Bluehost.com Web Hosting $6.95

Re: [AMaViS-user] Spam flagged mail not being discarded

This is a discussion on Re: [AMaViS-user] Spam flagged mail not being discarded within the Amavis User forums, part of the Anti-Spam and Anti-Virus Related Forums category; > >> Notice all the differences, I have not seen amavisd-new produce 'autolearn=no'. > >> (I ...


Go Back   Usenet Forums > Anti-Spam and Anti-Virus Related Forums > Amavis User

Reload this Page Re: [AMaViS-user] Spam flagged mail not being discarded

FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply

 

LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 11-05-2005
Haines Brown
 
Posts: n/a
Default Re: [AMaViS-user] Spam flagged mail not being discarded

> >> Notice all the differences, I have not seen amavisd-new produce 'autolearn=no'.
> >> (I set my $sa_tag2_level_deflt = 1.0; to insure it would be marked.)
>
> > I'm following your recommendation.
>
> No! That was *not* a recommendation, that was an explanation.

Sorry to be so slow at this and for misunderstanding your intent. I
restored the three values you had originally recommended and restarted
the amavisd-new daemon.

> >> > What other mail transport could be using spamassassin? I use postfix
> >> > (exim not installed), fetchmail, amavisd-new, and as far as I know,
> >> > nothing else.

> Yes. Here is where you are calling spamassassin. Mystery solved.
> Didn't you just say "What other mail transport could be using
> spamassassin? I use postfix (exim not installed), fetchmail,
> amavisd-new, and as far as I know, nothing else."

I didn't realize that procmail/amavisd-new was an either/or situation,
and I didn't mention procmail because it knew it was not doing any spam
filtering. But the issue is really who is calling for the filtering,
and that should be amavisd-new, not procmail. Although you don't say
explicitly, To keep procmail out of the spam business, I'll just
comment/remove the /etc/procmailrc file.

> You will also want to stop spamd, and prevent it from starting up when
> the system boots. If you installed spamassassin from Debian, edit
> /etc/default/spamassassin and set ENABLED=0. You should not be running
> spamd if you are using amavisd-new.

I'm changing ENABLED back to 0.

> > I see that in fact I have log files in /var/log/clamav going back
> > several months.
>
> Then you did not purge as I asked. If you had, your installation would
> be working. The whole point of the purge was to start off with
> everything configured in such a way that it would make problem solving
> easier because your entire clamav/clamd configuration would be known.
>
> > I assumed that # dpgk --purge clamav would do the trick. I just ran it
> > again and get:
> > (reading database ... 87261 files and directories currently installed.)
> > Removing clamav ...
> > However, it didn't touch the log files in /var/log/clamav although
> > $apt-show-versions says clamav is currently not installed. I'll
> > reinstall clamav, but not tinker with anything lest I make things
> > worse.
>
> It would have worked better if you'd follow the directions I gave
> you.

I'm sorry, but I thought I was following your directions. For example,
I did: a) stop amavisd-new and clamav daemons, b) delete clamav.log
files, c) # dpkg --purge clamav, d) # dpkg --purge clamav-freshclam,
e) # aptitude install clamav clamav-freshclam, f) restart clamav and
amavisd-new daemons.

> It think it means you should not have 'User amavis' in clamd.conf,
> you should have 'User clamav'.

Yes, I corrected that.

> >> grep amavisd.conf /usr/sbin/amavisd-new
> >> to see which amavisd.conf amavisd-new is looking for.
>
> > The return is: /etc/amavisd.conf
>
> So, amavisd-new is looking for /etc/amavisd.conf. Is this where your
> amavisd.conf is? You did not say where it was actually located.

Again, sorry. That was a typo on my part (can't paste directly from
xterm into emacs, and this problem is not only depriving me of getting
much work done, but also sleep ;-), and I left out the directory:
/etc/amavis/amavisd.conf. The right file is in the right place for
debian.

> As far as your settings go in amavisd.conf, if you only have one
> amavisd.conf and amavisd-new is reading that file, then I think you
> probably have some of the settings listed in the file more than once.
> When you do this, only the last one you entered will be used, as it
> overwrites the previous assignment.

I've actually done that once or twice, and so just went back over the
file. One thing that worries me is my:

$MYHOME = '/var/lib/amavis'; # (default is '/var/amavis')

Although the value here used is real, the default points to a
non-existent directory.

Also, in the # MTA SETTINGS, UNCOMMENT AS APPROPRIATE, section of
amavisd.conf, I have nothing uncommented because none seem to apply to
my situation. For example, I don't see that I have a "dual-MTA setup".

I have in Section III, $DO_SYSLOG = 1;, which means that amavisd-new
logs to my syslog. But amavisd-new has a limited presence in that
log. Here is an entry where it does appear:

postfix/smtpd[28704]: 2C5AB17CF: client=localhost.localdomain[127.0.0.1]
postfix/cleanup[28698]: 2C5AB17CF:
message-id=<22762338.1131199180634.JavaMail.root@pswm2.cp. tin.it>
postfix/qmgr[21306]: 2C5AB17CF:
from=<microsoftpromotion13@virgilio.it>, size=5323, nrcpt=1 (queue
active)
postfix/smtpd[28704]: disconnect from localhost.localdomain[127.0.0.1]
amavis[28513]: (28513-06) Passed, <microsoftpromotion13@virgilio.it> ->
<brownh@localhost>, Message-ID:
<22762338.1131199180634.JavaMail.root@pswm2.cp.tin .it>, Hits: 7.758
postfix/smtp[28699]: C138B1256: to=<brownh@localhost>,
relay=127.0.0.1[127.0.0.1], delay=4, status=sent (250 2.6.0 Ok,
id=28513-06, from MTA: 250 Ok: queued as 2C5AB17CF)
postfix/qmgr[21306]: C138B1256: removed
postfix/local[28705]: 2C5AB17CF: to=<brownh@localhost>, relay=local,
delay=0, status=sent (delivered to command: procmail -a "$EXTENSION")
postfix/qmgr[21306]: 2C5AB17CF: removed

It appears that postfix retrieves a message, puts it into queue, sends
it to amavis, which (by calling upon spamassassin?) determnes that its
spam is low enough to pass. However, while my mail reader has some
other spam from virgilio.it, it holds no sender named
microsoftpromotion13, although there's no evidence here of a rejection
of the message.

Because I try to discard spam, I have:

$virus_admin = "postmaster\@$mydomain";

and for some reason:

$mailfrom_notify_spamadmin = "postmaster\@hartford-hwp.com";

and to get rid of spam rather than quarantine it:

$spam_quarantine_to = undef;

But I didn't find any duplication of lines in amavisd.conf.

--

Haines Brown
KB1GRM


-------------------------------------------------------
SF.Net email is sponsored by:
Tame your development challenges with Apache's Geronimo App Server. Download
it for free - -and be entered to win a 42" plasma tv or your very own
Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php
_______________________________________________
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/...fo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
Reply With Quote
Reply
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On




All times are GMT +1. The time now is 08:55 AM.

Contact Us - Usenet Forums - Archive - Top

Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0