You can subscribe to this list here.
2002 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
(31) |
Jul
(21) |
Aug
(39) |
Sep
(27) |
Oct
(42) |
Nov
(4) |
Dec
(1) |
---|---|---|---|---|---|---|---|---|---|---|---|---|
2003 |
Jan
|
Feb
(27) |
Mar
(13) |
Apr
(8) |
May
(24) |
Jun
(5) |
Jul
(7) |
Aug
(6) |
Sep
(12) |
Oct
|
Nov
(8) |
Dec
|
2004 |
Jan
(19) |
Feb
(17) |
Mar
(27) |
Apr
(6) |
May
(13) |
Jun
(7) |
Jul
|
Aug
(2) |
Sep
(1) |
Oct
(1) |
Nov
(2) |
Dec
|
2005 |
Jan
(5) |
Feb
(1) |
Mar
(6) |
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
2006 |
Jan
|
Feb
(1) |
Mar
|
Apr
|
May
|
Jun
|
Jul
(6) |
Aug
|
Sep
(6) |
Oct
(1) |
Nov
|
Dec
(2) |
2007 |
Jan
|
Feb
(1) |
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
(2) |
Oct
|
Nov
|
Dec
|
From: Frank <Fra...@no...> - 2007-09-25 11:40:02
|
Hi, I'm new to most of this, but trying to learn, and hence wondering if someone is able to help me with the following: I have a server (Debian Etch) running exim4 as MTA/MDA, and I'm planning on running amavisd-new so I can test an anti-virus plugin. I've set up exim4 absolutely straight, for local delivery, so that I can use f.ex. Evolution to send and receive mail to user@localhost. This is working fine to start with. But - when I install and configure amavisd-new, I can no longer send and receive mail to user@localhost. This happens when I add the following to the exim4 config file, as per the README-eximv-v4 documentation: # instruct Exim to pass all mail using SMTP to amavisd, # except the mail that just came-in back to Exim from amavisd # through the local port 10025, as these messages were already # checked and approved by amavisd amavis: driver = manualroute condition = "${if eq {$interface_port}{10025} {0}{1}}" # if scanning incoming mails, uncomment the following line and # change local_domains accordingly # domains = +local_domains transport = amavis route_list = "* localhost byname" self = send # SMTP transport to be used for the Exim -> amavisd path; # by default amavisd listens on the loopback interface on port 10024 # (amavisd.conf: $inet_socket_port = "10024") amavis: driver = smtp port = 10024 allow_localhost # Tell Exim to accept SMTP also (besides the usual port 25) on the # loopback interface (localhost) on port 10025, which is where # the checked messaged come from amavisd back to Exim # (amavisd.conf: $relayhost = "127.0.0.1"; $relayhost_port = "10025") local_interfaces = 0.0.0.0.25 : 127.0.0.1.10025 In the case of local_interfaces, I just edit out what's allready there, and add the above file: # listen on all all interfaces? #.ifdef MAIN_LOCAL_INTERFACES #local_interfaces = MAIN_LOCAL_INTERFACES #.else #DEBCONFlistenonpublicDEBCONF #.endif local_interfaces = 0.0.0.0.25 : 127.0.0.1.10025 In amavisd.conf, the only changes I've made are these: $daemon_user = 'amavis'; # (no default; customary: vscan or amavis), -u $daemon_group = 'amavis'; # (no default; customary: vscan or amavis), -g $mydomain = 'norman.local'; # a convenient default for other settings I'm not sure of the $mydomain. The machine is just a standalone machine, and it's not really configured with a FQDN. I've tried using @mydomain = 'localhost', but it didn't make any difference. As mentioned, when I'm sending mail to user@localhost, it doesn't appear in the inbox. When I remove the above changes to the exim4 config file (reset the configuration to default, so that there's no routing to amavis), both the old mail (the mail that "disappeared" after adding the above lines) and new mail to user@localhost is received. So the problem if with my amavisd-new configuration, and not exim4. Obviously, I'm missing some important routing or transport config, but I cannot see what, so I'm grateful for any advice. Thanks in advance, -Frank. |
From: Jim D. <jd...@ho...> - 2007-02-03 20:10:03
|
