Discussion:
amavis-spamassassin not working
Haines Brown
2005-01-21 16:05:39 UTC
Permalink
I've got amavisd-new 20050616p10-5 working with clamAV,
but not with spamassassin 3.0.2-1. I can use a spamassassin
command to tag a known spam file, but can't get amavis to
use spamc do it automatically for incoming messages.

I understand that amavis will use perl scripts and not
spamd. However, I have spamd running in the background.
Does that do any harm? Can I disable spamd without also
disabling spamassassin?

I gather that amavis and spamassassin should more or less
run out of the box. I put in /etc/amavis/amavis.conf:

$sa_local_tests_only = 0;
$sa_mydomain = `hartford-hwp.com';
$sa_mailfrom_notify_spamadmin = "***@hartford-hwp.com";
$spam_quarantine_to - `/var/lib/amavis/spammails/';

Incoming mail is not tagged, and nothing ends up in
/var/lib/amavis/spammails, and mail.log is only reporting
viruses. When I run spamassassin as root, it creates a
~/.spamassassin/ directory for user, although it is owned by
root.

When I do:

# spam assassin --lint -D

The debug report off hand seems ok. For example, at the end
is:

debug: is spam? score=-1.053 required=5
debug: tests=ALL_TRUSTED,MISSING_DATE,MISSING_SUBJECT,
NO_REAL_NAME
debug: subtests=__HAS_MSGID,__MSGID_OK_DIGITS,__MSGID_
OK_HOST,__SANE_MSGID,__UNUSABLE_MSGID

But while spamassassin is apparently working, I don't know
how to tell amavis to use spamc.

Haines Brown


-------------------------------------------------------
This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
Tool for open source databases. Create drag-&-drop reports. Save time
by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
Download a FREE copy at http://www.intelliview.com/go/osdn_nl
_______________________________________________
AMaViS-user mailing list
AMaViS-***@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
Daniel Luttermann
2005-01-21 16:26:17 UTC
Permalink
Hi Haines,
Post by Haines Brown
I've got amavisd-new 20050616p10-5 working with clamAV,
but not with spamassassin 3.0.2-1. I can use a spamassassin
command to tag a known spam file, but can't get amavis to
use spamc do it automatically for incoming messages.
I understand that amavis will use perl scripts and not
spamd. However, I have spamd running in the background.
Does that do any harm? Can I disable spamd without also
disabling spamassassin?
spamd is not needed because amavisd calls sa directly so you can
disable spamd.
Post by Haines Brown
I gather that amavis and spamassassin should more or less
$sa_local_tests_only = 0;
$sa_mydomain = `hartford-hwp.com';
$spam_quarantine_to - `/var/lib/amavis/spammails/';
SA is detected automatically by amavisd if installed. Run "amavisd
debug" or look in your mail log to see if sa is detected by amavisd.
If sa is detected you can run "amavisd debug-sa" to see an debug
output for spamassassin.

Where does the setting "$sa_mydomain" come from? Have you insert this
setting yourself? It's not a standard amavisd setting. Your local
domain is defined in "$mydomain" in amavisd.conf.
Post by Haines Brown
Incoming mail is not tagged, and nothing ends up in
/var/lib/amavis/spammails, and mail.log is only reporting
viruses. When I run spamassassin as root, it creates a
~/.spamassassin/ directory for user, although it is owned by
root.
Make sure you've defined proper setting in amavisd.conf. Mail is
tagged if score of an email is higher than $sa_tag_level_deflt.
For testing you can set this to $sa_tag_level_deflt = -999
And set your local domain in $mydomain. Run "amavisd debug-sa" for
debugging. For detailed configurations and tips read more at
http://www.ijs.si/software/amavisd/#faq-spam
Post by Haines Brown
# spam assassin --lint -D
The debug report off hand seems ok. For example, at the end
debug: is spam? score=-1.053 required=5
debug: tests=ALL_TRUSTED,MISSING_DATE,MISSING_SUBJECT,
NO_REAL_NAME
debug: subtests=__HAS_MSGID,__MSGID_OK_DIGITS,__MSGID_
OK_HOST,__SANE_MSGID,__UNUSABLE_MSGID
But while spamassassin is apparently working, I don't know
how to tell amavis to use spamc.
It's not needed to tell it amavisd because amavisd call sa directly.





