007+: docx, docm, pptx, xlsx, ...
> 
> 
> for the sake of "compatibility"
> 
> *or*
> 
> recognize each file type on it's own to give
> the users a better control about the content type.
> 
> What do you think?
> 
> 
> btw: We've just contributed example Office documents
> to the file-tests test suite:
> https://github.com/christian-intra2net/file-tests/tree/office-types
> 
> Those files are good samples for toying with this stuff.
> 
> Cheers,
> Thomas

I packaged it for Mageia with the usual distro patches and upgraded the 
existing install. I don't see any errors.
This what  # systemctl -l status amavisd provides.

Mar 22 04:30:16 cauldron.btspuhler.com systemd[1]: Reloaded AMAVIS interface 
between MTA and content checkers.
Mar 22 04:30:16 cauldron.btspuhler.com amavis[28786]: (!)Net::Server: 
2016/03/22-04:30:16 Re-exec server during HUP
Mar 22 04:30:17 cauldron.btspuhler.com amavis[28786]: starting. (warm) 
/usr/sbin/amavisd at cauldron.btspuhler.com amavisd-new-2.11.0-rc1 (2
Mar 22 04:30:18 cauldron.btspuhler.com amavis[28786]: Net::Server: Group Not 
Defined.  Defaulting to EGID '957 957'
Mar 22 04:30:18 cauldron.btspuhler.com amavis[28786]: Net::Server: User Not 
Defined.  Defaulting to EUID '958'
Mar 22 04:30:18 cauldron.btspuhler.com amavis[28786]: No $altermime, 
not using it
Mar 22 04:30:18 cauldron.btspuhler.com amavis[28786]: No ext program for   
.lz4, tried: lz4c -d
Mar 22 04:30:18 cauldron.btspuhler.com amavis[28786]: No decoder for   .lz4
Mar 22 04:30:18 cauldron.btspuhler.com amavis[28786]: Using primary internal av 
scanner code for ClamAV-clamd
Mar 22 04:30:18 cauldron.btspuhler.com amavis[28786]: Found secondary av 
scanner ClamAV-clamscan at /usr/bin/clamscan


Seems like I need to provide a group and user ID for Net::Server

-- 
Best regards
Thomas Spuhler

All of my e-mails have a valid digital signature
ID 60114E63

signature.asc
Description: This is a digitally signed message part.

Re: ClamAV and Sophos

2016-03-22 Thread Nuno Fernandes 
On Tuesday 22 March 2016 10:00:23 Dino Edwards wrote:
> I'm trying to figure out how to integrate Sophos with amavis in addition to
> clamav in Ubuntu.

I'm also using this scenario but with Centos. So it should be somewhat the 
same.

> I'm a little confused on how to go about integrating it.
> As I understand, I need to download and install the following:
> 
> Sophos Antivirus for Linux 9.1
> 
> Then I need to enter an entry like below in my amavis config?
> 
> ### http://www.sophos.com/
>   ['Sophos Anti Virus (savscan)',   # formerly known as 'sweep'
> ['/opt/sophos-av/bin/savscan', 'savscan'],  # 'sweep'
> '-nb -f -all -rec -ss -sc -archive -cab -mime -oe -tnef '.
> '--no-reset-atime {}',
> [0,2], qr/Virus .*? found/m,
> qr/^>>> Virus(?: fragment)? '?(.*?)'? found/m,
>   ],

With this configuration you will be calling the antivirus at each mail. It will 
load all the virus definitions, scan the file and then exit. It will be slow.

I use the daemon version where a daemon starts, loads the virus database and 
then listen for incoming scan request. You can do that with either:

- Sophos-SSSP daemon - it's a daemon that comes with the sophos install files
- Sophie - an opensource daemon

I tested the first one and had a few problems and then reverted back to sophie:

Here is my conf:

['Sophie',
  \_daemon, ["{}/\n", '/tmp/sophie.sock'], # was: sophie:/var/run/sophie
  #\_daemon, ["{}/\n", '/var/spool/qmailscan/run/sophie'], # was: 
sophie:/var/run/sophie
  qr/(?x)^ 0+ ( : | [\000\r\n]* $)/,  qr/(?x)^ 1 ( : | [\000\r\n]* $)/,
  qr/(?x)^ [-+]? \d+ : (.*?) [\000\r\n]* $/m ], #no /m on old cfg


> Do I also need to install SAV Dynamic interface 2.2 from Sophos?

Don't know for sure.

> Does anyone have a definitive guide on how to get this going?

I've create our own internal RPMs for centos for sophos and savi. So for us is 
just a matter of installing the rpms, register the sophos and changing the 
amavisd.conf.
>From sophos the only file that we require is sav-linux-9-i386.tgz (don't know 
why it is named i386).

Hope it helps.

Best regards,
Nuno Fernandes

Re: Anti-virus for FreeBSD

2016-03-22 Thread Patrick Ben Koetter 
* Olivier Nicole :
> Patrick
> >> What anti-virus are you using with FreeBSD? beside ClamAV that is.
> >> 
> >> I had been using Kaspersky for years, but they are withdrawing their
> >> support for FreeBSD, so i will not renew my license in October.
> >
> > Avira's Antivirus program SAVAPI runs on BSDs. They require per user 
> > licenses.
> > You can't buy SAVAPI directly from Avira. You could buy it from us.
> 
> Avira just told me that their Unix offer is EOL June 2016, can you
> concure?

As I wrote: You can't buy SAVAPI directly from Avira. It's OEM technology they
don't sell directly. Systemintegrators, such as us, build a product around
SAVAPI and sell it.

HTH

p@rick

-- 
[*] sys4 AG
 
https://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München
 
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein

Re: Anti-virus for FreeBSD

2016-03-22 Thread Olivier Nicole 
Patrick
>> What anti-virus are you using with FreeBSD? beside ClamAV that is.
>> 
>> I had been using Kaspersky for years, but they are withdrawing their
>> support for FreeBSD, so i will not renew my license in October.
>
> Avira's Antivirus program SAVAPI runs on BSDs. They require per user licenses.
> You can't buy SAVAPI directly from Avira. You could buy it from us.

Avira just told me that their Unix offer is EOL June 2016, can you
concure?

best regards,

Olivier
--

ClamAV and Sophos

2016-03-22 Thread Dino Edwards 
I'm trying to figure out how to integrate Sophos with amavis in addition to 
clamav in Ubuntu. I'm a little confused on how to go about integrating it. As I 
understand, I need to download and install the following:

Sophos Antivirus for Linux 9.1

Then I need to enter an entry like below in my amavis config?

### http://www.sophos.com/
  ['Sophos Anti Virus (savscan)',   # formerly known as 'sweep'
['/opt/sophos-av/bin/savscan', 'savscan'],  # 'sweep'
'-nb -f -all -rec -ss -sc -archive -cab -mime -oe -tnef '.
'--no-reset-atime {}',
[0,2], qr/Virus .*? found/m,
qr/^>>> Virus(?: fragment)? '?(.*?)'? found/m,
  ],

Do I also need to install SAV Dynamic interface 2.2 from Sophos?

Does anyone have a definitive guide on how to get this going? 

Thanks

Dino