Does anyone have a "How To Upgrade SpamAssassin" that works for Spam Vigilante? I can't believe the increase in the amount of spam that is coming our way.

That does't sound right. My first check would be to make sure Bayes is operating properly.

I've seen a couple of cases before where somehow or other it acquired incorrect

permissions, which prevented Bayes filtering from working, which set

SpamAssassin in strictly rules-based mode. It can still catch spam rules only, but it is much

better with rules + Bayes.

To check do:

ls -l /var/amavis/.spamassassin

total 31028

-rw------- 1 vscan vscan 20774912 Jan 26 13:55 auto-whitelist

-rw------- 1 vscan vscan 83040 Jan 26 13:55 bayes_journal

-rw-rw---- 1 vscan vscan 10452992 Jan 26 13:55 bayes_seen

-rw------- 1 vscan vscan 4853760 Jan 26 13:55 bayes_toks

-rw-rr 1 vscan vscan 1487 Aug 6 2006 user_prefs

If it doesn't look like vscan/vscan on all the files do:

chown -R vscan:vscan /var/amavis/.spamassassin

Thanks Telackey. Mine looked like this...

total 267016

-rw------- 1 vscan vscan 20774912 Jan 26 13:55 auto-whitelist

-rw------- 1 vscan vscan 83040 Jan 26 13:55 bayes_journal

-rw-rw---- 1 root vscan 10452992 Jan 26 13:55 bayes_seen

-rw------- 1 root vscan 4853760 Jan 26 13:55 bayes_toks

user_prefs did not show up in the list. I did the chown and now they look like vscan/vscan. Is there anything else I can do to verify that Bayes is working?

Thanks Telackey!

Mine also looked different, with root on two of the files (sorry, didn't think to do a screen capture, or copy before re-booting.)

I did your chmod, and now it's vscan on auto-whitelist, bayes_journal, bayes_seen, bayes_toks.

Thank you for your appliance, it's been wonderful for 2 years at one of my client installations with a handful of domains.

Does it have a limit to the number of domains it can filter for?

Thank you and GREAT WORK!!

Ryan

Telackey: I hope you can help with this problem:

It appears that there are some SPAM that make it thru spamassassin on to the "real" internal Email server. However, the intended User does NOT exist in the address book (I do not have LDAP running -- not using Exchange; they are "guessing" usernames @ the domain).

Upon getting that rejection from the internal Email server, the appliance appears to be attempting a "Bounce" msg to the originator (which is almost always spoofed" -- even though I have ALL possibilities set to "D_DISCARD".)

It is, in effect, creating a lot of "outgoing" spam ... or at least that is how an upstream provider will see it as.

Any way to stop this bounce and just discard? ? Thanks

EDIT: It looks like what I am trying to stop is called "backscatter" -- the SPAM passes the various tests/scoring I have but the intended recipient does not exist (due to it being a "dictionary"-type email addr). The receiving MTA (Domino) rejects it from SV because it is an invalid user. SV then tries to deliver the Bounce back to the Sender which is almost always spoofed or incorrect etc. What setting/where (amavis, postfix, spamassassin) do I make to just Discard any Emails rejected by my internal MTA? Also, how do I clear the pending Bounces that are still in the Postfix queue? Thanks

I'd have to look into it, because that is a kind of tricky interaction between your real MTA and SV, but, if it were me, and I didn't have a lot of volatility in my list of e-mail addresses, I'd make a list of recipients and use that. Then I'd let SV reject delivery at the outset for any others. I can tell you how to do that if you're interested.

After that, I think the bounces will gradually clear from the queue on their own, as the retry interval expires. If you really want to get rid of them though, you can try (as root):

postsuper -d ALL deferred

Which will delete all messages from the deferred queue.

Telackey: Sorry, didn't realize you had replied ... (maybe email from this Forum got bounced :smileygrin:)

Any help you can offer would be very appreciated. Basically I had to shutdown/bypass SV because it was bouncing so much stuff back that our ISP thought WE were a spammer.

Yes, please do share the static recipient list info. (Note that the problem is the list of our Email addresses IS (somewhat) dynamic and I really, really trying not to give up on that capability since it is so easy/convennient to update in the Domino Directory.)

I have tried everything including D_DISCARDing everything, but still bounce msgs get sent back; I have been googling Postfix/Amavis/Spamassassin docs like crazy but don't have a clear solution yet (i.e., SV has to Reject/550 at SMTP time or keep it and not say anything about it <to sending MTAs> after that, period). I am a total Postfix newbie so bare with me.

I would be happy to just "drop" any Email for a "fake"/non-existent user who makes it through SPAM Content inspection -- otherwise I have to turn the Domino rejection of "fake" Users (i.e., not listed in address book) Off -- which would then cause the undelivered mail to pile up in the Domino server mailbox.

Maybe an alternative: LDAP lookup from SV -> Domino (i.e., make Domino behave like your Exchange lookup?) but I am not sure if that is all you are doing with Exchange and I am not sure if that necessarily prevents "bounce" messages.

Thanks for the info on clearing the SV mailbox -- had to brute-force it because so many bounces had piled up and were trying to be delivered.

Anyone have any idea why my amavis-stats site has stopped calculating statistics? How can I get them going again?

Also recently I've discovered that apache sometimes does not appear to be launching. Any ideas on why it would just simply stop?

I just recently updated ClamAV and added a whitelist but they seemed to be ok and are working fine.