-------------------------------------------------------
This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
Tool for open source databases. Create drag-&-drop reports. Save time
by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
Download a FREE copy at http://www.intelliview.com/go/osdn_nl
_______________________________________________
AMaViS-user mailing list
AMaViS-***@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
Gary Verchick
2005-01-21 17:53:15 UTC
Permalink
Hello Daniel,
Post by Daniel Luttermann
Hi Haines,
Post by Haines Brown
I've got amavisd-new 20050616p10-5 working with clamAV,
but not with spamassassin 3.0.2-1. I can use a spamassassin
command to tag a known spam file, but can't get amavis to
use spamc do it automatically for incoming messages.
I understand that amavis will use perl scripts and not
spamd. However, I have spamd running in the background.
Does that do any harm? Can I disable spamd without also
disabling spamassassin?
spamd is not needed because amavisd calls sa directly so you can
disable spamd.
Post by Haines Brown
I gather that amavis and spamassassin should more or less
$sa_local_tests_only = 0;
$sa_mydomain = `hartford-hwp.com';
$spam_quarantine_to - `/var/lib/amavis/spammails/';
SA is detected automatically by amavisd if installed. Run "amavisd
debug" or look in your mail log to see if sa is detected by amavisd.
If sa is detected you can run "amavisd debug-sa" to see an debug
output for spamassassin.
Where does the setting "$sa_mydomain" come from? Have you insert this
setting yourself? It's not a standard amavisd setting. Your local
domain is defined in "$mydomain" in amavisd.conf.
Post by Haines Brown
Incoming mail is not tagged, and nothing ends up in
/var/lib/amavis/spammails, and mail.log is only reporting
viruses. When I run spamassassin as root, it creates a
~/.spamassassin/ directory for user, although it is owned by
root.
Make sure you've defined proper setting in amavisd.conf. Mail is
tagged if score of an email is higher than $sa_tag_level_deflt.
For testing you can set this to $sa_tag_level_deflt = -999
And set your local domain in $mydomain. Run "amavisd debug-sa" for
debugging. For detailed configurations and tips read more at
http://www.ijs.si/software/amavisd/#faq-spam
Post by Haines Brown
# spam assassin --lint -D
The debug report off hand seems ok. For example, at the end
debug: is spam? score=-1.053 required=5
debug: tests=ALL_TRUSTED,MISSING_DATE,MISSING_SUBJECT,
NO_REAL_NAME
debug: subtests=__HAS_MSGID,__MSGID_OK_DIGITS,__MSGID_
OK_HOST,__SANE_MSGID,__UNUSABLE_MSGID
But while spamassassin is apparently working, I don't know
how to tell amavis to use spamc.
It's not needed to tell it amavisd because amavisd call sa directly.
In addition:

I believe you can disable spamd by editing /etc/default/spamassassin
and changing ENABLED=1 to ENABLED=0

Also make sure @bypass_spam_checks_acl is commented out or
otherwise configured correctly.

Make sure your amavis user owns all the amavis subdirectories and the
files contained therin:

chown -R amavis:amavis /var/lib/amavis

As a test, you may want to try the default of:
$spam_quarantine_to = 'spam-quarantine';
which will place the quarantined files in $QUARANTINEDIR
which on a Debian system by default is:
$QUARANTINEDIR = '/var/lib/amavis/virusmails';
Yes, spam and viruses will be mixed.

This is a typo, but maybe just in your email:
$spam_quarantine_to - `/var/lib/amavis/spammails/';
^



-------------------------------------------------------
This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
Tool for open source databases. Create drag-&-drop reports. Save time
by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
Download a FREE copy at http://www.intelliview.com/go/osdn_nl
_______________________________________________
AMaViS-user mailing list
AMaViS-***@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
Haines Brown
2005-01-22 01:47:52 UTC
Permalink
Post by Haines Brown
I've got amavisd-new 20050616p10-5 working with clamAV,
but not with spamassassin 3.0.2-1. I can use a spamassassin
command to tag a known spam file, but can't get amavis to
use spamc do it automatically for incoming messages.
I think I may have it working. The problem seems to be that amavis
upgraded and replaced my configuration file with one belonging to root
rather than to amavis. I should have been more alert to this because I
had the same problem with spamassassin.

Im etc/amavis/amavis.conf, I had the following:

$spam_quarantine_to = 'spam-quarantine';

It turns out that this appends spam messages to a "spam-quarantine"
file in /var/lib/amavis. I want instead to place the spam messages
into a directory, similar to what now happens to virus infected
messages. So I tried:

$spam_quarantine_to = `/var/lib/amavis/spammails';

It had no effect. Should it have worked?

Also I have

$sa_tag_level_default = -999;

I got the impression this would tag ALL messages, regardless of the
whether they are ham or spam. But no, the only messages that get
tagged are those which score at least 5.0 and consequently end up in
the "spam-quarantine" file. Am I misunderstanding
sa_tag_level_default?

Haines Brown


-------------------------------------------------------
This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
Tool for open source databases. Create drag-&-drop reports. Save time
by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
Download a FREE copy at http://www.intelliview.com/go/osdn_nl
_______________________________________________
AMaViS-user mailing list
AMaViS-***@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
Gary Verchick
2005-01-22 04:40:23 UTC
Permalink
Post by Haines Brown
Post by Haines Brown
I've got amavisd-new 20050616p10-5 working with clamAV,
but not with spamassassin 3.0.2-1. I can use a spamassassin
command to tag a known spam file, but can't get amavis to
use spamc do it automatically for incoming messages.
I think I may have it working. The problem seems to be that amavis
upgraded and replaced my configuration file with one belonging to root
rather than to amavis. I should have been more alert to this because I
had the same problem with spamassassin.
/etc/amavis/amavisd.conf *should* be owned by root. The amavis user does not
need to write to the file, only read from it.
Post by Haines Brown
$spam_quarantine_to = 'spam-quarantine';
Provided you have not changed the default $spam_quarantine_method,
you should leave this setting like this if you want to store spam
locally. $spam_quarantine_method is commented out by default.

