Re: Spamassassin local rules not accessed?

On Thu Feb 04 2016 01:17:37 Vicki Brown said: > > I thought Spamassassin local.cf was supposed to be accessed. However, > evidence implies otherwise. > There is no indication that our local rules are ever triggered. That is the case here as well. -- I intend to live forever --

Re: The amavisd daemon is apparently not running, no PID file (OSX 10.11.x)

On Feb 11, 2016, at 7:35 AM, Roland Schmid wrote: >> Manage these parameters via the Server.app application. It works fine this >> way. >> >> If you go in the "Mail" section and enable junk mail filtering, it enables >> Amavisd. > > the Server App is

Re: The amavisd daemon is apparently not running, no PID file (OSX 10.11.x)

On Sat Feb 13 2016 02:59:24 Roland Schmid said: > >> Be that as it may, changing the setting behind the Server app’s back is >> likely to result in much wailing and gnashing of teeth. > >> No one is required to user the Server app on OS X, but if

Re: Subject tag

On 31 Jan 2016, at 04:16, Marius Gologan wrote: > $sa_spam_subject_tag = 'Spam (_REQD_) _SCORE_: ‘ Thanks, I will give that a shot (well, without the _REQD_ field). -- You have severe reading comprehension problems that I can not be held responsible for.

Re: Training Amavis

> On Jan 31, 2016, at 9:49 PM, listsb-ama...@bitrate.net wrote: > > >> On Jan 31, 2016, at 23.07, @lbutlr <krem...@kreme.com> wrote: >> >> I get daily mails from wordpress verifying backups and these are all tagged >> as spam (at a very high score in

Re: Training Amavis

On Feb 1, 2016, at 12:32 AM, @lbutlr <krem...@kreme.com> wrote: > I ma not blindling trainmen it. i wam training false positives as ham. Wow. I have no idea how that happened. I am not blindly training it, I am training false positives as ham. -- "We're philosophers. We think, therefore we am."

Training Amavis

I get daily mails from wordpress verifying backups and these are all tagged as spam (at a very high score in the 7-13 range). How do I train amavis? Do i just run normal sa-learn as root? As the user? as the scan user? -- 'The only reason we're still alive now is that we're more fun alive

Subject tag

Is it possible to put the score into the subject tag for spam instead of just ***Spam***? I didn’t see anything obvious in the conf file. -- "A politician is a man who approaches every problem with an open mouth."

Re: Training Amavis

On Feb 1, 2016, at 6:43 AM, btb wrote: > you must train the database that is used during message evaluation. that is > to say, whatever using is running amazes Thank you. --

Re: Amavis and ClamAV and YARA

On Fri Feb 26 2016 03:39:51 Olivier Nicole said: > > I installed YARA and YARA-rules (from > https://github.com/Yara-Rules/rules0 and I have been quite disappointed. That URL doe not load. -- He felt as if he'd been shipwrecked on the Titanic but in the nick

Re: Mail from own host is recognized as spam

On Feb 15, 2016, at 7:51 AM, Catscrash wrote: > I have a problem with mail being marked as SPAM, although being > transmitted between virtual domains on the same hosts. Why are you sending mail between local domains to amavis? -- I WILL NOT PLEDGE ALLEGIANCE TO BART

Re: Upcoming Release: feature Request

On Feb 15, 2016, at 1:53 PM, A. Schulze wrote: > Feature Request: Amavisd-new should recognise A-R header and use/trust them. > Assumption: the A-R header aren't present in an incoming message but really > added by a local milter. How would amavis know if the headers

Re: Upcoming Release: feature Request

On Feb 16, 2016, at 3:31 AM, Patrick Ben Koetter <p...@sys4.de> wrote: > * @lbutlr <krem...@kreme.com>: >> On Feb 15, 2016, at 1:53 PM, A. Schulze <s...@andreasschulze.de> wrote: >>> Feature Request: Amavisd-new should recognise A-R header and use/trust them. &

virusalert emails

I have a email sitting in my mailq directed at a local user virusalert@$mydomain which appears to have been caught by amavis/clamav. While I am, of course, happy that this email was not delivered to the intended mailbox, I also don’t want it cluttering up my mailq, and while I find it

Re: From address spoofing my domain

On Mar 19, 2016, at 3:47 PM, @lbutlr <krem...@kreme.com> wrote: > A user has been getting a lot of spam with headers that look something like > this: > > From: bos...@covisp.net, h...@covisp.net, restorat...@covisp.net One other detail, these are emails that SHOULD be getting

Re: From address spoofing my domain

On Mar 19, 2016, at 4:24 PM, Benny Pedersen wrote: > sender did not add @ in from header, if you remove @forged domain you see > something about mortgage This amavisd adding the domain and why is it generating an error that stops the spam from being quarantined and/or tagged? --

