From matt at dgisoda.com Thu Sep 1 19:48:41 2011 From: matt at dgisoda.com (Matt Goodman) Date: Thu, 1 Sep 2011 07:48:41 -1000 Subject: sa_userconf_maps and sa_username_maps syntax question Message-ID: <084f01cc68cf$647797e0$2d66c7a0$@dgisoda.com> Hello all, I am interested in two new features that got added to amavisd-new in version 2.7.0 Taken from the Release Notes (2.7.0) - per-recipient (or per- policy bank) SpamAssassin configuration files or SQL configuration sets are supported (@sa_userconf_maps), and per-recipient SQL Bayes database usernames (@sa_username_maps); However, I don't see are any examples of how this configuration is enabled, or more specifically what syntax the configuration options are looking for. I gather that they are "maps" but I really don't understand how maps are configured. Presently I have the @lookup_sql_dsn configured to check the database which Postfixadmin is adding users to. I'd like to have my users store per-user bayes information and per-user spamassasin information inside this database also. Did these options merely get added and will become documented/utilized at a later point? Or is all the information already there, and I'm just not seeing it? Update: I did find these two config options in the amavisd.conf-default.bz2 doc file # @sa_userconf_maps = (); # @sa_username_maps = (); Alas, they are empty and I am not sure what to enter there to "tell" amavisd-new to look up in the SQL database. I appreciate any replies. Matt -------------- next part -------------- An HTML attachment was scrubbed... URL: From matt at dgisoda.com Fri Sep 2 06:51:25 2011 From: matt at dgisoda.com (Matt Goodman) Date: Thu, 1 Sep 2011 18:51:25 -1000 Subject: sa_userconf_maps and sa_username_maps syntax question In-Reply-To: References: <084f01cc68cf$647797e0$2d66c7a0$@dgisoda.com> Message-ID: <09df01cc692b$f9604d50$ec20e7f0$@dgisoda.com> Thank you very much for your reply. I understand a little bit better now. However, in example one below you listed a single domain name using the method ?sql?. What if I have dozens of domains, with them being added/removed somewhat regularly by Postfix Admin (I can perceive adding at least 1-2 domains per month) to this system. Isn?t there a way to tell amavisd-new that all domains in the lookup_sql_dsn? The table is actually called ?domain? inside the ?postfixadmin? db. For @sa_username_maps ? I do not understand the syntax of that at all. Could you explain it in just a little more detail so I actually understand what?s being done, as opposed to just copying your example. Many thanks. Thank you for the link to the patch, that will be helpful. And yes I have followed the SpamAssassin SQL README and have my db schema as-per those documents. A table called ?userpref? with one line per SA preference. I have even tested this using spamc and validated that the SQL configuration is good. I am just a little lost as to the @sa_username_maps syntax (looks like regex to me), and I will read through the patch to try and determine what amavisd-new is looking for. In the meantime, if someone can help me understand how one might use all the domains in the postfixadmin table instead of one domain per line of @sa_userconf_maps, that would be helpful. Matt Sent: Thursday, September 01, 2011 11:21 AM To: Matt Goodman Subject: Re: sa_userconf_maps and sa_username_maps syntax question Hello Matt, For sql user_prefs ( per user config ):: I had to add 1. @sa_userconf_maps = ( { '.domain-t1.ro' => 'sql:', } ); @sa_username_maps = new_RE ( [ qr'^([^@]+ at .*)'i => '${1}' ] ); 2. this patch http://lists.amavis.org/pipermail/amavis-users/attachments/20110812/756a66cf/attachment.obj You have to read about SPAMMASSASSIN SQL userprf to know howto setup database and userpref table. -------------- next part -------------- An HTML attachment was scrubbed... URL: From rbgarga at gmail.com Fri Sep 2 12:06:52 2011 From: rbgarga at gmail.com (Renato Botelho) Date: Fri, 2 Sep 2011 07:06:52 -0300 Subject: sa_userconf_maps and sa_username_maps syntax question In-Reply-To: <09df01cc692b$f9604d50$ec20e7f0$@dgisoda.com> References: <084f01cc68cf$647797e0$2d66c7a0$@dgisoda.com> <09df01cc692b$f9604d50$ec20e7f0$@dgisoda.com> Message-ID: Hello Matt On Fri, Sep 2, 2011 at 1:51 AM, Matt Goodman wrote: > Thank you very much for your reply. I understand a little bit better now. > However, in example one below you listed a single domain name using the > method ?sql?. What if I have dozens of domains, with them being > added/removed somewhat regularly by Postfix Admin (I can perceive adding at > least 1-2 domains per month) to this system. Isn?t there a way to tell > amavisd-new that all domains in the lookup_sql_dsn? The table is actually > called ?domain? inside the ?postfixadmin? db. If all domains are using sql, you can have: @sa_userconf_maps = ( ?? { ????? '.*' => 'sql:', ?? } ); > For @sa_username_maps ? I do not understand the syntax of that at all. Could > you explain it in just a little more detail so I actually understand what?s > being done, as opposed to just copying your example. Many thanks. In this case, since it is a single domain, i have personal userprefs set just for uset, without domain, i mean, if email is user at foo.com prefs on SQL is set just for user, so, this map says exactly it, for user at foo.com, look just for user at SQL database. @sa_username_maps = new_RE ( ? [ qr'^([^@]+ at .*)'i => '${1}' ] ); > Thank you for the link to the patch, that will be helpful. And yes I have > followed the SpamAssassin SQL README and have my db schema as-per those > documents. A table called ?userpref? with one line per SA preference. I have > even tested this using spamc and validated that the SQL configuration is > good. What that patch does is making amavis respect personal required_score setting instead of use a global value for everyone, and the version sent to this thread has a small issue if you use it with spamassassin < 3.0. > I am just a little lost as to the @sa_username_maps syntax (looks like regex > to me), and I will read through the patch to try and determine what > amavisd-new is looking for. In the meantime, if someone can help me > understand how one might use all the domains in the postfixadmin table > instead of one domain per line of @sa_userconf_maps, that would be helpful. -- Renato Botelho From matt at dgisoda.com Fri Sep 2 13:14:47 2011 From: matt at dgisoda.com (Matt Goodman) Date: Fri, 2 Sep 2011 01:14:47 -1000 Subject: sa_userconf_maps and sa_username_maps syntax question In-Reply-To: References: <084f01cc68cf$647797e0$2d66c7a0$@dgisoda.com> <09df01cc692b$f9604d50$ec20e7f0$@dgisoda.com> Message-ID: <0a4f01cc6961$88424390$98c6cab0$@dgisoda.com> OK. So is it correct in saying the following: @sa_userconf_maps matches SA user preferences by domain @sa_username_maps matches SA Bayes database by email address As I understand it - in your regex example, amavisd-new will simply match the recipient email address to the corresponding record in the bayes database, correct? If this is not correct, any insight would be appreciated. Again, I am not looking for a shortcut - only to understand the way the subroutines were intended for use. Ultimately I am trying to have a flexible virtual user email system with per-user spamassassin preferences and per-user Bayesian filters, allowing people to "train" their own Bayes tokens by "learning" messages which they mark as Spam and "learning" those which are ham, while storing all that information into a SQL database. The assumption here is that the Bayesian classification will be more accurate to the individual user, rather than a one-size-fits all for Bayes seen/tokens. However, amavisd-new is my chosen mail filter system, simply because of how flexible it is, and so far the help I have received here indicates that I have made the right choice. I will share any findings that I learn back to the community. Thank you again. Matt -----Original Message----- From: Renato Botelho [mailto:rbgarga at gmail.com] Sent: Friday, September 02, 2011 12:07 AM To: Matt Goodman Cc: amavis-users at amavis.org Subject: Re: sa_userconf_maps and sa_username_maps syntax question Hello Matt On Fri, Sep 2, 2011 at 1:51 AM, Matt Goodman wrote: > Thank you very much for your reply. I understand a little bit better now. > However, in example one below you listed a single domain name using > the method ?sql?. What if I have dozens of domains, with them being > added/removed somewhat regularly by Postfix Admin (I can perceive > adding at least 1-2 domains per month) to this system. Isn?t there a > way to tell amavisd-new that all domains in the lookup_sql_dsn? The > table is actually called ?domain? inside the ?postfixadmin? db. If all domains are using sql, you can have: @sa_userconf_maps = ( ?? { ????? '.*' => 'sql:', ?? } ); > For @sa_username_maps ? I do not understand the syntax of that at all. > Could you explain it in just a little more detail so I actually > understand what?s being done, as opposed to just copying your example. Many thanks. In this case, since it is a single domain, i have personal userprefs set just for uset, without domain, i mean, if email is user at foo.com prefs on SQL is set just for user, so, this map says exactly it, for user at foo.com, look just for user at SQL database. @sa_username_maps = new_RE ( ? [ qr'^([^@]+ at .*)'i => '${1}' ] ); > Thank you for the link to the patch, that will be helpful. And yes I > have followed the SpamAssassin SQL README and have my db schema as-per > those documents. A table called ?userpref? with one line per SA > preference. I have even tested this using spamc and validated that the > SQL configuration is good. What that patch does is making amavis respect personal required_score setting instead of use a global value for everyone, and the version sent to this thread has a small issue if you use it with spamassassin < 3.0. > I am just a little lost as to the @sa_username_maps syntax (looks like > regex to me), and I will read through the patch to try and determine > what amavisd-new is looking for. In the meantime, if someone can help > me understand how one might use all the domains in the postfixadmin > table instead of one domain per line of @sa_userconf_maps, that would be helpful. -- Renato Botelho From matt at dgisoda.com Wed Sep 7 03:04:36 2011 From: matt at dgisoda.com (Matt Goodman) Date: Tue, 6 Sep 2011 15:04:36 -1000 Subject: sa_userconf_maps and sa_username_maps syntax question In-Reply-To: References: <084f01cc68cf$647797e0$2d66c7a0$@dgisoda.com> <09df01cc692b$f9604d50$ec20e7f0$@dgisoda.com> Message-ID: <097101cc6cfa$1e1099d0$5a31cd70$@dgisoda.com> Thank you for the insight. I examined the patch file that was presented and I have to go a different direction. Since required_score is somewhat handled already via the policy system (although users cannot specify their own 'score' they can indeed change policies, which in turn affects score), I think I'm going to focus on per-user Bayes. What part of amavisd-new goes and checks per-user bayes? I see nothing in earlier examples nor in the patch which address having amavisd-new handle per-user Bayes classification. Or is that solely done through SA's configuration? If no changes are required in amavisd-new to get per-user Bayes working, then I apologize. I can get SA's /etc/spamassassin/local.cf to use the per-user Bayes. I'm just new to amavis and assume that amavis has to handle checking against the per-user Bayes database. Is this correct? So I will abandon sa_userconf_maps and sa_username_maps and go straight to per-user Bayes. That should be enough, when combined with the flexibility of the amavisd-new policies via SQL to accomplish what I need. I just have to figure out whether anything is required on the amavis side of things. Thanks, Matt -----Original Message----- From: Renato Botelho [mailto:rbgarga at gmail.com] Sent: Friday, September 02, 2011 12:07 AM To: Matt Goodman Cc: amavis-users at amavis.org Subject: Re: sa_userconf_maps and sa_username_maps syntax question Hello Matt On Fri, Sep 2, 2011 at 1:51 AM, Matt Goodman wrote: > Thank you very much for your reply. I understand a little bit better now. > However, in example one below you listed a single domain name using > the method ?sql?. What if I have dozens of domains, with them being > added/removed somewhat regularly by Postfix Admin (I can perceive > adding at least 1-2 domains per month) to this system. Isn?t there a > way to tell amavisd-new that all domains in the lookup_sql_dsn? The > table is actually called ?domain? inside the ?postfixadmin? db. If all domains are using sql, you can have: @sa_userconf_maps = ( ?? { ????? '.*' => 'sql:', ?? } ); > For @sa_username_maps ? I do not understand the syntax of that at all. > Could you explain it in just a little more detail so I actually > understand what?s being done, as opposed to just copying your example. Many thanks. In this case, since it is a single domain, i have personal userprefs set just for uset, without domain, i mean, if email is user at foo.com prefs on SQL is set just for user, so, this map says exactly it, for user at foo.com, look just for user at SQL database. @sa_username_maps = new_RE ( ? [ qr'^([^@]+ at .*)'i => '${1}' ] ); > Thank you for the link to the patch, that will be helpful. And yes I > have followed the SpamAssassin SQL README and have my db schema as-per > those documents. A table called ?userpref? with one line per SA > preference. I have even tested this using spamc and validated that the > SQL configuration is good. What that patch does is making amavis respect personal required_score setting instead of use a global value for everyone, and the version sent to this thread has a small issue if you use it with spamassassin < 3.0. > I am just a little lost as to the @sa_username_maps syntax (looks like > regex to me), and I will read through the patch to try and determine > what amavisd-new is looking for. In the meantime, if someone can help > me understand how one might use all the domains in the postfixadmin > table instead of one domain per line of @sa_userconf_maps, that would be helpful. -- Renato Botelho From maspsr at sdu.dk Wed Sep 7 22:14:54 2011 From: maspsr at sdu.dk (=?iso-8859-1?Q?Peter_S=F8rensen?=) Date: Wed, 7 Sep 2011 22:14:54 +0200 Subject: Redirect out-bound SPAM to inside server In-Reply-To: <07734B44E9BBED4EAAD1F6968D18C004BFD47D9356@ADM-EXMBX0AB.adm.c.sdu.dk> References: <07734B44E9BBED4EAAD1F6968D18C004BFD47D9356@ADM-EXMBX0AB.adm.c.sdu.dk> Message-ID: <07734B44E9BBED4EAAD1F6968D18C004BFD47D9357@ADM-EXMBX0AB.adm.c.sdu.dk> Hi, I have a question concerning use of Amavis::Custom to redirect mail sent from my internal network. In between user account are misused to send out spam. We don't reject mail coming from MYNETWORKS if it is SPAM. We probably should but have decided not to do right now, mostly because this is'nt a problem with regular users. BUT this is beginning to be a problem. So I would like to redirect SPAM to a different server which will queue this for later processing I have a DUAL postfix setup. Can I let amavis handle this so OUT-BOUND mail classified as SPAM is redirected to this server ? Maybe using Amavis::Custom ? Best regards Peter S?rensen/Univ Of Southern Denmark/email:maspsr at sdu.dk From Mark.Martinec+amavis at ijs.si Thu Sep 8 18:23:58 2011 From: Mark.Martinec+amavis at ijs.si (Mark Martinec) Date: Thu, 8 Sep 2011 18:23:58 +0200 Subject: somitimes occur Blocked BANNED In-Reply-To: References: <4E5E1424.3060000@secnap.com> Message-ID: <201109081823.58134.Mark.Martinec+amavis@ijs.si> > follow the a log when the block occurred > http://pastebin.com/ndNrEcxg Blocked BANNED (text/plain,.movie,.mpg) > the user has sent the message without any attached file. but the log > shows a block by text/plain,.movie,.mpg is very strange. It is the text part of a message that was misqualified as a .mpg video by your file(1) utility. To confirm this, extract the message text and see what the file(1) command thinks of it. Which version of the file(1) utility is this? ($ file -v ) Try installing a fresher version of complain to its maintainer, or disable blocking of video files in amavisd. Mark From Mark.Martinec+amavis at ijs.si Thu Sep 8 19:50:06 2011 From: Mark.Martinec+amavis at ijs.si (Mark Martinec) Date: Thu, 8 Sep 2011 19:50:06 +0200 Subject: sa_userconf_maps and sa_username_maps syntax question In-Reply-To: <097101cc6cfa$1e1099d0$5a31cd70$@dgisoda.com> References: <084f01cc68cf$647797e0$2d66c7a0$@dgisoda.com> <097101cc6cfa$1e1099d0$5a31cd70$@dgisoda.com> Message-ID: <201109081950.06609.Mark.Martinec+amavis@ijs.si> Matt, > I examined the patch file that was presented and > I have to go a different direction. Since required_score is somewhat > handled already via the policy system (although users cannot specify their > own 'score' they can indeed change policies, which in turn affects score), > I think I'm going to focus on per-user Bayes. Makes sense, per-user Bayes is much more efficient than per-user SpamAssassin preferences/config. > What part of amavisd-new goes and checks per-user bayes? I see nothing in > earlier examples nor in the patch which address having amavisd-new handle > per-user Bayes classification. There is a 80+ line description of @sa_username_maps and @sa_userconf_maps with examples in the 2.7.0 release notes. Search for sections starting with: - per-recipient (or per- policy bank, or global) SpamAssassin configuration and - per-recipient (or per- policy bank) SpamAssassin SQL database usernames > Or is that solely done through SA's configuration? Before a call to SpamAssassin, amavisd tells SpamAssassin which username to use. The rest (SQL lookup etc.) is done by SpamAssassin. > If no changes are required in amavisd-new to get per-user > Bayes working, then I apologize. No changes should be necessary, apart from configuring @sa_username_maps in amavisd.conf. > I can get SA's /etc/spamassassin/local.cf > to use the per-user Bayes. I'm just new to amavis and assume that amavis > has to handle checking against the per-user Bayes database. Is this > correct? When per-recipient bayes is needed, amavisd calls SpamAssassin possibly multiple times for multiple recipients of a message, once for each unique username. Before the call the username is passed to SpamAssassin, the rest is SpamAssassin's task. Mark From carlos.mennens at gmail.com Thu Sep 8 20:28:08 2011 From: carlos.mennens at gmail.com (Carlos Mennens) Date: Thu, 8 Sep 2011 14:28:08 -0400 Subject: Spam Score Analysis Message-ID: So an email I get from a co-worker with no attachments and small length of plain text get scored and are marked spam: X-Virus-Scanned: amavisd-new at ***********.org X-Spam-Flag: YES X-Spam-Score: 3.324 X-Spam-Level: *** X-Spam-Status: Yes, score=3.324 tagged_above=-999 required=3 tests=[BAYES_00=-1.9, KHOP_DYNAMIC=0.906, RCVD_IN_PBL=3.335, RCVD_IN_SORBS_DUL=0.001, RDNS_DYNAMIC=0.982] autolearn=no Is there a way I can determine what caused this email to get scored as such? From matt at dgisoda.com Thu Sep 8 20:37:38 2011 From: matt at dgisoda.com (Matt Goodman) Date: Thu, 8 Sep 2011 08:37:38 -1000 Subject: Spam Score Analysis In-Reply-To: References: Message-ID: <104501cc6e56$63fab7c0$2bf02740$@dgisoda.com> Yes... tests=[BAYES_00, KHOP_DYNAMIC, RCVD_IN_PBL....etc.] are all "tests" under SpamAssassin. Each of those tests assign a score. On my system, the tests are stored in /var/lib/spamassassin/ Your system may place them in a different location. However, the tests in those files give a brief description of each one. For example: 1) BAYES_00 Bayes spam probability is 0 to 1% 2) RCVD_IN_PBL Received via a relay in Spamhaus PBL 3) KHOP_DYNAMIC Relay looks like a dynamic address Etc. So there is a description of each 'test' you just have to find the files which describe it. -----Original Message----- From: amavis-users-bounces+matt=dgisoda.com at amavis.org [mailto:amavis-users-bounces+matt=dgisoda.com at amavis.org] On Behalf Of Carlos Mennens Sent: Thursday, September 08, 2011 8:28 AM To: amavis-users at amavis.org Subject: Spam Score Analysis So an email I get from a co-worker with no attachments and small length of plain text get scored and are marked spam: X-Virus-Scanned: amavisd-new at ***********.org X-Spam-Flag: YES X-Spam-Score: 3.324 X-Spam-Level: *** X-Spam-Status: Yes, score=3.324 tagged_above=-999 required=3 tests=[BAYES_00=-1.9, KHOP_DYNAMIC=0.906, RCVD_IN_PBL=3.335, RCVD_IN_SORBS_DUL=0.001, RDNS_DYNAMIC=0.982] autolearn=no Is there a way I can determine what caused this email to get scored as such? From matt at dgisoda.com Thu Sep 8 20:47:19 2011 From: matt at dgisoda.com (Matt Goodman) Date: Thu, 8 Sep 2011 08:47:19 -1000 Subject: sa_userconf_maps and sa_username_maps syntax question In-Reply-To: <201109081950.06609.Mark.Martinec+amavis@ijs.si> References: <084f01cc68cf$647797e0$2d66c7a0$@dgisoda.com> <097101cc6cfa$1e1099d0$5a31cd70$@dgisoda.com> <201109081950.06609.Mark.Martinec+amavis@ijs.si> Message-ID: <106b01cc6e57$be5d56e0$3b1804a0$@dgisoda.com> Ah thanks, I am reviewing the release-notes now. However, what I am reading is that the example listed for @sa_username_maps statically maps usernames which is a smaller scale than I am trying to implement. With a larger scale system, how do I tell @sa_username_maps to pass the email address supplied from the RCPT TO as the SA username? Or is that what the earlier reference to the following will do (provided by Florin Portase on 09/01/2011): @sa_username_maps = new_RE ( [ qr'^([^@]+ at .