Thanks for the help.

Dommo

Does it have a limit to the number of domains it can filter for?

Nope, not really. There are practical limits, but those really more dependent on your hardware. By default, if you use setup to configure the domains, then all will use the same server as the final destination. However, if you are willing to make changes by hand, you can have different domains delivered to different servers. Eg, domaina.com could deliver to mail.mydomain.com, but domainb.com could deliver to mail.myotherdomain.com.

Take a look at /usr/local/etc/postfix/transport for some more info, it should have what you need to get the idea, and of course, the Postfix documentation.

Has anyone updates amavis-stats to the lastest version. I ran the installer but it does not work. I get an error:

make install in php

make: don't know how to make all-local. Stop

• Error code 1.

Can anyone help?

Thanks!

Dommo

Guten Tag!

Leider bin ich zur Zeit nicht im Büro, aber Ihre Anfrage wurde an Herrn Bischoff weiter geleitert, der sie bearbeiten wird!

Mit freundlichen Grüßen

Marcus J. Ertl

Few of my users are receiving 100s of false Non delivery reports(NDR). How do I stop False NDR Messages in Spam Vigilante?

vmroc,

I apologize for the long delay. Can you send me the full message, including headers, for one of these NDRs?

Helllpppp....My Bayes seems to be messed up again. Telacky, you fixed it for me once by having me do:

chown -R vscan:vscan /var/amavis/.spamassassin

It worked for me once, but after Bayes stopped again here's what my files look like..

Note the size of auto-whitelist and other files.

That is a pretty gigantic auto-whitelist. I'm not sure that would be the issue, but it could be conceivably if a) there were some bug, or b) it takes too many resources to use.

If it were me, I'd try running spamassassin directly on the command line for some debugging.

Something like this:

1. cd /var/virusmails

2. Pick out some message that begins spam- ...

3. ls

4. Test spamassassin and see if it gives any clues

5. spamassassin --debug 2>&1 < spam-Fx9hQY33s3rt | less

Has anyone updates amavis-stats to the lastest version. I ran the installer but it does not work. I get an error:

make install in php

make: don't know how to make all-local. Stop

• Error code 1.

Dommo,

Did you get it worked out? If not, what I would do is:

1. Update ports with: cvsup -z ~/ports-supfile

2. Make this change to /etc/make.conf

#Edit /etc/make.conf to accommodate some changes to ports.

#Even though X is not installed, add the following line (minus the '#')

#at the bottom of the file:

#X11BASE=$

vi /etc/make.conf

Then I'd give it another try. If that still doesn't do it, you can e-mail me and I'll try to help.

Sorry for the long delay in responding!

Anyone have any idea why my amavis-stats site has stopped calculating statistics? How can I get them going again?

Also recently I've discovered that apache sometimes does not appear to be launching. Any ideas on why it would just simply stop?

I just recently updated ClamAV and added a whitelist but they seemed to be ok and are working fine.

Thanks for the help.

Dommo

Also a long delay in replying, Dommo, sorry about that. It looks like you went on to try reinstalling it? In answer to the original question about amavis-stats, not, there doesn't seem to be a good reason. One thing that could do it would be if the permissions on the directory became off somehow.

It should look like:

1. ls -ld /usr/local/www/amavis-stats

drwxrwxr-t 3 www vscan 1536 May 29 2007 /usr/local/www/amavis-stats

And files inside should look like:

...

-rw-rr 1 vscan vscan 43040 Jun 13 2007 74.rrd

-rw-rr 1 vscan vscan 43040 Jun 13 2007 75.rrd

-rw-rr 1 vscan vscan 43040 Jun 13 2007 76.rrd

-rw-rr 1 vscan vscan 43040 Jun 13 2007 77.rrd

-rw-rr 1 vscan vscan 43040 Jun 9 11:40 8.rrd

-rw-rr 1 vscan vscan 43040 Jun 9 11:40 9.rrd

-rw-rr 1 vscan vscan 147 Jun 9 11:40 amavis-stats.count

-rw-rr 1 vscan vscan 667 Jun 9 11:40 amavis-stats.names

-rwxr-xr-x 1 www vscan 22551 Jul 24 2006 amavis-stats.php

-rw-rr 1 vscan vscan 691 Jun 9 11:40 amavis-stats.seen

-rw-rr 1 vscan vscan 66 Jun 9 11:40 amavis-stats.state

drwxr-xr-x 2 www vscan 512 Jul 23 2006 img

lrwxr-xr-x 1 root wheel 16 Jul 23 2006 index.php -> amavis-stats.php

As regards Apache, I have noticed as well that occasionally it does not restart after restarting the VM. It is probably tied to some state file that makes it believe it was already running and shouldn't start, but I haven't investigated it thoroughly. If it happens (which is rarely for me) I just login and do:

/usr/local/etc/rc.d/apache2.sh restart

Hey Telackey! Thanks for the reply. No worries on the delay....

The ports update worked fine and the line X11BASE=$ was already in my make.conf file.

I tried the new amavis-stats package installer again running ./configure then make and the make task threw the same error.

make: don't know how to make all-local. Stop
**** Error code 1
Stop in /tmp/stats1/amavis-stats-0.1.22.
**** Error code 1

Let me know if you have any more suggestions. Thanks!

Dommo

One other thing to note is that when the error occurs the 'make' task is at the point 'Making install in PHP' when it occurs.

Dommo