Re: Use X-Amavis-Alert header to influence Spam Assassin Scoring

On 7 Mar 2016, at 12:13, Josh Hamell wrote: > > Amavis headers are injected in immediately before delivery, and > therefore aren't available for SA to analyze. This is my understanding, amavis headers aren't there until after SA -- This is my signature. There are many like

Virus notification

before I duplicate work, I thought I’d check if someone else has already done something like this. Currently, amavis sends a notification to the virusal...@mydomain.tld address when it catches something with a forbidden (BANNED) attachment. I’d like to create a notification email for the

Re: Meaning of ".asc" in BANNED messages

On Mar 8, 2016, at 10:31 AM, Tom Hendrikx <t...@whyscream.net> wrote: > On 08-03-16 16:58, @lbutlr wrote: >> What is “.asc” since that is not a banned attachment. > > A pgp signature, this message has one There is no way that every one of these javascript-containing messages

Re: Virus notification

> On Mar 8, 2016, at 10:14 AM, Tom Hendrikx <t...@whyscream.net> wrote: > > > On 08-03-16 16:56, @lbutlr wrote: >> before I duplicate work, I thought I’d check if someone else has >> already done something like this. >> >> Currently, amavis sends a n

Re: js in zip attachment of e-mail

On Wed Mar 02 2016 07:32:48 Dino Edwards said: > > Like this: > > [qr'.\.(js)$'ix => 1] And where would I put that? And what sort of config is that? I’ve never seen any config file that put things inside square brackets… -- Blatant mistakes are the

Re: js in zip attachment of e-mail

On Thu Mar 03 2016 08:19:21 Thomas Spuhler <thomas.spuh...@btspuhler.com> said: > > On Wednesday, March 02, 2016 04:34:39 PM @lbutlr wrote: >> On Wed Mar 02 2016 07:32:48 Dino Edwards <dino.edwa...@mydirectmail.net> >> said: >>> L

Re: help on bulkmail , offers - amavisd.conf file

On Wed Mar 02 2016 22:16:05 Indunil Jayasooriya said: > > [qr'^(bulkmail|offers|cheapbenefits|earnmoney|foryou)@'i => 5.0], > bulkm...@anydomain1.com > bulkm...@anydomain2.com Yes. This is the section that starts with the comment: # ENVELOPE SENDER

Re: js in zip attachment of e-mail

On Mar 1, 2016, at 3:05 PM, Jakob Curdes wrote: > Am 01.03.2016 um 22:38 schrieb Thomas Spuhler: >> There are a lot of e-mails on the lose with subject "Unpaid invoice # " >> containing a zipped js (Java Script) I got about 10 of them today. >> Is there a way to filter

Re: Meaning of ".asc" in BANNED messages

On Mar 8, 2016, at 11:21 AM, Tom Hendrikx <t...@whyscream.net> wrote: > On 08-03-16 19:15, @lbutlr wrote: >> On Mar 8, 2016, at 10:31 AM, Tom Hendrikx <t...@whyscream.net> wrote: >>> On 08-03-16 16:58, @lbutlr wrote: >>>> What is “.asc” since that

Re: subject line not prefixed

On Apr 26, 2016, at 5:42 AM, Michael H wrote: > Could you amend the configuration for the mailing list to include > something in the subject line, like maybe [amavis-users]? Please do NOT do this. Ever. > This is the only mailing list I'm on where my filters have difficulty

Re: handling unknown recipients

On Apr 26, 2016, at 8:07 AM, Tilman Schmidt wrote: > Running Postfix with amavisd-new and quarantining attachments seems to > produce an unfortunate interaction when mail with a banned attachment > arrives for an unknown recipient: WHya re you ever accepting mail for a user

ClamAV via Amavis and logs?

I have amavisd running clamav, but nothing from clamav appears in any logs. The only thing I do see is lines like this: May 21 13:57:29 mail amavis[89288]: (89288-01) Passed SPAM {RelayedTaggedInbound,RelayedOpenRelay,Quarantined}, [127.0.0.1] [96.84.245.98] ->

Re: ClamAV via Amavis and logs?

On May 21, 2016, at 2:32 PM, Patrick Ben Koetter wrote: > clamav has its own independent logging. You can control it in clamd.conf. None > of that makes it into amavis. It does not appear that any information about specific messages and tests gets logged to the clamd.log file

Re: Multiple infections not passed to amavis

On Feb 2, 2017, at 2:49 AM, Levente Birta wrote: > OK, the problem was in the amavisd.conf at the @av_scanners section: don't > know why, but missed the /m (Treat string as multiple lines) option > > ['ClamAV-clamd', > \_daemon, ["CONTSCAN {}\n",

Re: Moving to new password scheme

On 24 Jan 2017, at 06:45, @lbutlr <krem...@kreme.com> wrote: > dovecot is setup Sorry. Wrong list, obviously. -- Apple broke AppleScripting signatures in Mail.app, so no random signatures.