*)'i => '${1}' ] ); And finally, will I need to have @sa_userconf_maps set to "sql:" if I only wish to do per-user bayes? Would this potentially cause any other problems if we enable this setting but do not use any per-user preferences? For reference: All my users will have their own custom bayes without exception. We do not wish to use per-domain or per-policy-bank bayes, per-user only. My SA/bayes SQL configuration is sound and currently working - however, only one bayes database is in the table, and it is owned by user 'amavis'. -----Original Message----- From: amavis-users-bounces+matt=dgisoda.com at amavis.org [mailto:amavis-users-bounces+matt=dgisoda.com at amavis.org] On Behalf Of Mark Martinec Sent: Thursday, September 08, 2011 7:50 AM To: amavis-users at amavis.org Subject: Re: sa_userconf_maps and sa_username_maps syntax question Matt, > I examined the patch file that was presented and I have to go a > different direction. Since required_score is somewhat handled already > via the policy system (although users cannot specify their own 'score' > they can indeed change policies, which in turn affects score), I think > I'm going to focus on per-user Bayes. Makes sense, per-user Bayes is much more efficient than per-user SpamAssassin preferences/config. > What part of amavisd-new goes and checks per-user bayes? I see nothing > in earlier examples nor in the patch which address having amavisd-new > handle per-user Bayes classification. There is a 80+ line description of @sa_username_maps and @sa_userconf_maps with examples in the 2.7.0 release notes. Search for sections starting with: - per-recipient (or per- policy bank, or global) SpamAssassin configuration and - per-recipient (or per- policy bank) SpamAssassin SQL database usernames > Or is that solely done through SA's configuration? Before a call to SpamAssassin, amavisd tells SpamAssassin which username to use. The rest (SQL lookup etc.) is done by SpamAssassin. > If no changes are required in amavisd-new to get per-user Bayes > working, then I apologize. No changes should be necessary, apart from configuring @sa_username_maps in amavisd.conf. > I can get SA's /etc/spamassassin/local.cf to use the per-user Bayes. > I'm just new to amavis and assume that amavis has to handle checking > against the per-user Bayes database. Is this correct? When per-recipient bayes is needed, amavisd calls SpamAssassin possibly multiple times for multiple recipients of a message, once for each unique username. Before the call the username is passed to SpamAssassin, the rest is SpamAssassin's task. Mark From quanah at zimbra.com Thu Sep 8 20:55:50 2011 From: quanah at zimbra.com (Quanah Gibson-Mount) Date: Thu, 08 Sep 2011 11:55:50 -0700 Subject: sender-quarantine/recip-quarantine questions Message-ID: --On Friday, June 10, 2011 1:12 PM -0700 Quanah Gibson-Mount wrote: > --On Wednesday, June 01, 2011 12:26 PM -0700 Quanah Gibson-Mount > wrote: > >> In looking further through how to set up quarantining, it looks like >> while sender-quarantine and recip-quarantine are both defined in amavisd, >> there are no corresponding "$sender_quarantine_to", >> "$recip_quarantine_to", "$sender_quarantine_maps", and >> "$recip_quarantine_maps" variables. I've been walking through the Amavis >> code and the custom module that Mark suggested I use, and it seems this >> is the critical problem for creating the setup I need -- Archiving all >> mail to and from a particular user to a specific mailbox. >> >> Correspondingly, it seems like there should be LDAP attributes for this >> as well: >> >> amavisSenderQuarantineTo >> amavisRecipQuarantineTo >> >> Then theoretically you could even separate outgoing vs incoming mail into >> different boxes for a user as well. >> >> Mark, does this seem the correct line of thought to you? > > Mark, > > Would you be able to provide me some possible direction on the correct > way to go with this? Your original suggestion does not allow me to > replicate the behavior of the patch we had previously used. I think many > places would find the ability to configure amavis to archive a copy all > email to and from a given user into a specific mailbox particularly > useful, and done in a way other than a patch you find objectionable. ;) Hi Mark, Now that you are back from your vacation, can you give me any pointers here? Thanks, Quanah -- Quanah Gibson-Mount Sr. Member of Technical Staff Zimbra, Inc A Division of VMware, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration From carlos.mennens at gmail.com Thu Sep 8 21:05:56 2011 From: carlos.mennens at gmail.com (Carlos Mennens) Date: Thu, 8 Sep 2011 15:05:56 -0400 Subject: Spam Score Analysis In-Reply-To: <104501cc6e56$63fab7c0$2bf02740$@dgisoda.com> References: <104501cc6e56$63fab7c0$2bf02740$@dgisoda.com> Message-ID: On Thu, Sep 8, 2011 at 2:37 PM, Matt Goodman wrote: > Yes... tests=[BAYES_00, KHOP_DYNAMIC, RCVD_IN_PBL....etc.] are all "tests" > under SpamAssassin. Each of those tests assign a score. On my system, the > tests are stored in /var/lib/spamassassin/ Good info and thank you. So what exactly are tests? I guess the term tests to me is just confusing. Is it basically a logging mechanism? From carlos.mennens at gmail.com Thu Sep 8 21:09:10 2011 From: carlos.mennens at gmail.com (Carlos Mennens) Date: Thu, 8 Sep 2011 15:09:10 -0400 Subject: Spam Score Analysis In-Reply-To: <104501cc6e56$63fab7c0$2bf02740$@dgisoda.com> References: <104501cc6e56$63fab7c0$2bf02740$@dgisoda.com> Message-ID: On Thu, Sep 8, 2011 at 2:37 PM, Matt Goodman wrote: > Yes... tests=[BAYES_00, KHOP_DYNAMIC, RCVD_IN_PBL....etc.] are all "tests" > under SpamAssassin. Each of those tests assign a score. On my system, the > tests are stored in /var/lib/spamassassin/ I do appear to have the directory structure you speak of however I don't see what you described. Am I looking in the wrong section? [root at mail spamassassin]# pwd /var/lib/spamassassin [root at mail spamassassin]# ls -lt total 8 drwxr-xr-x 3 root root 4096 Aug 27 05:52 3.003001 drwxr-xr-x 3 root root 4096 Jan 2 2010 3.002005 [root at mail 3.003001]# ls -l total 8 drwxr-xr-x 2 root root 4096 Aug 27 05:52 updates_spamassassin_org -rw-r--r-- 1 root root 2599 Aug 27 05:52 updates_spamassassin_org.cf From rbgarga at gmail.com Thu Sep 8 21:17:51 2011 From: rbgarga at gmail.com (Renato Botelho) Date: Thu, 8 Sep 2011 16:17:51 -0300 Subject: sa_userconf_maps and sa_username_maps syntax question In-Reply-To: <201109081950.06609.Mark.Martinec+amavis@ijs.si> References: <084f01cc68cf$647797e0$2d66c7a0$@dgisoda.com> <097101cc6cfa$1e1099d0$5a31cd70$@dgisoda.com> <201109081950.06609.Mark.Martinec+amavis@ijs.si> Message-ID: On Thu, Sep 8, 2011 at 2:50 PM, Mark Martinec wrote: > Matt, > >> I examined the patch file that was presented and >> I have to go a different direction. Since required_score is somewhat >> handled already via the policy system (although users cannot specify their >> own 'score' they can indeed change policies, which in turn affects score), >> I think I'm going to focus on per-user Bayes. > > Makes sense, per-user Bayes is much more efficient than per-user > SpamAssassin preferences/config. Hello Mark, I understand that it's more efficient, but, in some scenarios you *need* to need user the powers to select their own required_score. That was the reason i wrote that patch. Do you see any real problem on the changed i made? I mean, do you think it could break something? And since amavisd-new is a one-file program, and this is a really big file, do you consider applying this patch if it don't break anything? I'm asking because maintain a custom patch for a so big file is a hard task sometimes. Regards -- Renato Botelho From matt at dgisoda.com Thu Sep 8 21:36:23 2011 From: matt at dgisoda.com (Matt Goodman) Date: Thu, 8 Sep 2011 09:36:23 -1000 Subject: Spam Score Analysis In-Reply-To: References: <104501cc6e56$63fab7c0$2bf02740$@dgisoda.com> Message-ID: <107401cc6e5e$9970cef0$cc526cd0$@dgisoda.com> Look inside ./updates_spamassassin_org :) And test is a pre-defined set of rules (maintained in this case by updates.spamassassin.org) that evaluate each email message. Go inside that subdirectory and examine those files, and you'll see the (thousands of) tests which every email is evaluated against. -----Original Message----- From: amavis-users-bounces+matt=dgisoda.com at amavis.org [mailto:amavis-users-bounces+matt=dgisoda.com at amavis.org] On Behalf Of Carlos Mennens Sent: Thursday, September 08, 2011 9:09 AM To: amavis-users at amavis.org Subject: Re: Spam Score Analysis On Thu, Sep 8, 2011 at 2:37 PM, Matt Goodman wrote: > Yes... tests=[BAYES_00, KHOP_DYNAMIC, RCVD_IN_PBL....etc.] are all "tests" > under SpamAssassin. Each of those tests assign a score. On my system, > the tests are stored in /var/lib/spamassassin/ I do appear to have the directory structure you speak of however I don't see what you described. Am I looking in the wrong section? [root at mail spamassassin]# pwd /var/lib/spamassassin [root at mail spamassassin]# ls -lt total 8 drwxr-xr-x 3 root root 4096 Aug 27 05:52 3.003001 drwxr-xr-x 3 root root 4096 Jan 2 2010 3.002005 [root at mail 3.003001]# ls -l total 8 drwxr-xr-x 2 root root 4096 Aug 27 05:52 updates_spamassassin_org -rw-r--r-- 1 root root 2599 Aug 27 05:52 updates_spamassassin_org.cf From michael.scheidell at secnap.com Thu Sep 8 22:31:58 2011 From: michael.scheidell at secnap.com (Michael Scheidell) Date: Thu, 8 Sep 2011 16:31:58 -0400 Subject: Spam Score Analysis In-Reply-To: References: Message-ID: <4E69263E.7070807@secnap.com> On 9/8/11 2:28 PM, Carlos Mennens wrote: > X-Virus-Scanned: amavisd-new at ***********.org > X-Spam-Flag: YES > X-Spam-Score: 3.324 > X-Spam-Level: *** > X-Spam-Status: Yes, score=3.324 tagged_above=-999 required=3 > tests=[BAYES_00=-1.9, KHOP_DYNAMIC=0.906, RCVD_IN_PBL=3.335, > RCVD_IN_SORBS_DUL=0.001, RDNS_DYNAMIC=0.982] autolearn=no > > Is there a way I can determine what caused this email to get scored as such? yes, it is because #1, you set your required score to 3. recommended score is 5. if you had set it to 5, you would not have this problem #2, your local_networks/trusted networks is wrong. it his RCVD_IN_PBL rule. since you neglected to include any header information at all, #2 is just a guess. concentrate on #2, google, see FAQ's on amavisd and SA web sites. -- Michael Scheidell, CTO o: 561-999-5000 d: 561-948-2259 >*| *SECNAP Network Security Corporation * Best Mobile Solutions Product of 2011 * Best Intrusion Prevention Product * Hot Company Finalist 2011 * Best Email Security Product * Certified SNORT Integrator ______________________________________________________________________ This email has been scanned and certified safe by SpammerTrap(r). For Information please see http://www.spammertrap.com/ ______________________________________________________________________ -------------- next part -------------- An HTML attachment was scrubbed... URL: From carlos.mennens at gmail.com Fri Sep 9 15:08:00 2011 From: carlos.mennens at gmail.com (Carlos Mennens) Date: Fri, 9 Sep 2011 09:08:00 -0400 Subject: Spam Score Analysis In-Reply-To: <4E69263E.7070807@secnap.com> References: <4E69263E.7070807@secnap.com> Message-ID: On Thu, Sep 8, 2011 at 4:31 PM, Michael Scheidell wrote: > yes, it is because > #1, you set your required score to 3. recommended score is 5.? if you had > set it to 5, you would not have this problem I don't have a problem. I simply asked how am I able to determine why a message is scored the way it is. I simply want to evaluate the SA scores. I'm fully aware the recommended settings and like them the way they are. I don't consider this a problem at all just so we're clear. > #2, your local_networks/trusted networks is wrong.? it his RCVD_IN_PBL rule. > > since you neglected to include any header information at all, #2 is just a > guess. I posted what I assumed to be relevant SA header info in my initial email which you also quoted in yours. I'm guessing it wasn't sufficient but since I'm not expect and didn't want to submit more data than was needed, I would assume someone would just ask for me info if we needed to go that route. List users get cranky when you submit logs and or headers w/o being asked for them or vice versa it seems. > concentrate on #2, google, see FAQ's on amavisd and SA web sites. I'm going to follow your #2 suggestion just to understand but I'm curious what makes you think it's wrong? How can you tell? From Mark.Martinec+amavis at ijs.si Sat Sep 10 02:35:59 2011 From: Mark.Martinec+amavis at ijs.si (Mark Martinec) Date: Sat, 10 Sep 2011 02:35:59 +0200 Subject: sa_userconf_maps and sa_username_maps syntax question In-Reply-To: References: <084f01cc68cf$647797e0$2d66c7a0$@dgisoda.com> <201109081950.06609.Mark.Martinec+amavis@ijs.si> Message-ID: <201109100235.59602.Mark.Martinec+amavis@ijs.si> Renato, > I understand that it's more efficient, but, in some scenarios you *need* to > need user the powers to select their own required_score. That was the > reason i wrote that patch. Makes sense, although I'd probably want to reverse the logic: if a lookup on @spam_tag2_level_maps returns undef, then fall back to a default 'required_hits' as provided by a SpamAssassin's config. This way it will remain backwards compatible with existing configurations. > Do you see any real problem on the changed i made? I mean, do you think > it could break something? Probably not. > And since amavisd-new is a one-file program, and this is a really big file, > do you consider applying this patch if it don't break anything? I'm asking > because maintain a custom patch for a so big file is a hard task > sometimes. Sure, after reversing the logic. Mark From eray.aslan at caf.com.tr Sat Sep 10 08:48:56 2011 From: eray.aslan at caf.com.tr (Eray Aslan) Date: Sat, 10 Sep 2011 09:48:56 +0300 Subject: courier patch? Message-ID: <20110910064856.GB28235@zptr-nb18> Is the courier patch (amavisd-new-courier.patch) still supported? After patching, amavisd does not start. We seem to have 2 post_bind_hook's. $ grep -n post_bind_hook amavisd-new-2.7.0/amavisd 10818:sub post_bind_hook { 10841:sub post_bind_hook { $ -- Eray Aslan From matt at dgisoda.com Sun Sep 11 11:21:19 2011 From: matt at dgisoda.com (Matt Goodman) Date: Sat, 10 Sep 2011 23:21:19 -1000 Subject: sa_userconf_maps and sa_username_maps syntax question In-Reply-To: <201109100235.59602.Mark.Martinec+amavis@ijs.si> References: <084f01cc68cf$647797e0$2d66c7a0$@dgisoda.com> <201109081950.06609.Mark.Martinec+amavis@ijs.si> <201109100235.59602.Mark.Martinec+amavis@ijs.si> Message-ID: <19f101cc7064$2bb22f00$83168d00$@dgisoda.com> For the @sa_username_maps I have the following provided by Florin: @sa_username_maps = new_RE ( [ qr'^([^@]+ at .*)'i => '${1}' ] ); As he pointed out, he uses only a single domain on his mail server and this expression maps the 'user' portion user at domain.com and sends that as the SA username. How would I modify this so that I pass 'user at domain.com' as the SA user? I've got the SQL portion up and running, I just don't have the username maps set up properly. I've been trying for a few days to figure out how to do this but I am unsure :( Any insight would be appreciated. Matt -----Original Message----- From: amavis-users-bounces+matt=dgisoda.com at amavis.org [mailto:amavis-users-bounces+matt=dgisoda.com at amavis.org] On Behalf Of Mark Martinec Sent: Friday, September 09, 2011 2:36 PM To: amavis-users at amavis.org Subject: Re: sa_userconf_maps and sa_username_maps syntax question Renato, > I understand that it's more efficient, but, in some scenarios you > *need* to need user the powers to select their own required_score. > That was the reason i wrote that patch. Makes sense, although I'd probably want to reverse the logic: if a lookup on @spam_tag2_level_maps returns undef, then fall back to a default 'required_hits' as provided by a SpamAssassin's config. This way it will remain backwards compatible with existing configurations. > Do you see any real problem on the changed i made? I mean, do you > think it could break something? Probably not. > And since amavisd-new is a one-file program, and this is a really big > file, do you consider applying this patch if it don't break anything? > I'm asking because maintain a custom patch for a so big file is a hard > task sometimes. Sure, after reversing the logic. Mark From mysqlstudent at gmail.com Mon Sep 12 03:54:28 2011 From: mysqlstudent at gmail.com (Alex) Date: Sun, 11 Sep 2011 21:54:28 -0400 Subject: Disclaimers, MYNETS, and altermime config problems Message-ID: Hi, I'd like to implement a disclaimer footer to all outgoing emails on a fedora14 server with postfix-2.7.5, amavisd-new-2.6.4 and about twenty virtual domains. For now, the disclaimer can remain the same for all domains. I've tried implementing it using postfix and an additional filter, but always_bcc is also being used, so the messages were being delivered to the always_bcc address multiple times. I've tried adding "-o receive_override_options=no_address_mappings" and "-o smtp_send_xforward_command=yes", but it continues to be delivered multiple times, so I thought I would try the amavisd approach. I think the trouble I'm having is that the SASL users aren't being added to MYNETS. I thought I could include my configuration below in hopes someone will find my configuration error. How are SASL users supposed to be added to @mynetworks? It currently just contains a few local networks and localhost.. $altermime = '/usr/bin/altermime'; @altermime_args_disclaimer = qw( --verbose --disclaimer=/etc/postfix/disclaimer.txt --disclaimer-html=/etc/postfix/disclaimer.txt); $defang_maps_by_ccat{+CC_CATCHALL} = [ 'disclaimer' ]; $policy_bank{'MYNETS'} = { # mail originating from @mynetworks originating => 1, # is true in MYNETS by default, but let's make it explicit os_fingerprint_method => undef, # don't query p0f for internal clients allow_disclaimers => 1, }; I believe these are the only changes that need to be made to support a disclaimer? Maybe there is an additional policy bank that has remote users added to it? Any ideas greatly appreciated. Thanks, Alex From andreas.neustifter at gmail.com Mon Sep 12 20:29:40 2011 From: andreas.neustifter at gmail.com (Andreas Neustifter) Date: Mon, 12 Sep 2011 20:29:40 +0200 Subject: amavisd-release not working when message contains empty X-Envelope-To-Blocked Message-ID: Hi All! I discovered a bug that prevents amavisd-release from working on messages that have an empty X-Envelope-To-Blocked line in the headers. To avoid duplication I posted details and a patch at https://bugs.launchpad.net/bugs/848055, would you kindly review it and apply as appropriate? Thanks, Andi From luc.maignan at winxpert.com Tue Sep 13 12:14:57 2011 From: luc.maignan at winxpert.com (Luc MAIGNAN) Date: Tue, 13 Sep 2011 12:14:57 +0200 Subject: Blacklist problem Message-ID: <4E6F2D21.8050901@winxpert.com> Hi, it seems like the blacklist paramater doesn't work anymore with amavis. I put the lines in /var/spool/amavisd/.spamassassin/user_prefs blacklist_to *@domain.* blacklist_from *@domain.* It works well in previous version of amavisd, but it doesn't work anymore. I use this version on a Fedora 15 : amavisd-new-2.6.4-3.fc15.noarch ANy help would be appreciated Regards From maspsr at sdu.dk Tue Sep 13 13:07:01 2011 From: maspsr at sdu.dk (=?iso-8859-1?Q?Peter_S=F8rensen?=) Date: Tue, 13 Sep 2011 13:07:01 +0200 Subject: Different $forward_method for internal mail Message-ID: <07734B44E9BBED4EAAD1F6968D18C004BFD46A1D10@ADM-EXMBX0AB.adm.c.sdu.dk> Hi, Would it be possible to use a specific $forward_method in MYNETS when mail is detected as SPAM ? so one forward_method for internal mail ( NOT SPAM) a different forward_method for internal mail (SPAM) Best regards Peter Sorensen/Univ.Of.Southern Denmark/email:maspsr at sdu.dk -------------- next part -------------- An HTML attachment was scrubbed... URL: From andreas.schulze at datev.de Tue Sep 13 13:37:20 2011 From: andreas.schulze at datev.de (Andreas Schulze) Date: Tue, 13 Sep 2011 13:37:20 +0200 Subject: Different $forward_method for internal mail In-Reply-To: <07734B44E9BBED4EAAD1F6968D18C004BFD46A1D10@ADM-EXMBX0AB.adm.c.sdu.dk> References: <07734B44E9BBED4EAAD1F6968D18C004BFD46A1D10@ADM-EXMBX0AB.adm.c.sdu.dk> Message-ID: <20110913113720.GC28059@spider.services.datevnet.de> Am 13.09.2011 13:07 schrieb Peter S?rensen: > Would it be possible to use a specific $forward_method in MYNETS when mail > is detected as SPAM ? $forward_method is part of policy_banks assume, you configured a separate policybank for MYNETS: $policy_bank{'AM.PDP-SOCK'}{'forward_method'} = "foo"; $policy_bank{'MYNETS'}{'forward_method'} = "bar"; -- Andreas Schulze Internetdienste | P252 DATEV eG 90329 N?rnberg | Telefon +49 911 319-0 | Telefax +49 911 319-3196 E-Mail info @datev.de | Internet www.datev.de Sitz: 90429 N?rnberg, Paumgartnerstr. 6-14 | Registergericht N?rnberg, GenReg Nr.70 Vorstand Prof. Dieter Kempf (Vorsitzender) Dipl.-Kfm. Wolfgang Stegmann (stellvertretender Vorsitzender) Dipl.-Kfm. Michael Leistenschneider Dipl.-Kfm. Dr. Robert Mayr J?rg Rabe v. Pappenheim Dipl.-Vw. Eckhard Schwarzer Vorsitzender des Aufsichtsrates: Reinhard Verholen From maspsr at sdu.dk Tue Sep 13 13:55:22 2011 From: maspsr at sdu.dk (=?iso-8859-1?Q?Peter_S=F8rensen?=) Date: Tue, 13 Sep 2011 13:55:22 +0200 Subject: Different $forward_method for internal mail In-Reply-To: <20110913113720.GC28059@spider.services.datevnet.de> References: <07734B44E9BBED4EAAD1F6968D18C004BFD46A1D10@ADM-EXMBX0AB.adm.c.sdu.dk> <20110913113720.GC28059@spider.services.datevnet.de> Message-ID: <07734B44E9BBED4EAAD1F6968D18C004BFD46A1D3A@ADM-EXMBX0AB.adm.c.sdu.dk> Hi Andreas, I am aware of this. What I want is inside my MYNETS policy bank I have one forward_method that is triggered when mail is SPAM and another ( in the same policy bank) when mail is CLEAN /Peter -----Oprindelig meddelelse----- Fra: Andreas Schulze [mailto:andreas.schulze at datev.de] Sendt: 13. september 2011 13:37 Til: Peter S?rensen Cc: amavis-users at amavis.org Emne: Re: Different $forward_method for internal mail Am 13.09.2011 13:07 schrieb Peter S?rensen: > Would it be possible to use a specific $forward_method in MYNETS when mail > is detected as SPAM ? $forward_method is part of policy_banks assume, you configured a separate policybank for MYNETS: $policy_bank{'AM.PDP-SOCK'}{'forward_method'} = "foo"; $policy_bank{'MYNETS'}{'forward_method'} = "bar"; -- Andreas Schulze Internetdienste | P252 DATEV eG 90329 N?rnberg | Telefon +49 911 319-0 | Telefax +49 911 319-3196 E-Mail info @datev.de | Internet www.datev.de Sitz: 90429 N?rnberg, Paumgartnerstr. 6-14 | Registergericht N?rnberg, GenReg Nr.70 Vorstand Prof. Dieter Kempf (Vorsitzender) Dipl.-Kfm. Wolfgang Stegmann (stellvertretender Vorsitzender) Dipl.-Kfm. Michael Leistenschneider Dipl.-Kfm. Dr. Robert Mayr J?rg Rabe v. Pappenheim Dipl.-Vw. Eckhard Schwarzer Vorsitzender des Aufsichtsrates: Reinhard Verholen From me at junc.org Tue Sep 13 14:10:32 2011 From: me at junc.org (Benny Pedersen) Date: Tue, 13 Sep 2011 14:10:32 +0200 Subject: Blacklist problem In-Reply-To: <4E6F2D21.8050901@winxpert.com> References: <4E6F2D21.8050901@winxpert.com> Message-ID: On Tue, 13 Sep 2011 12:14:57 +0200, Luc MAIGNAN wrote: > blacklist_to *@domain.* > blacklist_from *@domain.* > ANy help would be appreciated does it work in local.cf ? From luc.maignan at winxpert.com Tue Sep 13 16:16:20 2011 From: luc.maignan at winxpert.com (Luc MAIGNAN) Date: Tue, 13 Sep 2011 16:16:20 +0200 Subject: amavis and spamAssassin Message-ID: <4E6F65B4.80102@winxpert.com> Hi, it seems that amavisd doesn't use self rules for spamassassin. For example, if a mail is classified as SPAM, the amount used is 5.0 (standard for spamassassin) and not the 6.31 note that I have specified in amavisd.conf ($sa_tag2_level_deflt = 6.31 and $sa_kill_level_deflt = 6.31) Any idea ? From gjn at gjn.priv.at Tue Sep 13 19:38:42 2011 From: gjn at gjn.priv.at (=?utf-8?q?G=C3=BCnther_J=2E?= Niederwimmer) Date: Tue, 13 Sep 2011 19:38:42 +0200 Subject: reinject a banned Mail Message-ID: <201109131938.42677@4gjn.com> Hello, i don't found a ReadMe or doc for my Problem. I have a important EMail this was landing in the virusmail Folder and I don't find the correct Parameter to reinject this EMail can any tell me this in a short way ;) Thanks, -- mit freundlichen Gr??en / best Regards, G?nther J. Niederwimmer From njones at megan.vbhcs.org Tue Sep 13 20:06:08 2011 From: njones at megan.vbhcs.org (Noel Jones) Date: Tue, 13 Sep 2011 13:06:08 -0500 Subject: reinject a banned Mail In-Reply-To: <201109131938.42677@4gjn.com> References: <201109131938.42677@4gjn.com> Message-ID: <4E6F9B90.3060209@megan.vbhcs.org> On 9/13/2011 12:38 PM, G?nther J. Niederwimmer wrote: > Hello, > > i don't found a ReadMe or doc for my Problem. I have a important EMail this > was landing in the virusmail Folder and I don't find the correct Parameter to > reinject this EMail > > can any tell me this in a short way ;) > > Thanks, amavisd-release ID where ID is the quarantine id as shown in the log file -- also typically the file name in a file-based quarantine. From mysqlstudent at gmail.com Tue Sep 13 21:25:12 2011 From: mysqlstudent at gmail.com (Alex) Date: Tue, 13 Sep 2011 15:25:12 -0400 Subject: MIME::Parser error with amavisd-new-2.6.4-3 Message-ID: Hi, I have a fedora15 system with spamassassin-3.3.2 and amavisd-new-2.6.4-3 and perl-MIME-tools-5.502-1.fc15.noarch and have loads of the following in the logs: Sep 13 15:18:26 mail02 amavis[4956]: (04956-02-14) WARN: MIME::Parser error: part did not end with expected boundary I've seen several references to this problem online, but all of them involve upgrading a version earlier than the one I already have installed. Is this something to be concerned with? How can I troubleshoot this? Thanks, Alex From gjn at gjn.priv.at Wed Sep 14 07:29:20 2011 From: gjn at gjn.priv.at (=?utf-8?q?G=C3=BCnther_J=2E?= Niederwimmer) Date: Wed, 14 Sep 2011 07:29:20 +0200 Subject: reinject a banned Mail In-Reply-To: <4E6F9B90.3060209@megan.vbhcs.org> References: <201109131938.42677@4gjn.com> <4E6F9B90.3060209@megan.vbhcs.org> Message-ID: <201109140729.20425@4gjn.com> Hello, On Dienstag, 13. September 2011 20:06:08 Noel Jones wrote: > On 9/13/2011 12:38 PM, G?nther J. Niederwimmer wrote: > > i don't found a ReadMe or doc for my Problem. I have a important EMail > > this was landing in the virusmail Folder and I don't find the correct > > Parameter to reinject this EMail > > > > can any tell me this in a short way ;) > > amavisd-release ID > where ID is the quarantine id as shown in the log file -- also > typically the file name in a file-based quarantine. Thanks, I read this for a long time and don't remember :(. -- mit freundlichen Gr??en / best Regards, G?nther J. Niederwimmer From maspsr at sdu.dk Wed Sep 14 13:50:30 2011 From: maspsr at sdu.dk (=?iso-8859-1?Q?Peter_S=F8rensen?=) Date: Wed, 14 Sep 2011 13:50:30 +0200 Subject: loading policy bank in amavis::custom Message-ID: <07734B44E9BBED4EAAD1F6968D18C004BFD46A1E27@ADM-EXMBX0AB.adm.c.sdu.dk> Hi, A know it is possible to load a policy bank in the Amavis::Custom new method. Is it possible to load it later ( in checks or before_sender) ?? Best regards Peter Sorensen/Univ.Of.Southern.Dk/email: maspsr at sdu.dk -------------- next part -------------- An HTML attachment was scrubbed... URL: From formorer at formorer.de Wed Sep 14 14:05:48 2011 From: formorer at formorer.de (Alexander Wirt) Date: Wed, 14 Sep 2011 14:05:48 +0200 Subject: loading policy bank in amavis::custom In-Reply-To: <07734B44E9BBED4EAAD1F6968D18C004BFD46A1E27@ADM-EXMBX0AB.adm.c.sdu.dk> References: <07734B44E9BBED4EAAD1F6968D18C004BFD46A1E27@ADM-EXMBX0AB.adm.c.sdu.dk> Message-ID: <20110914120547.GA4118@hawking.credativ.lan> Peter S?rensen schrieb am Mittwoch, den 14. September 2011: > Hi, > > A know it is possible to load a policy bank in the Amavis::Custom new method. Sure. Just call something like: Amavis::load_policy_bank($bank); in your custom module. Alex -- Alexander Wirt, formorer at formorer.de CC99 2DDD D39E 75B0 B0AA B25C D35B BC99 BC7D 020A From gjn at gjn.priv.at Wed Sep 14 15:46:13 2011 From: gjn at gjn.priv.at (=?utf-8?q?G=C3=BCnther_J=2E?