You should see files like:
spam-dcedf5e87cc40fd1e4fc9e2436334194-20050121-203600-02453-01.gz
in your /var/lib/amavis/virusmails directory when this is working.
Post by Haines Brown
It turns out that this appends spam messages to a "spam-quarantine"
file in /var/lib/amavis.
This is strange, what is $QUARANTINEDIR set to?
Post by Haines Brown
I want instead to place the spam messages
into a directory, similar to what now happens to virus infected
messages.
In what directory are these files placed?
Post by Haines Brown
$spam_quarantine_to = `/var/lib/amavis/spammails';
It had no effect. Should it have worked?
I tried it, it did not work.
Post by Haines Brown
Also I have
$sa_tag_level_default = -999;
I got the impression this would tag ALL messages, regardless of the
whether they are ham or spam. But no, the only messages that get
tagged are those which score at least 5.0 and consequently end up in
the "spam-quarantine" file. Am I misunderstanding
sa_tag_level_default?
Make sure your domain is listed in @local_domains_acl

Do you understand 'tag' to mean X-Spam-Level: and X-Spam-Status:
headers added, or the subject rewritten to something like: ****SPAM**** ?

If the domain is local, i.e. listed in @local_domains_acl, and
if $sa_tag_level_default = -999; then yes, everything will have
X-Spam headers added, spam or not. Are you seeing messages with the
subject rewritten in your "spam-quarantine" file?
If you are seeing this in your "spam-quarantine" file this would
indicate that these are messages that should have gone to a recipient.
Mail that is quarantined will not have the subject rewritten.
Only mail that is above $sa_tag2_level_deflt and below $sa_kill_level_deflt
and is passed to a recipient will have the subject rewritten.

What do you have $sa_tag2_level_deflt and $sa_kill_level_deflt set to?

Also, what MTA are you using?
Post by Haines Brown
Haines Brown
Gary Verchick



-------------------------------------------------------
This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
Tool for open source databases. Create drag-&-drop reports. Save time
by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
Download a FREE copy at http://www.intelliview.com/go/osdn_nl
_______________________________________________
AMaViS-user mailing list
AMaViS-***@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
Mark Martinec
2005-01-23 00:51:36 UTC
Permalink
Haines,
Post by Haines Brown
It turns out that this appends spam messages to a "spam-quarantine"
file in /var/lib/amavis. I want instead to place the spam messages
into a directory, similar to what now happens to virus infected
messages
If the $QUARANTINEDIR points to an existing(!) directory,
this directory will receive quarantined messages as individual files.
If it is not a directory, the $QUARANTINEDIR is treated
as a name of a file(!), which receives quarantine mail in mbox format.

See amavisd.conf-sample, as well as the:
http://www.ijs.si/software/amavisd/amavisd-new-docs.html#quarantine
Post by Haines Brown
$spam_quarantine_to = `/var/lib/amavis/spammails';
It had no effect. Should it have worked?
It makes no sense, the `/var/lib/amavis/spammails' is not a key
in %local_delivery_aliases. See the docs.

Mark


-------------------------------------------------------
This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
Tool for open source databases. Create drag-&-drop reports. Save time
by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
Download a FREE copy at http://www.intelliview.com/go/osdn_nl
_______________________________________________
AMaViS-user mailing list
AMaViS-***@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
Haines Brown
2005-01-23 03:43:09 UTC
Permalink
Haines,
Post by Haines Brown
It turns out that this appends spam messages to a "spam-quarantine"
file in /var/lib/amavis. I want instead to place the spam messages
into a directory, similar to what now happens to virus infected
messages
If the $QUARANTINEDIR points to an existing(!) directory,
this directory will receive quarantined messages as individual files.
If it is not a directory, the $QUARANTINEDIR is treated
as a name of a file(!), which receives quarantine mail in mbox format.

See amavisd.conf-sample, as well as the:
http://www.ijs.si/software/amavisd/amavisd-new-docs.html#quarantine
Post by Haines Brown
$spam_quarantine_to = `/var/lib/amavis/spammails';
It had no effect. Should it have worked?
It makes no sense, the `/var/lib/amavis/spammails' is not a key
in %local_delivery_aliases. See the docs.

Mark

Thanks, Mark, but it is still puzzling. My $QUARANTINEDIR does point
to an existing directory (/opt/lib/amavis/virusmails), but it does
not get the spam messages. Here is where the documents say I can put
infected messges.