Re: amavisd-release does not work with SQL quarantine (missing quar_type = "Q")

On 2017-02-20 (06:16 MST), Dino Edwards wrote: > > $QUARANTINEDIR = "/some/mountpoint/with/plenty/of/space"; > $virus_quarantine_method = 'local:virus/%m'; > $spam_quarantine_method = 'local:spam/%m'; > $banned_files_quarantine_method = 'local:banned/%m'; >

Moving to new password scheme

dovecot is setup on a system with MD5-CRYPT password scheme for all users, and I would like to update this to something that is secure, probably SSHA256-CRYPT, but I want to do this seamlessly without the users having to jump through any hoops. The users are in mySQL (managed via postfixadmin)

Re: amavisd-new cpu always 100%

On 2017-02-23 (22:05 MST), Asif Iqbal wrote: > > I am using postfix 2.6.6 Do you think it is wise to use a version of postfix from… 2010? Do you think it is wise to have not at least updated to the latest version of 2.6 (released in 2013)? -- Apple broke AppleScripting

Re: Formatting of SA score in Subject?

On 01 Sep 2016, at 13:18, Jeff Morris wrote: > >$sa_spam_subject_tag = sprintf( "[SPAM: %06.3f]", _SCORE_ ); > > Or is there a better way to do what I want? Maybe there's a token like > _ZSCORE_ ? :-) Close. _SCORE(PAD)_ message score, if PAD is

List issues?

I sent a message to the list yesterday (15:59 -0600) and it has not shown up, nor have I gotten any sort of notification that it was not posted or was rejected for some reason.

Re: List issues?

On Fri Sep 16 2016 01:27:41 amavis-us...@list-post.mks-mail.de <amavis-us...@list-post.mks-mail.de> said: > > 15.09.2016, 11:05 +0200 @lbutlr: > >> I sent a message to the list yesterday (15:59 -0600) and it has not >> shown up, nor have I gott

List issues worse

A message I sent two days ago has still not shown up on the list (for me). From: "@lbutlr" <krem...@kreme.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Mime-Version: 1.0 (Mac OS X Mail 10.0 \(3226\)) Subject: Re: List issue

Re: Formatting of SA score in Subject?

On Fri Sep 16 2016 01:22:20 Jeff Morris <jeffm...@nullmodem.org> said: > > On 9/12/2016 4:15 PM, Jeff Morris wrote: >> On 9/4/2016 7:22 AM, @lbutlr wrote: >>> On 01 Sep 2016, at 13:18, Jeff Morris <jeffm...@nullmodem.org> wrote: >>>>$sa_spam_sub

Re: List issues?

On Sat Sep 17 2016 01:38:46 Hoyer-Reuther, Christian said: > > It seems the problem is when we reply then the e-mail is not addressed to > amavis-users@amavis.org but to the sender of the last mail. That is not the source of the delays I am seeing.

Re: spam connection failing

ages? As I said upthread I have it set to add them to anything the scores over a 2.0 On Wed Sep 14 2016 15:59:11 @lbutlr <@lbutlr> said: > I have $sa_tag_level_deflt = 2.0; but X-Spam headers are not getting added > to any emails that I can find.

Re: Formatting of SA score in Subject?

On Wed Sep 28 2016 00:54:12 Jeff Morris <jeffm...@nullmodem.org> said: > > On 9/18/2016 8:32 AM, @lbutlr wrote: >> On Fri Sep 16 2016 01:22:20 Jeff Morris <jeffm...@nullmodem.org> said: >>> On 9/12/2016 4:15 PM, Jeff Morris wrote: >>>> On 9/4/201

Re: Spam tagging g in subject doubled up?

On Nov 8, 2016, at 2:49 AM, Tilman Schmidt wrote: > On 02.11.2016 10:46, Indunil Jayasooriya wrote: >> >> pls try below command with less >> >> >> less /etc/amavisd.conf |grep -i sa_spam_subject_tag > > Argh. Useless use of less is even worse than useless use of cat. >

Re: Amavisd and Bayes (again...)

On Nov 24, 2016, at 2:09 AM, Alex Masidlover wrote: > Any help would be appreciated before I drown in spam... I’ve posted a couple of times about the same exact issue with amavisnot using bases and so far no one has been able to provide any guidance as to why. For

Re: Amavisd and Bayes (again...)