= Niederwimmer) Date: Wed, 14 Sep 2011 15:46:13 +0200 Subject: amavisd-milter ? Message-ID: <201109141546.13268@4gjn.com> Hello, can any tell me why amavid-milter is not more in the amavisd packet 2.0.7 -- mit freundlichen Gr??en / best Regards, G?nther J. Niederwimmer From c at roessner-network-solutions.com Wed Sep 14 18:14:15 2011 From: c at roessner-network-solutions.com (Christian Roessner) Date: Wed, 14 Sep 2011 18:14:15 +0200 Subject: Wishlist feature Message-ID: <70643B19-00DD-45FA-B882-ED9BA3BA0CD8@roessner-network-solutions.com> Hi, I found a problem with using amavis with a milter. I use postfix and normally I could use smtpd_proxy_filter to get mails over a mavis. But for some reason, I need to use milters before amavis. So I need amavisd-milter, which uses $unix_socket in amavisd. This is okay, if I only have amavis listening on one TCP port, i.e. the incoming MTA port. But what about the submission port or any other port that normally would live inside a policy bank? As far as I could see, currently I would have to run amavisd-milter _and_ amvaisd in multi instance mode and could not use policy_banks anymore. That is very sad, as it destroys the nice concept. So here comes my wish list: Is it possible to deal with unix-sockets the same way as with TCP? Having a list of unix-sockets in amavisd that I could map to different policy_banks? So I could use at least _one_ instance of amavisd and only would need multiple instances of amavisd-milter with -S option pointing to the different unix sockets. If I could do perl programming a little bit more, I would take the time and try to include it myself. But honestly perl is much to heavy for me. At least the amavisd-code ;-) Thanks in advance Christian --- Roessner-Network-Solutions Bachelor of Science Informatik Nahrungsberg 81, 35390 Gie?en F: +49 641 5879091, M: +49 176 93118939 USt-IdNr.: DE225643613 http://www.roessner-network-solutions.com From andreas.schulze at datev.de Wed Sep 14 20:26:33 2011 From: andreas.schulze at datev.de (Andreas Schulze) Date: Wed, 14 Sep 2011 20:26:33 +0200 Subject: amavisd-milter ? In-Reply-To: <201109141546.13268@4gjn.com> References: <201109141546.13268@4gjn.com> Message-ID: <20110914182632.GA25317@spider.services.datevnet.de> Am 14.09.2011 15:46 schrieb G?nther J. Niederwimmer: > can any tell me why amavid-milter is not more in the amavisd packet 2.0.7 because it's outdated. use http://amavisd-milter.sourceforge.net/ -- Andreas Schulze Internetdienste | P252 DATEV eG 90329 N?rnberg | Telefon +49 911 319-0 | Telefax +49 911 319-3196 E-Mail info @datev.de | Internet www.datev.de Sitz: 90429 N?rnberg, Paumgartnerstr. 6-14 | Registergericht N?rnberg, GenReg Nr.70 Vorstand Prof. Dieter Kempf (Vorsitzender) Dipl.-Kfm. Wolfgang Stegmann (stellvertretender Vorsitzender) Dipl.-Kfm. Michael Leistenschneider Dipl.-Kfm. Dr. Robert Mayr J?rg Rabe v. Pappenheim Dipl.-Vw. Eckhard Schwarzer Vorsitzender des Aufsichtsrates: Reinhard Verholen From andreas.schulze at datev.de Wed Sep 14 22:02:58 2011 From: andreas.schulze at datev.de (Andreas Schulze) Date: Wed, 14 Sep 2011 22:02:58 +0200 Subject: Wishlist feature In-Reply-To: <70643B19-00DD-45FA-B882-ED9BA3BA0CD8@roessner-network-solutions.com> References: <70643B19-00DD-45FA-B882-ED9BA3BA0CD8@roessner-network-solutions.com> Message-ID: <20110914200257.GB25317@spider.services.datevnet.de> Am 14.09.2011 18:14 schrieb Christian Roessner: > I found a problem with using amavis with a milter. I use postfix and normally I could use smtpd_proxy_filter to get mails over a mavis. But for some reason, I need to use milters before amavis. So I need amavisd-milter, which uses $unix_socket in amavisd. This is okay, if I only have amavis listening on one TCP port, i.e. the incoming MTA port. But what about the submission port or any other port that normally would live inside a policy bank? Christian, I had the same problem. I wrote the attached patch for amavisd-milter-1.5.0. It adds new commandline-option which uses the value of "milter_marcro_daemon_name" as name for a policy_bank. # a main.cf smtpd_milters = inet:amavisd-milter.example.com:12345 # a master.cf smtp inet n - - - - smtpd -o milter_macro_daemon_name=smtp submission inet n - - - - smtpd -o milter_macro_daemon_name=submission # amavisd.conf @listen_sockets = ( "$MYHOME/amavisd.sock" ); $protocol = 'AM.PDP'; $policy_bank{'smtp'} = { # example only! log_level => 5, }; $policy_bank{'submission'} = { originating => 1, }; -- Andreas Schulze Internetdienste | P252 DATEV eG 90329 N?rnberg | Telefon +49 911 319-0 | Telefax +49 911 319-3196 E-Mail info @datev.de | Internet www.datev.de Sitz: 90429 N?rnberg, Paumgartnerstr. 6-14 | Registergericht N?rnberg, GenReg Nr.70 Vorstand Prof. Dieter Kempf (Vorsitzender) Dipl.-Kfm. Wolfgang Stegmann (stellvertretender Vorsitzender) Dipl.-Kfm. Michael Leistenschneider Dipl.-Kfm. Dr. Robert Mayr J?rg Rabe v. Pappenheim Dipl.-Vw. Eckhard Schwarzer Vorsitzender des Aufsichtsrates: Reinhard Verholen -------------- next part -------------- A non-text attachment was scrubbed... Name: policybank.patch Type: text/x-diff Size: 4980 bytes Desc: not available URL: From grharry at freemail.gr Thu Sep 15 11:22:54 2011 From: grharry at freemail.gr (Harry Lachanas) Date: Thu, 15 Sep 2011 12:22:54 +0300 Subject: No Spam Tags or headers Message-ID: <4E71C3EE.6050906@freemail.gr> I have a strange problem on a server ( I am sure that I missed something ) Debian squeeze amavisd-new -V amavisd-new-2.6.4 (20090625) on A postfix + dovecot + dovecot-deliver I have $final_spam_destiny = D_PASS; $sa_spam_subject_tag = '**SPAM**'; $sa_tag_level_deflt = 2.0; # add spam info headers if at, or above that level $sa_tag2_level_deflt = 6.31; # add 'spam detected' headers at that level $sa_kill_level_deflt = 6.31; # triggers spam evasive actions and even though some mails are detected as SPAM and placed into quarantine dir when droped into users mail box contain no SPAM header tags ... I've tested them with the GTUBE Mail Any Ideas ??? Thanks in advance Regards Grharry From p at state-of-mind.de Thu Sep 15 11:41:39 2011 From: p at state-of-mind.de (Patrick Ben Koetter) Date: Thu, 15 Sep 2011 11:41:39 +0200 Subject: No Spam Tags or headers In-Reply-To: <4E71C3EE.6050906@freemail.gr> References: <4E71C3EE.6050906@freemail.gr> Message-ID: <20110915094139.GE6132@state-of-mind.de> * Harry Lachanas : > I have a strange problem on a server ( I am sure that I missed something ) > > Debian squeeze > > amavisd-new -V > amavisd-new-2.6.4 (20090625) > > on A postfix + dovecot + dovecot-deliver > > I have > > $final_spam_destiny = D_PASS; > $sa_spam_subject_tag = '**SPAM**'; > $sa_tag_level_deflt = 2.0; # add spam info headers if at, or above > that level > $sa_tag2_level_deflt = 6.31; # add 'spam detected' headers at that level > $sa_kill_level_deflt = 6.31; # triggers spam evasive actions > > and even though some mails are detected as SPAM and placed into > quarantine dir > > when droped into users mail box contain no SPAM header tags ... Configure @local_domains_maps and @mynetworks. p at rick -- All technical questions asked privately will be automatically answered on the list and archived for public access unless privacy is explicitely required and justified. saslfinger (debugging SMTP AUTH): From maspsr at sdu.dk Thu Sep 15 12:41:57 2011 From: maspsr at sdu.dk (=?iso-8859-1?Q?Peter_S=F8rensen?=) Date: Thu, 15 Sep 2011 12:41:57 +0200 Subject: forward_method in policy bank does'nt work Message-ID: <07734B44E9BBED4EAAD1F6968D18C004BFD46A1EE7@ADM-EXMBX0AB.adm.c.sdu.dk> Hi, I want to redirect all spam sent from a local address to a separate server. I use amavis 2.6.4 with a postfix (2.7.0) dual setup. I have a policy_bank defined as $policy_bank{'GARBAGE'} = { originating => 1, forward_method => ' smtp:[1.2.3.4]:25', ..... }; Where 1.2.3.4 is the IP of my server handling garbage. I use Amavis::Custom and if a certain conditions is meet I load this policy_bank package Amavis::Custom; use strict; BEGIN { import Amavis::Conf ; # INCLUDE ALL import Amavis::Util qw(do_log untaint safe_encode safe_decode); import Amavis::rfc2821_2822_Tools; } sub new { my($class,$conn,$msginfo) = @_; my($self) = bless {}, $class; $self; # returning an object activates further callbacks, } sub checks { # may be left out if not needed my($self,$conn,$msginfo) = @_; my($ll) = 2; # log level (0 is the most important level, 1, 2,... 5 less so) do_log($ll,"CUSTOM: new message"); my($subj) = $msginfo->get_header_field_body('subject'); if( $subj =~ /.* spam_level > $sa_tag_level_deflt ) { # Load a POLICY to service this Amavis::load_policy_bank( 'GARBAGE' ); ....... ..... } $self; } If the condition is meet I would expect the mail to be delivered to the 1.2.3.4 server at port 25. But this does'nt happen. What is wrong ? is'nt this possible or should the forward_method be a method defined in the postfix master.cf Best regards Peter Sorensen/Univ.Of.South.Denmark/email: maspsr at sdu.dk -------------- next part -------------- An HTML attachment was scrubbed... URL: From p at state-of-mind.de Fri Sep 16 00:34:19 2011 From: p at state-of-mind.de (Patrick Ben Koetter) Date: Fri, 16 Sep 2011 00:34:19 +0200 Subject: Loading a policy bank for local recipients in pre-Queue-mode? In-Reply-To: <201108252031.44296.Mark.Martinec+amavis@ijs.si> References: <20110823153318.GE6688@state-of-mind.de> <201108252031.44296.Mark.Martinec+amavis@ijs.si> Message-ID: <20110915223419.GA1498@state-of-mind.de> Mark, * Mark Martinec : > > Maybe I stared to long at the monitor ... > > > > How can I load a policy bank for local recipients when I use Postfix in > > pre-queue-mode? > > > > - I can't use Postfix access (5) tables to route the recipient domain to a > > filter (amavis) on a dedicated port that maps the recipient to a > > dedicated $policy_bank. > > - There don't seem to be any SQL fields or LDAP attributes to specify a > > (list of) $policy_banks for that recipient (domain). > > - There doesn't seem to be a perl array, e.g. @recipient_policy, like > > @author_to_policy_bank_maps or @client_ipaddr_policy to go with. > > - I can imagine an LDAP object to give me a subset of what a $policy_bank > > can do, but not the full $policy_bank feature set > > > How can I load a policy bank for local recipients when I use Postfix in > > pre-queue-mode? > > You can't. A policy bank affects a message as a whole, so it only makes > sense to load it based on some common property of a message as a whole. > A message can have mulple recipients, which is why you can't load > a policy bank based on recipient info. but, ... ... the message could have 10 recipients in 2 recipient domains. Maybe I don't get it yet, but to me amavis could _simply_ load multiple policy_banks, e.g. one per recipient domain. It just seems like adding another layer before amavis offers completely individualized recipient policies e.g. such as an LDAP lookup does when it returns a list of recipient specific policy options: MAY ( amavisVirusLover $ amavisBypassVirusChecks $ amavisSpamLover $ amavisBypassSpamChecks $ amavisBannedFilesLover $ amavisBypassBannedChecks $ amavisBadHeaderLover $ amavisBypassHeaderChecks $ amavisSpamTagLevel $ amavisSpamTag2Level $ amavisSpamKillLevel $ amavisWhitelistSender $ amavisBlacklistSender $ amavisSpamQuarantineTo $ amavisVirusQuarantineTo $ amavisBannedQuarantineTo $ amavisBadHeaderQuarantineTo $ amavisArchiveQuarantineTo $ amavisSpamModifiesSubj $ amavisLocal $ amavisMessageSizeLimit $ amavisWarnVirusRecip $ amavisWarnBannedRecip $ amavisWarnBadHeaderRecip $ amavisVirusAdmin $ amavisNewVirusAdmin $ amavisSpamAdmin $ amavisBannedAdmin $ amavisBadHeaderAdmin $ amavisBannedRuleNames $ amavisSpamDsnCutoffLevel $ amavisSpamQuarantineCutoffLevel $ amavisSpamSubjectTag $ amavisSpamSubjectTag2 $ cn $ description ) ) I know the list above doesn't match what a $policy_bank offers, but to me it looks like _some_ kind of policy bank. p at rick -- All technical questions asked privately will be automatically answered on the list and archived for public access unless privacy is explicitely required and justified. saslfinger (debugging SMTP AUTH): From postmaster at abetternet.net Sat Sep 17 00:12:00 2011 From: postmaster at abetternet.net (Yanek) Date: Sat, 17 Sep 2011 00:12:00 +0200 Subject: critsend (/gridsend?)... what's the(ir) trick? Message-ID: <4E73C9B0.2040206@abetternet.net> Hello list, A few days ago, I posted this message to the spamassassin user list... Message follows. Since spamassassin is called by amavis, I've been advised to start over again on the amavis list. Hello list, Please bear with me if it has been asked already, I searched the archives a bit and could not find any answer. One of my email address is subscribed to a site that seems to use Critsend for its outgoing mails. Since I like to watch after the SA scores of all incoming mails, I've noticed that theses mails are _never_ tagged. I've modified the $sa_tag_level_deflt of amavis to get SA scores below -100 displayed in headers. I got no score in the headers for these emails. I then modified the same parameter to get SA scores below -1000 displayed. I still get no score. Does someone has any idea on how these SMTP providers manage to have their outgoing mails escape SA scoring? Thanks I've been asked to post an example of such a message to pastebin. Here it is: http://pastebin.com/dpnYY16K Any clue for me? Feedback will be greatly appreciated :) Thanks. From njones at megan.vbhcs.org Sat Sep 17 00:31:45 2011 From: njones at megan.vbhcs.org (Noel Jones) Date: Fri, 16 Sep 2011 17:31:45 -0500 Subject: critsend (/gridsend?)... what's the(ir) trick? In-Reply-To: <4E73C9B0.2040206@abetternet.net> References: <4E73C9B0.2040206@abetternet.net> Message-ID: <4E73CE51.3040704@megan.vbhcs.org> On 9/16/2011 5:12 PM, Yanek wrote: > Does someone has any idea on how these SMTP providers manage to have > their outgoing mails escape SA scoring? Check your logs. Possibilities include (but are probably not limited to): - it *is* scanned but not adding headers for some reason on your end - you've whitelisted them - mail exceeds your max scan size - the mail doesn't pass through amavisd due to some configuration on your end If you don't see anything interesting, increase the log level. There is no secret bypass flag. -- Noel Jones From mr88talent at gmail.com Sat Sep 17 06:21:53 2011 From: mr88talent at gmail.com (Gary V) Date: Fri, 16 Sep 2011 22:21:53 -0600 Subject: critsend (/gridsend?)... what's the(ir) trick? In-Reply-To: <4E73CE51.3040704@megan.vbhcs.org> References: <4E73C9B0.2040206@abetternet.net> <4E73CE51.3040704@megan.vbhcs.org> Message-ID: On 9/16/11, Noel Jones wrote: > On 9/16/2011 5:12 PM, Yanek wrote: >> Does someone has any idea on how these SMTP providers manage to have >> their outgoing mails escape SA scoring? > > > Check your logs. > > > Possibilities include (but are probably not limited to): > - it *is* scanned but not adding headers for some reason on your end > - you've whitelisted them > - mail exceeds your max scan size > - the mail doesn't pass through amavisd due to some configuration on > your end > > If you don't see anything interesting, increase the log level. > There is no secret bypass flag. > > > -- Noel Jones > If these seem to come from the same sender, you can turn up debugging for the first message they send after restarting amavisd-new: @debug_sender_maps = ( ['sender at example.com'] ); this will turn debugging level up to 5 for the one message. -- Gary V From mr88talent at gmail.com Sat Sep 17 06:32:36 2011 From: mr88talent at gmail.com (Gary V) Date: Fri, 16 Sep 2011 22:32:36 -0600 Subject: critsend (/gridsend?)... what's the(ir) trick? In-Reply-To: References: <4E73C9B0.2040206@abetternet.net> <4E73CE51.3040704@megan.vbhcs.org> Message-ID: On 9/16/11, Gary V wrote: > On 9/16/11, Noel Jones wrote: >> On 9/16/2011 5:12 PM, Yanek wrote: >>> Does someone has any idea on how these SMTP providers manage to have >>> their outgoing mails escape SA scoring? >> >> >> Check your logs. >> >> >> Possibilities include (but are probably not limited to): >> - it *is* scanned but not adding headers for some reason on your end >> - you've whitelisted them >> - mail exceeds your max scan size >> - the mail doesn't pass through amavisd due to some configuration on >> your end >> >> If you don't see anything interesting, increase the log level. >> There is no secret bypass flag. >> >> >> -- Noel Jones >> > > If these seem to come from the same sender, you can turn up debugging > for the first message they send after restarting amavisd-new: > > @debug_sender_maps = ( ['sender at example.com'] ); > > this will turn debugging level up to 5 for the one message. > Oh yeah, and the most common reason you do not get headers is because the recipient domain is not considered 'local' (it's not included in @local_domains_maps). Also, you can set: $sa_tag_level_deflt = undef; which sets it lower than any possible score. -- Gary V From postmaster at abetternet.net Sat Sep 17 23:55:31 2011 From: postmaster at abetternet.net (Yanek) Date: Sat, 17 Sep 2011 23:55:31 +0200 Subject: critsend (/gridsend?)... what's the(ir) trick? In-Reply-To: References: <4E73C9B0.2040206@abetternet.net> <4E73CE51.3040704@megan.vbhcs.org> Message-ID: <4E751753.1010802@abetternet.net> Thanks to both of you :) Comment below... Le 17/09/2011 06:32, Gary V a ?crit : > On 9/16/11, Gary V wrote: >> On 9/16/11, Noel Jones wrote: >>> On 9/16/2011 5:12 PM, Yanek wrote: >>>> Does someone has any idea on how these SMTP providers manage to have >>>> their outgoing mails escape SA scoring? >>> >>> Check your logs. >>> >>> >>> Possibilities include (but are probably not limited to): >>> - it *is* scanned but not adding headers for some reason on your end Indeed, I checked my logs and it was actually scanned... >>> - you've whitelisted them >>> - mail exceeds your max scan size >>> - the mail doesn't pass through amavisd due to some configuration on >>> your end >>> >>> If you don't see anything interesting, increase the log level. >>> There is no secret bypass flag. >>> >>> >>> -- Noel Jones >>> >> If these seem to come from the same sender, you can turn up debugging >> for the first message they send after restarting amavisd-new: >> >> @debug_sender_maps = ( ['sender at example.com'] ); >> >> this will turn debugging level up to 5 for the one message. >> > Oh yeah, and the most common reason you do not get headers is because > the recipient domain is not considered 'local' (it's not included in > @local_domains_maps). Correct; this domain was not in @local_domain_acl I fixed this and the tags are now displayed. Special thanks to Gary, you got the answers to my 2 questions (so far) in no time :) One additional one, which of @local_domains_maps or @local_domain_acl is the newest directive? (ie: Will I have to switch from acl to maps when I'll upgrade amavis?) Regards From mr88talent at gmail.com Sun Sep 18 01:56:56 2011 From: mr88talent at gmail.com (Gary V) Date: Sat, 17 Sep 2011 17:56:56 -0600 Subject: critsend (/gridsend?)... what's the(ir) trick? In-Reply-To: <4E751753.1010802@abetternet.net> References: <4E73C9B0.2040206@abetternet.net> <4E73CE51.3040704@megan.vbhcs.org> <4E751753.1010802@abetternet.net> Message-ID: On 9/17/11, Yanek wrote: > Thanks to both of you :) > Comment below... > > Le 17/09/2011 06:32, Gary V a ?crit : >> On 9/16/11, Gary V wrote: >>> On 9/16/11, Noel Jones wrote: >>>> On 9/16/2011 5:12 PM, Yanek wrote: >>>>> Does someone has any idea on how these SMTP providers manage to have >>>>> their outgoing mails escape SA scoring? >>>> >>>> Check your logs. >>>> >>>> >>>> Possibilities include (but are probably not limited to): >>>> - it *is* scanned but not adding headers for some reason on your end > > Indeed, I checked my logs and it was actually scanned... > >>>> - you've whitelisted them >>>> - mail exceeds your max scan size >>>> - the mail doesn't pass through amavisd due to some configuration on >>>> your end >>>> >>>> If you don't see anything interesting, increase the log level. >>>> There is no secret bypass flag. >>>> >>>> >>>> -- Noel Jones >>>> >>> If these seem to come from the same sender, you can turn up debugging >>> for the first message they send after restarting amavisd-new: >>> >>> @debug_sender_maps = ( ['sender at example.com'] ); >>> >>> this will turn debugging level up to 5 for the one message. >>> >> Oh yeah, and the most common reason you do not get headers is because >> the recipient domain is not considered 'local' (it's not included in >> @local_domains_maps). > > Correct; this domain was not in @local_domain_acl > I fixed this and the tags are now displayed. > Special thanks to Gary, you got the answers to my 2 questions (so far) > in no time :) > > One additional one, which of @local_domains_maps or @local_domain_acl is > the newest directive? > (ie: Will I have to switch from acl to maps when I'll upgrade amavis?) > > Regards > @local_domains_maps is newer. The default value is: @local_domains_maps=(\%local_domains,\@local_domains_acl,\$local_domains_re); This is shown in amavisd.conf-default (included with the source code) which illustrates all the default values. This is from amavisd.conf-sample (no longer provided with 2.7.x or newer): # Lookup list of local domains (see README.lookups for syntax details) # # @local_domains_maps is a list of lookup tables which are used in deciding # whether a recipient is local or not, or in other words, if the message is # outgoing or not. This affects inserting spam-related and OS fingerprinting # header fields for local recipients, editing Subject header field and allowing # mail body defanging, limiting recipient notifications to local recipients, # in deciding if address extension may be appended, in matching mail addresses # to non-fqdn SQL record keys, for proper operation of pen pals feature, # for selecting statistics counters (distinguishing outgoing from internal- # to internal mail), and possibly more in future versions. # Set it up correctly if you need features that rely on this setting. # # With Postfix (2.0) a quick hint on what local domains normally are: # a union of domains specified in: mydestination, virtual_alias_domains, # virtual_mailbox_domains, and relay_domains. @local_domains_maps = ( [".$mydomain"] ); # $mydomain and its subdomains # @local_domains_maps = (); # default is empty list, no recip. considered local # @local_domains_maps = # using ACL lookup table # ( [ ".$mydomain", 'sub.example.net', '.example.com' ] ); # @local_domains_maps = # similar, split list elements on whitespace # ( [qw( .example.com !host.sub.example.net .sub.example.net )] ); # @local_domains_maps = ( new_RE( qr'[@.]example\.com$'i ) ); # using regexp # @local_domains_maps = ( read_hash("$MYHOME/local_domains") ); # using hash # perhaps combined with Postfix: mydestination = /var/amavis/local_domains # for debugging purposes: dump_hash($local_domains_maps[0]); -- Gary V From postmaster at abetternet.net Sun Sep 18 02:44:42 2011 From: postmaster at abetternet.net (Yanek) Date: Sun, 18 Sep 2011 02:44:42 +0200 Subject: critsend (/gridsend?)... what's the(ir) trick? In-Reply-To: References: <4E73C9B0.2040206@abetternet.net> <4E73CE51.3040704@megan.vbhcs.org> <4E751753.1010802@abetternet.net> Message-ID: <4E753EFA.5020500@abetternet.net> Le 18/09/2011 01:56, Gary V a ?crit : > @local_domains_maps is newer. The default value is: > @local_domains_maps=(\%local_domains,\@local_domains_acl,\$local_domains_re); > This is shown in amavisd.conf-default (included with the source code) > which illustrates all the default values. This is from > amavisd.conf-sample (no longer provided with 2.7.x or newer): OK, got it. Thanks again, this is much appreciated :) From mysqlstudent at gmail.com Mon Sep 19 23:04:45 2011 From: mysqlstudent at gmail.com (Alex) Date: Mon, 19 Sep 2011 17:04:45 -0400 Subject: Submission clients bypass MYNETS policy Message-ID: Hi, I have set up an amavisd-new with postfix/spamassassin on fedora15. I'm trying to set up a disclaimer footer using amavisd because I also need always_bcc, and was having a problem with postfix duplicating the messages as a result. Webmail now properly attaches the disclaimer footer using my amavisd config, but somehow submission clients are bypassing the MYNETS policy, which is where "allow_disclaimers = 1" is set. Here's a snapshot from the logs. "remotenet.net" is the remote host and "mylocalnet.net" is the amavisd host. Sep 19 16:42:42 mail postfix/smtpd[25223]: 298372202AC: client=orion.remotenet.net[68.195.xxx.yy], sasl_method=PLAIN, sasl_username=gdadmin Sep 19 16:42:42 mail postfix/cleanup[23849]: 298372202AC: message-id=<4E77A940.7050902 at mylocalnet.net> Sep 19 16:42:42 mail postfix/qmgr[13505]: 298372202AC: from=, size=778, nrcpt=1 (queue active ) Sep 19 16:42:42 mail amavis[25188]: (25188-01) ESMTP::10024 /var/spool/amavisd/tmp/amavis-20110919T164242-25188: -> SIZE=778 Received: from mail.mylocalnet.net ([127.0.0.1]) by localhost (mail.mylocalnet.