$ cat /etc/amavis/amavisd.conf | grep '$QUARANTINEDIR ="
$QUARANTINEDIR = '/var/lib/amavis/virusmails';

For spam, on the other hand, I put to another existing directory:

$ cat /etc/amavis/amavisd.conf | grep 'spam_quarantine_to'
$spam_quarantine_to = '/var/lib/amavis/spammails/';

$ ls -l /var/lib/amavis | grep spammails
drwxr-xr-x amavis amavis 48 Jan 22 21:01 spammails

Spam mail that arrives under 5.0 score, has not have spam tagging
even though I have in amavis.conf:

$sa_tag_level_deflt = -999;

In mail.log, it tells me these messages are "passed" and have Hits
1.832 for ex. Besides being sent to my mai reader, these messages
also show up as directories in /var/lib/amavix such as:

amavis-20050122T221034-03837

and in that directory is file named "email.txt" that is the spam
message (still without spam tagging (the value of which I only
learn from the mail.log) and a "parts" subdirectory that is empty.

The amavis.conf.sample was no help, for it points to a quarantine
file of messages, not a directory, and /usr/share/doc/amavisd-new
directory has over two dozen documents, most of which seem irrele-
vant, and I could not find among them a list of legitimate values
for local_delivery_aliases.

Incidentally, I'm mailing this message from my installation disk,
and so shouldn't this message arrive at the listserv with a spam
tagging?

Haines Brown


-------------------------------------------------------
This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
Tool for open source databases. Create drag-&-drop reports. Save time
by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
Download a FREE copy at http://www.intelliview.com/go/osdn_nl
_______________________________________________
AMaViS-user mailing list
AMaViS-***@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
Gary Verchick
2005-01-23 15:10:46 UTC
Permalink
Post by Daniel Luttermann
Haines,
Post by Haines Brown
It turns out that this appends spam messages to a "spam-quarantine"
file in /var/lib/amavis. I want instead to place the spam messages
into a directory, similar to what now happens to virus infected
messages
If the $QUARANTINEDIR points to an existing(!) directory,
this directory will receive quarantined messages as individual files.
If it is not a directory, the $QUARANTINEDIR is treated
as a name of a file(!), which receives quarantine mail in mbox format.
http://www.ijs.si/software/amavisd/amavisd-new-docs.html#quarantine
Post by Haines Brown
$spam_quarantine_to = `/var/lib/amavis/spammails';
It had no effect. Should it have worked?
It makes no sense, the `/var/lib/amavis/spammails' is not a key
in %local_delivery_aliases. See the docs.
Mark
Thanks, Mark, but it is still puzzling. My $QUARANTINEDIR does point
to an existing directory (/opt/lib/amavis/virusmails), but it does
not get the spam messages. Here is where the documents say I can put
infected messges.
$ cat /etc/amavis/amavisd.conf | grep '$QUARANTINEDIR ="
$QUARANTINEDIR = '/var/lib/amavis/virusmails';
Keep this this way.
$QUARANTINEDIR defines where BOTH viruses and spam get quarantined.
This means you cannot have a separate directory for spam like you are trying to
do.
Post by Daniel Luttermann
$ cat /etc/amavis/amavisd.conf | grep 'spam_quarantine_to'
$spam_quarantine_to = '/var/lib/amavis/spammails/';
This will not work.
Post by Daniel Luttermann
$ ls -l /var/lib/amavis | grep spammails
drwxr-xr-x amavis amavis 48 Jan 22 21:01 spammails
Spam mail that arrives under 5.0 score, has not have spam tagging
$sa_tag_level_deflt = -999;
Please explain what *YOU* think 'spam tagging' means.
Having $sa_tag_level_deflt = -999; means that X-Spam headers
will be inserted. It does NOT mean the subject line will get
rewritten with ***SPAM*** prepended.
Post by Daniel Luttermann
In mail.log, it tells me these messages are "passed" and have Hits
1.832 for ex.
They should be passed, if you have (for example)
$sa_tag2_level_deflt = 5; then a message with a score of 1.832
is not spam and should be sent to the recipient.
It will not have the subject rewritten with ***SPAM*** prepended
because it is below $sa_tag2_level_deflt.
Post by Daniel Luttermann
Besides being sent to my mai reader, these messages
amavis-20050122T221034-03837
This is an amavisd-new temporary directory that is created and
used (and reused) by amavisd-new to process mail. This is normal.
Post by Daniel Luttermann
and in that directory is file named "email.txt" that is the spam
message (still without spam tagging (the value of which I only
learn from the mail.log) and a "parts" subdirectory that is empty.
This is normal.

Try to remember that only mail that scores higher than
$sa_tag2_level_deflt will be considered spam by you and
only mail that scores higher than $sa_kill_level_deflt
will get quarantined.
Post by Daniel Luttermann
Haines Brown
Haines, please do this:

edit amavisd.conf and set:
$spam_quarantine_to = 'spam-quarantine';

then stop amavisd-new

mv /var/lib/amavis/spam-quarantine /var/lib/amavis/spam-quarantine-old

Mail is getting appended to this 'spam-quarantine' file because it
exists. By renaming it, amavisd-new will now place the spam in
$QUARANTINEDIR.