I just installed amavis and clamav and it didn't take long to catch a virus, --------------------- amavis Begin ------------------------ 1 messages checked and passed. 1 virus infected messages were found. 8 spam messages were found. When I look in my Postfix log file Iseee this, Feb 2 17:08:28 cpe-99-99-999-999 postfix/smtp[14675]: B336838C04DA: to=<jian@MYSITE.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=5.7, delays=5.5/0.01/0.01/0.21, dsn=5.7.0, status=bounced (host 127.0.0.1[127.0.0.1] said: 554 5.7.0 Reject, id=03124-11 - VIRUS: HTML.Phishing.Bank-627 (in reply to end of DATA command)) It was so easy to set up I figure I am overlooking something, can someone outline what I should monitor on an ongoing basis... (The ClamAv cron job updates periodically already so I know the virus defs are up to date!) Thanks, Jim _________________________________________________________________ FREE online classifieds from Windows Live Expo buy and sell with people you know http://clk.atdmt.com/MSN/go/msnnkwex0010000001msn/direct/01/?href=http://expo.live.com?s_cid=Hotmail_tagline_12/06 |
From: Mark M. <Mar...@ij...> - 2006-12-22 00:03:19
|
Sebastian, > I have a rather strange question about amavis which you guys hopefully > might be able to answer. Is there a way of changing the way amavis > splits up mails to different parts? > The reason why I am asking is I would like to test the behaviour > of a particular virus scanner when it comes to special file names. > Consider the following example (excerpt from a test mail): > Message-Id: <20061218221543.94B527ED5@localhost.localdomain> > Content-Disposition: attachment; filename="test1234.jpg" > What I need to do is to pass on the *exact* filename as defined in this > section (here: test1234.jpg) to the virus scanner (without any tampering > by amavis). Is there any way to make amavis behave like this? I'll try to answer for amavisd-new: when mail is split up to parts, these parts are stored to files with generated names, regardless of what the 'suggested' file name in MIME type or archive member name says. These generated filenames are always named p001, p002, etc, which is also what each virus scanner sees. The original (suggested) file names in all their forms are available for 'banned' checks, but are never given to AV or spam scanners in their original form. I guess this is not the answer you are looking for. It is currently not possible with amavisd-new to give original file names to decoded parts (without modifying code) - for various reasons: there may be multiple possible file names available for each part (e.g. MIME: 'filename' and 'name' attributes), there may be a raw as well as encoded file name interpretations, or suggested file name may not be representable on a given file system (e.g. too long or using 'reserved' characters like '/' or null, which could be misinterpreted by a virus scanner). One reason is also security, although this one is less important now when there is no chance a shell would see decoded parts. Mark |
From: Sebastian W. <seb...@wo...> - 2006-12-21 22:16:14
|
Hi, I have a rather strange question about amavis which you guys hopefully might be able to answer. Is there a way of changing the way amavis splits up mails to different parts? The reason why I am asking is I would like to test the behaviour of a particular virus scanner when it comes to special file names. Consider the following example (excerpt from a test mail): [ ... ] Message-Id: <20061218221543.94B527ED5@localhost.localdomain> This is a multi-part message in MIME format. --_----------=_116673842188290 Content-Disposition: inline Content-Length: 16 Content-Transfer-Encoding: binary Content-Type: text/plain Test JPG --_----------=_116673842188290 Content-Disposition: attachment; filename="test1234.jpg" [ ... ] What I need to do is to pass on the *exact* filename as defined in this section (here: test1234.jpg) to the virus scanner (without any tampering by amavis). Is there any way to make amavis behave like this? Thank you very much. Best regards, Sebastian Wolfgarten |
From: Xavier <am...@as...> - 2006-10-07 15:50:28
|
Hi, I'm a Postfix+Amavis administrator for a big company. Since we use only OpenOffice.org, I'd like to build a macro deletion plugin with OpenOffice::OODoc to erase any risk. To be sure to erase all macro even if the file is in a zip, I would like to know if it's possible to build a plugin in Amavis to do it. Else, I've to build a SMTP Proxy that decode MIME and uncompress archives like Amavis. Thanks, Xavier __END__ |