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP for ; Mon, 19 Sep 2011 16:42:42 -0400 (EDT) Sep 19 16:42:42 mail amavis[25188]: (25188-01) Checking: gVCO0A-ajTZ8 [68.195.xxx.yy] -> Sep 19 16:42:42 mail amavis[25188]: (25188-01) Open relay? Nonlocal recips but not originating: gdadmin at remotenet.net Sep 19 16:42:42 mail amavis[25188]: (25188-01) p001 1 Content-Type: text/plain, size: 10 B, name: Sep 19 16:42:42 mail postfix/smtpd[25223]: disconnect from orion.remotenet.net[68.195.xxx.yy] Sep 19 16:42:43 mail amavis[25188]: (25188-01) mangling NO: 0 (orig: disclaimer), discl_allowed=0, -> Sep 19 16:42:43 mail postfix/smtpd[23853]: connect from localhost[127.0.0.1] Sep 19 16:42:43 mail postfix/smtpd[23853]: 0AB1C2202C4: client=orion.remotenet.net[68.195.xxx.yy] Sep 19 16:42:43 mail postfix/cleanup[23849]: 0AB1C2202C4: message-id=<4E77A940.7050902 at mylocalnet.net> Sep 19 16:42:43 mail postfix/qmgr[13505]: 0AB1C2202C4: from=, size=1269, nrcpt=2 (queue active) Sep 19 16:42:43 mail amavis[25188]: (25188-01) FWD via SMTP: -> ,BODY=7BIT 250 2.0.0 Ok, id=25188-01, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 0AB1C2202C4 Sep 19 16:42:43 mail amavis[25188]: (25188-01) Passed CLEAN, [68.195.xxx.yy] [68.195.xxx.yy] -> , Message-ID: <4E77A940.7050902 at mylocalnet.net>, mail_id: gVCO0A-ajTZ8, Hits: -2.9, size: 778, queued_as: 0AB1C2202C4, 744 ms I also don't understand why it's complaining about "nonlocal recips" when mylocalnet.net is in the local_domains_maps. Here is the relevant amavisd.conf config: @local_domains_maps = ( [".$mydomain", "mylocalnet.net"] ); # list of all local domains $altermime = '/usr/bin/altermime'; @altermime_args_disclaimer = qw( --verbose \ --disclaimer=/etc/postfix/disclaimer.txt \ --disclaimer-html=/etc/postfix/disclaimer.txt); $defang_maps_by_ccat{+CC_CATCHALL} = [ 'disclaimer' ]; $defang_maps_by_ccat{+CC_UNCHECKED} = [ 'disclaimer' ]; $policy_bank{'MYNETS'} = { # mail originating from @mynetworks originating => 1, # is true in MYNETS by default, but let's make it explicit os_fingerprint_method => undef, # don't query p0f for internal clients allow_disclaimers => 1, terminate_dsn_on_notify_success => 0, # don't remove NOTIFY=SUCCESS option }; Here is my postfix config: smtp inet n - n - - smtpd -o receive_override_options=no_address_mappings submission inet n - n - - smtpd -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o receive_override_options=no_address_mappings smtp-amavis unix - - n - 2 smtp -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes -o max_use=20 127.0.0.1:10025 inet n - n - 2 smtpd -o content_filter= -o smtpd_delay_reject=no -o smtpd_client_restrictions=permit_mynetworks,reject -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_data_restrictions=reject_unauth_pipelining -o smtpd_end_of_data_restrictions= -o smtpd_restriction_classes= -o mynetworks=127.0.0.0/8 -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 -o smtpd_client_connection_count_limit=0 -o smtpd_client_connection_rate_limit=0 -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters -o smtp_send_xforward_command=yes -o local_header_rewrite_clients= main.cf: ~~~~~~~~~~~~~~~ alias_database = hash:/etc/postfix/aliases alias_maps = hash:/etc/postfix/aliases always_bcc = emailcomp at mylocalnet.net biff = no command_directory = /usr/sbin config_directory = /etc/postfix content_filter = smtp-amavis:[127.0.0.1]:10024 daemon_directory = /usr/libexec/postfix data_directory = /var/lib/postfix delay_warning_time = 4h disable_vrfy_command = yes header_checks = pcre:/etc/postfix/header_checks.pcre html_directory = no mail_owner = postfix mailbox_size_limit = 2000000000 mailq_path = /usr/bin/mailq manpage_directory = /usr/share/man maximal_queue_lifetime = 5d message_size_limit = 15360000 mydestination = $myhostname, localhost.$mydomain, mylocaldomain.net mydomain = mylocaldomain.net myhostname = mail.mylocaldomain.net mynetworks = 127.0.0.0/8, 192.168.1.0/24, 68.115.xxx.yyy/32 newaliases_path = /usr/bin/newaliases queue_directory = /var/spool/postfix rbl_reply_maps = ${stress?hash:/etc/postfix/rbl_reply_maps} readme_directory = /usr/share/doc/postfix-2.7.5/README_FILES relay_clientcerts = hash:/etc/postfix/relay_clientcerts relay_domains = $mydestination, $transport_maps relayhost = sample_directory = /usr/share/doc/postfix-2.7.5/samples sender_canonical_maps = sendmail_path = /usr/sbin/sendmail setgid_group = postdrop smtp_sasl_security_options = noplaintext, noanonymous smtp_send_xforward_command = yes smtp_tls_CAfile = /etc/pki/tls/cacert.pem smtpd_authorized_xforward_hosts = $mynetworks smtpd_recipient_restrictions = reject_non_fqdn_recipient, check_client_access hash:/etc/postfix/client_checks_special, check_sender_access hash:/etc/postfix/sender_checks_special, reject_non_fqdn_sender, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_invalid_helo_hostname, check_client_access hash:/etc/postfix/client_checks, check_sender_access hash:/etc/postfix/sender_checks, check_recipient_access pcre:/etc/postfix/relay_recips_access, reject_rbl_client zen.spamhaus.org, permit smtpd_sasl_auth_enable = yes smtpd_sasl_authenticated_header = yes smtpd_sasl_path = private/auth smtpd_sasl_security_options = noanonymous, noplaintext smtpd_sasl_tls_security_options = noanonymous smtpd_sasl_type = dovecot smtpd_tls_auth_only = yes smtpd_tls_cert_file = /etc/pki/dovecot/certs/dovecot.pem smtpd_tls_key_file = /etc/pki/dovecot/private/dovecot.pem smtpd_tls_received_header = yes smtpd_tls_security_level = may smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_tls_session_cache tls_random_source = dev:/dev/urandom transport_maps = virtual_alias_maps = hash:/etc/postfix/virtual Any suggestions greatly appreciated. Thanks, Alex From p at state-of-mind.de Mon Sep 19 23:23:45 2011 From: p at state-of-mind.de (Patrick Ben Koetter) Date: Mon, 19 Sep 2011 23:23:45 +0200 Subject: Submission clients bypass MYNETS policy In-Reply-To: References: Message-ID: <20110919212345.GA27077@state-of-mind.de> * Alex : > Hi, > I have set up an amavisd-new with postfix/spamassassin on fedora15. > I'm trying to set up a disclaimer footer using amavisd because I also > need always_bcc, and was having a problem with postfix duplicating the > messages as a result. > > Webmail now properly attaches the disclaimer footer using my amavisd > config, but somehow submission clients are bypassing the MYNETS > policy, which is where "allow_disclaimers = 1" is set. > > Here's a snapshot from the logs. "remotenet.net" is the remote host > and "mylocalnet.net" is the amavisd host. Deliver submission mail to amavis on a decicated amavis port. Map that port to a policy bank e.g. MYNETS. -- All technical questions asked privately will be automatically answered on the list and archived for public access unless privacy is explicitely required and justified. saslfinger (debugging SMTP AUTH): From mysqlstudent at gmail.com Mon Sep 19 23:54:07 2011 From: mysqlstudent at gmail.com (Alex) Date: Mon, 19 Sep 2011 17:54:07 -0400 Subject: Submission clients bypass MYNETS policy In-Reply-To: <20110919212345.GA27077@state-of-mind.de> References: <20110919212345.GA27077@state-of-mind.de> Message-ID: Hi, >> I have set up an amavisd-new with postfix/spamassassin on fedora15. >> I'm trying to set up a disclaimer footer using amavisd because I also >> need always_bcc, and was having a problem with postfix duplicating the >> messages as a result. >> >> Webmail now properly attaches the disclaimer footer using my amavisd >> config, but somehow submission clients are bypassing the MYNETS >> policy, which is where "allow_disclaimers = 1" is set. >> >> Here's a snapshot from the logs. "remotenet.net" is the remote host >> and "mylocalnet.net" is the amavisd host. > > Deliver submission mail to amavis on a decicated amavis port. Map that port to > a policy bank e.g. MYNETS. Can you guide me to where I can find information on how to do that? Thanks so much for your help. Best, Alex From mysqlstudent at gmail.com Tue Sep 20 02:20:56 2011 From: mysqlstudent at gmail.com (Alex) Date: Mon, 19 Sep 2011 20:20:56 -0400 Subject: Submission clients bypass MYNETS policy In-Reply-To: References: <20110919212345.GA27077@state-of-mind.de> Message-ID: Hi, >>> I have set up an amavisd-new with postfix/spamassassin on fedora15. >>> I'm trying to set up a disclaimer footer using amavisd because I also >>> need always_bcc, and was having a problem with postfix duplicating the >>> messages as a result. >>> >>> Webmail now properly attaches the disclaimer footer using my amavisd >>> config, but somehow submission clients are bypassing the MYNETS >>> policy, which is where "allow_disclaimers = 1" is set. >>> >>> Here's a snapshot from the logs. "remotenet.net" is the remote host >>> and "mylocalnet.net" is the amavisd host. >> >> Deliver submission mail to amavis on a decicated amavis port. Map that port to >> a policy bank e.g. MYNETS. > > Can you guide me to where I can find information on how to do that? I've spent quite a bit more time on this, trying to figure out how to create another dedicated port by following http://www.ijs.si/software/amavisd/README.postfix.html Is this the correct document to be using? I tried implementing these steps, including the pre-cleanup, and other postfix changes apparently remapping the cleanup service for the always_bcc option, and it still results in duplicated messages and no disclaimer footer. Can you help me to understand which parts of that document, if any, I should be concentrating on, and how it relates to my situation? Thanks, Alex From mr88talent at gmail.com Tue Sep 20 03:15:10 2011 From: mr88talent at gmail.com (Gary V) Date: Mon, 19 Sep 2011 19:15:10 -0600 Subject: Submission clients bypass MYNETS policy In-Reply-To: References: <20110919212345.GA27077@state-of-mind.de> Message-ID: On 9/19/11, Alex wrote: > Hi, > >>>> I have set up an amavisd-new with postfix/spamassassin on fedora15. >>>> I'm trying to set up a disclaimer footer using amavisd because I also >>>> need always_bcc, and was having a problem with postfix duplicating the >>>> messages as a result. >>>> >>>> Webmail now properly attaches the disclaimer footer using my amavisd >>>> config, but somehow submission clients are bypassing the MYNETS >>>> policy, which is where "allow_disclaimers = 1" is set. >>>> >>>> Here's a snapshot from the logs. "remotenet.net" is the remote host >>>> and "mylocalnet.net" is the amavisd host. >>> >>> Deliver submission mail to amavis on a decicated amavis port. Map that >>> port to >>> a policy bank e.g. MYNETS. >> >> Can you guide me to where I can find information on how to do that? > > I've spent quite a bit more time on this, trying to figure out how to > create another dedicated port by following > http://www.ijs.si/software/amavisd/README.postfix.html > > Is this the correct document to be using? I tried implementing these > steps, including the pre-cleanup, and other postfix changes apparently > remapping the cleanup service for the always_bcc option, and it still > results in duplicated messages and no disclaimer footer. > > Can you help me to understand which parts of that document, if any, I > should be concentrating on, and how it relates to my situation? > > Thanks, > Alex > Example: in master.cf: submission inet n - n - - smtpd -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o receive_override_options=no_address_mappings -o content_filter=smtp-amavis:[127.0.0.1]:10026 in amavisd.conf: $inet_socket_port = [10024, 10026]; $interface_policy{'10026'} = 'TRUSTED'; $policy_bank{'TRUSTED'} = { # mail originating from trusted senders originating => 1, # is true in MYNETS by default, but let's make it explicit os_fingerprint_method => undef, # don't query p0f for internal clients allow_disclaimers => 1, terminate_dsn_on_notify_success => 0, # don't remove NOTIFY=SUCCESS option }; -- Gary V From p at state-of-mind.de Tue Sep 20 07:50:39 2011 From: p at state-of-mind.de (Patrick Ben Koetter) Date: Tue, 20 Sep 2011 07:50:39 +0200 Subject: Submission clients bypass MYNETS policy In-Reply-To: References: <20110919212345.GA27077@state-of-mind.de> Message-ID: <20110920055039.GA2209@state-of-mind.de> * Gary V : > Example: > > in master.cf: > > submission inet n - n - - smtpd > -o smtpd_tls_security_level=encrypt > -o smtpd_sasl_auth_enable=yes > -o smtpd_client_restrictions=permit_sasl_authenticated,reject > -o receive_override_options=no_address_mappings > -o content_filter=smtp-amavis:[127.0.0.1]:10026 You MAY be less strict on the TLS side. The submission RFC recommends TLS, but doesn't say it is mandatory. If you allow plaintext authentication mechanisms such as PLAIN or LOGIN, you should set "encrypt" as smtpd_tls_security_level. In any other case you can choose "may". p at rick -- All technical questions asked privately will be automatically answered on the list and archived for public access unless privacy is explicitely required and justified. saslfinger (debugging SMTP AUTH): From huetmann at violine.at Tue Sep 20 10:32:17 2011 From: huetmann at violine.at (Peter Huetmannsberger) Date: Tue, 20 Sep 2011 10:32:17 +0200 (CEST) Subject: Which interface for sql connection? Message-ID: Hello, yesterday I had a very weird phenomenon. I activated a new network interface, which happened to be eth0. After that amavisd didn't work anymore, because the user amavis at newIPadress was not allowed to connect to the mysqlDB. I was suprised to see that amavis does not try to connect to the DB via 127.0.0.1 Is there something wrong with my setup, or is there a place where I can define which IPaddress (it's all running on the same server, which happens to have 3 network interfaces) the daemon uses to connect to the DB? Any help would be appreciated, Thanks, .peter -- ----------------------------------------- Please note that my email has changed to: huetmann at violine.at From portase.florin at medianetork.ro Mon Sep 19 13:28:05 2011 From: portase.florin at medianetork.ro (Florin Portase) Date: Mon, 19 Sep 2011 13:28:05 +0200 Subject: Which interface for sql =?UTF-8?Q?connection=3F?= In-Reply-To: References: Message-ID: If you want to allow user amavis to connect from any IPs do drop user amavis; grant all privileges on database.* to 'amavis'@'%' identified by 'password2122' flush privileges; On Tue, 20 Sep 2011 10:32:17 +0200 (CEST), Peter Huetmannsberger wrote: > Hello, > > yesterday I had a very weird phenomenon. I activated a new network > interface, which happened to be eth0. > > After that amavisd didn't work anymore, because the user > amavis at newIPadress was not allowed to connect to the mysqlDB. > > I was suprised to see that amavis does not try to connect to the DB > via 127.0.0.1 > > Is there something wrong with my setup, or is there a place where I > can define which IPaddress (it's all running on the same server, > which > happens to have 3 network interfaces) the daemon uses to connect to > the DB? > > Any help would be appreciated, > > Thanks, > .peter From huetmann at violine.at Tue Sep 20 11:52:14 2011 From: huetmann at violine.at (=?utf-8?Q?Peter_H=C3=BCtmannsberger?=) Date: Tue, 20 Sep 2011 11:52:14 +0200 Subject: Which interface for sql connection? In-Reply-To: References: Message-ID: Thank you, I do realise that. I would like to know, why it used a different IP address after activating the new network interface. Thanks again. .peter On 19.09.2011, at 13:28, Florin Portase wrote: > If you want to allow user amavis to connect from any IPs do > > drop user amavis; > grant all privileges on database.* to 'amavis'@'%' identified by 'password2122' > flush privileges; > > On Tue, 20 Sep 2011 10:32:17 +0200 (CEST), Peter Huetmannsberger wrote: >> Hello, >> >> yesterday I had a very weird phenomenon. I activated a new network >> interface, which happened to be eth0. >> >> After that amavisd didn't work anymore, because the user >> amavis at newIPadress was not allowed to connect to the mysqlDB. >> >> I was suprised to see that amavis does not try to connect to the DB >> via 127.0.0.1 >> >> Is there something wrong with my setup, or is there a place where I >> can define which IPaddress (it's all running on the same server, which >> happens to have 3 network interfaces) the daemon uses to connect to >> the DB? >> >> Any help would be appreciated, >> >> Thanks, >> .peter > From Mark.Martinec+amavis at ijs.si Tue Sep 20 17:48:28 2011 From: Mark.Martinec+amavis at ijs.si (Mark Martinec) Date: Tue, 20 Sep 2011 17:48:28 +0200 Subject: Which interface for sql connection? In-Reply-To: References: Message-ID: <201109201748.28504.Mark.Martinec+amavis@ijs.si> Peter, > yesterday I had a very weird phenomenon. I activated a new > network interface, which happened to be eth0. > > After that amavisd didn't work anymore, because the user > amavis at newIPadress was not allowed to connect to the mysqlDB. > > I was suprised to see that amavis does not try to connect to the DB via > 127.0.0.1 > > Is there something wrong with my setup, or is there a place where I can > define which IPaddress (it's all running on the same server, which happens > to have 3 network interfaces) the daemon uses to connect to the DB? How are your @lookup_sql_dsn and/or @storage_sql_dsn defined? The host name (or its IP address) declared there (as part of a data set name) usually also determines the source IP address, but the exact logic is left for the kernel or a TCP/IP stack to decide. If the specified host is 127.0.0.1 or 'localhost' or '::1', it is most likely the source IP address will also belong to a loopback interface. Currently there is no way in DBI->connect() to force a source IP address, but there is rarely any need for that. Mark From huetmann at violine.at Tue Sep 20 18:13:28 2011 From: huetmann at violine.at (Peter Huetmannsberger) Date: Tue, 20 Sep 2011 18:13:28 +0200 (CEST) Subject: Which interface for sql connection? In-Reply-To: <201109201748.28504.Mark.Martinec+amavis@ijs.si> References: <201109201748.28504.Mark.Martinec+amavis@ijs.si> Message-ID: Hello Mark, thank you for your answer. (More below) On Tue, 20 Sep 2011, Mark Martinec wrote: > Peter, > >> yesterday I had a very weird phenomenon. I activated a new >> network interface, which happened to be eth0. >> >> After that amavisd didn't work anymore, because the user >> amavis at newIPadress was not allowed to connect to the mysqlDB. >> >> I was suprised to see that amavis does not try to connect to the DB via >> 127.0.0.1 >> >> Is there something wrong with my setup, or is there a place where I can >> define which IPaddress (it's all running on the same server, which happens >> to have 3 network interfaces) the daemon uses to connect to the DB? > > How are your @lookup_sql_dsn and/or @storage_sql_dsn defined? > > The host name (or its IP address) declared there (as part of a data set name) > usually also determines the source IP address, but the exact logic is left > for the kernel or a TCP/IP stack to decide. If the specified host is 127.0.0.1 > or 'localhost' or '::1', it is most likely the source IP address will also > belong to a loopback interface. > > Currently there is no way in DBI->connect() to force a source IP address, > but there is rarely any need for that. @lookup_sql_dsn = ( ['DBI:mysql:database=mail;host=127.0.0.1;port=3306', 'amavis', 'password_not_shown'] ); @storage_sql_dsn = @lookup_sql_dsn; host 127.0.0.1 returns localhost yet in the logs I got: connect_to_sql: unable to connect to DSN 'DBI:mysql:database=mail;host=127.0.0.1;port=3306': Access denied for user 'amavis'@'192.168.101.1' the interface eth0 is configured for 192.168.101.1 Very strange. There is no mention whatsoever of that IPaddress in the amavisd.conf. Turning off that interface made it work again (obviously). I am rather amazed about this behaviour, but I am sure it is a problem beyond amavis. Thanks again, .peter > > Mark > -- ----------------------------------------- Please note that my email has changed to: huetmann at violine.at From Mark.Martinec+amavis at ijs.si Tue Sep 20 18:55:52 2011 From: Mark.Martinec+amavis at ijs.si (Mark Martinec) Date: Tue, 20 Sep 2011 18:55:52 +0200 Subject: forward_method in policy bank does'nt work In-Reply-To: <07734B44E9BBED4EAAD1F6968D18C004BFD46A1EE7@ADM-EXMBX0AB.adm.c.sdu.dk> References: <07734B44E9BBED4EAAD1F6968D18C004BFD46A1EE7@ADM-EXMBX0AB.adm.c.sdu.dk> Message-ID: <201109201855.52666.Mark.Martinec+amavis@ijs.si> Peter, > I want to redirect all spam sent from a local address to a separate server. > I use amavis 2.6.4 with a postfix (2.7.0) dual setup. > > I have a policy_bank defined as > > $policy_bank{'GARBAGE'} = { > originating => 1, > forward_method => ' smtp:[1.2.3.4]:25', Leave out the space before smtp. > ..... > }; > Where 1.2.3.4 is the IP of my server handling garbage. > > I use Amavis::Custom and if a certain conditions is meet I load this > policy_bank > [...] > sub checks { > Amavis::load_policy_bank( 'GARBAGE' ); > If the condition is meet I would expect the mail to be delivered to the > 1.2.3.4 server at port 25. But this does'nt happen. > > What is wrong ? is'nt this possible or should the forward_method be a > method defined in the postfix master.cf This should work with amavisd 2.7.0, but unfortunately not with 2.6.