> On Nov 24, 2016, at 7:09 AM, Dominic Raferd wrote: > > Maybe this can help: > https://www.nerd-quickies.net/2015/10/02/spamassassin-bayes_00-1-90-although-sa-learn-runs-daily/ Spamassasin and babes work perfectly well when I run mail through SA myself. It is when

Spam tagging g in subject doubled up?

I have: $sa_spam_subject_tag = '(Spam _SCORE(00)_) ‘; and I get spam tagging like this: (Spam? 05.1) *Spam* 5.196:Recent CNN-Report… The string “*Spam” does not appear in my amavisd.conf There are no uncommented lines in /var/spool/amavis/.spamassassin/local.cf Not sure where else to look

Re: Spam tagging g in subject doubled up?

Anyone? On Oct 29, 2016, at 10:05 AM, @lbutlr <krem...@kreme.com> wrote: > I can’t find where that *Spam* Subject tag is set; I’ve searched every file > in and under /usr/local/etc/ & /etc and the only match is in > amavisd.cong.sample and that is “***Spam***”. > >

Re: Flashlight spam (and others)

> On Dec 17, 2016, at 10:40 AM, Dino Edwards > wrote: > > Am I looking at this right? Does BAYES_00 assign a score of -4 on these > messages? Yes. BAYES_00 is normally extremely effective at passing ham. But note that the spam passed even WITHOUT BAYES_00 >

Re: unsubscribe

On 25 Nov 2017, at 12:17, traced wrote: > unsubscribe Your improper request failed. This is in the headers of every single post to the group: List-Id: "General support and discussion mailing list for AMaViS \(amavisd-new\)" List-Unsubscribe:

/var/virusmails expiry?

The files in /var/virusmail appear to be expiring after 30 days, but I can’t find a setting in the amavisd.conf for that other than the $maxfiles setting. How can I set this to, for example, 7 days? Or should I just setup a crontask for find /var/virusmails/ -ctime +7 --delete? -- 'Why is it

Re: Block ..rar files in amavisd

On 23 Jan 2018, at 00:20, Dominic Raferd <domi...@timedicer.co.uk> wrote: > > > On 22 January 2018 at 22:28, @lbutlr <krem...@kreme.com> wrote: > I have a file mime_headers.pcre in postfix: > /^\s*Content-(Disposition|Type).*name\s*=\s*"?(.*\.(ade|adp|bas|bat|chm

Re: /var/virusmails expiry?

On 21 Jan 2018, at 15:01, Patrick Ben Koetter wrote: > Actually I do believe there is a cron job that expires mails after 30 days. > Maybe you just need to adjust that. OK, I looked again and found that. Oops. -- 'He's mad, isn't he?' 'No, mad's when you froth at the mouth,' said

Re: Block ..rar files in amavisd

On 12 Jan 2018, at 06:24, Jonathan Sélea wrote: > I want to block .rar files on my server: I do this during the SMTP transaction phase so the mail server never even receives files on my restricted list I have a file mime_headers.pcre in postfix:

Re: Is amavisd-new still being maintained?

On 07 Oct 2018, at 15:35, Dave McGuire wrote: > Still works fine here. Personally I rather like it when a piece of > infrastructure software stops being a "moving target". When ut us supposed to be dealing with the constantly movie target of malicious emails, no, I don’t like to see it stop

Re: Email WhiteListing Attachments with Amavis and Microsoft Files

On 9 Nov 2018, at 10:56, Johnny Time wrote: > [ qr'^application/doc|docx|ppt|pdf|xls|vsd$'i => 0 ], This syntax is broken an will allow application/document binary/pptx and virusload.exe/pptanythinggoeshere You either need to put a $ at the end of all of those [

Re: Is amavisd-new still being maintained?

On 04 Oct 2018, at 12:22, Ralph Seichter wrote: > Does anybody here know if Mark Martinec (or anybody else) is actively > maintaining amavisd-new? https://www.ijs.si/software/amavisd/ has last > been updated more than two years ago, with the 2.11.0 release. The link > to the "Freshmeat project

Re: reload or restart after spamassassin/local.cf change?

On 17 Apr 2019, at 03:47, Dominic Raferd wrote: > (technically, perl Mail::SpamAssassin) for each mail it wants to check - and > I would expect that SA loads its parameters *each time* from its config files. That would be insanely inefficient. SA is not reloaded for each mail. -- Oh, he's

Re: Support for alz and egg archives

On 23 Apr 2019, at 11:36, Sim Sum wrote: > in times of malware and phishing some senders use exotic compression methods. Are you getting legitimate emails containing these archive types? -- Moving into the universe And she's drifting this way and that Not touching the ground at all And she's