start amavisd-new



-------------------------------------------------------
This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
Tool for open source databases. Create drag-&-drop reports. Save time
by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
Download a FREE copy at http://www.intelliview.com/go/osdn_nl
_______________________________________________
AMaViS-user mailing list
AMaViS-***@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
Gary Verchick
2005-01-23 17:01:38 UTC
Permalink
Post by Gary Verchick
$spam_quarantine_to = 'spam-quarantine';
then stop amavisd-new
mv /var/lib/amavis/spam-quarantine /var/lib/amavis/spam-quarantine-old
Mail is getting appended to this 'spam-quarantine' file because it
exists. By renaming it, amavisd-new will now place the spam in
$QUARANTINEDIR.
start amavisd-new
Replying to my own post. Actually I could not reproduce this
behavior (mail getting appended to a 'spam-quarantine' file) on my
test system. Even if the file exists, amavisd-new would not write
to it and would still quarantine to the $QUARANTINEDIR directory.
My only guess would be this file is not appended to by amavisd-new
but instead by the MTA.

Gary Verchick, over and out.



-------------------------------------------------------
This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
Tool for open source databases. Create drag-&-drop reports. Save time
by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
Download a FREE copy at http://www.intelliview.com/go/osdn_nl
_______________________________________________
AMaViS-user mailing list
AMaViS-***@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
Haines Brown
2005-01-23 20:25:04 UTC
Permalink
When I did this:

# @local_domains_acl = ( ".$mydomain" );
@local_domains_acl = ( ".hartford-hwp.com" );

it killed my SMTP system altogether: fetchmail and telnet could
no longer access port 10024:

$ telnet 127.0.0.1 10024
trying 127.0.0.1...
telnet: Unable to connect to remote host: Connection refused
(port 10024)

So I reverted to the default.

---
Post by Gary Verchick
Post by Haines Brown
$ cat /etc/amavis/amavisd.conf | grep '$QUARANTINEDIR ="
$QUARANTINEDIR = '/var/lib/amavis/virusmails';
Keep this this way.
That is how I have been set up.
Post by Gary Verchick
$QUARANTINEDIR defines where BOTH viruses and spam get quarantined.
This means you cannot have a separate directory for spam like you
are trying to do.
Understood.
Post by Gary Verchick
Post by Haines Brown
Spam mail that arrives under 5.0 score, has not have spam tagging
$sa_tag_level_deflt = -999;
Please explain what *YOU* think 'spam tagging' means.
Having $sa_tag_level_deflt = -999; means that X-Spam headers
will be inserted. It does NOT mean the subject line will get
rewritten with ***SPAM*** prepended.
No, that is understood. Here is an example of what I meant by
"header:"

...
Date: Fri, 21 Jan 2005 12:48:22 +0000
X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at hartford-hwp.com
X-Amavis-Alert: BAD HEADER Non-encoded 8-bit data (char ED hex) in
message header 'Subject' Subject: RE: \355\356\342\356\343\356\...
...

Here is what a message looks like:

From ***@bellsouth.net Sat Jan 22 21:01:28 2005
MIME-Version: 1.0
Content-type: text/plain; charset="us-ascii"; format=flowed
X-Original-To: ***@localhost
X-Sender: ***@mail.bellsouth.net
Date: Sat, 22 Jan 2005 16:13:15 -0500
To: Haines Brown <***@hartford-hwp.com>
From: xxx <***@bellsouth.net>
Subject: Hello
X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at hartford-hwp.com

<Body text>

ClamaAV is checking, but there's no indication of spam check, although
it is actually taking place. It the score is at least 5.0, the mail is
disposed (although not going into quarantine, but postfix deferred and
defer queues, where I suspect they are requeued and so just keep
recycling.

Here is one of the messages in the queue (is it s bit long, but
instructive);

*** ENVELOPE RECORDS deferred/E/E5EAB14DF ***
message_size: 2059 305 1 0
message_arrival_time: Sun Jan 23 06:25:09 2005
smtp-amavis:[127.0.0.1]:10024
sender: owner-swazi-***@list.pitt.edu
named_attribute: client_name=localhost
named_attribute: client_address=127.0.0.1
named_attribute: message_origin=localhost[127.0.0.1]
named_attribute: helo_name=localhost
named_attribute: protocol_name=ESMTP
original_recipient: ***@localhost
recipient: ***@localhost
*** MESSAGE CONTENTS deferred/E/E5EAB14DF ***
Received: from localhost (localhost [127.0.0.1])
by teufel.hartford-hwp.com (Postfix) with ESMTP id E5EAB14DF
for <***@localhost>; Sun, 23 Jan 2005 06:25:09 -0500 (EST)
Received: from pop.registeredsite.com [64.225.255.137]
by localhost with POP3 (fetchmail-6.2.5)
for ***@localhost (single-drop); Sun, 23 Jan 2005 06:25:09 -0500 (EST)
...
From: "Santos Fournier" <***@joinme.com>
To: swazi-***@list.pitt.edu
...
Date: Sun, 23 Jan 2005 03:59:14 -0200

----688087511833216584
...
----688087511833216584--
*** HEADER EXTRACTED deferred/E/E5EAB14DF ***
*** MESSAGE FILE END deferred/E/E5EAB14DF ***

And here is the same message in my mail.log:

Jan 23 06:25:09 teufel postfix/smtpd[4339]: E5EAB14DF:
client=localhost[127.0.0.1]
Jan 23 06:25:09 teufel postfix/cleanup[4342]: E5EAB14DF:
message-id=<***@list.srv.cis.pitt.edu>
Jan 23 06:25:10 teufel postfix/qmgr[2795]: E5EAB14DF:
from=<owner-swazi-***@list.pitt.edu>, size=2059, nrcpt=1 (queue active)
Jan 23 06:25:10 teufel postfix/cleanup[4347]: 078F614DE:
message-id=<***@mail.comcast.net>
Jan 23 06:25:10 teufel postfix/qmgr[2795]: 078F614DE:
from=<users-return-22530-brownh=hartford-***@spamassassin.apache.org>,
size=3537, nrcpt=1 (queue active)
...

Jan 23 06:25:28 teufel postfix/smtp[4381]: E5EAB14DF:
to=<***@localhost>, relay=127.0.0.1[127.0.0.1], delay=19,
status=SOFTBOUNCE (host 127.0.0.1[127.0.0.1] said: 550 5.7.1
Message content rejected, UBE, id=04399-01 (in reply to end of
DATA command))
...
Jan 23 06:47:06 teufel postfix/qmgr[2795]: E5EAB14DF:
from=<owner-swazi-***@list.pitt.edu>, size=2059, nrcpt=1 (queue active)
...
Jan 23 06:47:26 teufel postfix/smtp[4727]: E5EAB14DF:
to=<***@localhost>, relay=127.0.0.1[127.0.0.1], delay=1337,
status=SOFTBOUNCE (host 127.0.0.1[127.0.0.1] said: 550 5.7.1
Message content rejected, UBE, id=04746-06 (in reply to end of
DATA command))

Etc., Etc.
Post by Gary Verchick
Post by Haines Brown
In mail.log, it tells me these messages are "passed" and have Hits
1.832 for ex.
They should be passed, if you have (for example)
$sa_tag2_level_deflt = 5; then a message with a score of 1.832
is not spam and should be sent to the recipient.
It will not have the subject rewritten with ***SPAM*** prepended
because it is below $sa_tag2_level_deflt.
Does that mean these messages also won't be tagged with a sa score?
Post by Gary Verchick
Try to remember that only mail that scores higher than
$sa_tag2_level_deflt will be considered spam by you and only mail
that scores higher than $sa_kill_level_deflt will get quarantined.
That's what I kind of expected, but here is my configuration:

$sa_tag2_level_deflt = 5.0; # add 'spam detected' headers at that level
$sa_kill_level_deflt = $sa_tag2_level_deflt;

So anything at least 5.0 is considered spam and should be quarantined,
and anything less is passed on to the recipient, apparently with no
tagging.
Post by Gary Verchick
$spam_quarantine_to = 'spam-quarantine';
then stop amavisd-new
mv /var/lib/amavis/spam-quarantine /var/lib/amavis/spam-quarantine-old
Mail is getting appended to this 'spam-quarantine' file because it
exists. By renaming it, amavisd-new will now place the spam in
$QUARANTINEDIR.
start amavisd-new
I'll try that. Presume I can do it from a chroot prompt.

Haines Brown


-------------------------------------------------------
This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
Tool for open source databases. Create drag-&-drop reports. Save time
by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
Download a FREE copy at http://www.intelliview.com/go/osdn_nl
_______________________________________________
AMaViS-user mailing list
AMaViS-***@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
Mark Martinec
2005-01-24 16:31:25 UTC
Permalink
Haines,
My $QUARANTINEDIR does point to an existing directory
(/opt/lib/amavis/virusmails), but it does not get the spam messages.
Is your amavisd chrooted? ( $daemon_chroot_dir nonempty? )
Here is where the documents say I can put infected messges.
$ cat /etc/amavis/amavisd.conf | grep '$QUARANTINEDIR ="
$QUARANTINEDIR = '/var/lib/amavis/virusmails';
Ok. I assume the /opt/lib/amavis/virusmails and
/var/lib/amavis/virusmails are somehow soft-linked.
$spam_quarantine_to = '/var/lib/amavis/spammails/';
Like I said in my previous mail, this makes no sense.
The value of $spam_quarantine_to is a key into %local_delivery_aliases,
and not a directory name.

If you want to place viruses and spam into separate subdirectories
under $QUARANTINEDIR, you can use something like:

$QUARANTINEDIR = '/var/lib/amavis';
$virus_quarantine_method = 'local:virusmails/virus-%i-%n';
$spam_quarantine_method = 'local:spammails/spam-%b-%i-%n';

assuming the directories /var/lib/amavis/virusmails
and /var/lib/amavis/spammails exist.
The amavis.conf.sample was no help, for it points to a quarantine
file of messages, not a directory, and /usr/share/doc/amavisd-new
directory has over two dozen documents, most of which seem irrele-
vant, and I could not find among them a list of legitimate values
for local_delivery_aliases.
The predefined keys in %local_delivery_aliases are:
virus-quarantine, banned-quarantine, bad-header-quarantine, spam-quarantine
plus a few example/experimental entries.
Incidentally, I'm mailing this message from my installation disk,
and so shouldn't this message arrive at the listserv with a spam
tagging?
Normally not, spam tagging is only inserted for recipients
@local_domains_acl = ( ".hartford-hwp.com" );
it killed my SMTP system altogether: fetchmail and telnet could
You must have done something wrong, and didn't bother to look
into the amavisd-new log file for errors.

Mark


-------------------------------------------------------
This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
Tool for open source databases. Create drag-&-drop reports. Save time
by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
Download a FREE copy at http://www.intelliview.com/go/osdn_nl
_______________________________________________
AMaViS-user mailing list
AMaViS-***@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
Haines Brown
2005-01-24 18:06:01 UTC
Permalink
Thanks, Mark. I had some good advice, but having trouble implementing
it because I've received nealy 3000 bounces (mail spoofing my address
sent to non-valid addresses) since early this morning, and I've had
to struggle with that. I've resorted to using postfix
/etc/postfix/header_checks. That took care of most of it, but I wish
a new a better method because I'd like to get legitimate rejection
messages.
My $QUARANTINEDIR does point to an existing directory
(/opt/lib/amavis/virusmails), but it does not get the spam
messages.
At this point, I have:

$QUARANTINEDIR = '/var/lib/amavis/virusmails';

$virus_quarantine_to = 'virus-quarantine';
$spam_quarantine_to = 'spam-quarantine';

$sa_tag_level_deflt = -999;
$sa_tag2_level_deflt = 5.0;
$sa_kill_level_deflt = 7.0;

All spam is reported in the mail.log the same way: amavis reports
that the spam messages are passed, and Hits: -. I don't like the
sound of "-". I'd expect at last some low values.

No messages aquire a "header" (tagging with spam score), although
the -999 suggests they all should, whether they are spam or not.

No spam ends up quarantined in /var/lib/amavis/virusmails, which
I hoped the configuration above would do. Just viral messages.

Is your amavisd chrooted? ( $daemon_chroot_dir nonempty? )

Nope.
Here is where the documents say I can put infected messges.
$ cat /etc/amavis/amavisd.conf | grep '$QUARANTINEDIR ="
$QUARANTINEDIR = '/var/lib/amavis/virusmails';
Ok. I assume the /opt/lib/amavis/virusmails and
/var/lib/amavis/virusmails are somehow soft-linked.

No, and I don't know how the "/opt/..." got in there. Must have
been a typo, for it's not how I'm actually configured.

If you want to place viruses and spam into separate subdirectories
under $QUARANTINEDIR, you can use something like:

$QUARANTINEDIR = '/var/lib/amavis';
$virus_quarantine_method = 'local:virusmails/virus-%i-%n';
$spam_quarantine_method = 'local:spammails/spam-%b-%i-%n';

assuming the directories /var/lib/amavis/virusmails
and /var/lib/amavis/spammails exist.

Thanks, I'll try that, but at the moment, I'm just trying to get
the basic spam filter function going.
@local_domains_acl = ( ".hartford-hwp.com" );
it killed my SMTP system altogether: fetchmail and telnet could
You must have done something wrong, and didn't bother to look
into the amavisd-new log file for errors.

I've done a lot of fiddling, and as a result, it seems to work now.

Haines Brown


-------------------------------------------------------
This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
Tool for open source databases. Create drag-&-drop reports. Save time
by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
Download a FREE copy at http://www.intelliview.com/go/osdn_nl
_______________________________________________
AMaViS-user mailing list
AMaViS-***@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
Mark Martinec
2005-01-24 18:25:48 UTC
Permalink
Haines,
Post by Haines Brown
$sa_tag_level_deflt = -999;
All spam is reported in the mail.log the same way: amavis reports
that the spam messages are passed, and Hits: -. I don't like the
sound of "-". I'd expect at last some low values.
The "Hits: -" indicate that the SA was not even called
(or that it timed out). SA is not called if mail size is above
$sa_mail_body_size_limit, or the sender is white- or blacklisted.
See the amavisd-new log, increase the log level if necessary.

Starting with amavisd-new-2.0, setting $sa_tag_level_deflt=undef
is interpreted as lower than any score, so instead of -999
the use of undef may be more general (might make a difference
with some extreme SA rules).
Post by Haines Brown
No messages aquire a "header" (tagging with spam score), although
the -999 suggests they all should, whether they are spam or not.
Make sure the recipient matches the local_domains.
Non-local recipients don't get spam-related headers inserted.

Mark


-------------------------------------------------------
This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
Tool for open source databases. Create drag-&-drop reports. Save time
by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
Download a FREE copy at http://www.intelliview.com/go/osdn_nl
_______________________________________________
AMaViS-user mailing list
AMaViS-***@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
Haines Brown
2005-01-24 18:45:42 UTC
Permalink
Starting with amavisd-new-2.0, setting $sa_tag_level_deflt=undef
is interpreted as lower than any score, so instead of -999
the use of undef may be more general (might make a difference
with some extreme SA rules).