*. The reason is that a value of forward_method is copied to $msginfo->delivery_method *before* checks are made, so when your custom hook 'checks' is activated, it is too late - it does replace the forward_method, but not replace its copy in delivery_method(). A workaround is for your custom hook to also explicitly replace the delivery_method value when it loads a GARBAGE policy bank: sub checks { # may be left out if not needed my($self,$conn,$msginfo) = @_; ... Amavis::load_policy_bank( 'GARBAGE' ); $msginfo->delivery_method('smtp:[1.2.3.4]:25'); ... Mark From Mark.Martinec+amavis at ijs.si Tue Sep 20 19:52:33 2011 From: Mark.Martinec+amavis at ijs.si (Mark Martinec) Date: Tue, 20 Sep 2011 19:52:33 +0200 Subject: Wishlist feature In-Reply-To: <20110914200257.GB25317@spider.services.datevnet.de> References: <70643B19-00DD-45FA-B882-ED9BA3BA0CD8@roessner-network-solutions.com> <20110914200257.GB25317@spider.services.datevnet.de> Message-ID: <201109201952.33583.Mark.Martinec+amavis@ijs.si> Christian, > I found a problem with using amavis with a milter. I use postfix and > normally I could use smtpd_proxy_filter to get mails over amavis. > But for some reason, I need to use milters before amavis. So I need > amavisd-milter, which uses $unix_socket in amavisd. This is okay, > if I only have amavis listening on one TCP port, i.e. the incoming MTA > port. But what about the submission port or any other port that > normally would live inside a policy bank? > > As far as I could see, currently I would have to run amavisd-milter and > amavisd in multi instance mode and could not use policy_banks anymore. > That is very sad, as it destroys the nice concept. > > So here comes my wish list: Is it possible to deal with unix-sockets the > same way as with TCP? Having a list of unix-sockets in amavisd that > I could map to different policy_banks? So I could use at least one instance > of amavisd and only would need multiple instances of amavisd-milter > with -S option pointing to the different unix sockets. This is possible with 2.7.0: loading a policy bank based on a path of a Unix socket receiving a connection. Apparently I forgot to document it in release notes. @listen_sockets = ( "$helpers_home/amavisd.sock1", "$helpers_home/amavisd.sock2", "$helpers_home/amavisd.sock3", ); $interface_policy{"$helpers_home/amavisd.sock1"} = 'UX-S1'; $interface_policy{"$helpers_home/amavisd.sock2"} = 'UX-S2'; $interface_policy{"$helpers_home/amavisd.sock3"} = 'UX-S3'; $policy_bank{'UX-S1'} = { ... }; $policy_bank{'UX-S2'} = { ... }; $policy_bank{'UX-S3'} = { ... }; The approach suggested by Andreas is fine too. Mark From Mark.Martinec+amavis at ijs.si Tue Sep 20 21:00:23 2011 From: Mark.Martinec+amavis at ijs.si (Mark Martinec) Date: Tue, 20 Sep 2011 21:00:23 +0200 Subject: MIME::Parser error with amavisd-new-2.6.4-3 In-Reply-To: References: Message-ID: <201109202100.23198.Mark.Martinec+amavis@ijs.si> Alex, > I have a fedora15 system with spamassassin-3.3.2 and > amavisd-new-2.6.4-3 and perl-MIME-tools-5.502-1.fc15.noarch and have > loads of the following in the logs: > > Sep 13 15:18:26 mail02 amavis[4956]: (04956-02-14) WARN: MIME::Parser > error: part did not end with expected boundary > > I've seen several references to this problem online, but all of them > involve upgrading a version earlier than the one I already have > installed. > > Is this something to be concerned with? How can I troubleshoot this? The most common reason for a "part did not end with expected boundary" is that a message being processed is a bounce (delivery status notification), containing a truncated body of an original message. If this is the case, there is nothing to worry about. If a message is a regular message from one of your users, then either his mail reader is generating a bad MIME, or something else went wrong - worth investigating, but rarely seen. Mark From mysqlstudent at gmail.com Tue Sep 20 21:30:20 2011 From: mysqlstudent at gmail.com (Alex) Date: Tue, 20 Sep 2011 15:30:20 -0400 Subject: Submission clients bypass MYNETS policy In-Reply-To: <20110920055039.GA2209@state-of-mind.de> References: <20110919212345.GA27077@state-of-mind.de> <20110920055039.GA2209@state-of-mind.de> Message-ID: Hi, >> in master.cf: >> >> submission inet n ? ? ? - ? ? ? n ? ? ? - ? ? ? - ? ? ? smtpd >> ? -o smtpd_tls_security_level=encrypt >> ? -o smtpd_sasl_auth_enable=yes >> ? -o smtpd_client_restrictions=permit_sasl_authenticated,reject >> ? -o receive_override_options=no_address_mappings >> ? -o content_filter=smtp-amavis:[127.0.0.1]:10026 > > You MAY be less strict on the TLS side. The submission RFC recommends TLS, but > doesn't say it is mandatory. If you allow plaintext authentication mechanisms > such as PLAIN or LOGIN, you should set "encrypt" as smtpd_tls_security_level. > In any other case you can choose "may". Thanks very much for all your help. After I understood the data path and how the data got from the submission port to amavis, I figured it out. Thanks again, Alex From mysqlstudent at gmail.com Tue Sep 20 23:46:48 2011 From: mysqlstudent at gmail.com (Alex) Date: Tue, 20 Sep 2011 17:46:48 -0400 Subject: MIME::Parser error with amavisd-new-2.6.4-3 In-Reply-To: <201109202100.23198.Mark.Martinec+amavis@ijs.si> References: <201109202100.23198.Mark.Martinec+amavis@ijs.si> Message-ID: Hi, >> I have a fedora15 system with spamassassin-3.3.2 and >> amavisd-new-2.6.4-3 and perl-MIME-tools-5.502-1.fc15.noarch and have >> loads of the following in the logs: >> >> Sep 13 15:18:26 mail02 amavis[4956]: (04956-02-14) WARN: MIME::Parser >> error: part did not end with expected boundary >> >> I've seen several references to this problem online, but all of them >> involve upgrading a version earlier than the one I already have >> installed. >> >> Is this something to be concerned with? How can I troubleshoot this? > > The most common reason for a "part did not end with expected boundary" > is that a message being processed is a bounce (delivery status notification), > containing a truncated body of an original message. If this is the case, > there is nothing to worry about. If a message is a regular message from > one of your users, then either his mail reader is generating a bad MIME, > or something else went wrong - worth investigating, but rarely seen.\ The samples I investigated weren't bounces, but were marked as spam. I've posted one of the examples here: http://pastebin.com/gHMrjxGw Maybe the MIME boundaries aren't configured correctly? Is there anything that can be determined from this sample? Thanks again, Alex From Mark.Martinec+amavis at ijs.si Wed Sep 21 01:00:01 2011 From: Mark.Martinec+amavis at ijs.si (Mark Martinec) Date: Wed, 21 Sep 2011 01:00:01 +0200 Subject: MIME::Parser error with amavisd-new-2.6.4-3 In-Reply-To: References: <201109202100.23198.Mark.Martinec+amavis@ijs.si> Message-ID: <201109210100.01460.Mark.Martinec+amavis@ijs.si> Alex, > The samples I investigated weren't bounces, but were marked as spam. > I've posted one of the examples here: > > http://pastebin.com/gHMrjxGw > > Maybe the MIME boundaries aren't configured correctly? Is there > anything that can be determined from this sample? Well, it doesn't have a terminating MIME boundary, the warning message is correct. There is just a pile of junk text at the end of a message, as usual for spam. Nothing to worry about in this case. Mark From Mark.Martinec+amavis at ijs.si Wed Sep 21 01:23:37 2011 From: Mark.Martinec+amavis at ijs.si (Mark Martinec) Date: Wed, 21 Sep 2011 01:23:37 +0200 Subject: Different $forward_method for internal mail In-Reply-To: <07734B44E9BBED4EAAD1F6968D18C004BFD46A1D3A@ADM-EXMBX0AB.adm.c.sdu.dk> References: <07734B44E9BBED4EAAD1F6968D18C004BFD46A1D10@ADM-EXMBX0AB.adm.c.sdu.dk> <20110913113720.GC28059@spider.services.datevnet.de> <07734B44E9BBED4EAAD1F6968D18C004BFD46A1D3A@ADM-EXMBX0AB.adm.c.sdu.dk> Message-ID: <201109210123.37246.Mark.Martinec+amavis@ijs.si> Peter, > What I want is inside my MYNETS policy bank I have > one forward_method that is triggered when mail is SPAM > and another ( in the same policy bank) when mail is CLEAN With 2.7.0 you can use %forward_method_maps_by_ccat. With earlier versions you need to use a custom hook. release notes: - a new configuration variable %forward_method_maps_by_ccat allows the forward_method_maps to depend on content type and allows per-recipient specification of a forward method, such as specifying a next hop MTA's IP address and port number. This offers new possibilities to control mail routing for purposes like implementing sender reputation schemes which dynamically choose an SMTP source IP address (typically of outgoing mail) based on the contents of a mail message or based on recipient's e-mail address or domain. This needs to be complemented by a suitable configuration of an MTA, such as Postfix 2.7.0 or later. The default is to use the $forward_method setting, ensuring compatibility. There is no need to specify entries for content types which are not being forwarded (often: CC_VIRUS, CC_BANNED, CC_SPAM). Example use: $forward_method = 'smtp:[127.0.0.1]:10025'; %forward_method_maps_by_ccat = ( CC_BADH.',3', [ 'smtp:*:10027' ], CC_BADH.',4', [ 'smtp:*:10027' ], CC_BADH.',5', [ 'smtp:*:10027' ], CC_BADH.',6', [ 'smtp:*:10027' ], CC_BADH.',8', [ 'smtp:*:10027' ], CC_SPAMMY, [ 'smtp:[192.0.2.22]:10025' ], CC_CATCHALL, sub { ca('forward_method_maps') }, ); Within a policy bank use a syntax: forward_method_maps_by_ccat => { .... }, Mark From al-amavis_user at none.at Wed Sep 21 02:21:40 2011 From: al-amavis_user at none.at (Aleksandar Lazic) Date: Wed, 21 Sep 2011 02:21:40 +0200 Subject: D_REJECT in custom module Message-ID: <20110921002140.GA29337@none.at> Dear Reader, I use the Amavis::Custom possibility to check if a message id will be deliverd a second time to the same recipient. Similar like http://www.courier-mta.org/reformail.html ### Detecting duplicate messages The -D option implements a simple way to delete duplicate messages in incoming mail. filename is a file that will be approximately 'len' bytes long. This file will be used by reformail to save message IDs seen in recent mail. reformail reads the message on standard input. If the message has a Message-ID: header that's already in the cache file, reformail terminates with the exit code set to 0. Otherwise, reformail terminates with the exit code set to 1. ### I was able to save the message-id and the recipient in a DB (TokyoCabinet,http://fallabs.com/tokyocabinet/), but my current problem is that I don't know how I can tell amavis that he don't need to deliver the mail when the message-id is the same to this recipient? Please can anybody help me and point me to the right direction. Thank you. BR Aleks From julio at psi.com.br Wed Sep 21 05:09:59 2011 From: julio at psi.com.br (Julio Cesar Covolato) Date: Wed, 21 Sep 2011 00:09:59 -0300 Subject: Too much spam Message-ID: <4E795587.7080400@psi.com.br> Hi. How can I fine tune spamassassin to block more spam? I instaled iRedMail-0.6.1 in an ubuntu 10.04, amavisd-new-2.6.5 (20110407), dell Xeon 4 core whith sas disks The sistem is well working , very fast, but too much spam! Today i installed pyzor and razor and no mutch diference in amount of spam droped in clients mailbox!!! Working whith +-80.000 messages recived and +-30.000 messages sent by day. Any hints? Thanks in advance, -- ----------------------------- _ Julio Cesar Covolato 0v0 /(_)\ F: 55-11-3129-3366 ^ ^ PSI INTERNET ----------------------------- From jarif at iki.fi Wed Sep 21 05:57:16 2011 From: jarif at iki.fi (Jari Fredriksson) Date: Wed, 21 Sep 2011 06:57:16 +0300 Subject: Too much spam In-Reply-To: <4E795587.7080400@psi.com.br> References: <4E795587.7080400@psi.com.br> Message-ID: <4E79609C.8040505@iki.fi> 21.9.2011 6:09, Julio Cesar Covolato kirjoitti: > Hi. > > How can I fine tune spamassassin to block more spam? > > I instaled iRedMail-0.6.1 in an ubuntu 10.04, amavisd-new-2.6.5 > (20110407), dell Xeon 4 core whith sas disks > > The sistem is well working , very fast, but too much spam! > Today i installed pyzor and razor and no mutch diference in amount of > spam droped in clients mailbox!!! > > Working whith +-80.000 messages recived and +-30.000 messages sent by day. > > Any hints? > Post to Spamassassin Users list and ask there. Have a local caching nameserver, allow network tests (should be default), and try somehow train your Bayes. I understand that Bayes may be hard to manage in a multiuser system, but Bayes is important. I use SpamAssassin for my personal mail only, and I have 0.01% of Spam in my Inbox. -- You will be divorced within a year. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 260 bytes Desc: OpenPGP digital signature URL: From rizahnst at gmail.com Wed Sep 21 09:13:26 2011 From: rizahnst at gmail.com (ahmad riza h nst) Date: Wed, 21 Sep 2011 14:13:26 +0700 Subject: how to print spamassassin test on amavisd-new log Message-ID: hi all, i am new to amavis and postfix, but have some experiences on qmail and qpsmtpd/spamassassin/clamav. i remember when i installed (from port) amavisd-new 2.6.x + postfix 2.7.x + spamassassin 3.2.5 on freebsd7.4 (log_level = 2 on amavisd.conf), /v/l/maillog can print spamassassin score and test like (this eg. from qpsmtpd log) Wed Sep 21 13:10:17 2011 xxxxxxxxxxxxxxx: check_spam: No, hits=1.9, required=8.0, tests=DOS_OUTLOOK_TO_MX_IMAGE,HTML_MESSAGE,RDNS_NONE,SHORT_HELO_AND_INLINE_IMAGE,SPF_SOFTFAIL then i did portsnap update which upgrade amavisd-new to 2.7.x and installed it on another host, /v/l/maillog didn't print spamassassin test (even when log_level =5 on amavisd.conf); Sep 21 12:08:18 smtp4 amavis[72715]: (72715-02) Passed CLEAN {RelayedOpenRelay}, [xxxxxxxxx]:45256 [xxxxxxxxx] -> , Message-ID: <3925e951dec9c5b0dfaa75b1f20835d3 at localhost>, mail_id: cAjPk0SWhMxb, Hits: -0.503, size: 175474, queued_as: 28FBA286F5, 6791 ms but in there are spamassassin test and score printed on email header; X-Old-Spam-Status: No, score=2.8 tagged_above=-999 required=8 tests=[DKIM_ADSP_CUSTOM_MED=0.001, FREEMAIL_FROM=0.001, MISSING_MID=0.14, NML_ADSP_CUSTOM_MED=1.2, TO_NO_BRKTS_DIRECT=1.448, T_TO_NO_BRKTS_FREEMAIL=0.01] autolearn=disabled X-Old-Spam-Level: ** Q: what i missed? please help, thanks -- http://blog.rizahnst.org From macek at fortech.cz Wed Sep 21 10:51:25 2011 From: macek at fortech.cz (Tomas Macek) Date: Wed, 21 Sep 2011 10:51:25 +0200 (CEST) Subject: excluding checks for @mynetowrks - amavis vs. postfix problem Message-ID: I want to exclude some part of Postfix's mynetworks from Amavis spam checks, but really only some part, the rest should be checked as ussual. The "some part" is a subnet, in that I have all my servers sending emails, that should be excluded. For example here I'm trying to say, that my servers (that I want to exclude) are in 192.168.0.0/29 subnet. Our network is large - we use much wider range of public IP addresses, but I will use a simplified this example only. I'm using Postfix 2.8.4 with mynetworks = 192.168.0.0/24 127.0.0.1 and want to setup amavisd.conf of my Amavis 2.6.4 to contain this: # I think this will add only first 8 addresses to @mynetworks. @mynetworks = qw( 127.0.0.0/8 10.0.0.0/8 192.168.0.0/29); $policy_bank{'MYNETS'} = { originating => 1, os_fingerprint_method => undef, bypass_spam_checks_maps => [0], bypass_banned_checks_maps => [0], }; The doc of Amavis says, that mynetworks in main.cf and @mynetworks in amavisd.conf should be the same and @mynetworks should contain all the IP addresses of local network. What bad will could happen if this will differ? Hope this will not lead to some complicated answer... Best regards, Tomas From jc at info-systems.de Wed Sep 21 11:45:10 2011 From: jc at info-systems.de (Jakob Curdes) Date: Wed, 21 Sep 2011 11:45:10 +0200 Subject: excluding checks for @mynetowrks - amavis vs. postfix problem In-Reply-To: References: Message-ID: <4E79B226.40102@info-systems.de> Am 21.09.2011 10:51, schrieb Tomas Macek: > I want to exclude some part of Postfix's mynetworks from Amavis spam > checks, but really only some part, the rest should be checked as > ussual. The "some part" is a subnet, in that I have all my servers > sending emails, that should be excluded. > For example here I'm trying to say, that my servers (that I want to > exclude) are in 192.168.0.0/29 subnet. > A side remark: I never exclude local servers completely - what if one of these gets hacked and start sending out spam? You would not even notice it before your upstream Mail server starts to block your requests. I just give these machines a negative score that ensures passthrough of normal or even slightly spammy mail but would detect blatant bot-like spam. This would also solve your problem with mynetworks as you just declare the networks you want to exclude without a connection to postfix "mynetworks". JC From macek at fortech.cz Wed Sep 21 12:11:30 2011 From: macek at fortech.cz (Tomas Macek) Date: Wed, 21 Sep 2011 12:11:30 +0200 (CEST) Subject: excluding checks for @mynetowrks - amavis vs. postfix problem In-Reply-To: <4E79B226.40102@info-systems.de> References: <4E79B226.40102@info-systems.de> Message-ID: On Wed, 21 Sep 2011, Jakob Curdes wrote: > Am 21.09.2011 10:51, schrieb Tomas Macek: >> I want to exclude some part of Postfix's mynetworks from Amavis spam >> checks, but really only some part, the rest should be checked as ussual. >> The "some part" is a subnet, in that I have all my servers sending emails, >> that should be excluded. >> For example here I'm trying to say, that my servers (that I want to >> exclude) are in 192.168.0.0/29 subnet. >> > A side remark: I never exclude local servers completely - what if one of > these gets hacked and start sending out spam? You would not even notice it > before your upstream Mail server starts to block your requests. I just give > these machines a negative score that ensures passthrough of normal or even > slightly spammy mail but would detect blatant bot-like spam. > This would also solve your problem with mynetworks as you just declare the > networks you want to exclude without a connection to postfix "mynetworks". > > JC > > I just give these machines a negative score ... Nice, but I really don't know, how could I achieve that per IP address (howto begin with negative score). I found only this: http://www200.pair.com/mecham/spam/bypassing.html#5 Tomas From jc at info-systems.de Wed Sep 21 12:37:01 2011 From: jc at info-systems.de (Jakob Curdes) Date: Wed, 21 Sep 2011 12:37:01 +0200 Subject: excluding checks for @mynetowrks - amavis vs. postfix problem In-Reply-To: References: <4E79B226.40102@info-systems.de> Message-ID: <4E79BE4D.4050702@info-systems.de> > On Wed, 21 Sep 2011, Jakob Curdes wrote: > >> I just give these machines a negative score ... > > Nice, but I really don't know, how could I achieve that per IP address > (howto begin with negative score). I found only this: > http://www200.pair.com/mecham/spam/bypassing.html#5 Actually I do not do this via the IP but I let postfix add headers for authenticated senders . Then I assign a spamassassin score for this. So you could have your sending machines do an smtp-auth or you could perhaps set the score on the basis of other crteria, but I never tried the latter. jc From Mark.Martinec+amavis at ijs.si Wed Sep 21 16:00:25 2011 From: Mark.Martinec+amavis at ijs.si (Mark Martinec) Date: Wed, 21 Sep 2011 16:00:25 +0200 Subject: excluding checks for @mynetowrks - amavis vs. postfix problem In-Reply-To: <4E79BE4D.4050702@info-systems.de> References: <4E79BE4D.4050702@info-systems.de> Message-ID: <201109211600.25913.Mark.Martinec+amavis@ijs.si> Tomas, > I want to exclude some part of Postfix's mynetworks from Amavis spam checks, > but really only some part, the rest should be checked as ussual. The "some > part" is a subnet, in that I have all my servers sending emails, that should > be excluded. > For example here I'm trying to say, that my servers (that I want to exclude) > are in 192.168.0.0/29 subnet. @client_ipaddr_policy = ( [qw( 192.168.0.0/29 )] => 'MYSERVERS', \@mynetworks => 'MYNETS', ); $policy_bank{'MYSERVERS'} = { originating => 1, bypass_decode_parts => 1, bypass_virus_checks_maps => [1], bypass_banned_checks_maps => [1], bypass_spam_checks_maps => [1], }; amavisd-new-2.6.3 release notes: - added a configuration variable @client_ipaddr_policy, which maps smtp client's IP address lookup lists to a policy bank name. This allows for loading a policy bank based on a client IP address, and generalizes a formerly hard-wired mapping of @mynetworks_maps into 'MYNETS'. The list is traversed in order, the first matching networks list stops the search and its associated policy name is used. Suggested by Jo Rhett. The default setting retains backwards compatibility: @client_ipaddr_policy = map { $_ => 'MYNETS' } @mynetworks_maps; but please keep in mind that this assignment is made during startup before evaluating a config file, so if amavisd.conf changes the @mynetworks_maps list, the assignment to @client_ipaddr_policy needs to be re-evaluated to retain a desired default. This is not necessary when @mynetworks_maps is left untouched but only its component @mynetworks is changed. Example: @client_ipaddr_policy = ( [qw( 0.0.0.0/8 127.0.0.1/8 [::] [::1] )] => 'LOCALHOST', [qw( !172.16.1.0/24 172.16.0.0/12 192.168.0.0/16 )] => 'PRIVATENETS', [qw( 192.0.2.0/25 192.0.2.129 192.0.2.130 )] => 'PARTNER', \@some_other_networks => 'OTHER', \@mynetworks => 'MYNETS', ); Mark From pdal at assetrecoverycorp.com Wed Sep 21 16:15:27 2011 From: pdal at assetrecoverycorp.com (Peter Dal) Date: Wed, 21 Sep 2011 09:15:27 -0500 Subject: Amavis blocking images... Message-ID: <4E79F17F.5010304@assetrecoverycorp.com> Hi folks, I have a problem that started last Monday, without me changing anything... For some odd reason, amavis started blocking images, but not all of them, just a specific one. Here's the situation: One of my users is using a mailing list, and sends out an email with our company logo as header (embeded, not attached). When this message comes back (since he's subscribed to this list) the email gets blocked by amavis, and I receive the following notification email: |No viruses were found. Banned name: multipart/mixed | image/gif,.image,.gif,part1.03020803.05050501 at mydomain.com Content type: Banned Internal reference code for the message is 30298-18/Fe80t5ePS7Gx First upstream SMTP client IP address: [] mail.sourcedomain.com According to a 'Received:' trace, the message originated at: [], localhost.localdomain unknown [127.0.0.1] Return-Path: From: source at sourcedomain.com Sender: source at sourcedomain.com Message-ID:<13164658335.581646> Subject: ... The message has been quarantined as: /var/lib/amavis/virusmails The message WAS NOT relayed to: : 250 2.7.0 Ok, discarded, id=30298-18 - BANNED: multipart/mixed | image/gif,.image,.gif,part1.03020803.05050501 at mydomain.com header Return-Path: X-Original-Helo: 235324.sourcedomain.net Received: from 235324.sourcedomain.net (mail.sourcedomain.com []) by mail.mydomain.com (Postfix) with ESMTP id DB2AA25458D for; Mon, 19 Sep 2011 15:57:13 -0500 (CDT) Received: from localhost.localdomain (unknown [127.0.0.1]) by 235324.sourcedomain.net (Postfix) with ESMTP id 76EEB40CB89D for; Mon, 19 Sep 2011 16:57:13 -0400 (EDT) MIME-Version: 1.0 Content-Transfer-Encoding: binary Content-Type: multipart/mixed; boundary="_----------=_13164658337320692" X-Mailer: MIME::Lite 3.027 (F2.74; T1.28; A2.04; B3.07; Q3.07) Date: Mon, 19 Sep 2011 16:57:13 -0400 To: From: source at sourcedomain.com Subject: ... Reply-To: Sender: source at sourcedomain.com Comments: Cust: 5 Msg: 581646 Message-Id: 13164658335.581646 | As far as I can tell, it is not supposed to ban ANY images, and in fact this has been working without a glitch for years. Now all of a sudden it starts banning stuff.... The only related setting I can think of (feel free to ask me to post others) is the $banned_filename_re, which looks like this: |$banned_filename_re = new_RE( # block certain double extensions anywhere in the base name qr'\.[^./]*\.(exe|vbs|pif|scr|bat|cmd|com|cpl|dll)\.?$'i, qr'\{[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}\}?'i, # Windows Class ID CLSID, strict qr'^application/x-msdownload$'i, # block these MIME types qr'^application/x-msdos-program$'i, qr'^application/hta$'i, qr'.\.(exe|vbs|pif|scr|bat|cmd|com|cpl)$'i, # banned extension - basic (default) ); | It's not a one time thing either. He sends out over a dozen emails a day, and all of them get blocked this way. I'm completely stumped by this one. How do I track down what's going on here? Please keep in mind I'm kind of a noob when comes to amavis... Thanks, Peter ******************************************************************************* This e-mail message and any files transmitted here with, are intended solely for the use of the individual(s) addressed and may contain confidential, proprietary or privileged information. If you are not the addressee indicated in this message (or responsible for delivery of this message to such person) you may not review, use, disclose or distribute this message or any files transmitted herewith. If you receive this message in error, please contact the sender by reply e-mail and delete this message and all copies of it from your system. ******************************************************************************* -------------- next part -------------- An HTML attachment was scrubbed... URL: From al-amavis_user at none.at Wed Sep 21 22:57:49 2011 From: al-amavis_user at none.at (Aleksandar Lazic) Date: Wed, 21 Sep 2011 22:57:49 +0200 Subject: D_REJECT in custom module In-Reply-To: <20110921002140.GA29337@none.at> References: <20110921002140.GA29337@none.at> Message-ID: <20110921205749.GA9665@none.at> Dear Reader, On Mit 21.09.2011 02:21, Aleksandar Lazic wrote: >Dear Reader, > >I use the Amavis::Custom possibility to check if a message id will be >deliverd a second time to the same recipient. > >Similar like http://www.courier-mta.org/reformail.html I will not use it due to the fact that only 100 duplicated Message id was from june 2011 until now. BR Aleks From rs at elev8it.be Thu Sep 22 11:02:34 2011 From: rs at elev8it.be (Robin Schuermans) Date: Thu, 22 Sep 2011 11:02:34 +0200 Subject: unknown locker id Message-ID: Hello, Recently, we have been seeing some issues regarding "unknown locker ID's". We are running OpenSUSE 11.3 with libdb-4_5 and amavisd-new 2.6.4, both standard packages installed through yast. Sometimes, our mail queue gets filled without the mails being sent out again. We need to restart amavis and postfix, after that the mails are being processed. The logfiles show following output: Sep 21 22:54:54 ELV_DMZ005 postfix/qmgr[9801]: 4187373263: from=, size=7894, nrcpt=1 (queue active) Sep 21 22:54:54 ELV_DMZ005 postfix/smtp[23467]: 4187373263: to=, relay=127.0.0.1[127.0.0.1]:10024, delay=48086, delays=48085/0/0/0.76, dsn=4.4.2, status=deferred (lost connection with 127.0.0.1[127.0.0.1] while sending end of data -- message may be sent more than once) Sep 21 22:54:54 ELV_DMZ005 amavis[2733]: (!!)TROUBLE in child_init_hook: BDB no dbS: Unknown locker ID: 346d, . at (eval 82) line 27. Sep 21 22:54:54 ELV_DMZ005 amavis[2733]: (!)