From: Tapani T. <tt...@it...> - 2006-09-12 11:58:10
|
On Fri, Sep 08, 2006 at 04:02:33PM +0200, Mark Martinec (Mar...@ij...) wrote: > > if you have $defang_spam = 0; $defang_bad_header = 1; > > the message will *not* be defanged if it is > > classified as spam, even though it has bad header. > I'll make the change, it will be in 2.4.3-rc1, expected in > a couple of days. Please test it then. After an hour in a test server and a sample of test messages, I can report that it seems to work just the way I wanted, at least in the configuration I'm using. (Also, setting %defang_by_ccat explicitly as you suggested works exactly as it should - the problem I had with it earlier was this same unintuitive behaviour.) Thank you! -- Tapani Tarvainen |
From: Tapani T. <tt...@it...> - 2006-09-10 15:12:32
|
On Sun, Sep 10, 2006 at 02:36:26AM +0200, Mark Martinec (Mar...@ij...) wrote: > > I'd like to defang only > > certain categories of bad header, not all of them. > The mechanism is already provided (one needs to directly > adjust %defang_by_ccat), I tried to do that but it didn't work... hmm, could be it would've worked but for the $defang_spam/$defang_bad_header conflict. > details in interpretation will be fixed in 2.4.3-rc1. Or perhaps I stumbled on some such detail. Whatever: > Here is an example setting that does > what you want (in -rc1): Looks great - thank you! I can barely wait for -rc1 to come out... -- Tapani Tarvainen |
From: Mark M. <Mar...@ij...> - 2006-09-10 00:36:45
|
Tapani, > While at it, I'd like to suggest an enhancement relating > to the same piece of code: I'd like to defang only > certain categories of bad header, not all of them. > > Specifically, I'd like to defang messages with bad > control characters (especially CR) in header, but not > messages with non-encoded 8-bit characters in there > (other cases could go either way). > (The former cause trouble with our internal mail > system (Cyrus), the latter are still way too common in > non-English messages from systems that don't obey RFC2047, > notably including hotmail.) > > Here I'd be happy with setting that'd defang messages > if $minor_badh_category is at least given value - > perhaps simply the value of $defang_bad_header, so that > $defang_bad_header=3 would do what I want. > (Better yet would be an array to specify exactly which > minor categories should be defanged.) > > What do you think? The mechanism is already provided (one needs to directly adjust %defang_by_ccat), details in interpretation will be fixed in 2.4.3-rc1. Here is an example setting that does what you want (in -rc1): # minor categories to CC_BADH: # 0: other, 1: bad MIME, 2: 8-bit char, 3: NUL/CR, 4: whitespace line, # 5: long line, 6: syntax, 7: missing req. field, 8: multiple field #$defang_by_ccat{&CC_BADH.",1"} = 1; # bad MIME syntax #$defang_by_ccat{&CC_BADH.",2"} = 1; # non-encoded 8-bit character $defang_by_ccat{&CC_BADH.",3"} = 1; # NUL or CR #$defang_by_ccat{&CC_BADH.",4"} = 1; # all-whitespace line #$defang_by_ccat{&CC_BADH.",5"} = 1; # long header line $defang_by_ccat{&CC_BADH.",6"} = 1; # header field syntax error #$defang_by_ccat{&CC_BADH.",7"} = 1; # missing required field #$defang_by_ccat{&CC_BADH.",8"} = 1; # multiple field where at most one allowed $defang_by_ccat{&CC_BADH} = 0; # turn off for CC_BADH,* Mark |
From: Tapani T. <tt...@it...> - 2006-09-09 03:35:32
|