Mark, that seems to have been the problem. I changed to "undef" and
now in your message to me I have the spam score header I needed.

Make sure the recipient matches the local_domains.
Non-local recipients don't get spam-related headers inserted.

Mark

As you can see in my previous message, I now seem to be detecting
spam, spam over a certain score is quarantined, and now incoming
messages are getting the "header". So, except for fine tuning, the
problems seem resolved (except for those now 3000+ bounces this
morning that spoofed my address, that I've unfortunately been forced
to control with radical surgery - postfix's header_checks to delete
any bouncing mail).

Thanks!

On now to razor2.

Haines


-------------------------------------------------------
This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
Tool for open source databases. Create drag-&-drop reports. Save time
by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
Download a FREE copy at http://www.intelliview.com/go/osdn_nl
_______________________________________________
AMaViS-user mailing list
AMaViS-***@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

Haines Brown
2005-01-24 18:25:43 UTC
Permalink
Sorry to follow up on my mail. When I did:

@local_domains_acl = ( ".hartford-hwp.com" );

I just checked to make sure it didn't block port 10024,
and when it didn't, assumed the matter was closed. How-
ever, when I subsequently downloaded mail, not only
is spam now being detected in mail.log), but it is also
quarantined as well.

The only thing missing now is getting the "headers"
(SA tagging and spam score) added to all incoming mail.

Thanks!

Haines Brown


-------------------------------------------------------
This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
Tool for open source databases. Create drag-&-drop reports. Save time
by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
Download a FREE copy at http://www.intelliview.com/go/osdn_nl
_______________________________________________
AMaViS-user mailing list
AMaViS-***@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
bart
2005-01-21 19:10:41 UTC
Permalink
Hi

I have two servers.
Fist one A with very small traffic, second one B with high traffic :)
I want amavisd on A to check email also for B.
Is this possible?




-------------------------------------------------------
This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
Tool for open source databases. Create drag-&-drop reports. Save time
by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
Download a FREE copy at http://www.intelliview.com/go/osdn_nl
_______________________________________________
AMaViS-user mailing list
AMaViS-***@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
Martin Svensson
2005-01-21 20:33:49 UTC
Permalink
It is and it's all about how you configure the mailserver (Postfix,
Sendmail, Qmail or whatever you are using). You want to accept mails for
domain x and then relay to server B. Read the docs for your mailserver
on how to accomplish it.

Have a nice weekend all.

//M
Post by bart
Hi
I have two servers.
Fist one A with very small traffic, second one B with high traffic :)
I want amavisd on A to check email also for B.
Is this possible?
-------------------------------------------------------
This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
Tool for open source databases. Create drag-&-drop reports. Save time
by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
Download a FREE copy at http://www.intelliview.com/go/osdn_nl
_______________________________________________
AMaViS-user mailing list
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
-------------------------------------------------------
This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
Tool for open source databases. Create drag-&-drop reports. Save time
by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
Download a FREE copy at http://www.intelliview.com/go/osdn_nl
_______________________________________________
AMaViS-user mailing list
AMaViS-***@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
b***@euro26.pl
2005-01-21 21:14:20 UTC
Permalink
Post by Martin Svensson
It is and it's all about how you configure the mailserver (Postfix,
Sendmail, Qmail or whatever you are using). You want to accept mails for
domain x and then relay to server B. Read the docs for your mailserver
on how to accomplish it.
Have a nice weekend all.
I use sendmail. Thanks I will look in doc.
BTW server A accept mails only for one domain but server B for 200-300
so I should look for good solution
Thanks for your answer.

-----------
Placisz za ubezpieczenie? Przeciez masz je w EURO<26.
Przez caly rok, na caly swiat!
Szczegoly: http://www.euro26.pl/_artykul_.194


-------------------------------------------------------
This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
Tool for open source databases. Create drag-&-drop reports. Save time
by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
Download a FREE copy at http://www.intelliview.com/go/osdn_nl
_______________________________________________
AMaViS-user mailing list
AMaViS-***@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
Mark Martinec
2005-01-22 00:46:52 UTC
Permalink
Bart,
Post by bart
I have two servers.
Fist one A with very small traffic, second one B with high traffic :)
I want amavisd on A to check email also for B.
Is this possible?
There are several possible setups, as others have suggested.

One possibility is to have one amavisd-new server listening on
two different TCP port numbers, and return checked mail
back to each feeding MTA independently. Using policy banks
each port can have largely independent configuration if needed.
See $forward_method = 'smtp:*:*'; in amavisd.conf-sample.
This applies to any dual-MTA configuration, such as Postfix
or dual-sendmail setup.

For sendmail milter setup (not the best choice) one would need
to consult sendmail documentation on how/if more than one MTA
can share a common milter.

Mark


-------------------------------------------------------
This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
Tool for open source databases. Create drag-&-drop reports. Save time
by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
Download a FREE copy at http://www.intelliview.com/go/osdn_nl
_______________________________________________
AMaViS-user mailing list
AMaViS-***@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
Loading...