_DIE: Suicide in child_init_hook: BDB no dbS: Unknown locker ID: 346d, . at (eval 82) line 27. Sep 21 22:54:55 ELV_DMZ005 amavis[2736]: (!!)TROUBLE in child_init_hook: BDB no dbS: Unknown locker ID: 346e, . at (eval 82) line 27. Sep 21 22:54:55 ELV_DMZ005 amavis[2736]: (!)_DIE: Suicide in child_init_hook: BDB no dbS: Unknown locker ID: 346e, . at (eval 82) line 27. Sep 21 22:54:55 ELV_DMZ005 amavis[2737]: (!!)TROUBLE in child_init_hook: BDB no dbS: Unknown locker ID: 346f, . at (eval 82) line 27. Sep 21 22:54:55 ELV_DMZ005 amavis[2737]: (!)_DIE: Suicide in child_init_hook: BDB no dbS: Unknown locker ID: 346f, . at (eval 82) line 27. Sep 21 22:54:56 ELV_DMZ005 amavis[2738]: (!!)TROUBLE in child_init_hook: BDB no dbS: Unknown locker ID: 3470, . at (eval 82) line 27. Sep 21 22:54:56 ELV_DMZ005 amavis[2738]: (!)_DIE: Suicide in child_init_hook: BDB no dbS: Unknown locker ID: 3470, . at (eval 82) line 27. If I google around, the only topics I see are related to really old releases of amavis (v5.x). Does any of you have gotten same issues and how did you fix it? Kind regards, Robin -------------- next part -------------- An HTML attachment was scrubbed... URL: From macek at fortech.cz Thu Sep 22 12:04:14 2011 From: macek at fortech.cz (Tomas Macek) Date: Thu, 22 Sep 2011 12:04:14 +0200 (CEST) Subject: excluding checks for @mynetowrks - amavis vs. postfix problem In-Reply-To: <201109211600.25913.Mark.Martinec+amavis@ijs.si> References: <4E79BE4D.4050702@info-systems.de> <201109211600.25913.Mark.Martinec+amavis@ijs.si> Message-ID: Thank you Mark, works as I needed! I had to add some line to the @client_ipaddr_policy array: @client_ipaddr_policy = ( [qw( 192.168.0.0/29 )] => 'MYSERVERS', \@mynetworks => 'MYNETS', $_ => 'MYNETS', ); Without that line Amavis "complained" about possible relay: Open relay? Nonlocal recips but not originating: and from the log it seemed, that the IP address was unknown (debug level set to 5): client IP address unknown, fetching from Received: This happened when Postfix passes the parameters of the mail to the command line of our own notification program and this program sends the notification to the user to via sendmail. Strange, but this works now. I read the howto from here: http://groups.google.com/group/mailing.unix.amavis-user/browse_thread/thread/853bc5ca5426de9a/dfa9c522cb291007?lnk=gst&q=Open+relay%3F+Nonlocal+recips+but+not+originating#dfa9c522cb291007 Tomas On Wed, 21 Sep 2011, Mark Martinec wrote: > Tomas, > >> I want to exclude some part of Postfix's mynetworks from Amavis spam checks, >> but really only some part, the rest should be checked as ussual. The "some >> part" is a subnet, in that I have all my servers sending emails, that should >> be excluded. >> For example here I'm trying to say, that my servers (that I want to exclude) >> are in 192.168.0.0/29 subnet. > > @client_ipaddr_policy = ( > [qw( 192.168.0.0/29 )] => 'MYSERVERS', > \@mynetworks => 'MYNETS', > ); > > $policy_bank{'MYSERVERS'} = { > originating => 1, > bypass_decode_parts => 1, > bypass_virus_checks_maps => [1], > bypass_banned_checks_maps => [1], > bypass_spam_checks_maps => [1], > }; > > > amavisd-new-2.6.3 release notes: > > - added a configuration variable @client_ipaddr_policy, which maps smtp > client's IP address lookup lists to a policy bank name. This allows for > loading a policy bank based on a client IP address, and generalizes a > formerly hard-wired mapping of @mynetworks_maps into 'MYNETS'. > The list is traversed in order, the first matching networks list stops > the search and its associated policy name is used. Suggested by Jo Rhett. > > The default setting retains backwards compatibility: > > @client_ipaddr_policy = map { $_ => 'MYNETS' } @mynetworks_maps; > > but please keep in mind that this assignment is made during startup > before evaluating a config file, so if amavisd.conf changes the > @mynetworks_maps list, the assignment to @client_ipaddr_policy needs to > be re-evaluated to retain a desired default. This is not necessary when > @mynetworks_maps is left untouched but only its component @mynetworks > is changed. > > Example: > @client_ipaddr_policy = ( > [qw( 0.0.0.0/8 127.0.0.1/8 [::] [::1] )] => 'LOCALHOST', > [qw( !172.16.1.0/24 172.16.0.0/12 192.168.0.0/16 )] => 'PRIVATENETS', > [qw( 192.0.2.0/25 192.0.2.129 192.0.2.130 )] => 'PARTNER', > \@some_other_networks => 'OTHER', > \@mynetworks => 'MYNETS', > ); > > > > Mark > From mikael at t-online.hu Thu Sep 22 13:55:21 2011 From: mikael at t-online.hu (Mikael Bak) Date: Thu, 22 Sep 2011 13:55:21 +0200 Subject: Problems upgrading amavisd-new-2.6.6 -> 2.7.0 Message-ID: <4E7B2229.4010009@t-online.hu> Hi list, >From the release notes: - SQL fields msgs.mail_id, msgs.secret_id, msgrcpt.mail_id and quarantine.mail_id must be treated case-insensitively. A suitable data type for these fields in PostgreSQL is bytea, and varbinary in MySQL (of size 12 or 16 characters). In order not to lose entropy in mail_id, and not to increase a probability of collisions, please check existing database schema and adjust as necessary, either a data type, or chose a case-sensitive collation setting. See README.sql-pg and README.sql-mysql for an ALTER command to change data type of these fields. The README.sql-mysql says this: Similarly, semantics of some other fields is strings of octets too, with no associated character set (which is a characteristic of char and varchar data types), so the following alternations to pre-2.6.2 schema may be beneficial to prevent SQL server from checking validity of octets data against non-applicable arbitrary character set constraints: ALTER table msgs CHANGE mail_id mail_id varbinary(12); ALTER table msgs CHANGE secret_id secret_id varbinary(12); ALTER table msgs CHANGE content content binary(1); ALTER table msgs CHANGE quar_type quar_type binary(1); ALTER table msgs CHANGE quar_loc quar_loc binary(255); ALTER table msgrcpt CHANGE mail_id mail_id varbinary(12); ALTER table quarantine CHANGE mail_id mail_id varbinary(12); and for good measure: ALTER table msgrcpt CHANGE rid rid bigint unsigned; ALTER table msgs CHANGE sid sid bigint unsigned; But when I execute the first alter table statement I get this in the mysql console: mysql> ALTER table msgs CHANGE mail_id mail_id varbinary(12); ERROR 1025 (HY000): Error on rename of './quarantine/#sql-4ad_9f7f' to './quarantine/msgs' (errno: 150) mysql> SHOW INNODB STATUS ; [snip] ------------------------ LATEST FOREIGN KEY ERROR ------------------------ 110922 11:50:55 Error in foreign key constraint of table quarantine/msgrcpt: there is no index in referenced table which would contain the columns as the first columns, or the data types in the referenced table do not match the ones in table. Constraint: , CONSTRAINT "msgrcpt_ibfk_2" FOREIGN KEY ("mail_id") REFERENCES "msgs" ("mail_id") ON DELETE CASCADE The index in the foreign key in table is "msgrcpt_idx_mail_id" See http://dev.mysql.com/doc/refman/5.1/en/innodb-foreign-key-constraints.html for correct foreign key definition. [snip] Anybody knows how to fix this? TIA, Mikael From webmaster at vanislebc.com Thu Sep 22 19:57:24 2011 From: webmaster at vanislebc.com (Van Isle BC Web Solutions) Date: Thu, 22 Sep 2011 10:57:24 -0700 Subject: Amavisd-new Error Information Message-ID: <4E7B7704.1090208@vanislebc.com> Hi, I am new to the dedicated server field and have paid someone to install config server firewall and mailscanner. I assume that Amavisd-new came with it as I've never seen it before the install. When I view my log files that are cronned to me every day I sometimes see this: --------------------- Amavisd-new Begin ------------------------ **Unmatched Entries** 117 no DCC answer from 209.169.14.26,6277 after 0 ms 14 continue not asking DCC 51 seconds after failure 5 continue not asking DCC 59 seconds after failure 3 continue not asking DCC 58 seconds after failure 3 continue not asking DCC 52 seconds after failure 2 continue not asking DCC 55 seconds after failure 2 continue not asking DCC 35 seconds after failure 2 continue not asking DCC 121 seconds after failure 2 continue not asking DCC 60 seconds after failure 1 send(209.169.14.26,6277) from 0.0.0.0,60180: Operation not permitted 1 send(209.169.14.26,6277) from 0.0.0.0,55950: Operation not permitted 1 send(209.169.14.26,6277) from 0.0.0.0,47919: Operation not permitted 1 send(209.169.14.26,6277) from 0.0.0.0,43367: Operation not permitted 1 send(209.169.14.26,6277) from 0.0.0.0,55917: Operation not permitted 1 continue not asking DCC 19 seconds after failure 1 send(209.169.14.26,6277) from 0.0.0.0,42632: Operation not permitted 1 send(209.169.14.26,6277) from 0.0.0.0,38400: Operation not permitted 1 continue not asking DCC 66 seconds after failure 1 sendto(209.169.14.27,6277) from 0.0.0.0,55800: Operation not permitted 1 send(209.169.14.26,6277) from 0.0.0.0,49771: Operation not permitted 1 continue not asking DCC 9 seconds after failure 1 send(209.169.14.26,6277) from 0.0.0.0,34031: Operation not permitted 1 send(209.169.14.26,6277) from 0.0.0.0,58984: Operation not permitted 1 send(209.169.14.26,6277) from 0.0.0.0,34332: Operation not permitted 1 send(209.169.14.26,6277) from 0.0.0.0,57551: Operation not permitted 1 continue not asking DCC 48 seconds after failure 1 send(209.169.14.26,6277) from 0.0.0.0,34303: Operation not permitted 1 send(209.169.14.26,6277) from 0.0.0.0,60112: Operation not permitted 1 send(209.169.14.26,6277) from 0.0.0.0,37749: Operation not permitted 1 send(209.169.14.26,6277) from 0.0.0.0,35248: Operation not permitted 1 send(209.169.14.26,6277) from 0.0.0.0,58819: Operation not permitted 1 send(209.169.14.26,6277) from 0.0.0.0,34252: Operation not permitted 1 send(209.169.14.26,6277) from 0.0.0.0,35550: Operation not permitted 1 send(209.169.14.26,6277) from 0.0.0.0,55637: Operation not permitted 1 send(209.169.14.26,6277) from 0.0.0.0,36807: Operation not permitted 1 sendto(209.169.14.27,6277) from 0.0.0.0,48586: Operation not permitted 1 continue not asking DCC 359 seconds after failure 1 continue not asking DCC 56 seconds after failure 1 send(209.169.14.26,6277) from 0.0.0.0,55007: Operation not permitted 1 continue not asking DCC 91 seconds after failure 1 send(209.169.14.26,6277) from 0.0.0.0,42173: Operation not permitted 1 send(209.169.14.26,6277) from 0.0.0.0,54793: Operation not permitted 1 send(209.169.14.26,6277) from 0.0.0.0,45839: Operation not permitted 1 send(209.169.14.26,6277) from 0.0.0.0,40135: Operation not permitted 1 continue not asking DCC 54 seconds after failure 1 send(209.169.14.26,6277) from 0.0.0.0,46720: Operation not permitted 1 send(209.169.14.26,6277) from 0.0.0.0,47177: Operation not permitted 1 continue not asking DCC 45 seconds after failure 1 send(209.169.14.26,6277) from 0.0.0.0,36067: Operation not permitted 1 continue not asking DCC 96 seconds after failure 1 send(209.169.14.26,6277) from 0.0.0.0,49055: Operation not permitted 1 send(209.169.14.26,6277) from 0.0.0.0,41689: Operation not permitted 1 send(209.169.14.26,6277) from 0.0.0.0,56814: Operation not permitted 1 send(209.169.14.26,6277) from 0.0.0.0,42955: Operation not permitted 1 send(209.169.14.26,6277) from 0.0.0.0,55800: Operation not permitted 1 continue not asking DCC 7 seconds after failure 1 send(209.169.14.26,6277) from 0.0.0.0,43964: Operation not permitted 1 send(209.169.14.26,6277) from 0.0.0.0,36389: Operation not permitted 1 send(209.169.14.26,6277) from 0.0.0.0,53052: Operation not permitted 1 sendto(209.169.14.27,6277) from 0.0.0.0,42555: Operation not permitted 1 continue not asking DCC 12 seconds after failure 1 send(209.169.14.26,6277) from 0.0.0.0,36536: Operation not permitted 1 send(209.169.14.26,6277) from 0.0.0.0,51395: Operation not permitted 1 continue not asking DCC 99 seconds after failure 1 continue not asking DCC 184 seconds after failure 1 sendto(209.169.14.27,6277) from 0.0.0.0,60180: Operation not permitted 1 continue not asking DCC 30 seconds after failure 1 send(209.169.14.26,6277) from 0.0.0.0,44054: Operation not permitted 1 send(209.169.14.26,6277) from 0.0.0.0,57022: Operation not permitted 1 sendto(209.169.14.27,6277) from 0.0.0.0,45874: Operation not permitted 1 continue not asking DCC 49 seconds after failure 1 send(209.169.14.26,6277) from 0.0.0.0,51205: Operation not permitted 1 send(209.169.14.26,6277) from 0.0.0.0,34801: Operation not permitted 1 sendto(209.169.14.27,6277) from 0.0.0.0,48507: Operation not permitted 1 continue not asking DCC 47 seconds after failure 1 send(209.169.14.26,6277) from 0.0.0.0,33585: Operation not permitted 1 send(209.169.14.26,6277) from 0.0.0.0,40981: Operation not permitted 1 send(209.169.14.26,6277) from 0.0.0.0,42401: Operation not permitted 1 send(209.169.14.26,6277) from 0.0.0.0,36390: Operation not permitted 1 send(209.169.14.26,6277) from 0.0.0.0,48507: Operation not permitted 1 send(209.169.14.26,6277) from 0.0.0.0,58009: Operation not permitted 1 send(209.169.14.26,6277) from 0.0.0.0,37620: Operation not permitted 1 send(209.169.14.26,6277) from 0.0.0.0,52551: Operation not permitted 1 sendto(209.169.14.27,6277) from 0.0.0.0,42815: Operation not permitted 1 sendto(209.169.14.27,6277) from 0.0.0.0,34685: Operation not permitted 1 send(209.169.14.26,6277) from 0.0.0.0,41440: Operation not permitted 1 send(209.169.14.26,6277) from 0.0.0.0,51793: Operation not permitted 1 send(209.169.14.26,6277) from 0.0.0.0,59121: Operation not permitted 1 continue not asking DCC 21 seconds after failure 1 send(209.169.14.26,6277) from 0.0.0.0,39096: Operation not permitted 1 send(209.169.14.26,6277) from 0.0.0.0,59164: Operation not permitted 1 continue not asking DCC 124 seconds after failure 1 send(209.169.14.26,6277) from 0.0.0.0,37377: Operation not permitted 1 send(209.169.14.26,6277) from 0.0.0.0,54337: Operation not permitted 1 send(209.169.14.26,6277) from 0.0.0.0,59666: Operation not permitted 1 send(209.169.14.26,6277) from 0.0.0.0,49452: Operation not permitted 1 send(209.169.14.26,6277) from 0.0.0.0,49472: Operation not permitted 1 continue not asking DCC 169 seconds after failure 1 send(209.169.14.26,6277) from 0.0.0.0,35450: Operation not permitted 1 send(209.169.14.26,6277) from 0.0.0.0,40579: Operation not permitted 1 send(209.169.14.26,6277) from 0.0.0.0,35046: Operation not permitted 1 send(209.169.14.26,6277) from 0.0.0.0,49577: Operation not permitted 1 send(209.169.14.26,6277) from 0.0.0.0,34685: Operation not permitted 1 sendto(209.169.14.27,6277) from 0.0.0.0,56981: Operation not permitted 1 send(209.169.14.26,6277) from 0.0.0.0,60293: Operation not permitted 1 send(209.169.14.26,6277) from 0.0.0.0,47113: Operation not permitted 1 send(209.169.14.26,6277) from 0.0.0.0,45145: Operation not permitted 1 send(209.169.14.26,6277) from 0.0.0.0,41735: Operation not permitted 1 send(209.169.14.26,6277) from 0.0.0.0,55699: Operation not permitted 1 sendto(209.169.14.27,6277) from 0.0.0.0,34203: Operation not permitted 1 send(209.169.14.26,6277) from 0.0.0.0,48248: Operation not permitted 1 send(209.169.14.26,6277) from 0.0.0.0,34416: Operation not permitted 1 send(209.169.14.26,6277) from 0.0.0.0,40586: Operation not permitted 1 send(209.169.14.26,6277) from 0.0.0.0,53332: Operation not permitted 1 send(209.169.14.26,6277) from 0.0.0.0,36100: Operation not permitted 1 continue not asking DCC 61 seconds after failure 1 no DCC answer from 209.169.14.26,6277 after 6050 ms 1 send(209.169.14.26,6277) from 0.0.0.0,58334: Operation not permitted 1 continue not asking DCC 477 seconds after failure 1 send(209.169.14.26,6277) from 0.0.0.0,54614: Operation not permitted 1 continue not asking DCC 50 seconds after failure 1 send(209.169.14.26,6277) from 0.0.0.0,48586: Operation not permitted 1 send(209.169.14.26,6277) from 0.0.0.0,40389: Operation not permitted 1 send(209.169.14.26,6277) from 0.0.0.0,58196: Operation not permitted 1 send(209.169.14.26,6277) from 0.0.0.0,50135: Operation not permitted 1 send(209.169.14.26,6277) from 0.0.0.0,46425: Operation not permitted 1 continue not asking DCC 219 seconds after failure 1 send(209.169.14.26,6277) from 0.0.0.0,57951: Operation not permitted 1 send(209.169.14.26,6277) from 0.0.0.0,45241: Operation not permitted 1 send(209.169.14.26,6277) from 0.0.0.0,32802: Operation not permitted 1 send(209.169.14.26,6277) from 0.0.0.0,56610: Operation not permitted 1 continue not asking DCC 346 seconds after failure 1 continue not asking DCC 33 seconds after failure 1 send(209.169.14.26,6277) from 0.0.0.0,35781: Operation not permitted 1 send(209.169.14.26,6277) from 0.0.0.0,47628: Operation not permitted 1 continue not asking DCC 16 seconds after failure 1 send(209.169.14.26,6277) from 0.0.0.0,49065: Operation not permitted 1 send(209.169.14.26,6277) from 0.0.0.0,35539: Operation not permitted 1 send(209.169.14.26,6277) from 0.0.0.0,42447: Operation not permitted 1 send(209.169.14.26,6277) from 0.0.0.0,38929: Operation not permitted 1 send(209.169.14.26,6277) from 0.0.0.0,44156: Operation not permitted 1 send(209.169.14.26,6277) from 0.0.0.0,47977: Operation not permitted 1 sendto(209.169.14.27,6277) from 0.0.0.0,52199: Operation not permitted 1 send(209.169.14.26,6277) from 0.0.0.0,52111: Operation not permitted 1 send(209.169.14.26,6277) from 0.0.0.0,45874: Operation not permitted 1 send(209.169.14.26,6277) from 0.0.0.0,42692: Operation not permitted 1 send(209.169.14.26,6277) from 0.0.0.0,60871: Operation not permitted 1 send(209.169.14.26,6277) from 0.0.0.0,57007: Operation not permitted 1 send(209.169.14.26,6277) from 0.0.0.0,34174: Operation not permitted 1 send(209.169.14.26,6277) from 0.0.0.0,57717: Operation not permitted 1 send(209.169.14.26,6277) from 0.0.0.0,56981: Operation not permitted 1 send(209.169.14.26,6277) from 0.0.0.0,38951: Operation not permitted 1 sendto(209.169.14.27,6277) from 0.0.0.0,58819: Operation not permitted 1 send(209.169.14.26,6277) from 0.0.0.0,38802: Operation not permitted 1 send(209.169.14.26,6277) from 0.0.0.0,50097: Operation not permitted 1 send(209.169.14.26,6277) from 0.0.0.0,54544: Operation not permitted 1 send(209.169.14.26,6277) from 0.0.0.0,39664: Operation not permitted 1 send(209.169.14.26,6277) from 0.0.0.0,44873: Operation not permitted 1 send(209.169.14.26,6277) from 0.0.0.0,54422: Operation not permitted 1 send(209.169.14.26,6277) from 0.0.0.0,60720: Operation not permitted 1 send(209.169.14.26,6277) from 0.0.0.0,37061: Operation not permitted 1 send(209.169.14.26,6277) from 0.0.0.0,42555: Operation not permitted 1 send(209.169.14.26,6277) from 0.0.0.0,42974: Operation not permitted 1 continue not asking DCC 39 seconds after failure 1 send(209.169.14.26,6277) from 0.0.0.0,52199: Operation not permitted 1 continue not asking DCC 92 seconds after failure 1 send(209.169.14.26,6277) from 0.0.0.0,42815: Operation not permitted 1 send(209.169.14.26,6277) from 0.0.0.0,49225: Operation not permitted 1 send(209.169.14.26,6277) from 0.0.0.0,34203: Operation not permitted ---------------------- Amavisd-new End ------------------------- Can someone shed some light as to what it means or point me in the right direction to where I can learn. I've googled amivsd-new and went to http://www.ijs.si/software/amavisd/ but didn't see anything that breaks down what I'm seeing. Sorry for my ignorance but I'm trying to learn. From jc at info-systems.de Thu Sep 22 22:23:58 2011 From: jc at info-systems.de (Jakob Curdes) Date: Thu, 22 Sep 2011 22:23:58 +0200 Subject: Amavisd-new Error Information In-Reply-To: <4E7B7704.1090208@vanislebc.com> References: <4E7B7704.1090208@vanislebc.com> Message-ID: <4E7B995E.2080205@info-systems.de> Am 22.09.2011 19:57, schrieb Van Isle BC Web Solutions: > Hi, I am new to the dedicated server field and have paid someone to > install config server firewall and mailscanner. I assume that > Amavisd-new came with it as I've never seen it before the install. > When I view my log files that are cronned to me every day I sometimes > see this: > I think your amavis installation (or, to be more precise, the spamassassin process called by amavisd), tries to contact a server of the DCC clearinghouse network (209.169.14.26 is one of the servers of this network). This network collects and delivers checksums, i.e. footprints of known spam messages, and compares the message under test with these. But in this case spamassassin cannot contact the DCC server, probably due to a firewall issue on your server ("operation not permitted" is a typical firewall blocking symptom). So the remedy would be to open the firewall for the destination port 6277 UDP. Then the DCC component of spamassassin can contact the checksum servers. If this is not feasible the DCC check should be deactivated as it cannot deliver any information without contact to the network. Hope this helps, Jakob Curdes > --------------------- Amavisd-new Begin ------------------------ > **Unmatched Entries** > 117 no DCC answer from 209.169.14.26,6277 after 0 ms > 14 continue not asking DCC 51 seconds after failure > 5 continue not asking DCC 59 seconds after failure > 3 continue not asking DCC 58 seconds after failure > 3 continue not asking DCC 52 seconds after failure > 2 continue not asking DCC 55 seconds after failure > 2 continue not asking DCC 35 seconds after failure > 2 continue not asking DCC 121 seconds after failure > 2 continue not asking DCC 60 seconds after failure > 1 send(209.169.14.26,6277) from 0.0.0.0,60180: Operation not > permitted > 1 send(209.169.14.26,6277) from 0.0.0.0,55950: Operation not > permitted > 1 send(209.169.14.26,6277) from 0.0.0.0,47919: Operation not > permitted > 1 send(209.169.14.26,6277) from 0.0.0.0,43367: Operation not > permitted > 1 send(209.169.14.26,6277) from 0.0.0.0,55917: Operation not > permitted > 1 continue not asking DCC 19 seconds after failure > 1 send(209.169.14.26,6277) from 0.0.0.0,42632: Operation not > permitted > 1 send(209.169.14.26,6277) from 0.0.0.0,38400: Operation not > permitted > 1 continue not asking DCC 66 seconds after failure > 1 sendto(209.169.14.27,6277) from 0.0.0.0,55800: Operation > not permitted > 1 send(209.169.14.26,6277) from 0.0.0.0,49771: Operation not > permitted > 1 continue not asking DCC 9 seconds after failure > 1 send(209.169.14.26,6277) from 0.0.0.0,34031: Operation not > permitted > 1 send(209.169.14.26,6277) from 0.0.0.0,58984: Operation not > permitted > 1 send(209.169.14.26,6277) from 0.0.0.0,34332: Operation not > permitted > 1 send(209.169.14.26,6277) from 0.0.0.0,57551: Operation not > permitted > 1 continue not asking DCC 48 seconds after failure > 1 send(209.169.14.26,6277) from 0.0.0.0,34303: Operation not > permitted > 1 send(209.169.14.26,6277) from 0.0.0.0,60112: Operation not > permitted > 1 send(209.169.14.26,6277) from 0.0.0.0,37749: Operation not > permitted > 1 send(209.169.14.26,6277) from 0.0.0.0,35248: Operation not > permitted > 1 send(209.169.14.26,6277) from 0.0.0.0,58819: Operation not > permitted > 1 send(209.169.14.26,6277) from 0.0.0.0,34252: Operation not > permitted > 1 send(209.169.14.26,6277) from 0.0.0.0,35550: Operation not > permitted > 1 send(209.169.14.26,6277) from 0.0.0.0,55637: Operation not > permitted > 1 send(209.169.14.26,6277) from 0.0.0.0,36807: Operation not > permitted > 1 sendto(209.169.14.27,6277) from 0.0.0.0,48586: Operation > not permitted > 1 continue not asking DCC 359 seconds after failure > 1 continue not asking DCC 56 seconds after failure > 1 send(209.169.14.26,6277) from 0.0.0.0,55007: Operation not > permitted > 1 continue not asking DCC 91 seconds after failure > 1 send(209.169.14.26,6277) from 0.0.0.0,42173: Operation not > permitted > 1 send(209.169.14.26,6277) from 0.0.0.0,54793: Operation not > permitted > 1 send(209.169.14.26,6277) from 0.0.0.0,45839: Operation not > permitted > 1 send(209.169.14.26,6277) from 0.0.0.0,40135: Operation not > permitted > 1 continue not asking DCC 54 seconds after failure > 1 send(209.169.14.26,6277) from 0.0.0.0,46720: Operation not > permitted > 1 send(209.169.14.26,6277) from 0.0.0.0,47177: Operation not > permitted > 1 continue not asking DCC 45 seconds after failure > 1 send(209.169.14.26,6277) from 0.0.0.0,36067: Operation not > permitted > 1 continue not asking DCC 96 seconds after failure > 1 send(209.169.14.26,6277) from 0.0.0.0,49055: Operation not > permitted > 1 send(209.169.14.26,6277) from 0.0.0.0,41689: Operation not > permitted > 1 send(209.169.14.26,6277) from 0.0.0.0,56814: Operation not > permitted > 1 send(209.169.14.26,6277) from 0.0.0.0,42955: Operation not > permitted > 1 send(209.169.14.26,6277) from 0.0.0.0,55800: Operation not > permitted > 1 continue not asking DCC 7 seconds after failure > 1 send(209.169.14.26,6277) from 