On Fri, Sep 08, 2006 at 04:02:33PM +0200, Mark Martinec (Mar...@ij...) wrote: > > if you have $defang_spam = 0; $defang_bad_header = 1; > > the message will *not* be defanged if it is > > classified as spam, even though it has bad header. [...] > Hmm, it works as was intended, but I admit that it doesn't > do what would be natural for your purpose. > I'll make the change, it will be in 2.4.3-rc1, expected in > a couple of days. Please test it then. I will, thanks! While at it, I'd like to suggest an enhancement relating to the same piece of code: I'd like to defang only certain categories of bad header, not all of them. Specifically, I'd like to defang messages with bad control characters (especially CR) in header, but not messages with non-encoded 8-bit characters in there (other cases could go either way). (The former cause trouble with our internal mail system (Cyrus), the latter are still way too common in non-English messages from systems that don't obey RFC2047, notably including hotmail.) Here I'd be happy with setting that'd defang messages if $minor_badh_category is at least given value - perhaps simply the value of $defang_bad_header, so that $defang_bad_header=3 would do what I want. (Better yet would be an array to specify exactly which minor categories should be defanged.) What do you think? -- Tapani Tarvainen |
From: Mark M. <Mar...@ij...> - 2006-09-08 14:02:49
|
Tapani, > There is a bug in amavisd-new (2.4.2) in the way > defang conditions are handled. For example, > if you have $defang_spam = 0; $defang_bad_header = 1; > the message will *not* be defanged if it is > classified as spam, even though it has bad header. > Looking at the code the reason is obvious: ... > Because spam is more important category than bad header, > if the message is classified as spam and $defang_spam=0, > the bad header won't even be considered in making the > defanging decision. > Same applies with any other defang categories: you can't > reliably defang spam without defanging (or discarding) > banned and viruses, for example. Hmm, it works as was intended, but I admit that it doesn't do what would be natural for your purpose. I'll make the change, it will be in 2.4.3-rc1, expected in a couple of days. Please test it then. Regards Mark |
From: Tapani T. <tt...@it...> - 2006-09-05 13:15:35
|
There is a bug in amavisd-new (2.4.2) in the way defang conditions are handled. For example, if you have $defang_spam = 0; $defang_bad_header = 1; the message will *not* be defanged if it is classified as spam, even though it has bad header. Looking at the code the reason is obvious: if (!$msginfo->setting_by_contents_category(cr('defang_by_ccat'))) { # no defanging } else { ... Because spam is more important category than bad header, if the message is classified as spam and $defang_spam=0, the bad header won't even be considered in making the defanging decision. Same applies with any other defang categories: you can't reliably defang spam without defanging (or discarding) banned and viruses, for example. -- Tapani Tarvainen |
From: Vincenzo M. <vin...@re...> - 2006-07-18 17:28:52
|
Lars Hecking wrote: [...] > User level/configuration problems are outside the scope of this mailing > list. That's what amavis-users is for. > > amavis-perl/amavisd is quite dead. I suggest you use amavisd-new. ooops, ok, thanks, however vincenzo -- Vincenzo Martiello -- vin...@re... ------------------------------------------------------------- Regione Toscana - Tel:+39 055 4383247 - Fax:+39 055 4383195 -Direzione Generale Organizzazione e Sistema Informativo -Settore Infrastrutture e Tecnologie per lo sviluppo dell'Amministrazione Elettronica Via di Novoli, 26 - 50127 Firenze (Italy) |
From: Lars H. <lhe...@us...> - 2006-07-18 17:16:34
|
> when i restart sendmail/amavis i found this error in amavis.log: User level/configuration problems are outside the scope of this mailing list. That's what amavis-users is for. amavis-perl/amavisd is quite dead. I suggest you use amavisd-new. |
From: Vincenzo M. <vin...@re...> - 2006-07-18 17:13:28
|
environment: ------------ Linux mercurio.regione.toscana.it 2.4.21-37.ELsmp #1 SMP Wed Sep 7 13:28:55 EDT 2005 i686 i686 i386 GNU/Linux sendmail Version 8.13.6 amavisd-0.1 clamav-0.88.3-1 ------------ Hi all, i have activate clamav support in amavis (configure, make and make install terminate without error) when i restart sendmail/amavis i found this error in amavis.log: --- Jul 18 18:27:46 mercurio.regione.toscana.it amavisd[4211]: /var/amavis/amavis-milter-XXSMWUbA/parts: lstat() failed. ERROR Jul 18 18:27:46 mercurio.regione.toscana.it amavisd[4211]: Virus scanner failure: ScannerDaemon - UNKNOWN STATUS (error code: /var/amavis/amavis-milter-XXSMWUbA/parts: lstat() failed. ERROR) --- i get the error only with clamav because the other AV, commercial f-secure, works fine with amavis any idea? below the complete log... thanks, vincenzo ------------ Jul 18 18:27:44 mercurio.regione.toscana.it amavisd[4211]: /var/amavis/amavis-milter-XXSMWUbA: from=<<it_...@we...>>, to=<<hid...@re...>> Jul 18 18:27:44 mercurio.regione.toscana.it amavisd[4211]: Using clamav Jul 18 18:27:46 mercurio.regione.toscana.it amavisd[4211]: /var/amavis/amavis-milter-XXSMWUbA/parts/msg-4211-1.html: OK Jul 18 18:27:46 mercurio.regione.toscana.it amavisd[4211]: Using clamd Jul 18 18:27:46 mercurio.regione.toscana.it amavisd[4211]: /var/amavis/amavis-milter-XXSMWUbA/parts: lstat() failed. ERROR Jul 18 18:27:46 mercurio.regione.toscana.it amavisd[4211]: Virus scanner failure: ScannerDaemon - UNKNOWN STATUS (error code: /var/amavis/amavis-milter-XXSMWUbA/parts: lstat() failed. ERROR) Jul 18 18:27:46 mercurio.regione.toscana.it amavisd[4211]: Using /opt/f-secure/fsav/bin/fsav Jul 18 18:27:47 mercurio.regione.toscana.it amavisd[4211]: F-Secure Anti-Virus for Linux Gateways version 4.64 build 4330 Jul 18 18:27:47 mercurio.regione.toscana.it amavisd[4211]: do_exit:478 - ending execution with 0 ------------ -- Vincenzo Martiello -- vin...@re... ------------------------------------------------------------- Regione Toscana - Tel:+39 055 4383247 - Fax:+39 055 4383195 -Direzione Generale Organizzazione e Sistema Informativo -Settore Infrastrutture e Tecnologie per lo sviluppo dell'Amministrazione Elettronica Via di Novoli, 26 - 50127 Firenze (Italy) |
From: Vincenzo M. <vin...@re...> - 2006-07-18 16:52:01
|
Lars Hecking wrote: >>------------------ >>gcc -DHAVE_CONFIG_H -I. -I. -I.. >>-I/usr/local/src/sendmail-8.13.6/include -g -O2 -pthread -c `test -f >>amavis-milter.c || echo './'`amavis-milter.c >>amavis-milter.c:58: redefinition of `bool' > > > Just remove this definition of bool. great! now the make works without errors... after "make install" (without errors) and restarting sendmail/amavis i have another problem, but for this i open a new thread thanks!!! vincenzo -- Vincenzo Martiello -- vin...@re... ------------------------------------------------------------- Regione Toscana - Tel:+39 055 4383247 - Fax:+39 055 4383195 -Direzione Generale Organizzazione e Sistema Informativo -Settore Infrastrutture e Tecnologie per lo sviluppo dell'Amministrazione Elettronica Via di Novoli, 26 - 50127 Firenze (Italy) |
From: Lars H. <lhe...@us...> - 2006-07-18 08:41:52
|
> ------------------ > gcc -DHAVE_CONFIG_H -I. -I. -I.. > -I/usr/local/src/sendmail-8.13.6/include -g -O2 -pthread -c `test -f > amavis-milter.c || echo './'`amavis-milter.c > amavis-milter.c:58: redefinition of `bool' Just remove this definition of bool. |
From: Vincenzo M. <vin...@re...> - 2006-07-17 19:10:59
|
environment: ------------ Linux servermail.regione.toscana.it 2.4.21-37.ELsmp #1 SMP Wed Sep 7 13:28:55 EDT 2005 i686 i686 i386 GNU/Linux sendmail Version 8.13.6 amavisd-0.1 ------------ on the server, just operative (amavisd-0.1 compiled last time with sendmail-8.12.10 without error), i have added clamav; then i must recompile amavis to activate clamav support configure step is OK and it ends without error; but make gives this message ------------------ gcc -DHAVE_CONFIG_H -I. -I. -I.. -I/usr/local/src/sendmail-8.13.6/include -g -O2 -pthread -c `test -f amavis-milter.c || echo './'`amavis-milter.c amavis-milter.c:58: redefinition of `bool' /usr/local/src/sendmail-8.13.6/include/libmilter/mfapi.h:84: `bool' previously declared here ------------------ someone has had the same problem? below the complete log... ------------------ [root@servermail amavisd-0.1]# make make all-recursive make[1]: Entering directory `/usr/local/src/amavisd-0.1' Making all in amavis make[2]: Entering directory `/usr/local/src/amavisd-0.1/amavis' source='amavis-milter.c' object='amavis-milter.o' libtool=no \ depfile='.deps/amavis-milter.Po' tmpdepfile='.deps/amavis-milter.TPo' \ depmode=gcc3 /bin/sh ../depcomp \ gcc -DHAVE_CONFIG_H -I. -I. -I.. -I/usr/local/src/sendmail-8.13.6/include -g -O2 -pthread -c `test -f amavis-milter.c || echo './'`amavis-milter.c amavis-milter.c:58: redefinition of `bool' /usr/local/src/sendmail-8.13.6/include/libmilter/mfapi.h:84: `bool' previously declared here make[2]: *** [amavis-milter.o] Error 1 make[2]: Leaving directory `/usr/local/src/amavisd-0.1/amavis' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/usr/local/src/amavisd-0.1' make: *** [all] Error 2 [root@servermail amavisd-0.1]# ------------------ |
From: Roman H. <rom...@gm...> - 2006-02-13 12:27:15
|
Hello, everyone! I started to write a patch for amavis in order to pass corectly messages, created by broken php-mailers which send messages with raw 8-bit data the main idea is that the patch is trying to guess encoding for raw 8-bit data in header and encodes it with method specified in hdr_encoding_qb whatever it's possible. for now it's somehow working and changing headers, but the problem I have encountered is that headers, changed by my code are unseen by spamassassin (i.e it's processing original headers) and messages get high points, but the final message comes with modified by my code headers. i putted my code just before call to check_header_validity if ($recode_modifies_headers) { my($curr_head); for my $next_head (@{$msginfo->orig_header}, "\n") { if ($next_head =3D~ /^[ \t]/) { $curr_head .=3D $next_head; # folded } else { # new header if (defined($curr_head)) { # obsolete rfc822 syntax allowed whitespace before colon my($field_name, $field_body) =3D $curr_head =3D~ /^([!-9;-\176]+)[ \t]*:(.*)\z/s ? ($1, $2) : (undef, $curr_head); if ($field_body =3D~ /^(.*?)([\200-\377])(.*)\z/s and $field_name = !~ /^X-/) { # header data contains 8-bit headers do_log(4, "RECODE: detected 8-bit data: '$field_body' in '$field_name' header"); # detect charset my $charset =3D Lingua::DetectCharset::Detect($field_body); my ($t1,$t2); if (($charset eq 'KOI' and $charset =3D 'koi8-r') or ($charset eq 'WIN' and $charset =3D 'windows-1251')) { my($hdr_edits) =3D $msginfo->header_edits; if (!$hdr_edits) { $hdr_edits =3D Amavis::Out::EditHeader->new; $msginfo->header_edits($hdr_edits); } my($qb) =3D c('hdr_encoding_qb'); # does not help. subj still gets ecnoded 0A # on 01.02.06 added /g. see if it helps $field_body =3D~ s/\r//g; if (uc($qb) eq 'Q') { if ($field_name =3D~ /^from|to|cc|bcc|reply-to$/i and $field_bo= dy =3D~ /(.+)\s*</) { $t1 =3D $1; $t2 =3D q_encode($t1, $qb, $charset); $field_body =3D~ s/$t1/$t2/; } else { $field_body =3D q_encode($field_body, $qb, $charset); } } elsif (uc($qb) eq 'B') { if ($field_name =3D~ /^from|to|cc|bcc|reply-to$/i and $field_bo= dy =3D~ /(.+)\s*</) { $t1 =3D $1; $t2 =3D q_encode($t1, $qb, $charset); $field_body =3D~ s/$t1/$t2/; } else { $field_body =3D MIME::Words::encode_mimeword($field_body, $qb, $charset); } } else { # someone specified unknown encoding. skip encoding next; } $hdr_edits->delete_header("$field_name"); $hdr_edits->append_header("$field_name", "$field_body"); } } } last if $next_head eq $eol; # end-of-header reached $curr_head =3D $next_head; } } } if (grep {!lookup(0,$_,@{ca('bypass_header_checks_maps')})} @recips) { # rest of code could someone point a way to somehow "flush" my changes to a messages after those modifications? -- ...WBR, Roman Hlynovskiy |
From: Mark M. <Mar...@ij...> - 2005-03-31 20:53:44
|
Benoit, > But why the hell is an open source product having the same stupid problem? > Wouldn't it be possible to get Amavis also to either reject SPAM/Viruses > during the SMTP Handshake and thus not cause bounces or just silently drop > those messages? > It just does not make sense to notify the owners of fake sender addresses > that somebody abused that address to send email. As far as rejecting (vs. bouncing) is concerned, content filters fall into two main categories. In Postfix parlance these are pre-queue or post-queue filters. Sendmail milter and Postfix smtp proxy are examples of a pre-queue content filter setup which allows for the original SMTP session to REJECT the mail. Postfix 'content_filter' setup is a post-queue filter, which can no longer REJECT mail, because the original SMTP session is no longer around. It can only bounce or discard or deliver the mail. While the pre-queue content filtering has a definitive advantage in that it can reject mail, it also has serious performance/stability drawbacks when non-lightweight content filters are used in anything above a SOHO site, e.g. when spam scanning with SA is enabled, or when command-line virus scanners are used (vs. daemonized scanners, which are faster). The issues are explained in the Postfix documentation: README_FILES/CONTENT_INSPECTION_README, and also discussed in the http://www.ijs.si/software/amavisd/README.sendmail-dual In principle amavisd-new can be used as a pre-queue or a post-queue content filter, but in reality the pre-queue setup is strongly discouraged for the system stability reasons, except perhaps for small/home sites. That leaves us a choice or bouncing or discarding (or delivering) malware. It is clearly undesirable to bounce (i.e. generate a non-delivery notifications) on faked sender address, as commonly used by viruses or spam nowadays. To prevent undesired bounces, amavisd-new allows to DISCARD malware outright (possibly quarantining it), but also possesses two softer mechanisms to suppress DSN, even if bouncing is configured, which is a default. These mechanisms are: - bounce is suppressed if virus is know to fake the sender address. This is _always_ true by default since version amavisd-new-20030616-p8, which is more than a year old by now. In older versions, the list of virus names used to be adjusted to new threats, but this turned out to be too slow, and was abandoned; - bouncing spam is suppressed if spam scores above sa_dsn_cutoff_level, the recommended value (in the docs) is 10. This feature became available in the same version (March 9 2004), a year ago. So if you see a bounce from amavisd-new to a virus, this in almost all the cases means the site uses an ancient version of the software. As there is no self-destruct mechanism built into the package, there is nothing one can do about it, except to urge each site to upgrade. A bounce to a spam with versions amavisd-new-20030616-p8 and later indicates the spam score is within a score window above kill_level and below sa_dsn_cutoff_level. This window includes genuine mail which happened to be false positives, but unfortunately also some lower-level spam. Adjusting/narrowing the window is up to site administrator and recent spam trends, and is necessarily only a more or less good compromise between loosing genuine mail and genering some spam bounces. I'll consider lowering the sa_dsn_cutoff_level even further for the next release. Mark |
From: Craig K. <in...@is...> - 2005-03-31 15:35:49
|
On Thu, 31 Mar 2005, Benoit Panizzon wrote: > But why the hell is an open source product having the same stupid > problem? Wouldn't it be possible to get Amavis also to either reject > SPAM/Viruses during the SMTP Handshake and thus not cause bounces or > just silently drop those messages? It just does not make sense to notify > the owners of fake sender addresses that somebody abused that address to > send email. This is an issue with SMTP configuration. The administrator can choose whichever behavior they would prefer. Amavis defaults to 'off' for notifiy sender as well; it must be enabled by the administrator. -- Craig Kelley -- ink -=at=- islug -=dot=- org http://inconnu.islug.org/~ink finger same server for PGP block |
From: Lars H. <lhe...@us...> - 2005-03-31 15:21:07
|
> If you use Postfix on your site, see=20 > http://www.t29.dk/header_check_notes.php. 1) Can you kindly refrain from posting html. 2) Unfortunately, I have no control over the company email system. |
From: <pe...@ly...> - 2005-03-31 14:55:44
|
Lars Hecking a =E9crit : >>These are: >>- Microsoft Exchange Servers. >>- Amavis-New Servers. >> >>That you can't change exchange that is clear. This is the way Microsoft= wants=20 >>them to work :-( >> >>But why the hell is an open source product having the same stupid probl= em?=20 >>Wouldn't it be possible to get Amavis also to either reject SPAM/Viruse= s=20 >>during the SMTP Handshake and thus not cause bounces or just silently d= rop=20 >>those messages? >> =20 >> > > I can only agree. During a typical virus outbreak, I used to get thousa= nds > of virus reports, and I get emails from amavisd-new setups frequently. = A > lot of them seem to live in Brasil. > =20 > If you use Postfix on your site, see=20 http://www.t29.dk/header_check_notes.php. --=20 Guillaume Perr=E9al. Responsable informatique, Cemagref, groupement de Lyon, France. T=E9l: (+33) 4.72.20.87.87. Fax: (+33) 4.78.47.78.75. Site: http://www.lyon.cemagref.fr/ Jabber: pe...@ly... |
From: Lars H. <lhe...@us...> - 2005-03-31 08:41:25
|
> These are: > - Microsoft Exchange Servers. > - Amavis-New Servers. > > That you can't change exchange that is clear. This is the way Microsoft wants > them to work :-( > > But why the hell is an open source product having the same stupid problem? > Wouldn't it be possible to get Amavis also to either reject SPAM/Viruses > during the SMTP Handshake and thus not cause bounces or just silently drop > those messages? I can only agree. During a typical virus outbreak, I used to get thousands of virus reports, and I get emails from amavisd-new setups frequently. A lot of them seem to live in Brasil. |
From: Benoit P. <ben...@im...> - 2005-03-31 08:30:02
|
Hi Amavis Coders Unfortunately my domain often seams to get abused by spamers and viruses wh= o=20 send emails. Now for most mailserver this does not seam to be a problem as they often us= e=20 milters like MIMEDefang and reject such mails during SMTP Handshake, not=20 causing bounces. Unfortunately there seam to be two types of installation who first store th= e=20 email, scan it afterwards and in case of Viruses of Spam, bounce it to the= =20 sender address found in that email which I would assume is 100% fake. These are: =2D Microsoft Exchange Servers. =2D Amavis-New Servers. That you can't change exchange that is clear. This is the way Microsoft wan= ts=20 them to work :-( But why the hell is an open source product having the same stupid problem?= =20 Wouldn't it be possible to get Amavis also to either reject SPAM/Viruses=20 during the SMTP Handshake and thus not cause bounces or just silently drop= =20 those messages? It just does not make sense to notify the owners of fake sender addresses t= hat=20 somebody abused that address to send email. Well, at least amavis, contrary to M$ EXCH includes the full header of the= =20 original message, so I'm able to report the original messages to spamcop an= d=20 even set up spamassassin filters if the same IP shows up a lot... Regards =2D-=20 Beno=EEt Panizzon, <bp...@im...> =2D----------------------------------------------------------------------- ImproWare AG, UNIXSP & ISP Phone: +41 61 826 93 00 Zurlindenstrasse 29 Fax: +41 61 826 93 01 CH-4133 Pratteln Net: http://www.imp.ch/ =2D----------------------------------------------------------------------- |
From: Paul S. <pa...@am...> - 2005-02-15 16:26:00
|
I've been trying to get amavisd-new (milter setup) working ever since I attempted to upgrade an older version (big mistake i wish i hadn't now). I want to be doing milter, and everything looks to be in order, except that it isn't, and amavis is failing with this error: Feb 14 20:33:42 mordor amavis[38765]: (38765) mail_via_smtp: 450 4.4.1 Can't con nect to 127.0.0.1 port 10025, Connection refused at /usr/local/sbin/amavisd line 3761, <GEN2> line 517., id=38765 why is amavis trying to communicate with some port 10025, when it shoudl be using milter and all local sockets besides? I have the /var/amavis/use.milter file in place... is that even required anymore? It's not mention anywhere in the current documentation but niether is how to force amavisd-new into milter mode. I've got a lot of people getting infected with various nasty things by the minute. Any insights would be greatly appreciated. -- Paul Schiro Sr. Systems Engineer American Select Insurance Management Corporation 274 Union Blvd Ste. 450 Lakewood, CO 80228 <ps...@am...> Ph: 303-295-7577 Cel: 720-280-7023 |