0.0.0.0,43964: Operation not > permitted > 1 send(209.169.14.26,6277) from 0.0.0.0,36389: Operation not > permitted > 1 send(209.169.14.26,6277) from 0.0.0.0,53052: Operation not > permitted > 1 sendto(209.169.14.27,6277) from 0.0.0.0,42555: Operation > not permitted > 1 continue not asking DCC 12 seconds after failure > 1 send(209.169.14.26,6277) from 0.0.0.0,36536: Operation not > permitted > 1 send(209.169.14.26,6277) from 0.0.0.0,51395: Operation not > permitted > 1 continue not asking DCC 99 seconds after failure > 1 continue not asking DCC 184 seconds after failure > 1 sendto(209.169.14.27,6277) from 0.0.0.0,60180: Operation > not permitted > 1 continue not asking DCC 30 seconds after failure > 1 send(209.169.14.26,6277) from 0.0.0.0,44054: Operation not > permitted > 1 send(209.169.14.26,6277) from 0.0.0.0,57022: Operation not > permitted > 1 sendto(209.169.14.27,6277) from 0.0.0.0,45874: Operation > not permitted > 1 continue not asking DCC 49 seconds after failure > 1 send(209.169.14.26,6277) from 0.0.0.0,51205: Operation not > permitted > 1 send(209.169.14.26,6277) from 0.0.0.0,34801: Operation not > permitted > 1 sendto(209.169.14.27,6277) from 0.0.0.0,48507: Operation > not permitted > 1 continue not asking DCC 47 seconds after failure > 1 send(209.169.14.26,6277) from 0.0.0.0,33585: Operation not > permitted > 1 send(209.169.14.26,6277) from 0.0.0.0,40981: Operation not > permitted > 1 send(209.169.14.26,6277) from 0.0.0.0,42401: Operation not > permitted > 1 send(209.169.14.26,6277) from 0.0.0.0,36390: Operation not > permitted > 1 send(209.169.14.26,6277) from 0.0.0.0,48507: Operation not > permitted > 1 send(209.169.14.26,6277) from 0.0.0.0,58009: Operation not > permitted > 1 send(209.169.14.26,6277) from 0.0.0.0,37620: Operation not > permitted > 1 send(209.169.14.26,6277) from 0.0.0.0,52551: Operation not > permitted > 1 sendto(209.169.14.27,6277) from 0.0.0.0,42815: Operation > not permitted > 1 sendto(209.169.14.27,6277) from 0.0.0.0,34685: Operation > not permitted > 1 send(209.169.14.26,6277) from 0.0.0.0,41440: Operation not > permitted > 1 send(209.169.14.26,6277) from 0.0.0.0,51793: Operation not > permitted > 1 send(209.169.14.26,6277) from 0.0.0.0,59121: Operation not > permitted > 1 continue not asking DCC 21 seconds after failure > 1 send(209.169.14.26,6277) from 0.0.0.0,39096: Operation not > permitted > 1 send(209.169.14.26,6277) from 0.0.0.0,59164: Operation not > permitted > 1 continue not asking DCC 124 seconds after failure > 1 send(209.169.14.26,6277) from 0.0.0.0,37377: Operation not > permitted > 1 send(209.169.14.26,6277) from 0.0.0.0,54337: Operation not > permitted > 1 send(209.169.14.26,6277) from 0.0.0.0,59666: Operation not > permitted > 1 send(209.169.14.26,6277) from 0.0.0.0,49452: Operation not > permitted > 1 send(209.169.14.26,6277) from 0.0.0.0,49472: Operation not > permitted > 1 continue not asking DCC 169 seconds after failure > 1 send(209.169.14.26,6277) from 0.0.0.0,35450: Operation not > permitted > 1 send(209.169.14.26,6277) from 0.0.0.0,40579: Operation not > permitted > 1 send(209.169.14.26,6277) from 0.0.0.0,35046: Operation not > permitted > 1 send(209.169.14.26,6277) from 0.0.0.0,49577: Operation not > permitted > 1 send(209.169.14.26,6277) from 0.0.0.0,34685: Operation not > permitted > 1 sendto(209.169.14.27,6277) from 0.0.0.0,56981: Operation > not permitted > 1 send(209.169.14.26,6277) from 0.0.0.0,60293: Operation not > permitted > 1 send(209.169.14.26,6277) from 0.0.0.0,47113: Operation not > permitted > 1 send(209.169.14.26,6277) from 0.0.0.0,45145: Operation not > permitted > 1 send(209.169.14.26,6277) from 0.0.0.0,41735: Operation not > permitted > 1 send(209.169.14.26,6277) from 0.0.0.0,55699: Operation not > permitted > 1 sendto(209.169.14.27,6277) from 0.0.0.0,34203: Operation > not permitted > 1 send(209.169.14.26,6277) from 0.0.0.0,48248: Operation not > permitted > 1 send(209.169.14.26,6277) from 0.0.0.0,34416: Operation not > permitted > 1 send(209.169.14.26,6277) from 0.0.0.0,40586: Operation not > permitted > 1 send(209.169.14.26,6277) from 0.0.0.0,53332: Operation not > permitted > 1 send(209.169.14.26,6277) from 0.0.0.0,36100: Operation not > permitted > 1 continue not asking DCC 61 seconds after failure > 1 no DCC answer from 209.169.14.26,6277 after 6050 ms > 1 send(209.169.14.26,6277) from 0.0.0.0,58334: Operation not > permitted > 1 continue not asking DCC 477 seconds after failure > 1 send(209.169.14.26,6277) from 0.0.0.0,54614: Operation not > permitted > 1 continue not asking DCC 50 seconds after failure > 1 send(209.169.14.26,6277) from 0.0.0.0,48586: Operation not > permitted > 1 send(209.169.14.26,6277) from 0.0.0.0,40389: Operation not > permitted > 1 send(209.169.14.26,6277) from 0.0.0.0,58196: Operation not > permitted > 1 send(209.169.14.26,6277) from 0.0.0.0,50135: Operation not > permitted > 1 send(209.169.14.26,6277) from 0.0.0.0,46425: Operation not > permitted > 1 continue not asking DCC 219 seconds after failure > 1 send(209.169.14.26,6277) from 0.0.0.0,57951: Operation not > permitted > 1 send(209.169.14.26,6277) from 0.0.0.0,45241: Operation not > permitted > 1 send(209.169.14.26,6277) from 0.0.0.0,32802: Operation not > permitted > 1 send(209.169.14.26,6277) from 0.0.0.0,56610: Operation not > permitted > 1 continue not asking DCC 346 seconds after failure > 1 continue not asking DCC 33 seconds after failure > 1 send(209.169.14.26,6277) from 0.0.0.0,35781: Operation not > permitted > 1 send(209.169.14.26,6277) from 0.0.0.0,47628: Operation not > permitted > 1 continue not asking DCC 16 seconds after failure > 1 send(209.169.14.26,6277) from 0.0.0.0,49065: Operation not > permitted > 1 send(209.169.14.26,6277) from 0.0.0.0,35539: Operation not > permitted > 1 send(209.169.14.26,6277) from 0.0.0.0,42447: Operation not > permitted > 1 send(209.169.14.26,6277) from 0.0.0.0,38929: Operation not > permitted > 1 send(209.169.14.26,6277) from 0.0.0.0,44156: Operation not > permitted > 1 send(209.169.14.26,6277) from 0.0.0.0,47977: Operation not > permitted > 1 sendto(209.169.14.27,6277) from 0.0.0.0,52199: Operation > not permitted > 1 send(209.169.14.26,6277) from 0.0.0.0,52111: Operation not > permitted > 1 send(209.169.14.26,6277) from 0.0.0.0,45874: Operation not > permitted > 1 send(209.169.14.26,6277) from 0.0.0.0,42692: Operation not > permitted > 1 send(209.169.14.26,6277) from 0.0.0.0,60871: Operation not > permitted > 1 send(209.169.14.26,6277) from 0.0.0.0,57007: Operation not > permitted > 1 send(209.169.14.26,6277) from 0.0.0.0,34174: Operation not > permitted > 1 send(209.169.14.26,6277) from 0.0.0.0,57717: Operation not > permitted > 1 send(209.169.14.26,6277) from 0.0.0.0,56981: Operation not > permitted > 1 send(209.169.14.26,6277) from 0.0.0.0,38951: Operation not > permitted > 1 sendto(209.169.14.27,6277) from 0.0.0.0,58819: Operation > not permitted > 1 send(209.169.14.26,6277) from 0.0.0.0,38802: Operation not > permitted > 1 send(209.169.14.26,6277) from 0.0.0.0,50097: Operation not > permitted > 1 send(209.169.14.26,6277) from 0.0.0.0,54544: Operation not > permitted > 1 send(209.169.14.26,6277) from 0.0.0.0,39664: Operation not > permitted > 1 send(209.169.14.26,6277) from 0.0.0.0,44873: Operation not > permitted > 1 send(209.169.14.26,6277) from 0.0.0.0,54422: Operation not > permitted > 1 send(209.169.14.26,6277) from 0.0.0.0,60720: Operation not > permitted > 1 send(209.169.14.26,6277) from 0.0.0.0,37061: Operation not > permitted > 1 send(209.169.14.26,6277) from 0.0.0.0,42555: Operation not > permitted > 1 send(209.169.14.26,6277) from 0.0.0.0,42974: Operation not > permitted > 1 continue not asking DCC 39 seconds after failure > 1 send(209.169.14.26,6277) from 0.0.0.0,52199: Operation not > permitted > 1 continue not asking DCC 92 seconds after failure > 1 send(209.169.14.26,6277) from 0.0.0.0,42815: Operation not > permitted > 1 send(209.169.14.26,6277) from 0.0.0.0,49225: Operation not > permitted > 1 send(209.169.14.26,6277) from 0.0.0.0,34203: Operation not > permitted > > > ---------------------- Amavisd-new End ------------------------- > > Can someone shed some light as to what it means or point me in the > right direction to where I can learn. I've googled amivsd-new and > went to http://www.ijs.si/software/amavisd/ but didn't see anything > that breaks down what I'm seeing. Sorry for my ignorance but I'm > trying to learn. From tomislav.mihalicek at gmail.com Fri Sep 23 15:22:39 2011 From: tomislav.mihalicek at gmail.com (=?ISO-8859-2?Q?Tomislav_Mihali=E8ek?=) Date: Fri, 23 Sep 2011 15:22:39 +0200 Subject: Amavis archive quarantine per user in LDAP Message-ID: i am running have a ldap attribute amavisArchiveQuarantineTo local:archive-%m.gz on certain user, but it seems that it is not triggered. Spam tagging levels are doing fine... What am i doing wrong? ##SYSTEM [root at ike ~]# amavisd -V amavisd-new-2.7.0 (20110701) [root at ike ~]# uname -a FreeBSD ike.bnet.hr 8.2-RELEASE FreeBSD 8.2-RELEASE #0: Thu Feb 17 02:41:51 UTC 2011 root at mason.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC amd64 -------------- next part -------------- An HTML attachment was scrubbed... URL: From michael.scheidell at secnap.com Fri Sep 23 15:28:45 2011 From: michael.scheidell at secnap.com (Michael Scheidell) Date: Fri, 23 Sep 2011 09:28:45 -0400 Subject: Amavisd-new Error Information In-Reply-To: <4E7B995E.2080205@info-systems.de> References: <4E7B7704.1090208@vanislebc.com> <4E7B995E.2080205@info-systems.de> Message-ID: <4E7C898D.9000208@secnap.com> On 9/22/11 4:23 PM, Jakob Curdes wrote: > So the remedy would be to open the firewall for the destination port > 6277 UDP. Then the DCC component of spamassassin can contact the > checksum servers. If this is not feasible the DCC check should be > deactivated as it cannot deliver any information without contact to the > network. > > Hope this helps, > J ditto on what Jakob says. Lots of times, outbound udp is blocked on firewalls.. if you have a STATEFUL firewall, then thats all you need. if you have an older packer filtering firewall, then you need to led udp 6277 back IN. one more thing you might consider, depending on your volume. the standard (free) version of DCC contacts DCC's public servers. (type 'cdcc info' to see their status) public servers will start to impose rate limiting on large numbers of queries. Further, again, depending on your volumes, once you get past 100K queries in a day, the bandwidth requirements for query and 'flooding' (the bydirectional exchange of checksums) gets to the point that having a local DCC server makes sense. There is one more option, and its been available with SA from (3.2?). and that is the commercial version of DCC, which not only exchanges bulk email checksums, but also exchanges 'hits' on ip addresses. Lets you mark ip addresses that send lots of 'bulk' email (note: bulk is not spam, but spam is bulk :-). if any of this interests you, pop an email to Vernon Schryver and explain who you are, your requirements (queries per day: ie: how much email is SA processing once past your initial MTA blocks), if you are providing email filtering for only your ISP customers, or if you resell to or through third parties. Even for 10K per day, maybe you don't need a local server, but access to the ip reputation database, and no rate limiting might be worth a few bucks. (I pay about 20% to rhyolite of what SpamHaus quoted me. No, its not the same, SH you would normally use it to block pre-queue, and DCC doesn't block, but it does identify, pretty quickly, ip addresses that start to send out bulk email). example: your ip, looks 100% clean. vs one of the 'ESP' s. (exact target) 68% bulk email. which is what you would expect from an ESP. *bulk is not spam. -- Michael Scheidell, CTO o: 561-999-5000 d: 561-948-2259 >*| *SECNAP Network Security Corporation * Best Mobile Solutions Product of 2011 * Best Intrusion Prevention Product * Hot Company Finalist 2011 * Best Email Security Product * Certified SNORT Integrator ______________________________________________________________________ This email has been scanned and certified safe by SpammerTrap(r). For Information please see http://www.spammertrap.com/ ______________________________________________________________________ -------------- next part -------------- An HTML attachment was scrubbed... URL: From sdavies at sdc.com.au Sat Sep 24 03:06:56 2011 From: sdavies at sdc.com.au (Stephen Davies) Date: Sat, 24 Sep 2011 10:36:56 +0930 Subject: TROUBLE in check_mail Message-ID: <201109241036.56135.sdavies@sdc.com.au> I have amavisd-new 2.7.0 and amavis-milter 1.5.0 running on two servers. One works fine but the other is filling the log with: Sep 22 09:21:53 server amavis[5888]: (05888) (!!)TROUBLE in check_mail: quar+notif FAILED: temporarily unable to notify admin: 451 4.5.0 from MTA(smtp:[127.0.0.1]:10025): 451 4.5.0 id=05887-17 - Temporary MTA failure on relaying, From MTA() during fwd-connect (Negative greeting: at (eval 110) line 464.): id=05887-17 at /usr/sbin/amavisd line 14900 I have found references to this message in the context of clamav but this seems not to be the case here. (I am running clamav0.97.2) I can telnet to 127.0.0.1 10025 and see: 220 [127.0.0.1] ESMTP amavisd-new service ready Spamassasin is turned off on both servers. (I use bogofilter-milter instead.) Cheers and thanks, Stephen -- ============================================================================= Stephen Davies Consulting P/L Voice: 08-8177 1595 Adelaide, South Australia. Fax : 08-8177 0133 Records & Collections Management. Mobile:040 304 0583 From yassen_tis at yahoo.com Sat Sep 24 11:38:14 2011 From: yassen_tis at yahoo.com (Yassen Damyanov) Date: Sat, 24 Sep 2011 02:38:14 -0700 (PDT) Subject: per-recipient (or per- policy bank) SA settings Message-ID: <1316857094.22635.YahooMailNeo@web114710.mail.gq1.yahoo.com> Hello list, The new 2.7.0 version has this feature listed (among many others): "- per-recipient (or per- policy bank) SpamAssassin configuration files or SQL configuration sets are supported (@sa_userconf_maps), and per-recipient SQL Bayes database usernames (@sa_username_maps);" This is exactly what I was waiting for! However, I cannot find any manual about how to use it. Suggestions on information sources? My setup is a "postfix -> amavisd-new -> postfix" one, keeping virtual users in a MySQL database -- fairly standard. I would be happy to be able to have different SA bayes databases for different domains on my server as a beginning; being able to group users by departments would be even better. Please help me get started, thanks! (A proper URL may well be sufficient.) Yassen From pdal at assetrecoverycorp.com Wed Sep 28 16:30:47 2011 From: pdal at assetrecoverycorp.com (Peter Dal) Date: Wed, 28 Sep 2011 09:30:47 -0500 Subject: Amavis blocking images... In-Reply-To: <4E79F17F.5010304@assetrecoverycorp.com> References: <4E79F17F.5010304@assetrecoverycorp.com> Message-ID: <4E832F97.4090305@assetrecoverycorp.com> Anyone have any idea where I can start looking? I've set amavis to pass banned files for now, but I keep getting these messages... Thanks, Peter On 9/21/2011 9:15 AM, Peter Dal wrote: > Hi folks, > > I have a problem that started last Monday, without me changing > anything... For some odd reason, amavis started blocking images, but > not all of them, just a specific one. Here's the situation: > > One of my users is using a mailing list, and sends out an email with > our company logo as header (embeded, not attached). When this message > comes back (since he's subscribed to this list) the email gets blocked > by amavis, and I receive the following notification email: > > |No viruses were found. > > Banned name: multipart/mixed | > image/gif,.image,.gif,part1.03020803.05050501 at mydomain.com > Content type: Banned > Internal reference code for the message is 30298-18/Fe80t5ePS7Gx > > First upstream SMTP client IP address: [] mail.sourcedomain.com > According to a 'Received:' trace, the message originated at: > [], localhost.localdomain unknown [127.0.0.1] > > Return-Path: > From:source at sourcedomain.com > Sender:source at sourcedomain.com > Message-ID:<13164658335.581646> > Subject: ... > The message has been quarantined as: /var/lib/amavis/virusmails > > The message WAS NOT relayed to: > : > 250 2.7.0 Ok, discarded, id=30298-18 - BANNED: multipart/mixed | image/gif,.image,.gif,part1.03020803.05050501 at mydomain.com > > > header > > Return-Path: > X-Original-Helo: 235324.sourcedomain.net > Received: from 235324.sourcedomain.net (mail.sourcedomain.com []) > by mail.mydomain.com (Postfix) with ESMTP id DB2AA25458D > for; Mon, 19 Sep 2011 15:57:13 -0500 (CDT) > Received: from localhost.localdomain (unknown [127.0.0.1]) > by 235324.sourcedomain.net (Postfix) with ESMTP id 76EEB40CB89D > for; Mon, 19 Sep 2011 16:57:13 -0400 (EDT) > MIME-Version: 1.0 > Content-Transfer-Encoding: binary > Content-Type: multipart/mixed; boundary="_----------=_13164658337320692" > X-Mailer: MIME::Lite 3.027 (F2.74; T1.28; A2.04; B3.07; Q3.07) > Date: Mon, 19 Sep 2011 16:57:13 -0400 > To: > From:source at sourcedomain.com > Subject: ... > Reply-To: > Sender:source at sourcedomain.com > Comments: Cust: 5 Msg: 581646 > Message-Id: 13164658335.581646 > | > > As far as I can tell, it is not supposed to ban ANY images, and in > fact this has been working without a glitch for years. Now all of a > sudden it starts banning stuff.... > > The only related setting I can think of (feel free to ask me to post > others) is the $banned_filename_re, which looks like this: > > |$banned_filename_re = new_RE( > # block certain double extensions anywhere in the base name > qr'\.[^./]*\.(exe|vbs|pif|scr|bat|cmd|com|cpl|dll)\.?$'i, > > qr'\{[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}\}?'i, # Windows Class ID CLSID, strict > > qr'^application/x-msdownload$'i, # block these MIME types > qr'^application/x-msdos-program$'i, > qr'^application/hta$'i, > > qr'.\.(exe|vbs|pif|scr|bat|cmd|com|cpl)$'i, # banned extension - basic (default) > ); > | > > It's not a one time thing either. He sends out over a dozen emails a > day, and all of them get blocked this way. I'm completely stumped by > this one. How do I track down what's going on here? Please keep in > mind I'm kind of a noob when comes to amavis... > > Thanks, > Peter > ******************************************************************************* This e-mail message and any files transmitted here with, are intended solely for the use of the individual(s) addressed and may contain confidential, proprietary or privileged information. If you are not the addressee indicated in this message (or responsible for delivery of this message to such person) you may not review, use, disclose or distribute this message or any files transmitted herewith. If you receive this message in error, please contact the sender by reply e-mail and delete this message and all copies of it from your system. ******************************************************************************* -------------- next part -------------- An HTML attachment was scrubbed... URL: From njones at megan.vbhcs.org Wed Sep 28 16:55:11 2011 From: njones at megan.vbhcs.org (Noel Jones) Date: Wed, 28 Sep 2011 09:55:11 -0500 Subject: Amavis blocking images... In-Reply-To: <4E832F97.4090305@assetrecoverycorp.com> References: <4E79F17F.5010304@assetrecoverycorp.com> <4E832F97.4090305@assetrecoverycorp.com> Message-ID: <4E83354F.9080005@megan.vbhcs.org> On 9/28/2011 9:30 AM, Peter Dal wrote: > Anyone have any idea where I can start looking? I've set amavis to > pass banned files for now, but I keep getting these messages... > > Thanks, > Peter > > On 9/21/2011 9:15 AM, Peter Dal wrote: >> Hi folks, >> >> I have a problem that started last Monday, without me changing >> anything... For some odd reason, amavis started blocking images, >> but not all of them, just a specific one. Here's the situation: >> >> One of my users is using a mailing list, and sends out an email >> with our company logo as header (embeded, not attached). When this >> message comes back (since he's subscribed to this list) the email >> gets blocked by amavis, and I receive the following notification >> email: >> >> |No viruses were found. >> >> Banned name: multipart/mixed | >> image/gif,.image,.gif,part1.03020803.05050501 at mydomain.com >> Content type: Banned >> Internal reference code for the message is 30298-18/Fe80t5ePS7Gx The image name ends with .com and you've banned attachments with .com extension. From pdal at assetrecoverycorp.com Wed Sep 28 18:20:57 2011 From: pdal at assetrecoverycorp.com (Peter Dal) Date: Wed, 28 Sep 2011 11:20:57 -0500 Subject: Amavis blocking images... In-Reply-To: <4E83354F.9080005@megan.vbhcs.org> References: <4E79F17F.5010304@assetrecoverycorp.com> <4E832F97.4090305@assetrecoverycorp.com> <4E83354F.9080005@megan.vbhcs.org> Message-ID: <4E834969.1010600@assetrecoverycorp.com> On 9/28/2011 9:55 AM, Noel Jones wrote: >> Banned name: multipart/mixed | >> image/gif,.image,.gif,part1.03020803.05050501 at mydomain.com >> Content type: Banned >> Internal reference code for the message is 30298-18/Fe80t5ePS7Gx > The image name ends with .com and you've banned attachments with > .com extension. Thanks Noel! That's interesting! That would indeed make sense, however: 1. It has been working without issues for over 3 years, and no changes on client or server were made 2. It is an embedded image, not an attachment, so it has no filename. the "part1.03020803.05050501 at mydomain.com" is the id given by the email client. If this is really the reason it is blocking it, I'm tempted to call it a bug, since it's banning something based on a filename that's not there... I'm intrigued though, so I'll remove the .com extension from banning and see what happens. Remains the problem of how to block .com files and still allow embedded images? Thanks, Peter ******************************************************************************* This e-mail message and any files transmitted here with, are intended solely for the use of the individual(s) addressed and may contain confidential, proprietary or privileged information. If you are not the addressee indicated in this message (or responsible for delivery of this message to such person) you may not review, use, disclose or distribute this message or any files transmitted herewith. If you receive this message in error, please contact the sender by reply e-mail and delete this message and all copies of it from your system. ******************************************************************************* -------------- next part -------------- An HTML attachment was scrubbed... URL: From njones at megan.vbhcs.org Wed Sep 28 18:40:07 2011 From: njones at megan.vbhcs.org (Noel Jones) Date: Wed, 28 Sep 2011 11:40:07 -0500 Subject: Amavis blocking images... In-Reply-To: <4E834969.1010600@assetrecoverycorp.com> References: <4E79F17F.5010304@assetrecoverycorp.com> <4E832F97.4090305@assetrecoverycorp.com> <4E83354F.9080005@megan.vbhcs.org> <4E834969.1010600@assetrecoverycorp.com> Message-ID: <4E834DE7.8020103@megan.vbhcs.org> On 9/28/2011 11:20 AM, Peter Dal wrote: > > On 9/28/2011 9:55 AM, Noel Jones wrote: >>> Banned name: multipart/mixed | >>> image/gif,.image,.gif,part1.03020803.05050501 at mydomain.com >>> Content type: Banned >>> Internal reference code for the message is 30298-18/Fe80t5ePS7Gx >> The image name ends with .com and you've banned attachments with >> .com extension. > > Thanks Noel! > > That's interesting! That would indeed make sense, however: > > 1. It has been working without issues for over 3 years, and no > changes on client or server were made > 2. It is an embedded image, not an attachment, so it has no > filename. the "part1.03020803.05050501 at mydomain.com" is the id > given by the email client. Check the message source. I expect to find the name there. Embedded images are still attachments; just displayed differently. ... or I could be full of effluent. > > If this is really the reason it is blocking it, I'm tempted to call > it a bug, since it's banning something based on a filename that's > not there... > > I'm intrigued though, so I'll remove the .com extension from banning > and see what happens. Remains the problem of how to block .com files > and still allow embedded images? Whitelist names with @.*\.com$ maybe? You can still block real .com files by file(1) type. -- Noel Jones From webmaster at vanislebc.com Wed Sep 28 22:55:40 2011 From: webmaster at vanislebc.com (Van Isle BC Web Solutions) Date: Wed, 28 Sep 2011 13:55:40 -0700 Subject: Amavisd-new Error Information In-Reply-To: <4E7B995E.2080205@info-systems.de> References: <4E7B7704.1090208@vanislebc.com> <4E7B995E.2080205@info-systems.de> Message-ID: <4E8389CC.3000400@vanislebc.com> Jakob Curdes wrote: > Am 22.09.2011 19:57, schrieb Van Isle BC Web Solutions: >> Hi, I am new to the dedicated server field and have paid someone to >> install config server firewall and mailscanner. I assume that >> Amavisd-new came with it as I've never seen it before the install. >> When I view my log files that are cronned to me every day I sometimes >> see this: >> > I think your amavis installation (or, to be more precise, the > spamassassin process called by amavisd), tries to contact a server of > the DCC clearinghouse network (209.169.14.26 is one of the servers of > this network). This network collects and delivers checksums, i.e. > footprints of known spam messages, and compares the message under test > with these. > But in this case spamassassin cannot contact the DCC server, probably > due to a firewall issue on your server ("operation not permitted" is a > typical firewall blocking symptom). > > So the remedy would be to open the firewall for the destination port > 6277 UDP. Then the DCC component of spamassassin can contact the > checksum servers. If this is not feasible the DCC check should be > deactivated as it cannot deliver any information without contact to > the network. > > Hope this helps, > Jakob Curdes > > >> --------------------- Amavisd-new Begin ------------------------ >> **Unmatched Entries** >> 117 no DCC answer from 209.169.14.26,6277 after 0 ms >> 14 continue not asking DCC 51 seconds after failure >> 5 continue not asking DCC 59 seconds after failure >> 3 continue not asking DCC 58 seconds after failure >> 3 continue not asking DCC 52 seconds after failure >> 2 continue not asking DCC 55 seconds after failure >> 2 continue not asking DCC 35 seconds after failure >> 2 continue not asking DCC 121 seconds after failure >> 2 continue not asking DCC 60 seconds after failure >> 1 send(209.169.14.26,6277) from 0.0.0.0,60180: Operation not >> permitted >> 1 send(209.169.14.26,6277) from 0.0.0.0,55950: Operation not >> permitted >> 1 send(209.169.14.26,6277) from 0.0.0.0,47919: Operation not >> permitted >> 1 send(209.169.14.26,6277) from 0.0.0.0,43367: Operation not >> permitted >> 1 send(209.169.14.26,6277) from 0.0.0.0,55917: Operation not >> permitted >> 1 continue not asking DCC 19 seconds after failure >> 1 send(209.169.14.26,6277) from 0.0.0.0,42632: Operation not >> permitted >> 1 send(209.169.14.26,6277) from 0.0.0.0,38400: Operation not >> permitted >> 1 continue not asking DCC 66 seconds after failure >> 1 sendto(209.169.14.27,6277) from 0.0.0.0,55800: Operation >> not permitted >> 1 send(209.169.14.26,6277) from 0.0.0.0,49771: Operation not >> permitted >> 1 continue not asking DCC 9 seconds after failure >> 1 send(209.169.14.26,6277) from 0.0.0.0,34031: Operation not >> permitted >> 1 send(209.169.14.26,6277) from 0.0.0.0,58984: Operation not >> permitted >> 1 send(209.169.14.26,6277) from 0.0.0.0,34332: Operation not >> permitted >> 1 send(209.169.14.26,6277) from 0.0.0.0,57551: Operation not >> permitted >> 1 continue not asking DCC 48 seconds after failure >> 1 send(209.169.14.26,6277) from 0.0.0.0,34303: Operation not >> permitted >> 1 send(209.169.14.26,6277) from 0.0.0.0,60112: Operation not >> permitted >> 1 send(209.169.14.26,6277) from 0.0.0.0,37749: Operation not >> permitted >> 1 send(209.169.14.26,6277) from 0.0.0.0,35248: Operation not >> permitted >> 1 send(209.169.14.26,6277) from 0.0.0.0,58819: Operation not >> permitted >> 1 send(209.169.14.26,6277) from 0.0.0.0,34252: Operation not >> permitted >> 1 send(209.169.14.26,6277) from 0.0.0.0,35550: Operation not >> permitted >> 1 send(209.169.14.26,6277) from 0.0.0.0,55637: Operation not >> permitted >> 1 send(209.169.14.26,6277) from 0.0.0.0,36807: Operation not >> permitted >> 1 sendto(209.169.14.27,6277) from 0.0.0.0,48586: Operation >> not permitted >> 1 continue not asking DCC 359 seconds after failure >> 1 continue not asking DCC 56 seconds after failure >> 1 send(209.169.14.26,6277) from 0.0.0.0,55007: Operation not >> permitted >> 1 continue not asking DCC 91 seconds after failure >> 1 send(209.169.14.26,6277) from 0.0.0.0,42173: Operation not >> permitted >> 1 send(209.169.14.26,6277) from 0.0.0.0,54793: Operation not >> permitted >> 1 send(209.169.14.26,6277) from 0.0.0.0,45839: Operation not >> permitted >> 1 send(209.169.14.26,6277) from 0.0.0.0,40135: Operation not >> permitted >> 1 continue not asking DCC 54 seconds after failure >> 1 send(209.169.14.26,6277) from 0.0.0.0,46720: Operation not >> permitted >> 1 send(209.169.14.26,6277) from 0.0.0.0,47177: Operation not >> permitted >> 1 continue not asking DCC 45 seconds after failure >> 1 send(209.169.14.26,6277) from 0.0.0.0,36067: Operation not >> permitted >> 1 continue not asking DCC 96 seconds after failure >> 1 send(209.169.14.26,6277) from 0.0.0.0,49055: Operation not >> permitted >> 1 send(209.169.14.26,6277) from 0.0.0.0,41689: Operation not >> permitted >> 1 send(209.169.14.26,6277) from 0.0.0.0,56814: Operation not >> permitted >> 1 send(209.169.14.26,6277) from 0.0.0.0,42955: Operation not >> permitted >> 1 send(209.169.14.26,6277) from 0.0.0.0,55800: Operation not >> permitted >> 1 continue not asking DCC 7 seconds after failure >> 1 send(209.169.14.26,6277) from 0.0.0.0,43964: Operation not >> permitted >> 1 send(209.169.14.26,6277) from 0.0.0.0,36389: Operation not >> permitted >> 1 send(209.169.14.26,6277) from 0.0.0.0,53052: Operation not >> permitted >> 1 sendto(209.169.14.27,6277) from 0.0.0.0,42555: Operation >> not permitted >> 1 continue not asking DCC 12 seconds after failure >> 1 send(209.169.14.26,6277) from 0.0.0.0,36536: Operation not >> permitted >> 1 send(209.169.14.26,6277) from 0.0.0.0,51395: Operation not >> permitted >> 1 continue not asking DCC 99 seconds after failure >> 1 continue not asking DCC 184 seconds after failure >> 1 sendto(209.169.14.27,6277) from 0.0.0.0,60180: Operation >> not permitted >> 1 continue not asking DCC 30 seconds after failure >> 1 send(209.169.14.26,6277) from 0.0.0.0,44054: Operation not >> permitted >> 1 send(209.169.14.26,6277) from 0.0.0.0,57022: Operation not >> permitted >> 1 sendto(209.169.14.27,6277) from 0.0.0.0,45874: Operation >> not permitted >> 1 continue not asking DCC 49 seconds after failure >> 1 send(209.169.14.26,6277) from 0.0.0.0,51205: Operation not >> permitted >> 1 send(209.169.14.26,6277) from 0.0.0.0,34801: Operation not >> permitted >> 1 sendto(209.169.14.27,6277) from 0.0.0.0,48507: Operation >> not permitted >> 1 continue not asking DCC 47 seconds after failure >> 1 send(209.169.14.26,6277) from 0.0.0.0,33585: Operation not >> permitted >> 1 send(209.169.14.26,6277) from 0.0.0.0,40981: Operation not >> permitted >> 1 send(209.169.14.26,6277) from 0.0.0.0,42401: Operation not >> permitted >> 1 send(209.169.14.26,6277) from 0.0.0.0,36390: Operation not >> permitted >> 1 send(209.169.14.26,6277) from 0.0.0.0,48507: Operation not >> permitted >> 1 send(209.169.14.26,6277) from 0.0.0.0,58009: Operation not >> permitted >> 1 send(209.169.14.26,6277) from 0.0.0.0,37620: Operation not >> permitted >> 1 send(209.169.14.26,6277) from 0.0.0.0,52551: Operation not >> permitted >> 1 sendto(209.169.14.27,6277) from 0.0.0.0,42815: Operation >> not permitted >> 1 sendto(209.169.14.27,6277) from 0.0.0.0,34685: Operation >> not permitted >> 1 send(209.169.14.26,6277) from 0.0.0.0,41440: Operation not >> permitted >> 1 send(209.169.14.26,6277) from 0.0.0.0,51793: Operation not >> permitted >> 1 send(209.169.14.26,6277) from 0.0.0.0,59121: Operation not >> permitted >> 1 continue not asking DCC 21 seconds after failure >> 1 send(209.169.14.26,6277) from 0.0.0.0,39096: Operation not >> permitted >> 1 send(209.169.14.26,6277) from 0.0.0.0,59164: Operation not >> permitted >> 1 continue not asking DCC 124 seconds after failure >> 1 send(209.169.14.26,6277) from 0.0.0.0,37377: Operation not >> permitted >> 1 send(209.169.14.26,6277) from 0.0.0.0,54337: Operation not >> permitted >> 1 send(209.169.14.26,6277) from 0.0.0.0,59666: Operation not >> permitted >> 1 send(209.169.14.26,6277) from 0.0.0.0,49452: Operation not >> permitted >> 1 send(209.169.14.26,6277) from 0.0.0.0,49472: Operation not >> permitted >> 1 continue not asking DCC 169 seconds after failure >> 1 send(209.169.14.26,6277) from 0.0.0.0,35450: Operation not >> permitted >> 1 send(209.169.14.26,6277) from 0.0.0.0,40579: Operation not >> permitted >> 1 send(209.169.14.26,6277) from 0.0.0.0,35046: Operation not >> permitted >> 1 send(209.169.14.26,6277) from 0.0.0.0,49577: Operation not >> permitted >> 1 send(209.169.14.26,6277) from 0.0.0.0,34685: Operation not >> permitted >> 1 sendto(209.169.14.27,6277) from 0.0.0.0,56981: Operation >> not permitted >> 1 send(209.169.14.26,6277) from 0.0.0.0,60293: Operation not >> permitted >> 1 send(209.169.14.26,6277) from 0.0.0.0,47113: Operation not >> permitted >> 1 send(209.169.14.26,6277) from 0.0.0.0,45145: Operation not >> permitted >> 1 send(209.169.14.26,6277) from 0.0.0.0,41735: Operation not >> permitted >> 1 send(209.169.14.26,6277) from 0.0.0.0,55699: Operation not >> permitted >> 1 sendto(209.169.14.27,6277) from 0.0.0.0,34203: Operation >> not permitted >> 1 send(209.169.14.26,6277) from 0.0.0.0,48248: Operation not >> permitted >> 1 send(209.169.14.26,6277) from 0.0.0.0,34416: Operation not >> permitted >> 1 send(209.169.14.26,6277) from 0.0.0.0,40586: Operation not >> permitted >> 1 send(209.169.14.26,6277) from 0.0.0.0,53332: Operation not >> permitted >> 1 send(209.169.14.26,6277) from 0.0.0.0,36100: Operation not >> permitted >> 1 continue not asking DCC 61 seconds after failure >> 1 no DCC answer from 209.169.14.26,6277 after 6050 ms >> 1 send(209.169.14.26,6277) from 0.0.0.0,58334: Operation not >> permitted >> 1 continue not asking DCC 477 seconds after failure >> 1 send(209.169.14.26,6277) from 0.0.0.0,54614: Operation not >> permitted >> 1 continue not asking DCC 50 seconds after failure >> 1 send(209.169.14.26,6277) from 0.0.0.0,48586: Operation not >> permitted >> 1 send(209.169.14.26,6277) from 0.0.0.0,40389: Operation not >> permitted >> 1 send(209.169.14.26,6277) from 0.0.0.0,58196: Operation not >> permitted >> 1 send(209.169.14.26,6277) from 0.0.0.0,50135: Operation not >> permitted >> 1 send(209.169.14.26,6277) from 0.0.0.0,46425: Operation not >> permitted >> 1 continue not asking DCC 219 seconds after failure >> 1 send(209.169.14.26,6277) from 0.0.0.0,57951: Operation not >> permitted >> 1 send(209.169.14.26,6277) from 0.0.0.0,45241: Operation not >> permitted >> 1 send(209.169.14.26,6277) from 0.0.0.0,32802: Operation not >> permitted >> 1 send(209.169.14.26,6277) from 0.0.0.0,56610: Operation not >> permitted >> 1 continue not asking DCC 346 seconds after failure >> 1 continue not asking DCC 33 seconds after failure >> 1 send(209.169.14.26,6277) from 0.0.0.0,35781: Operation not >> permitted >> 1 send(209.169.14.26,6277) from 0.0.0.0,47628: Operation not >> permitted >> 1 continue not asking DCC 16 seconds after failure >> 1 send(209.169.14.26,6277) from 0.0.0.0,49065: Operation not >> permitted >> 1 send(209.169.14.26,6277) from 0.0.0.0,35539: Operation not >> permitted >> 1 send(209.169.14.26,6277) from 0.0.0.0,42447: Operation not >> permitted >> 1 send(209.169.14.26,6277) from 0.0.0.0,38929: Operation not >> permitted >> 1 send(209.169.14.26,6277) from 0.0.0.0,44156: Operation not >> permitted >> 1 send(209.169.14.26,6277) from 0.0.0.0,47977: Operation not >> permitted >> 1 sendto(209.169.14.27,6277) from 0.0.0.0,52199: Operation >> not permitted >> 1 send(209.169.14.26,6277) from 0.0.0.0,52111: Operation not >> permitted >> 1 send(209.169.14.26,6277) from 0.0.0.0,45874: Operation not >> permitted >> 1 send(209.169.14.26,6277) from 0.0.0.0,42692: Operation not >> permitted >> 1 send(209.169.14.26,6277) from 0.0.0.0,60871: Operation not >> permitted >> 1 send(209.169.14.26,6277) from 0.0.0.0,57007: Operation not >> permitted >> 1 send(209.169.14.26,6277) from 0.0.0.0,34174: Operation not >> permitted >> 1 send(209.169.14.26,6277) from 0.0.0.0,57717: Operation not >> permitted >> 1 send(209.169.14.26,6277) from 0.0.0.0,56981: Operation not >> permitted >> 1 send(209.169.14.26,6277) from 0.0.0.0,38951: Operation not >> permitted >> 1 sendto(209.169.14.27,6277) from 0.0.0.0,58819: Operation >> not permitted >> 1 send(209.169.14.26,6277) from 0.0.0.0,38802: Operation not >> permitted >> 1 send(209.169.14.26,6277) from 0.0.0.0,50097: Operation not >> permitted >> 1 send(209.169.14.26,6277) from 0.0.0.0,54544: Operation not >> permitted >> 1 send(209.169.14.26,6277) from 0.0.0.0,39664: Operation not >> permitted >> 1 send(209.169.14.26,6277) from 0.0.0.0,44873: Operation not >> permitted >> 1 send(209.169.14.26,6277) from 0.0.0.0,54422: Operation not >> permitted >> 1 send(209.169.14.26,6277) from 0.0.0.0,60720: Operation not >> permitted >> 1 send(209.169.14.26,6277) from 0.0.0.0,37061: Operation not >> permitted >> 1 send(209.169.14.26,6277) from 0.0.0.0,42555: Operation not >> permitted >> 1 send(209.169.14.26,6277) from 0.0.0.0,42974: Operation not >> permitted >> 1 continue not asking DCC 39 seconds after failure >> 1 send(209.169.14.26,6277) from 0.0.0.0,52199: Operation not >> permitted >> 1 continue not asking DCC 92 seconds after failure >> 1 send(209.169.14.26,6277) from 0.0.0.0,42815: Operation not >> permitted >> 1 send(209.169.14.26,6277) from 0.0.0.0,49225: Operation not >> permitted >> 1 send(209.169.14.26,6277) from 0.0.0.0,34203: Operation not >> permitted >> >> >> ---------------------- Amavisd-new End ------------------------- >> >> Can someone shed some light as to what it means or point me in the >> right direction to where I can learn. I've googled amivsd-new and >> went to http://www.ijs.si/software/amavisd/ but didn't see anything >> that breaks down what I'm seeing. Sorry for my ignorance but I'm >> trying to learn. > > Okay, I've put the port into both udp rules and still I'm getting the > log file messages above. # Allow incoming UDP ports *UDP_IN *= # Allow outgoing UDP ports # To allow outgoing traceroute add 33434:33523 to this list *UDP_OUT *= > Anything else I can do? Am I doing it wrong? I'm not sure where or > how to find my avisd-new config files using putty to deactivate it. I > tried ls -a amisd-new but the file didn't come up. > > ----- > No virus found in this message. > Checked by AVG - www.avg.com > Version: 10.0.1410 / Virus Database: 1520/3912 - Release Date: 09/22/11 > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From jc at info-systems.de Wed Sep 28 23:09:09 2011 From: jc at info-systems.de (Jakob Curdes) Date: Wed, 28 Sep 2011 23:09:09 +0200 Subject: Amavisd-new Error Information In-Reply-To: <4E8389CC.3000400@vanislebc.com> References: <4E7B7704.1090208@vanislebc.com> <4E7B995E.2080205@info-systems.de> <4E8389CC.3000400@vanislebc.com> Message-ID: <4E838CF5.9090903@info-systems.de> Am 28.09.2011 22:55, schrieb Van Isle BC Web Solutions: > # Allow incoming UDP ports > *UDP_IN *= > > # Allow outgoing UDP ports > # To allow outgoing traceroute add 33434:33523 to this list > *UDP_OUT *= I think the firewalling issue is a bit out-of-scope for this list. You cant try to disable the firewall completely, i.e. open it, wait for incoming mail, and see if the result differs from the closed firewall case. If it does, you have a firewall issue. > >> Anything else I can do? Am I doing it wrong? I'm not sure where or >> how to find my avisd-new config files using putty to deactivate it. >> I tried ls -a amisd-new but the file didn't come up. The config file is usually /etc/amavisd.conf . BUT the DCC check is not configured in this config file as it is not called by amavisd directly, rather the check is invoked by spamassassin which in turn is invoked by amavis. Do the following: "locate local.cf" Hopefully you will see one ore several file locations, the actual relevant configuration file should reside in /etc, for my installation it is /etc/mail/spamassassin/local.cf . Once you have found this file, edit it with your favorite editor and check for occurence of a line like use_dcc 1 If you find it, set it to use_dcc 0 If it is not present, add a line use_dcc 0 Now the DCC lookup will be disabled. But please be aware that this reduces the quality of your spam check, the better way would be to check why the DCC server request fails. Probably this would be a task for the consultant who installed and configured the system. Best regards, Jakob Curdes > >> >> ----- >> No virus found in this message. >> Checked by AVG - www.avg.com >> Version: 10.0.1410 / Virus Database: 1520/3912 - Release Date: 09/22/11 >> >> > -------------- next part -------------- An HTML attachment was scrubbed... URL: From mr88talent at gmail.com Thu Sep 29 04:30:37 2011 From: mr88talent at gmail.com (Gary V) Date: Wed, 28 Sep 2011 20:30:37 -0600 Subject: Amavisd-new Error Information In-Reply-To: <4E838CF5.9090903@info-systems.de> References: <4E7B7704.1090208@vanislebc.com> <4E7B995E.2080205@info-systems.de> <4E8389CC.3000400@vanislebc.com> <4E838CF5.9090903@info-systems.de> Message-ID: On 9/28/11, Jakob Curdes wrote: > Am 28.09.2011 22:55, schrieb Van Isle BC Web Solutions: >> # Allow incoming UDP ports >> *UDP_IN *= >> >> # Allow outgoing UDP ports >> # To allow outgoing traceroute add 33434:33523 to this list >> *UDP_OUT *= > I think the firewalling issue is a bit out-of-scope for this list. You > cant try to disable the firewall completely, i.e. open it, wait for > incoming mail, and see if the result differs from the closed firewall > case. If it does, you have a firewall issue. >> >>> Anything else I can do? Am I doing it wrong? I'm not sure where or >>> how to find my avisd-new config files using putty to deactivate it. >>> I tried ls -a amisd-new but the file didn't come up. > The config file is usually /etc/amavisd.conf . > > BUT the DCC check is not configured in this config file as it is not > called by amavisd directly, rather the check is invoked by spamassassin > which in turn is invoked by amavis. Do the following: > > "locate local.cf" > > Hopefully you will see one ore several file locations, the actual > relevant configuration file should reside in /etc, for my installation > it is > /etc/mail/spamassassin/local.cf . > > Once you have found this file, edit it with your favorite editor and > check for occurence of a line like > > use_dcc 1 > > If you find it, set it to > > use_dcc 0 > > If it is not present, add a line > > use_dcc 0 > > Now the DCC lookup will be disabled. But please be aware that this > reduces the quality of your spam check, the better way would be to check > why the DCC server request fails. Probably this would be a task for the > consultant who installed and configured the system. > > Best regards, > Jakob Curdes > Just some notes on DCC and firewall issues: It appears the server listens on port 6277, but the client may use any port >1023 to connect to it and must be able to listen to the reply on any ports >1023. from http://www.dcc-servers.net/dcc/firewall.html DCC client-server traffic consists of UDP packets from arbitrary and usually changing port numbers on the DCC client to port 6277 on the DCC server and packets from port 6277 on the server returning to arbitrary ports on the client. http://www.dcc-servers.net/dcc/FAQ.html#firewall-ports http://wiki.apache.org/spamassassin/UsingDcc You might also try this command useful after making changes: cdcc rtt I believe the servers will greylist you if you connect to it but do not accept the replies. -- Gary V From Ralf.Hildebrandt at charite.de Fri Sep 30 14:09:33 2011 From: Ralf.Hildebrandt at charite.de (Ralf Hildebrandt) Date: Fri, 30 Sep 2011 14:09:33 +0200 Subject: OpenSSL error: data too large for key size Message-ID: <20110930120933.GD22944@charite.de> In my log I'm getting: Sep 30 13:43:18 mail amavis[11001]: (11001-11) dkim: FAILED Author+Sender+MailFrom signature by d=galahotels.com, From: , a=rsa-sha1, c=simple, s=mail, i=promotions at galahotels.com, m.list(ml:http://www.helenemail.com/Unsubscribe.aspx?Email=torsten.xxxxxxier at charite.de&id=5066>,, a=rsa-sha256, c=relaxed/relaxed, s=mail, i=@jobmensa.de, invalid (public key: OpenSSL error: too long) What are those errors? -- Ralf Hildebrandt Gesch?ftsbereich IT | Abteilung Netzwerk Charit? - Universit?tsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebrandt at charite.de | http://www.charite.de From michael.scheidell at secnap.com Fri Sep 30 14:52:00 2011 From: michael.scheidell at secnap.com (Michael Scheidell) Date: Fri, 30 Sep 2011 08:52:00 -0400 Subject: OpenSSL error: data too large for key size In-Reply-To: <20110930120933.GD22944@charite.de> References: <20110930120933.GD22944@charite.de> Message-ID: <4E85BB70.5000703@secnap.com> On 9/30/11 8:09 AM, Ralf Hildebrandt wrote: > In my log I'm getting: > > Sep 30 13:43:18 mail amavis[11001]: (11001-11) dkim: FAILED Author+Sender+MailFrom signature by d=galahotels.com, From: > , a=rsa-sha1, c=simple, s=mail, i=promotions at galahotels.com, > m.list(ml:http://www.helenemail.com/Unsubscribe.aspx?Email=torsten.xxxxxxier at charite.de&id=5066>, fail (OpenSSL error: data too large for key size) > > and > > Sep 30 14:02:00 mail amavis[17575]: (17575-10) dkim: FAILED Author+Sender+MailFrom signature by d=jobmensa.de, From: > , a=rsa-sha256, c=relaxed/relaxed, s=mail, i=@jobmensa.de, invalid (public key: OpenSSL error: too long) > > What are those errors? They are DKIM related. s-, d=: host -t txt mail._domainkey.jobmensa.de compare with mine: looks like maybe their dkim txt record is wrong, formatted incorrectly (or mine is) dkim._domainkey.secnap.com descriptive text "v=DKIM1\; p=" "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC2r6Czgs9w0Ita+6OvGukuzoEF" "cqHsA7DPfM8K8oteWZmdjOql9qC0IN5eTvzM/QSjgXvnOyVzvlisqYNeQmDSldaj" "ikT/Phxm+RANLu4YVeN2QDQ2yPTTXYlxT7AHutkFJeeU4ewn0cVt3Nby2uSQzzjq" "B08snGVF5sKC88WtbwIDAQAB" mail._domainkey.jobmensa.de descriptive text "v=DKIM1\; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsP32lhEtiWosEm7hbI1yk0GX/XLXki4vs5r84+MSILzGwINEOWNXQBVG9X8KiQ17vM7JvhKCaQFDJ16iZ+Aj8C/lO0jePNo3ch0/rij2FuQxZSKx+TOka3gOAeY4hgzt4RPIxE4d0Qfw5i/3h63/wRal6XoJq5OqE+QIO0LxwGXRpMa5fiiEVwWeqmR70FmFUwTFK4NN" -- Michael Scheidell, CTO o: 561-999-5000 d: 561-948-2259 >*| *SECNAP Network Security Corporation * Best Mobile Solutions Product of 2011 * Best Intrusion Prevention Product * Hot Company Finalist 2011 * Best Email Security Product * Certified SNORT Integrator ______________________________________________________________________ This email has been scanned and certified safe by SpammerTrap(r). For Information please see http://www.spammertrap.com/ ______________________________________________________________________ -------------- next part -------------- An HTML attachment was scrubbed... URL: From michael.scheidell at secnap.com Fri Sep 30 15:01:58 2011 From: michael.scheidell at secnap.com (Michael Scheidell) Date: Fri, 30 Sep 2011 09:01:58 -0400 Subject: OpenSSL error: data too large for key size In-Reply-To: <20110930120933.GD22944@charite.de> References: <20110930120933.GD22944@charite.de> Message-ID: <4E85BDC6.3020209@secnap.com> On 9/30/11 8:09 AM, Ralf Hildebrandt wrote: > In my log I'm getting: > > Sep 30 13:43:18 mail amavis[11001]: (11001-11) dkim: FAILED Author+Sender+MailFrom signature by d=galahotels.com, From: > , a=rsa-sha1, c=simple, s=mail, i=promotions at galahotels.com, > m.list(ml:http://www.helenemail.com/Unsubscribe.aspx?Email=torsten.xxxxxxier at charite.de&id=5066>, fail (OpenSSL error: data too large for key size) > > and > > Sep 30 14:02:00 mail amavis[17575]: (17575-10) dkim: FAILED Author+Sender+MailFrom signature by d=jobmensa.de, From: > , a=rsa-sha256, c=relaxed/relaxed, s=mail, i=@jobmensa.de, invalid (public key: OpenSSL error: too long) > > What are those errors? sender has a borked dkim public key. put in 'mail' for selector put in jobmensa.de for domain. -- Michael Scheidell, CTO o: 561-999-5000 d: 561-948-2259 >*| *SECNAP Network Security Corporation * Best Mobile Solutions Product of 2011 * Best Intrusion Prevention Product * Hot Company Finalist 2011 * Best Email Security Product * Certified SNORT Integrator ______________________________________________________________________ This email has been scanned and certified safe by SpammerTrap(r). For Information please see http://www.spammertrap.com/ ______________________________________________________________________ -------------- next part -------------- An HTML attachment was scrubbed... URL: